WO2016101515A1 - Method and apparatus for determining information technology (it) device port - Google Patents

Method and apparatus for determining information technology (it) device port Download PDF

Info

Publication number
WO2016101515A1
WO2016101515A1 PCT/CN2015/079221 CN2015079221W WO2016101515A1 WO 2016101515 A1 WO2016101515 A1 WO 2016101515A1 CN 2015079221 W CN2015079221 W CN 2015079221W WO 2016101515 A1 WO2016101515 A1 WO 2016101515A1
Authority
WO
WIPO (PCT)
Prior art keywords
port
switch
identifier information
address
uplink
Prior art date
Application number
PCT/CN2015/079221
Other languages
French (fr)
Chinese (zh)
Inventor
吴筱苏
吴树高
孙玉才
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2016101515A1 publication Critical patent/WO2016101515A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Definitions

  • the present invention relates to the field of communications, and in particular to a method and apparatus for determining an IT device port of an information technology.
  • IT equipment such as magnetic arrays and set-top boxes have been widely used.
  • IT equipment is characterized by miniaturization, usually a single device or a small chassis.
  • the IT device provides a management network port, and the hardware address (Media Access Control abbreviated as MAC address) of the management network port and the Internet Protocol (IP) address between the network are indicated on the product label.
  • MAC address Media Access Control abbreviated as MAC address
  • IP Internet Protocol
  • This MAC address is globally unique and is usually pre-sintered into a Field Replaceable Unit (FRU).
  • FRU Field Replaceable Unit
  • the IP address on the label is the initial value.
  • the initial IP address of all IT devices is the same, so that the user can log in to the device for the first time.
  • the initial IP address of the wireless router is usually 192.168.1.1. Users can modify to a new IP address after logging in to the IT device.
  • the L2 layer (Layer 2) forwarding principle of the switch is to find the forwarding port by looking up the MAC+VLAN entry in the L2 table.
  • L2 can only communicate in the same virtual local area network (Virtual Local Area Network for short), and forward the contents of the packet. Will not change, but you can add or remove VLAN TAG.
  • the VLAN TAG is a 4-byte tag defined by IEEE 802.1Q and contains a 12-bit VLAN.
  • a VLAN usually works in two modes: access mode and trunk mode.
  • the access mode port can only be assigned to one port VLAN.
  • the packets carrying the VLAN TAG (tag) are discarded. Only the packets carrying the VLAN TAG (untag) are received.
  • the switch is internally configured with the default VLAN, which is usually the port VLAN (PVID).
  • the outgoing and stripped PVIDs are used to access the network device.
  • the trunk port can be added to multiple VLANs.
  • the inbound and outbound processing of untag packets is the same.
  • the inbound direction can receive the tag packets in the allowed VLAN range.
  • the outbound direction compares the VLAN with the PVID. If they are the same, the VLAN tag is stripped and the untagged packet is sent. If they are not the same, the VLAN tag is not stripped and a tag is sent. This is often used for cascading between switches.
  • the number of VLANs defined by the 802.1q protocol is only 4096.
  • the QinQ VLAN stacking or double VLAN
  • the 802.1Q label is added to the original 802.1Q packet to increase the number of VLANs.
  • the inner VLAN tag of the QinQ packet The inbound VLAN (TAG) indicates the private network information of the user.
  • the outer VLAN tag indicates the public network information and can traverse the carrier network to transparently transmit the private network VLAN tag.
  • QinQ has two types of ports: customer and uplink.
  • the customer port type is connected to the user network.
  • the uplink port type is used to access the service provider network.
  • the packets received by QinQ on the customer port are forced to be inserted into an outer VLAN regardless of whether the VLAN tag is carried. If the customer port sends a packet, the outer VLAN tag is stripped.
  • the uplink port does not insert or strip the outer label, but transparently transmits QinQ packets.
  • the switch supports the ACL (Access Control List) function. You can set the ACL rule to filter traffic on the network to achieve access control.
  • the action triggered includes modification, drop, redirection, copy to CPU, and so on.
  • FIG. 1 is a schematic structural diagram of a centralized management platform for an IT device in the related art.
  • the platform is composed of a host computer, a switch, and a plurality of IT devices, and a management network port of each IT device is connected to a network of the switch. mouth.
  • the main problem facing the platform is that the IP address of each IT device is the same. When multiple IT devices are connected to a switch, IP address conflicts must occur.
  • the solution to the above IP address conflict in the related art is that the DHCP server of the upper computer allocates an IP address to each IT device through a standard DHCP process.
  • the IT device sends a DHCP request message to the host computer, which carries the MAC address of the IT device.
  • the host computer allocates an IP address to the IT device according to the MAC address according to the previously configured address pool.
  • the problem in the related art is that the connection between the IT device and the switch is random. Since the MAC address of each IT device is unique, the IP address assigned to any port of the same IT device connected to the switch is always the same. The IP address does not correspond to the port of the switch. When the user needs to determine the specific location of the IT device, the above method can only be used to manually record the IP address at the port of the switch. If the connection location of the IT device and the switch changes, the user needs to manually search the port of the IT device. position.
  • the problem of determining the specific location of the IT device can only be determined by manually recording the IP address at the port location of the switch, and no effective solution has been proposed yet.
  • the embodiment of the invention provides a method and a device for determining an IT device port of an information technology, so as to at least solve the problem in the related art that the specific location of the IT device can be determined only by manually recording the IP address at the port position of the switch.
  • a method for determining an information technology IT device port comprising: receiving, by a host computer, a request message sent by the IT device, wherein the request message carries the IT device Port identification information that is connected to the switch; the host computer sets the port identification information in an IP address assigned to the IT device; and the upper computer presents the IP address with the port identification information to the user.
  • the port identifier information includes: first port identifier information, where the first port identifier information is port identifier information that is connected between the master switch and the IT device;
  • the port identifier information includes: second port identifier information, third port identifier information, and/or the first port identifier information, where the second port identifier information includes The port identification information that is connected between the master switch and the slave switch, and the third port identifier information includes: port identifier information that is connected between the IT device and the slave switch.
  • Setting the port identification information in the IP address assigned to the IT device by the host computer includes: when the switch includes only the master switch, the host computer writes the first port identifier information into the IP address a first specified byte of the address; when the switch includes the master switch and the slave switch, the host computer writes the second port identification information to the first specified byte of the IP address, The third port identification information is written to the second designated byte of the IP address and/or the first port identification information is written to the first designated byte of the IP address.
  • the port of the master switch includes: a first uplink uplink port and a first access port, wherein the master switch is connected to the host computer through the uplink port.
  • the master switch is connected to the IT device by using the access port, where the first port identifier information is the access port identifier information;
  • the port of the master switch includes The first uplink uplink port, the first access access port, and the trunk trunk port, the slave switch port includes: a second uplink uplink port and a second access port, where the master switch
  • the trunk port is connected to the second uplink uplink port of the slave switch, and the slave switch is connected to the IT device by using the second access access port, where the second port identifier information is the trunk port.
  • the third port identification information is the second access port identification information.
  • the method further includes: the upper computer sends an untag message, and triggers a redirection operation of the master switch and the slave switch, where the destination IP address of the untagged message carries the first specified byte Information and the second specified byte information; the redirection is: the master switch redirects the untag message to the first access port according to a preset rule and the first specified byte information The trunk port, the slave switch redirects the untag message to the second access port according to the preset rule and the second specified byte, where the preset rule is the master switch and The slave access control list ACL is set on the first uplink port and the second uplink port.
  • an apparatus for determining an information technology IT device port located on a host computer side, comprising: a receiving module, configured to receive a request message sent by the IT device, wherein the request The packet carries the port identification information that is connected to the IT device and the switch; the setting module is configured to set the port identification information in an IP address allocated for the IT device; and the presentation module is configured to be configured to be The IP address of the port identification information is presented to the user.
  • the port identifier information includes: first port identifier information, where the first port identifier information is port identifier information that is connected between the master switch and the IT device;
  • the port identifier information includes: second port identifier information and third port identifier information, and/or the first port identifier information, where the second port identifier information
  • the device includes: port identification information that is connected between the master switch and the slave switch, and the third port identifier information includes: port identifier information that is connected between the IT device and the slave switch.
  • the setting module includes: a first writing unit, configured to write the first port identification information into a first designated byte of the IP address when the switch includes only a master switch; and the second writing unit Writing, in the switch, the master switch and the slave switch, the second port identifier information to the first designated byte of the IP address, and writing the third port identifier information to the first address of the IP address Specifying a byte and/or writing the first port identification information to a first designated byte of the IP address.
  • the port of the master switch includes: a first uplink uplink port and a first access port, wherein the master switch is connected to the host computer through the uplink port, where the master The switch is connected to the IT device by using the access port, where the first port identification information is the access port identification information;
  • the port of the master switch includes: An uplink uplink port, the first access access port, and a trunk trunk port, where the slave switch port includes: a second uplink uplink port and a second access port, wherein the trunk of the master switch The port is connected to the second uplink uplink port of the slave switch, and the slave switch is connected to the IT device by using the second access access port, where the second port identifier information is the trunk port identifier information.
  • the third port identification information is the second access port identification information.
  • the device further includes: a sending module, configured to send an untagged message, and trigger a redirection operation of the master switch and the slave switch, where the destination IP address of the untagged message carries the first specified word And the second specified byte information, the redirecting is: the master switch redirects the untag message to the first access port according to a preset rule and the first specified byte information Or the trunk port, the slave switch redirects the untag message to the second access port according to the preset rule and the second specified byte, where the preset rule is the master switch And using an access control list ACL from the switch on the first uplink port and the second uplink port setting.
  • a sending module configured to send an untagged message, and trigger a redirection operation of the master switch and the slave switch, where the destination IP address of the untagged message carries the first specified word And the second specified byte information
  • the redirecting is: the master switch redirects the untag message to the first access port according to a preset rule and the first specified byte information Or the trunk port, the slave
  • the port identifier information that is connected between the IT device and the switch is carried in the request packet sent by the IT device to the host computer, and the host device sets the port identification information in the IP address allocated by the IT device, and the IP address is set.
  • FIG. 1 is a schematic structural diagram of a centralized management platform for an IT device in the related art
  • FIG. 2 is a flow chart of a method for determining an information technology IT device port according to an embodiment of the present invention
  • FIG. 3 is a block diagram showing the structure of an apparatus for determining an information technology IT device port according to an embodiment of the present invention
  • FIG. 4 is a block diagram 1 of an optional structure of an apparatus for determining an information technology IT device port according to an embodiment of the present invention
  • FIG. 5 is a second structural block diagram of an apparatus for determining an information technology IT device port according to an embodiment of the present invention.
  • FIG. 6 is a structural block diagram of a centralized management platform for an IT device according to an alternative embodiment of the present invention.
  • FIG. 7 is a schematic diagram of a format of a message according to an optional embodiment of the present invention.
  • FIG. 8 is a schematic diagram of packet encapsulation when a host computer communicates with an IT device according to an alternative embodiment of the present invention.
  • FIG. 9 is a flowchart of a processing method for an upper computer to allocate an IP address according to a VLAN according to an optional embodiment of the present invention.
  • FIG. 10 is a schematic diagram of a centralized management of a magnetic array in accordance with an alternative embodiment of the present invention.
  • FIG. 2 is a flowchart of a method for determining an IT device port of an information technology according to an embodiment of the present invention. As shown in FIG. 2, the steps of the method include:
  • Step S202 The upper computer receives the request message sent by the IT device.
  • the request packet carries port identification information that is connected between the IT device and the switch.
  • Step S204 The host computer sets port identification information in an IP address assigned to the IT device.
  • Step S206 The host computer presents the IP address with the port identification information to the user.
  • the port identifier information that is connected between the IT device and the switch is carried in the request packet sent by the IT device to the upper device, and the host device sets the port identification information in the IP address allocated by the IT device, and presents the IP address.
  • This embodiment can be applied to multiple application scenarios.
  • the following two scenarios are used to illustrate the present invention.
  • the port identifier information includes: first port identifier information, where the first port identifier information is the port identifier information that is connected between the master switch and the IT device.
  • the port identifier information includes: the second port identifier information and the third port identifier information and/or the first port identifier information
  • the second port identifier information includes: the master switch and the The port identification information that is connected from the switch
  • the third port identification information includes: port identification information that is connected between the IT device and the slave switch.
  • the manner in which the upper-level device sets the port identification information in the IP address assigned to the IT device in this embodiment may be implemented as follows:
  • the host computer writes the first port identifier information into the first specified byte of the IP address
  • the host computer writes the second port identifier information into the first designated byte of the IP address, and writes the third port identifier information into the second designation of the IP address. Bytes and/or write the first port identification information to the first specified byte of the IP address.
  • the method for setting the port identification information in the IP address of the IT device in the above application scenario is only used as an example. In other application scenarios, corresponding adjustments can be made according to the actual situation.
  • the port of the master switch includes: a first uplink uplink port and a first access port, wherein the master switch is connected to the host computer through the uplink port, and the master switch is connected to the IT device through the access port.
  • the port identification information is the access port identification information;
  • the ports of the master switch include: a first uplink uplink port, a first access access port, and a trunk trunk port
  • the slave switch port includes: a second uplink uplink port and a second interface
  • the trunk port of the master switch is connected to the second uplink uplink port of the slave switch
  • the slave switch is connected to the IT device through the second access port
  • the second port identifier information is trunk port identifier information
  • the third port is The identification information is the second access port identification information.
  • the untagged packet can be sent to the master switch by the switch, and the untagged packet can be sent through the first specified byte information and the second specified byte information carried in the destination IP address of the untagged packet. Redirect to the port of the master switch or slave switch.
  • the specific implementation can be as follows:
  • Step S11 The master switch and the slave switch use the access control list ACL to set a preset rule on the first uplink port and the second uplink port;
  • Step S12 The upper computer sends an untagged message, and triggers a redirection operation of the master switch and the slave switch, where the destination IP address of the untagged packet carries the first specified byte information and the second specified byte information;
  • the master switch redirects the untagged packet to the first access port or the trunk port according to the preset rule and the first specified byte information, and the slave switch redirects the untagged packet according to the preset rule and the second specified byte. Go to the second access port.
  • a device for determining the port of the information technology IT device is further provided, and the device is configured to implement the foregoing embodiment and the optional implementation manner, and details are not described herein.
  • the term “module” "unit” may implement a combination of software and/or hardware of a predetermined function.
  • the apparatus described in the following embodiments is preferably implemented in software, hardware, or a combination of software and hardware, is also possible and contemplated.
  • FIG. 3 is a structural block diagram of a device for determining an information technology IT device port according to an embodiment of the present invention.
  • the device is located on a host computer side, and the device includes: a receiving module 32, configured to receive a request message sent by an IT device, where the request message is The interface carries the port identification information of the IT device and the switch; the setting module 34 is coupled to the receiving module 32, and is configured to set the port identification information in the IP address assigned to the IT device; the presentation module 36 is coupled and connected to the setting module 34. Set to present the IP address with the port identification information to the user.
  • the port identifier information may include: first port identifier information, where the first port identifier information is port identifier information that is connected between the master switch and the IT device;
  • the port identifier information may include: second port identifier information and third port identifier information and/or first port identifier information, where the second port identifier information includes: the master switch and the slave switch The port identification information of the switch, and the third port identifier information includes: port identification information of the IT device and the slave switch.
  • the setting module 34 includes a first writing unit 42 configured to include only a master switch when the switch includes only the master switch. Writing the first port identification information to the first specified byte of the IP address; the second writing unit 44 is configured to write the second port identification information into the first designation of the IP address when the switch includes the master switch and the slave switch. The byte writes the third port identification information to the second designated byte of the IP address and/or writes the first port identification information to the first designated byte of the IP address.
  • the switch involved in the device of this embodiment may be only one master switch, or one master switch and one slave switch;
  • FIG. 5 is a second structural block diagram of an apparatus for determining an information technology IT device port according to an embodiment of the present invention.
  • the device further includes:
  • the sending module 52 is configured to send an untagged message, and trigger a redirection operation of the master switch and the slave switch, where the destination IP address of the untagged packet carries the first specified byte information and the second specified byte information, and is redirected.
  • the master switch redirects the untagged message to the first access port or the trunk port according to the preset rule and the first specified byte information
  • the slave switch redirects the untagged message to the second specified byte according to the preset rule and the second specified byte.
  • the second access port, the preset rule is set for the primary switch and the secondary switch using the access control list ACL on the first uplink port and the second uplink port.
  • the optional embodiment provides a method for centrally managing an IT device.
  • the IP address is assigned according to the connection location of the IT device and the switch, and the user can determine the specific port of the IT device connected to the switch according to the IP address of the IT device.
  • the optional embodiment further provides a centralized management platform for an IT device, the platform includes: a host computer, where the DHCP server and the management background reside; the main switch is configured to adopt a Gigabit Ethernet switch, and provides a plurality of 1000M/100M adaptive Ethernet port, supporting VLAN, QinQ, ACL and other functions; from switch, It is configured to use a 100M Ethernet switch and provides several 100M adaptive Ethernet ports and at least one 1000M/100M adaptive Ethernet port to support VLAN and ACL functions. IT equipment is set to provide at least one 1000M/100M. Adaptive Ethernet port.
  • one port of the main switch is connected to the upper computer, and the remaining ports can be directly connected to the IT device.
  • the primary switch connects to the port through the switch. For example, if the total number of ports on the primary switch is N, the maximum number of N-1 IT devices can be directly connected. If all switches are connected to the switch and each switch has M ports, you can connect (M-1) IT devices. Up to (N-1)*(M-1) IT devices can be managed.
  • the IT device pre-sintering requests a unique MAC address from the IEEE, and uses the Dynamic Host Configuration (DHCP) protocol to obtain an ip address from the DHCP server.
  • DHCP Dynamic Host Configuration
  • Step S302 The primary switch is connected to the upper computer, the switch, or the IT device, and the primary switch completes configurations such as VLAN, QinQ, and ACL.
  • Step S304 Connect the switch from the IT device to complete the configuration of the VLAN and the ACL.
  • Step S306 The IT device requests an IP address from the DHCP server by using a DHCP request message.
  • Step S308 The DHCP server of the host computer receives the request message of the IT device, determines the port number of the IT device connected to the switch, and allocates an IP address for the IT device;
  • Step S310 The upper computer management background starts centralized management of the IT equipment.
  • any network port of the main switch is connected to the host computer.
  • the port of the primary switch such as No. 1
  • the port of the largest port such as No. 24 of the 24-port switch
  • the port of the main switch connected to the host computer is called the uplink port, and is divided into VLANs. It is set to trunk mode, QinQ is enabled, and ACL rules are set.
  • the port on which the main switch is connected to the IT device is called the access port.
  • the VLAN is set to access mode. QinQ is not enabled.
  • the port connected to the switch from the switch is called the trunk port.
  • the VLAN is divided into trunk mode and QinQ is enabled.
  • the VLAN is divided into: uplink port, access port, or trunk port.
  • the PVID is the same as the port number, and the uplink port is added to the same VLAN as each access port or trunk port.
  • Port 24 of the 24-port switch is connected to the host computer, and ports 1 to 23 are connected to 23 slave switches or IT devices.
  • the PVIDs of ports 1 to 23 are VLAN 1 to VLAN 23, respectively, and the PVID of port 24 is 24, and It belongs to VLAN1 to VLAN23 at the same time.
  • Enable QinQ including the customer port type with the trunk port set to QinQ, and the uplink port type set to the QinQ uplink port type.
  • the uplink port sets an ACL rule to redirect to the target access port or trunk port according to the destination IP address of the untag packet.
  • step S304 the GE switch is connected to the main switch, and the remaining FE ports are connected to the IT device.
  • the primary switch from the port number of the switch, such as the number 1 or the port of the largest port, such as port 24 of the 24-port switch.
  • the port that connects the switch from the switch is called the uplink port.
  • the VLAN is set to the trunk mode and the ACL rule is set.
  • the port that connects the IT device from the switch is called the access port, and the VLAN is set to access mode.
  • the uplink port is switched from the switch. QinQ is not enabled on the access port.
  • the VLAN division includes: the uplink port and the PVID of the access port are the same as the port number, and the uplink port and each access port are added to the same VLAN.
  • the GE1 (25) port of the 24FE+2GE switch is connected to the host computer, and the ports 1 to 24 are connected to 24 IT devices.
  • the PVIDs of the 1st to the 24th are the PVID of the port 1 to VLAN 24 and the port 25 respectively. It is VLAN 25 and is also assigned to VLAN 1 to VLAN 24.
  • the uplink port sets an ACL rule and redirects to the target access port according to the destination IP address of the untag packet.
  • step S306 the IT device sends a DHCP request message to the host computer. If the IT device is connected to the main switch, only one VLAN tag is carried, and the VLAN is the access port number of the IT switch connected to the IT device. If the IT device is connected to the switch, it carries two VLAN tags. The VLAN carried by the inner VLAN tag is the access port number of the IT device connected to the switch. The VLAN carried by the outer VLAN tag is the trunk port number of the switch connected to the switch.
  • the DHCP server extracts the VLAN tag carried in the DHCP request packet sent by the IT device. If there is only one VLAN tag, the VLAN tag carried by the VLAN tag is extracted as the access port number (the access port of the primary switch at this time). If there are two VLAN tags, extract the packets carried by the outer VLAN tag. The VLAN is marked as the trunk port number (the trunk port number of the primary switch at this time), and the VLAN tag carried by the inner VLAN tag is extracted as the access port number of the IT device (in this case, the access port of the slave switch).
  • the DHCP server allocates the IP address and subnet mask of the IT device according to the trunk port number and the access port number carried in the VLAN tag.
  • the third byte of the IP address is filled in from the access port number of the switch, and the fourth byte is filled in the main switch. Access port number or trunk port number.
  • the management background displays the IP address of the IT device, and the user can determine the location of the IT device according to the IP address.
  • the management background sends management packets to the IT device.
  • the management packets can be untagged or tagged as required.
  • the message sent by the IT device to the host computer is an untagged message.
  • the basic VLAN, QinQ, ACL, and other technologies are used to skillfully determine the connection relationship between the IT device and the switch port, and use this connection relationship to dynamically allocate the IP address of the IT device, so that the user according to the IT
  • the IP address of the device makes it easy to determine the location of the IT device.
  • the host computer and each IT device complete message interaction in a single VLAN domain, which is more secure and reliable than a common broadcast domain. When the number of primary switch ports cannot meet the management requirements, you can expand the ports by using the switch.
  • FIG. 6 is a structural block diagram of a centralized management platform for an IT device according to an alternative embodiment of the present invention.
  • the host computer resides in a management background and a DHCP server, wherein the DHCP server is configured to allocate an IP address and a subnet mask to the IT device.
  • Code; management background is a software platform for centralized management of IT equipment.
  • the upper computer usually uses the Windows operating system. It is possible to filter out the VLAN tag by default. In this case, you need to enable the VLAN function in the NIC properties.
  • the main switch uses a GE switch.
  • the GE switch is used.
  • a host computer centrally manages multiple IT devices, and the upstream traffic is large. Therefore, the port connected to the host computer is at least Gigabit bandwidth (GE).
  • GE gigabit bandwidth
  • the port of the main switch is not enough, it needs to be cascaded from the switch expansion port.
  • the management traffic of a single IT device can be satisfied with a 100M network port (FE). From the cost reduction, the FE switch is selected from the switch.
  • the port connected to the primary switch is GE. On the one hand, it ensures that there is enough upstream bandwidth from the switch, and on the other hand, it does not occupy the FE port number, so that IT devices can be serially numbered.
  • the switch can also use the FE port to connect to the primary switch.
  • the access port of the main switch is in access mode, and the outbound mode is untag mode. That is, the untag message is sent to the IT device.
  • the uplink port and the trunk port of the main switch are in the trunk mode.
  • the outgoing port of the uplink port is in the tag mode. That is, the packets sent by the master switch to the host computer do not strip the VLAN tags.
  • the outgoing port of the trunk port is in the untag mode. Strip the VLAN tag from the packet from the switch.
  • the receiving and receiving ports on the switch are all untagged packets.
  • the uplink port is in the trunk mode, and the outgoing port is in the tag mode, that is, the packet sent from the switch to the primary switch carries the VLAN tag.
  • VLAN division of the primary switch in Figure 6 is as shown in Table 1:
  • FIG. 1 shows the VLAN division from the switch as shown in Table 2:
  • the primary switch only enables QinQ on the uplink port and the trunk port, and the access port does not enable QinQ.
  • the untag packet sent by the IT device connected to the access port of the main switch has only one VLAN tag (single vlan tag).
  • the VLAN tag is the internal tag of the main switch.
  • the VLAN is the access port number.
  • the packet sent from the IT device connected to the access port of the switch has two VLAN tags (double vlan tag).
  • the inner VLAN tag is the inner tag of the switch, and the VLAN is the access port number of the switch.
  • the outer VLAN TAG is the outer label of the QinQ function of the primary switch.
  • the VLAN is the trunk port number of the primary switch. For easy differentiation, the TPID of the outer VLAN tag is usually set to 0x9100.
  • the IP address shown in FIG. 7 is an algorithm for the upper computer to allocate to the IT device.
  • the subnet mask used in the alternative embodiment is 255.0.0.0.
  • the BYTE1 of the IP address is a custom network address
  • BYTE2 is a private information of the IT device. It is used to record the unique identifier of the IT device. This field is not mandatory. It can reflect the private characteristics of the IT device in the characteristic case. For example, the slot number of the magnetic array dual control can be recorded.
  • BYTE3 and BYTE4 indicate the port location information of the IT device connected to the switch. When BYTE3 is non-zero, it indicates the access port number of the switch, and BYTE4 indicates the trunk port number of the main switch.
  • the IT device is connected to the access port of the slave switch.
  • BYTE3 is 0, BYTE3 does not indicate the specific port number on the switch.
  • BYTE4 is the access port number of the primary switch.
  • the IT device is connected to the access port of the primary switch.
  • the IP address of D4 in Figure 4 is assigned as 130.0.4.2 and the subnet mask is 255.0.0.0. Assuming that D4 is connected to GE2 of the primary switch, the IP address is 130.0.0.2.
  • FIG. 8 is a schematic diagram of packet encapsulation when the host computer communicates with the IT device according to an alternative embodiment of the present invention.
  • the packet sent by the IT device D4 to the upper computer is called an uplink packet, and the upper computer sends the packet to the upper device.
  • the packet of the IT device D4 is called a downlink packet.
  • the uplink packet sent by the IT device D4 is an untagged packet.
  • the switch sets the PVID to 4 on the access interface FE4, and both GE3 and FE4 join VLAN 4.
  • the destination MAC address of the uplink packet is the MAC address MAC1 of the host computer. After the switch receives the packet from the FE4, it puts a VLAN tag and carries VLAN 4.
  • the PVID set on the trunk interface GE3 is 3, and the VLAN 4 and the PVID carried in the outgoing packets are inconsistent. Therefore, the packets sent by GE3 still carry VLAN 4.
  • the PVID of the master switch is set to 2, and the QinQ customer port type is enabled.
  • the uplink packet is tagged with the outer VLAN tag and carries VLAN 2.
  • the primary switch has enabled the QinQ uplink port type on GE1.
  • the packets sent by GE1 carry two VLAN tags. By extracting the two VLAN tags of the QinQ packet, the host computer determines that the location of the IT device D4 is the FE4 of the slave switch of the GE2 of the primary switch, and then assigns the IP address of the D4 according to the two VLAN tags.
  • the upper computer adopts the Windows commercial operating system, which is limited by the network card type and third-party software, it is usually not possible to directly send tag messages.
  • Some network cards cannot support the network card to join multiple VLANs even if they can send tag messages. Only high-end network cards can Support Vlan trunk function.
  • the host computer can also send tag messages by installing VMware virtual machines and adopting high-end network cards that support VLAN trunking.
  • the invention does not limit the sending of untag messages or tag messages by the upper computer, and both modes can be supported.
  • the former has low requirements on the software and hardware configuration of the host computer and is highly versatile, but requires more configuration of the switch.
  • the latter has higher requirements on the software and hardware configuration of the host computer.
  • the downlink packets are forwarded completely in the QinQ process within the switch, and the configuration of the switch is less.
  • the packet sent by the host computer is encapsulated in each node as shown in Figure 8. If the host sends a tag packet, it is divided into two cases: if it is sent to the access port of the master switch, only one VLAN is required to be encapsulated.
  • the tag carries the VLAN as the access port number of the primary switch. If it is sent to the access port of the switch, it needs to encapsulate two VLAN tags.
  • the VLAN carried by the outer VLAN tag is the trunk port number of the primary switch, and the inner VLAN tag.
  • the carried VLAN is the access port number of the slave switch.
  • the tag packet is forwarded to the customer port by the QinQ uplink port in the master switch and the slave switch. For example, in Figure 8, the downlink packet carries two VLAN tags.
  • the master switch receives the downlink packet on GE1 and finds that it is a tag.
  • the ACL rule is not triggered.
  • the VLAN is forwarded to GE2 and GE2 according to the VLAN domain of the outer VLAN.
  • the value is the customer port type. Therefore, the packets sent by GE2 are stripped of the outer VLAN tag.
  • Received the downlink from the switch on GE3 If the packet is found to be a tagged packet, the ACL rule will not be triggered.
  • the VLAN domain of the inner VLAN is forwarded to the FE4.
  • the FE4 is the access port type. Therefore, the packets sent by the FE4 are stripped of the inner VLAN tag.
  • the switch can only receive the untagged packet from the switch.
  • the VLANs carried by the primary switch and the VLAN tag that the switch uses on the uplink port are PVIDs. Therefore, the primary switch and the slave switch L2.
  • the table has only the host MAC address plus the PVID entry on the uplink port.
  • Problem 1 The upstream packet search L2 table cannot find the entry of the access port's corresponding VLAN to the host computer. It can only be broadcast in the VLAN domain. Although it can be sent from the uplink port, the switch may limit the rate of broadcast packets. Packet loss; Question 2: Because the PVID of the uplink port is not in the same VLAN domain as the PVID of the access port, the downstream packets cannot be forwarded.
  • the uplink port has an entry for each access port or the home VLAN of the trunk port, you need to manually add 23 entries.
  • the implementation method is as follows:
  • the primary switch sets an ACL rule on the uplink port, and redirects to the corresponding port according to the BYTE4 (non-zero value) of the destination IP address of the untag packet.
  • the packet sent by GE2 is an untagged packet. Therefore, the switch also needs to set an ACL rule on the uplink port to redirect the port to the corresponding port according to the BYTE3 (non-zero value) of the destination IP address of the untagged packet.
  • the ACL rules set by the master and slave switches on the uplink port in Figure 8 are as shown in Table 4:
  • the star network is used. Because the QinQ can only carry two VLAN tags, the cascading depth of the switch can only be the second level. It is not supported to continue the cascade switch from the switch. According to the management platform shown in Figure 6, If the main switch adopts 24GE switch and the switch uses 24FE+2GE switch, the present invention supports up to 552 IT devices at the same time, which is sufficient for centralized management.
  • the DHCP server of the upper computer does not adopt the standard DHCP process for assigning an IP address according to the MAC address, but assigns an IP address according to the VLAN.
  • FIG. 9 is an example.
  • the upper computer allocates an IP address according to the VLAN according to an optional embodiment of the present invention.
  • FIG. 10 is a schematic diagram of a centralized management of a magnetic array according to an alternative embodiment of the present invention.
  • the main cabinet of the magnetic array usually has two controller slots, which can be inserted into two controller boards, and the magnetic array main The cabinet dual controller Slot IDs are 0 and 1, respectively. If each controller is connected to a switch access port, it is bound to reduce the number of small chassis connected to the switch.
  • the present invention also proposes a method for reducing the waste of the switch port for this scenario.
  • the access port is connected to a hub (HUB), and all the boards in each chassis are connected to the HUB, so that one chassis only occupies one switch port. All ports on the HUB are in a broadcast domain and can be forwarded without configuration.
  • UOB hub
  • FIG. 6 shows a schematic diagram of managing a magnetic array.
  • GE1 of the main switch and FE2 of the switch are connected to each HUB.
  • the main control cabinet A of the magnetic array is connected to HUB1, and the main control cabinet B of the magnetic array is connected to HUB2.
  • the main control cabinet of the magnetic array is A.
  • the IP address corresponding to slot 0 is 130.0.0.1
  • the IP address corresponding to slot 1 is 130.1.0.1
  • the IP address corresponding to slot 0 of the magnetic array main control cabinet B is 130.0.1.2
  • the IP address corresponding to slot 1 is 130.1.1.2.
  • more magnetic arrays can be managed centrally.
  • the optional embodiment provides a method for centralized management of an IT device, using a double vlan to carry the port number of the IT device connected to the switch, and setting the IP address of the IT device according to the port number, so that the user according to the IT
  • the IP address of the device can be used to determine the specific location.
  • the method and apparatus for determining the port of the information technology IT device provided by the embodiment of the present invention have the following beneficial effects: the related art can only determine the IT device by manually recording the IP address at the port position of the switch. The specific location problem allows the user to easily determine the location of the IT device based on the IP address of the IT device.

Abstract

The present invention provides a method and an apparatus for determining an Information Technology (IT) device port, wherein the method includes: an upper computer receives a request message sent from the IT device, wherein the request message carries identification information of the port where the IT device connects with a switch; the upper computer sets the port identification information in an IP address allocated for the IT device; and the upper computer presents the IP address set with the port identification information to a user. The present invention solves the problem in related art of determining the specific location of the IT device only by manually recording the location of the port in the switch where the IP address is located, and enables the user to determine the location of the IT device according to the IP address of the IT device conveniently.

Description

信息技术IT设备端口的确定方法及装置Method and device for determining information technology IT equipment port 技术领域Technical field
本发明涉及通信领域,具体而言,涉及一种信息技术IT设备端口的确定方法及装置。The present invention relates to the field of communications, and in particular to a method and apparatus for determining an IT device port of an information technology.
背景技术Background technique
随着政企网、物联网的快速发展,磁阵、机顶盒等IT设备逐渐得到广泛应用。IT设备的特点是小型化,通常是一个单体设备或者小型机框。IT设备提供一个管理网口,在产品标签上标明了管理网口的硬件地址(Media Access Control简称为MAC)地址和网络之间的互联协议(Internet Protocol简称为IP)地址。这个MAC地址是全球唯一的,通常是预先烧结到现场可更换单元(Field Replaceable Unit简称为FRU)中。标签上的IP地址是初始值,特点是所有IT设备的初始IP地址都是相同的,以便用户首次登录设备,譬如无线路由器的初始IP地址通常都是192.168.1.1。用户可以在登录IT设备后可以修改成新的IP地址。With the rapid development of government and enterprise networks and the Internet of Things, IT equipment such as magnetic arrays and set-top boxes have been widely used. IT equipment is characterized by miniaturization, usually a single device or a small chassis. The IT device provides a management network port, and the hardware address (Media Access Control abbreviated as MAC address) of the management network port and the Internet Protocol (IP) address between the network are indicated on the product label. This MAC address is globally unique and is usually pre-sintered into a Field Replaceable Unit (FRU). The IP address on the label is the initial value. The initial IP address of all IT devices is the same, so that the user can log in to the device for the first time. For example, the initial IP address of the wireless router is usually 192.168.1.1. Users can modify to a new IP address after logging in to the IT device.
用户通常使用以太网交换机switch来实现对多个IT设备的集中管理。switch的L2层(Layer 2)转发原理是通过查找L2表中的MAC+VLAN条目找到转发端口,L2只能在同一个虚拟局域网(Virtual Local Area Network简称为VLAN)内通信,转发后包的内容不会改变,但是可以添加或者删除VLAN TAG。VLAN TAG是IEEE 802.1Q定义的4字节标签,包含12bit VLAN。VLAN通常工作在两种模式:access模式和trunk模式,其中access模式的端口只能划分一个端口VLAN,入向丢弃携带VLAN TAG(tag)的报文,只接收不携带VLAN TAG(untag)的报文,switch内部打上默认VLAN,一般为端口VLAN(PVID),出向再剥离PVID,常用于接入网络设备;trunk模式的端口可以加入多个VLAN,入向和出向对untag报文的处理流程同access模式一样,入向可以接收在允许VLAN范围内的tag报文,出向会对比VLAN与PVID,如果相同,剥离VLAN标签,发出untag报文。如果不相同,不剥离VLAN标签,发出tag报文,常用于交换机之间的级联。Users typically use an Ethernet switch switch to centrally manage multiple IT devices. The L2 layer (Layer 2) forwarding principle of the switch is to find the forwarding port by looking up the MAC+VLAN entry in the L2 table. L2 can only communicate in the same virtual local area network (Virtual Local Area Network for short), and forward the contents of the packet. Will not change, but you can add or remove VLAN TAG. The VLAN TAG is a 4-byte tag defined by IEEE 802.1Q and contains a 12-bit VLAN. A VLAN usually works in two modes: access mode and trunk mode. The access mode port can only be assigned to one port VLAN. The packets carrying the VLAN TAG (tag) are discarded. Only the packets carrying the VLAN TAG (untag) are received. The switch is internally configured with the default VLAN, which is usually the port VLAN (PVID). The outgoing and stripped PVIDs are used to access the network device. The trunk port can be added to multiple VLANs. The inbound and outbound processing of untag packets is the same. In the access mode, the inbound direction can receive the tag packets in the allowed VLAN range. The outbound direction compares the VLAN with the PVID. If they are the same, the VLAN tag is stripped and the untagged packet is sent. If they are not the same, the VLAN tag is not stripped and a tag is sent. This is often used for cascading between switches.
802.1q协议定义的VLAN最多只有4096个,为了扩展VLAN数量,产生了QinQ(VLAN stacking或double VLAN)技术,它在原有802.1Q报文的基础上又增加一层802.1Q标签,使得VLAN数量增加到4096*4096。同时,QinQ报文的内层VLAN标 签(inner VLAN TAG)表示用户私网信息,外层VLAN标签(outer VLAN TAG)表示公网信息,可以穿越运营商网络,实现私网VLAN标签的透明传送。The number of VLANs defined by the 802.1q protocol is only 4096. In order to expand the number of VLANs, the QinQ (VLAN stacking or double VLAN) technology is added. The 802.1Q label is added to the original 802.1Q packet to increase the number of VLANs. To 4096*4096. At the same time, the inner VLAN tag of the QinQ packet The inbound VLAN (TAG) indicates the private network information of the user. The outer VLAN tag (outer VLAN tag) indicates the public network information and can traverse the carrier network to transparently transmit the private network VLAN tag.
QinQ有customer和uplink两种端口类型,其中customer端口类型接入用户网络,uplink端口类型接入服务运营商网络,QinQ在customer端口接收到的报文无论是否携带VLAN TAG均强制插入一个外层VLAN标签,customer端口发出报文时再剥离外层VLAN标签。uplink端口不插入也不剥离外层标签,只是透传QinQ报文。QinQ has two types of ports: customer and uplink. The customer port type is connected to the user network. The uplink port type is used to access the service provider network. The packets received by QinQ on the customer port are forced to be inserted into an outer VLAN regardless of whether the VLAN tag is carried. If the customer port sends a packet, the outer VLAN tag is stripped. The uplink port does not insert or strip the outer label, but transparently transmits QinQ packets.
switch支持ACL(Access Control List)功能,用户可以通过设置ACL规则过滤网络中的流量,以达到访问控制的目的。触发的动作(action)包括修改(modify)、丢弃(drop)、重定向(redirection)、上送CPU(copy to CPU)等。The switch supports the ACL (Access Control List) function. You can set the ACL rule to filter traffic on the network to achieve access control. The action triggered includes modification, drop, redirection, copy to CPU, and so on.
图1是相关技术中的IT设备集中管理平台结构示意图,如图1所示,该平台由一个上位机、一个switch和若干个IT设备组成,每个IT设备的管理网口连接交换机的一个网口。该平台面临的主要问题是每个IT设备的出厂IP地址都一样,当多个IT设备连接一个switch,必然出现IP地址冲突。相关技术中解决上述IP地址冲突的方式是上位机的DHCP server通过标准DHCP流程为每个IT设备分配IP地址。如图1中,IT设备向上位机发送DHCP请求报文,携带了IT设备的MAC地址,上位机根据事先配置的地址池根据MAC地址为IT设备分配IP地址。1 is a schematic structural diagram of a centralized management platform for an IT device in the related art. As shown in FIG. 1 , the platform is composed of a host computer, a switch, and a plurality of IT devices, and a management network port of each IT device is connected to a network of the switch. mouth. The main problem facing the platform is that the IP address of each IT device is the same. When multiple IT devices are connected to a switch, IP address conflicts must occur. The solution to the above IP address conflict in the related art is that the DHCP server of the upper computer allocates an IP address to each IT device through a standard DHCP process. As shown in Figure 1, the IT device sends a DHCP request message to the host computer, which carries the MAC address of the IT device. The host computer allocates an IP address to the IT device according to the MAC address according to the previously configured address pool.
相关技术中采用的方式存在的问题是:IT设备与switch的连接是随机的,由于每个IT设备的MAC地址是唯一的,因此同一个IT设备连接switch的任意端口分配的IP地址始终是一样的,即IP地址与switch的端口没有对应关系。在需要用户确定IT设备的具体位置时,采用上述方法只能手动记录IP地址在switch的端口位置,如果IT设备和switch的连接位置发生变化,用户需要再次通过手动记录的方式查找IT设备的端口位置。The problem in the related art is that the connection between the IT device and the switch is random. Since the MAC address of each IT device is unique, the IP address assigned to any port of the same IT device connected to the switch is always the same. The IP address does not correspond to the port of the switch. When the user needs to determine the specific location of the IT device, the above method can only be used to manually record the IP address at the port of the switch. If the connection location of the IT device and the switch changes, the user needs to manually search the port of the IT device. position.
针对相关技术中只能通过手动记录IP地址在switch的端口位置来确定IT设备的具体位置的问题,目前尚未提出有效的解决方案。For the related art, the problem of determining the specific location of the IT device can only be determined by manually recording the IP address at the port location of the switch, and no effective solution has been proposed yet.
发明内容Summary of the invention
本发明实施例提供了一种信息技术IT设备端口的确定方法及装置,以至少解决相关技术中只能通过手动记录IP地址在switch的端口位置来确定IT设备的具体位置的问题。 The embodiment of the invention provides a method and a device for determining an IT device port of an information technology, so as to at least solve the problem in the related art that the specific location of the IT device can be determined only by manually recording the IP address at the port position of the switch.
根据本发明的一个实施例,提供了一种信息技术IT设备端口的确定方法,包括:上位机接收所述IT设备发送的请求报文,其中,所述请求报文中携带有所述IT设备与交换机连接的端口标识信息;所述上位机在为所述IT设备分配的IP地址中设置所述端口标识信息;所述上位机将设置有所述端口标识信息的IP地址呈现给用户。According to an embodiment of the present invention, there is provided a method for determining an information technology IT device port, comprising: receiving, by a host computer, a request message sent by the IT device, wherein the request message carries the IT device Port identification information that is connected to the switch; the host computer sets the port identification information in an IP address assigned to the IT device; and the upper computer presents the IP address with the port identification information to the user.
在所述交换机只包括:主交换机时,所述端口标识信息包括:第一端口标识信息,其中,所述第一端口标识信息为所述主交换机与所述IT设备连接的端口标识信息;在所述交换机包括主交换机和从交换机时,所述端口标识信息包括:第二端口标识信息、第三端口标识信息和/或所述第一端口标识信息,其中,所述第二端口标识信息包括:所述主交换机与从交换机连接的端口标识信息,所述第三端口标识信息包括:所述IT设备与所述从交换机连接的端口标识信息。When the switch includes only the master switch, the port identifier information includes: first port identifier information, where the first port identifier information is port identifier information that is connected between the master switch and the IT device; When the switch includes the master switch and the slave switch, the port identifier information includes: second port identifier information, third port identifier information, and/or the first port identifier information, where the second port identifier information includes The port identification information that is connected between the master switch and the slave switch, and the third port identifier information includes: port identifier information that is connected between the IT device and the slave switch.
所述上位机在为所述IT设备分配的IP地址中设置所述端口标识信息包括:在所述交换机只包括主交换机时,所述上位机将所述第一端口标识信息写入所述IP地址的第一指定字节;在所述交换机包括主交换机和从交换机时,所述上位机将所述第二端口标识信息写入所述IP地址的所述第一指定字节、将所述第三端口标识信息写入所述IP地址的第二指定字节和/或将所述第一端口标识信息写入所述IP地址的第一指定字节。Setting the port identification information in the IP address assigned to the IT device by the host computer includes: when the switch includes only the master switch, the host computer writes the first port identifier information into the IP address a first specified byte of the address; when the switch includes the master switch and the slave switch, the host computer writes the second port identification information to the first specified byte of the IP address, The third port identification information is written to the second designated byte of the IP address and/or the first port identification information is written to the first designated byte of the IP address.
在所述交换机只包括主交换机时,所述主交换机的端口包括:第一上行uplink端口、第一接入access端口,其中,所述主交换机通过所述uplink端口与所述上位机连接,所述主交换机通过所述access端口与所述IT设备连接,所述第一端口标识信息为所述access端口标识信息;在所述交换机包括:主交换机和从交换机时,所述主交换机的端口包括:所述第一上行uplink端口、所述第一接入access端口以及中继trunk端口,所述从交换机的端口包括:第二上行uplink端口和第二接入access端口,其中,所述主交换机的所述trunk端口与所述从交换机的所述第二上行uplink端口连接,所述从交换机通过所述第二接入access端口与IT设备连接,所述第二端口标识信息为所述trunk端口标识信息,所述第三端口标识信息为所述第二接入access端口标识信息。When the switch includes only the master switch, the port of the master switch includes: a first uplink uplink port and a first access port, wherein the master switch is connected to the host computer through the uplink port. The master switch is connected to the IT device by using the access port, where the first port identifier information is the access port identifier information; when the switch includes: a master switch and a slave switch, the port of the master switch includes The first uplink uplink port, the first access access port, and the trunk trunk port, the slave switch port includes: a second uplink uplink port and a second access port, where the master switch The trunk port is connected to the second uplink uplink port of the slave switch, and the slave switch is connected to the IT device by using the second access access port, where the second port identifier information is the trunk port. The third port identification information is the second access port identification information.
所述方法还包括:所述上位机发送untag报文,并触发所述主交换机和从交换机的重定向操作,其中,所述untag报文的目的IP地址中携带有所述第一指定字节信息和所述第二指定字节信息;所述重定向为:所述主交换机依据预设规则和所述第一指定字节信息将所述untag报文重定向到所述第一access端口或所述trunk端口,所述从交换机依据所述预设规则和所述第二指定字节将所述untag报文重定向到所述第二access端口,所述预设规则为所述主交换机和从交换机使用访问控制列表ACL在所述第一uplink端口和所述第二uplink端口设置。 The method further includes: the upper computer sends an untag message, and triggers a redirection operation of the master switch and the slave switch, where the destination IP address of the untagged message carries the first specified byte Information and the second specified byte information; the redirection is: the master switch redirects the untag message to the first access port according to a preset rule and the first specified byte information The trunk port, the slave switch redirects the untag message to the second access port according to the preset rule and the second specified byte, where the preset rule is the master switch and The slave access control list ACL is set on the first uplink port and the second uplink port.
根据本发明的另一个实施例,提供了一种信息技术IT设备端口的确定装置,位于上位机侧,包括:接收模块,设置为接收所述IT设备发送的请求报文,其中,所述请求报文中携带有所述IT设备与交换机连接的端口标识信息;设置模块,设置为在为所述IT设备分配的IP地址中设置所述端口标识信息;呈现模块,设置为将设置有所述端口标识信息的IP地址呈现给用户。According to another embodiment of the present invention, there is provided an apparatus for determining an information technology IT device port, located on a host computer side, comprising: a receiving module, configured to receive a request message sent by the IT device, wherein the request The packet carries the port identification information that is connected to the IT device and the switch; the setting module is configured to set the port identification information in an IP address allocated for the IT device; and the presentation module is configured to be configured to be The IP address of the port identification information is presented to the user.
在所述交换机只包括:主交换机时,所述端口标识信息包括:第一端口标识信息,其中,所述第一端口标识信息为所述主交换机与所述IT设备连接的端口标识信息;在所述交换机包括:主交换机和从交换机时,所述端口标识信息包括:第二端口标识信息和第三端口标识信息和/或所述第一端口标识信息,其中,所述第二端口标识信息包括:所述主交换机与从交换机连接的端口标识信息,所述第三端口标识信息包括:所述IT设备与所述从交换机连接的端口标识信息。When the switch includes only the master switch, the port identifier information includes: first port identifier information, where the first port identifier information is port identifier information that is connected between the master switch and the IT device; When the switch includes: a master switch and a slave switch, the port identifier information includes: second port identifier information and third port identifier information, and/or the first port identifier information, where the second port identifier information The device includes: port identification information that is connected between the master switch and the slave switch, and the third port identifier information includes: port identifier information that is connected between the IT device and the slave switch.
所述设置模块包括:第一写入单元,设置为在所述交换机只包括主交换机时,将所述第一端口标识信息写入所述IP地址的第一指定字节;第二写入单元,在所述交换机包括主交换机和从交换机时,将所述第二端口标识信息写入IP地址的所述第一指定字节,将所述第三端口标识信息写入所述IP地址的第二指定字节和/或将所述第一端口标识信息写入所述IP地址的第一指定字节。The setting module includes: a first writing unit, configured to write the first port identification information into a first designated byte of the IP address when the switch includes only a master switch; and the second writing unit Writing, in the switch, the master switch and the slave switch, the second port identifier information to the first designated byte of the IP address, and writing the third port identifier information to the first address of the IP address Specifying a byte and/or writing the first port identification information to a first designated byte of the IP address.
在所述交换机只包括主交换机时,所述主交换机的端口包括:第一上行uplink端口、第一接入access端口,其中,所述主交换机通过所述uplink端口与上位机连接,所述主交换机通过所述access端口与IT设备连接,所述第一端口标识信息为所述access端口标识信息;在所述交换机包括:主交换机和从交换机时,所述主交换机的端口包括:所述第一上行uplink端口、所述第一接入access端口以及中继trunk端口,所述从交换机的端口包括:第二上行uplink端口和第二接入access端口,其中,所述主交换机的所述trunk端口与所述从交换机的所述第二上行uplink端口连接,所述从交换机通过所述第二接入access端口与所述IT设备连接,所述第二端口标识信息为所述trunk端口标识信息,所述第三端口标识信息为所述第二接入access端口标识信息。When the switch includes only the master switch, the port of the master switch includes: a first uplink uplink port and a first access port, wherein the master switch is connected to the host computer through the uplink port, where the master The switch is connected to the IT device by using the access port, where the first port identification information is the access port identification information; when the switch includes: a master switch and a slave switch, the port of the master switch includes: An uplink uplink port, the first access access port, and a trunk trunk port, where the slave switch port includes: a second uplink uplink port and a second access port, wherein the trunk of the master switch The port is connected to the second uplink uplink port of the slave switch, and the slave switch is connected to the IT device by using the second access access port, where the second port identifier information is the trunk port identifier information. The third port identification information is the second access port identification information.
所述装置还包括:发送模块,设置为发送untag报文,并触发所述主交换机和从交换机的重定向操作,其中,所述untag报文的目的IP地址中携带有所述第一指定字节信息和所述第二指定字节信息,所述重定向为:所述主交换机依据预设规则和所述第一指定字节信息将所述untag报文重定向到所述第一access端口或所述trunk端口,所述从交换机依据所述预设规则和所述第二指定字节将所述untag报文重定向到所述第二access端口,所述预设规则为所述主交换机和从交换机使用访问控制列表ACL在所述第一uplink端口和所述第二uplink端口设置。 The device further includes: a sending module, configured to send an untagged message, and trigger a redirection operation of the master switch and the slave switch, where the destination IP address of the untagged message carries the first specified word And the second specified byte information, the redirecting is: the master switch redirects the untag message to the first access port according to a preset rule and the first specified byte information Or the trunk port, the slave switch redirects the untag message to the second access port according to the preset rule and the second specified byte, where the preset rule is the master switch And using an access control list ACL from the switch on the first uplink port and the second uplink port setting.
通过本发明实施例,采用在IT设备向上位机发送的请求报文中携带IT设备与交换机连接的端口标识信息,上位机为IT设备分配的IP地址中设置端口标识信息,并将该IP地址呈现给用户的方式,解决了相关技术中只能通过手动记录IP地址在switch的端口位置来确定IT设备的具体位置的问题,使得用户根据IT设备的IP地址就能方便地确定IT设备的位置。According to the embodiment of the present invention, the port identifier information that is connected between the IT device and the switch is carried in the request packet sent by the IT device to the host computer, and the host device sets the port identification information in the IP address allocated by the IT device, and the IP address is set. The method presented to the user solves the problem that the specific location of the IT device can be determined only by manually recording the IP address at the port position of the switch, so that the user can conveniently determine the location of the IT device according to the IP address of the IT device. .
附图说明DRAWINGS
此处所说明的附图用来提供对本发明的进一步理解,构成本申请的一部分,本发明的示意性实施例及其说明用于解释本发明,并不构成对本发明的不当限定。在附图中:The drawings described herein are intended to provide a further understanding of the invention, and are intended to be a part of the invention. In the drawing:
图1是相关技术中的IT设备集中管理平台结构示意图;1 is a schematic structural diagram of a centralized management platform for an IT device in the related art;
图2是根据本发明实施例的信息技术IT设备端口的确定方法流程图;2 is a flow chart of a method for determining an information technology IT device port according to an embodiment of the present invention;
图3是根据本发明实施例的信息技术IT设备端口的确定装置结构框图;3 is a block diagram showing the structure of an apparatus for determining an information technology IT device port according to an embodiment of the present invention;
图4是根据本发明实施例的信息技术IT设备端口的确定装置可选结构框图一;4 is a block diagram 1 of an optional structure of an apparatus for determining an information technology IT device port according to an embodiment of the present invention;
图5是根据本发明实施例的信息技术IT设备端口的确定装置可选结构框图二;FIG. 5 is a second structural block diagram of an apparatus for determining an information technology IT device port according to an embodiment of the present invention; FIG.
图6是根据本发明可选实施例的IT设备集中管理平台结构框图;6 is a structural block diagram of a centralized management platform for an IT device according to an alternative embodiment of the present invention;
图7是本发明可选实施例的报文的格式示意图;7 is a schematic diagram of a format of a message according to an optional embodiment of the present invention;
图8是根据本发明可选实施例的上位机与IT设备通信时的报文封装示意图;FIG. 8 is a schematic diagram of packet encapsulation when a host computer communicates with an IT device according to an alternative embodiment of the present invention; FIG.
图9是根据本发明可选实施例的上位机根据VLAN分配IP地址的处理方法流程图;9 is a flowchart of a processing method for an upper computer to allocate an IP address according to a VLAN according to an optional embodiment of the present invention;
图10是根据本发明可选实施例的集中管理磁阵的示意图。10 is a schematic diagram of a centralized management of a magnetic array in accordance with an alternative embodiment of the present invention.
具体实施方式detailed description
需要说明的是,在不冲突的情况下,本申请中的实施例及实施例中的特征可以相互组合。下面将参考附图并结合实施例来详细说明本发明。It should be noted that the embodiments in the present application and the features in the embodiments may be combined with each other without conflict. The invention will be described in detail below with reference to the drawings in conjunction with the embodiments.
本实施例提供了一种信息技术IT设备端口的确定方法,图2是根据本发明实施例的信息技术IT设备端口的确定方法流程图,如图2所示,该方法的步骤包括: The embodiment provides a method for determining an IT device port of an information technology. FIG. 2 is a flowchart of a method for determining an IT device port of an information technology according to an embodiment of the present invention. As shown in FIG. 2, the steps of the method include:
步骤S202:上位机接收IT设备发送的请求报文;Step S202: The upper computer receives the request message sent by the IT device.
其中,请求报文中携带有IT设备与交换机连接的端口标识信息;The request packet carries port identification information that is connected between the IT device and the switch.
步骤S204:上位机在为IT设备分配的IP地址中设置端口标识信息;Step S204: The host computer sets port identification information in an IP address assigned to the IT device.
步骤S206:上位机将设置有端口标识信息的IP地址呈现给用户。Step S206: The host computer presents the IP address with the port identification information to the user.
通过本实施例,采用在IT设备向上位机发送的请求报文中携带IT设备与交换机连接的端口标识信息,上位机为IT设备分配的IP地址中设置端口标识信息,并将该IP地址呈现给用户的方式,解决了相关技术中只能通过手动记录IP地址在switch的端口位置来确定IT设备的具体位置的问题,使得用户根据IT设备的IP地址就能方便地确定IT设备的位置。In this embodiment, the port identifier information that is connected between the IT device and the switch is carried in the request packet sent by the IT device to the upper device, and the host device sets the port identification information in the IP address allocated by the IT device, and presents the IP address. The method for the user solves the problem in the related art that the specific location of the IT device can be determined only by manually recording the IP address at the port position of the switch, so that the user can conveniently determine the location of the IT device according to the IP address of the IT device.
本实施例可应用在于多个应用场景中,下面通过以下两个场景对本发明进行举例说明;This embodiment can be applied to multiple application scenarios. The following two scenarios are used to illustrate the present invention;
场景一:在交换机只包括主交换机时,端口标识信息包括:第一端口标识信息,其中,第一端口标识信息为主交换机与IT设备连接的端口标识信息;Scenario 1: When the switch includes only the master switch, the port identifier information includes: first port identifier information, where the first port identifier information is the port identifier information that is connected between the master switch and the IT device.
场景二:在交换机包括主交换机和从交换机时,端口标识信息包括:第二端口标识信息和第三端口标识信息和/或第一端口标识信息,其中,第二端口标识信息包括:主交换机与从交换机连接的端口标识信息,第三端口标识信息包括:IT设备与从交换机连接的端口标识信息。Scenario 2: When the switch includes the master switch and the slave switch, the port identifier information includes: the second port identifier information and the third port identifier information and/or the first port identifier information, where the second port identifier information includes: the master switch and the The port identification information that is connected from the switch, and the third port identification information includes: port identification information that is connected between the IT device and the slave switch.
基于上述应用场景,本实施例中上位机在为IT设备分配的IP地址中设置端口标识信息的方式可以通过如下方式实现:Based on the foregoing application scenario, the manner in which the upper-level device sets the port identification information in the IP address assigned to the IT device in this embodiment may be implemented as follows:
在场景一中,也就是在交换机只包括主交换机时,上位机将第一端口标识信息写入IP地址的第一指定字节;In scenario 1, that is, when the switch includes only the master switch, the host computer writes the first port identifier information into the first specified byte of the IP address;
在场景二中,也就是在交换机包括主交换机和从交换机时,上位机将第二端口标识信息写入IP地址的第一指定字节,将第三端口标识信息写入IP地址的第二指定字节和/或将第一端口标识信息写入IP地址的第一指定字节。In scenario 2, that is, when the switch includes the master switch and the slave switch, the host computer writes the second port identifier information into the first designated byte of the IP address, and writes the third port identifier information into the second designation of the IP address. Bytes and/or write the first port identification information to the first specified byte of the IP address.
上述应用场景中的上位机为IT设备分配IP地址中设置端口标识信息的方式仅仅是用来举例说明,其他的应用场景中的可以根据实际情况进行相应的相应的调整。 The method for setting the port identification information in the IP address of the IT device in the above application scenario is only used as an example. In other application scenarios, corresponding adjustments can be made according to the actual situation.
对于本实施例中还涉及到的主交换机和从交换机的端口模式,而在本实施例的一个可选实施方式中,For the port mode of the master switch and the slave switch, which are also involved in this embodiment, in an optional implementation manner of this embodiment,
在交换机只包括主交换机时,主交换机的端口包括:第一上行uplink端口、第一接入access端口,其中,主交换机通过uplink端口与上位机连接,主交换机通过access端口与IT设备连接,第一端口标识信息为access端口标识信息;When the switch includes only the master switch, the port of the master switch includes: a first uplink uplink port and a first access port, wherein the master switch is connected to the host computer through the uplink port, and the master switch is connected to the IT device through the access port. The port identification information is the access port identification information;
在交换机包括:主交换机和从交换机时,主交换机的端口包括:第一上行uplink端口、第一接入access端口以及中继trunk端口,从交换机的端口包括:第二上行uplink端口和第二接入access端口,其中,主交换机的trunk端口与从交换机的第二上行uplink端口连接,从交换机通过第二接入access端口与IT设备连接,第二端口标识信息为trunk端口标识信息,第三端口标识信息为第二接入access端口标识信息。When the switch includes: a master switch and a slave switch, the ports of the master switch include: a first uplink uplink port, a first access access port, and a trunk trunk port, and the slave switch port includes: a second uplink uplink port and a second interface In the access port, the trunk port of the master switch is connected to the second uplink uplink port of the slave switch, and the slave switch is connected to the IT device through the second access port, and the second port identifier information is trunk port identifier information, and the third port is The identification information is the second access port identification information.
而在本实施例中还可以设计到由交换机向主交换机发送untag报文,通过untag报文的目的IP地址中携带的第一指定字节信息和第二指定字节信息,可以将untag报文重定向到主交换机或从交换机的端口,具体的实现方式可以为以下的方式:In this embodiment, the untagged packet can be sent to the master switch by the switch, and the untagged packet can be sent through the first specified byte information and the second specified byte information carried in the destination IP address of the untagged packet. Redirect to the port of the master switch or slave switch. The specific implementation can be as follows:
步骤S11:主交换机和从交换机使用访问控制列表ACL在第一uplink端口和第二uplink端口设置预设规则;Step S11: The master switch and the slave switch use the access control list ACL to set a preset rule on the first uplink port and the second uplink port;
步骤S12:上位机发送untag报文,并触发主交换机和从交换机的重定向操作,其中,untag报文的目的IP地址中携带有第一指定字节信息和第二指定字节信息;重定向为:主交换机依据该预设规则和第一指定字节信息将untag报文重定向到第一access端口或trunk端口,从交换机依据该预设规则和第二指定字节将untag报文重定向到第二access端口。Step S12: The upper computer sends an untagged message, and triggers a redirection operation of the master switch and the slave switch, where the destination IP address of the untagged packet carries the first specified byte information and the second specified byte information; The master switch redirects the untagged packet to the first access port or the trunk port according to the preset rule and the first specified byte information, and the slave switch redirects the untagged packet according to the preset rule and the second specified byte. Go to the second access port.
在本实施例中还提供了一种信息技术IT设备端口的确定装置,该装置设置为实现上述实施例及可选实施方式,已经进行过说明的不再赘述。如以下所使用的,术语“模块”“单元”可以实现预定功能的软件和/或硬件的组合。尽管以下实施例所描述的装置较佳地以软件来实现,但是硬件,或者软件和硬件的组合的实现也是可能并被构想的。In this embodiment, a device for determining the port of the information technology IT device is further provided, and the device is configured to implement the foregoing embodiment and the optional implementation manner, and details are not described herein. As used below, the term "module" "unit" may implement a combination of software and/or hardware of a predetermined function. Although the apparatus described in the following embodiments is preferably implemented in software, hardware, or a combination of software and hardware, is also possible and contemplated.
图3是根据本发明实施例的信息技术IT设备端口的确定装置结构框图,该装置位于上位机侧,该装置包括:接收模块32,设置为接收IT设备发送的请求报文,其中,请求报文中携带有IT设备与交换机连接的端口标识信息;设置模块34与接收模块32耦合连接,设置为在为IT设备分配的IP地址中设置端口标识信息;呈现模块36于设置模块34耦合连接,设置为将设置有端口标识信息的IP地址呈现给用户。 3 is a structural block diagram of a device for determining an information technology IT device port according to an embodiment of the present invention. The device is located on a host computer side, and the device includes: a receiving module 32, configured to receive a request message sent by an IT device, where the request message is The interface carries the port identification information of the IT device and the switch; the setting module 34 is coupled to the receiving module 32, and is configured to set the port identification information in the IP address assigned to the IT device; the presentation module 36 is coupled and connected to the setting module 34. Set to present the IP address with the port identification information to the user.
可选地,在交换机只包括:主交换机时,端口标识信息可以包括:第一端口标识信息,其中,第一端口标识信息为主交换机与IT设备连接的端口标识信息;Optionally, when the switch includes only the master switch, the port identifier information may include: first port identifier information, where the first port identifier information is port identifier information that is connected between the master switch and the IT device;
在交换机包括:主交换机和从交换机时,端口标识信息可以包括:第二端口标识信息和第三端口标识信息和/或第一端口标识信息,其中,第二端口标识信息包括:主交换机与从交换机连接的端口标识信息,第三端口标识信息包括:IT设备与从交换机连接的端口标识信息。When the switch includes: the master switch and the slave switch, the port identifier information may include: second port identifier information and third port identifier information and/or first port identifier information, where the second port identifier information includes: the master switch and the slave switch The port identification information of the switch, and the third port identifier information includes: port identification information of the IT device and the slave switch.
图4是根据本发明实施例的信息技术IT设备端口的确定装置可选结构框图一,如图4,该设置模块34包括:第一写入单元42,设置为在交换机只包括主交换机时,将第一端口标识信息写入IP地址的第一指定字节;第二写入单元44,设置为在交换机包括主交换机和从交换机时,将第二端口标识信息写入IP地址的第一指定字节,将第三端口标识信息写入IP地址的第二指定字节和/或将第一端口标识信息写入IP地址的第一指定字节。4 is a block diagram of an optional structure of an apparatus for determining an information technology IT device port according to an embodiment of the present invention. As shown in FIG. 4, the setting module 34 includes a first writing unit 42 configured to include only a master switch when the switch includes only the master switch. Writing the first port identification information to the first specified byte of the IP address; the second writing unit 44 is configured to write the second port identification information into the first designation of the IP address when the switch includes the master switch and the slave switch The byte writes the third port identification information to the second designated byte of the IP address and/or writes the first port identification information to the first designated byte of the IP address.
对于本实施例装置涉及到的交换机可以是只有一个主交换机,或者是一个主交换机和一个从交换机;The switch involved in the device of this embodiment may be only one master switch, or one master switch and one slave switch;
图5是根据本发明实施例的信息技术IT设备端口的确定装置可选结构框图二,装置还包括:FIG. 5 is a second structural block diagram of an apparatus for determining an information technology IT device port according to an embodiment of the present invention. The device further includes:
发送模块52设置为发送untag报文,并触发主交换机和从交换机的重定向操作,其中,untag报文的目的IP地址中携带有第一指定字节信息和第二指定字节信息,重定向为:主交换机依据预设规则和第一指定字节信息将untag报文重定向到第一access端口或trunk端口,从交换机依据该预设规则和第二指定字节将untag报文重定向到第二access端口,该预设规则为主交换机和从交换机使用访问控制列表ACL在第一uplink端口和第二uplink端口设置。The sending module 52 is configured to send an untagged message, and trigger a redirection operation of the master switch and the slave switch, where the destination IP address of the untagged packet carries the first specified byte information and the second specified byte information, and is redirected. The master switch redirects the untagged message to the first access port or the trunk port according to the preset rule and the first specified byte information, and the slave switch redirects the untagged message to the second specified byte according to the preset rule and the second specified byte. The second access port, the preset rule is set for the primary switch and the secondary switch using the access control list ACL on the first uplink port and the second uplink port.
下面结合本发明的可选实施例对本发明进行举例说明。The invention is exemplified below in conjunction with alternative embodiments of the invention.
本可选实施例提供了一种集中管理IT设备的方法,根据IT设备与switch的连接位置分配IP地址,用户根据IT设备的IP地址就可以确定IT设备连接switch的具体端口。The optional embodiment provides a method for centrally managing an IT device. The IP address is assigned according to the connection location of the IT device and the switch, and the user can determine the specific port of the IT device connected to the switch according to the IP address of the IT device.
本可选实施例还提供了一种IT设备集中管理平台,该平台包括:上位机,该上位机中驻留了DHCP server和管理后台;主switch,设置为采用千兆以太网交换机,提供若干个1000M/100M自适应以太网口,支持VLAN、QinQ、ACL等功能;从switch, 设置为采用百兆以太网交换机,提供若干个100M自适应以太网口和至少1个1000M/100M自适应以太网口,支持VLAN、ACL等功能;IT设备,设置为提供至少1个1000M/100M自适应以太网口。The optional embodiment further provides a centralized management platform for an IT device, the platform includes: a host computer, where the DHCP server and the management background reside; the main switch is configured to adopt a Gigabit Ethernet switch, and provides a plurality of 1000M/100M adaptive Ethernet port, supporting VLAN, QinQ, ACL and other functions; from switch, It is configured to use a 100M Ethernet switch and provides several 100M adaptive Ethernet ports and at least one 1000M/100M adaptive Ethernet port to support VLAN and ACL functions. IT equipment is set to provide at least one 1000M/100M. Adaptive Ethernet port.
在本可选实施例中主switch的一个端口连接上位机,其余端口可以直接连接IT设备。当IT设备数量超过主switch端口总数时,主switch通过连接从switch扩展端口。例如,主switch的端口总数为N,则最多直接连接N-1个IT设备;若全部连接从switch,每个从switch有M个端口,可以连接(M-1)个IT设备,则整个系统最多可以管理(N-1)*(M-1)个IT设备。In this alternative embodiment, one port of the main switch is connected to the upper computer, and the remaining ports can be directly connected to the IT device. When the number of IT devices exceeds the total number of primary switch ports, the primary switch connects to the port through the switch. For example, if the total number of ports on the primary switch is N, the maximum number of N-1 IT devices can be directly connected. If all switches are connected to the switch and each switch has M ports, you can connect (M-1) IT devices. Up to (N-1)*(M-1) IT devices can be managed.
此外,IT设备预先烧结向IEEE申请唯一的MAC地址,使用动态主机配置协议(Dynamic Host Configuration简称为DHCP)协议从DHCP server获取ip地址,此时每个IT设备的ip地址不一样。In addition, the IT device pre-sintering requests a unique MAC address from the IEEE, and uses the Dynamic Host Configuration (DHCP) protocol to obtain an ip address from the DHCP server. At this time, the IP address of each IT device is different.
本可选实施例采用的技术方案包括如下步骤:The technical solution adopted by this alternative embodiment includes the following steps:
步骤S302:主switch与上位机、从switch或者IT设备相连接,主switch完成VLAN、QinQ、ACL等配置;Step S302: The primary switch is connected to the upper computer, the switch, or the IT device, and the primary switch completes configurations such as VLAN, QinQ, and ACL.
步骤S304:从switch与IT设备相连接,完成VLAN、ACL等配置;Step S304: Connect the switch from the IT device to complete the configuration of the VLAN and the ACL.
步骤S306:IT设备使用DHCP请求报文向DHCP server请求IP地址;Step S306: The IT device requests an IP address from the DHCP server by using a DHCP request message.
步骤S308:上位机DHCP server接收IT设备的请求报文,确定IT设备连接switch的端口号,为IT设备分配IP地址;Step S308: The DHCP server of the host computer receives the request message of the IT device, determines the port number of the IT device connected to the switch, and allocates an IP address for the IT device;
步骤S310:上位机管理后台启动对IT设备的集中管理。Step S310: The upper computer management background starts centralized management of the IT equipment.
步骤S302中,主switch的任意网口连接上位机,为了实现端口编号的连续性,建议主switch最小号端口(譬如1号)或者最大号端口(譬如24口交换机的24号)连接上位机。In step S302, any network port of the main switch is connected to the host computer. To achieve continuity of the port number, it is recommended that the port of the primary switch (such as No. 1) or the port of the largest port (such as No. 24 of the 24-port switch) be connected to the host computer.
主switch连接上位机的端口称为uplink端口,并划分VLAN,设置为trunk模式,启用QinQ,设置ACL规则。主switch连接IT设备的端口称为access端口,划分VLAN,设置为access模式,不启用QinQ;主switch连接从switch的端口称为trunk端口,划分VLAN,设置为trunk模式,启用QinQ。The port of the main switch connected to the host computer is called the uplink port, and is divided into VLANs. It is set to trunk mode, QinQ is enabled, and ACL rules are set. The port on which the main switch is connected to the IT device is called the access port. The VLAN is set to access mode. QinQ is not enabled. The port connected to the switch from the switch is called the trunk port. The VLAN is divided into trunk mode and QinQ is enabled.
VLAN划分包括:uplink端口、access端口或者trunk端口,其PVID与端口号一致,并且uplink端口与每一个access端口或者trunk端口都加入同一个VLAN。例如, 24口switch的24号端口连接上位机,1号至23号端口连接23个从switch或者IT设备,则1号至23号端口的PVID分别为VLAN1至VLAN23,24号端口的PVID为24,并同时归属VLAN1至VLAN23。The VLAN is divided into: uplink port, access port, or trunk port. The PVID is the same as the port number, and the uplink port is added to the same VLAN as each access port or trunk port. E.g, Port 24 of the 24-port switch is connected to the host computer, and ports 1 to 23 are connected to 23 slave switches or IT devices. The PVIDs of ports 1 to 23 are VLAN 1 to VLAN 23, respectively, and the PVID of port 24 is 24, and It belongs to VLAN1 to VLAN23 at the same time.
启用QinQ包括trunk端口设置为QinQ的customer端口类型,uplink端口设置为QinQ的uplink端口类型。Enable QinQ, including the customer port type with the trunk port set to QinQ, and the uplink port type set to the QinQ uplink port type.
uplink端口设置ACL规则,根据untag报文目的IP地址特征字段重定向到目标access端口或者trunk端口。The uplink port sets an ACL rule to redirect to the target access port or trunk port according to the destination IP address of the untag packet.
步骤S304中,从swith的GE口连接主switch,其余FE口任意连接IT设备。为了实现端口编号的连续性,建议从switch最小号端口譬如1号或者最大号端口例如24口交换机的24号连接主switch。In step S304, the GE switch is connected to the main switch, and the remaining FE ports are connected to the IT device. To implement port number continuity, you are advised to connect the primary switch from the port number of the switch, such as the number 1 or the port of the largest port, such as port 24 of the 24-port switch.
从switch连接主switch的端口称为uplink端口,划分VLAN,设置为trunk模式,设置ACL规则;从switch连接IT设备的端口称为access端口,划分VLAN,设置为access模式;从switch上uplink端口和access端口均不启用QinQ。The port that connects the switch from the switch is called the uplink port. The VLAN is set to the trunk mode and the ACL rule is set. The port that connects the IT device from the switch is called the access port, and the VLAN is set to access mode. The uplink port is switched from the switch. QinQ is not enabled on the access port.
VLAN划分包括:uplink端口、access端口的PVID与端口号一致,并且uplink端口与每一个access端口都加入同一个VLAN。譬如,24FE+2GE switch的GE1(25号)端口连接上位机,1号至24号端口连接24个IT设备,则1号至24号的PVID分别为VLAN 1至VLAN 24,25号端口的PVID为VLAN 25,并同时归属到VLAN 1至VLAN 24。The VLAN division includes: the uplink port and the PVID of the access port are the same as the port number, and the uplink port and each access port are added to the same VLAN. For example, the GE1 (25) port of the 24FE+2GE switch is connected to the host computer, and the ports 1 to 24 are connected to 24 IT devices. The PVIDs of the 1st to the 24th are the PVID of the port 1 to VLAN 24 and the port 25 respectively. It is VLAN 25 and is also assigned to VLAN 1 to VLAN 24.
uplink端口设置ACL规则,根据untag报文目的IP地址特征字段重定向到目标access端口。The uplink port sets an ACL rule and redirects to the target access port according to the destination IP address of the untag packet.
步骤S306中,IT设备向上位机发送DHCP请求报文,若IT设备连接主switch,只携带了一个VLAN标签,VLAN为主switch连接IT设备的access端口号。若IT设备连接从switch,携带两个VLAN标签,其中内层VLAN标签携带的VLAN为从switch连接IT设备的access端口号,外层VLAN标签携带的VLAN为主switch连接从switch的trunk端口号。In step S306, the IT device sends a DHCP request message to the host computer. If the IT device is connected to the main switch, only one VLAN tag is carried, and the VLAN is the access port number of the IT switch connected to the IT device. If the IT device is connected to the switch, it carries two VLAN tags. The VLAN carried by the inner VLAN tag is the access port number of the IT device connected to the switch. The VLAN carried by the outer VLAN tag is the trunk port number of the switch connected to the switch.
步骤S308中,DHCP Server提取IT设备所发DHCP请求报文携带的VLAN标签。若只有一个VLAN标签,提取该VLAN标签携带的VLAN标记为access端口号(此时为主switch的access端口)。若有两个VLAN标签,提取外层VLAN标签携带的 VLAN标记为trunk端口号(此时为主switch的trunk端口号),提取内层VLAN标签携带的VLAN标记为IT设备的access端口号(此时为从switch的access端口)。In step S308, the DHCP server extracts the VLAN tag carried in the DHCP request packet sent by the IT device. If there is only one VLAN tag, the VLAN tag carried by the VLAN tag is extracted as the access port number (the access port of the primary switch at this time). If there are two VLAN tags, extract the packets carried by the outer VLAN tag. The VLAN is marked as the trunk port number (the trunk port number of the primary switch at this time), and the VLAN tag carried by the inner VLAN tag is extracted as the access port number of the IT device (in this case, the access port of the slave switch).
DHCP Server根据VLAN标签携带的trunk端口号和access端口号分配IT设备的IP地址和子网掩码,IP地址的第3个字节填写从switch的access端口号,第4个字节填写主switch的access端口号或者trunk端口号。The DHCP server allocates the IP address and subnet mask of the IT device according to the trunk port number and the access port number carried in the VLAN tag. The third byte of the IP address is filled in from the access port number of the switch, and the fourth byte is filled in the main switch. Access port number or trunk port number.
步骤S310中,管理后台显示IT设备的IP地址,用户根据IP地址就可以确定IT设备的位置。管理后台向IT设备发送管理报文,管理报文根据需要可以为untag报文或者tag报文。IT设备向上位机发送的报文是untag报文。In step S310, the management background displays the IP address of the IT device, and the user can determine the location of the IT device according to the IP address. The management background sends management packets to the IT device. The management packets can be untagged or tagged as required. The message sent by the IT device to the host computer is an untagged message.
通过本可选实施例,使用基本的VLAN、QinQ、ACL等技术即巧妙地确定了IT设备与switch端口的连接关系,并使用这种连接关系动态分配IT设备的IP地址中,使得用户根据IT设备的IP地址就能方便地确定IT设备的位置。此外,上位机与每个IT设备在一个单独的VLAN域中完成消息交互,比常见的一个广播域更加安全可靠。当主switch端口数不能满足管理需求时,可以通过从switch来扩展端口。With this optional embodiment, the basic VLAN, QinQ, ACL, and other technologies are used to skillfully determine the connection relationship between the IT device and the switch port, and use this connection relationship to dynamically allocate the IP address of the IT device, so that the user according to the IT The IP address of the device makes it easy to determine the location of the IT device. In addition, the host computer and each IT device complete message interaction in a single VLAN domain, which is more secure and reliable than a common broadcast domain. When the number of primary switch ports cannot meet the management requirements, you can expand the ports by using the switch.
下面结合附图对技术方案的实施作进一步的详细描述:The implementation of the technical solution will be further described in detail below with reference to the accompanying drawings:
图6是根据本发明可选实施例的IT设备集中管理平台结构框图,如图6所示,上位机驻留管理后台和DHCP server,其中DHCP server设置为给IT设备分配IP地址、子网掩码;管理后台是对IT设备进行集中管理的软件平台。上位机通常采用windows操作系统,有可能默认过滤掉VLAN标签,此时需要在网卡属性中使能VLAN功能。6 is a structural block diagram of a centralized management platform for an IT device according to an alternative embodiment of the present invention. As shown in FIG. 6, the host computer resides in a management background and a DHCP server, wherein the DHCP server is configured to allocate an IP address and a subnet mask to the IT device. Code; management background is a software platform for centralized management of IT equipment. The upper computer usually uses the Windows operating system. It is possible to filter out the VLAN tag by default. In this case, you need to enable the VLAN function in the NIC properties.
主switch采用千兆以太网交换机(GE switch),之所以采用GE switch,首先,一个上位机集中管理多个IT设备,上行流量大,因此连接上位机的端口至少是千兆带宽(GE)。其次,主switch的端口不够用的时候,需要再级联从switch扩展端口,单个IT设备的管理流量用百兆网口(FE)就可以满足,从降低成本考虑,从switch选用FE switch,但是连接主switch的端口是GE,一方面确保从switch的有足够的上行带宽,另一方面不占用FE端口号,使得IT设备能够连续编号。当然,在经过评估uplink端口流量不超过百兆的情况下,从switch也可以使用FE端口连接主switch。The main switch uses a GE switch. The GE switch is used. First, a host computer centrally manages multiple IT devices, and the upstream traffic is large. Therefore, the port connected to the host computer is at least Gigabit bandwidth (GE). Secondly, when the port of the main switch is not enough, it needs to be cascaded from the switch expansion port. The management traffic of a single IT device can be satisfied with a 100M network port (FE). From the cost reduction, the FE switch is selected from the switch. The port connected to the primary switch is GE. On the one hand, it ensures that there is enough upstream bandwidth from the switch, and on the other hand, it does not occupy the FE port number, so that IT devices can be serially numbered. Of course, in the case that the uplink traffic of the uplink port is not more than 100 megabytes, the switch can also use the FE port to connect to the primary switch.
主switch的access端口为access模式,出向是untag模式,即发给IT设备的是untag报文。主switch的uplink端口和trunk端口都为trunk模式,其中,uplink端口的出向为tag模式,即主switch发给上位机的报文不剥离VLAN标签;trunk端口的出向为untag模式,即主switch发给从switch的报文剥离VLAN标签。 The access port of the main switch is in access mode, and the outbound mode is untag mode. That is, the untag message is sent to the IT device. The uplink port and the trunk port of the main switch are in the trunk mode. The outgoing port of the uplink port is in the tag mode. That is, the packets sent by the master switch to the host computer do not strip the VLAN tags. The outgoing port of the trunk port is in the untag mode. Strip the VLAN tag from the packet from the switch.
从switch上access端口收发都是untag报文。uplink端口是trunk模式,出向为tag模式,即从switch发给主switch的报文携带VLAN标签;The receiving and receiving ports on the switch are all untagged packets. The uplink port is in the trunk mode, and the outgoing port is in the tag mode, that is, the packet sent from the switch to the primary switch carries the VLAN tag.
图6中主switch的VLAN划分如表1所示:The VLAN division of the primary switch in Figure 6 is as shown in Table 1:
表1Table 1
端口号The port number 端口VLAN(PVID)Port VLAN (PVID) 归属VLAN Home VLAN
GE1GE1 11 11
GE2 GE2 22 22
GEn-1GEn-1 n-1N-1 n-1N-1
GEn GEn nn 1至n1 to n
图6中从switch的VLAN划分如表2所示:Figure 2 shows the VLAN division from the switch as shown in Table 2:
表2Table 2
端口号The port number 端口VLAN(PVID)Port VLAN (PVID) 归属VLAN Home VLAN
FE1FE1 11 11
FEnFEn nn nn
GE1GE1 n+1n+1 1至n+11 to n+1
图7是本发明可选实施例的报文的格式示意图,如图7所示,主switch只在uplink端口和trunk端口上启用QinQ,access端口不启用QinQ。主switch的access端口连接的IT设备发出的untag报文到达上位机时只有一层VLAN标签(single vlan tag),此VLAN标签是主switch内部打的标签,VLAN就是access端口号。从switch的access端口连接的IT设备发出的报文到达上位机时有两层VLAN标签(double vlan tag),其中inner VLAN TAG是从switch打的内层标签,VLAN是从switch的access端口号,outer VLAN TAG是主switch的QinQ功能打的外层标签,VLAN是主switch的trunk端口号。为了便于区分,外层VLAN标签的TPID通常设置为0x9100。7 is a schematic diagram of a format of a packet according to an optional embodiment of the present invention. As shown in FIG. 7, the primary switch only enables QinQ on the uplink port and the trunk port, and the access port does not enable QinQ. The untag packet sent by the IT device connected to the access port of the main switch has only one VLAN tag (single vlan tag). The VLAN tag is the internal tag of the main switch. The VLAN is the access port number. The packet sent from the IT device connected to the access port of the switch has two VLAN tags (double vlan tag). The inner VLAN tag is the inner tag of the switch, and the VLAN is the access port number of the switch. The outer VLAN TAG is the outer label of the QinQ function of the primary switch. The VLAN is the trunk port number of the primary switch. For easy differentiation, the TPID of the outer VLAN tag is usually set to 0x9100.
此外,图7所示IP地址为上位机分配给IT设备的算法,本可选实施例采用的子网掩码是255.0.0.0.IP地址的BYTE1为自定义网络地址,BYTE2为IT设备私有信息,用于记录IT设备的特有标志,该字段不强制使用,可在特点场合下体现IT设备的私有特征,譬如可以记录磁阵双控的槽位号(Slot ID)。BYTE3和BYTE4表示IT设备连接switch的端口位置信息,当BYTE3为非0时,表示从switch的access端口号,BYTE4表示主switch的trunk端口号,此时IT设备连接在从switch的access端口上;当BYTE3为0时,此时BYTE3不表示从switch上的具体端口号,BYTE4是主switch的access端口号,此时IT设备连接在主switch的access端口上。需要注意的是IP地址最后一个字节不能为0或者255,因此对内层VLAN标签的VLAN取值范围做了限制,只能 取1至254。图4中的D4的IP地址分配为130.0.4.2,子网掩码为255.0.0.0。假设D4连接的是主switch的GE2,则IP地址为130.0.0.2。In addition, the IP address shown in FIG. 7 is an algorithm for the upper computer to allocate to the IT device. The subnet mask used in the alternative embodiment is 255.0.0.0. The BYTE1 of the IP address is a custom network address, and BYTE2 is a private information of the IT device. It is used to record the unique identifier of the IT device. This field is not mandatory. It can reflect the private characteristics of the IT device in the characteristic case. For example, the slot number of the magnetic array dual control can be recorded. BYTE3 and BYTE4 indicate the port location information of the IT device connected to the switch. When BYTE3 is non-zero, it indicates the access port number of the switch, and BYTE4 indicates the trunk port number of the main switch. At this time, the IT device is connected to the access port of the slave switch. When BYTE3 is 0, BYTE3 does not indicate the specific port number on the switch. BYTE4 is the access port number of the primary switch. The IT device is connected to the access port of the primary switch. Note that the last byte of the IP address cannot be 0 or 255. Therefore, the VLAN range of the inner VLAN tag is limited. Take 1 to 254. The IP address of D4 in Figure 4 is assigned as 130.0.4.2 and the subnet mask is 255.0.0.0. Assuming that D4 is connected to GE2 of the primary switch, the IP address is 130.0.0.2.
图8是根据本发明可选实施例的上位机与IT设备通信时的报文封装示意图,如图8所示,IT设备D4发给上位机的报文称为上行报文,上位机发给IT设备D4的报文称为下行报文。IT设备D4发出的上行报文是untag报文,从switch在access口FE4设置PVID为4,并且GE3和FE4都加入了VLAN 4。上行报文的目的MAC为上位机的MAC地址MAC1,从switch在FE4接收到报文后打上VLAN标签,携带了VLAN4。从switch在trunk口GE3设置的PVID为3,出向报文携带的VLAN4与PVID不一致,因此GE3发出的报文仍然携带了VLAN 4。主switch在GE2设置的PVID为2,并且使能了QinQ customer端口类型,上行报文在GE2接收到报文后打上外层VLAN标签,携带了VLAN 2。主switch在GE1使能了QinQ uplink端口类型,GE1发出的报文携带了两个VLAN标签。上位机通过提取QinQ报文的两个VLAN标签就确定了IT设备D4的位置是主switch的GE2连接的从switch的FE4,然后根据两个VLAN标签分配D4的IP地址。FIG. 8 is a schematic diagram of packet encapsulation when the host computer communicates with the IT device according to an alternative embodiment of the present invention. As shown in FIG. 8 , the packet sent by the IT device D4 to the upper computer is called an uplink packet, and the upper computer sends the packet to the upper device. The packet of the IT device D4 is called a downlink packet. The uplink packet sent by the IT device D4 is an untagged packet. The switch sets the PVID to 4 on the access interface FE4, and both GE3 and FE4 join VLAN 4. The destination MAC address of the uplink packet is the MAC address MAC1 of the host computer. After the switch receives the packet from the FE4, it puts a VLAN tag and carries VLAN 4. The PVID set on the trunk interface GE3 is 3, and the VLAN 4 and the PVID carried in the outgoing packets are inconsistent. Therefore, the packets sent by GE3 still carry VLAN 4. The PVID of the master switch is set to 2, and the QinQ customer port type is enabled. After receiving the packet, the uplink packet is tagged with the outer VLAN tag and carries VLAN 2. The primary switch has enabled the QinQ uplink port type on GE1. The packets sent by GE1 carry two VLAN tags. By extracting the two VLAN tags of the QinQ packet, the host computer determines that the location of the IT device D4 is the FE4 of the slave switch of the GE2 of the primary switch, and then assigns the IP address of the D4 according to the two VLAN tags.
由于上位机采用windows商用操作系统,受网卡类型、第三方软件等因素限制,通常不能直接发出tag报文,有些网卡即使可以发出tag报文,也不能支持网卡加入多个VLAN,只有高端网卡才能支持Vlan trunk功能。虽然上位机发出untag报文的情况更为普遍,但是上位机也可以通过安装VMware虚拟机、采用支持VLAN Trunk功能的高端网卡等手段发出tag报文。本发明不限制上位机发出untag报文或者tag报文,两种方式都能支持。前者对上位机软硬件配置要求低,通用性强,但是需要对switch进行较多的配置。后者对上位机软硬件配置要求较高,但下行报文在switch内部完全按照QinQ流程转发,对switch的配置较少。Because the upper computer adopts the Windows commercial operating system, which is limited by the network card type and third-party software, it is usually not possible to directly send tag messages. Some network cards cannot support the network card to join multiple VLANs even if they can send tag messages. Only high-end network cards can Support Vlan trunk function. Although the upper machine sends out untag packets more commonly, the host computer can also send tag messages by installing VMware virtual machines and adopting high-end network cards that support VLAN trunking. The invention does not limit the sending of untag messages or tag messages by the upper computer, and both modes can be supported. The former has low requirements on the software and hardware configuration of the host computer and is highly versatile, but requires more configuration of the switch. The latter has higher requirements on the software and hardware configuration of the host computer. However, the downlink packets are forwarded completely in the QinQ process within the switch, and the configuration of the switch is less.
上位机发出的下行报文在各节点的封装如图8所示,若上位机发出的是tag报文,又分为两种情况:若发给主switch的access端口,只需要封装一层VLAN标签,携带的VLAN为主switch的access端口号;若发给从switch的access端口,则需要封装两层VLAN标签,其中外层VLAN标签携带的VLAN为主switch的trunk端口号,内层VLAN标签携带的VLAN为从switch的access端口号。tag报文在主switch和从switch内部完全遵循QinQ uplink端口发给customer端口的转发流程。例如图8中,下行报文携带两层VLAN标签,主switch在GE1接收到下行报文,发现是tag报文,不会触发ACL规则,此时按照外层VLAN所在VLAN域转发到GE2,GE2为customer端口类型,因此GE2发出的报文剥离外层VLAN标签。从switch在GE3接收到下行 报文,发现是tag报文,不会触发ACL规则,此时按照内层VLAN所在VLAN域转发到FE4,FE4是access端口类型,因此FE4发出的报文剥离内层VLAN标签。The packet sent by the host computer is encapsulated in each node as shown in Figure 8. If the host sends a tag packet, it is divided into two cases: if it is sent to the access port of the master switch, only one VLAN is required to be encapsulated. The tag carries the VLAN as the access port number of the primary switch. If it is sent to the access port of the switch, it needs to encapsulate two VLAN tags. The VLAN carried by the outer VLAN tag is the trunk port number of the primary switch, and the inner VLAN tag. The carried VLAN is the access port number of the slave switch. The tag packet is forwarded to the customer port by the QinQ uplink port in the master switch and the slave switch. For example, in Figure 8, the downlink packet carries two VLAN tags. The master switch receives the downlink packet on GE1 and finds that it is a tag. The ACL rule is not triggered. In this case, the VLAN is forwarded to GE2 and GE2 according to the VLAN domain of the outer VLAN. The value is the customer port type. Therefore, the packets sent by GE2 are stripped of the outer VLAN tag. Received the downlink from the switch on GE3 If the packet is found to be a tagged packet, the ACL rule will not be triggered. In this case, the VLAN domain of the inner VLAN is forwarded to the FE4. The FE4 is the access port type. Therefore, the packets sent by the FE4 are stripped of the inner VLAN tag.
若上位机发出的是untag报文,从switch在uplink口也只能接收到untag报文,主switch和从switch在uplink端口打的VLAN标签携带的VLAN为PVID,因此主switch和从switch的L2表在uplink端口只有上位机MAC加上PVID的条目,存在两个问题。问题一:上行报文查找L2表找不到上位机对应access端口归属VLAN的条目,只能在VLAN域中广播,虽然也能从uplink端口发出,但是可能因switch对广播报文的限速导致丢包;问题二:因为uplink端口的PVID与access端口的PVID不在同一个VLAN域,下行报文找不到转发端口会丢弃。If the host sends an untagged packet, the switch can only receive the untagged packet from the switch. The VLANs carried by the primary switch and the VLAN tag that the switch uses on the uplink port are PVIDs. Therefore, the primary switch and the slave switch L2. The table has only the host MAC address plus the PVID entry on the uplink port. There are two problems. Problem 1: The upstream packet search L2 table cannot find the entry of the access port's corresponding VLAN to the host computer. It can only be broadcast in the VLAN domain. Although it can be sent from the uplink port, the switch may limit the rate of broadcast packets. Packet loss; Question 2: Because the PVID of the uplink port is not in the same VLAN domain as the PVID of the access port, the downstream packets cannot be forwarded.
对于问题一,需要在主从switch的L2表中添加uplink口条目,手动添加的条目都是静态条目,不会老化,确保上位机MAC和所有access端口和trunk端口都有对应的条目。图8中主从switch在uplink口添加的条目如表3所示:For the first problem, you need to add the uplink port entry in the L2 table of the master-slave switch. The manually added entries are static entries and will not age. Ensure that the host MAC and all access ports and trunk ports have corresponding entries. The entries added by the master-slave switch on the uplink port in Figure 8 are shown in Table 3:
表3table 3
端口port MACMAC VLAN VLAN
GE1GE1
MAC1MAC1 22
GE3 GE3 MAC1MAC1 44
例如24GE switch连接了23个IT设备或者从switch,uplink端口对每个access端口或者trunk端口的归属VLAN都有一个条目,则共需要手动添加23个条目。For example, if the 24GE switch is connected to 23 IT devices or from the switch, the uplink port has an entry for each access port or the home VLAN of the trunk port, you need to manually add 23 entries.
对于问题二,需要设置ACL规则重定向到目标端口。具体实施方法:主switch在uplink口设置了ACL规则,根据untag报文目的IP地址的BYTE4(非零值)重定向到对应端口。GE2发出的报文是untag报文,因此从switch也需要在uplink口设置ACL规则,根据untag报文目的IP地址的BYTE3(非零值)重定向到对应端口。图8中主从switch在uplink口设置的ACL规则如表4所示:For problem two, you need to set the ACL rule to redirect to the target port. The implementation method is as follows: The primary switch sets an ACL rule on the uplink port, and redirects to the corresponding port according to the BYTE4 (non-zero value) of the destination IP address of the untag packet. The packet sent by GE2 is an untagged packet. Therefore, the switch also needs to set an ACL rule on the uplink port to redirect the port to the corresponding port according to the BYTE3 (non-zero value) of the destination IP address of the untagged packet. The ACL rules set by the master and slave switches on the uplink port in Figure 8 are as shown in Table 4:
表4Table 4
PortPort RuleRule ActionAction
GE1GE1 untag、DIP=X.X.X.2(X表示掩码)Untag, DIP=X.X.X.2 (X indicates mask) Redirect to port 2Redirect to port 2
GE3GE3 untag、DIP=X.X.4.X(X表示掩码)Untag, DIP=X.X.4.X (X indicates mask) Redirect to port 4Redirect to port 4
例如24GE switch连接了23个IT设备或者从switch,uplink端口对每个access端口或者trunk端口都建立重定向规则,则共需建立23条ACL规则。For example, if a 24GE switch is connected to 23 IT devices or a redirection rule is established for each access port or trunk port from the switch and uplink port, a total of 23 ACL rules need to be established.
本可选实施例的采用星型组网,因为QinQ只能携带两个VLAN标签,所以switch的级联深度只能是二级,不支持从switch继续级联switch。按图6所示的管理平台, 若主switch采用24GE switch,从switch采用24FE+2GE switch,本发明最大支持同时管理552个IT设备,足够满足集中管理需求。In this embodiment, the star network is used. Because the QinQ can only carry two VLAN tags, the cascading depth of the switch can only be the second level. It is not supported to continue the cascade switch from the switch. According to the management platform shown in Figure 6, If the main switch adopts 24GE switch and the switch uses 24FE+2GE switch, the present invention supports up to 552 IT devices at the same time, which is sufficient for centralized management.
本可选实施例上位机的DHCP server未采用根据MAC地址分配IP地址的标准的DHCP流程,而是根据VLAN分配IP地址,图9是根据本发明可选实施例的上位机根据VLAN分配IP地址的处理方法流程图,如图9所示,侦听到DHCP请求报文后,分析是否携带VLAN标签,如果是untag报文,不处理;如果是tag报文,进一步分析如果是double vlan tag,提取外层vlan为主switch的trunk端口号,提取内层vlan为从switch的access端口号;如果是single tag,提取vlan为主switch的access端口号。最后根据图7所示IP地址算法分配IT设备的IP地址,填写DHCP应答报文。In this alternative embodiment, the DHCP server of the upper computer does not adopt the standard DHCP process for assigning an IP address according to the MAC address, but assigns an IP address according to the VLAN. FIG. 9 is an example. The upper computer allocates an IP address according to the VLAN according to an optional embodiment of the present invention. Flowchart of the processing method, as shown in Figure 9, after detecting the DHCP request message, analyze whether to carry the VLAN tag. If it is an untagged message, it will not process it; if it is a tag message, further analysis is if it is a double vlan tag. Extract the trunk port number of the outer vlan as the primary switch, and extract the internal vlan as the access port number of the switch; if it is a single tag, extract the access port number of the vlan as the primary switch. Finally, according to the IP address algorithm shown in FIG. 7, the IP address of the IT device is allocated, and the DHCP response message is filled in.
图10是根据本发明可选实施例的集中管理磁阵的示意图,如图10所示,磁阵的主柜通常有两个控制器槽位,可插入两个控制器单板,磁阵主柜双控制器Slot ID分别为0和1。如果每个控制器接一个switch的access端口,势必减少switch连接的小型机框数量。本发明对这种场景也提出一种减少switch端口浪费的方法。access端口再接一个集线器(HUB),每个机框的所有单板都连接到HUB上,这样一个机框只占用一个switch的端口。HUB上所有端口都在一个广播域,无需配置就可以转发,相比switch更廉价,更方便,非常适合于连接小型机框。具体实施方法为:IT设备在DHCP请求报文的vender information字段中携带单板的Slot ID,DHCP server提取Slot ID,填入图3所示IP地址的BYTE2。图6所示为管理磁阵的示意图,主switch的GE1和从switch的FE2各连接一个HUB,磁阵主控柜A连接HUB1,磁阵主控柜B连接HUB2,则磁阵主控柜A的slot0对应的IP地址为130.0.0.1,slot1对应的IP地址为130.1.0.1。磁阵主控柜B的slot0对应的IP地址为130.0.1.2,slot1对应的IP地址为130.1.1.2。通过这种方式,可以集中管理更多的磁阵。10 is a schematic diagram of a centralized management of a magnetic array according to an alternative embodiment of the present invention. As shown in FIG. 10, the main cabinet of the magnetic array usually has two controller slots, which can be inserted into two controller boards, and the magnetic array main The cabinet dual controller Slot IDs are 0 and 1, respectively. If each controller is connected to a switch access port, it is bound to reduce the number of small chassis connected to the switch. The present invention also proposes a method for reducing the waste of the switch port for this scenario. The access port is connected to a hub (HUB), and all the boards in each chassis are connected to the HUB, so that one chassis only occupies one switch port. All ports on the HUB are in a broadcast domain and can be forwarded without configuration. It is cheaper and more convenient than switch, and is very suitable for connecting small chassis. The specific implementation method is as follows: the IT device carries the Slot ID of the board in the vender information field of the DHCP request message, and the DHCP server extracts the Slot ID and fills in the BYTE2 of the IP address shown in FIG. 3. Figure 6 shows a schematic diagram of managing a magnetic array. GE1 of the main switch and FE2 of the switch are connected to each HUB. The main control cabinet A of the magnetic array is connected to HUB1, and the main control cabinet B of the magnetic array is connected to HUB2. The main control cabinet of the magnetic array is A. The IP address corresponding to slot 0 is 130.0.0.1, and the IP address corresponding to slot 1 is 130.1.0.1. The IP address corresponding to slot 0 of the magnetic array main control cabinet B is 130.0.1.2, and the IP address corresponding to slot 1 is 130.1.1.2. In this way, more magnetic arrays can be managed centrally.
综上所述,本可选实施例提供了一种对IT设备进行集中管理的方法,使用double vlan携带IT设备连接switch的端口号,并根据端口号设置IT设备的IP地址,使得用户根据IT设备的IP地址即可方便的确定具体位置,只要对switch进行相关的配置,无需改动IT设备和上位机即可实现集中管理,极大地提高了管理效率。In summary, the optional embodiment provides a method for centralized management of an IT device, using a double vlan to carry the port number of the IT device connected to the switch, and setting the IP address of the IT device according to the port number, so that the user according to the IT The IP address of the device can be used to determine the specific location. As long as the switch is configured, centralized management can be realized without changing the IT device and the host computer, which greatly improves the management efficiency.
上述仅为本发明的可选实施例而已,并不用于限制本发明,对于本领域的技术人员来说,本发明可以有各种更改和变化。凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。 The above is only an alternative embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes can be made to the present invention. Any modifications, equivalent substitutions, improvements, etc. made within the spirit and scope of the present invention are intended to be included within the scope of the present invention.
工业实用性Industrial applicability
如上所述,本发明实施例提供的一种信息技术IT设备端口的确定方法及装置,具有以下有益效果:解决了相关技术中只能通过手动记录IP地址在switch的端口位置来确定IT设备的具体位置的问题,使得用户根据IT设备的IP地址就能方便地确定IT设备的位置。 As described above, the method and apparatus for determining the port of the information technology IT device provided by the embodiment of the present invention have the following beneficial effects: the related art can only determine the IT device by manually recording the IP address at the port position of the switch. The specific location problem allows the user to easily determine the location of the IT device based on the IP address of the IT device.

Claims (10)

  1. 一种信息技术IT设备端口的确定方法,包括:A method for determining an IT device IT port includes:
    上位机接收所述IT设备发送的请求报文,其中,所述请求报文中携带有所述IT设备与交换机连接的端口标识信息;Receiving, by the upper computer, the request message sent by the IT device, where the request message carries port identification information that is connected between the IT device and the switch;
    所述上位机在为所述IT设备分配的IP地址中设置所述端口标识信息;The host computer sets the port identification information in an IP address assigned to the IT device;
    所述上位机将设置有所述端口标识信息的IP地址呈现给用户。The host computer presents an IP address provided with the port identification information to the user.
  2. 根据权利要求1所述的方法,其中,The method of claim 1 wherein
    在所述交换机只包括:主交换机时,所述端口标识信息包括:第一端口标识信息,其中,所述第一端口标识信息为所述主交换机与所述IT设备连接的端口标识信息;When the switch includes only the master switch, the port identifier information includes: first port identifier information, where the first port identifier information is port identifier information that is connected between the master switch and the IT device;
    在所述交换机包括主交换机和从交换机时,所述端口标识信息包括:第二端口标识信息、第三端口标识信息和/或所述第一端口标识信息,其中,所述第二端口标识信息包括:所述主交换机与从交换机连接的端口标识信息,所述第三端口标识信息包括:所述IT设备与所述从交换机连接的端口标识信息。When the switch includes a master switch and a slave switch, the port identifier information includes: second port identifier information, third port identifier information, and/or the first port identifier information, where the second port identifier information The device includes: port identification information that is connected between the master switch and the slave switch, and the third port identifier information includes: port identifier information that is connected between the IT device and the slave switch.
  3. 根据权利要求2所述的方法,其中,所述上位机在为所述IT设备分配的IP地址中设置所述端口标识信息包括:The method of claim 2, wherein the setting, by the host computer, the port identification information in an IP address assigned to the IT device comprises:
    在所述交换机只包括主交换机时,所述上位机将所述第一端口标识信息写入所述IP地址的第一指定字节;When the switch includes only the master switch, the host computer writes the first port identifier information into a first designated byte of the IP address;
    在所述交换机包括主交换机和从交换机时,所述上位机将所述第二端口标识信息写入所述IP地址的所述第一指定字节、将所述第三端口标识信息写入所述IP地址的第二指定字节和/或将所述第一端口标识信息写入所述IP地址的第一指定字节。When the switch includes a master switch and a slave switch, the host computer writes the second port identifier information into the first designated byte of the IP address, and writes the third port identifier information into the Decoding a second specified byte of the IP address and/or writing the first port identification information to a first designated byte of the IP address.
  4. 根据权利要求3所述的方法,其中,The method of claim 3, wherein
    在所述交换机只包括主交换机时,所述主交换机的端口包括:第一上行uplink端口、第一接入access端口,其中,所述主交换机通过所述uplink端口与所述上位机连接,所述主交换机通过所述access端口与所述IT设备连接,所述第一端口标识信息为所述access端口标识信息; When the switch includes only the master switch, the port of the master switch includes: a first uplink uplink port and a first access port, wherein the master switch is connected to the host computer through the uplink port. The master switch is connected to the IT device by using the access port, where the first port identifier information is the access port identifier information;
    在所述交换机包括:主交换机和从交换机时,所述主交换机的端口包括:所述第一上行uplink端口、所述第一接入access端口以及中继trunk端口,所述从交换机的端口包括:第二上行uplink端口和第二接入access端口,其中,所述主交换机的所述trunk端口与所述从交换机的所述第二上行uplink端口连接,所述从交换机通过所述第二接入access端口与IT设备连接,所述第二端口标识信息为所述trunk端口标识信息,所述第三端口标识信息为所述第二接入access端口标识信息。When the switch includes: a master switch and a slave switch, the port of the master switch includes: the first uplink uplink port, the first access access port, and a trunk trunk port, where the port of the slave switch includes a second uplink uplink port and a second access port, wherein the trunk port of the master switch is connected to the second uplink uplink port of the slave switch, and the slave switch passes the second interface The access port is connected to the IT device, the second port identifier information is the trunk port identifier information, and the third port identifier information is the second access port identifier information.
  5. 根据权利要求4所述的方法,其中,所述方法还包括:The method of claim 4 wherein the method further comprises:
    所述上位机发送untag报文,并触发所述主交换机和从交换机的重定向操作,其中,所述untag报文的目的IP地址中携带有所述第一指定字节信息和所述第二指定字节信息;所述重定向为:所述主交换机依据预设规则和所述第一指定字节信息将所述untag报文重定向到所述第一access端口或所述trunk端口,所述从交换机依据所述预设规则和所述第二指定字节将所述untag报文重定向到所述第二access端口,所述预设规则为所述主交换机和从交换机使用访问控制列表ACL在所述第一uplink端口和所述第二uplink端口设置。The host computer sends an untag message, and triggers a redirection operation of the master switch and the slave switch, where the destination IP address of the untagged message carries the first specified byte information and the second Specifying the byte information; the redirection is: the master switch redirects the untag message to the first access port or the trunk port according to a preset rule and the first specified byte information, where The slave switch redirects the untag message to the second access port according to the preset rule and the second specified byte, where the preset rule is that the master switch and the slave switch use an access control list. The ACL is set on the first uplink port and the second uplink port.
  6. 一种信息技术IT设备端口的确定装置,位于上位机侧,包括:An information technology IT device port determining device is located on the upper computer side and includes:
    接收模块,设置为接收所述IT设备发送的请求报文,其中,所述请求报文中携带有所述IT设备与交换机连接的端口标识信息;a receiving module, configured to receive a request message sent by the IT device, where the request message carries port identification information that is connected between the IT device and the switch;
    设置模块,设置为在为所述IT设备分配的IP地址中设置所述端口标识信息;Setting a module, configured to set the port identification information in an IP address allocated for the IT device;
    呈现模块,设置为将设置有所述端口标识信息的IP地址呈现给用户。A presentation module is configured to present an IP address with the port identification information set to the user.
  7. 根据权利要求6所述的装置,其中,The apparatus according to claim 6, wherein
    在所述交换机只包括:主交换机时,所述端口标识信息包括:第一端口标识信息,其中,所述第一端口标识信息为所述主交换机与所述IT设备连接的端口标识信息;When the switch includes only the master switch, the port identifier information includes: first port identifier information, where the first port identifier information is port identifier information that is connected between the master switch and the IT device;
    在所述交换机包括:主交换机和从交换机时,所述端口标识信息包括:第二端口标识信息和第三端口标识信息和/或所述第一端口标识信息,其中,所述第二端口标识信息包括:所述主交换机与从交换机连接的端口标识信息,所述第三端口标识信息包括:所述IT设备与所述从交换机连接的端口标识信息。When the switch includes: a master switch and a slave switch, the port identifier information includes: second port identifier information and third port identifier information, and/or the first port identifier information, where the second port identifier The information includes: port identification information that is connected between the master switch and the slave switch, and the third port identifier information includes: port identifier information that is connected between the IT device and the slave switch.
  8. 根据权利要求7所述的装置,其中,所述设置模块包括: The apparatus of claim 7, wherein the setting module comprises:
    第一写入单元,设置为在所述交换机只包括主交换机时,将所述第一端口标识信息写入所述IP地址的第一指定字节;a first writing unit, configured to write the first port identification information into a first specified byte of the IP address when the switch includes only a master switch;
    第二写入单元,设置为在所述交换机包括主交换机和从交换机时,将所述第二端口标识信息写入IP地址的所述第一指定字节,将所述第三端口标识信息写入所述IP地址的第二指定字节和/或将所述第一端口标识信息写入所述IP地址的第一指定字节。a second writing unit, configured to write the second port identification information into the first designated byte of the IP address when the switch includes the master switch and the slave switch, and write the third port identifier information Entering a second specified byte of the IP address and/or writing the first port identification information to a first designated byte of the IP address.
  9. 根据权利要求8所述的装置,其中,The device according to claim 8, wherein
    在所述交换机只包括主交换机时,所述主交换机的端口包括:第一上行uplink端口、第一接入access端口,其中,所述主交换机通过所述uplink端口与上位机连接,所述主交换机通过所述access端口与IT设备连接,所述第一端口标识信息为所述access端口标识信息;When the switch includes only the master switch, the port of the master switch includes: a first uplink uplink port and a first access port, wherein the master switch is connected to the host computer through the uplink port, where the master The switch is connected to the IT device by using the access port, where the first port identification information is the access port identification information;
    在所述交换机包括:主交换机和从交换机时,所述主交换机的端口包括:所述第一上行uplink端口、所述第一接入access端口以及中继trunk端口,所述从交换机的端口包括:第二上行uplink端口和第二接入access端口,其中,所述主交换机的所述trunk端口与所述从交换机的所述第二上行uplink端口连接,所述从交换机通过所述第二接入access端口与所述IT设备连接,所述第二端口标识信息为所述trunk端口标识信息,所述第三端口标识信息为所述第二接入access端口标识信息。When the switch includes: a master switch and a slave switch, the port of the master switch includes: the first uplink uplink port, the first access access port, and a trunk trunk port, where the port of the slave switch includes a second uplink uplink port and a second access port, wherein the trunk port of the master switch is connected to the second uplink uplink port of the slave switch, and the slave switch passes the second interface The access port is connected to the IT device, the second port identifier information is the trunk port identifier information, and the third port identifier information is the second access port identifier information.
  10. 根据权利要求9所述的装置,其中,所述装置还包括:The apparatus of claim 9 wherein said apparatus further comprises:
    发送模块,设置为发送untag报文,并触发所述主交换机和从交换机的重定向操作,其中,所述untag报文的目的IP地址中携带有所述第一指定字节信息和所述第二指定字节信息,所述重定向为:所述主交换机依据预设规则和所述第一指定字节信息将所述untag报文重定向到所述第一access端口或所述trunk端口,所述从交换机依据所述预设规则和所述第二指定字节将所述untag报文重定向到所述第二access端口,所述预设规则为所述主交换机和从交换机使用访问控制列表ACL在所述第一uplink端口和所述第二uplink端口设置。 a sending module, configured to send an untag message, and trigger a redirection operation of the master switch and the slave switch, where the destination IP address of the untagged packet carries the first specified byte information and the Specifying the byte information, the redirection is: the master switch redirects the untag message to the first access port or the trunk port according to the preset rule and the first specified byte information, The slave switch redirects the untag message to the second access port according to the preset rule and the second specified byte, where the preset rule is that the master switch and the slave switch use access control The list ACL is set on the first uplink port and the second uplink port.
PCT/CN2015/079221 2014-12-23 2015-05-18 Method and apparatus for determining information technology (it) device port WO2016101515A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410815570.6 2014-12-23
CN201410815570.6A CN105791176A (en) 2014-12-23 2014-12-23 Method and device for determining IT (Information Technology) equipment port

Publications (1)

Publication Number Publication Date
WO2016101515A1 true WO2016101515A1 (en) 2016-06-30

Family

ID=56149091

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/079221 WO2016101515A1 (en) 2014-12-23 2015-05-18 Method and apparatus for determining information technology (it) device port

Country Status (2)

Country Link
CN (1) CN105791176A (en)
WO (1) WO2016101515A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111813900A (en) * 2019-04-10 2020-10-23 北京猎户星空科技有限公司 Multi-turn conversation processing method and device, electronic equipment and storage medium

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108540541B (en) * 2018-03-22 2020-10-23 华为技术有限公司 Information processing method, information processing apparatus, and switch
CN109194525B (en) * 2018-10-11 2022-03-11 迈普通信技术股份有限公司 Network node configuration method and management node
CN109951314B (en) * 2019-01-21 2022-11-01 平安科技(深圳)有限公司 Machine room port automatic allocation method, electronic device and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050044199A1 (en) * 2003-08-06 2005-02-24 Kenta Shiga Storage network management system and method
CN101820432A (en) * 2010-05-12 2010-09-01 中兴通讯股份有限公司 Safety control method and device of stateless address configuration
CN101883090A (en) * 2010-04-29 2010-11-10 北京星网锐捷网络技术有限公司 Client access method, equipment and system
CN102130788A (en) * 2011-03-14 2011-07-20 华为技术有限公司 Method, device and system for configuring monitoring terminal

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7310667B2 (en) * 2003-03-13 2007-12-18 International Business Machines Corporation Method and apparatus for server load sharing based on foreign port distribution
CN1756189B (en) * 2004-09-30 2010-04-14 北京航空航天大学 IP network topology discovering method based on SNMP
CN1791029A (en) * 2005-12-23 2006-06-21 杭州华为三康技术有限公司 Method and system for automatically gaining configuration management server initial allocation
CN101272292A (en) * 2008-05-14 2008-09-24 杭州华三通信技术有限公司 Method and equipment for recognizing user identity in flux monitoring
CN101488918B (en) * 2009-01-09 2012-02-08 杭州华三通信技术有限公司 Multi-network card server access method and system
CN104202187B (en) * 2014-08-28 2017-11-14 新华三技术有限公司 A kind of method and apparatus that the virtual bridged function in edge is disposed for interchanger

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050044199A1 (en) * 2003-08-06 2005-02-24 Kenta Shiga Storage network management system and method
CN101883090A (en) * 2010-04-29 2010-11-10 北京星网锐捷网络技术有限公司 Client access method, equipment and system
CN101820432A (en) * 2010-05-12 2010-09-01 中兴通讯股份有限公司 Safety control method and device of stateless address configuration
CN102130788A (en) * 2011-03-14 2011-07-20 华为技术有限公司 Method, device and system for configuring monitoring terminal

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111813900A (en) * 2019-04-10 2020-10-23 北京猎户星空科技有限公司 Multi-turn conversation processing method and device, electronic equipment and storage medium
CN111813900B (en) * 2019-04-10 2023-12-08 北京猎户星空科技有限公司 Multi-round dialogue processing method and device, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN105791176A (en) 2016-07-20

Similar Documents

Publication Publication Date Title
US11463279B2 (en) Method and apparatus for implementing a flexible virtual local area network
US11863625B2 (en) Routing messages between cloud service providers
US11005752B2 (en) Packet transmission
EP2491684B1 (en) Method and apparatus for transparent cloud computing with a virtualized network infrastructure
EP2947907B1 (en) Startup configuration method in base station, base station and server
JP6722816B2 (en) Packet transfer
TW201519621A (en) Management server and management method thereof for managing cloud appliances in virtual local area networks
EP3420687B1 (en) Addressing for customer premises lan expansion
WO2016101515A1 (en) Method and apparatus for determining information technology (it) device port
WO2012088901A1 (en) Method for allocating virtual local area network and associated device
CN104125128A (en) Method for supporting VLAN (virtual local area network) by aid of Linux soft bridge
CN103166864A (en) Method and device for private VLAN (virtual local area network) information management
CN112543108A (en) Network isolation policy management method and network isolation policy management system
CN104734930B (en) Method and device for realizing access of Virtual Local Area Network (VLAN) to Variable Frequency (VF) network and Fiber Channel Frequency (FCF)
CN109756411B (en) Message forwarding method and device, first VTEP device and storage medium
US9729391B2 (en) Method and apparatus for path indication
EP3579499A1 (en) Vlan reflection
JP2014230046A (en) Ip address allocation server having control function by hub
US10439933B2 (en) Isolating services across a single physical network interface
CN107426103B (en) Data transmission method between RapidIO network and Ethernet

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15871591

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15871591

Country of ref document: EP

Kind code of ref document: A1