WO2017114158A1 - Method and device for publishing tenant routing in nvo3 network - Google Patents

Method and device for publishing tenant routing in nvo3 network Download PDF

Info

Publication number
WO2017114158A1
WO2017114158A1 PCT/CN2016/109933 CN2016109933W WO2017114158A1 WO 2017114158 A1 WO2017114158 A1 WO 2017114158A1 CN 2016109933 W CN2016109933 W CN 2016109933W WO 2017114158 A1 WO2017114158 A1 WO 2017114158A1
Authority
WO
WIPO (PCT)
Prior art keywords
route
tenant
vnid
address
tenant route
Prior art date
Application number
PCT/CN2016/109933
Other languages
French (fr)
Chinese (zh)
Inventor
庄顺万
倪辉
阴元斌
郝卫国
李振斌
陈国义
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2017114158A1 publication Critical patent/WO2017114158A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/50Routing or path finding of packets in data switching networks using label swapping, e.g. multi-protocol label switch [MPLS]

Definitions

  • the embodiments of the present invention relate to the NVo3 network technology, and in particular, to a method and an apparatus for issuing tenant routes in an NVo3 network.
  • NVo3 Network Virtualization over Layer 3
  • the NVo3 network can adopt the MPLS (Multiple Protocol Label Switch) protocol.
  • An MPLS-based virtual private network (VPN) can be called an MPLS L3VPN.
  • MPLS L3VPN uses BGP (Border Gateway Protocol) to advertise VPN routes on the service provider backbone network and MPLS (Multiple Protocol Label Switch) to forward VPN packets on the service provider backbone network.
  • the CE (Customer Edge) device is deployed on the VPN edge and connected to the SP (Service Provider) network.
  • the PE (Provider Edge) device in the SP network is deployed on the edge of the service provider backbone and connected to the CE device.
  • the P (Provider, Service Provider) device is a backbone router in the service provider backbone network and is connected to the PE device.
  • the advertisement of the VPN routing information includes: the route advertisement from the local CE to the ingress PE, the route advertisement from the ingress PE to the egress PE, and the route advertisement from the egress PE to the remote CE. After the route is advertised, the reachable route is set up between the local CE and the remote CE. That is, the VPN private network routing information can be advertised on the backbone network.
  • the process of the route is as follows: After the local CE establishes an adjacency with the connected first PE, the local CE is advertised to the first PE.
  • the VPN route advertised by the local CE to the first PE is a standard format IPv4 or IPv6 route.
  • the first PE adds the RD (Route Distinguisher) and Route Target attributes to the VPN route to form a VPN-IPv4 route.
  • the Route Target attribute can also be called a VPN Target attribute.
  • the first PE of the VPN stores the VPN-IPv4 route to the VPN instance created for the local CE.
  • the first PE advertises the VPN-IPv4 route to the second PE through the Multi-Protocol Border Gateway Protocol (MP-BGP).
  • MP-BGP Multi-Protocol Border Gateway Protocol
  • the current NVo3 network uses RD and RT policies to deploy VPN routes.
  • the implementation process is relatively complicated.
  • the method and device for issuing tenant routes in the NVo3 network provided by the embodiment of the present invention can simplify the route deployment scheme in the NVo3 network.
  • a method for publishing tenant routes in an NVo3 network includes:
  • the first service provider edge PE device obtains a second tenant route according to the first tenant route from the first user edge CE device, where the first tenant route includes a network protocol IP address of the first CE device, where the The second tenant route includes a first virtual network identifier VNID, an IP address of the first CE device, and an address of a virtual tunnel endpoint VTEP of the first PE, where the first VNID is used to identify a virtual private entity to which the first CE device belongs.
  • Network VPN ;
  • the first PE device sends the second tenant route to the target PE device.
  • the first service provider edge PE device obtains the second tenant route according to the first tenant route from the first user edge CE device, including:
  • the first PE device adds the address of the first VNID and the virtual tunnel endpoint VTEP of the first PE to the first tenant route to obtain the second tenant route.
  • the second tenant route further includes a type of the first virtual tunnel, where the first virtual tunnel is a virtual tunnel between the first PE and the target PE device.
  • the sending, by the first PE device, the second tenant route to the target PE device includes:
  • the first PE device sends the second tenant route to the target PE device by using a route reflector RR.
  • the method further includes:
  • the first PE device receives a third tenant route from the second PE device, where the third tenant route includes a second VNID, an IP address of the second CE device, and an address of the VTEP of the second PE, where the second VNID It is used to identify the VPN to which the second CE device belongs.
  • the receiving, by the first PE device, the third tenant route from the second PE device includes:
  • the first PE device receives the third tenant route sent by the RR.
  • the third tenant route further includes a type of the second virtual tunnel, where the second virtual tunnel is a virtual tunnel between the first PE device and the second PE device, the method further includes:
  • the request message carries a VNI_Based ORF entry that is based on the outbound route filtering ORF protocol.
  • the VNI_Based ORF entry includes the VNID included in the tenant route that the first PE device requests the RR to send.
  • the VNI_Based ORF entry further includes a VNID included in the tenant route that the first PE device requests the RR to revoke.
  • the method further includes: the first PE device, according to the second VNID included in the third tenant route, The third tenant route is added to the tenant routing table corresponding to the VNID.
  • the second tenant route further includes: a first virtual tunnel parameter
  • the method further includes: the first PE device sending service data to the target PE device according to the type of the first virtual tunnel and the first virtual tunnel parameter.
  • the first virtual network identifier VNID, the IP address of the first CE device, and the address of the virtual tunnel endpoint VTEP of the first PE are all located in a multi-protocol _ reach_network layer reachable by the border gateway protocol BGP Information in MP_REACH_NLRI.
  • the first virtual network identifier VNID, the IP address of the first CE device, and the address of the virtual tunnel endpoint VTEP of the first PE are respectively located in a preset extended community attribute.
  • the first virtual network identifier VNID is located in a preset extended community attribute, and the IP address of the first CE device and the address of the virtual tunnel endpoint VTEP of the first PE are both located in the MP_REACH_NLRI of the BGP.
  • a second aspect provides a method for publishing tenant routes in an NVo3 network, where the method includes:
  • the route reflector RR receives the second tenant route sent by the first PE device, where the second tenant route is obtained by the first PE device according to the first tenant route from the first user edge CE device, the first tenant The route includes a network protocol IP address of the first CE device, and the second tenant route includes a first virtual network identifier VNID, an IP address of the first CE device, and an address of a virtual tunnel endpoint VTEP of the first PE, where The first VNID is used to identify a virtual private network VPN to which the first CE device belongs;
  • the RR sends the second tenant route to the target PE device.
  • the method further includes: the RR storing the second tenant route into a routing table corresponding to the VNID included in the second tenant route.
  • the RR sends the second tenant route to the target PE device, including:
  • the RR pushes the second tenant route to other PE devices connected to the RR except the first PE device.
  • the third in the second aspect the RR sends the second tenant route to the target PE device, including:
  • the RR sends the second tenant route to the PE device that carries the VNID carried in the request message and is consistent with the VNID in the second tenant route.
  • the request message carries a VNI_Based ORF entry based on the outbound route filtering ORF protocol, where the VNI_Based ORF entry includes a VNID of the requested tenant route.
  • the VNI_Based ORF entry further includes a VNID that is included in the tenant route that the PE device requests the RR to revoke.
  • the method further includes: the RR is revoked according to the VNID included in the tenant route that the PE device requests the RR to revoke. The corresponding tenant route.
  • the first virtual network identifier VNID, the IP address of the first CE device, and the address of the virtual tunnel endpoint VTEP of the first PE are all located in a multi-protocol _ reach_network layer reachable by the border gateway protocol BGP Information in MP_REACH_NLRI.
  • the first virtual network identifier VNID, the IP address of the first CE device, and the address of the virtual tunnel endpoint VTEP of the first PE are respectively located in a preset extended community attribute.
  • the first virtual network identifier VNID is located in a preset extended community attribute, and the IP address of the first CE device and the address of the virtual tunnel endpoint VTEP of the first PE are both located in the MP_REACH_NLRI of the BGP.
  • a third aspect provides an apparatus for publishing tenant routes in an NVo3 network, where the apparatus includes:
  • a route generation module configured to obtain a second tenant route according to the first tenant route from the first user edge CE device, where the first tenant route includes a network protocol IP address of the first CE device, and the second tenant
  • the route includes a first virtual network identifier VNID, an IP address of the first CE device, and an address of a virtual tunnel endpoint VTEP of the first PE, where the first VNID is used to identify a virtual private network VPN to which the first CE device belongs.
  • the route issuing module is configured to send the second tenant route to the target PE device.
  • the route generation module is specifically configured to:
  • the second tenant route further includes a type of the first virtual tunnel, where the first virtual tunnel is a virtual tunnel between the first PE and the target PE device.
  • the route publishing module is specifically configured to:
  • the second tenant route is sent to the target PE device by using a route reflector RR.
  • the device further includes:
  • a receiving module configured to receive a third tenant route from the second PE device, where the third tenant route includes a second VNID, an IP address of the second CE device, and an address of the VTEP of the second PE, where the second VNID is used
  • the VPN to which the second CE device belongs is identified.
  • the receiving module is specifically configured to:
  • the third tenant route further includes a type of the second virtual tunnel, where the second virtual tunnel is a virtual tunnel between the first PE device and the second PE device, and the device further includes:
  • a determining module configured to determine, according to the second VNID and the type of the second virtual tunnel, the second virtual tunnel used by the third tenant route.
  • the first PE device advertises the first virtual network identifier VNID, the IP address of the first CE device, and the virtual tunnel endpoint VTEP of the first PE device to the target PE device by using the second tenant route.
  • the address does not need to adopt RD policy and RT policy, which simplifies the route deployment scheme of the NVo3 network.
  • Figure 1 is a schematic diagram of a scenario of an MPLS L3VPN
  • FIG. 2 is a schematic diagram of a scenario of an NVo3 network
  • FIG. 3 is a flowchart of a method for publishing a tenant route in an NVo3 network according to Embodiment 1 of the present invention
  • FIG. 4 is a flowchart of a method for publishing a tenant route in an NVo3 network according to Embodiment 2 of the present invention
  • FIG. 5 is a flowchart of a method for publishing tenant routes in an NVo3 network according to Embodiment 3 of the present invention
  • FIG. 6 is a flowchart of a method for publishing a tenant route in an NVo3 network according to Embodiment 4 of the present invention.
  • FIG. 7 is a flowchart of a method for publishing tenant routes in an NVo3 network according to Embodiment 5 of the present invention.
  • FIG. 8 is a schematic diagram of publishing tenant routes in an NVo3 network
  • FIG. 9 is another schematic diagram of issuing tenant routes in an NVo3 network
  • FIG. 10 is a schematic structural diagram of an apparatus for issuing a tenant route in an NVo3 network according to an embodiment of the present disclosure
  • FIG. 11 is a schematic structural diagram of a PE device according to an embodiment of the present invention.
  • the method for issuing the tenant route in the NVo3 network in the embodiment of the present invention is described.
  • the MPLS L3VPN Multiple Protocol Label Switch Layer 3 Virtual Private Network
  • the NVo3 network are described first.
  • FIG 1 shows the scenario of MPLS L3VPN.
  • the MPLS L3VPN includes the CE device 1, the CE device 2, the CE device 3, the CE device 4, the PE device 1, the PE device 2, and the P device.
  • CE device 1 and CE device 4 belong to VPN 1, respectively, and CE device 2 and CE device 3 belong to VPN 2. Due to the independence of the VPN network, VPN1 and VPN2 independently manage the range of addresses used by themselves. Among them, the address range is also called Address Space.
  • both VPN1 and VPN2 use the address of the 10.110.10.0/24 network segment, and Overlapping Address Spaces occur. Assume that both VPN1 and VPN2 advertise a route to the rejoined network segment. The PE device only selects one of the routes, which causes the other route to be lost.
  • policies such as RD, RT, and tunnel are usually adopted.
  • the PE device 1 after receiving the VPN route from the CE device 1, the PE device 1 adds an RD to the VPN route to make it globally unique. For example, the PE device 1 attaches an RD to the received IPv4 route, and obtains a VPN-IPv4 route, and the VPN-IPv4 route is globally unique.
  • MPLS L3VPN uses the BGP extended community attribute—Route Target to control the advertisement of VPN routing information.
  • Two types of RT attributes are deployed on any PE: Export Target attribute: VPN-IPv4 that PE device 1 will acquire. The route is advertised to other PE devices, such as PE device 2. Before, the Export Target attribute is further set for VPN-IPv4 routes.
  • the tunneling policy is used to determine the tunnel used to transmit the service packets in the VPN. For example, the LSP (Label Switch Path) is selected as the tunnel.
  • LSP Label Switch Path
  • FIG 2 is a schematic diagram of a scenario of an NVo3 network.
  • NVo3 Network Virtualization over Layer 3
  • This technology can virtualize a physical network so that it can be used by different tenants.
  • the NVo3 network includes TES (tenant end system). And NVE (Network Virtulizaiton Edge, virtual network edge) devices.
  • the TES is the virtualized node of the CE in the MPLS L3VPN.
  • the NVE is the node after the PE is virtualized in the MPLS L3VPN.
  • TES1 to TES4 in Figure 2 correspond to CE1 to CE4 in the MPLS L3VPN
  • NVE1 and NVE2 respectively correspond to PE1 and PE2 in the MPLS L3VPN.
  • the NVo3 network can also directly adopt the route advertisement policy in MPLS L3VPN, that is, advertise routes according to policies such as RD, RT, and tunnel.
  • the above routing policy is deployed to advertise routes.
  • the implementation process is relatively complicated.
  • the embodiment of the present invention provides a method for publishing a tenant route in an NVo3 network, in which both the control plane and the data plane use the same virtual network identifier ( Virtual network identifier, VNID).
  • VNID represents the division of tenants in the control plane and can be used for isolation of tenant routes. Further, the VNID can be used as a forwarding identifier in the data plane.
  • the first PE device sends the first virtual network identifier VNID, the IP address of the first CE device, and the VTEP (virtual tunnel end point) of the first PE device to the target PE device through the second tenant route.
  • the address of the virtual tunnel endpoint does not need to adopt the RD policy and the RT policy, which simplifies the route deployment scheme of the NVo3 network.
  • FIG. 3 is a flowchart of a method for publishing a tenant route in an NVo3 network according to Embodiment 1 of the present invention.
  • the NVo3 network includes: a service provider backbone network and at least one VPN; each tenant corresponds to at least one VPN.
  • the method provided in Embodiment 1 of the present invention includes:
  • the first PE device obtains the second tenant route according to the first tenant route from the first CE device.
  • the first tenant route includes an IP address of the first CE device, such as an IPv4 address or an IPv6 address of the first CE device.
  • the second tenant route includes a first VNID, an IP address of the first CE device, and an address of a VTEP of the first PE device.
  • the first VNID is used to identify a VPN to which the first CE device belongs.
  • the first PE device is configured according to the first device from the first CE device
  • the first VNID is determined by the first PE device according to the first CE device IP address included in the first tenant route; the first The PE device adds the address of the first VNID and the VTEP of the first PE to the first tenant route to obtain the second tenant route.
  • the second tenant route may further include a type of the first virtual tunnel, where the first virtual tunnel is a virtual tunnel between the first PE and the target PE device.
  • the target PE device is a PE device that receives the route of the second tenant.
  • S12 The first PE device sends the second tenant route to the target PE device.
  • the first PE device sends the second tenant route to the target PE device.
  • the target PE device obtains the first VNID, the IP address of the first CE device, and the address of the VTEP of the first PE device by using the second tenant route.
  • the first VNID can be separated from other tenant routes, and the RD policy and the RT policy in the existing method need not be deployed.
  • the target PE device can exchange VPN routing information directly through the BGP protocol according to the address of the VTEP of the first PE device, and does not need to transfer the VPNv4/6 routing table in the existing method. It can be seen that the route publishing method of the embodiment of the present invention does not need to adopt an RD policy and an RT policy, and simplifies the route deployment scheme of the NVo3 network.
  • the target PE device may be a PE device directly connected to the first PE device, or may be a PE device connected to the first PE device by using a route reflector (RR). .
  • the RR is configured to reflect routing information between PE devices connected to the RR.
  • the target PE device is connected to the first PE device by using the RR, the first PE device sends the second tenant route to the RR, and the RR sends the second tenant route to the The target PE device.
  • FIG. 4 is a flowchart of a method for publishing tenant routes in an NVo3 network according to Embodiment 2 of the present invention.
  • the method provided in the second embodiment of the present invention includes:
  • the first PE device receives a third tenant route from the second PE device.
  • the third tenant route includes a second VNID, an IP address of the second CE device, and a location The address of the VTEP of the second PE.
  • the second VNID is used to identify a VPN to which the second CE device belongs.
  • the first PE device may be directly connected to the second PE device, and receive the third tenant route from the second PE device.
  • the first PE device may be connected to the second PE device by using the RR, and obtain the third tenant route from the second PE by using the RR.
  • the receiving, by the first PE device, the third tenant route from the second PE device by using the RR includes: the first PE device receiving the third Tenant routing.
  • the first PE device determines whether the third tenant route is a tenant route required for transmitting the service information by itself. If the third tenant route is a required tenant route, the first PE device stores the third tenant route into a routing table that matches the second VNID. If the third tenant route is not the required tenant route, the first PE device may discard the received third tenant route.
  • the receiving, by the first PE device, the third tenant route from the second PE device by using the RR includes: sending, by the first PE device, a request message to the RR, where The request message is used to request the third tenant route to the RR; the first PE device receives the third tenant route sent by the RR.
  • the request message may carry information for identifying the third tenant route, such as the second VNID.
  • the third tenant route sent by the RR is a tenant route determined according to the information used to identify the third tenant route.
  • the first PE device stores the received third tenant route into a tenant routing table that matches the second VNID.
  • the third tenant route further includes a type of the second virtual tunnel.
  • the second virtual tunnel is a virtual tunnel between the first PE device and the second PE device.
  • the first PE device determines, according to the second VNID and the type of the second virtual tunnel, the second virtual tunnel used by the third tenant route.
  • the third tenant route further includes a tunnel parameter.
  • the tunnel parameters are used to determine As a tunnel of the second virtual tunnel.
  • S24 The first PE device sends service data to the second PE device according to the determined second virtual tunnel.
  • the first PE device further performs the second according to the determined second virtual tunnel and the tunnel parameter.
  • the PE device sends service data.
  • FIG. 5 is a flowchart of a method for publishing tenant routes in an NVo3 network according to Embodiment 3 of the present invention.
  • An RR is deployed on the NVo3 network.
  • the PEs connected to the RR reflect the primary route through the RR.
  • the method provided in Embodiment 3 of the present invention includes:
  • the first PE device sends a request message to the RR, where the request message is used to request a third tenant route to the RR.
  • the request message sent by the first PE device to the RR includes a VNID included in the requested tenant route. If the VNID included in the tenant route requested by the first PE device is the second VNID, the RR sends the third tenant route including the second VNID to the first PE device.
  • S32 The first PE device receives the third tenant route from the RR.
  • the third tenant route includes a second VNID, an IP address of the second CE device, and an address of the VTEP of the second PE.
  • the second VNID is used to identify a VPN to which the second CE device belongs.
  • the first PE device stores the received third tenant route into a tenant routing table that matches the second VNID.
  • the first PE device determines, according to the second VNID and the type of the second virtual tunnel, a second virtual tunnel used by the third tenant route.
  • the third tenant route further includes a tunnel parameter.
  • S35 The first PE device sends service data to the second PE device according to the determined second virtual tunnel and the tunnel parameter.
  • the request message sent by the first PE device carries a VNI_Based ORF entry based on an outbound route filtering (ORF) protocol;
  • the VNI_Based ORF entry includes at least one set of routing information, and each group of routing information includes a VNID and an action, where the action is to apply for a tenant routing action or to cancel the tenant routing action, and the revoke tenant routing action is used for the RR to cancel the tenant with the corresponding VNID. routing.
  • Table 1 shows the structure of the VNI_Based ORF entry. As shown in Table 1, multiple VNIDs and their corresponding execution actions can be carried in a VNI_Based ORF entry.
  • the above-mentioned execution action may indicate the action type by using a specified number. For example, when the value of the action is set to 0x01, the route for applying the corresponding VNI is indicated, and the value of 0x02 indicates that the route of the corresponding VNI is revoked.
  • the RR sends the third tenant route to the first PE device.
  • the first PE device can simultaneously request the RR to send multiple tenant routes by using the VNI_Based ORF entry.
  • the first PE device may also use the VNI_Based ORF entry to request the RR to revoke the tenant route including the specified VNID.
  • Embodiments 1 to 3 there are various implementations of the tenant route including the VNID, the IP address of the CE device, and the address of the VTEP of the PE device. Several examples are given as references in the embodiments of the present invention. Possible implementations are not listed one by one.
  • the first implementation manner is as follows: As shown in Table 2, the VNID, the IP address of the CE device, and the VTEP address of the PE device are all located in MP_REACH_NLRI.
  • the second implementation manner is as follows:
  • the VNID is located in the preset extended community attribute, and the IP address of the CE device and the VTEP address of the PE device are both located in the MP_REACH_NLRI of the BGP.
  • Table 3 shows an extended community attribute of a VNID mapping, in which a tenant route carries multiple VNID extended community attributes and is advertised to multiple VPN networks.
  • the third implementation mode is that the VNID, the IP address of the CE device, and the VTEP address of the PE device are respectively located in a preset extended community attribute.
  • FIG. 6 is a flowchart of a method for publishing tenant routes in an NVo3 network according to Embodiment 4 of the present invention.
  • the method provided in Embodiment 4 of the present invention includes:
  • the second tenant route is obtained by the first PE device according to a first tenant route from the first CE device.
  • the first tenant route includes an IP address of the first CE device.
  • the second tenant route includes a first VNID, an IP address of the first CE device, and an address of a VTEP of the first PE.
  • the first VNID is used to identify a VPN to which the first CE device belongs.
  • the RR maintains routes of all tenants corresponding to all PE devices connected to the RR, where each tenant corresponds to one routing table.
  • the RR After the RR receives the second tenant route, the RR stores the second tenant route into a routing table corresponding to the VNID included in the second tenant route.
  • FIG. 7 is a flowchart of a method for publishing tenant routes in an NVo3 network according to Embodiment 5 of the present invention.
  • the method provided in Embodiment 5 of the present invention includes:
  • the RR receives the second tenant route sent by the first PE device, where the second tenant route is obtained by the first PE device according to the first tenant route from the first CE device, and the first tenant route includes the network protocol of the first CE device.
  • the IP address, the second tenant route includes a first virtual network identifier VNID, an IP address of the first CE device, and an address of the VTEP of the first PE, where the first VNID is used to identify the VPN to which the first CE device belongs.
  • any one of the PE devices determines whether the received second tenant route is a tenant route required for the transmission of the service data. The any one of the PE devices determines that the received second tenant route is not the tenant route required for the transmission of the service data, and the any one of the PE devices discards the second tenant route.
  • the method for the RR to send the second tenant route to the target PE device may also be that the RR receives the request message for requesting the tenant route sent by the target PE device, where the request message carries the requested message.
  • the VNID included in the tenant route; the RR will be the second tenant road Sent to the target PE device.
  • the VNID carried in the request message is consistent with the VNID in the second tenant route.
  • the request message carries a VNI_Based ORF entry based on the ORF protocol; the VNI_Based ORF entry includes a VNID of the requested tenant route.
  • the VNI_Based ORF entry further includes a VNID included in a tenant route that the PE device requests the RR to revoke.
  • the method provided by the embodiment of the present invention further includes: the RR cancels the corresponding tenant route according to the VNID included in the tenant route that the PE device requests the RR to revoke.
  • the manner in which the tenant route includes the VNID, the IP address of the CE device, and the address of the virtual tunnel endpoint VTEP of the PE device is the same as that in the third embodiment, and details are not described herein again.
  • Figure 8 is a schematic diagram of a scenario for publishing tenant routes on an NVo3 network.
  • the structure shown in Figure 8 is a common topology in the NVo3 network.
  • a forwarding device such as a Spine device, acts as a BGP RR.
  • the leaf device serves as the virtual machine for the NVE device to access the tenant.
  • the system includes a leaf, a leaf 2, and a leaf 3, and a virtual machine (VM) belonging to a different tenant, where the VM 11 and the VM 13 are virtual to the tenant VNI 100.
  • VM21, VM22, and VM23 are virtual machines belonging to the tenant VNI200
  • VM31 and VM33 are virtual machines belonging to the tenant VNI300
  • the RR node maintains a routing table for the tenants VNI100, VNI200, and VNI300, respectively.
  • the tenant communication method in the NVo3 network includes:
  • Leaf3 publishes tenant routes to Spine.
  • Leaf3 publishes tenant routes including:
  • VNID 300 tunnel type 8, address prefix p1;
  • Tunnel attribute parameters related to the specific tunnel type
  • Leaf3 publishes the tenant route encapsulated into BGP UPDATE (Border Gateway Protocol Update Packet) and sends it to Spine.
  • BGP UPDATE Border Gateway Protocol Update Packet
  • Tunnel attribute parameters related to the specific tunnel type
  • the tenant route sent by Spine is encapsulated into a BGP UPDATE.
  • Leaf1 After receiving the reflected route of Spine, Leaf1 can perform the following operations, including:
  • Figure 9 is a schematic diagram of another scenario for publishing tenant routes in an NVo3 network.
  • the Spine node which is a BGP route reflector, maintains all routes of the tenants 100, 200, and 300.
  • Leaf2 does not need a tenant route with a VNID of 200.
  • Leaf2 needs to apply to Spine for a tenant route with a VNID of 200.
  • the lease route that the leaf2 applies to the Spine with a VNID of 200 includes:
  • Leaf2 sends a request message requesting tenant 200 routing to Spine
  • the request message sent by the Leaf2 is encapsulated into a BGP ORF Request message, where the message includes a VNID 200, indicating that the tenant route of the VNID 200 is requested, and the request is sent to the Spine.
  • the Spine node collects the route of the tenant 200, and the route of the tenant 200 collected by the Spine node is encapsulated into a BGP UPDATE, and is sent to the Leaf2.
  • FIG. 10 is a schematic structural diagram of an apparatus for issuing a tenant route in an NVo3 network according to an embodiment of the present disclosure.
  • the device a tenant route generation module 1201 and a route issuance module 1202, wherein:
  • the tenant route generating module 1201 is configured to obtain a second tenant route according to the first tenant route from the first user edge CE device, where the first tenant route includes a network protocol IP of the first CE device.
  • the second tenant route includes a first virtual network identifier VNID, an IP address of the first CE device, and an address of the virtual tunnel endpoint VTEP of the first PE, where the first VNID is used to identify the virtual private network VPN to which the first CE device belongs;
  • the route issuing module 1202 is configured to send a second tenant route to the target PE device.
  • the tenant route generation module 1201 is specifically configured to:
  • the second tenant route further includes a type of the first virtual tunnel, and the first virtual tunnel is a virtual tunnel between the first PE and the target PE device.
  • the route issuance module 1202 is specifically configured to:
  • the second tenant route is sent to the target PE device through the route reflector RR.
  • the apparatus for issuing the tenant route in the NVo3 network further includes a receiving module, configured to receive a third tenant route from the second PE device, where the third tenant route includes the second VNID and the IP of the second CE device.
  • the receiving module is specifically configured to:
  • the third tenant route further includes a type of the second virtual tunnel
  • the second virtual tunnel is a virtual tunnel between the first PE device and the second PE device
  • the device further includes:
  • a determining module configured to determine, according to the second VNID and the type of the second virtual tunnel, the second virtual tunnel used by the third tenant route.
  • FIG. 11 is a schematic structural diagram of a PE device according to an embodiment of the present invention.
  • the PE device is deployed as the first PE device in the NVo3 network, where the NVo3 network includes: a service provider backbone network and at least one virtual private network VPN; each tenant corresponds to at least one VPN; the PE device 1400 package
  • the bus 1404 may be a peripheral component interconnection standard (PE device ripheral component interconnect, referred to as PCI) ) Bus or extended industry standard architecture (EISA) bus.
  • the bus can be divided into an address bus, a data bus, a control bus, and the like. For ease of representation, only one thick line is shown in Figure 14, but it does not mean that there is only one bus or one type of bus.
  • the communication interface 1401 is for communicating with the transmitting end.
  • the memory 1403 is configured to store a program.
  • the program can include program code, the program code including computer operating instructions.
  • the memory 1403 may include a random access memory (random acCE device ss memory, RAM for short), and may also include a non-volatile memory, such as at least one disk storage.
  • the processor 1402 executes the program stored in the memory 1403 and executes:
  • the first VNID is used to identify the VPN to which the first CE device belongs.
  • the processor 1402 may be a general-purpose processor, including a central processing unit (CPU), a network processor (NP processor, etc.), or a digital signal processing (DSP). , application-specific integrated circuit (ASIC), field programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware component.
  • CPU central processing unit
  • NP processor network processor
  • DSP digital signal processing
  • ASIC application-specific integrated circuit
  • FPGA field programmable gate array
  • the aforementioned program can be stored in a computer readable storage medium.
  • the program when executed, performs the steps including the foregoing method embodiments; and the foregoing storage medium includes various media that can store program codes, such as a ROM, a RAM, a magnetic disk, or an optical disk.

Abstract

An embodiment of the present invention provides a method and device for publishing tenant routing in an NVo3 network, and can simplify routing deployment schemes in an NVo3 network. In the method, a peripheral PE of a first service provider acquires, according to a first tenant routing from a first user peripheral CE, a second tenant routing, the first tenant routing comprising a network protocol IP address of the first CE, the second tenant routing comprising a first virtual network identifier (VNID), the IP address of the first CE, and a virtual tunnel end point (VTEP) address of the first PE, and the first VNID being used to identify a virtual private network (VPN) to which the first CE belongs; and the first PE transmits the second tenant routing to a target PE.

Description

NVo3网络中用于发布租户路由的方法及装置Method and device for publishing tenant routes in NVo3 network
本申请要求于2015年12月28日提交中国专利局、申请号为CN201510998749.4、发明名称为“NVo3网络中用于发布租户路由的方法及装置”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of the Chinese Patent Application filed on Dec. 28, 2015, the Chinese Patent Office, Application No. CN201510998749.4, entitled "Method and Apparatus for Issuing Tenant Routes in NVo3 Networks", the entire contents of which are hereby incorporated by reference. This is incorporated herein by reference.
技术领域Technical field
本发明实施例涉及NVo3网络技术,尤其涉及一种NVo3网络中用于发布租户路由的方法及装置。The embodiments of the present invention relate to the NVo3 network technology, and in particular, to a method and an apparatus for issuing tenant routes in an NVo3 network.
背景技术Background technique
NVo3(Network Virtualization over Layer3,三层网络虚拟化)是一种实现网络虚拟化的技术,通过该技术可以将物理网络进行虚拟化,使之可以为不同租户共同使用。NVo3网络可采用MPLS(Multiple Protocol Label Switch,多协议标签交换)协议。基于MPLS的虚拟专用网(virtual private network,VPN)可以称为MPLS L3VPN。MPLS L3VPN使用BGP(Border Gateway Protocol,边界网关协议)在服务提供商骨干网上发布VPN路由,使用MPLS(Multiple Protocol Label Switch,多协议标签交换)在服务提供商骨干网上转发VPN报文。NVo3 (Network Virtualization over Layer 3) is a technology for implementing network virtualization. This technology can virtualize the physical network so that it can be used by different tenants. The NVo3 network can adopt the MPLS (Multiple Protocol Label Switch) protocol. An MPLS-based virtual private network (VPN) can be called an MPLS L3VPN. MPLS L3VPN uses BGP (Border Gateway Protocol) to advertise VPN routes on the service provider backbone network and MPLS (Multiple Protocol Label Switch) to forward VPN packets on the service provider backbone network.
在MPLS L3VPN中,CE(Customer Edge,用户网络边缘)设备部署于VPN边缘,与SP(Service Provider,服务提供商)网络相连。SP网络中的PE(Provider Edge,服务提供商边缘)设备部署于服务提供商骨干网边缘,与CE设备相连。P(Provider,服务提供商)设备为服务提供商骨干网中的骨干路由器,与PE设备相连。在MPLS L3VPN中,VPN路由信息的发布包括:本地CE到入口PE的路由发布、入口PE到出口PE的路由发布、以及出口PE到远端CE的路由发布。经过上述路由发布过程,本地CE与远端CE之间将建立可达路由,即VPN私网路由信息能够在骨干网上发布。 In the MPLS L3VPN, the CE (Customer Edge) device is deployed on the VPN edge and connected to the SP (Service Provider) network. The PE (Provider Edge) device in the SP network is deployed on the edge of the service provider backbone and connected to the CE device. The P (Provider, Service Provider) device is a backbone router in the service provider backbone network and is connected to the PE device. In the MPLS L3VPN, the advertisement of the VPN routing information includes: the route advertisement from the local CE to the ingress PE, the route advertisement from the ingress PE to the egress PE, and the route advertisement from the egress PE to the remote CE. After the route is advertised, the reachable route is set up between the local CE and the remote CE. That is, the VPN private network routing information can be advertised on the backbone network.
上述路由发布过程具体包括:本地CE与相连的第一PE建立邻接关系后,把本地CE的VPN路由发布给第一PE。本地CE发布给第一PE的VPN路由为标准格式的IPv4或IPv6路由。第一PE从本地CE得到VPN路由后,为VPN路由增加RD(Route Distinguisher,路由标识符)和Route Target(路由目标)属性,形成VPN-IPv4路由。Route Target属性也可称为VPN Target(VPN目标)属性。VPN第一PE将VPN-IPv4路由存放到为本地CE创建的VPN实例中。第一PE通过MP-BGP(Multi-Protocol Border Gateway Protocol,多协议边界网关协议),把VPN-IPv4路由发布给第二PE。远端CE从第二PE学习VPN-IPv4路由。The process of the route is as follows: After the local CE establishes an adjacency with the connected first PE, the local CE is advertised to the first PE. The VPN route advertised by the local CE to the first PE is a standard format IPv4 or IPv6 route. After obtaining the VPN route from the local CE, the first PE adds the RD (Route Distinguisher) and Route Target attributes to the VPN route to form a VPN-IPv4 route. The Route Target attribute can also be called a VPN Target attribute. The first PE of the VPN stores the VPN-IPv4 route to the VPN instance created for the local CE. The first PE advertises the VPN-IPv4 route to the second PE through the Multi-Protocol Border Gateway Protocol (MP-BGP). The remote CE learns VPN-IPv4 routes from the second PE.
目前的NVo3网络中采用RD及RT策略部署VPN路由,实现过程相对比较复杂。The current NVo3 network uses RD and RT policies to deploy VPN routes. The implementation process is relatively complicated.
发明内容Summary of the invention
本发明实施例提供的NVo3网络中用于发布租户路由的方法及装置,能够简化NVo3网络中的路由部署方案。The method and device for issuing tenant routes in the NVo3 network provided by the embodiment of the present invention can simplify the route deployment scheme in the NVo3 network.
第一方面,提供了一种NVo3网络中用于发布租户路由的方法,所述方法包括:In a first aspect, a method for publishing tenant routes in an NVo3 network is provided, where the method includes:
第一服务提供商边缘PE设备根据来自第一用户边缘CE设备的第一租户路由,获得第二租户路由,所述第一租户路由包括所述第一CE设备的网络协议IP地址,所述第二租户路由包括第一虚拟网络标识VNID、所述第一CE设备的IP地址和第一PE的虚拟隧道端点VTEP的地址,所述第一VNID用于标识所述第一CE设备所属的虚拟专用网VPN;The first service provider edge PE device obtains a second tenant route according to the first tenant route from the first user edge CE device, where the first tenant route includes a network protocol IP address of the first CE device, where the The second tenant route includes a first virtual network identifier VNID, an IP address of the first CE device, and an address of a virtual tunnel endpoint VTEP of the first PE, where the first VNID is used to identify a virtual private entity to which the first CE device belongs. Network VPN;
所述第一PE设备向目标PE设备发送所述第二租户路由。The first PE device sends the second tenant route to the target PE device.
可选地,所述第一服务提供商边缘PE设备根据来自第一用户边缘CE设备的第一租户路由,获得第二租户路由,包括:Optionally, the first service provider edge PE device obtains the second tenant route according to the first tenant route from the first user edge CE device, including:
所述第一PE设备根据所述第一租户路由包括的所述第一CE设备IP地址,确定所述第一VNID; Determining, by the first PE device, the first VNID according to the first CE device IP address included in the first tenant route;
所述第一PE设备将所述第一VNID和第一PE的虚拟隧道端点VTEP的地址添加至所述第一租户路由,获得所述第二租户路由。The first PE device adds the address of the first VNID and the virtual tunnel endpoint VTEP of the first PE to the first tenant route to obtain the second tenant route.
可选地,所述第二租户路由还包括第一虚拟隧道的类型,所述第一虚拟隧道为所述第一PE与所述目标PE设备间的虚拟隧道。Optionally, the second tenant route further includes a type of the first virtual tunnel, where the first virtual tunnel is a virtual tunnel between the first PE and the target PE device.
可选地,所述第一PE设备向目标PE设备发送所述第二租户路由,包括:Optionally, the sending, by the first PE device, the second tenant route to the target PE device includes:
所述第一PE设备通过路由反射器RR,向所述目标PE设备发送所述第二租户路由。The first PE device sends the second tenant route to the target PE device by using a route reflector RR.
可选地,所述方法还包括:Optionally, the method further includes:
所述第一PE设备接收来自第二PE设备的第三租户路由,所述第三租户路由包括第二VNID、第二CE设备的IP地址和第二PE的VTEP的地址,所述第二VNID用于标识所述第二CE设备所属的VPN。The first PE device receives a third tenant route from the second PE device, where the third tenant route includes a second VNID, an IP address of the second CE device, and an address of the VTEP of the second PE, where the second VNID It is used to identify the VPN to which the second CE device belongs.
可选地,所述第一PE设备接收来自第二PE设备的第三租户路由包括:Optionally, the receiving, by the first PE device, the third tenant route from the second PE device includes:
所述第一PE设备接收RR推送的所述第三租户路由;或者Receiving, by the first PE device, the third tenant route pushed by the RR; or
所述第一PE设备向RR发送请求消息,所述请求消息用于向RR请求所述第三租户路由;Sending, by the first PE device, a request message to the RR, where the request message is used to request the third tenant route from the RR;
所述第一PE设备接收所述RR发送的所述第三租户路由。The first PE device receives the third tenant route sent by the RR.
可选地,所述第三租户路由还包括第二虚拟隧道的类型,所述第二虚拟隧道为所述第一PE设备和所述第二PE设备间的虚拟隧道,所述方法还包括:Optionally, the third tenant route further includes a type of the second virtual tunnel, where the second virtual tunnel is a virtual tunnel between the first PE device and the second PE device, the method further includes:
所述第一PE设备根据所述第二VNID以及所述第二虚拟隧道的类型,确定所述第三租户路由所采用的所述第二虚拟隧道。Determining, by the first PE device, the second virtual tunnel that is used by the third tenant route according to the second VNID and the type of the second virtual tunnel.
可选地,所述请求消息中携带基于出站路由过滤ORF协议的VNI_Based ORF表项;所述VNI_Based ORF表项中包括所述第一PE设备请求所述RR发送的租户路由所包含的VNID。Optionally, the request message carries a VNI_Based ORF entry that is based on the outbound route filtering ORF protocol. The VNI_Based ORF entry includes the VNID included in the tenant route that the first PE device requests the RR to send.
可选地,所述VNI_Based ORF表项中还包括所述第一PE设备请求RR撤销的租户路由所包含的VNID。Optionally, the VNI_Based ORF entry further includes a VNID included in the tenant route that the first PE device requests the RR to revoke.
可选地,所述第一PE设备接收来自第二PE设备的第三租户路由之后,还包括:所述第一PE设备根据所述第三租户路由包括的第二VNID,将所述 第三租户路由加入与所述VNID对应的租户路由表中。Optionally, after the first PE device receives the third tenant route from the second PE device, the method further includes: the first PE device, according to the second VNID included in the third tenant route, The third tenant route is added to the tenant routing table corresponding to the VNID.
可选地,所述第二租户路由还包括:第一虚拟隧道参数;Optionally, the second tenant route further includes: a first virtual tunnel parameter;
所述方法还包括:所述第一PE设备根据所述第一虚拟隧道的类型及所述第一虚拟隧道参数,向所述目标PE设备发送业务数据。The method further includes: the first PE device sending service data to the target PE device according to the type of the first virtual tunnel and the first virtual tunnel parameter.
可选地,所述第一虚拟网络标识VNID、所述第一CE设备的IP地址和第一PE的虚拟隧道端点VTEP的地址均位于边界网关协议BGP的多协议_可达_网络层可达信息MP_REACH_NLRI中。Optionally, the first virtual network identifier VNID, the IP address of the first CE device, and the address of the virtual tunnel endpoint VTEP of the first PE are all located in a multi-protocol _ reach_network layer reachable by the border gateway protocol BGP Information in MP_REACH_NLRI.
可选地,所述第一虚拟网络标识VNID、所述第一CE设备的IP地址和第一PE的虚拟隧道端点VTEP的地址分别位于一个预设的扩展团体属性中。Optionally, the first virtual network identifier VNID, the IP address of the first CE device, and the address of the virtual tunnel endpoint VTEP of the first PE are respectively located in a preset extended community attribute.
可选地,所述第一虚拟网络标识VNID位于预设的扩展团体属性中,所述第一CE设备的IP地址和第一PE的虚拟隧道端点VTEP的地址均位于BGP的MP_REACH_NLRI中。Optionally, the first virtual network identifier VNID is located in a preset extended community attribute, and the IP address of the first CE device and the address of the virtual tunnel endpoint VTEP of the first PE are both located in the MP_REACH_NLRI of the BGP.
第二方面,提供了一种NVo3网络中用于发布租户路由的方法,所述方法包括:A second aspect provides a method for publishing tenant routes in an NVo3 network, where the method includes:
路由反射器RR接收第一PE设备发送的第二租户路由,其中所述第二租户路由为所述第一PE设备根据来自第一用户边缘CE设备的第一租户路由获得,所述第一租户路由包括所述第一CE设备的网络协议IP地址,所述第二租户路由包括第一虚拟网络标识VNID、所述第一CE设备的IP地址和第一PE的虚拟隧道端点VTEP的地址,所述第一VNID用于标识所述第一CE设备所属的虚拟专用网VPN;The route reflector RR receives the second tenant route sent by the first PE device, where the second tenant route is obtained by the first PE device according to the first tenant route from the first user edge CE device, the first tenant The route includes a network protocol IP address of the first CE device, and the second tenant route includes a first virtual network identifier VNID, an IP address of the first CE device, and an address of a virtual tunnel endpoint VTEP of the first PE, where The first VNID is used to identify a virtual private network VPN to which the first CE device belongs;
所述RR将所述第二租户路由发给目标PE设备。The RR sends the second tenant route to the target PE device.
可选地,所述方法还包括:所述RR将所述第二租户路由存储到与所述第二租户路由所包括的VNID所对应的路由表中。Optionally, the method further includes: the RR storing the second tenant route into a routing table corresponding to the VNID included in the second tenant route.
可选地,所述RR将所述第二租户路由发给目标PE设备,包括:Optionally, the RR sends the second tenant route to the target PE device, including:
所述RR将所述第二租户路由推送给除所述第一PE设备外的其它与所述RR连接的PE设备。The RR pushes the second tenant route to other PE devices connected to the RR except the first PE device.
根据第二方面或第二方面的第一种可能的实现方式,在第二方面的第三 种可能的实现方式中,所述RR将所述第二租户路由发给目标PE设备,包括:According to the second aspect or the first possible implementation of the second aspect, the third in the second aspect In a possible implementation manner, the RR sends the second tenant route to the target PE device, including:
所述RR接收PE设备发送的请求租户路由的请求消息,所述请求消息中携带所请求的租户路由所包括的VNID;Receiving, by the PE device, a request message for requesting a tenant route, where the request message carries a VNID included in the requested tenant route;
所述RR将所述第二租户路由发送给发出的请求消息中所携带的VNID与所述第二租户路由中的VNID一致的PE设备。The RR sends the second tenant route to the PE device that carries the VNID carried in the request message and is consistent with the VNID in the second tenant route.
可选地,所述请求消息中携带基于出站路由过滤ORF协议的VNI_Based ORF表项;所述VNI_Based ORF表项中包括所请求租户路由的VNID。Optionally, the request message carries a VNI_Based ORF entry based on the outbound route filtering ORF protocol, where the VNI_Based ORF entry includes a VNID of the requested tenant route.
可选地,所述VNI_Based ORF表项中还包括PE设备请求RR撤销的租户路由所包含的VNID;所述方法还包括:所述RR根据PE设备请求RR撤销的租户路由所包含的VNID,撤销对应的租户路由。Optionally, the VNI_Based ORF entry further includes a VNID that is included in the tenant route that the PE device requests the RR to revoke. The method further includes: the RR is revoked according to the VNID included in the tenant route that the PE device requests the RR to revoke. The corresponding tenant route.
可选地,所述第一虚拟网络标识VNID、所述第一CE设备的IP地址和第一PE的虚拟隧道端点VTEP的地址均位于边界网关协议BGP的多协议_可达_网络层可达信息MP_REACH_NLRI中。Optionally, the first virtual network identifier VNID, the IP address of the first CE device, and the address of the virtual tunnel endpoint VTEP of the first PE are all located in a multi-protocol _ reach_network layer reachable by the border gateway protocol BGP Information in MP_REACH_NLRI.
可选地,所述第一虚拟网络标识VNID、所述第一CE设备的IP地址和第一PE的虚拟隧道端点VTEP的地址分别位于一个预设的扩展团体属性中。Optionally, the first virtual network identifier VNID, the IP address of the first CE device, and the address of the virtual tunnel endpoint VTEP of the first PE are respectively located in a preset extended community attribute.
可选地,所述第一虚拟网络标识VNID位于预设的扩展团体属性中,所述第一CE设备的IP地址和第一PE的虚拟隧道端点VTEP的地址均位于BGP的MP_REACH_NLRI中。Optionally, the first virtual network identifier VNID is located in a preset extended community attribute, and the IP address of the first CE device and the address of the virtual tunnel endpoint VTEP of the first PE are both located in the MP_REACH_NLRI of the BGP.
第三方面,提供了一种NVo3网络中用于发布租户路由的装置,所述装置包括:A third aspect provides an apparatus for publishing tenant routes in an NVo3 network, where the apparatus includes:
路由生成模块,用于根据来自第一用户边缘CE设备的第一租户路由,获得第二租户路由,所述第一租户路由包括所述第一CE设备的网络协议IP地址,所述第二租户路由包括第一虚拟网络标识VNID、所述第一CE设备的IP地址和第一PE的虚拟隧道端点VTEP的地址,所述第一VNID用于标识所述第一CE设备所属的虚拟专用网VPN;a route generation module, configured to obtain a second tenant route according to the first tenant route from the first user edge CE device, where the first tenant route includes a network protocol IP address of the first CE device, and the second tenant The route includes a first virtual network identifier VNID, an IP address of the first CE device, and an address of a virtual tunnel endpoint VTEP of the first PE, where the first VNID is used to identify a virtual private network VPN to which the first CE device belongs. ;
路由发布模块,用于向目标PE设备发送所述第二租户路由。The route issuing module is configured to send the second tenant route to the target PE device.
可选地,所述路由生成模块具体用于: Optionally, the route generation module is specifically configured to:
根据所述第一租户路由包括的所述第一CE设备IP地址,确定所述第一VNID;Determining the first VNID according to the first CE device IP address included in the first tenant route;
将所述第一VNID和第一PE的虚拟隧道端点VTEP的地址添加至所述第一租户路由,获得所述第二租户路由。Adding the address of the first VNID and the virtual tunnel endpoint VTEP of the first PE to the first tenant route to obtain the second tenant route.
可选地,所述第二租户路由还包括第一虚拟隧道的类型,所述第一虚拟隧道为所述第一PE与所述目标PE设备间的虚拟隧道。Optionally, the second tenant route further includes a type of the first virtual tunnel, where the first virtual tunnel is a virtual tunnel between the first PE and the target PE device.
可选地,所述路由发布模块具体用于:Optionally, the route publishing module is specifically configured to:
通过路由反射器RR,向所述目标PE设备发送所述第二租户路由。The second tenant route is sent to the target PE device by using a route reflector RR.
可选地,所述装置还包括:Optionally, the device further includes:
接收模块,用于接收来自第二PE设备的第三租户路由,所述第三租户路由包括第二VNID、第二CE设备的IP地址和第二PE的VTEP的地址,所述第二VNID用于标识所述第二CE设备所属的VPN。a receiving module, configured to receive a third tenant route from the second PE device, where the third tenant route includes a second VNID, an IP address of the second CE device, and an address of the VTEP of the second PE, where the second VNID is used The VPN to which the second CE device belongs is identified.
可选地,所述接收模块具体用于:Optionally, the receiving module is specifically configured to:
接收RR推送的所述第三租户路由;或者Receiving the third tenant route pushed by the RR; or
向RR发送请求消息,所述请求消息用于向RR请求所述第三租户路由;Sending a request message to the RR, where the request message is used to request the third tenant route from the RR;
接收所述RR发送的所述第三租户路由。Receiving the third tenant route sent by the RR.
可选地,所述第三租户路由还包括第二虚拟隧道的类型,所述第二虚拟隧道为所述第一PE设备和所述第二PE设备间的虚拟隧道,所述装置还包括:Optionally, the third tenant route further includes a type of the second virtual tunnel, where the second virtual tunnel is a virtual tunnel between the first PE device and the second PE device, and the device further includes:
确定模块,用于根据所述第二VNID以及所述第二虚拟隧道的类型,确定所述第三租户路由所采用的所述第二虚拟隧道。And a determining module, configured to determine, according to the second VNID and the type of the second virtual tunnel, the second virtual tunnel used by the third tenant route.
本发明实施例提供的方法中,第一PE设备通过第二租户路由,向目标PE设备发布第一虚拟网络标识VNID、所述第一CE设备的IP地址和第一PE设备的虚拟隧道端点VTEP的地址,无需采用RD策略和RT策略,简化了NVo3网络的路由部署方案。In the method provided by the embodiment of the present invention, the first PE device advertises the first virtual network identifier VNID, the IP address of the first CE device, and the virtual tunnel endpoint VTEP of the first PE device to the target PE device by using the second tenant route. The address does not need to adopt RD policy and RT policy, which simplifies the route deployment scheme of the NVo3 network.
附图说明DRAWINGS
图1为MPLS L3VPN的场景示意图; Figure 1 is a schematic diagram of a scenario of an MPLS L3VPN;
图2为NVo3网络的场景示意图;2 is a schematic diagram of a scenario of an NVo3 network;
图3为本发明实施例一提供的NVo3网络中用于发布租户路由的方法流程图;3 is a flowchart of a method for publishing a tenant route in an NVo3 network according to Embodiment 1 of the present invention;
图4为本发明实施例二提供的NVo3网络中用于发布租户路由的方法流程图;4 is a flowchart of a method for publishing a tenant route in an NVo3 network according to Embodiment 2 of the present invention;
图5为本发明实施例三提供的NVo3网络中用于发布租户路由的方法流程图;FIG. 5 is a flowchart of a method for publishing tenant routes in an NVo3 network according to Embodiment 3 of the present invention;
图6为本发明实施例四提供的NVo3网络中用于发布租户路由的方法流程图;6 is a flowchart of a method for publishing a tenant route in an NVo3 network according to Embodiment 4 of the present invention;
图7为本发明实施例五提供的NVo3网络中用于发布租户路由的方法流程图;FIG. 7 is a flowchart of a method for publishing tenant routes in an NVo3 network according to Embodiment 5 of the present invention;
图8为NVo3网络中发布租户路由的一种示意图;8 is a schematic diagram of publishing tenant routes in an NVo3 network;
图9为NVo3网络中发布租户路由的另一种示意图;FIG. 9 is another schematic diagram of issuing tenant routes in an NVo3 network;
图10为本发明实施例提供的NVo3网络中用于发布租户路由的装置的结构示意图;FIG. 10 is a schematic structural diagram of an apparatus for issuing a tenant route in an NVo3 network according to an embodiment of the present disclosure;
图11为本发明实施例提供的PE设备的结构示意图。FIG. 11 is a schematic structural diagram of a PE device according to an embodiment of the present invention.
具体实施方式detailed description
为对本发明实施例的NVo3网络中用于发布租户路由的方法进行说明,先对MPLS L3VPN(Multiple Protocol Label Switch Layer3Virtual Private Network,多协议标签交换下的三层虚拟专用网)及NVo3网络进行说明。The method for issuing the tenant route in the NVo3 network in the embodiment of the present invention is described. The MPLS L3VPN (Multiple Protocol Label Switch Layer 3 Virtual Private Network) and the NVo3 network are described first.
图1为MPLS L3VPN的场景示意图。如图1所示,MPLS L3VPN包括CE设备1、CE设备2、CE设备3、CE设备4、PE设备1、PE设备2和P设备。Figure 1 shows the scenario of MPLS L3VPN. As shown in Figure 1, the MPLS L3VPN includes the CE device 1, the CE device 2, the CE device 3, the CE device 4, the PE device 1, the PE device 2, and the P device.
如图1中,CE设备1及CE设备4分别属于VPN1,CE设备2及CE设备3分别属于VPN2。由于VPN网络的独立性,VPN1及VPN2分别独立管理自己使用的地址范围。其中,地址范围也称为地址空间(Address Space)。 As shown in Figure 1, CE device 1 and CE device 4 belong to VPN 1, respectively, and CE device 2 and CE device 3 belong to VPN 2. Due to the independence of the VPN network, VPN1 and VPN2 independently manage the range of addresses used by themselves. Among them, the address range is also called Address Space.
实际应用场景中,不同VPN的地址空间在一定范围内可能存在重合,比如,VPN1和VPN2都使用了10.110.10.0/24网段的地址,此时就发生了地址空间重叠(Overlapping Address Spaces)。假设VPN1和VPN2都发布了一条去往此重合网段的路由,PE设备只会选择其中一条路由,从而导致另一条路由的丢失。In the actual application scenario, the address spaces of different VPNs may overlap in a certain range. For example, both VPN1 and VPN2 use the address of the 10.110.10.0/24 network segment, and Overlapping Address Spaces occur. Assume that both VPN1 and VPN2 advertise a route to the rejoined network segment. The PE device only selects one of the routes, which causes the other route to be lost.
为了解决MPLS L3VPN中路由发布的问题,通常会采用RD、RT及隧道等策略。In order to solve the problem of route advertisement in MPLS L3VPN, policies such as RD, RT, and tunnel are usually adopted.
(一)RD策略(1) RD strategy
以PE设备1为例,PE设备1从CE设备1接收到VPN路由后,为VPN路由附加RD,使之成为全局唯一。例如,PE设备1为接收到的IPv4路由附加RD,得到VPN-IPv4路由,VPN-IPv4路由全局唯一。Taking the PE device 1 as an example, after receiving the VPN route from the CE device 1, the PE device 1 adds an RD to the VPN route to make it globally unique. For example, the PE device 1 attaches an RD to the received IPv4 route, and obtains a VPN-IPv4 route, and the VPN-IPv4 route is globally unique.
(二)RT策略(2) RT strategy
MPLS L3VPN中使用BGP扩展团体属性—Route Target控制VPN路由信息的发布,其中,任意一台PE设备上部署有两类RT属性:目标出口(Export Target)属性:PE设备1将获取的VPN-IPv4路由发布给其它PE设备,比如PE设备2,之前,还进一步为VPN-IPv4路由设置Export Target属性。目标入口(Import Target)属性:PE设备2接收到其它PE设备,比如PE设备1,发送的VPN-IPv4路由后,检查接收到的VPN-IPv4路由的Export Target属性,只有当其Export Target属性与PE设备2中所设置的Import Target属性匹配时,才把接收到的路由加入到相应的VPN路由表中。MPLS L3VPN uses the BGP extended community attribute—Route Target to control the advertisement of VPN routing information. Two types of RT attributes are deployed on any PE: Export Target attribute: VPN-IPv4 that PE device 1 will acquire. The route is advertised to other PE devices, such as PE device 2. Before, the Export Target attribute is further set for VPN-IPv4 routes. Import target attribute: PE device 2 receives other VPN devices, such as PE device 1, and sends the VPN-IPv4 route, and then checks the Export Target attribute of the received VPN-IPv4 route, only when its Export Target attribute is When the Import Target attribute set in PE 2 matches, the received route is added to the corresponding VPN routing table.
(三)隧道策略(Tunneling Policy)(3) Tunneling Policy
隧道策略用于确定传输VPN中业务报文所使用的隧道,例如选择LSP(Label Switch Path,标签交换路径)作为隧道。The tunneling policy is used to determine the tunnel used to transmit the service packets in the VPN. For example, the LSP (Label Switch Path) is selected as the tunnel.
图2为NVo3网络的场景示意图。NVo3(Network Virtualization over Layer3,三层网络虚拟化)是一种实现网络虚拟化的技术,通过该技术可以将一个物理网络进行虚拟化,使之可以为不同租户共同使用。Figure 2 is a schematic diagram of a scenario of an NVo3 network. NVo3 (Network Virtualization over Layer 3) is a technology for implementing network virtualization. This technology can virtualize a physical network so that it can be used by different tenants.
如图2所示,NVo3网络中包括TES(tenant end system,租户终端系统) 及NVE(Network Virtulizaiton Edge,虚拟网络边缘)设备。其中,TES是MPLS L3VPN中CE的虚拟化后的节点。NVE是MPLS L3VPN中PE虚拟化后的节点,具体的,图2中的TES1~TES4分别对应MPLS L3VPN中的CE1~CE4,NVE1及NVE2分别对应MPLS L3VPN中的PE1及PE2。NVo3网络也可以直接采用MPLS L3VPN中的路由发布策略,即按照RD、RT及隧道等策略发布路由。但NVo3网络中为了发布路由部署上述路由策略,实现过程相对比较复杂。As shown in Figure 2, the NVo3 network includes TES (tenant end system). And NVE (Network Virtulizaiton Edge, virtual network edge) devices. The TES is the virtualized node of the CE in the MPLS L3VPN. The NVE is the node after the PE is virtualized in the MPLS L3VPN. Specifically, TES1 to TES4 in Figure 2 correspond to CE1 to CE4 in the MPLS L3VPN, and NVE1 and NVE2 respectively correspond to PE1 and PE2 in the MPLS L3VPN. The NVo3 network can also directly adopt the route advertisement policy in MPLS L3VPN, that is, advertise routes according to policies such as RD, RT, and tunnel. However, in the NVo3 network, the above routing policy is deployed to advertise routes. The implementation process is relatively complicated.
为了解决现有NVo3网络中路由发布过程复杂的问题,本发明实施例提供了一种NVo3网络中用于发布租户路由的方法,该方法中,控制平面和数据平面都使用同一个虚拟网络标识(virtual network identifier,VNID)。该VNID在控制平面代表了租户的划分,可以用于租户路由的隔离,进一步,VNID在数据平面可以作为转发标识。本发明实施例提供的方法,第一PE设备通过第二租户路由,向目标PE设备发布第一虚拟网络标识VNID、第一CE设备的IP地址和第一PE设备的VTEP(virtual tunnel end point,虚拟隧道端点)的地址,无需采用RD策略和RT策略,简化了NVo3网络的路由部署方案。In order to solve the problem that the route publishing process is complicated in the existing NVo3 network, the embodiment of the present invention provides a method for publishing a tenant route in an NVo3 network, in which both the control plane and the data plane use the same virtual network identifier ( Virtual network identifier, VNID). The VNID represents the division of tenants in the control plane and can be used for isolation of tenant routes. Further, the VNID can be used as a forwarding identifier in the data plane. According to the method provided by the embodiment of the present invention, the first PE device sends the first virtual network identifier VNID, the IP address of the first CE device, and the VTEP (virtual tunnel end point) of the first PE device to the target PE device through the second tenant route. The address of the virtual tunnel endpoint does not need to adopt the RD policy and the RT policy, which simplifies the route deployment scheme of the NVo3 network.
以下将结合附图对本发明实施例的NVo3网络中的租户通信方法进行详细说明。The tenant communication method in the NVo3 network according to the embodiment of the present invention will be described in detail below with reference to the accompanying drawings.
图3为本发明实施例一提供的NVo3网络中用于发布租户路由的方法流程图,NVo3网络包括:服务商骨干网以及至少一个VPN;每个租户分别对应至少一个VPN。本发明实施例一提供的方法包括:FIG. 3 is a flowchart of a method for publishing a tenant route in an NVo3 network according to Embodiment 1 of the present invention. The NVo3 network includes: a service provider backbone network and at least one VPN; each tenant corresponds to at least one VPN. The method provided in Embodiment 1 of the present invention includes:
S11:第一PE设备根据来自第一CE设备的第一租户路由,获得第二租户路由。S11: The first PE device obtains the second tenant route according to the first tenant route from the first CE device.
其中,所述第一租户路由中包括所述第一CE设备的IP地址,如所述第一CE设备的IPv4地址或IPv6地址。所述第二租户路由中包括第一VNID、所述第一CE设备的IP地址和所述第一PE设备的VTEP的地址。所述第一VNID用于标识所述第一CE设备所属的VPN。The first tenant route includes an IP address of the first CE device, such as an IPv4 address or an IPv6 address of the first CE device. The second tenant route includes a first VNID, an IP address of the first CE device, and an address of a VTEP of the first PE device. The first VNID is used to identify a VPN to which the first CE device belongs.
本发明实施例中,所述第一PE设备根据来自所述第一CE设备的所述第 一租户路由,获得所述第二租户路由具体可以包括:所述第一PE设备根据所述第一租户路由包括的所述第一CE设备IP地址,确定所述第一VNID;所述第一PE设备将所述第一VNID和所述第一PE的VTEP的地址添加至所述第一租户路由,获得所述第二租户路由。In the embodiment of the present invention, the first PE device is configured according to the first device from the first CE device The first VNID is determined by the first PE device according to the first CE device IP address included in the first tenant route; the first The PE device adds the address of the first VNID and the VTEP of the first PE to the first tenant route to obtain the second tenant route.
进一步,所述第二租户路由还可以包括第一虚拟隧道的类型,第一虚拟隧道为所述第一PE与目标PE设备间的虚拟隧道。所述目标PE设备为接收所述第二租户路由的PE设备。Further, the second tenant route may further include a type of the first virtual tunnel, where the first virtual tunnel is a virtual tunnel between the first PE and the target PE device. The target PE device is a PE device that receives the route of the second tenant.
S12:所述第一PE设备向目标PE设备发送所述第二租户路由。S12: The first PE device sends the second tenant route to the target PE device.
举例说明,所述第一PE设备将所述第二租户路由发送给所述目标PE设备。所述目标PE设备通过第二租户路由获取所述第一VNID、第一CE设备的IP地址和第一PE设备的VTEP的地址。其中,第一VNID可以实现与其它租户路由之间的区分隔离,无需部署现有方法中的RD策略和RT策略。所述目标PE设备可根据所述第一PE设备的VTEP的地址,直接通过BGP协议交换VPN路由信息,无需现有方法中的VPNv4/6路由表中转处理。可见,本发明实施例的路由发布方法,无需采用RD策略和RT策略,简化了NVo3网络的路由部署方案。For example, the first PE device sends the second tenant route to the target PE device. The target PE device obtains the first VNID, the IP address of the first CE device, and the address of the VTEP of the first PE device by using the second tenant route. The first VNID can be separated from other tenant routes, and the RD policy and the RT policy in the existing method need not be deployed. The target PE device can exchange VPN routing information directly through the BGP protocol according to the address of the VTEP of the first PE device, and does not need to transfer the VPNv4/6 routing table in the existing method. It can be seen that the route publishing method of the embodiment of the present invention does not need to adopt an RD policy and an RT policy, and simplifies the route deployment scheme of the NVo3 network.
本发明实施例中,所述目标PE设备可以是直接与所述第一PE设备相连的PE设备,也可以指通过RR(Route Reflector,路由反射器)与所述第一PE设备相连的PE设备。其中,所述RR用于在与所述RR连接的PE设备之间反射路由信息。In the embodiment of the present invention, the target PE device may be a PE device directly connected to the first PE device, or may be a PE device connected to the first PE device by using a route reflector (RR). . The RR is configured to reflect routing information between PE devices connected to the RR.
若所述目标PE设备通过所述RR与所述第一PE设备相连,所述第一PE设备将所述第二租户路由发送给所述RR,所述RR将所述第二租户路由发送给所述目标PE设备。If the target PE device is connected to the first PE device by using the RR, the first PE device sends the second tenant route to the RR, and the RR sends the second tenant route to the The target PE device.
图4为本发明实施例二提供的NVo3网络中用于发布租户路由的方法流程图。本发明实施例二提供的方法包括:FIG. 4 is a flowchart of a method for publishing tenant routes in an NVo3 network according to Embodiment 2 of the present invention. The method provided in the second embodiment of the present invention includes:
S21:第一PE设备接收来自第二PE设备的第三租户路由。S21: The first PE device receives a third tenant route from the second PE device.
其中,所述第三租户路由包括第二VNID、第二CE设备的IP地址和所 述第二PE的VTEP的地址。所述第二VNID用于标识所述第二CE设备所属的VPN。The third tenant route includes a second VNID, an IP address of the second CE device, and a location The address of the VTEP of the second PE. The second VNID is used to identify a VPN to which the second CE device belongs.
本发明实施例中,所述第一PE设备可以直接与所述第二PE设备相连,并接收来自所述第二PE设备的所述第三租户路由。另外,所述第一PE设备也可以通过RR与所述第二PE设备相连,通过所述RR获取来自所述第二PE的所述第三租户路由。In the embodiment of the present invention, the first PE device may be directly connected to the second PE device, and receive the third tenant route from the second PE device. In addition, the first PE device may be connected to the second PE device by using the RR, and obtain the third tenant route from the second PE by using the RR.
在一种实现方式中,所述第一PE设备通过所述RR接收来自所述第二PE设备的所述第三租户路由包括:所述第一PE设备接收所述RR推送的所述第三租户路由。可选地,所述第一PE设备接收到所述RR推送的所述第三租户路由后,判断所述第三租户路由是否为自身传输业务信息所需要的租户路由。若所述第三租户路由是所需要的租户路由,则所述第一PE设备将所述第三租户路由存储到与所述第二VNID相匹配的路由表中。若所述第三租户路由不是所需要的租户路由,则所述第一PE设备可以丢弃接收到的所述第三租户路由。In an implementation manner, the receiving, by the first PE device, the third tenant route from the second PE device by using the RR includes: the first PE device receiving the third Tenant routing. Optionally, after receiving the third tenant route pushed by the RR, the first PE device determines whether the third tenant route is a tenant route required for transmitting the service information by itself. If the third tenant route is a required tenant route, the first PE device stores the third tenant route into a routing table that matches the second VNID. If the third tenant route is not the required tenant route, the first PE device may discard the received third tenant route.
在另一种实现方式中,所述第一PE设备通过所述RR接收来自所述第二PE设备的所述第三租户路由包括:所述第一PE设备向所述RR发送请求消息,所述请求消息用于向所述RR请求所述第三租户路由;所述第一PE设备接收所述RR发送的所述第三租户路由。所述请求消息中可携带用于标识所述第三租户路由的信息,比如所述第二VNID。所述RR发送的所述第三租户路由是根据所述用于标识所述第三租户路由的信息确定的租户路由。In another implementation manner, the receiving, by the first PE device, the third tenant route from the second PE device by using the RR includes: sending, by the first PE device, a request message to the RR, where The request message is used to request the third tenant route to the RR; the first PE device receives the third tenant route sent by the RR. The request message may carry information for identifying the third tenant route, such as the second VNID. The third tenant route sent by the RR is a tenant route determined according to the information used to identify the third tenant route.
S22:所述第一PE设备将接收到的所述第三租户路由存储到与第二VNID匹配的租户路由表中。S22: The first PE device stores the received third tenant route into a tenant routing table that matches the second VNID.
可选地,所述第三租户路由还包括第二虚拟隧道的类型。所述第二虚拟隧道为所述第一PE设备和所述第二PE设备间的虚拟隧道。Optionally, the third tenant route further includes a type of the second virtual tunnel. The second virtual tunnel is a virtual tunnel between the first PE device and the second PE device.
S23:所述第一PE设备根据所述第二VNID以及第二虚拟隧道的类型,确定第所述三租户路由所采用的第二虚拟隧道。S23: The first PE device determines, according to the second VNID and the type of the second virtual tunnel, the second virtual tunnel used by the third tenant route.
可选地,所述第三租户路由中还包括隧道参数。所述隧道参数用于确定 作为所述第二虚拟隧道的隧道。Optionally, the third tenant route further includes a tunnel parameter. The tunnel parameters are used to determine As a tunnel of the second virtual tunnel.
S24:所述第一PE设备根据确定出的所述第二虚拟隧道,向所述第二PE设备发送业务数据。S24: The first PE device sends service data to the second PE device according to the determined second virtual tunnel.
可选地,若所述第三租户路由中还包括S23中的所述隧道参数,所述第一PE设备还根据确定出的所述第二虚拟隧道和所述隧道参数,向所述第二PE设备发送业务数据。Optionally, if the third tenant route further includes the tunnel parameter in S23, the first PE device further performs the second according to the determined second virtual tunnel and the tunnel parameter. The PE device sends service data.
图5为本发明实施例三提供的NVo3网络中用于发布租户路由的方法流程图。NVo3网络中部署有RR,与RR连接的PE设备之间通过RR反射主路由。本发明实施例三提供的方法包括:FIG. 5 is a flowchart of a method for publishing tenant routes in an NVo3 network according to Embodiment 3 of the present invention. An RR is deployed on the NVo3 network. The PEs connected to the RR reflect the primary route through the RR. The method provided in Embodiment 3 of the present invention includes:
S31:第一PE设备向RR发送请求消息,请求消息用于向所述RR请求第三租户路由。S31: The first PE device sends a request message to the RR, where the request message is used to request a third tenant route to the RR.
所述第一PE设备向所述RR发送的所述请求消息中包括所请求租户路由所包括的VNID。若所述第一PE设备所请求的租户路由所包括的VNID为第二VNID,则所述RR将包括所述第二VNID的所述第三租户路由发送给所述第一PE设备。The request message sent by the first PE device to the RR includes a VNID included in the requested tenant route. If the VNID included in the tenant route requested by the first PE device is the second VNID, the RR sends the third tenant route including the second VNID to the first PE device.
S32:所述第一PE设备接收来自所述RR的所述第三租户路由。S32: The first PE device receives the third tenant route from the RR.
所述第三租户路由包括第二VNID、第二CE设备的IP地址和第二PE的VTEP的地址。所述第二VNID用于标识所述第二CE设备所属的VPN。The third tenant route includes a second VNID, an IP address of the second CE device, and an address of the VTEP of the second PE. The second VNID is used to identify a VPN to which the second CE device belongs.
S33:所述第一PE设备将接收到的所述第三租户路由存储到与所述第二VNID匹配的租户路由表中。S33: The first PE device stores the received third tenant route into a tenant routing table that matches the second VNID.
S34:所述第一PE设备根据所述第二VNID以及第二虚拟隧道的类型,确定所述第三租户路由所采用的第二虚拟隧道。S34: The first PE device determines, according to the second VNID and the type of the second virtual tunnel, a second virtual tunnel used by the third tenant route.
可选地,所述第三租户路由中还包括隧道参数。Optionally, the third tenant route further includes a tunnel parameter.
S35:所述第一PE设备根据确定出的所述第二虚拟隧道以及隧道参数,向所述第二PE设备发送业务数据。S35: The first PE device sends service data to the second PE device according to the determined second virtual tunnel and the tunnel parameter.
本发明实施例中,所述第一PE设备发送的请求消息中携带基于出站路由过滤(outbound route filtering,ORF)协议的VNI_Based ORF表项; In the embodiment of the present invention, the request message sent by the first PE device carries a VNI_Based ORF entry based on an outbound route filtering (ORF) protocol;
VNI_Based ORF表项中包括至少一组路由信息,每组路由信息均包括VNID以及执行动作,其中执行动作为申请租户路由动作或撤销租户路由动作,撤销租户路由动作用于RR撤销具有相应VNID的租户路由。The VNI_Based ORF entry includes at least one set of routing information, and each group of routing information includes a VNID and an action, where the action is to apply for a tenant routing action or to cancel the tenant routing action, and the revoke tenant routing action is used for the RR to cancel the tenant with the corresponding VNID. routing.
表1 VNI_Based ORF表项的结构示意图Table 1 Schematic diagram of the structure of the VNI_Based ORF entry
ORF条目数(Num of ORF Entries)Number of ORF entries (Num of ORF Entries) 1字节1 byte
VNID 1VNID 1 4字节4 bytes
执行动作(Action)Execution action (Action) 1字节1 byte
……......  
VNID NVNID N 4字节4 bytes
执行动作(Action)Execution action (Action) 1字节1 byte
表1为VNI_Based ORF表项的结构示意图。从表1可以看出,在一个VNI_Based ORF表项中可以携带多个VNID及其对应的执行动作。其中上述的执行动作可以采用指定的数字表示动作类型,如Action的值设置为0x01时表示申请相应VNI的路由,值为0x02表示撤销相应VNI的路由。Table 1 shows the structure of the VNI_Based ORF entry. As shown in Table 1, multiple VNIDs and their corresponding execution actions can be carried in a VNI_Based ORF entry. The above-mentioned execution action may indicate the action type by using a specified number. For example, when the value of the action is set to 0x01, the route for applying the corresponding VNI is indicated, and the value of 0x02 indicates that the route of the corresponding VNI is revoked.
当第一PE设备发送的请求消息所携带的VNI_Based ORF表项中包括第二VNID,且对应第二VNID的执行动作为申请租户路由时,RR将第三租户路由发送给第一PE设备。When the VNI_Based ORF entry carried in the request message sent by the first PE device includes the second VNID, and the performing action of the second VNID is the application for the tenant route, the RR sends the third tenant route to the first PE device.
可选地,第一PE设备利用VNI_Based ORF表项可以同时请求RR发送多个租户路由。Optionally, the first PE device can simultaneously request the RR to send multiple tenant routes by using the VNI_Based ORF entry.
可选地,第一PE设备还可以利用VNI_Based ORF表项请求RR撤销包括指定VNID的租户路由。Optionally, the first PE device may also use the VNI_Based ORF entry to request the RR to revoke the tenant route including the specified VNID.
上述实施例一~实施例三中,租户路由中包括VNID、CE设备的IP地址和PE设备的VTEP的地址的实现方案有多种,本发明实施例中给出几种示例作为参考,对于其它可能的实现方式不再一一列举。In the foregoing Embodiments 1 to 3, there are various implementations of the tenant route including the VNID, the IP address of the CE device, and the address of the VTEP of the PE device. Several examples are given as references in the embodiments of the present invention. Possible implementations are not listed one by one.
第一种实现方式:如表2所示,VNID、CE设备的IP地址和PE设备的VTEP的地址均位于MP_REACH_NLRI中。The first implementation manner is as follows: As shown in Table 2, the VNID, the IP address of the CE device, and the VTEP address of the PE device are all located in MP_REACH_NLRI.
表2 新的MP_REACH_NLRI封装表 Table 2 New MP_REACH_NLRI package table
Figure PCTCN2016109933-appb-000001
Figure PCTCN2016109933-appb-000001
第二种实现方式:VNID位于预设的扩展团体属性中,CE设备的IP地址和PE设备的VTEP的地址均位于BGP的MP_REACH_NLRI中。The second implementation manner is as follows: The VNID is located in the preset extended community attribute, and the IP address of the CE device and the VTEP address of the PE device are both located in the MP_REACH_NLRI of the BGP.
表3为一种VNID映射的扩展团体属性,该属性中可以实现一个租户路由携带多个VNID扩展团体属性,发布给多个VPN网络的目的。Table 3 shows an extended community attribute of a VNID mapping, in which a tenant route carries multiple VNID extended community attributes and is advertised to multiple VPN networks.
表3 新增扩展团体属性结构表Table 3 New Extended Community Attribute Structure Table
Figure PCTCN2016109933-appb-000002
Figure PCTCN2016109933-appb-000002
第三种实现方式:VNID、CE设备的IP地址和PE设备的VTEP的地址分别位于一个预设的扩展团体属性中。The third implementation mode is that the VNID, the IP address of the CE device, and the VTEP address of the PE device are respectively located in a preset extended community attribute.
图6为本发明实施例四提供的NVo3网络中用于发布租户路由的方法流程 图。本发明实施例四提供的方法包括:FIG. 6 is a flowchart of a method for publishing tenant routes in an NVo3 network according to Embodiment 4 of the present invention; Figure. The method provided in Embodiment 4 of the present invention includes:
S41:RR接收第一PE设备发送的第二租户路由。S41: The RR receives the second tenant route sent by the first PE device.
其中,所述第二租户路由为所述第一PE设备根据来自第一CE设备的第一租户路由获得。所述第一租户路由包括所述第一CE设备的IP地址。所述第二租户路由包括第一VNID、所述第一CE设备的IP地址和所述第一PE的VTEP的地址。所述第一VNID用于标识所述第一CE设备所属的VPN。The second tenant route is obtained by the first PE device according to a first tenant route from the first CE device. The first tenant route includes an IP address of the first CE device. The second tenant route includes a first VNID, an IP address of the first CE device, and an address of a VTEP of the first PE. The first VNID is used to identify a VPN to which the first CE device belongs.
S42:所述RR将所述第二租户路由发给目标PE设备。S42: The RR sends the second tenant route to the target PE device.
所述RR维护与所述RR连接的所有PE设备所对应的所有租户的路由,其中每个租户对应一个路由表。The RR maintains routes of all tenants corresponding to all PE devices connected to the RR, where each tenant corresponds to one routing table.
所述RR接收到所述第二租户路由后,所述RR将所述第二租户路由存储到与所述第二租户路由所包括的VNID所对应的路由表中。After the RR receives the second tenant route, the RR stores the second tenant route into a routing table corresponding to the VNID included in the second tenant route.
图7为本发明实施例五提供的NVo3网络中用于发布租户路由的方法流程图。本发明实施例五提供的方法包括:FIG. 7 is a flowchart of a method for publishing tenant routes in an NVo3 network according to Embodiment 5 of the present invention. The method provided in Embodiment 5 of the present invention includes:
S51:RR接收第一PE设备发送的第二租户路由,其中第二租户路由为第一PE设备根据来自第一CE设备的第一租户路由获得,第一租户路由包括第一CE设备的网络协议IP地址,第二租户路由包括第一虚拟网络标识VNID、第一CE设备的IP地址和第一PE的VTEP的地址,第一VNID用于标识第一CE设备所属的VPN。S51: The RR receives the second tenant route sent by the first PE device, where the second tenant route is obtained by the first PE device according to the first tenant route from the first CE device, and the first tenant route includes the network protocol of the first CE device. The IP address, the second tenant route includes a first virtual network identifier VNID, an IP address of the first CE device, and an address of the VTEP of the first PE, where the first VNID is used to identify the VPN to which the first CE device belongs.
S52:所述RR将所述第二租户路由推送给除第一PE设备外的其它PE设备,所述其他PE设备连接所述RR。S52: The RR pushes the second tenant route to other PE devices except the first PE device, and the other PE device connects to the RR.
本实施例中,任意一台PE设备接收到所述RR推送的所述第二租户路由后,判断接收到的所述第二租户路由是否为自身业务数据传输所需要的租户路由。所述任意一台PE设备确定收到的所述第二租户路由不是自身业务数据传输所需要的租户路由,所述任意一台PE设备丢弃所述第二租户路由。In this embodiment, after receiving the second tenant route pushed by the RR, any one of the PE devices determines whether the received second tenant route is a tenant route required for the transmission of the service data. The any one of the PE devices determines that the received second tenant route is not the tenant route required for the transmission of the service data, and the any one of the PE devices discards the second tenant route.
本发明实施例方法中,RR将第二租户路由发给目标PE设备的方式还可以为所述RR接收所述目标PE设备发送的请求租户路由的请求消息,所述请求消息中携带所请求的租户路由所包括的VNID;所述RR将所述第二租户路 由发送给所述目标PE设备。其中,所述请求消息中所携带的VNID与第二租户路由中的VNID一致。In the method of the embodiment of the present invention, the method for the RR to send the second tenant route to the target PE device may also be that the RR receives the request message for requesting the tenant route sent by the target PE device, where the request message carries the requested message. The VNID included in the tenant route; the RR will be the second tenant road Sent to the target PE device. The VNID carried in the request message is consistent with the VNID in the second tenant route.
可选地,所述请求消息中携带基于ORF协议的VNI_Based ORF表项;VNI_Based ORF表项中包括所请求租户路由的VNID。Optionally, the request message carries a VNI_Based ORF entry based on the ORF protocol; the VNI_Based ORF entry includes a VNID of the requested tenant route.
可选地,VNI_Based ORF表项中还包括某一PE设备请求所述RR撤销的租户路由所包含的VNID。本发明实施例提供的方法还包括:所述RR根据所述某一PE设备请求RR撤销的租户路由所包含的VNID,撤销对应的租户路由。Optionally, the VNI_Based ORF entry further includes a VNID included in a tenant route that the PE device requests the RR to revoke. The method provided by the embodiment of the present invention further includes: the RR cancels the corresponding tenant route according to the VNID included in the tenant route that the PE device requests the RR to revoke.
本发明实施例中,租户路由中包括VNID、CE设备的IP地址以及PE设备的虚拟隧道端点VTEP的地址的方式与实施例三中相同,不再赘述。In the embodiment of the present invention, the manner in which the tenant route includes the VNID, the IP address of the CE device, and the address of the virtual tunnel endpoint VTEP of the PE device is the same as that in the third embodiment, and details are not described herein again.
图8为NVo3网络中发布租户路由的一种场景示意图。Figure 8 is a schematic diagram of a scenario for publishing tenant routes on an NVo3 network.
图8所示的结构为NVo3网络中常用的拓扑,某一转发设备,比如Spine设备,作为BGP RR,Leaf设备作为NVE设备接入租户的虚拟机。如图9所示,该系统中包括Leaf1、Leaf2以及Leaf3,其中,Leaf1、Leaf2以及Leaf3中分别接入属于不同租户的VM(Virtual Machine,虚拟机),其中VM11及VM13为属于租户VNI100的虚拟机,VM21、VM22及VM23为属于租户VNI200的虚拟机,VM31及VM33为属于租户VNI300的虚拟机,RR节点为租户VNI100、VNI200及VNI300分别维护一个路由表。The structure shown in Figure 8 is a common topology in the NVo3 network. A forwarding device, such as a Spine device, acts as a BGP RR. The leaf device serves as the virtual machine for the NVE device to access the tenant. As shown in FIG. 9 , the system includes a leaf, a leaf 2, and a leaf 3, and a virtual machine (VM) belonging to a different tenant, where the VM 11 and the VM 13 are virtual to the tenant VNI 100. VM21, VM22, and VM23 are virtual machines belonging to the tenant VNI200, VM31 and VM33 are virtual machines belonging to the tenant VNI300, and the RR node maintains a routing table for the tenants VNI100, VNI200, and VNI300, respectively.
基于图8所示的拓扑结构,NVo3网络中的租户通信方法包括:Based on the topology shown in FIG. 8, the tenant communication method in the NVo3 network includes:
(1)Leaf3发布租户路由给Spine。(1) Leaf3 publishes tenant routes to Spine.
其中,Leaf3发布租户路由中包括:Among them, Leaf3 publishes tenant routes including:
NLRI:VNID 300,隧道类型8,地址前缀p1;NLRI: VNID 300, tunnel type 8, address prefix p1;
隧道属性:与具体隧道类型相关的参数Tunnel attribute: parameters related to the specific tunnel type
NHP(Next hop,下一跳):Leaf3NHP (Next hop, next hop): Leaf3
Leaf3发布租户路由封装成BGP UPDATE(边界网关协议更新报文)发送给Spine。Leaf3 publishes the tenant route encapsulated into BGP UPDATE (Border Gateway Protocol Update Packet) and sends it to Spine.
(2)Spine接收Leaf3发布的路由,Spine不改其下一跳,将接收到的路 由转发给Leaf节点,比如Leaf1,Spine发送给Leaf1的路由包括:(2) Spine receives the route advertised by Leaf3, Spine does not change its next hop, and will receive the route. Routes sent to Leaf1, such as Leaf1, sent by Spine to Leaf1 include:
NLRI:VNID 300,隧道类型:8,地址前缀:p1NLRI: VNID 300, tunnel type: 8, address prefix: p1
隧道属性:与具体隧道类型相关的参数Tunnel attribute: parameters related to the specific tunnel type
NHP:Leaf3NHP: Leaf3
Spine发出的租户路由封装成BGP UPDATE发出。The tenant route sent by Spine is encapsulated into a BGP UPDATE.
(3)Leaf1接收到Spine的反射路由后可以执行如下操作,包括:(3) After receiving the reflected route of Spine, Leaf1 can perform the following operations, including:
(a)根据NLRI中的VNID,将路由加入该VNID所对应的路由表。(a) According to the VNID in the NLRI, the route is added to the routing table corresponding to the VNID.
(b)根据VNID以及NLRI中指定的隧道类型,唯一地确定出该路由所使用的去往Leaf3的隧道。(b) According to the VNID and the tunnel type specified in the NLRI, the tunnel to Leaf3 used by the route is uniquely determined.
(c)获取该路由所携带的与隧道相关的参数,供从Leaf1使用该隧道向Leaf3转发流量时使用。(c) Obtain the tunnel-related parameters carried by the route for use when the leaf1 uses the tunnel to forward traffic to the Leaf3.
图9为NVo3网络中发布租户路由的另一种场景示意图。Figure 9 is a schematic diagram of another scenario for publishing tenant routes in an NVo3 network.
如图9中,作为BGP路由反射器的Spine节点维护着租户100、200、300的所有路由。Leaf2中的VM22未上线时,Leaf2不需要VNID为200的租户路由,当VM22上线后,Leaf2就需要向Spine申请VNID为200的租户路由。As shown in Figure 9, the Spine node, which is a BGP route reflector, maintains all routes of the tenants 100, 200, and 300. When VM22 in Leaf2 is not online, Leaf2 does not need a tenant route with a VNID of 200. After VM22 goes online, Leaf2 needs to apply to Spine for a tenant route with a VNID of 200.
其中,Leaf2向Spine申请VNID为200的租户路由包括:The lease route that the leaf2 applies to the Spine with a VNID of 200 includes:
(a)Leaf2向Spine发送请求租户200路由的请求消息(a) Leaf2 sends a request message requesting tenant 200 routing to Spine
具体的,Leaf2发送的请求消息封装成BGP ORF Request消息,该消息包含VNID 200,表示请求VNID 200的租户路由,该请求发送给Spine。Specifically, the request message sent by the Leaf2 is encapsulated into a BGP ORF Request message, where the message includes a VNID 200, indicating that the tenant route of the VNID 200 is requested, and the request is sent to the Spine.
(b)Spine将Leaf2请求的租户路由发送给Leaf2。(b) Spine sends the tenant route requested by Leaf2 to Leaf2.
本发明实施例提供的方法中,Spine节点收集租户200的路由,且Spine节点收集的租户200的路由封装成BGP UPDATE,定向向Leaf2发送。In the method provided by the embodiment of the present invention, the Spine node collects the route of the tenant 200, and the route of the tenant 200 collected by the Spine node is encapsulated into a BGP UPDATE, and is sent to the Leaf2.
图10为本发明实施例提供的NVo3网络中用于发布租户路由的装置的一种结构示意图。如图10所示,该装置:租户路由生成模块1201及路由发布模块1202,其中:FIG. 10 is a schematic structural diagram of an apparatus for issuing a tenant route in an NVo3 network according to an embodiment of the present disclosure. As shown in FIG. 10, the device: a tenant route generation module 1201 and a route issuance module 1202, wherein:
租户路由生成模块1201,用于根据来自第一用户边缘CE设备的第一租户路由,获得第二租户路由,第一租户路由包括第一CE设备的网络协议IP 地址,第二租户路由包括第一虚拟网络标识VNID、第一CE设备的IP地址和第一PE的虚拟隧道端点VTEP的地址,第一VNID用于标识第一CE设备所属的虚拟专用网VPN;The tenant route generating module 1201 is configured to obtain a second tenant route according to the first tenant route from the first user edge CE device, where the first tenant route includes a network protocol IP of the first CE device The second tenant route includes a first virtual network identifier VNID, an IP address of the first CE device, and an address of the virtual tunnel endpoint VTEP of the first PE, where the first VNID is used to identify the virtual private network VPN to which the first CE device belongs;
路由发布模块1202,用于向目标PE设备发送第二租户路由。The route issuing module 1202 is configured to send a second tenant route to the target PE device.
在上述实施例中,租户路由生成模块1201,具体用于:In the above embodiment, the tenant route generation module 1201 is specifically configured to:
根据第一租户路由包括的第一CE设备IP地址,确定第一VNID;Determining a first VNID according to the first CE device IP address included in the first tenant route;
将第一VNID和第一PE的虚拟隧道端点VTEP的地址添加至第一租户路由,获得第二租户路由。Adding the address of the first VNID and the virtual tunnel endpoint VTEP of the first PE to the first tenant route to obtain a second tenant route.
在上述实施例中,第二租户路由还包括第一虚拟隧道的类型,第一虚拟隧道为第一PE与目标PE设备间的虚拟隧道。In the above embodiment, the second tenant route further includes a type of the first virtual tunnel, and the first virtual tunnel is a virtual tunnel between the first PE and the target PE device.
在上述实施例中,路由发布模块1202具体用于:In the above embodiment, the route issuance module 1202 is specifically configured to:
通过路由反射器RR,向目标PE设备发送第二租户路由。The second tenant route is sent to the target PE device through the route reflector RR.
在上述实施例中,NVo3网络中用于发布租户路由的装置还包括接收模块,用于接收来自第二PE设备的第三租户路由,第三租户路由包括第二VNID、第二CE设备的IP地址和第二PE的VTEP的地址,第二VNID用于标识第二CE设备所属的VPN。In the above embodiment, the apparatus for issuing the tenant route in the NVo3 network further includes a receiving module, configured to receive a third tenant route from the second PE device, where the third tenant route includes the second VNID and the IP of the second CE device. The address and the address of the VTEP of the second PE, where the second VNID is used to identify the VPN to which the second CE device belongs.
在上述实施例中,接收模块具体用于:In the above embodiment, the receiving module is specifically configured to:
接收RR推送的第三租户路由;或者Receive the third tenant route pushed by the RR; or
向RR发送请求消息,请求消息用于向RR请求第三租户路由;Sending a request message to the RR, where the request message is used to request a third tenant route from the RR;
接收RR发送的第三租户路由。Receives the third tenant route sent by the RR.
在上述实施例中,第三租户路由还包括第二虚拟隧道的类型,第二虚拟隧道为第一PE设备和第二PE设备间的虚拟隧道,装置还包括:In the above embodiment, the third tenant route further includes a type of the second virtual tunnel, and the second virtual tunnel is a virtual tunnel between the first PE device and the second PE device, and the device further includes:
确定模块,用于根据第二VNID以及第二虚拟隧道的类型,确定第三租户路由所采用的第二虚拟隧道。And a determining module, configured to determine, according to the second VNID and the type of the second virtual tunnel, the second virtual tunnel used by the third tenant route.
图11为本发明实施例提供的PE设备的一种结构示意图。PE设备作为第一PE设备部署于NVo3网络中,其中NVo3网络包括:服务商骨干网以及至少一个虚拟专用网VPN;每个租户分别对应至少一个VPN;PE设备1400包 括通信接口1401、存储器1403和处理器1402,其中,通信接口1401、处理器1402、存储器1403、通过总线1404相互连接;总线1404可以是外设部件互连标准(PE设备ripheral component interconnect,简称PCI)总线或扩展工业标准结构(extended industry standard architecture,简称EISA)总线等。总线可以分为地址总线、数据总线、控制总线等。为便于表示,图14中仅用一条粗线表示,但并不表示仅有一根总线或一种类型的总线。FIG. 11 is a schematic structural diagram of a PE device according to an embodiment of the present invention. The PE device is deployed as the first PE device in the NVo3 network, where the NVo3 network includes: a service provider backbone network and at least one virtual private network VPN; each tenant corresponds to at least one VPN; the PE device 1400 package The communication interface 1401, the memory 1403, and the processor 1402, wherein the communication interface 1401, the processor 1402, the memory 1403 are connected to each other through the bus 1404; the bus 1404 may be a peripheral component interconnection standard (PE device ripheral component interconnect, referred to as PCI) ) Bus or extended industry standard architecture (EISA) bus. The bus can be divided into an address bus, a data bus, a control bus, and the like. For ease of representation, only one thick line is shown in Figure 14, but it does not mean that there is only one bus or one type of bus.
通信接口1401用于与发送端通信。存储器1403,用于存放程序。具体地,程序可以包括程序代码,程序代码包括计算机操作指令。存储器1403可能包含随机存取存储器(random acCE设备ss memory,简称RAM),也可能还包括非易失性存储器(non-volatile memory),例如至少一个磁盘存储器。The communication interface 1401 is for communicating with the transmitting end. The memory 1403 is configured to store a program. In particular, the program can include program code, the program code including computer operating instructions. The memory 1403 may include a random access memory (random acCE device ss memory, RAM for short), and may also include a non-volatile memory, such as at least one disk storage.
处理器1402执行存储器1403所存放的程序,执行:The processor 1402 executes the program stored in the memory 1403 and executes:
根据来自第一CE设备的第一租户路由,获得第二租户路由,第一租户路由包括第一CE设备的IP地址,第二租户路由包括第一VNID、第一CE设备的IP地址和第一PE设备的VTEP的地址,第一VNID用于标识第一CE设备所属的VPN;Obtaining a second tenant route according to the first tenant route from the first CE device, where the first tenant route includes an IP address of the first CE device, and the second tenant route includes a first VNID, an IP address of the first CE device, and the first The address of the VTEP of the PE device. The first VNID is used to identify the VPN to which the first CE device belongs.
向目标PE设备发送第二租户路由。Send a second tenant route to the target PE device.
上述的处理器1402可以是通用处理器,包括中央处理器(central processing unit,简称CPU)、网络处理器(network processor,简称NP)等;还可以是数字信号处理器(digital signal processing,DSP)、专用集成电路(application-specific integrated circuit,ASIC)、现场可编程门阵列(field programmable gate array,FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件。The processor 1402 may be a general-purpose processor, including a central processing unit (CPU), a network processor (NP processor, etc.), or a digital signal processing (DSP). , application-specific integrated circuit (ASIC), field programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware component.
本领域普通技术人员可以理解:实现上述各方法实施例的全部或部分步骤可以通过程序指令相关的硬件来完成。前述的程序可以存储于一计算机可读取存储介质中。该程序在执行时,执行包括上述各方法实施例的步骤;而前述的存储介质包括:ROM、RAM、磁碟或者光盘等各种可以存储程序代码的介质。 One of ordinary skill in the art will appreciate that all or part of the steps to implement the various method embodiments described above may be accomplished by hardware associated with the program instructions. The aforementioned program can be stored in a computer readable storage medium. The program, when executed, performs the steps including the foregoing method embodiments; and the foregoing storage medium includes various media that can store program codes, such as a ROM, a RAM, a magnetic disk, or an optical disk.
最后应说明的是:以上实施例仅用以示例性说明本发明的技术方案,而非对其限制;尽管参照前述实施例对本发明及本发明带来的有益效果进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本发明权利要求的范围。 Finally, it should be noted that the above embodiments are only used to exemplify the technical solutions of the present invention, and are not limited thereto; although the beneficial effects brought by the present invention and the present invention are described in detail with reference to the foregoing embodiments, the field It should be understood by those skilled in the art that the technical solutions described in the foregoing embodiments may be modified or equivalently replaced with some of the technical features; and such modifications or substitutions do not deviate from the essence of the corresponding technical solutions. The scope of the claims.

Claims (14)

  1. 一种NVo3网络中用于发布租户路由的方法,其特征在于,所述方法包括:A method for publishing tenant routes in an NVo3 network, where the method includes:
    第一服务提供商边缘PE设备根据来自第一用户边缘CE设备的第一租户路由,获得第二租户路由,所述第一租户路由包括所述第一CE设备的网络协议IP地址,所述第二租户路由包括第一虚拟网络标识VNID、所述第一CE设备的IP地址和第一PE设备的虚拟隧道端点VTEP的地址,所述第一VNID用于标识所述第一CE设备所属的虚拟专用网VPN;The first service provider edge PE device obtains a second tenant route according to the first tenant route from the first user edge CE device, where the first tenant route includes a network protocol IP address of the first CE device, where the The second tenant route includes a first virtual network identifier VNID, an IP address of the first CE device, and an address of a virtual tunnel endpoint VTEP of the first PE device, where the first VNID is used to identify the virtuality to which the first CE device belongs. Private network VPN;
    所述第一PE设备向目标PE设备发送所述第二租户路由。The first PE device sends the second tenant route to the target PE device.
  2. 根据权利要求1所述的方法,其特征在于,所述第一服务提供商边缘PE设备根据来自第一用户边缘CE设备的第一租户路由,获得第二租户路由,包括:The method according to claim 1, wherein the first service provider edge PE device obtains the second tenant route according to the first tenant route from the first user edge CE device, including:
    所述第一PE设备根据所述第一租户路由包括的所述第一CE设备IP地址,确定所述第一VNID;Determining, by the first PE device, the first VNID according to the first CE device IP address included in the first tenant route;
    所述第一PE设备将所述第一VNID和第一PE的虚拟隧道端点VTEP的地址添加至所述第一租户路由,获得所述第二租户路由。The first PE device adds the address of the first VNID and the virtual tunnel endpoint VTEP of the first PE to the first tenant route to obtain the second tenant route.
  3. 根据权利要求1或2所述的方法,其特征在于,所述第二租户路由还包括第一虚拟隧道的类型,所述第一虚拟隧道为所述第一PE与所述目标PE设备间的虚拟隧道。The method according to claim 1 or 2, wherein the second tenant route further includes a type of the first virtual tunnel, and the first virtual tunnel is between the first PE and the target PE device Virtual tunnel.
  4. 根据权利要求1至3任一所述的方法,其特征在于,所述第一PE设备向目标PE设备发送所述第二租户路由,包括:The method according to any one of claims 1 to 3, wherein the sending, by the first PE device, the second tenant route to the target PE device comprises:
    所述第一PE设备通过路由反射器RR,向所述目标PE设备发送所述第二租户路由。The first PE device sends the second tenant route to the target PE device by using a route reflector RR.
  5. 根据权利要求1至4任一所述的方法,其特征在于,所述方法还包括:The method according to any one of claims 1 to 4, wherein the method further comprises:
    所述第一PE设备接收来自第二PE设备的第三租户路由,所述第三租户路由包括第二VNID、第二CE设备的IP地址和第二PE的VTEP的地址,所 述第二VNID用于标识所述第二CE设备所属的VPN。The first PE device receives a third tenant route from the second PE device, where the third tenant route includes a second VNID, an IP address of the second CE device, and an address of the VTEP of the second PE. The second VNID is used to identify the VPN to which the second CE device belongs.
  6. 根据权利要求5所述的方法,其特征在于,所述第一PE设备接收来自第二PE设备的第三租户路由包括:The method according to claim 5, wherein the receiving, by the first PE device, the third tenant route from the second PE device comprises:
    所述第一PE设备接收RR推送的所述第三租户路由;或者Receiving, by the first PE device, the third tenant route pushed by the RR; or
    所述第一PE设备向RR发送请求消息,所述请求消息用于向RR请求所述第三租户路由;Sending, by the first PE device, a request message to the RR, where the request message is used to request the third tenant route from the RR;
    所述第一PE设备接收所述RR发送的所述第三租户路由。The first PE device receives the third tenant route sent by the RR.
  7. 根据权利要求5所述的方法,其特征在于,所述第三租户路由还包括第二虚拟隧道的类型,所述第二虚拟隧道为所述第一PE设备和所述第二PE设备间的虚拟隧道,所述方法还包括:The method according to claim 5, wherein the third tenant route further includes a type of the second virtual tunnel, and the second virtual tunnel is between the first PE device and the second PE device The virtual tunnel, the method further includes:
    所述第一PE设备根据所述第二VNID以及所述第二虚拟隧道的类型,确定所述第三租户路由所采用的所述第二虚拟隧道。Determining, by the first PE device, the second virtual tunnel that is used by the third tenant route according to the second VNID and the type of the second virtual tunnel.
  8. 一种NVo3网络中用于发布租户路由的装置,其特征在于,所述装置包括:An apparatus for publishing tenant routes in an NVo3 network, where the apparatus includes:
    路由生成模块,用于根据来自第一用户边缘CE设备的第一租户路由,获得第二租户路由,所述第一租户路由包括所述第一CE设备的网络协议IP地址,所述第二租户路由包括第一虚拟网络标识VNID、所述第一CE设备的IP地址和第一PE的虚拟隧道端点VTEP的地址,所述第一VNID用于标识所述第一CE设备所属的虚拟专用网VPN;a route generation module, configured to obtain a second tenant route according to the first tenant route from the first user edge CE device, where the first tenant route includes a network protocol IP address of the first CE device, and the second tenant The route includes a first virtual network identifier VNID, an IP address of the first CE device, and an address of a virtual tunnel endpoint VTEP of the first PE, where the first VNID is used to identify a virtual private network VPN to which the first CE device belongs. ;
    路由发布模块,用于向目标PE设备发送所述第二租户路由。The route issuing module is configured to send the second tenant route to the target PE device.
  9. 根据权利要求8所述的装置,其特征在于,所述路由生成模块具体用于:The device according to claim 8, wherein the route generation module is specifically configured to:
    根据所述第一租户路由包括的所述第一CE设备IP地址,确定所述第一VNID;Determining the first VNID according to the first CE device IP address included in the first tenant route;
    将所述第一VNID和第一PE的虚拟隧道端点VTEP的地址添加至所述第一租户路由,获得所述第二租户路由。Adding the address of the first VNID and the virtual tunnel endpoint VTEP of the first PE to the first tenant route to obtain the second tenant route.
  10. 根据权利要求8或9所述的装置,其特征在于,所述第二租户路由 还包括第一虚拟隧道的类型,所述第一虚拟隧道为所述第一PE与所述目标PE设备间的虚拟隧道。Apparatus according to claim 8 or claim 9 wherein said second tenant route The first virtual tunnel is a virtual tunnel between the first PE and the target PE device.
  11. 根据权利要求8至10任一所述的装置,其特征在于,所述路由发布模块具体用于:The device according to any one of claims 8 to 10, wherein the route issuing module is specifically configured to:
    通过路由反射器RR,向所述目标PE设备发送所述第二租户路由。The second tenant route is sent to the target PE device by using a route reflector RR.
  12. 根据权利要求8至11任一所述的装置,其特征在于,所述装置还包括:The device according to any one of claims 8 to 11, wherein the device further comprises:
    接收模块,用于接收来自第二PE设备的第三租户路由,所述第三租户路由包括第二VNID、第二CE设备的IP地址和第二PE的VTEP的地址,所述第二VNID用于标识所述第二CE设备所属的VPN。a receiving module, configured to receive a third tenant route from the second PE device, where the third tenant route includes a second VNID, an IP address of the second CE device, and an address of the VTEP of the second PE, where the second VNID is used The VPN to which the second CE device belongs is identified.
  13. 根据权利要求12所述的装置,其特征在于,所述接收模块具体用于:The device according to claim 12, wherein the receiving module is specifically configured to:
    接收RR推送的所述第三租户路由;或者Receiving the third tenant route pushed by the RR; or
    向RR发送请求消息,所述请求消息用于向RR请求所述第三租户路由;Sending a request message to the RR, where the request message is used to request the third tenant route from the RR;
    接收所述RR发送的所述第三租户路由。Receiving the third tenant route sent by the RR.
  14. 根据权利要求12所述的装置,其特征在于,所述第三租户路由还包括第二虚拟隧道的类型,所述第二虚拟隧道为所述第一PE设备和所述第二PE设备间的虚拟隧道,所述装置还包括:The apparatus according to claim 12, wherein the third tenant route further includes a type of the second virtual tunnel, and the second virtual tunnel is between the first PE device and the second PE device The virtual tunnel, the device further includes:
    确定模块,用于根据所述第二VNID以及所述第二虚拟隧道的类型,确定所述第三租户路由所采用的所述第二虚拟隧道。 And a determining module, configured to determine, according to the second VNID and the type of the second virtual tunnel, the second virtual tunnel used by the third tenant route.
PCT/CN2016/109933 2015-12-28 2016-12-14 Method and device for publishing tenant routing in nvo3 network WO2017114158A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510998749.4 2015-12-28
CN201510998749.4A CN106921573B (en) 2015-12-28 2015-12-28 NVo3 method and device for issuing tenant route in network

Publications (1)

Publication Number Publication Date
WO2017114158A1 true WO2017114158A1 (en) 2017-07-06

Family

ID=59224579

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/109933 WO2017114158A1 (en) 2015-12-28 2016-12-14 Method and device for publishing tenant routing in nvo3 network

Country Status (2)

Country Link
CN (1) CN106921573B (en)
WO (1) WO2017114158A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022251299A1 (en) * 2021-05-27 2022-12-01 Cisco Technology, Inc. Encoding end-to-end tenant reachability information in border gateway protocol (bgp) communities

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109218158B (en) * 2017-07-05 2021-05-11 中国电信股份有限公司 VxLAN-based data transmission method, control method, controller, gateway, intermediate network element and system
CN109756419B (en) * 2017-11-07 2021-09-14 中国电信股份有限公司 Routing information distribution method and device and RR
CN110417665B (en) * 2019-08-05 2021-06-11 浪潮云信息技术股份公司 EVPN networking system and method for multiple Fabric scenes of data center
CN111107005B (en) * 2019-12-18 2022-02-22 迈普通信技术股份有限公司 Route filtering method and device, electronic equipment and computer readable storage medium
CN114827057B (en) * 2021-01-11 2024-04-16 中国电信股份有限公司 Communication method and communication system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101018234A (en) * 2007-03-15 2007-08-15 杭州华为三康技术有限公司 Routing information publishing method and network address conversion-protocol conversion gateway device
WO2007112645A1 (en) * 2006-04-05 2007-10-11 Huawei Technologies Co., Ltd. A method and system for implementing a mobile virtual private network
CN101106519A (en) * 2006-07-12 2008-01-16 华为技术有限公司 Distribution method for boundary routers of autonomous system and boundary router
CN101562576A (en) * 2009-05-27 2009-10-21 杭州华三通信技术有限公司 Route distribution method and equipment thereof
CN103634217A (en) * 2013-11-13 2014-03-12 华为技术有限公司 Method for issuing route information, method and device for transmitting massage
CN104518940A (en) * 2014-10-27 2015-04-15 华为技术有限公司 Communication method and device for NVO3 (network virtualization over layer 3) network and MPLS (multi-protocol label switching) network

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104468394B (en) * 2014-12-04 2018-02-09 新华三技术有限公司 Message forwarding method and device in a kind of VXLAN networks
CN109412951B (en) * 2018-10-12 2021-06-22 华为技术有限公司 Method and device for sending routing information

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007112645A1 (en) * 2006-04-05 2007-10-11 Huawei Technologies Co., Ltd. A method and system for implementing a mobile virtual private network
CN101106519A (en) * 2006-07-12 2008-01-16 华为技术有限公司 Distribution method for boundary routers of autonomous system and boundary router
CN101018234A (en) * 2007-03-15 2007-08-15 杭州华为三康技术有限公司 Routing information publishing method and network address conversion-protocol conversion gateway device
CN101562576A (en) * 2009-05-27 2009-10-21 杭州华三通信技术有限公司 Route distribution method and equipment thereof
CN103634217A (en) * 2013-11-13 2014-03-12 华为技术有限公司 Method for issuing route information, method and device for transmitting massage
CN104518940A (en) * 2014-10-27 2015-04-15 华为技术有限公司 Communication method and device for NVO3 (network virtualization over layer 3) network and MPLS (multi-protocol label switching) network

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022251299A1 (en) * 2021-05-27 2022-12-01 Cisco Technology, Inc. Encoding end-to-end tenant reachability information in border gateway protocol (bgp) communities
US20220385575A1 (en) * 2021-05-27 2022-12-01 Cisco Technology, Inc. Encoding end-to-end tenant reachability information in border gateway protocol (bgp) communities
US11924100B2 (en) 2021-05-27 2024-03-05 Cisco Technology, Inc. Encoding local next-hop information into border gateway protocol (BGP) routes

Also Published As

Publication number Publication date
CN106921573A (en) 2017-07-04
CN106921573B (en) 2020-04-14

Similar Documents

Publication Publication Date Title
CN109218178B (en) Message processing method and network equipment
EP3836490B1 (en) Vpn cross-domain implementation method, device, and border node
WO2017114158A1 (en) Method and device for publishing tenant routing in nvo3 network
US11716280B2 (en) Interoperability between symmetric and asymmetric EVPN IRB modes
WO2018166253A1 (en) Evpn packet processing method, device and system
US9559951B1 (en) Providing intra-subnet and inter-subnet data center connectivity
US8144698B2 (en) Scalable data forwarding techniques in a switched network
US8098656B2 (en) Method and apparatus for implementing L2 VPNs on an IP network
US8488491B2 (en) Compressed virtual routing and forwarding in a communications network
WO2019105462A1 (en) Method and apparatus for sending packet, method and apparatus for processing packet, pe node, and node
WO2017162095A1 (en) Communication method, device and system based on flow specification protocol
WO2018166252A1 (en) Evpn packet processing method, device and system
EP3896923A1 (en) Bier packet sending method and apparatus
CN110324226A (en) Improve the aliasing behavior of more host site flows in ether Virtual Private Network network
WO2016066072A1 (en) Method and device for realizing communication between nvo3 network and mpls network
CN107040469A (en) The network equipment and method
US20150016461A1 (en) Duplicate mac address detection
US20210226910A1 (en) Efficient arp bindings distribution in vpn networks
CN107547335A (en) The method and the network equipment of signal notice IP address movement in EVPN
CN107566263A (en) The method and the network equipment that layer 3 for EVPN link failures is assembled
CN107135133A (en) Horizontal segmentation packet forwarding in many family PBB EVPN networks
WO2015165311A1 (en) Method for transmitting data packet and provider edge device
WO2015074394A1 (en) Method and device for message forwarding
WO2015123987A1 (en) Packet forwarding method and device
JP5656137B2 (en) Method and system for updating border gateway protocol route

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16880948

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16880948

Country of ref document: EP

Kind code of ref document: A1