WO2016150205A1 - Procédé, dispositif et système de traitement d'un message vxlan - Google Patents

Procédé, dispositif et système de traitement d'un message vxlan Download PDF

Info

Publication number
WO2016150205A1
WO2016150205A1 PCT/CN2015/097523 CN2015097523W WO2016150205A1 WO 2016150205 A1 WO2016150205 A1 WO 2016150205A1 CN 2015097523 W CN2015097523 W CN 2015097523W WO 2016150205 A1 WO2016150205 A1 WO 2016150205A1
Authority
WO
WIPO (PCT)
Prior art keywords
header
encapsulated
vni
packet
router
Prior art date
Application number
PCT/CN2015/097523
Other languages
English (en)
Chinese (zh)
Inventor
查敏
刘树成
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2016150205A1 publication Critical patent/WO2016150205A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks

Definitions

  • the present invention relates to communication technologies, and in particular, to a method, device, and system for processing a virtual extensible local area network (English name: VXLAN) message.
  • VXLAN virtual extensible local area network
  • VXLAN can be applied to the data center to enable virtual machines to migrate within a three-layer network that is connected to each other without changing the Internet Protocol (English full name: Internet Protocol, IP address) and media access control. : Media Access Control, English abbreviation: MAC) address, to ensure business continuity.
  • the Internet Protocol Security (English Protocol: IPSec) protocol ensures secure and secure communication over IP networks by using encrypted security services.
  • Encapsulating Security Payload (English full name: ESP) protocol is a major protocol in the IPsec protocol. IPsec-ESP can be applied to different data centers (English name: Data Center, English abbreviation: DC) Communication scenario.
  • the first router belonging to DC1 can receive the virtual tunnel endpoint (English full name: virtual tunnel end point, English abbreviation: VTEP) that belongs to DC1.
  • VXLAN message The first router performs IPsec-ESP encapsulation on the received VXLAN packet to obtain an IPsec-ESP packet.
  • the IPsec-ESP packet includes the encrypted VXLAN packet, the ESP header encapsulated in the encrypted VXLAN packet, and the IP header encapsulated in the ESP header.
  • the IP header includes a source IP address and a destination IP address, the source IP address is the IP address of the first router, and the destination IP address is the IP address of the second router.
  • the second router belongs to DC2.
  • the first router sends an IPsec-ESP packet to the second router.
  • the router located between the first router and the second router can forward the IPsec-ESP packet.
  • the router on the transmission path between the first router and the second router cannot detect the VXLAN packet included in the IPsec-ESP packet.
  • the information related to VXLAN such as the VXLAN network identifier (VXLAN Network Identifier, English abbreviation: VNI), can not perform service processing such as load sharing.
  • the embodiments of the present invention provide a method, an apparatus, and a system for processing a VXLAN message, which are helpful for a router between different data centers to obtain a VNI.
  • a method for processing a VXLAN message including:
  • the first router receives the VXLAN message sent by the VTEP, where the VXLAN message includes a VNI;
  • the first router obtains the encapsulated packet according to the VXLAN packet, and the encapsulated packet is a packet obtained by performing IPsec-ESP encapsulation on the VXLAN packet, and the encapsulated packet is obtained.
  • the file includes an IP header, the VNI, an ESP header, and the encrypted VXLAN message, and the VNI is encapsulated between the IP header and the ESP header;
  • the first router sends the encapsulated packet to the second router.
  • the IP header includes first identifier information, where the first identifier information is used to identify that the encapsulated packet carries the VNI.
  • the encapsulated packet further includes a user data packet protocol encapsulated between the IP header and the VNI (English full name : User Datagram Protocol (English abbreviation: UDP) header, the UDP header is a UDP header included in the VXLAN message from the VTEP;
  • VNI User Datagram Protocol
  • the IP header includes first identifier information, where the first identifier information is used to identify that the encapsulated packet carries the UDP header, and the UDP header encapsulated between the IP header and the VNI The second identifier information is used to identify that the encapsulated packet carries the VNI.
  • a method for processing a VXLAN message including:
  • the second router receives the encapsulated packet sent by the first router, and the encapsulated packet is a packet obtained by performing IPsec-ESP encapsulation on the VXLAN packet from the VTEP, and the encapsulated packet includes the IP packet. a header, a VNI, an ESP header, and the encrypted VXLAN message, the VNI being encapsulated between the IP header and the ESP header;
  • the second router obtains the VNI from the encapsulated message.
  • the IP header includes first identifier information, where the first identifier information is used to identify that the encapsulated packet carries the VNI, and the second Obtaining the VNI from the encapsulated message by the router includes:
  • the second router determines, according to the first identifier information included in the IP header, that the encapsulated packet includes the VNI;
  • the second router obtains the VNI from between the IP header and the ESP header.
  • the encapsulated packet further includes a UDP header encapsulated between the IP header and the VNI, the UDP header For the UDP header included in the VXLAN packet from the VTEP, the IP header includes first identifier information, where the first identifier information is used to identify that the encapsulated packet carries the UDP header.
  • the UDP header encapsulated between the IP header and the VNI includes second identifier information, where the second identifier information is used to identify that the encapsulated packet carries the VNI;
  • Obtaining, by the second router, the VNI from the encapsulated packet includes:
  • the second router obtains a UDP header encapsulated between the IP header and the VNI according to the first identifier information included in the IP header;
  • the second router determines that the encapsulated packet includes the VNI according to the second identifier information included in a UDP header encapsulated between the IP header and the VNI;
  • the second router obtains the VNI from between the IP header and the ESP header.
  • a first router including:
  • a receiving unit configured to receive a VXLAN message sent by the VTEP, where the VXLAN message includes VNI;
  • a processing unit configured to obtain, according to the VXLAN packet, a encapsulated packet, where the encapsulated packet is a packet obtained by performing IPsec-ESP encapsulation on the VXLAN packet, and the encapsulated packet
  • the file includes an IP header, the VNI, an ESP header, and the encrypted VXLAN message, and the VNI is encapsulated between the IP header and the ESP header;
  • a sending unit configured to send the encapsulated packet to the second router.
  • the IP header includes first identifier information, where the first identifier information is used to identify that the encapsulated packet carries the VNI.
  • the encapsulated packet further includes a UDP header encapsulated between the IP header and the VNI, the UDP header a UDP header included in the VXLAN message from the VTEP;
  • the IP header includes first identifier information, where the first identifier information is used to identify that the encapsulated packet carries the UDP header, and the UDP header encapsulated between the IP header and the VNI The second identifier information is used to identify that the encapsulated packet carries the VNI.
  • a second router including:
  • the receiving unit is configured to receive the encapsulated packet sent by the first router, where the encapsulated packet is a packet obtained by performing IPsec-ESP encapsulation on the VXLAN packet from the VTEP, where the encapsulated packet is obtained.
  • the packet includes an IP header, a VNI, an ESP header, and the encrypted VXLAN packet, where the VNI is encapsulated between the IP header and the ESP header;
  • a processing unit configured to obtain the VNI from the encapsulated message.
  • the IP header includes first identifier information, where the first identifier information is used to identify that the encapsulated packet carries the VNI;
  • the processing unit is specifically configured to determine, according to the first identifier information that is included in the IP header, that the encapsulated packet includes the VNI;
  • the processing unit is specifically configured to obtain the VNI from between the IP header and the ESP header.
  • the encapsulated packet further includes a UDP header encapsulated between the IP header and the VNI, and the UDP header
  • the IP header includes first identifier information, where the first identifier information is used to identify that the encapsulated packet carries the UDP header.
  • the UDP header encapsulated between the IP header and the VNI includes second identifier information, where the second identifier information is used to identify that the encapsulated packet carries the VNI;
  • the processing unit is configured to obtain, according to the first identifier information included in the IP header, a UDP header encapsulated between the IP header and the VNI;
  • the processing unit is configured to determine, according to the second identifier information that is included in a UDP header that is encapsulated between the IP header and the VNI, that the encapsulated packet includes the VNI;
  • the processing unit is specifically configured to obtain the VNI from between the IP header and the ESP header.
  • a system for processing a VXLAN message including:
  • the first router provided by any one of the foregoing third aspect or the third aspect, and the second router provided by any one of the foregoing fourth or fourth possible implementation manners.
  • the first router performs IPsec-ESP encapsulation on the VXLAN packet sent by the VTEP to obtain the encapsulated packet.
  • the first router encapsulates the VNI included in the VXLAN message sent by the VTEP between the IP header and the ESP header included in the encapsulated packet.
  • the first router sends the encapsulated packet to the second router.
  • the second router obtains a VNI encapsulated between the IP header and the ESP header from the encapsulated packet. In this way, routers located between different data centers, such as the second router, can obtain the VNI from the received encapsulated message.
  • FIG. 1 is a flowchart of a method for processing a VXLAN message according to a first embodiment of the present invention
  • FIG. 2 is a flowchart of a method for processing a VXLAN message according to a second embodiment of the present invention
  • FIG. 3 is a schematic diagram of a packaged packet according to an embodiment of the present disclosure.
  • FIG. 3b is a schematic diagram of another encapsulated packet according to an embodiment of the present disclosure.
  • 4a is a schematic diagram of a packaged packet according to an embodiment of the present invention.
  • FIG. 4b is a schematic diagram of another encapsulated packet according to an embodiment of the present disclosure.
  • FIG. 5 is a schematic diagram of an IP header included in a encapsulated packet according to an embodiment of the present disclosure
  • FIG. 6 is a schematic diagram of a UDP header included in a encapsulated packet according to an embodiment of the present disclosure
  • FIG. 7 is a schematic structural diagram of a first router according to an embodiment of the present disclosure.
  • FIG. 8 is a schematic structural diagram of a first router according to another embodiment of the present disclosure.
  • FIG. 9 is a schematic structural diagram of a second router according to an embodiment of the present disclosure.
  • FIG. 10 is a schematic structural diagram of a second router according to another embodiment of the present invention.
  • FIG. 11 is a schematic structural diagram of a system for processing a VXLAN packet according to an embodiment of the present invention.
  • FIG. 1 is a flowchart of a method for processing a VXLAN message according to a first embodiment of the present invention.
  • the first embodiment of the present invention describes a method for processing a VXLAN message from the perspective of the first router.
  • the first router may be an operator edge (English full name: provider edge, English abbreviation: PE) device.
  • PE English abbreviation: PE
  • the first router receives the VXLAN packet sent by the VTEP, where the VXLAN packet is sent. Including VNI.
  • the first router may belong to DC1.
  • the VTEP in DC1 can encapsulate the service packets sent by the virtual machine (English name: virtual machine, English abbreviation: VM) into VXLAN packets to obtain VXLAN packets.
  • the VXLAN message obtained by the VTEP in DC1 includes the VNI.
  • the VXLAN message obtained by the VTEP in DC1 needs to be sent to a VM in another DC, such as a VM in DC2.
  • the first router can receive the VXLAN message sent by the VTEP in DC1.
  • VNI can be used to distinguish between different VXLANs. For example: a VNI can be used to identify a tenant.
  • the first router obtains the encapsulated packet according to the VXLAN packet, and the encapsulated packet is a packet obtained by performing IPsec-ESP encapsulation on the VXLAN packet, and the encapsulated packet is encapsulated.
  • the message includes an IP header, the VNI, an ESP header, and the encrypted VXLAN message, and the VNI is encapsulated between the IP header and the ESP header.
  • the first router may insert a VNI included in the VXLAN message between the IP header and the ESP header included in the encapsulated packet.
  • the first router obtains the encapsulated packet according to the VXLAN packet, the first router obtains the VNI from the VXLAN packet, and the first router pairs the VXLAN packet.
  • the IPsec-ESP encapsulation packet is obtained by the IPsec-ESP encapsulation packet, and the IPsec-ESP encapsulation packet includes an encrypted VXLAN packet, an ESP header encapsulated in the encrypted VXLAN packet, and an IP header encapsulated in the ESP header.
  • the first router inserts the VNI into the encapsulated packet between the IP header included in the IPsec-ESP encapsulated packet and the ESP header.
  • the encapsulated message may be the message shown in FIG. 3a or 3b. The packet shown in FIG.
  • the IP header included in the message shown in FIG. 3a is a encapsulated message sent by using the transmission (English name is transport) mode.
  • the IP header included in the message shown in FIG. 3a can adopt the structure shown in FIG.
  • the packet shown in Figure 3b is a encapsulated packet sent in the tunnel (English name tunnel) mode.
  • the intranet IP header included in the packet shown in Figure 3b is the IP header included in the VXLAN packet sent by the VTEP to the first router.
  • the IP header included in the message shown in FIG. 3b can adopt the structure shown in FIG. 5.
  • the encrypted VXLAN message in Figure 3a and Figure 3b is VTEP.
  • the packets obtained after the VXLAN is sent are encrypted.
  • the content of the encrypted VXLAN packets is not described here.
  • the first router obtains the encapsulated packet according to the VXLAN packet, the first router obtains the VNI from the VXLAN packet, and the first router pairs the VXLAN packet.
  • the first router encapsulates the ESP header, the VNI, and the IP header layer by layer outside the encrypted VXLAN message.
  • the encapsulated message may be the message shown in FIG. 3a or 3b.
  • the IP header that is included in the encapsulated packet may further include first identifier information, where the first identifier information is used to identify that the encapsulated packet carries the VNI.
  • the IP header shown in FIG. 5 is used.
  • the first identification information shown may be carried in the protocol number field in the IP header shown in FIG.
  • the protocol number field in the IP header shown in FIG. 5 can be used to indicate the packet type after the IP header.
  • the protocol number field is defined as “ESP/VXLAN”, which is used to indicate the IP header.
  • the packet type is an ESP packet that encapsulates the VXLAN header.
  • the ESP packet encapsulating the VXLAN header may be a VXLAN header that includes the VNI in the ESP packet, or may be encapsulated in the ESP packet.
  • the first router may update the information included in the IP header after adding the VNI between the ESP header and the IP header. As shown in FIG. 5, the first router may add a protocol number field, a total length field, and a head table to the IP header after the VNI is added between the ESP header and the IP header. The checksum field is updated so that the encapsulated message of the VNI is increased to meet the format requirement.
  • the first router may obtain a VXLAN header from a VXLAN message from the VTEP, the VXLAN header including the VNI.
  • the first router encapsulates the VXLAN header included in the VXLAN packet between the IP header and the ESP header to obtain a encapsulated packet.
  • the first router can eliminate the need to identify and acquire the VNI from the VXLAN message from the VTEP, which helps to simplify the operation.
  • the method for obtaining the encapsulated packet including the VXLAN header by the first router is the same as the method for obtaining the encapsulated packet including the VNI, and is not described here.
  • the first router sends the encapsulated packet to the second router.
  • the second router is a router between different DCs.
  • the first router belongs to DC1
  • the third router belongs to DC2.
  • the encapsulated packet is a packet that needs to be sent by the first router of DC1 to the third router of DC2.
  • the second router is a router in a transport network between DC1 and DC2.
  • the destination IP address in the IP header included in the encapsulated packet is the IP address of the third router.
  • the destination IP address in the IP header included in the encapsulated packet is the destination address of the tunnel, and the destination address of the tunnel is the third router. IP address.
  • the first correspondence may be pre-configured on the first router, where the first correspondence includes an IP address of the VNI and the third router.
  • the first router may obtain an IP address of the third router according to the first correspondence and the VNI.
  • the first router may use the IP address of the third router as the destination IP address included in the IP header in the encapsulated packet.
  • the second router may be pre-configured with a second correspondence, where the second correspondence includes address information and an IP address of the third router.
  • the address information may be any one or any combination of a source IP address, a destination IP address, a source MAC address, and a destination MAC address included in the VXLAN message sent by the VTEP.
  • the first router in DC1 obtains the encapsulated packet and sends the encapsulated packet to the third router in DC2 according to the destination IP address included in the IP header. After the message.
  • the destination IP address included in the IP header in the encapsulated packet is the IP address of the third router in DC2.
  • a second router is included between the first router in DC1 and the third router in DC2, that is, the path between the first router in DC1 and the third router in DC2 includes a second router.
  • the second router may be a router capable of obtaining the VNI carried by the encapsulated packet.
  • the first router in the DC1 sends the encapsulated packet to the third router in the DC2, and the encapsulated packet is forwarded to the path along the path between the first router and the third router. Two routers.
  • the first router obtains the encapsulated packet according to the VXLAN packet and the VNI in the VXLAN packet, and the encapsulated packet includes an IP header.
  • the VNI is packaged with the ESP header.
  • the first router sends the encapsulated packet to the second router, and the second router is configured to perform further service processing, such as load balancing and other service processing, according to the VNI carried in the encapsulated packet. It helps to improve the efficiency of network operation.
  • another embodiment of the present invention provides a method for processing a VXLAN message.
  • the method provided by another embodiment of the present invention is different from the method provided by the first embodiment of the present invention in that the first router may also insert a UDP header included in the VXLAN message into the encapsulated packet.
  • the method provided by another embodiment of the present invention includes S104 is different from S104 in the method provided by the first embodiment of the present invention, and the differences are described herein.
  • S104 is different from S104 in the method provided by the first embodiment of the present invention, and the differences are described herein.
  • For other content refer to the method provided by the first embodiment of the present invention. The corresponding content in .
  • the first router obtains the encapsulated packet according to the VXLAN packet, and the first router obtains the VNI and the UDP header from the VXLAN packet;
  • a router performs IPsec-ESP encapsulation on the VXLAN packet to obtain an IPsec-ESP encapsulation packet, where the IPsec-ESP encapsulation packet includes an encrypted VXLAN packet and an ESP header and encapsulation encapsulated in the encrypted VXLAN packet.
  • An IP header outside the ESP header the first router inserts the VNI and the UDP header between the IP header included in the IPsec-ESP encapsulated packet and the ESP header to obtain the encapsulated packet.
  • the encapsulated message may be the message shown in FIG. 4a or 4b.
  • the message shown in Figure 4a is a encapsulated message sent in transport mode.
  • the IP header included in the packet shown in FIG. 4a can adopt the structure shown in FIG. 5, and the UDP header included in the packet shown in FIG. 4a can adopt the structure shown in FIG. 6.
  • the packet shown in Figure 4b is a encapsulated packet sent in tunnel mode.
  • the intranet IP header included in the packet shown in Figure 4b is the IP header included in the VXLAN packet sent by the VTEP to the first router.
  • the IP header included in the packet shown in FIG. 4b can adopt the structure shown in FIG. 5, and the UDP header included in the packet shown in FIG. 4b can adopt the structure shown in FIG. 6.
  • Figure 4a and Figure 4b The dense VXLAN packet is the packet obtained after the VXLAN sent by the VTEP is encrypted. The content of the encrypted VXLAN packet is not described here.
  • the first router obtains the encapsulated packet according to the VXLAN packet, and the first router obtains the VNI and the UDP header from the VXLAN packet;
  • the router encrypts the VXLAN packet to obtain the encrypted VXLAN packet;
  • the first router encapsulates the ESP header, the VNI, and the UDP header layer by layer outside the encrypted VXLAN packet.
  • the IP header may be the message shown in FIG. 4a or 4b.
  • the IP header included in the encapsulated packet may further include first identifier information, where the first identifier information is used to identify that the encapsulated packet carries the UDP header, and the encapsulated in the The UDP header between the IP header and the VNI includes second identifier information, where the second identifier information is used to identify that the encapsulated packet carries the VNI.
  • the IP header shown in FIG. 5 is used.
  • the first identification information shown may be carried in the protocol number field in the IP header shown in FIG.
  • the protocol number field in the IP header shown in FIG. 5 may be defined as UDP, which is used to indicate that the IP header carries the UDP header.
  • the first router may update the information included in the IP header after adding the VNI and the UDP header between the ESP header and the IP header.
  • the IP header shown in FIG. 5, the first router may add a protocol number field and a total length to the IP header after the VNI and the UDP header are added between the ESP header and the IP header.
  • the field and the header checksum field are updated so that the encapsulated message carrying the VNI and the UDP header satisfies the format requirement.
  • the destination port number in the UDP header shown in FIG. 6 can be used to carry the second identifier information.
  • the destination port number in the UDP header shown in Figure 6 is the ESP/VXLAN port number. That is, the ESP/VXLAN port number is used to identify the UDP header and carries the VNI. If the UDP header carries the VXLAN header that contains the VNI, the destination port number in the UDP header shown in Figure 6 is the ESP/VXLAN port number. That is, the ESP/VXLAN port number is used to identify the UDP header and is carried with the packaged VXLAN. Header ESP message.
  • the packet shown in FIG. 6 includes a UDP checksum field included in the UDP header. If the IP header included in the message shown in Figure 5 is set When the "header checksum” is set, the "UDP checksum” in the UDP header included in the message shown in FIG. 6 can be set to 0.
  • a plurality of paths may be included between the first router of DC1 and the third router of DC2.
  • Each of the plurality of paths may include one or more routers.
  • the source port number in the UDP header included in the encapsulated packet and the quintuple information included in the encapsulated packet may be used to determine one of the multiple paths to forward the encapsulated packet.
  • the path of the text may be used to determine one of the multiple paths to forward the encapsulated packet.
  • a second embodiment of the present invention is a method for processing a VXLAN message according to an embodiment of the present invention.
  • the second router may be an operator (English full name: provider, English abbreviation: P) device. The method for processing a VXLAN message according to the second embodiment of the present invention will be specifically described below with reference to FIG.
  • the second router receives the encapsulated packet sent by the first router, where the encapsulated packet is a packet obtained by performing IPsec-ESP encapsulation on the VXLAN packet from the VTEP, and the encapsulated packet is sent.
  • the IP header, the VNI, the ESP header, and the encrypted VXLAN message are included, and the VNI is encapsulated between the IP header and the ESP header.
  • the second router is in a path between the first router of the DC1 and the third router of the DC2, and the second router receives the encapsulated report sent by the first router to the third router.
  • Text The encapsulated packet is the same as the encapsulated packet in the first embodiment of the present invention, and details are not described herein again.
  • the IP header that is included in the encapsulated packet further carries the first identifier information, where the first identifier information is used to identify that the encapsulated packet carries the VNI. If the encapsulated packet includes a VXLAN header encapsulated in the IP header and the ESP header, and the VXLAN header includes the VNI, the first identifier information may be used to identify the encapsulated packet. The VXLAN header is carried.
  • the encapsulated packet received by the second router may be the packet shown in FIG. 3a or FIG. 3b, and details of the specific structure are not described herein.
  • the second router obtains the VNI from the encapsulated packet.
  • the obtaining, by the second router, the VNI from the encapsulated packet includes: the second router determining, according to the first identifier information carried in the IP header of the encapsulated packet, The encapsulated packet carries the VNI; the second router obtains the VNI carried by the encapsulated packet from the IP header of the encapsulated packet.
  • the second router may perform service processing on the encapsulated packet by using the obtained VNI, for example, service processing such as QoS and load sharing.
  • VNI is used to distinguish between different VXLANs.
  • the second router may determine, by using the VNI, a tenant to which the VXLAN packet included in the encapsulated packet belongs.
  • the second router may store a mapping table between the VNI and the tenant.
  • the second router may perform a load sharing operation on the encapsulated packet according to the VNI carried in the encapsulated packet and the mapping relationship table, and details of the specific operation process are not described herein.
  • the VNI encapsulated in the encapsulated packet is encapsulated between the IP header and the ESP header, and the second router can receive the encapsulated packet after the packet is received.
  • the VNI carried in the encapsulated message is identified.
  • the second router may obtain the VNI from the encapsulated message. In this way, the second router can use the obtained VNI for further service processing, which helps improve network operation efficiency.
  • another embodiment of the present invention provides a method for processing a VXLAN message.
  • the encapsulated packet received by the second router includes a VNI and a UDP header encapsulated between an IP header and an ESP header, or received by the second router.
  • the encapsulated message includes a VXLAN header and a UDP header encapsulated between an IP header and an ESP header, the VXLAN header including the VNI.
  • the method provided by another embodiment of the present invention is different from the method provided by the second embodiment of the present invention in S204, and only the differences are described below. For the same content, refer to the method provided by the second embodiment of the present invention. The corresponding content.
  • the encapsulated packet received by the second router includes an IP header, a UDP header, and VNI, ESP headers, and encrypted VXLAN messages.
  • the encapsulated packet received by the second router may be the packet shown in FIG. 4a or FIG. 4b, and details of the specific structure are not described herein.
  • the IP header of the encapsulated packet may carry the first identifier information, where the first identifier information is used to identify that the encapsulated packet carries the UDP header, and the UDP header UDP header carried by the VXLAN packet sent by the VTEP to the first router.
  • the UDP header encapsulated between the IP header and the VNI includes second identifier information, where the second identifier information is used to identify that the encapsulated packet carries the VNI.
  • the VNI is usually carried in a VXLAN message sent by the VTEP to the first router, and if the encapsulated message includes a VXLAN header and a UDP header encapsulated in the IP header and the ESP header, The second identifier information may be used to identify that the encapsulated packet carries a VXLAN header.
  • the obtaining, by the second router, the VNI from the encapsulated packet includes: obtaining, by the second router, the IP header carried by the IP header from the IP header of the encapsulated packet And the second router obtains, according to the first identifier information, the UDP header that is included in the encapsulated packet and that is located after the IP header; and the second router according to the purpose of the UDP header
  • the port number is determined to be that the encapsulated packet carries the VNI; and the second router obtains the VNI after the UDP header of the encapsulated packet.
  • the second router may be encapsulated from the encapsulated packet.
  • the VXLAN header is obtained after the UDP header of the message, and the VNI is obtained from the VXLAN header.
  • the third router in the DC2 receives the encapsulated packet from the first router, that is, the encapsulated packet forwarded by the second router, and the third router can process the encapsulated packet to obtain the encapsulated packet. VXLAN message.
  • the third router may process the encapsulated packet, and obtaining the VXLAN packet includes: the third The router may remove the VNI encapsulated in the IP header and the ESP header included in the encapsulated packet; the third router updates the IP header in the packet obtained after removing the VNI, and obtains the VXLAN message.
  • the VXLAN packet is a packet that can be identified by the VTEP in DC2.
  • the updating, by the third router, the IP header in the packet obtained after removing the VNI may include: a total length field and a protocol number of the IP header in the packet obtained by the third router pair after removing the VNI
  • the field and header checksum fields are updated so that the VXLAN message can be identified and/or processed by the VTEP in DC2.
  • the third router may process the encapsulated packet to obtain a VXLAN packet, including: The third router may remove the VNI and UDP headers encapsulated in the IP header and the ESP header included in the encapsulated packet; the third router removes the IP header in the packet obtained after the VNI and the UDP header The update is performed to obtain the VXLAN message.
  • the VXLAN packet is a packet that can be identified by the VTEP in DC2.
  • the updating, by the third router, the IP header in the packet obtained after removing the VNI and the UDP header may include: the IP header in the packet obtained by the third router pair after removing the VNI and the UDP header
  • the total length field, the protocol number field, and the header checksum field are updated so that the VXLAN message can be identified and/or processed by the VTEP in DC2.
  • FIG. 7 is a schematic structural diagram of a first router according to an embodiment of the present invention.
  • the first router corresponding to FIG. 7 can perform the method provided by the embodiment corresponding to FIG. 1.
  • the first router corresponding to FIG. 7 may be the first router in the embodiment corresponding to FIG. 2.
  • the first router provided by the embodiment of the present invention includes a receiving unit 702, a processing unit 704, and a sending unit 706.
  • the receiving unit 702 is configured to receive a VXLAN message sent by the VTEP, where the VXLAN message includes a VNI.
  • the processing unit 704 is configured to obtain, according to the VXLAN packet, a encapsulated packet, where the encapsulated packet is a packet obtained by performing IPsec-ESP encapsulation on the VXLAN packet, after the encapsulation
  • the message includes an IP header, the VNI, an ESP header, and the encrypted VXLAN message, and the VNI is encapsulated between the IP header and the ESP header.
  • the sending unit 706 is configured to send the encapsulated packet to the second router.
  • the IP header includes first identifier information, where the first identifier information is used to identify
  • the encapsulated message carries the VNI.
  • the encapsulated packet further includes a UDP header encapsulated between the IP header and the VNI, where the UDP header is a UDP header included in the VXLAN packet from the VTEP.
  • the IP header includes first identifier information, where the first identifier information is used to identify that the encapsulated packet carries the UDP header, and the UDP header encapsulated between the IP header and the VNI The second identifier information is used to identify that the encapsulated packet carries the VNI.
  • the processing unit obtains the encapsulated packet according to the VXLAN packet and the VNI in the VXLAN packet, and the encapsulated packet includes an IP header and an ESP header. There is the VNI.
  • the sending unit sends the encapsulated packet to the second router, and the second router is configured to perform further service processing, such as load balancing and other service processing, according to the VNI carried in the encapsulated packet. Helps improve the efficiency of network operation.
  • FIG. 8 is a schematic structural diagram of a first router according to another embodiment of the present invention.
  • the first router may perform the method provided by the embodiment corresponding to FIG. 1.
  • the first router may be the first router in the embodiment corresponding to FIG. 2.
  • the first router provided by the embodiment of the present invention includes a processor 801, a memory 802, an interface 803, and a bus 804.
  • the interface 803 can be implemented in a wireless or wired manner.
  • the interface 803 can be a network interface card (English name: Network Interface Card, NIC) or other components for implementing communication.
  • the processor 801, the memory 802, and the interface 803 can be connected by the bus 804.
  • the memory 802 is for storing program code.
  • the program code can include an operating system program and an application.
  • the processor 801 performs the following operations in accordance with executable instructions included in a program read from the memory 802.
  • the processor 801 receives the VXLAN packet sent by the VTEP through the interface 803, where the VXLAN packet includes a VXLAN network identifier VNI, and the processor 801 obtains the encapsulated packet according to the VXLAN packet.
  • the encapsulated message is for the VXLAN
  • the processor 801 sends the encapsulated packet to the second router through the interface 803.
  • the IP header includes first identifier information, where the first identifier information is used to identify that the encapsulated packet carries the VNI.
  • the encapsulated packet further includes a UDP header encapsulated between the IP header and the VNI, where the UDP header is a UDP header included in the VXLAN packet from the VTEP.
  • the IP header includes first identifier information, where the first identifier information is used to identify that the encapsulated packet carries the UDP header, and the UDP header encapsulated between the IP header and the VNI The second identifier information is used to identify that the encapsulated packet carries the VNI.
  • the processor 801 obtains the encapsulated packet according to the VXLAN packet and the VNI in the VXLAN packet, and the encapsulated packet includes an IP header and an ESP header.
  • the VNI is packaged.
  • the processor 801 sends the encapsulated packet to the second router through the interface 803, which helps the second router to perform further service processing, such as load, according to the VNI carried in the encapsulated packet. Sharing and other business processes can help improve network operation efficiency.
  • FIG. 9 is a schematic structural diagram of a second router according to an embodiment of the present invention.
  • the second router shown in FIG. 9 can perform the method provided by the embodiment corresponding to FIG. 2.
  • the second router shown in FIG. 9 may be the second router in the embodiment corresponding to FIG. 1.
  • the second router provided by the embodiment of the present invention includes a receiving unit 902 and a processing unit 904.
  • the receiving unit 902 is configured to receive the encapsulated packet sent by the first router.
  • the encapsulated packet is obtained by performing IPsec-ESP encapsulation on the VXLAN packet from the VTEP, and the encapsulated packet includes an IP header, a VNI, an ESP header, and the encrypted VXLAN packet.
  • the VNI is encapsulated between the IP header and the ESP header.
  • the processing unit 904 is configured to obtain the VNI from the encapsulated message.
  • the processing unit 904 is specifically configured to use the IP header according to the IP header.
  • the first identifier information is included to determine that the encapsulated packet includes the VNI; and the processing unit 904 is specifically configured to obtain the VNI from between the IP header and the ESP header.
  • the UDP header is a UDP header included in the VXLAN packet from the VTEP.
  • the IP header includes first identifier information, where the first identifier information is used to identify that the encapsulated packet carries the UDP header, and the UDP header encapsulated between the IP header and the VNI includes a second identifier information, where the second identifier information is used to identify that the encapsulated packet carries the VNI, and the processing unit 904 is specifically configured to use, according to the first identifier information included in the IP header, Obtaining a UDP header encapsulated between the IP header and the VNI; the processing unit 904 is specifically configured to: according to the second identifier information included in a UDP header encapsulated between the IP header and the VNI, Determining that the encapsulated message includes the VNI; the processing unit 904 is specifically configured to obtain the VNI from between the
  • the packaged VNI is encapsulated between the IP header and the ESP header, and the processing unit 904 may, after receiving the encapsulated packet, the encapsulated packet.
  • the VNI carried by the document is identified.
  • the processing unit 904 can obtain the VNI from the encapsulated message. In this way, the second router can use the obtained VNI for further service processing, which helps improve network operation efficiency.
  • FIG. 10 is a schematic structural diagram of a second router according to another embodiment of the present invention.
  • the second router may perform the method provided by the embodiment corresponding to FIG. 2.
  • the second router may be the second router in the corresponding embodiment.
  • the second router provided by the embodiment of the present invention includes: a processor 1001, a memory 1002, an interface 1003, and a bus 1004.
  • the interface 1003 can be implemented by wireless or wired, such as a NIC or other component for implementing communication.
  • the processor 1001, the memory 1002, and the interface 1003 are connected by the bus 1004.
  • the memory 1002 is for storing program code.
  • the program code can include an operating system program and an application.
  • the processor 1001 performs the following operations in accordance with executable instructions included in a program read from the memory 1002.
  • the processor 1001 receives, by using the interface 1003, the encapsulated packet sent by the first router.
  • the encapsulated packet is obtained by performing IPsec-ESP encapsulation on the VXLAN packet from the VTEP, and the encapsulated packet includes an IP header, a VNI, an ESP header, and the encrypted VXLAN packet.
  • the VNI is encapsulated between the IP header and the ESP header; the processor 1001 obtains the VNI from the encapsulated message.
  • the processor 1001 includes, according to the IP header, Determining the first identification information, determining that the encapsulated message includes the VNI; and the processor 1001 obtains the VNI from between the IP header and the ESP header.
  • the UDP header is a UDP header included in the VXLAN packet from the VTEP.
  • the IP header includes first identifier information, where the first identifier information is used to identify that the encapsulated packet carries the UDP header, and the UDP header encapsulated between the IP header and the VNI includes a second identifier information, where the second identifier information is used to identify that the encapsulated packet carries the VNI, and the processor 1001 obtains the encapsulation according to the first identifier information included in the IP header.
  • the processor 1001 determines the encapsulated according to the second identifier information included in a UDP header encapsulated between the IP header and the VNI
  • the message includes the VNI; the processor 1001 obtains the VNI from between the IP header and the ESP header.
  • the packaged VNI is encapsulated between the IP header and the ESP header, and the processor 1001 may, after receiving the encapsulated packet, the encapsulated packet.
  • the VNI carried by the document is identified.
  • the processor 1001 may receive the encapsulated message The VNI is obtained. In this way, the second router can use the obtained VNI for further service processing, which helps improve network operation efficiency.
  • FIG. 11 is a schematic diagram of a system for processing a VXLAN message according to an embodiment of the present invention.
  • the system provided by the embodiment of the present invention may include the first router provided by the foregoing embodiment corresponding to FIG. 7 or FIG. 8 and the second router provided by the embodiment corresponding to FIG. 9 or FIG. 10, where the first router and the second router are no longer used. The second router will go into details.
  • aspects of the present invention, or possible implementations of various aspects may be embodied as a system, method, or computer program product.
  • aspects of the invention, or possible implementations of various aspects may be in the form of an entirely hardware embodiment, an entirely software embodiment (including firmware, resident software, etc.), or a combination of software and hardware aspects, They are collectively referred to herein as "circuits," “modules,” or “systems.”
  • aspects of the invention, or possible implementations of various aspects may take the form of a computer program product, which is a computer readable program code stored in a computer readable medium.
  • the computer readable medium can be a computer readable signal medium or a computer readable storage medium.
  • the computer readable storage medium includes, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, device, or device, or any suitable combination of the foregoing, such as a random access memory (English full name: random access memory, English abbreviation: RAM ), read-only memory (English full name: read-only memory, English abbreviation: ROM), erasable programmable read-only memory (English full name: erasable programmable read only memory (EPROM) or flash memory), Optical fiber, portable read-only memory (English full name: compact disc read-only memory, English abbreviation: CD-ROM).
  • the processor in the computer reads the computer readable program code stored in the computer readable medium such that the processor is capable of performing the various functional steps specified in each step of the flowchart, or a combination of steps; A device that functions as specified in each block, or combination of blocks.
  • the computer readable program code can execute entirely on the user's local computer, partly on the user's local computer, as a separate software package, partly on the user's local computer and partly on the remote computer, or entirely on the remote computer or Executed on the server. It should also be noted that in some alternative implementations, the functions noted in the various steps in the flowcharts or in the blocks in the block diagrams may not occur in the order noted. For example, two steps, or two blocks, shown in succession may be executed substantially concurrently or the blocks may be executed in the reverse order.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

L'invention concerne un procédé, un dispositif et un système de traitement d'un message VXLAN, qui sont utiles à un routeur situé entre différents centres de données pour obtenir un VNI. Selon le procédé, un premier routeur reçoit un message VXLAN envoyé par un VTEP, le message VXLAN comprenant un VNI ; le premier routeur obtient un message encapsulé en fonction du message VXLAN, le message encapsulé étant un message obtenu après que l'encapsulation IPsec-ESP est effectuée sur le message VXLAN, et le message encapsulé comprenant un en-tête IP, le VNI, un en-tête ESP et le message VXLAN chiffré, le VNI étant encapsulé entre l'en-tête IP et l'en-tête ESP ; et le premier routeur envoie le message encapsulé à un second routeur.
PCT/CN2015/097523 2015-03-23 2015-12-15 Procédé, dispositif et système de traitement d'un message vxlan WO2016150205A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510127449.9 2015-03-23
CN201510127449.9A CN106161225B (zh) 2015-03-23 2015-03-23 用于处理vxlan报文的方法、装置及系统

Publications (1)

Publication Number Publication Date
WO2016150205A1 true WO2016150205A1 (fr) 2016-09-29

Family

ID=56977035

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/097523 WO2016150205A1 (fr) 2015-03-23 2015-12-15 Procédé, dispositif et système de traitement d'un message vxlan

Country Status (2)

Country Link
CN (1) CN106161225B (fr)
WO (1) WO2016150205A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110912859A (zh) * 2018-09-17 2020-03-24 华为技术有限公司 发送报文的方法、接收报文的方法及网络设备
CN113794616A (zh) * 2021-08-31 2021-12-14 新华三信息安全技术有限公司 一种报文转发方法及设备

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108111471B (zh) * 2016-11-25 2021-05-11 中国电信股份有限公司 报文的处理方法、系统及vtep
CN106878278B (zh) * 2017-01-09 2021-06-22 新华三技术有限公司 一种报文处理方法及装置
CN109412922B (zh) * 2017-08-15 2021-07-20 华为技术有限公司 一种传输报文的方法、转发设备、控制器及系统
CN109525477A (zh) * 2018-09-30 2019-03-26 华为技术有限公司 数据中心中虚拟机之间的通信方法、装置和系统
CN116418537A (zh) * 2021-12-31 2023-07-11 苏州盛科通信股份有限公司 隧道加密,转发和解密方法以及装置
CN116800486B (zh) * 2023-06-13 2024-06-07 中科驭数(北京)科技有限公司 云网络通信方法及系统

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014028094A1 (fr) * 2012-08-14 2014-02-20 Vmware, Inc. Procédé et système pour intégration de réseau virtuel et physique
CN104104747A (zh) * 2014-07-28 2014-10-15 杭州华三通信技术有限公司 报文传输方法及装置
CN104335532A (zh) * 2012-06-04 2015-02-04 瑞典爱立信有限公司 使用单独管理将vlan标记的分组路由到虚拟转发实例的远端地址

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103095546B (zh) * 2013-01-28 2015-10-07 华为技术有限公司 一种处理报文的方法、装置及数据中心网络

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104335532A (zh) * 2012-06-04 2015-02-04 瑞典爱立信有限公司 使用单独管理将vlan标记的分组路由到虚拟转发实例的远端地址
WO2014028094A1 (fr) * 2012-08-14 2014-02-20 Vmware, Inc. Procédé et système pour intégration de réseau virtuel et physique
CN104104747A (zh) * 2014-07-28 2014-10-15 杭州华三通信技术有限公司 报文传输方法及装置

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110912859A (zh) * 2018-09-17 2020-03-24 华为技术有限公司 发送报文的方法、接收报文的方法及网络设备
WO2020057436A1 (fr) * 2018-09-17 2020-03-26 华为技术有限公司 Procédé d'envoi de message, procédé de réception de message, et dispositif de réseau
CN110912859B (zh) * 2018-09-17 2021-12-14 华为技术有限公司 发送报文的方法、接收报文的方法及网络设备
US11888904B2 (en) 2018-09-17 2024-01-30 Huawei Technologies Co., Ltd. Packet sending method, packet receiving method, and network device
CN113794616A (zh) * 2021-08-31 2021-12-14 新华三信息安全技术有限公司 一种报文转发方法及设备

Also Published As

Publication number Publication date
CN106161225B (zh) 2019-05-28
CN106161225A (zh) 2016-11-23

Similar Documents

Publication Publication Date Title
WO2016150205A1 (fr) Procédé, dispositif et système de traitement d'un message vxlan
US11108751B2 (en) Segmentation of encrypted segments in networks
US10148573B2 (en) Packet processing method, node, and system
US10749794B2 (en) Enhanced error signaling and error handling in a network environment with segment routing
US9729578B2 (en) Method and system for implementing a network policy using a VXLAN network identifier
US20180139191A1 (en) Method, Device, and System for Processing VXLAN Packet
KR102054338B1 (ko) 개별 관리들을 이용하는 vlan 태깅된 패킷들의 가상 포워딩 인스턴스들의 원단 주소들로의 라우팅
CA2870048C (fr) Reseau prive virtuel multi-tunnels
US20170237656A1 (en) Method and apparatus for service function forwarding in a service domain
US10986075B2 (en) Distributing packets across processing cores
WO2016173271A1 (fr) Procédé, dispositif et système de traitement de messages
US20150135178A1 (en) Modifying virtual machine communications
US20140286342A1 (en) Method for generating entry, method for receiving packet, and corresponding apparatus and system
JP5871063B2 (ja) マルチテナントシステム、スイッチ、コントローラ、及びパケット転送方法
CN109150684B (zh) 报文处理方法、装置、通信设备及计算机可读存储介质
US10505759B2 (en) Access layer-2 virtual private network from layer-3 virtual private network
CN111917625B (zh) Vxlan业务到sr域的差分实现方法、装置及各节点
US11303619B2 (en) Encapsulated encrypted packet handling for receive-side scaling (RSS)
CN115442184A (zh) 一种接入系统及方法、接入服务器、系统及存储介质
WO2017131767A1 (fr) Configuration de réseau privé virtuel mobile
US20230143157A1 (en) Logical switch level load balancing of l2vpn traffic
US20190141017A1 (en) Information exchange for secure communication
CN112994928B (zh) 一种虚拟机的管理方法、装置及系统
US20240223515A1 (en) Managing processing queue allocation using sequence number bits of an ipsec packet
US11025538B2 (en) Network service context

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15886127

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15886127

Country of ref document: EP

Kind code of ref document: A1