WO2016138813A1 - Switch routing conflict processing method and apparatus - Google Patents

Switch routing conflict processing method and apparatus Download PDF

Info

Publication number
WO2016138813A1
WO2016138813A1 PCT/CN2016/073604 CN2016073604W WO2016138813A1 WO 2016138813 A1 WO2016138813 A1 WO 2016138813A1 CN 2016073604 W CN2016073604 W CN 2016073604W WO 2016138813 A1 WO2016138813 A1 WO 2016138813A1
Authority
WO
WIPO (PCT)
Prior art keywords
vpn
information
port information
vlan
interface
Prior art date
Application number
PCT/CN2016/073604
Other languages
French (fr)
Chinese (zh)
Inventor
林宁
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Priority to RU2017133755A priority Critical patent/RU2714383C2/en
Publication of WO2016138813A1 publication Critical patent/WO2016138813A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks

Definitions

  • the present invention relates to the field of communications, and in particular, to a method and apparatus for processing a route conflict of a switch.
  • the Layer 3 switch product of the routing function in the related art is based on a virtual local area network (VLAN) for Layer 3 interface configuration. All routing configurations and virtual private network (VPN) configurations are based on VLANs.
  • VLAN virtual local area network
  • VPN virtual private network
  • the routing sub-interface function of the Layer 3 switch is based on the configuration of one port and one VLAN. That is, one physical port can be configured with multiple routing sub-interfaces of different VLANs. Usually, the routing configuration of these sub-interfaces and the configuration of the VPN where the routes are located. They are all set based on the individual VLANs in which the sub-interface is located.
  • Step S11 Configure a routing sub-interface and a VLAN to which the sub-interface belongs.
  • the switch adds the physical port of the sub-interface to the VLAN to which the sub-interface belongs.
  • Step S12 Complete the configuration of the VLAN Layer 3 interface according to the configured routing sub-interface VLAN.
  • Step S13 The routing information and the VPN information of the route are configured on the Layer 3 interface where the VLAN is located.
  • the steps of forwarding the Layer 3 packet forwarding of the switch sub-interface of the switch in the related art include:
  • Step S21 The packet that needs to be forwarded by the sub-interface to carry the Layer 3 packet carries the VLAN tag corresponding to the sub-interface to enter the physical interface corresponding to the sub-interface;
  • Step S22 The switch searches for the Layer 3 interface of the corresponding VLAN according to the VLAN tag (VLAN identifier) carried in the packet, obtains the Layer 3 interface information, and finds the VPN information of the route according to the VLAN tag.
  • VLAN tag VLAN identifier
  • Step S23 According to the routing VPN information and the destination IP address in the Layer 3 packet, look up the routing table of the switch and perform route forwarding.
  • routing sub-interface is configured and a VLAN is bound, then the VLAN is A Layer 3 interface is configured separately, and routing conflicts may occur on the forwarding.
  • the attribute is that physical port 1 is bound to VLAN 100 and configured. IP address 123.1.1.1/24.
  • VLAN 100 Layer 3 interface is configured on the switch.
  • This VLAN contains physical port 2 and is configured with route VPN A.
  • the VLAN 100 Layer 3 interface is not in the same VPN as the subinterface 1 and therefore the VLAN 100 Layer 3 interface.
  • the same IP address can be configured as 123.1.1.1/24.
  • the main purpose of the embodiment of the present invention is to provide a method and a device for processing a route conflict of a switch, so as to at least solve the problem that a route conflict occurs when a VPN is found by using a VLAN tag to search for a VPN.
  • a method for processing a switch routing conflict includes: obtaining port information of a specified packet entering a switch, where the specified packet carries identifier information of a virtual local area network VLAN, and each The port has a corresponding virtual private network VPN; and the VPN to which the specified packet route belongs is determined according to the identifier information and the port information.
  • the port information includes first physical port information corresponding to the sub-interface, and second physical port information corresponding to the third-layer interface.
  • determining, according to the identifier information and the port information, the VPN to which the specified packet route belongs includes: configuring the first physical port information according to a predetermined rule. Corresponding relationship with the identifier information; modifying the route VPN of the specified packet to the VPN to which the specified packet route belongs according to the corresponding relationship.
  • the manner of configuring the correspondence between the first physical port information and the identifier information according to a predetermined rule includes: configuring the first physical port information according to an access control list ACL and the Corresponding relationship between the first physical port information and the identification information is configured according to the VLAN translation; and the first physical port information and the identification information are pre-configured by the microcode chip Correspondence.
  • determining, according to the identifier information and the port information, the VPN to which the specified packet route belongs includes: determining the specified according to the identifier information The VPN to which the packet route belongs.
  • a device for processing a switch route conflict including: an obtaining module, configured to obtain port information of a specified packet entering a switch, where the specified packet carries a virtual local area network VLAN The identifier information, each port has a corresponding virtual private network VPN; the determining module is configured to determine, according to the identifier information and the port information, the VPN to which the specified packet route belongs.
  • the port information includes first physical port information corresponding to the sub-interface, and second physical port information corresponding to the third-layer interface.
  • the determining module includes: a configuration unit, configured to configure a correspondence between the first physical port information and the identifier information according to a predetermined rule
  • the relationship unit is configured to modify the route VPN of the specified packet to be the VPN to which the specified packet route belongs according to the correspondence.
  • the configuration unit includes one of the following: a first configuration unit, configured to configure a correspondence between the first physical port information and the identification information according to an access control list ACL; and a second configuration unit,
  • the third configuration unit is configured to pre-configure between the first physical port information and the identifier information by using a microcode chip, to configure a correspondence between the first physical port information and the identifier information according to the VLAN translation.
  • the determining module is further configured to determine, according to the identifier information, a VPN to which the specified packet route belongs.
  • FIG. 1 is a flowchart of a method for processing a switch route conflict according to an embodiment of the present invention
  • FIG. 2 is a structural block diagram of a processing apparatus for a switch route conflict according to an embodiment of the present invention
  • FIG. 4 is a block diagram 2 of an optional structure of a processing device for routing conflicts of a switch according to an embodiment of the present invention
  • FIG. 5 is a schematic diagram of a route conflict between a routing sub-interface and a VLAN Layer 3 interface in the related art
  • FIG. 1 is a flowchart of a method for processing a route conflict of a switch according to an embodiment of the present invention. As shown in FIG. 1 , the steps of the method include:
  • Step S102 Obtain port information of the specified packet entering the switch.
  • the specified packet carries the identification information of the VLAN of the virtual local area network, and each port has a corresponding virtual private network VPN;
  • Step S104 Determine, according to the identifier information and the port information, the VPN to which the specified packet route belongs.
  • the port information related to the embodiment may include: the first physical port information corresponding to the sub-interface and the second physical port information corresponding to the Layer 3 interface.
  • the following examples are used to describe the embodiment in the following two types of port information:
  • the method for determining the virtual private network VPN to which the packet routing belongs according to the identifier information and the port information in step S104 in this embodiment is an optional implementation in this embodiment.
  • the steps of the method include:
  • Step S31 Configure a correspondence between the first physical port information and the identification information according to a predetermined rule.
  • Manner 1 The correspondence between the first physical port information and the identification information is configured according to an access control list (ACL).
  • ACL access control list
  • the switch sets ports 1, 2, and 3 in VLAN 100.
  • the translation action is routing VPN to VPN 0.
  • the sub-interface is not Set the VPN, so the default is to set the global route VPN to 0.
  • the matching ACL rule is captured.
  • the action of entering the ACL changes the route VPN to VPN 0.
  • a packet carrying VLAN tag 100 enters the switch from port 2 or 3, it directly matches the VPN A to which VLAN 100 belongs.
  • the sub-interface routes are forwarded to the VLAN. There is no conflict in route forwarding.
  • Manner 3 pre-configure a correspondence between the first physical port information and the identification information by using the microcode chip
  • the switch sets ports 1, 2, and 3 in VLAN 100.
  • the routing VPN is 0.
  • the VPN is not set on the sub-interface. Therefore, the default is that the global routing VPN is 0.
  • the VPN with the VLAN 100 route is set to VPN A.
  • the matching ACL rule is captured.
  • the action of entering the ACL changes the route VPN to VPN 0.
  • a packet carrying VLAN tag 100 enters the switch from port 2 or 3, it directly matches VLAN 100.
  • VPN A According to the above method, there is no conflict between sub-interface routing forwarding and VLAN routing forwarding.
  • the step S104 in the embodiment determines the manner of the virtual private network VPN to which the specified message route belongs according to the identification information and the port information, and can be implemented as follows:
  • the virtual private network VPN to which the specified packet route belongs is determined according to the identification information. That is to say, packets that need to be forwarded by the Layer 3 interface of the VLAN will still use the VLAN tag carried in the original packet to find the VLAN information of the switch to determine the route VPN.
  • a processing device for the switch routing conflict is further provided, and the device is used to implement the foregoing embodiment and the optional implementation manner, and details are not described herein.
  • the term “module” "unit” may implement a combination of software and/or hardware of a predetermined function.
  • the apparatus described in the following embodiments is preferably implemented in software, hardware, or a combination of software and hardware, is also possible and contemplated.
  • the device includes: an obtaining module 22, configured to obtain port information of a specified packet entering a switch, where a specified packet is carried. There is identification information of the virtual local area network (VLAN) VLAN; the determining module 24 is configured to determine, according to the identification information and the port information, the virtual private network VPN to which the specified message route belongs.
  • VLAN virtual local area network
  • the port information includes port information of the sub-interface and port information of the layer 3 interface.
  • the determining module 24 includes: a configuration unit 32, configured as The predetermined rule configures the correspondence between the port information and the identification information of the sub-interface; the modifying unit 34 is configured to modify the routing VPN of the specified packet to be the VPN to which the specified packet route belongs according to the correspondence.
  • the module 24 is further determined to determine, according to the identifier information, the virtual private network VPN to which the specified packet route belongs.
  • the present invention is exemplified by an optional embodiment of the embodiment of the present invention.
  • the optional embodiment uses the physical port and the VLAN value of the attributes of the sub-interface to uniquely determine the characteristics of a sub-interface to ensure that the configuration of the sub-interface does not conflict with the Layer 3 interface of the VLAN.
  • the sub-interface and the VLAN-layer interface use the VLAN tag carried in the packet to match the VPN to which the VLAN belongs to determine the VPN for routing and forwarding. Therefore, the routing conflict in the above case occurs.
  • the VLAN tag not only the VLAN tag but also the physical interface and the VLAN tag to which the sub-interface belongs are used to determine the VPN to which the route forwarding belongs.
  • physical port information is available when a packet is entered into the switch.
  • the physical port information of the obtained packet entering the switch is added.
  • the VLAN tag carried in the packet is used to determine the VPN to which the route belongs.
  • the VPN of each sub-interface can be uniquely determined, and the VPN information of all sub-interfaces is uniquely determined by the port+VLAN mode, and the VPN information of the VLAN-layer interface still passes.
  • the VLAN value is determined, so that the VPN information selection of the sub-interface can be completed without an incorrect routing conflict due to the configuration of the VPN attribute of the VLAN Layer 3 interface.
  • the access control list ACL can be used to match the input port of the packet and the VLAN carried by the packet, and then modify the The routing of the packet forwards the VPN information.
  • the physical port of the Layer 3 interface of the VLAN cannot be in conflict with the physical port of the sub-interface. Therefore, the physical port to which the Layer 3 interface belongs does not appear in the relationship table of the route-to-VLAN.
  • the physical port information of the packet entering the switch and the VLAN information carried in the packet are simultaneously determined by the routing and forwarding VPN of the packet, and the sub-interface and the VLAN are connected. There is no longer any conflict in the routed VPN forwarding of the port, and no evasive configuration and configuration restrictions are required.
  • Application scenario 1 Use ACL rules to avoid setting conflicts on sub-interface routes.
  • the switch sets ports 1, 2, and 3 in VLAN 100.
  • the ACL rules are used to match the ingress port 1 and carry the VLAN tag 100.
  • the action of setting the ACL rule is to modify the route VPN.
  • VPN it should be noted that the VPN is not set on the sub-interface here, so the default is that the global route VPN is 0.
  • the VPN with the route to which VLAN 100 belongs is set to VPN A.
  • Application scenario 2 Using VLAN translation to complete the setting of avoiding sub-interface routing conflicts
  • the switch sets ports 1, 2, and 3 in VLAN 100.
  • VLAN translation is used to set VLAN translation port 1 and VLAN 100.
  • the translation action is route VPN to VPN 0. It should be noted that VPN is not set on the sub-interface. Therefore, the default is that the global route VPN is 0.
  • the VPN with the route to which VLAN 100 belongs is set to VPN A.
  • the matching ACL rule is captured and entered.
  • the action of the ACL is to modify the route VPN to be VPN 0.
  • a packet carrying VLAN tag 100 enters the switch from port 2 or 3, it directly matches the VPN A to which VLAN 100 belongs.
  • the sub-interface routes are forwarded and VLAN-routed. There will be no conflicts.
  • Application scenario 3 using a microcode chip to complete the setting of avoiding sub-interface routing conflicts
  • the switch sets the ports 1, 2, and 3 in the VLAN 100.
  • the port1+VLAN 100 is set to the forwarding relationship table of the route VPN 0 in the microcode chip, so that the packet carrying the VLAN tag 100 entering the port 1 is routed to the VPN. It is 0.
  • the VPN is not set on the sub-interface, so the default is that the global route VPN is 0.
  • the VPN with the VLAN 100 route is set to VPN A; when there is a packet carrying the VLAN tag 100, the packet enters the switch from port 1.
  • the matching ACL rule is captured.
  • the action of entering the ACL changes the route VPN to VPN 0.
  • the optional embodiment uses the port and the VLAN to form a unique correspondence method with the routing VPN, so that the switch
  • the interface configuration no longer has any constraints. It can exist at the same time as the common VLAN configuration of the switch, and there is no conflict and interference between routing and forwarding. Therefore, the configuration of the routing sub-interface can be more flexible and unconstrained, eliminating the switch.
  • the usage limit of the routing sub-interface improves the usage range of the routing sub-interface of the switch.
  • FIG. 5 is a schematic diagram of a route conflict between a routing sub-interface and a VLAN Layer 3 interface in the related art, as shown in FIG. 5,
  • the two ports are configured with a Layer 3 interface VLAN and the other one is configured with a sub-interface VLAN.
  • the packets entering the two ports will be routed according to the VLAN.
  • VPNs can cause VPN conflicts in routing, because any one of them configures a different VPN, and the other one will be affected.
  • FIG. 6 is a schematic diagram of avoiding route conflict between a routing sub-interface and a VLAN Layer 3 interface according to an alternative embodiment of the present invention.
  • a corresponding processing method such as any one of the application scenarios 1 to 3 above, is used.
  • the processing method is to make a corresponding decision on the VPN of the sub-interface.
  • the port and the VLAN of the sub-interface jointly determine the VPN, and the VPN can be distinguished from the VPN of the three-layer interface, so that the VPNs of the two modes do not affect each other. There is no routing conflict.
  • FIG. 7 is a flowchart of a method for preventing a route conflict by a routing sub-interface according to an alternative embodiment of the present invention. As shown in FIG. 7, the steps of the method include:
  • Step S702 Configure a routing sub-interface
  • Step S704 setting a preset routing VPN decision policy by using the port information and the VLAN information of the routing sub-interface;
  • the preset VPN-determined policy can be implemented by using ACL, VLAN translation, and microcode.
  • Step S706 If a packet that needs to be forwarded by the Layer 3 packet enters the routing sub-interface, the VPN information is determined by the port information and the VLAN information carried in the packet.
  • modules or steps of the present invention can be implemented by a general-purpose computing device, which can be concentrated on a single computing device or distributed over a network composed of multiple computing devices. Alternatively, they may be implemented by program code executable by the computing device such that they may be stored in the storage device for execution by the computing device and, in some cases, may be performed in a different order than herein.
  • the steps shown or described are either made separately into individual integrated circuit modules, or a plurality of modules or steps are fabricated as a single integrated circuit module. Thus, the invention is not limited to any specific combination of hardware and software.
  • the port information of the specified packet entering the switch and the identification information of the VLAN of the specified packet are used to determine the VPN to which the specified packet belongs, because each port has a corresponding VPN.
  • the VPN to which the packet belongs can be uniquely determined, thereby solving the problem that the related technology only determines the VPN to which the packet route belongs by using the identification information, and thus the routing conflict occurs, thereby achieving the effect of reducing the routing conflict of the switch.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)

Abstract

The present invention provides a switch routing conflict processing method and apparatus, the method including: obtaining information of a port through which a designated message enters into a switch, wherein the designated message carries identification information of a virtual local area network VLAN and each port has a corresponding virtual private network VPN; determining the VPN which the designated message routing belongs to according to the identification information and port information. The present invention solves the routing conflict problem in the related technology caused by determining the VPN which the message routing belongs to just by the identification information, thus achieving the effect of reducing the switch routing conflict.

Description

交换机路由冲突的处理方法及装置Method and device for processing switch routing conflict 技术领域Technical field
本发明涉及通信领域,具体而言,涉及一种交换机路由冲突的处理方法及装置。The present invention relates to the field of communications, and in particular, to a method and apparatus for processing a route conflict of a switch.
背景技术Background technique
相关技术中路由功能的三层交换机产品是基于虚拟局域网(Virtual Local Area Network简称为VLAN)进行三层接口配置。所有的路由配置以及路由所处的虚拟专用网(Virtual Private Network简称为VPN)配置,都是基于VLAN进行设置的。The Layer 3 switch product of the routing function in the related art is based on a virtual local area network (VLAN) for Layer 3 interface configuration. All routing configurations and virtual private network (VPN) configurations are based on VLANs.
而对于三层交换机的路由子接口功能,是基于一个端口一个VLAN的配置,即一个物理端口可以配置多个不同VLAN的路由子接口,通常这些子接口的路由配置和路由所处VPN的配置,都是基于这个子接口所处的各个VLAN进行设置的。The routing sub-interface function of the Layer 3 switch is based on the configuration of one port and one VLAN. That is, one physical port can be configured with multiple routing sub-interfaces of different VLANs. Usually, the routing configuration of these sub-interfaces and the configuration of the VPN where the routes are located. They are all set based on the individual VLANs in which the sub-interface is located.
相关技术中交换机产品配置路由子接口的步骤包括:The steps of configuring the routing sub-interface of the switch product in the related art include:
步骤S11:配置路由子接口以及子接口所属的VLAN,交换机将此子接口的物理端口加入此子接口的所属VLAN中;Step S11: Configure a routing sub-interface and a VLAN to which the sub-interface belongs. The switch adds the physical port of the sub-interface to the VLAN to which the sub-interface belongs.
步骤S12:根据配置的路由子接口VLAN完成VLAN三层接口的配置;Step S12: Complete the configuration of the VLAN Layer 3 interface according to the configured routing sub-interface VLAN.
步骤S13:将路由信息和路由所处VPN信息,配置在这个VLAN所处的三层接口上。Step S13: The routing information and the VPN information of the route are configured on the Layer 3 interface where the VLAN is located.
相关技术中交换机产品路由子接口三层报文转发的步骤包括:The steps of forwarding the Layer 3 packet forwarding of the switch sub-interface of the switch in the related art include:
步骤S21:需要子接口路由三层转发的报文携带该子接口对应的VLAN tag进入该子接口对应的物理接口;Step S21: The packet that needs to be forwarded by the sub-interface to carry the Layer 3 packet carries the VLAN tag corresponding to the sub-interface to enter the physical interface corresponding to the sub-interface;
步骤S22:交换机根据此报文携带的VLAN tag(VLAN标识)查找到对应的VLAN的三层接口,获取三层接口信息,并根据此VLAN tag查找到路由所处的VPN信息;Step S22: The switch searches for the Layer 3 interface of the corresponding VLAN according to the VLAN tag (VLAN identifier) carried in the packet, obtains the Layer 3 interface information, and finds the VPN information of the route according to the VLAN tag.
步骤S23:根据路由VPN信息和三层报文中的目的IP地址,查找交换机的路由表,进行路由转发。Step S23: According to the routing VPN information and the destination IP address in the Layer 3 packet, look up the routing table of the switch and perform route forwarding.
由此可见,相关技术中虽然可以在交换机上实现路由子接口的配置和转发,但是在设置上有一个局限,如果配置了某个路由子接口,绑定了某个VLAN,那么这个VLAN如果又单独配置了一个三层接口,在转发上即可能出现路由冲突的情况。It can be seen that although the related art can implement the configuration and forwarding of the routing sub-interface on the switch, there is a limitation in the setting. If a routing sub-interface is configured and a VLAN is bound, then the VLAN is A Layer 3 interface is configured separately, and routing conflicts may occur on the forwarding.
例如:若配置了路由子接口subport1,属性是物理端口1绑定VLAN 100,配置了 IP地址123.1.1.1/24。For example, if the routing sub-interface subport1 is configured, the attribute is that physical port 1 is bound to VLAN 100 and configured. IP address 123.1.1.1/24.
交换机上同时又配置了VLAN 100三层接口,此VLAN包含物理端口2,配置了路由VPN A,此时这个VLAN100三层接口由于与子接口subport1并不在同一个VPN内,因此此VLAN100三层接口一样可以配置IP地址123.1.1.1/24。A VLAN 100 Layer 3 interface is configured on the switch. This VLAN contains physical port 2 and is configured with route VPN A. In this case, the VLAN 100 Layer 3 interface is not in the same VPN as the subinterface 1 and therefore the VLAN 100 Layer 3 interface. The same IP address can be configured as 123.1.1.1/24.
这时,若有报文携带目的IP地址123.1.1.1和VLAN tag 100进入端口1,我们期望的是此报文将会命中subport1的接口地址123.1.1.1的主机路由,可是由于VLAN100的VPN属性被配置在了VPN A内,而路由子接口subport1,同样也是属于VLAN 100的,因此在进行报文转发的时候,报文查找路由所属VPN的时候,会根据报文携带的VLAN tag 100进行查找,直接命中了VLAN 100的VPN属性,即查找到此路由所属VPN应该是A。At this time, if a packet carries the destination IP address 123.1.1.1 and VLAN tag 100 to enter port 1, we expect that this packet will hit the host route of interface address 123.1.1.1 of subport1, but the VPN attribute of VLAN 100 is It is configured in VPN A, and the sub-interface 1 of the routing sub-interface is also in the VLAN 100. Therefore, when the packet is forwarded, the packet is searched according to the VLAN tag 100 carried in the packet. Directly hit the VPN attribute of VLAN 100, that is, find that the VPN to which this route belongs should be A.
可见相关技术中无法完成期望的报文转发,此报文将会命中VLAN 100三层接口的主机路由,VPN A下的123.1.1.1,而不会命中子接口所属的subport1的主机路由。在这样的状态下,出现路由冲突即会造成子接口功能失效。It can be seen that the desired packet forwarding cannot be completed in the related technology. This packet will hit the host route of the VLAN 100 Layer 3 interface, 123.1.1.1 under VPN A, and will not hit the host route of the subport1 to which the sub-interface belongs. In such a state, a route conflict will cause the sub-interface function to fail.
针对相关技术中通过VLAN tag查找报文路由所属VPN会出现路由冲突的问题,目前尚未提出有效的解决方案。For the related art, the problem of routing conflicts occurs when the VPN tag is found by the VLAN tag, and an effective solution has not been proposed yet.
发明内容Summary of the invention
本发明实施例的主要目的在于提供一种交换机路由冲突的处理方法及装置,以至少解决相关技术中通过VLAN tag查找报文路由所属VPN会出现路由冲突的问题。The main purpose of the embodiment of the present invention is to provide a method and a device for processing a route conflict of a switch, so as to at least solve the problem that a route conflict occurs when a VPN is found by using a VLAN tag to search for a VPN.
根据本发明实施例的一个方面,提供了一种交换机路由冲突的处理方法,包括:获取指定报文进入交换机的端口信息,其中,所述指定报文携带有虚拟局域网VLAN的标识信息,每个端口都有相对应的虚拟专用网络VPN;依据所述标识信息和所述端口信息确定所述指定报文路由所属的VPN。According to an aspect of the embodiments of the present invention, a method for processing a switch routing conflict is provided, which includes: obtaining port information of a specified packet entering a switch, where the specified packet carries identifier information of a virtual local area network VLAN, and each The port has a corresponding virtual private network VPN; and the VPN to which the specified packet route belongs is determined according to the identifier information and the port information.
可选地,所述端口信息包括子接口对应的第一物理端口信息、三层接口对应的第二物理端口信息。Optionally, the port information includes first physical port information corresponding to the sub-interface, and second physical port information corresponding to the third-layer interface.
可选地,在所述端口信息为第一物理端口信息时,依据所述标识信息和所述端口信息确定所述指定报文路由所属的VPN包括:依据预定规则配置所述第一物理端口信息和所述标识信息之间的对应关系;依据所述对应关系将所述指定报文的路由VPN修改为所述指定报文路由所属的VPN。Optionally, when the port information is the first physical port information, determining, according to the identifier information and the port information, the VPN to which the specified packet route belongs includes: configuring the first physical port information according to a predetermined rule. Corresponding relationship with the identifier information; modifying the route VPN of the specified packet to the VPN to which the specified packet route belongs according to the corresponding relationship.
可选地,依据预定规则配置所述第一物理端口信息和所述标识信息之间的对应关系的方式包括以下之一:依据访问控制列表ACL配置所述第一物理端口信息和所述 标识信息之间的对应关系;依据VLAN翻译配置所述第一物理端口信息和所述标识信息之间的对应关系;通过微码芯片预先配置所述第一物理端口信息和所述标识信息之间的对应关系。Optionally, the manner of configuring the correspondence between the first physical port information and the identifier information according to a predetermined rule includes: configuring the first physical port information according to an access control list ACL and the Corresponding relationship between the first physical port information and the identification information is configured according to the VLAN translation; and the first physical port information and the identification information are pre-configured by the microcode chip Correspondence.
可选地,在所述端口信息为所述第二物理端口信息时,依据所述标识信息和所述端口信息确定所述指定报文路由所属的VPN包括:依据所述标识信息确定所述指定报文路由所属的VPN。Optionally, when the port information is the second physical port information, determining, according to the identifier information and the port information, the VPN to which the specified packet route belongs includes: determining the specified according to the identifier information The VPN to which the packet route belongs.
根据本发明实施例的另一个方面,提供了一种交换机路由冲突的处理装置,包括:获取模块,设置为获取指定报文进入交换机的端口信息,其中,所述指定报文携带有虚拟局域网VLAN的标识信息,每个端口都有相对应的虚拟专用网络VPN;确定模块,设置为依据所述标识信息和所述端口信息确定所述指定报文路由所属的VPN。According to another aspect of the present invention, a device for processing a switch route conflict is provided, including: an obtaining module, configured to obtain port information of a specified packet entering a switch, where the specified packet carries a virtual local area network VLAN The identifier information, each port has a corresponding virtual private network VPN; the determining module is configured to determine, according to the identifier information and the port information, the VPN to which the specified packet route belongs.
可选地,所述端口信息包括子接口对应的第一物理端口信息、三层接口对应的第二物理端口信息。Optionally, the port information includes first physical port information corresponding to the sub-interface, and second physical port information corresponding to the third-layer interface.
可选地,在所述端口信息为所述第一物理端口信息时,所述确定模块包括:配置单元,设置为依据预定规则配置所述第一物理端口信息和所述标识信息之间的对应关系;修改单元,设置为依据所述对应关系将所述指定报文的路由VPN修改为所述指定报文路由所属的VPN。Optionally, when the port information is the first physical port information, the determining module includes: a configuration unit, configured to configure a correspondence between the first physical port information and the identifier information according to a predetermined rule The relationship unit is configured to modify the route VPN of the specified packet to be the VPN to which the specified packet route belongs according to the correspondence.
可选地,所述配置单元包括以下之一:第一配置单元,设置为依据访问控制列表ACL配置所述第一物理端口信息和所述标识信息之间的对应关系;第二配置单元,设置为依据VLAN翻译配置所述第一物理端口信息和所述标识信息之间的对应关系;第三配置单元,设置为通过微码芯片预先配置所述第一物理端口信息和所述标识信息之间的对应关系。Optionally, the configuration unit includes one of the following: a first configuration unit, configured to configure a correspondence between the first physical port information and the identification information according to an access control list ACL; and a second configuration unit, The third configuration unit is configured to pre-configure between the first physical port information and the identifier information by using a microcode chip, to configure a correspondence between the first physical port information and the identifier information according to the VLAN translation. Correspondence.
可选地,在所述端口信息为所述第二物理端口信息时,所述确定模块,还设置为依据所述标识信息确定所述指定报文路由所属的VPN。Optionally, when the port information is the second physical port information, the determining module is further configured to determine, according to the identifier information, a VPN to which the specified packet route belongs.
通过本发明实施例,采用获取指定报文进入交换机的端口信息和和该指定报文的VLAN的标识信息来决定该指定报文路由所属的VPN,由于每个端口都有相对应的VPN,这样可以唯一确定该报文所属的VPN,从而解决了相关技术中仅仅是通过标识信息来确定报文路由所属的VPN进而出现路由冲突的问题,从而达到了减少交换机路由冲突的效果。In the embodiment of the present invention, the port information of the specified packet entering the switch and the identification information of the VLAN of the specified packet are used to determine the VPN to which the specified packet belongs, because each port has a corresponding VPN. The VPN to which the packet belongs can be uniquely determined, thereby solving the problem that the related technology only determines the VPN to which the packet route belongs by using the identification information, and thus the routing conflict occurs, thereby achieving the effect of reducing the routing conflict of the switch.
附图说明 DRAWINGS
此处所说明的附图用来提供对本发明的进一步理解,构成本申请的一部分,本发明的示意性实施例及其说明用于解释本发明,并不构成对本发明的不当限定。在附图中:The drawings described herein are intended to provide a further understanding of the invention, and are intended to be a part of the invention. In the drawing:
图1是根据本发明实施例的交换机路由冲突的处理方法的流程图;1 is a flowchart of a method for processing a switch route conflict according to an embodiment of the present invention;
图2是根据本发明实施例的交换机路由冲突的处理装置结构框图;2 is a structural block diagram of a processing apparatus for a switch route conflict according to an embodiment of the present invention;
图3是根据本发明实施例的交换机路由冲突的处理装置可选结构框图一;3 is a block diagram of an optional structure of a processing device for routing conflicts of a switch according to an embodiment of the present invention;
图4是根据本发明实施例的交换机路由冲突的处理装置可选结构框图二;4 is a block diagram 2 of an optional structure of a processing device for routing conflicts of a switch according to an embodiment of the present invention;
图5是相关技术中路由子接口与VLAN三层口之间路由冲突示意图;5 is a schematic diagram of a route conflict between a routing sub-interface and a VLAN Layer 3 interface in the related art;
图6是根据本发明可选实施例的避免路由子接口与VLAN三层口之间路由冲突的示意图;6 is a schematic diagram of avoiding route conflict between a routing sub-interface and a VLAN Layer 3 interface according to an alternative embodiment of the present invention;
图7是根据本发明可选实施例中路由子接口防止路由冲突方法的流程图。7 is a flow chart of a method for preventing a route collision by a routing sub-interface according to an alternative embodiment of the present invention.
具体实施方式detailed description
需要说明的是,在不冲突的情况下,本申请中的实施例及实施例中的特征可以相互组合。下面将参考附图并结合实施例来详细说明本发明。It should be noted that the embodiments in the present application and the features in the embodiments may be combined with each other without conflict. The invention will be described in detail below with reference to the drawings in conjunction with the embodiments.
本实施例提供了一种交换机路由冲突的处理方法,图1是根据本发明实施例的交换机路由冲突的处理方法的流程图,如图1所示,该方法的步骤包括:This embodiment provides a method for processing a route conflict of a switch. FIG. 1 is a flowchart of a method for processing a route conflict of a switch according to an embodiment of the present invention. As shown in FIG. 1 , the steps of the method include:
步骤S102:获取指定报文进入交换机的端口信息;Step S102: Obtain port information of the specified packet entering the switch.
其中,指定报文携带有虚拟局域网VLAN的标识信息,每个端口都有相对应的虚拟专用网络VPN;The specified packet carries the identification information of the VLAN of the virtual local area network, and each port has a corresponding virtual private network VPN;
步骤S104:依据标识信息和端口信息确定指定报文路由所属的VPN。Step S104: Determine, according to the identifier information and the port information, the VPN to which the specified packet route belongs.
通过本实施例,采用获取指定报文进入交换机的端口信息和和该指定报文的VLAN的标识信息来决定该指定报文路由所属的VPN,由于每个端口都有相对应的VPN,这样可以唯一确定该报文所属的VPN,从而解决了相关技术中仅仅是通过标识信息来确定报文路由所属的VPN进而出现路由冲突的问题,从而达到了减少交换机路由冲突的效果。In this embodiment, the port information of the specified packet entering the switch and the identification information of the VLAN of the specified packet are used to determine the VPN to which the specified packet belongs, because each port has a corresponding VPN, so that The problem is that the VPN to which the packet belongs is uniquely determined, thereby solving the problem that the routing information is determined by the identification information to determine the VPN to which the packet route belongs, thereby reducing the routing conflict of the switch.
对于本实施例中涉及到的端口信息可以包括:子接口对应的第一物理端口信息和三层接口对应的第二物理端口信息,下面将以上述两种端口信息对本实施例进行举例说明: The port information related to the embodiment may include: the first physical port information corresponding to the sub-interface and the second physical port information corresponding to the Layer 3 interface. The following examples are used to describe the embodiment in the following two types of port information:
在端口信息为子接口对应的物理端口信息时,本实施例中的步骤S104中依据标识信息和端口信息确定指定报文路由所属的虚拟专用网络VPN的方式,在本实施例的一个可选实施方式中,可以通过如下方式来实现,该方式的步骤包括:When the port information is the physical port information corresponding to the sub-interface, the method for determining the virtual private network VPN to which the packet routing belongs according to the identifier information and the port information in step S104 in this embodiment is an optional implementation in this embodiment. In the manner, it can be implemented in the following manner, the steps of the method include:
步骤S31:依据预定规则配置第一物理端口信息和标识信息之间的对应关系;Step S31: Configure a correspondence between the first physical port information and the identification information according to a predetermined rule.
步骤S32:依据对应关系将指定报文的路由VPN修改为指定报文路由所属的VPN。Step S32: Modify the route VPN of the specified packet to be the VPN to which the specified packet route belongs according to the correspondence.
而对于上述步骤S31中依据预定规则配置第一物理端口信息和标识信息之间的对应关系的方式,在本实施例中可以通过以下之一的方式来实现:The manner of configuring the correspondence between the first physical port information and the identification information according to the predetermined rule in the foregoing step S31 can be implemented in the following manner in one embodiment:
方式一:依据访问控制列表(Access Control List简称为ACL)配置第一物理端口信息和标识信息之间的对应关系;Manner 1: The correspondence between the first physical port information and the identification information is configured according to an access control list (ACL).
如:首先将交换机将端口1、2、3都设置在VLAN100内;其次,利用ACL规则,设置ACL规则匹配入口端口1且携带VLAN tag 100的报文;然后,设置ACL规则的动作为修改路由的VPN为VPN 0,需要说明的是,在此处子接口上未设置VPN,因此默认为全局路由VPN为0;最后,设置VLAN 100所属路由的VPN为VPN A。For example, the switch first sets the ports 1, 2, and 3 in the VLAN 100. Secondly, the ACL rule is used to match the ingress port 1 and carry the VLAN tag 100. Then, the action of setting the ACL rule is to modify the route. The VPN is VPN 0. It should be noted that the VPN is not set on the sub-interface here, so the default is that the global route VPN is 0. Finally, the VPN to which the VLAN 100 belongs is set to VPN A.
方式二:依据VLAN翻译配置第一物理端口信息和标识信息之间的对应关系;Manner 2: The correspondence between the first physical port information and the identification information is configured according to the VLAN translation.
如:首先,交换机将端口1、2、3都设置在VLAN100内;其次,利用VLAN翻译,设置VLAN翻译端口1和VLAN100,翻译动作为路由VPN为VPN 0,需要说明的是,子接口上未设置VPN,因此默认为全局路由VPN为0;然后,设置VLAN 100所属路由的VPN为VPN A;当有携带VLAN tag 100的报文从端口1进入交换机时,将会匹配ACL规则被抓取出来,进入ACL的动作修改路由VPN为VPN 0,当有携带VLAN tag 100的报文从端口2或3进入交换机时,则直接匹配VLAN100的所属VPN A;通过上述方式之后,子接口路由转发与VLAN路由转发不会出现冲突。For example, first, the switch sets ports 1, 2, and 3 in VLAN 100. Secondly, using VLAN translation, setting VLAN translation port 1 and VLAN 100, the translation action is routing VPN to VPN 0. It should be noted that the sub-interface is not Set the VPN, so the default is to set the global route VPN to 0. Then, set the VPN to which the VLAN 100 belongs to be VPN A. When a packet carrying VLAN tag 100 enters the switch from port 1, the matching ACL rule is captured. The action of entering the ACL changes the route VPN to VPN 0. When a packet carrying VLAN tag 100 enters the switch from port 2 or 3, it directly matches the VPN A to which VLAN 100 belongs. After the above mode, the sub-interface routes are forwarded to the VLAN. There is no conflict in route forwarding.
方式三:通过微码芯片预先配置第一物理端口信息和标识信息之间的对应关系;Manner 3: pre-configure a correspondence between the first physical port information and the identification information by using the microcode chip;
如:首先,交换机将端口1、2、3都设置在VLAN100内;其次,在微码芯片中建立port1+VLAN100指向路由VPN 0的转发关系表,使得从端口1进入的携带VLAN tag 100的报文路由VPN为0,需要说明的是,子接口上未设置VPN,因此默认为全局路由VPN为0;然后,设置VLAN 100所属路由的VPN为VPN A;当有携带VLAN tag 100的报文从端口1进入交换机时,将会匹配ACL规则被抓取出来,进入ACL的动作修改路由VPN为VPN 0,当有携带VLAN tag 100的报文从端口2或3进入交换机时,则直接匹配VLAN100的所属VPN A;通过上述方式可知,子接口路由转发与VLAN路由转发不会出现冲突。For example, first, the switch sets ports 1, 2, and 3 in VLAN 100. Secondly, establishes a forwarding relationship table of port1+VLAN100 pointing to route VPN 0 in the microcode chip, so that the packet carrying VLAN tag 100 entering from port 1 is obtained. The routing VPN is 0. It should be noted that the VPN is not set on the sub-interface. Therefore, the default is that the global routing VPN is 0. Then, the VPN with the VLAN 100 route is set to VPN A. When there is a packet carrying the VLAN tag 100, When port 1 enters the switch, the matching ACL rule is captured. The action of entering the ACL changes the route VPN to VPN 0. When a packet carrying VLAN tag 100 enters the switch from port 2 or 3, it directly matches VLAN 100. VPN A. According to the above method, there is no conflict between sub-interface routing forwarding and VLAN routing forwarding.
在本实施例的另一个可选实施方式中,在端口信息为第二物理端口信息时,本实 施例中的步骤S104依据标识信息和端口信息确定指定报文路由所属的虚拟专用网络VPN的方式,可以通过如下方式来实现:In another optional implementation manner of this embodiment, when the port information is the second physical port information, The step S104 in the embodiment determines the manner of the virtual private network VPN to which the specified message route belongs according to the identification information and the port information, and can be implemented as follows:
依据标识信息确定指定报文路由所属的虚拟专用网络VPN。也就是说,需要VLAN三层接口转发的报文,将仍然使用原有的报文所携带的VLAN tag查找交换机的VLAN信息来决定路由VPN。The virtual private network VPN to which the specified packet route belongs is determined according to the identification information. That is to say, packets that need to be forwarded by the Layer 3 interface of the VLAN will still use the VLAN tag carried in the original packet to find the VLAN information of the switch to determine the route VPN.
在本实施例中还提供了一种交换机路由冲突的处理装置,该装置用于实现上述实施例及可选实施方式,已经进行过说明的不再赘述。如以下所使用的,术语“模块”“单元”可以实现预定功能的软件和/或硬件的组合。尽管以下实施例所描述的装置较佳地以软件来实现,但是硬件,或者软件和硬件的组合的实现也是可能并被构想的。In the embodiment, a processing device for the switch routing conflict is further provided, and the device is used to implement the foregoing embodiment and the optional implementation manner, and details are not described herein. As used below, the term "module" "unit" may implement a combination of software and/or hardware of a predetermined function. Although the apparatus described in the following embodiments is preferably implemented in software, hardware, or a combination of software and hardware, is also possible and contemplated.
图2是根据本发明实施例的交换机路由冲突的处理装置结构框图,如图2所示,该装置包括:获取模块22,设置为获取指定报文进入交换机的端口信息,其中,指定报文携带有虚拟局域网VLAN的标识信息;确定模块24,设置为依据标识信息和端口信息确定指定报文路由所属的虚拟专用网络VPN。2 is a structural block diagram of a device for processing a route conflict of a switch according to an embodiment of the present invention. As shown in FIG. 2, the device includes: an obtaining module 22, configured to obtain port information of a specified packet entering a switch, where a specified packet is carried. There is identification information of the virtual local area network (VLAN) VLAN; the determining module 24 is configured to determine, according to the identification information and the port information, the virtual private network VPN to which the specified message route belongs.
在本实施例中,可选地,该端口信息包括子接口的端口信息、三层接口的端口信息。In this embodiment, the port information includes port information of the sub-interface and port information of the layer 3 interface.
图3是根据本发明实施例的交换机路由冲突的处理装置可选结构框图一,如图3所示,在端口信息为第一物理端口信息时,确定模块24包括:配置单元32,设置为依据预定规则配置子接口的端口信息和标识信息之间的对应关系;修改单元34,设置为依据对应关系将指定报文的路由VPN修改为指定报文路由所属的VPN。3 is a block diagram of an optional structure of a processing device for routing conflicts of a switch according to an embodiment of the present invention. As shown in FIG. 3, when the port information is the first physical port information, the determining module 24 includes: a configuration unit 32, configured as The predetermined rule configures the correspondence between the port information and the identification information of the sub-interface; the modifying unit 34 is configured to modify the routing VPN of the specified packet to be the VPN to which the specified packet route belongs according to the correspondence.
图4是根据本发明实施例的交换机路由冲突的处理装置可选结构框图二,如图4所示,该配置单元32包括以下之一:第一配置单元42,设置为依据访问控制列表ACL配置第一物理端口信息和标识信息之间的对应关系;第二配置单元44,设置为依据VLAN翻译配置第一物理端口信息和标识信息之间的对应关系;第三配置单元46,设置为通过微码芯片预先配置第一物理端口信息和标识信息之间的对应关系。4 is a block diagram 2 of an optional structure of a processing device for routing conflicts of a switch according to an embodiment of the present invention. As shown in FIG. 4, the configuration unit 32 includes one of the following: a first configuration unit 42 configured to be configured according to an access control list ACL. Corresponding relationship between the first physical port information and the identification information; the second configuration unit 44 is configured to configure a correspondence between the first physical port information and the identification information according to the VLAN translation; the third configuration unit 46 is configured to pass the micro The code chip pre-configures a correspondence between the first physical port information and the identification information.
此外,在本实施例的中,可选的在端口信息为第二物理端口信息时,还确定模块24,还设置为依据标识信息确定指定报文路由所属的虚拟专用网络VPN。In addition, in the embodiment, when the port information is the second physical port information, the module 24 is further determined to determine, according to the identifier information, the virtual private network VPN to which the specified packet route belongs.
下面通过本发明实施例的可选实施例对本发明进行举例说明;The present invention is exemplified by an optional embodiment of the embodiment of the present invention;
本可选实施例利用子接口的属性中物理端口和VLAN值可以唯一确定一个子接口的特性,来保证子接口的配置不与VLAN三层接口出现路由冲突。The optional embodiment uses the physical port and the VLAN value of the attributes of the sub-interface to uniquely determine the characteristics of a sub-interface to ensure that the configuration of the sub-interface does not conflict with the Layer 3 interface of the VLAN.
相关技术中子接口和VLAN三层接口都是使用报文携带的VLAN tag匹配VLAN所属的VPN来决定路由转发的VPN,所以才会出现上述情况中的路由冲突。而在本 可选实施例中不仅仅只使用VLAN tag,还需要使用子接口所属的物理接口和VLAN tag共同决定路由转发所属的VPN。In the related art, the sub-interface and the VLAN-layer interface use the VLAN tag carried in the packet to match the VPN to which the VLAN belongs to determine the VPN for routing and forwarding. Therefore, the routing conflict in the above case occurs. In this In an alternative embodiment, not only the VLAN tag but also the physical interface and the VLAN tag to which the sub-interface belongs are used to determine the VPN to which the route forwarding belongs.
在本可选实施例的一个应用场景中,采用报文在进入交换机的时候,物理端口信息是可以获得的,在这样的情况下,将获取到的报文进入交换机时的物理端口信息,加上报文携带的VLAN tag,同时利用这两个属性来决定路由所属的VPN。而这两个属性正好又可以唯一确定一个子接口。In an application scenario of the present embodiment, physical port information is available when a packet is entered into the switch. In this case, the physical port information of the obtained packet entering the switch is added. The VLAN tag carried in the packet is used to determine the VPN to which the route belongs. These two properties just happen to be able to uniquely identify a subinterface.
通过本可选实施例的上述方式,可以将每个子接口的VPN唯一确定,所有子接口的VPN信息,都通过port+VLAN的方式来唯一确定,而VLAN三层接口的VPN信息,则仍然通过VLAN值来确定,这样即可完成子接口的VPN信息选择不会由于VLAN三层接口的VPN属性的配置而出现错误的路由冲突。In the above manner of the optional embodiment, the VPN of each sub-interface can be uniquely determined, and the VPN information of all sub-interfaces is uniquely determined by the port+VLAN mode, and the VPN information of the VLAN-layer interface still passes. The VLAN value is determined, so that the VPN information selection of the sub-interface can be completed without an incorrect routing conflict due to the configuration of the VPN attribute of the VLAN Layer 3 interface.
在本可选实施例中,如使用ASIC芯片的交换机,要实现port+VLAN来确定路由VPN,可以利用访问控制列表ACL来匹配此报文的输入端口和报文所携带的VLAN,然后修改此报文的路由转发VPN信息;也可以使用VLAN翻译的方式,匹配port+VLAN的特殊字段来改变路由的VPN信息。需要说明的是,上述两种方式仅仅是用来进行举例说明,如果是使用其他网络处理器的交换机中,还可以使用其他的方法来匹配port+VLAN这两个key值来决定此子接口三层转发的路由VPN信息。In this alternative embodiment, if a switch using an ASIC chip implements a port+VLAN to determine a routed VPN, the access control list ACL can be used to match the input port of the packet and the VLAN carried by the packet, and then modify the The routing of the packet forwards the VPN information. You can also use the VLAN translation method to match the special field of the port+VLAN to change the VPN information of the route. It should be noted that the above two methods are only used for illustration. If the switch uses other network processors, other methods can be used to match the two key values of port+VLAN to determine the sub-interface three. Layer forwarding routing VPN information.
本可选实施例的上述方式的可以包括如下步骤:The above manner of this alternative embodiment may include the following steps:
步骤S202:交换机需要使用子接口所属的端口信息和子接口配置的VLAN信息形成一个port+VLAN决定此子接口所属路由VPN的关系表;Step S202: The switch needs to use the port information to which the sub-interface belongs and the VLAN information configured on the sub-interface to form a port+VLAN to determine the relationship table of the route VPN to which the sub-interface belongs.
步骤S204:报文进入子接口时,会根据报文进入交换机的物理端口信息和报文所属的VLAN tag信息去查找这个port+VLAN决定路由VPN的关系表获取此报文的路由所属的VPN。Step S204: When the packet enters the sub-interface, it searches for the VPN to which the route to which the packet belongs, according to the physical port information of the packet entering the switch and the VLAN tag information to which the packet belongs.
步骤S206:VLAN三层接口转发的报文,将仍然使用原有的报文所携带的VLAN tag查找交换机的VLAN信息来决定路由VPN。Step S206: The packet forwarded by the Layer 3 interface of the VLAN still uses the VLAN tag carried in the original packet to find the VLAN information of the switch to determine the route VPN.
其中,VLAN三层接口由于绑定的物理端口与子接口的物理端口不可能出现冲突,因此VLAN三层接口所属的物理端口不会在这个port+VLAN决定路由VPN的关系表中出现。The physical port of the Layer 3 interface of the VLAN cannot be in conflict with the physical port of the sub-interface. Therefore, the physical port to which the Layer 3 interface belongs does not appear in the relationship table of the route-to-VLAN.
通过上述步骤S202至S206,即可完成交换机的路由子接口和三层VLAN口之间的路由转发不再出现任何冲突的可能。Through the above steps S202 to S206, the routing forwarding between the routing sub-interface of the switch and the Layer 3 VLAN interface can be completed without any conflict.
通过本可选实施例,利用子接口的报文进入交换机时的物理端口信息和报文所携带的VLAN信息同时决定此报文的路由转发VPN,即可完成子接口与VLAN 三层接 口的路由VPN转发不再出现任何冲突,也就无需进行任何规避配置和配置限制。With the optional embodiment, the physical port information of the packet entering the switch and the VLAN information carried in the packet are simultaneously determined by the routing and forwarding VPN of the packet, and the sub-interface and the VLAN are connected. There is no longer any conflict in the routed VPN forwarding of the port, and no evasive configuration and configuration restrictions are required.
下面通过三个具体应用场景对本可选实施例进行举例说明:The following describes the optional embodiment by using three specific application scenarios:
应用场景一:利用ACL规则完成避免子接口路由冲突的设置;Application scenario 1: Use ACL rules to avoid setting conflicts on sub-interface routes.
首先将交换机将端口1、2、3都设置在VLAN100内;其次,利用ACL规则,设置ACL规则匹配入口端口1且携带VLAN tag 100的报文;然后,设置ACL规则的动作为修改路由的VPN为VPN 0,需要说明的是,在此处子接口上未设置VPN,因此默认为全局路由VPN为0;最后,设置VLAN 100所属路由的VPN为VPN A。First, the switch sets ports 1, 2, and 3 in VLAN 100. Secondly, the ACL rules are used to match the ingress port 1 and carry the VLAN tag 100. Then, the action of setting the ACL rule is to modify the route VPN. For VPN 0, it should be noted that the VPN is not set on the sub-interface here, so the default is that the global route VPN is 0. Finally, the VPN with the route to which VLAN 100 belongs is set to VPN A.
应用场景二:利用VLAN翻译完成避免子接口路由冲突的设置;Application scenario 2: Using VLAN translation to complete the setting of avoiding sub-interface routing conflicts;
首先,交换机将端口1、2、3都设置在VLAN100内;其次,利用VLAN翻译,设置VLAN翻译端口1和VLAN100,翻译动作为路由VPN为VPN 0,需要说明的是,子接口上未设置VPN,因此默认为全局路由VPN为0;然后,设置VLAN 100所属路由的VPN为VPN A;当有携带VLAN tag 100的报文从端口1进入交换机时,将会匹配ACL规则被抓取出来,进入ACL的动作修改路由VPN为VPN 0,当有携带VLAN tag 100的报文从端口2或3进入交换机时,则直接匹配VLAN100的所属VPN A;通过上述方式之后,子接口路由转发与VLAN路由转发不会出现冲突。First, the switch sets ports 1, 2, and 3 in VLAN 100. Secondly, VLAN translation is used to set VLAN translation port 1 and VLAN 100. The translation action is route VPN to VPN 0. It should be noted that VPN is not set on the sub-interface. Therefore, the default is that the global route VPN is 0. Then, the VPN with the route to which VLAN 100 belongs is set to VPN A. When a packet carrying VLAN tag 100 enters the switch from port 1, the matching ACL rule is captured and entered. The action of the ACL is to modify the route VPN to be VPN 0. When a packet carrying VLAN tag 100 enters the switch from port 2 or 3, it directly matches the VPN A to which VLAN 100 belongs. After the above mode, the sub-interface routes are forwarded and VLAN-routed. There will be no conflicts.
应用场景三:利用微码芯片完成避免子接口路由冲突的设置;Application scenario 3: using a microcode chip to complete the setting of avoiding sub-interface routing conflicts;
首先,交换机将端口1、2、3都设置在VLAN100内;其次,在微码芯片中建立port1+VLAN100指向路由VPN 0的转发关系表,使得从端口1进入的携带VLAN tag100的报文路由VPN为0,需要说明的是,子接口上未设置VPN,因此默认为全局路由VPN为0;然后,设置VLAN 100所属路由的VPN为VPN A;当有携带VLAN tag100的报文从端口1进入交换机时,将会匹配ACL规则被抓取出来,进入ACL的动作修改路由VPN为VPN 0,当有携带VLAN tag 100的报文从端口2或3进入交换机时,则直接匹配VLAN100的所属VPN A;通过上述方式可知,子接口路由转发与VLAN路由转发不会出现冲突。First, the switch sets the ports 1, 2, and 3 in the VLAN 100. Secondly, the port1+VLAN 100 is set to the forwarding relationship table of the route VPN 0 in the microcode chip, so that the packet carrying the VLAN tag 100 entering the port 1 is routed to the VPN. It is 0. It should be noted that the VPN is not set on the sub-interface, so the default is that the global route VPN is 0. Then, the VPN with the VLAN 100 route is set to VPN A; when there is a packet carrying the VLAN tag 100, the packet enters the switch from port 1. The matching ACL rule is captured. The action of entering the ACL changes the route VPN to VPN 0. When a packet carrying VLAN tag 100 enters the switch from port 2 or 3, it directly matches the VPN A to which VLAN 100 belongs. According to the above method, there is no conflict between sub-interface route forwarding and VLAN routing forwarding.
由上述本可选实施例的技术方案可见,与相关技术中的交换机实现路由子接口的方法相比,本可选实施例利用端口和VLAN形成与路由VPN之间唯一对应的方法,使得交换机子接口配置不再有任何的约束条件,可以与交换机的普通VLAN配置同时存在,而且互相之间不会存在路由转发的冲突和干扰;使得交换机路由子接口的配置可以更加灵活无约束,消除了交换机路由子接口的使用限制,提升了交换机路由子接口的使用范围。It can be seen from the technical solution of the foregoing optional embodiment that, compared with the method for implementing the routing sub-interface by the switch in the related art, the optional embodiment uses the port and the VLAN to form a unique correspondence method with the routing VPN, so that the switch The interface configuration no longer has any constraints. It can exist at the same time as the common VLAN configuration of the switch, and there is no conflict and interference between routing and forwarding. Therefore, the configuration of the routing sub-interface can be more flexible and unconstrained, eliminating the switch. The usage limit of the routing sub-interface improves the usage range of the routing sub-interface of the switch.
图5是相关技术中路由子接口与VLAN三层口之间路由冲突示意图,如图5所示, 两个端口一个配置了三层接口VLAN另外一个配置了子接口VLAN,当这两个VLAN相同的时候,如果不进行相应的处理,进入这两个端口的报文就会按照VLAN来决定路由的VPN,会导致出现路由的VPN冲突,因为其中任意一个配置了不同的VPN,另外一个就会被影响。5 is a schematic diagram of a route conflict between a routing sub-interface and a VLAN Layer 3 interface in the related art, as shown in FIG. 5, The two ports are configured with a Layer 3 interface VLAN and the other one is configured with a sub-interface VLAN. When the two VLANs are the same, if the corresponding processing is not performed, the packets entering the two ports will be routed according to the VLAN. VPNs can cause VPN conflicts in routing, because any one of them configures a different VPN, and the other one will be affected.
图6是根据本发明可选实施例的避免路由子接口与VLAN三层口之间路由冲突的示意图,如图6所示,利用相应的处理方法,如上述应用场景一至三中任一一种处理方法,对子接口的VPN进行相应的决定,利用子接口的端口和VLAN共同决定VPN,则可以与三层接口的VPN区分开来,这样就可以做到两种方式的VPN互不影响,不会出现路由冲突。FIG. 6 is a schematic diagram of avoiding route conflict between a routing sub-interface and a VLAN Layer 3 interface according to an alternative embodiment of the present invention. As shown in FIG. 6 , a corresponding processing method, such as any one of the application scenarios 1 to 3 above, is used. The processing method is to make a corresponding decision on the VPN of the sub-interface. The port and the VLAN of the sub-interface jointly determine the VPN, and the VPN can be distinguished from the VPN of the three-layer interface, so that the VPNs of the two modes do not affect each other. There is no routing conflict.
图7是根据本发明可选实施例中路由子接口防止路由冲突方法的流程图,如图7所示,该方法的步骤包括:FIG. 7 is a flowchart of a method for preventing a route conflict by a routing sub-interface according to an alternative embodiment of the present invention. As shown in FIG. 7, the steps of the method include:
步骤S702:配置路由子接口;Step S702: Configure a routing sub-interface;
步骤S704:用路由子接口所处的端口信息和VLAN信息设置预设的路由VPN决定的策略;Step S704: setting a preset routing VPN decision policy by using the port information and the VLAN information of the routing sub-interface;
其中,该预设的由VPN决定的策略可以通过使用ACL、VLAN翻译、微码来实现。The preset VPN-determined policy can be implemented by using ACL, VLAN translation, and microcode.
步骤S706:若有需要进行三层转发的报文从此路由子接口进入,则其VPN将被端口信息和报文携带的VLAN信息共同决定。Step S706: If a packet that needs to be forwarded by the Layer 3 packet enters the routing sub-interface, the VPN information is determined by the port information and the VLAN information carried in the packet.
通过本可选实施例,使得子接口和VLAN接口在同时配置的时候,无需进行任何的规避配置,均可以正常使用,互相之间也不再受到干扰。With the optional embodiment, when the sub-interface and the VLAN interface are configured at the same time, no evasive configuration is required, and the two interfaces can be used normally without interference.
显然,本领域的技术人员应该明白,上述本发明的各模块或各步骤可以用通用的计算装置来实现,它们可以集中在单个的计算装置上,或者分布在多个计算装置所组成的网络上,可选地,它们可以用计算装置可执行的程序代码来实现,从而,可以将它们存储在存储装置中由计算装置来执行,并且在某些情况下,可以以不同于此处的顺序执行所示出或描述的步骤,或者将它们分别制作成各个集成电路模块,或者将它们中的多个模块或步骤制作成单个集成电路模块来实现。这样,本发明不限制于任何特定的硬件和软件结合。Obviously, those skilled in the art should understand that the above modules or steps of the present invention can be implemented by a general-purpose computing device, which can be concentrated on a single computing device or distributed over a network composed of multiple computing devices. Alternatively, they may be implemented by program code executable by the computing device such that they may be stored in the storage device for execution by the computing device and, in some cases, may be performed in a different order than herein. The steps shown or described are either made separately into individual integrated circuit modules, or a plurality of modules or steps are fabricated as a single integrated circuit module. Thus, the invention is not limited to any specific combination of hardware and software.
上述仅为本发明的可选实施例而已,并不用于限制本发明,对于本领域的技术人员来说,本发明可以有各种更改和变化。凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。The above is only an alternative embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes can be made to the present invention. Any modifications, equivalent substitutions, improvements, etc. made within the spirit and scope of the present invention are intended to be included within the scope of the present invention.
工业实用性 Industrial applicability
通过本发明实施例,采用获取指定报文进入交换机的端口信息和和该指定报文的VLAN的标识信息来决定该指定报文路由所属的VPN,由于每个端口都有相对应的VPN,这样可以唯一确定该报文所属的VPN,从而解决了相关技术中仅仅是通过标识信息来确定报文路由所属的VPN进而出现路由冲突的问题,从而达到了减少交换机路由冲突的效果。 In the embodiment of the present invention, the port information of the specified packet entering the switch and the identification information of the VLAN of the specified packet are used to determine the VPN to which the specified packet belongs, because each port has a corresponding VPN. The VPN to which the packet belongs can be uniquely determined, thereby solving the problem that the related technology only determines the VPN to which the packet route belongs by using the identification information, and thus the routing conflict occurs, thereby achieving the effect of reducing the routing conflict of the switch.

Claims (10)

  1. 一种交换机路由冲突的处理方法,包括:A method for processing a switch route conflict includes:
    获取指定报文进入交换机的端口信息,其中,所述指定报文携带有虚拟局域网VLAN的标识信息,每个端口都有相对应的虚拟专用网络VPN;Obtaining the port information of the specified packet entering the switch, where the specified packet carries the identification information of the VLAN of the virtual local area network, and each port has a corresponding virtual private network VPN;
    依据所述标识信息和所述端口信息确定所述指定报文路由所属的VPN。Determining, according to the identifier information and the port information, a VPN to which the specified packet route belongs.
  2. 根据权利要求1所述的方法,其中,所述端口信息包括子接口对应的第一物理端口信息、三层接口对应的第二物理端口信息。The method of claim 1, wherein the port information comprises first physical port information corresponding to the sub-interface and second physical port information corresponding to the third-layer interface.
  3. 根据权利要求2所述的方法,其中,在所述端口信息为第一物理端口信息时,依据所述标识信息和所述端口信息确定所述指定报文路由所属的VPN包括:The method according to claim 2, wherein, when the port information is the first physical port information, determining, according to the identifier information and the port information, the VPN to which the specified packet route belongs includes:
    依据预定规则配置所述第一物理端口信息和所述标识信息之间的对应关系;And configuring a correspondence between the first physical port information and the identifier information according to a predetermined rule;
    依据所述对应关系将所述指定报文的路由VPN修改为所述指定报文路由所属的VPN。Modifying, by the corresponding relationship, the route VPN of the specified packet to the VPN to which the specified packet route belongs.
  4. 根据权利要求3所述的方法,其中,依据预定规则配置所述第一物理端口信息和所述标识信息之间的对应关系的方式包括以下之一:The method according to claim 3, wherein the manner of configuring the correspondence between the first physical port information and the identification information according to a predetermined rule comprises one of the following:
    依据访问控制列表ACL配置所述第一物理端口信息和所述标识信息之间的对应关系;And configuring, according to the access control list ACL, a correspondence between the first physical port information and the identifier information;
    依据VLAN翻译配置所述第一物理端口信息和所述标识信息之间的对应关系;And configuring, according to the VLAN translation, a correspondence between the first physical port information and the identifier information;
    通过微码芯片预先配置所述第一物理端口信息和所述标识信息之间的对应关系。Corresponding relationship between the first physical port information and the identification information is pre-configured by a microcode chip.
  5. 根据权利要求2所述的方法,其中,在所述端口信息为所述第二物理端口信息时,依据所述标识信息和所述端口信息确定所述指定报文路由所属的VPN包括:The method of claim 2, wherein, when the port information is the second physical port information, determining, according to the identifier information and the port information, the VPN to which the specified packet route belongs includes:
    依据所述标识信息确定所述指定报文路由所属的VPN。Determining, according to the identifier information, the VPN to which the specified packet route belongs.
  6. 一种交换机路由冲突的处理装置,包括:A processing device for routing conflicts of a switch includes:
    获取模块,设置为获取指定报文进入交换机的端口信息,其中,所述指定报文携带有虚拟局域网VLAN的标识信息,每个端口都有相对应的虚拟专用网络VPN;The obtaining module is configured to obtain the port information of the specified packet entering the switch, where the specified packet carries the identification information of the virtual local area network VLAN, and each port has a corresponding virtual private network VPN;
    确定模块,设置为依据所述标识信息和所述端口信息确定所述指定报文路由所属的VPN。And a determining module, configured to determine, according to the identifier information and the port information, a VPN to which the specified packet route belongs.
  7. 根据权利要求6所述的装置,其中,所述端口信息包括子接口对应的第一物理端 口信息、三层接口对应的第二物理端口信息。The apparatus according to claim 6, wherein the port information comprises a first physical end corresponding to the sub-interface Port information and second physical port information corresponding to the Layer 3 interface.
  8. 根据权利要求7所述的装置,其中,在所述端口信息为所述第一物理端口信息时,所述确定模块包括:The apparatus according to claim 7, wherein when the port information is the first physical port information, the determining module comprises:
    配置单元,设置为依据预定规则配置所述第一物理端口信息和所述标识信息之间的对应关系;a configuration unit, configured to configure a correspondence between the first physical port information and the identifier information according to a predetermined rule;
    修改单元,设置为依据所述对应关系将所述指定报文的路由VPN修改为所述指定报文路由所属的VPN。The modifying unit is configured to modify the routing VPN of the specified packet to be the VPN to which the specified packet routing belongs according to the corresponding relationship.
  9. 根据权利要求8所述的装置,其中,所述配置单元包括以下之一:The apparatus of claim 8 wherein said configuration unit comprises one of:
    第一配置单元,设置为依据访问控制列表ACL配置所述第一物理端口信息和所述标识信息之间的对应关系;a first configuration unit, configured to configure a correspondence between the first physical port information and the identifier information according to an access control list ACL;
    第二配置单元,设置为依据VLAN翻译配置所述第一物理端口信息和所述标识信息之间的对应关系;a second configuration unit, configured to configure, according to the VLAN translation, a correspondence between the first physical port information and the identifier information;
    第三配置单元,设置为通过微码芯片预先配置所述第一物理端口信息和所述标识信息之间的对应关系。The third configuration unit is configured to pre-configure a correspondence between the first physical port information and the identification information by using a microcode chip.
  10. 根据权利要求7所述的装置,其中,在所述端口信息为所述第二物理端口信息时,The apparatus according to claim 7, wherein when said port information is said second physical port information,
    所述确定模块,还设置为依据所述标识信息确定所述指定报文路由所属的VPN。 The determining module is further configured to determine, according to the identifier information, a VPN to which the specified packet route belongs.
PCT/CN2016/073604 2015-03-05 2016-02-05 Switch routing conflict processing method and apparatus WO2016138813A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
RU2017133755A RU2714383C2 (en) 2015-03-05 2016-02-05 Method and device for processing switch routing conflict

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510098474.9A CN105991428B (en) 2015-03-05 2015-03-05 Method and device for processing switch routing conflict
CN201510098474.9 2015-03-05

Publications (1)

Publication Number Publication Date
WO2016138813A1 true WO2016138813A1 (en) 2016-09-09

Family

ID=56848714

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/073604 WO2016138813A1 (en) 2015-03-05 2016-02-05 Switch routing conflict processing method and apparatus

Country Status (3)

Country Link
CN (1) CN105991428B (en)
RU (1) RU2714383C2 (en)
WO (1) WO2016138813A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108259379B (en) * 2017-05-08 2021-11-02 新华三技术有限公司 Flow forwarding method and device
CN112468308A (en) * 2019-09-06 2021-03-09 中兴通讯股份有限公司 Virtual local area network service management method and virtual local area network global management equipment
CN112511400B (en) * 2020-11-17 2022-07-01 新华三技术有限公司 Message processing method and device

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101656671A (en) * 2009-08-28 2010-02-24 中兴通讯股份有限公司 Packet sending method and device
CN101820392A (en) * 2010-03-26 2010-09-01 中兴通讯股份有限公司 Method for realizing multi-service forwarding and network processor
US20110134925A1 (en) * 2009-11-02 2011-06-09 Uri Safrai Switching Apparatus and Method Based on Virtual Interfaces
CN102158421A (en) * 2011-05-25 2011-08-17 杭州华三通信技术有限公司 Method and unit for creating layer three interface
CN102368726A (en) * 2011-09-14 2012-03-07 杭州华三通信技术有限公司 Forwarding method and device applied to L2VPN (layer 2 virtual private network)
CN102546348A (en) * 2012-02-08 2012-07-04 中兴通讯股份有限公司 Method for network processor to achieve various three-layer interfaces and network processor

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7643424B2 (en) * 2003-03-22 2010-01-05 At&T Intellectual Property L, L.P. Ethernet architecture with data packet encapsulation
CN101068178B (en) * 2007-06-08 2010-12-01 华为技术有限公司 Method, system and search engine for using and managing MAC address list
US8223650B2 (en) * 2008-04-02 2012-07-17 Intel Corporation Express virtual channels in a packet switched on-chip interconnection network
US20110299533A1 (en) * 2010-06-08 2011-12-08 Brocade Communications Systems, Inc. Internal virtual network identifier and internal policy identifier
US9806906B2 (en) * 2010-06-08 2017-10-31 Brocade Communications Systems, Inc. Flooding packets on a per-virtual-network basis
US8196083B1 (en) * 2010-12-09 2012-06-05 Xilinx, Inc. Incremental placement and routing
CN102325073B (en) * 2011-07-06 2016-06-29 杭州华三通信技术有限公司 A kind of message processing method based on VPLS and device thereof
JP5799068B2 (en) * 2013-10-07 2015-10-21 株式会社日立製作所 Track conflict detection device
CN104092684B (en) * 2014-07-07 2017-10-03 新华三技术有限公司 A kind of OpenFlow agreements support VPN method and apparatus

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101656671A (en) * 2009-08-28 2010-02-24 中兴通讯股份有限公司 Packet sending method and device
US20110134925A1 (en) * 2009-11-02 2011-06-09 Uri Safrai Switching Apparatus and Method Based on Virtual Interfaces
CN101820392A (en) * 2010-03-26 2010-09-01 中兴通讯股份有限公司 Method for realizing multi-service forwarding and network processor
CN102158421A (en) * 2011-05-25 2011-08-17 杭州华三通信技术有限公司 Method and unit for creating layer three interface
CN102368726A (en) * 2011-09-14 2012-03-07 杭州华三通信技术有限公司 Forwarding method and device applied to L2VPN (layer 2 virtual private network)
CN102546348A (en) * 2012-02-08 2012-07-04 中兴通讯股份有限公司 Method for network processor to achieve various three-layer interfaces and network processor

Also Published As

Publication number Publication date
RU2017133755A (en) 2019-04-09
RU2714383C2 (en) 2020-02-14
RU2017133755A3 (en) 2019-09-12
CN105991428A (en) 2016-10-05
CN105991428B (en) 2020-11-10

Similar Documents

Publication Publication Date Title
US10791066B2 (en) Virtual network
US9553806B2 (en) Method and system for supporting port ranging in a software-defined networking (SDN) system
US10931575B2 (en) Multi-tenant virtual private network based on an overlay network
EP3222012B1 (en) Method and system for virtualizing flow tables in a software-defined networking (sdn) system
US10313154B2 (en) Packet forwarding
US20150358232A1 (en) Packet Forwarding Method and VXLAN Gateway
US11368357B2 (en) Service fault locating method and apparatus
US9432260B2 (en) Automated configuration for network devices
US10313275B2 (en) Packet forwarding
EP3456020A1 (en) Mechanism for inline packet response generation in software defined networks
WO2016138813A1 (en) Switch routing conflict processing method and apparatus
US10313274B2 (en) Packet forwarding
WO2016091098A1 (en) Method for implementing two-layer isolation and three-layer interworking of routed ports and network device
CN108900406B (en) Flow forwarding method and device
WO2016112656A1 (en) Service processing method and device
CN112737850B (en) Mutually exclusive access method and device
CN108989206B (en) Message forwarding method and device
WO2015154466A1 (en) Route selection method and device
WO2016095090A1 (en) Microcode storage method and apparatus

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16758429

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 2017133755

Country of ref document: RU

122 Ep: pct application non-entry in european phase

Ref document number: 16758429

Country of ref document: EP

Kind code of ref document: A1