WO2018001242A1 - Data-message processing method and apparatus - Google Patents

Data-message processing method and apparatus Download PDF

Info

Publication number
WO2018001242A1
WO2018001242A1 PCT/CN2017/090326 CN2017090326W WO2018001242A1 WO 2018001242 A1 WO2018001242 A1 WO 2018001242A1 CN 2017090326 W CN2017090326 W CN 2017090326W WO 2018001242 A1 WO2018001242 A1 WO 2018001242A1
Authority
WO
WIPO (PCT)
Prior art keywords
packet
port
vlan
processing
domain
Prior art date
Application number
PCT/CN2017/090326
Other languages
French (fr)
Chinese (zh)
Inventor
张平平
陈志伟
孙军欢
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2018001242A1 publication Critical patent/WO2018001242A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks

Definitions

  • the present invention relates to the field of communications devices, and in particular, to a data packet processing method and apparatus.
  • SDN Software Defined Network
  • SDN is a new type of network innovation architecture. It is an implementation of network virtualization. Its core technology OpenFlow OpenFlow through the control plane and data plane of network equipment. Separate and separate, thus achieving flexible control of network traffic, making the network more intelligent as a pipeline. What SDN does is to separate the control of the network device, managed by a centralized controller, without relying on the underlying network devices (routers, switches, firewalls), shielding the differences from the underlying network devices.
  • the control of the network device is completely open, and the user can customize any network routing and transmission rule policies that he wants to implement according to his own expectations, which makes the network more flexible and intelligent.
  • the approach taken to achieve the effect of dual mode forwarding is: at SDN
  • the switch is planned in advance, and it is planned which ports are SDN ports for processing SDN domain services, and which ports are traditional ports for handling traditional domain services.
  • the service that can be carried by a port has been determined: the SDN port can only process the SDN domain service.
  • the SDN port receives the unknown unicast packet, it will transmit the packet to the CPU. (Central Processing Unit), the CPU encapsulates the packet and sends it to the controller, and the controller determines the forwarding processing rule of the packet.
  • a traditional port can only be used for traditional domain services. If a traditional port of an SDN switch receives a data packet, it will flood the data packet.
  • the data packet processing method and device provided by the embodiment of the present invention mainly solve the technical problem: when the dual-mode service processing of the network device is implemented in the prior art, the network device of the SDN domain and the traditional network are simply The ports of the device are physically fused. The ports of the network device cannot be reused, resulting in low resource utilization and low network flexibility.
  • an embodiment of the present invention provides a packet processing method, including:
  • the port is configured with the SDN domain VLAN identifier and the traditional domain VLAN identifier, and the packet carries the VLAN information.
  • the processing manner of the packet is determined according to the VLAN information carried in the packet and the VLAN identifier configured on the port, and the packet is processed accordingly.
  • the embodiment of the invention further provides a message processing device, including:
  • a receiving module configured to receive a packet transmitted by a port of the network device, where the port is configured with an SDN domain VLAN identifier and a traditional domain VLAN identifier, where the packet carries VLAN information;
  • the processing module is configured to determine a processing manner of the packet according to the VLAN information carried in the packet and the VLAN identifier configured on the port, and perform corresponding processing on the packet.
  • the embodiment of the present invention further provides a computer storage medium, where the computer storage medium stores computer executable instructions, and the computer executable instructions are used to execute the message processing method of any of the foregoing.
  • the SDN domain VLAN identifier and the traditional domain VLAN identifier are configured on the port in advance, and after receiving the packet transmitted by the port, according to the packet carrying the packet.
  • the VLAN ID and the VLAN ID configured on the corresponding port determine how the packet is processed.
  • the same port on the network device can process the service of the SDN domain and the service of the traditional domain at the same time, and the corresponding port is not separately set for the service of the SDN domain and the service of the traditional domain, thereby saving the network device.
  • Port resources enable optimal configuration of resources.
  • FIG. 1 is a flowchart of a packet processing method according to Embodiment 1 of the present invention.
  • FIG. 2 is a flowchart of processing a data packet of an unknown unicast SDN domain according to Embodiment 1 of the present invention
  • FIG. 3 is a flowchart of processing a data packet of an unknown unicast SDN domain according to Embodiment 1 of the present invention
  • FIG. 4 is a schematic structural diagram of a packet processing apparatus according to Embodiment 2 of the present invention.
  • FIG. 5 is a schematic structural diagram of a switch according to Embodiment 3 of the present invention.
  • FIG. 6 is a flowchart of processing a packet by a switch according to Embodiment 3 of the present invention.
  • FIG. 7 is a schematic diagram of an application scenario of a packet processing method according to Embodiment 3 of the present invention.
  • Embodiment 1 is a diagrammatic representation of Embodiment 1:
  • this embodiment provides a packet processing method, as shown in FIG. 1:
  • the network device in this embodiment may be a switch or a router.
  • the SDN domain VLAN ID and the traditional domain VLAN ID can be configured on the port of the network device.
  • the VLAN ID of the SDN domain configured for the port of the network device is VLAN 3 to VLAN 9.
  • the VLAN ID of the traditional domain is VLAN 13 to VLAN 19. This indicates that the port can handle the SDN domain services of VLANs 3 to 9 and the traditional domain services of VLANs 13 to 19. It can be understood that the VLAN identifier of the SDN domain and the VLAN identifier of the legacy domain should be different under the same port.
  • the packet should contain at least the VLAN information of the packet.
  • the VLAN information can be used to determine the processing mode of the packet according to the VLAN identifier configured on the port that receives the packet.
  • S104 Determine, according to the VLAN information carried in the packet and the VLAN identifier configured on the port that transmits the packet, the processing mode of the packet, and perform corresponding processing on the packet.
  • the hardware forwarding table stores some packet forwarding rules corresponding to the destination information, where the destination information includes the destination IP address or the destination MAC address of the packet. Taking the destination information as an IP address as an example, for a packet whose destination information is "125.120.218.106", the forwarding rule stored in the hardware forwarding table is transmitted from port 4; taking the destination information as a MAC address as an example, If the destination MAC address is "00-01-6C-06-A6-29", the packet is output from port 7 of the network device. Therefore, after receiving a packet, the port of the network device can pass The packet destination information carried in the packet is queried in the hardware forwarding table.
  • the network device can directly follow the packet according to the hardware.
  • the forwarding rules in the forwarding table are transmitted. For those packets that cannot be queried from the hardware forwarding table, that is, packets that do not record forwarding rules in the hardware forwarding table, we call it "unknown unicast.”
  • flooding is a data stream delivery technology used by switches and bridges to send data streams received by an interface from all interfaces except the interface.
  • the virtual forwarding instance corresponding to the VLAN information in the packet, and corresponding to the port configured with the VLAN identifier corresponding to the VLAN information.
  • the correspondence between the virtual forwarding instance and the port can be one-to-one, but more often than one-to-many.
  • the VLAN information carried in a packet is VLAN 3.
  • VLAN 3 a virtual forwarding instance A can be obtained.
  • the virtual forwarding instance A corresponds to all the ports in the network device configured with the VLAN ID of VLAN 3. Therefore, the information of all the ports with the VLAN 3 identifier in the network device can be obtained through the virtual forwarding instance as a medium.
  • port 1, port 7, and port 8 all have the VLAN ID of VLAN 3. Therefore, port 1, port 7, and port 8 are the ports associated with the VLAN information in the packet.
  • the SDN domain processes the unknown unicast packets differently from the traditional ones.
  • the SDN port usually encapsulates the packets by using the protocol of the SDN domain, and then transmits the packets to the controller.
  • the controller processes the packets according to a series of algorithms. After the calculation, the forwarding processing rule for the message is determined. Then, after receiving the forwarding processing rule sent by the controller, the forwarding processing may be performed according to the forwarding processing rule. The rule forwards the packet accordingly.
  • each port of the network device processes only one type of service, either an SDN domain service or a traditional domain service, so each port only receives the related services of the type that can be processed by itself.
  • the SDN domain VLAN identifier and the traditional domain VLAN identifier are configured for one port at the same time. Therefore, one port can carry two types of services, that is, the SDN domain and the traditional domain. Therefore, the port of the network device in this embodiment is used.
  • the received packet may not be simply a packet of the SDN domain or a packet of the traditional domain.
  • the processing of these two types of messages is very different. Therefore, in this embodiment, after receiving the packet transmitted by the port of the network device, it is necessary to determine the processing manner for the packet, and it should be understood that determining the processing manner for the packet is actually the packet. Types are distinguished.
  • the SDN domain VLAN of VLAN 3 to VLAN 9 is configured for a port of the network device, and the traditional domain VLAN of VLAN 13 to VLAN 19 is also configured.
  • the VLAN information carried in the packet received by the port is VLAN 1.
  • the network device cannot process the packet. Therefore, the packet can be directly discarded.
  • the device determines whether the packet is an unknown unicast data packet. Determining whether a packet is an unknown unicast data packet can be mainly divided into two processes:
  • Any packet carries a protocol identifier. If a packet is a data packet, it may carry a relatively common TCP protocol identifier or a UDP protocol identifier. If it is a protocol packet, the protocol it carries is The identity is no longer the normal TCP protocol identifier or UDP protocol identifier. A specific type of protocol identifier is stored in the ACL. After obtaining the protocol identifier carried in the packet, the ACL can be searched in the ACL to determine that the protocol identifier carried in the packet is in the ACL. does it exist.
  • the packet is a protocol packet.
  • the protocol packet processing mode is simple and can be directly controlled.
  • the CPU sent to the network device is sent by the CPU to the protocol stack module in the network device for processing. If the corresponding protocol identifier does not exist in the ACL, the packet is a data packet.
  • the hardware forwarding table has been introduced in the foregoing, and the forwarding rules of the messages sent to these destinations are stored in the hardware forwarding table in units of destination information. Therefore, when a packet is received, the destination information carried in the packet may be found in the hardware forwarding table according to the destination information carried in the packet. If yes, the packet is not unknown.
  • the broadcast packet can be directly forwarded by the network device. If the destination information carried in the packet does not exist in the hardware forwarding table, it indicates that the network device does not currently know which specific packet should be forwarded to. On the port, therefore, the message belongs to an unknown unicast message.
  • the packet may be determined to belong to the SDN domain or the legacy domain according to the VLAN information in the packet and the VLAN identifier of the port transmitting the packet.
  • the method may be that the VLAN information in the packet matches the VLAN identifier of the SDN domain in the packet. If the matching succeeds, the packet belongs to the SDN domain. If the matching is unsuccessful, the packet belongs to the traditional domain. . Similarly, the VLAN information of the packet can be matched with the traditional domain VLAN identifier of the port. If the match is successful, the packet belongs to the traditional domain. Otherwise, the packet belongs to the SDN domain.
  • the SDN domain can process the unknown unicast data packets.
  • Figure 2 For the processing flow of unknown unicast data packets in the SDN domain, see Figure 2:
  • S202 Encapsulate the packet by using a protocol of the SDN domain, and then transmit the packet to the controller.
  • the packet is sent to the protocol stack module in the network device, and the SDN protocol stack in the protocol stack module is used to match the packet according to the SDN domain protocol.
  • the encapsulation process is performed, and the upper layer protocol tag is added and transmitted to the controller.
  • the SDN protocol mainly includes OpenFlow and the like.
  • the controller After receiving the encapsulated message, the controller determines how the message should be sent to its destination according to a series of algorithms or processing rules. These forwarding rules are included in the processing table and delivered to the network device.
  • the packet may be sent out according to the forwarding rule included in the processing table.
  • the packet indicating that the destination information is A should be sent out on the network device's port 3, according to the indication.
  • the message is transmitted to port 3.
  • the processing table can be updated to facilitate subsequent network device processing of subsequent packets.
  • the packet can be processed according to the forwarding rule corresponding to the destination information A.
  • the switchable chip can obtain a virtual forwarding instance from the forwarding control module. If the VLAN identifier of each port is different in a switch, the virtual forwarding instance can be obtained only according to the packet. The included VLAN information is carried out. If the two ports of a switch are the SDN port and the traditional port, and the two ports are configured with the same VLAN ID, you can obtain the virtual forwarding instance based on the VLAN information in the packet and receive the packet. The identification information of the port is used to obtain the virtual forwarding instance. The forwarding control module determines whether the packet is received by the SDN port or received by the traditional port according to the identification information of the port, so that the packet is allocated virtual forwarding according to the actual situation. Example.
  • S304 Determine, according to the virtual forwarding instance, a port that is a flooding outlet of the packet.
  • the virtual forwarding instance corresponds to the VLAN information in the packet. It also corresponds to the port configured with the VLAN ID corresponding to the VLAN information.
  • the mapping between the virtual forwarding instance and the port can be one-to-one, but more The situation is one-to-many.
  • the SDN domain uses the protocol of the SDN domain to encapsulate the packet, and the process of encapsulation processing is generally performed by the CPU of the network device. Therefore, when the packet is determined When the MPLS domain belongs to the unknown unicast data packet, the forwarding control module can also obtain the corresponding virtual forwarding instance.
  • the virtual forwarding instance indicates that the flooding exit of the packet is the CPU.
  • the present invention provides a scheme for configuring the same VLAN identifier for an SDN port and a legacy port.
  • the same VLAN is configured on different ports, which can effectively save VLAN resources and improve resource utilization. .
  • the underlying switching chip will report the MAC information or routing information of the packet after receiving the message, and then report the learning message to the upper layer software for processing by the upper layer software, but for the SDN domain, It is not necessary to need such a learning message, and therefore, it can be discarded directly. Therefore, in this embodiment, after receiving the learning message, it may first determine whether the learning message is an SDN domain, and if so, discard it directly, and if not, hand the learning message to the upper layer software for processing.
  • the SDN domain VLAN identifier and the traditional domain VLAN identifier can be configured on one port at the same time, and the VLAN information carried in the packet and the corresponding port are received when the packet is received.
  • the configured VLAN ID determines how the packet is processed.
  • the same port on the network device can process the service of the SDN domain and the service of the traditional domain at the same time, and the corresponding port is not separately set for the service of the SDN domain and the service of the traditional domain, thereby saving the network device.
  • the port resource realizes the optimal configuration of resources, which is beneficial to the improvement of network application flexibility.
  • Embodiment 2 is a diagrammatic representation of Embodiment 1:
  • the present embodiment provides a message processing apparatus.
  • the message processing apparatus 40 shown in FIG. 4 includes a receiving module 402 and a processing module 404.
  • the receiving module 402 is configured to receive a message transmitted by the network device port.
  • the network device in this embodiment may be a switch or a router.
  • the SDN domain VLAN ID and the traditional domain VLAN ID can be configured on the port of the network device.
  • the VLAN ID of the SDN domain configured for the port of the network device is VLAN 3 to VLAN 9.
  • the VLAN ID of the traditional domain is VLAN 13 to VLAN 19. This indicates that the port can handle the SDN domain services of VLANs 3 to 9 and the traditional domain services of VLANs 13 to 19. It can be understood that the VLAN identifier of the SDN domain and the VLAN identifier of the legacy domain should be different under the same port.
  • the packet should contain at least the VLAN information of the packet.
  • the VLAN information can be used to determine the processing mode of the packet according to the VLAN identifier configured on the port that receives the packet.
  • the processing module 404 determines the processing mode of the packet according to the VLAN information carried in the packet and the VLAN identifier configured on the port for transmitting the packet, and performs corresponding processing on the packet.
  • the hardware forwarding table stores some packet forwarding rules corresponding to the destination information, where the destination information includes the destination IP address or the destination MAC address of the packet. Taking the destination information as an IP address as an example, for a packet whose destination information is "125.120.218.106", the forwarding rule stored in the hardware forwarding table is transmitted from port 4; taking the destination information as a MAC address as an example, If the destination MAC address is "00-01-6C-06-A6-29", the packet is output from port 7 of the network device. Therefore, after receiving a packet, the port of the network device can query the destination information of the packet carried in the packet to the hardware forwarding table. If it is found that the destination of the packet has been recorded in the hardware forwarding table.
  • the forwarding rule of the information the network device can directly transmit the packet according to the forwarding rule in the hardware forwarding table. For those packets that cannot be queried from the hardware forwarding table, that is, packets that do not record forwarding rules in the hardware forwarding table, we call it "unknown unicast.”
  • flooding is a data stream delivery technology used by switches and bridges to send data streams received by an interface from all interfaces except the interface.
  • the virtual forwarding instance corresponding to the VLAN information in the packet, and corresponding to the port configured with the VLAN identifier corresponding to the VLAN information.
  • the correspondence between the virtual forwarding instance and the port can be one-to-one, but more often than one-to-many.
  • the VLAN information carried in a packet is VLAN 3.
  • VLAN 3 a virtual forwarding instance A can be obtained.
  • the virtual forwarding instance A corresponds to all the ports in the network device configured with the VLAN ID of VLAN 3. Therefore, the information of all the ports with the VLAN 3 identifier in the network device can be obtained through the virtual forwarding instance as a medium.
  • port 1, port 7, and port 8 all have the VLAN ID of VLAN 3. Therefore, port 1, port 7, and port 8 are the ports associated with the VLAN information in the packet.
  • the SDN domain processes the unknown unicast packets differently from the traditional ones.
  • the SDN port usually encapsulates the packets by using the protocol of the SDN domain, and then transmits the packets to the controller.
  • the controller processes the packets according to a series of algorithms. After the calculation, the forwarding processing rule for the message is determined. Then, after receiving the forwarding processing rule sent by the controller, the packet may be forwarded according to the forwarding processing rule.
  • each port of the network device processes only one type of service, either an SDN domain service or a traditional domain service, so each port only receives the related services of the type that can be processed by itself.
  • the SDN domain VLAN identifier and the traditional domain VLAN identifier are configured for one port at the same time. Therefore, one port can carry two types of services, that is, the SDN domain and the traditional domain. Therefore, the port of the network device in this embodiment is used. Connect The received packet may no longer be simply a message in the SDN domain or a message in the traditional domain. However, the processing of these two types of messages is very different. Therefore, in this embodiment, after receiving the packet transmitted by the port of the network device, it is necessary to determine the processing manner for the packet, and it should be understood that determining the processing manner for the packet is actually the packet. Types are distinguished.
  • the SDN domain VLAN of VLAN 3 to VLAN 9 is configured for a port of the network device, and the traditional domain VLAN of VLAN 13 to VLAN 19 is also configured.
  • the VLAN information carried in the packet received by the port is VLAN 1.
  • the network device cannot process the packet. Therefore, the packet can be directly discarded.
  • the device determines whether the packet is an unknown unicast data packet. Determining whether a packet is an unknown unicast data packet can be mainly divided into two processes:
  • Any packet carries a protocol identifier. If a packet is a data packet, it may carry a relatively common TCP protocol identifier or a UDP protocol identifier. If it is a protocol packet, the protocol it carries is The identity is no longer the normal TCP protocol identifier or UDP protocol identifier. A specific type of protocol identifier is stored in the ACL. After obtaining the protocol identifier carried in the packet, the ACL can be searched in the ACL to determine that the protocol identifier carried in the packet is in the ACL. does it exist.
  • the packet is a protocol packet.
  • the protocol packet is processed in a simple manner. You can control the CPU directly to send it to the CPU of the network device. The protocol is sent to the protocol stack module in the network device for processing. If the corresponding protocol identifier does not exist in the ACL, the packet is a data packet.
  • the hardware forwarding table has been introduced in the foregoing, and the forwarding rules of the messages sent to these destinations are stored in the hardware forwarding table in units of destination information. Therefore, when receiving a message, it can also be based on the message.
  • the destination information is carried in the hardware forwarding table to check whether the destination information carried in the packet exists. If it exists, the packet is not an unknown unicast packet, and can be directly forwarded by the network device; If the destination information of the packet does not exist in the hardware forwarding table, the network device does not know which port to forward the packet to. The packet belongs to the unknown unicast packet.
  • the packet may be determined to belong to the SDN domain or the legacy domain according to the VLAN information in the packet and the VLAN identifier of the port transmitting the packet.
  • the method may be that the VLAN information in the packet matches the VLAN identifier of the SDN domain in the packet. If the matching succeeds, the packet belongs to the SDN domain. If the matching is unsuccessful, the packet belongs to the traditional domain. . Similarly, the VLAN information of the packet can be matched with the traditional domain VLAN identifier of the port. If the match is successful, the packet belongs to the traditional domain. Otherwise, the packet belongs to the SDN domain.
  • the processing module 404 can process the processing manner of the unknown unicast data packet according to the SDN domain:
  • the processing module 404 encapsulates the packet by using the protocol of the SDN domain and transmits the packet to the controller.
  • the processing module 404 sends the packet to the protocol stack module in the network device, and the SDN protocol stack in the protocol stack module is based on the SDN domain protocol.
  • the packet is encapsulated, and the upper layer protocol tag is added to the controller.
  • the SDN protocol mainly includes OpenFlow and the like.
  • the controller After receiving the encapsulated message, the controller determines how the message should be sent to its destination according to a series of algorithms or processing rules. These forwarding rules are included in the processing table and delivered to the network device.
  • the processing module 404 receives a processing table for the message sent by the controller.
  • the processing module 404 forwards the message according to the processing table and further includes information included in the processing table. New to hardware forwarding table.
  • the packet may be sent according to the forwarding rule included in the processing table. For example, if the packet indicating that the destination information is A in the processing table should be sent by the port 3 of the network device, Transfer the message to port 3 according to the instructions. For all the data packets whose destination information is A in the SDN domain, the data packet can be forwarded from port 3 according to the forwarding rule. Therefore, in order to facilitate subsequent network device processing of subsequent packets, the processing module 404 can The processing table is updated to the hardware forwarding table. After the packet whose destination information is also A is reappeared in the subsequent process, the packet can be processed according to the forwarding rule corresponding to the destination information A.
  • the processing module 404 can process the processing manner of the unknown unicast data packet according to the traditional domain:
  • the processing module 404 obtains a corresponding virtual forwarding instance according to the VLAN information included in the packet.
  • the switchable chip can obtain a virtual forwarding instance from the forwarding control module. If the VLAN identifier of each port is different in a switch, the virtual forwarding instance can be obtained only according to the packet. The included VLAN information is carried out. If the two ports of a switch are the SDN port and the traditional port, and the two ports are configured with the same VLAN ID, you can obtain the virtual forwarding instance based on the VLAN information in the packet and receive the packet. The identification information of the port is used to obtain the virtual forwarding instance. The forwarding control module determines whether the packet is received by the SDN port or received by the traditional port according to the identification information of the port, so that the packet is allocated virtual forwarding according to the actual situation. Example.
  • the virtual forwarding instance corresponds to the VLAN information in the packet. It also corresponds to the port configured with the VLAN ID corresponding to the VLAN information.
  • the mapping between the virtual forwarding instance and the port can be one-to-one, but more The situation is one-to-many.
  • the processing module 404 determines, as the virtual forwarding instance, a port that is a flooding outlet of the packet.
  • the SDN domain protocol is used to encapsulate the packet processing, and the process of encapsulation processing is generally performed by the network device.
  • the CPU performs the process. Therefore, when it is determined that the packet belongs to the SDN domain and the unknown unicast data packet, the forwarding control module may also obtain the corresponding virtual forwarding instance, but the virtual forwarding instance indicates the flooding of the packet.
  • the exit is CPU.
  • processing module 404 floods the message to determine each port.
  • the present invention provides a scheme for configuring the same VLAN identifier for an SDN port and a legacy port.
  • the same VLAN is configured on different ports, which can effectively save VLAN resources and improve resource utilization. .
  • the underlying switching chip will report the MAC information or routing information of the packet after receiving the message, and then report the learning message to the upper layer software for processing by the upper layer software, but for the SDN domain, It is not necessary to need such a learning message, and therefore, it can be discarded directly. Therefore, in this embodiment, after receiving the learning message, the processing module 404 may first determine whether the learning message is an SDN domain, and if so, discard it directly, and if not, hand the learning message to the upper layer software for processing. .
  • the packet processing apparatus 40 provided in this embodiment may be deployed on a switch or a router, where the receiving module 402 may be implemented by a switch chip in a switch or a router, and the processing module 404 may be replaced by a switch chip in a switch or a router.
  • the CPU is implemented together.
  • the controller may be a physical device or an application running on a general purpose server.
  • the packet processing apparatus 40 of the present embodiment can simultaneously configure the SDN domain VLAN identifier and the traditional domain VLAN identifier on one port, and according to the VLAN information and the corresponding port carried in the packet when receiving the packet transmission packet.
  • the VLAN ID configured below determines how the packet is processed.
  • the same port on the network device can process the service of the SDN domain and the service of the traditional domain at the same time, and the corresponding port is not separately set for the service of the SDN domain and the service of the traditional domain, thereby saving the network device.
  • the port resource realizes the optimal configuration of resources, which is beneficial to the improvement of network application flexibility.
  • Embodiment 3 is a diagrammatic representation of Embodiment 3
  • the message processing method and the second embodiment in the first embodiment are provided below with reference to specific examples.
  • the packet processing device is described.
  • the network device in this embodiment takes a switch as an example. However, those skilled in the art should understand that the network device may also be a router.
  • FIG. 5 shows a switch in this embodiment. Schematic diagram of the structure:
  • the switch 5 includes a switch chip 51 and a CPU 52.
  • the switch chip 51 receives the message transmitted by the external device through the port.
  • the switch provides a configuration interface.
  • the user can configure the configuration of the switch 5 from the configuration interface. For example, the user can configure the VLAN ID of the SDN domain and the VLAN ID of the traditional domain on one port 511 of the switch chip 5.
  • the port 511 receives the packet.
  • the switch chip 51 After receiving the packet, the switch chip 51 can extract the VLAN information contained in the packet.
  • the switch chip 51 determines whether the extracted VLAN information exists in the configuration of the port 511.
  • the switch chip 51 determines whether the message is a data message.
  • the device can determine whether the packet is a data packet according to the protocol identifier and the access control list included in the packet. If yes, execute S605, otherwise, execute S606.
  • the switch chip 51 discards the packet.
  • the switch cannot process the packet. Therefore, the packet can be directly discarded.
  • the switch chip 51 determines whether the message is an unknown unicast message.
  • the device determines whether the data packet is an unknown unicast packet according to the destination information carried in the hardware forwarding table and the packet. If yes, execute S607; otherwise, execute S608.
  • the switch chip 51 sends the message to the CPU.
  • the packet is a data packet, it indicates that the packet is a protocol packet.
  • the protocol packet is processed in a simple manner and can be directly sent to the CPU of the network device.
  • the switch chip 51 determines whether the packet belongs to the SDN domain according to the VLAN information in the packet and the VLAN identifier of the port that transmits the packet.
  • the VLAN information in the packet is matched with the VLAN ID of the SDN domain in the packet. If the matching succeeds, the packet belongs to the SDN domain. If the matching is unsuccessful, the packet is reported. The text belongs to the traditional domain.
  • the switch chip 51 forwards the packet according to the hardware forwarding table.
  • the forwarding process may be directly performed according to the corresponding forwarding rule.
  • the switch chip floods the packet.
  • the packet can be reported to the CPU. If the packet is a Layer 2 service, it is based on the ACL (Access Control List ACL). If it is a Layer 3 service, it is routed. If the result of the judgment is no, the packet belongs to the traditional domain, and the packet can be directly flooded according to the processing manner of the unknown unicast data packet.
  • ACL Access Control List ACL
  • S610 The CPU determines, according to the VLAN information in the packet and the VLAN identifier of the port that transmits the packet, whether the packet belongs to the SDN domain.
  • the packets reported to the CPU are not all unicast data packets of the SDN domain, and may be protocol packets of the traditional domain. Therefore, the CPU needs to judge before performing the encapsulation process. When the judgment result is yes, Then execute S611.
  • the CPU encapsulates the packet by using a protocol of the SDN domain.
  • the controller 6 After receiving the encapsulated message, the controller 6 determines how the message should be sent to its destination according to a series of algorithms or processing rules. These forwarding rules will be included in the processing table It is sent to the forwarding control module in the CPU.
  • FIG. 7 is an application scenario of the packet processing method provided by the embodiment: the server 71 and the server 72 respectively access the network device 73 and the network device 74, and the connection ports of the network devices 73 and 74 are SDN ports, and the server The forwarding of service traffic of 71 and 72 is controlled by the SDN control plane.
  • the servers 71 and 72 access the storage network and also access through the SDN instance port, but this part of the traffic goes away from the traditional control plane and is not controlled by the SDN controller. Since the servers 71 and 72 are accessed through a single network card, the connection ports of the network device 73 and the network device 74 and the servers 71 and 72 must follow the traditional plane control plane from the SDN control plane.
  • the packet processing method and device provided in this embodiment can ensure that the same port is controlled by the traditional protocol layer and can be controlled by the controller, which saves port resources and greatly increases the flexibility of application of the SDN switch in some scenarios. Sex.
  • modules or steps of the above embodiments of the present invention can be implemented by a general computing device, which can be concentrated on a single computing device or distributed among multiple computing devices.
  • they may be implemented by program code executable by the computing device, such that they may be stored in a computer storage medium (ROM/RAM, disk, optical disk) by a computing device, and at some
  • the steps shown or described may be performed in an order different than that herein, or they may be separately fabricated into individual integrated circuit modules, or a plurality of modules or steps may be fabricated into a single integrated circuit module. . Therefore, the invention is not limited to any particular combination of hardware and software.
  • the data packet processing method and apparatus provided by the embodiment of the present invention have the following beneficial effects: the same port on the network device can simultaneously process the service of the SDN domain and the service of the traditional domain, and need not be separately
  • the services of the SDN domain and the services of the traditional domain are respectively set to corresponding ports, thereby saving port resources of the network device and realizing optimal resource configuration.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Provided in the embodiments of the present invention are a data-message processing method and apparatus; an SDN domain VLAN identifier and conventional domain VLAN identifier are preconfigured on a port; after a message transmitted by the port is received, a means for processing said message is determined according to VLAN information carried in the message and a VLAN identifier configured for the corresponding port. The means is such that the same port on a network device may simultaneously process an SDN domain service and a conventional domain service; it is unnecessary to set separate ports for an SDN domain service and a conventional domain service, and thus port resources of the network device are conserved and optimal resource configuration is achieved.

Description

一种数据报文处理方法及装置Data message processing method and device 技术领域Technical field
本发明涉及通信设备领域,尤其涉及一种数据报文处理方法及装置。The present invention relates to the field of communications devices, and in particular, to a data packet processing method and apparatus.
背景技术Background technique
传统IT(Internet Technology,互联网技术)架构中的网络,根据业务需求部署上线以后,如果业务需求发生变动,重新修改相应网络设备(路由器、交换机、防火墙)上的配置是一件非常繁琐的事情。在互联网/移动互联网瞬息万变的业务环境下,网络的高稳定与高性能并不足以满足业务需求,反而设备配置的灵活性和敏捷性更为关键。After the network in the traditional Internet (Internet Technology) architecture is deployed according to business requirements, if the service requirements change, it is very cumbersome to re-configure the configuration on the corresponding network devices (routers, switches, firewalls). In the fast-changing business environment of the Internet/mobile Internet, the high stability and high performance of the network are not enough to meet the business needs. On the contrary, the flexibility and agility of the device configuration are more critical.
因此,SDN(Software Defined Network,软件定义网络)应运而生,SDN是一种新型网络创新架构,是网络虚拟化的一种实现方式,其核心技术开放流OpenFlow通过将网络设备控制面与数据面分离开来,从而实现了网络流量的灵活控制,使网络作为管道变得更加智能。SDN所做的事是将网络设备上的控制权分离出来,由集中的控制器管理,无须依赖底层网络设备(路由器、交换机、防火墙),屏蔽了来自底层网络设备的差异。同时,在SDN的架构下,网络设备的控制权是完全开放的,用户可以根据自己的期望自定义任何想实现的网络路由和传输规则策略,这使得网络变得更加灵活和智能。Therefore, SDN (Software Defined Network) emerges as the times require. SDN is a new type of network innovation architecture. It is an implementation of network virtualization. Its core technology OpenFlow OpenFlow through the control plane and data plane of network equipment. Separate and separate, thus achieving flexible control of network traffic, making the network more intelligent as a pipeline. What SDN does is to separate the control of the network device, managed by a centralized controller, without relying on the underlying network devices (routers, switches, firewalls), shielding the differences from the underlying network devices. At the same time, under the SDN architecture, the control of the network device is completely open, and the user can customize any network routing and transmission rule policies that he wants to implement according to his own expectations, which makes the network more flexible and intelligent.
虽然SDN网络架构优势明显,而且网络未来的发展趋势也是更偏向SDN,但总体来说,目前传统域业务的应用还比较广泛,SDN尚未完全替代传统IT网络架构。所以,在从传统IT网络架构向SDN网络架构的过渡的期间,一台网络设备在具备SDN转发能力的同时,还要能够对传统域的业务进行处理。从而在一台网络设备上实现传统业务平面和SDN业务平面的双模式转发。Although the advantages of SDN network architecture are obvious, and the future development trend of the network is more biased towards SDN, in general, the application of traditional domain services is still widely used, and SDN has not completely replaced the traditional IT network architecture. Therefore, during the transition from the traditional IT network architecture to the SDN network architecture, a network device must be able to process the services of the traditional domain while having the SDN forwarding capability. Thus, dual mode forwarding of the traditional service plane and the SDN service plane is implemented on a network device.
现有技术中,为实现双模式转发的效果而采取的做法是:在SDN交 换机上事先做好规划,规划好哪些端口是用于处理SDN域业务的SDN端口,哪些端口是用于处理传统域业务的传统端口。一旦规划完成,一个端口所能承载的业务就已经确定了:SDN端口只能处理SDN域业务,当SDN端口接收到未知单播的报文之后,就会将该报文传输给CPU(中央处理器,Central Processing Unit),由CPU对报文进行封装处理之后再发送给控制器,由控制器确定该报文的转发处理规则。而传统端口只能涉及传统域业务,如果SDN交换机的传统端口接收到一个数据报文,则会将该数据报文进行洪泛处理。In the prior art, the approach taken to achieve the effect of dual mode forwarding is: at SDN The switch is planned in advance, and it is planned which ports are SDN ports for processing SDN domain services, and which ports are traditional ports for handling traditional domain services. Once the planning is completed, the service that can be carried by a port has been determined: the SDN port can only process the SDN domain service. When the SDN port receives the unknown unicast packet, it will transmit the packet to the CPU. (Central Processing Unit), the CPU encapsulates the packet and sends it to the controller, and the controller determines the forwarding processing rule of the packet. A traditional port can only be used for traditional domain services. If a traditional port of an SDN switch receives a data packet, it will flood the data packet.
虽然上述方案能够使一个交换机能够同时处理SDN域的业务和传统域的业务,但是这种做法只是将SDN交换机与传统交换机进行了简单的物理融合,SDN域业务和传统域业务还是通过端口进行了隔离,这种做法不利于资源的优化配置,网络应用的灵活性不够。Although the above solution enables a switch to simultaneously handle the services of the SDN domain and the services of the traditional domain, the practice is simply to physically integrate the SDN switch with the traditional switch, and the SDN domain service and the traditional domain service are still performed through the port. Isolation is not conducive to the optimal configuration of resources, and the flexibility of network applications is not enough.
发明内容Summary of the invention
本发明实施例提供的一种数据报文处理方法及装置,主要解决的技术问题是:解决现有技术中在实现网络设备双模式业务处理时,只是简单地将SDN域的网络设备与传统网络设备的端口进行物理上的融合,不能对网络设备的端口进行复用,使得资源利用率低,网络灵活性低。The data packet processing method and device provided by the embodiment of the present invention mainly solve the technical problem: when the dual-mode service processing of the network device is implemented in the prior art, the network device of the SDN domain and the traditional network are simply The ports of the device are physically fused. The ports of the network device cannot be reused, resulting in low resource utilization and low network flexibility.
为解决上述技术问题,本发明实施例提供一种报文处理方法,包括:To solve the above technical problem, an embodiment of the present invention provides a packet processing method, including:
接收网络设备的端口传输的报文,所述端口下同时配置有SDN域VLAN标识和传统域VLAN标识,所述报文中携带有VLAN信息;Receiving the packet transmitted by the port of the network device, the port is configured with the SDN domain VLAN identifier and the traditional domain VLAN identifier, and the packet carries the VLAN information.
根据所述报文中携带的VLAN信息以及所述端口下配置的VLAN标识确定针对所述报文的处理方式,并对所述报文进行相应的处理。The processing manner of the packet is determined according to the VLAN information carried in the packet and the VLAN identifier configured on the port, and the packet is processed accordingly.
本发明实施例还提供一种报文处理装置,包括:The embodiment of the invention further provides a message processing device, including:
接收模块,设置为接收网络设备的端口传输的报文,所述端口下同时配置有SDN域VLAN标识和传统域VLAN标识,所述报文中携带有VLAN信息; a receiving module, configured to receive a packet transmitted by a port of the network device, where the port is configured with an SDN domain VLAN identifier and a traditional domain VLAN identifier, where the packet carries VLAN information;
处理模块,设置为根据所述报文中携带的VLAN信息以及所述端口下配置的VLAN标识确定针对所述报文的处理方式,并对所述报文进行相应的处理。The processing module is configured to determine a processing manner of the packet according to the VLAN information carried in the packet and the VLAN identifier configured on the port, and perform corresponding processing on the packet.
本发明实施例还提供一种计算机存储介质,所述计算机存储介质中存储有计算机可执行指令,所述计算机可执行指令用于执行前述的任一项的报文处理方法。The embodiment of the present invention further provides a computer storage medium, where the computer storage medium stores computer executable instructions, and the computer executable instructions are used to execute the message processing method of any of the foregoing.
本发明的有益效果是:The beneficial effects of the invention are:
根据本发明实施例提供的报文处理方法、装置以及计算机存储介质,通过预先在端口下配置SDN域VLAN标识和传统域VLAN标识,当接收到端口传输的报文之后,根据报文中携带的VLAN信息与对应端口下配置的VLAN标识确定针对该报文的处理方式。这种方式使得网络设备上的同一个端口可以同时处理SDN域的业务和传统域的业务,不需要再分别为SDN域的业务和传统域的业务分别设置对应的端口,从而节约了网络设备的端口资源,实现了资源的优化配置。According to the packet processing method and device and the computer storage medium provided by the embodiment of the present invention, the SDN domain VLAN identifier and the traditional domain VLAN identifier are configured on the port in advance, and after receiving the packet transmitted by the port, according to the packet carrying the packet The VLAN ID and the VLAN ID configured on the corresponding port determine how the packet is processed. In this way, the same port on the network device can process the service of the SDN domain and the service of the traditional domain at the same time, and the corresponding port is not separately set for the service of the SDN domain and the service of the traditional domain, thereby saving the network device. Port resources enable optimal configuration of resources.
附图说明DRAWINGS
图1为本发明实施例一提供的报文处理方法的一种流程图;FIG. 1 is a flowchart of a packet processing method according to Embodiment 1 of the present invention;
图2为本发明实施例一中对SDN域未知单播的数据报文的处理流程图;2 is a flowchart of processing a data packet of an unknown unicast SDN domain according to Embodiment 1 of the present invention;
图3为本发明实施例一中对SDN域未知单播的数据报文的处理流程图;3 is a flowchart of processing a data packet of an unknown unicast SDN domain according to Embodiment 1 of the present invention;
图4为本发明实施例二提供的报文处理装置的一种结构示意图;4 is a schematic structural diagram of a packet processing apparatus according to Embodiment 2 of the present invention;
图5为本发明实施例三提供的一种交换机的结构示意图;FIG. 5 is a schematic structural diagram of a switch according to Embodiment 3 of the present invention;
图6为本发明实施例三提供的交换机处理报文的一种流程图;FIG. 6 is a flowchart of processing a packet by a switch according to Embodiment 3 of the present invention;
图7为本发明实施例三提供的报文处理方法应用场景图。FIG. 7 is a schematic diagram of an application scenario of a packet processing method according to Embodiment 3 of the present invention.
具体实施方式 detailed description
下面通过具体实施方式结合附图对本发明实施例作进一步详细说明。The embodiments of the present invention are further described in detail below with reference to the accompanying drawings.
实施例一:Embodiment 1:
由于现有技术中在实现双模式转发的效果的时候只能是在规划阶段就将网络设备各端口所承载的业务进行固化,使得网络设备的端口作用僵化,不能为用户提供灵活的业务服务,更重要的是,处理SDN域业务的端口和处理传统域业务的端口分开,这种做法对端口资源的浪费极大,不利于资源的优化配置。基于此,本实施例提供一种报文处理方法,请参见图1:In the prior art, when the effect of the dual mode forwarding is implemented, the services carried by the ports of the network device can be hardened in the planning phase, so that the port function of the network device is rigid and cannot provide flexible service services for the user. More importantly, the port that handles the SDN domain service is separated from the port that handles the traditional domain service. This method wastes a lot of port resources and is not conducive to optimal resource configuration. Based on this, this embodiment provides a packet processing method, as shown in FIG. 1:
S102、接收网络设备端口传输的报文。S102. Receive a packet transmitted by a network device port.
本实施例中的网络设备可以是交换机或者是路由器。网络设备的端口下可以同时配置SDN域VLAN标识和传统域VLAN标识,例如,给网络设备一个端口配置的SDN域VLAN标识为VLAN3~VLAN9,传统域的VLAN标识为VLAN13~VLAN19。这标志着该端口可以处理VLAN3~VLAN9的SDN域业务,同时还可以处理VLAN13~VLAN19的传统域业务。可以理解的是,在同一个端口下,SDN域的VLAN标识和传统域的VLAN标识应当不同。The network device in this embodiment may be a switch or a router. The SDN domain VLAN ID and the traditional domain VLAN ID can be configured on the port of the network device. For example, the VLAN ID of the SDN domain configured for the port of the network device is VLAN 3 to VLAN 9. The VLAN ID of the traditional domain is VLAN 13 to VLAN 19. This indicates that the port can handle the SDN domain services of VLANs 3 to 9 and the traditional domain services of VLANs 13 to 19. It can be understood that the VLAN identifier of the SDN domain and the VLAN identifier of the legacy domain should be different under the same port.
在报文中至少应当包含有该报文的VLAN信息,VLAN信息可以用于根据接收该报文的端口下所配置的VLAN标识来确定对该报文的处理方式。The packet should contain at least the VLAN information of the packet. The VLAN information can be used to determine the processing mode of the packet according to the VLAN identifier configured on the port that receives the packet.
S104、根据报文中携带的VLAN信息以及传输报文的端口下配置的VLAN标识确定针对该报文的处理方式,并对报文进行相应的处理。S104. Determine, according to the VLAN information carried in the packet and the VLAN identifier configured on the port that transmits the packet, the processing mode of the packet, and perform corresponding processing on the packet.
在网络设备中,硬件转发表中存储了一些目的地信息对应的报文转发规则,这里的目的地信息包括报文的目的IP或者目的MAC地址。以目的地信息为IP地址为例,对于目的地信息为“125.120.218.106”的报文,在硬件转发表中存储的转发规则是从port4传输出去;以目的地信息为MAC地址为例,对于目的MAC为“00-01-6C-06-A6-29”的报文,则从网络设备的port7输出。所以,网络设备的端口接收到一个报文后,可以通过将 报文中携带的报文目的地信息到硬件转发表中进行查询,如果发现硬件转发表中已经记录了对应于该报文目的地信息的转发规则,那么网络设备可以直接将该报文按照硬件转发表中的转发规则传输出去。而对于那些无法从硬件转发表中查询到转发规则的报文,即硬件转发表中没有记录转发规则的报文,我们称之为“未知单播”。In the network device, the hardware forwarding table stores some packet forwarding rules corresponding to the destination information, where the destination information includes the destination IP address or the destination MAC address of the packet. Taking the destination information as an IP address as an example, for a packet whose destination information is "125.120.218.106", the forwarding rule stored in the hardware forwarding table is transmitted from port 4; taking the destination information as a MAC address as an example, If the destination MAC address is "00-01-6C-06-A6-29", the packet is output from port 7 of the network device. Therefore, after receiving a packet, the port of the network device can pass The packet destination information carried in the packet is queried in the hardware forwarding table. If the forwarding rule corresponding to the destination information of the packet is already recorded in the hardware forwarding table, the network device can directly follow the packet according to the hardware. The forwarding rules in the forwarding table are transmitted. For those packets that cannot be queried from the hardware forwarding table, that is, packets that do not record forwarding rules in the hardware forwarding table, we call it "unknown unicast."
在交换机工作原理中,当交换机启动时,其硬件转发表是空的,所以如果此时主机A通过该交换机发送一个报文给主机B,那么当交换机接收到此报文时,并不能确定主机B在哪个端口上(因为硬件转发表中没有主机B的MAC或者IP地址),所以这个报文就是未知单播报文。In the working principle of the switch, when the switch starts, its hardware forwarding table is empty. Therefore, if host A sends a packet to host B through the switch, the switch cannot determine the host when receiving the packet. On which port B is located (because there is no MAC or IP address of host B in the hardware forwarding table), this packet is an unknown unicast packet.
对于未知单播报文,传统域的处理方式是对报文进行洪泛(Flooding)处理。泛洪是交换机和网桥使用的一种数据流传递技术,将某个接口收到的数据流从除该接口之外的所有接口发送出去。For an unknown unicast packet, the traditional domain is processed by flooding the packet. Flooding is a data stream delivery technology used by switches and bridges to send data streams received by an interface from all interfaces except the interface.
根据该报文中携带的VLAN信息获取到该报文的虚拟转发实例,虚拟转发实例与报文中的VLAN信息对应,同时,它也与配置有与该VLAN信息对应的VLAN标识的端口对应,虚拟转发实例与端口之间的对应关系可以是一对一,但更多的情况是一对多。例如,一个报文中携带的VLAN信息为VLAN3,根据VLAN3可以获取到一个虚拟转发实例A,该虚拟转发实例A与网络设备中所有配置了VLAN3这个VLAN标识的端口对应。因此,可以通过虚拟转发实例作为媒介,获取到网络设备中所有具有VLAN3标识的端口的信息。例如,在网络设备中,端口1、端口7、端口8都具备VLAN3这个VLAN标识,所以,端口1、端口7、端口8都是与报文中VLAN信息相关联的端口,这些端口也都可以作为报文的洪泛出口。Obtaining a virtual forwarding instance of the packet according to the VLAN information carried in the packet, the virtual forwarding instance corresponding to the VLAN information in the packet, and corresponding to the port configured with the VLAN identifier corresponding to the VLAN information. The correspondence between the virtual forwarding instance and the port can be one-to-one, but more often than one-to-many. For example, the VLAN information carried in a packet is VLAN 3. According to VLAN 3, a virtual forwarding instance A can be obtained. The virtual forwarding instance A corresponds to all the ports in the network device configured with the VLAN ID of VLAN 3. Therefore, the information of all the ports with the VLAN 3 identifier in the network device can be obtained through the virtual forwarding instance as a medium. For example, in a network device, port 1, port 7, and port 8 all have the VLAN ID of VLAN 3. Therefore, port 1, port 7, and port 8 are the ports associated with the VLAN information in the packet. As a flood of exports of messages.
而SDN域对未知单播报文的处理方式则与传统域有些不同,SDN端口通常会利用SDN域的协议对该报文进行封装,然后传输给控制器,由控制器根据一系列的算法进行处理计算后确定针对该报文的转发处理规则。然后在接收到控制器下发的转发处理规则之后,可以根据该转发处理 规则对报文进行对应的转发处理。The SDN domain processes the unknown unicast packets differently from the traditional ones. The SDN port usually encapsulates the packets by using the protocol of the SDN domain, and then transmits the packets to the controller. The controller processes the packets according to a series of algorithms. After the calculation, the forwarding processing rule for the message is determined. Then, after receiving the forwarding processing rule sent by the controller, the forwarding processing may be performed according to the forwarding processing rule. The rule forwards the packet accordingly.
由于现有技术中,网络设备的每个端口仅处理一类业务,要么是SDN域的业务,要么是传统域的业务,所以每一个端口也只会接收到自己可以处理的那类业务的相关报文。而本实施例中因为给一个端口同时配置了SDN域VLAN标识和传统域VLAN标识,所以一个端口可以承载SDN域和传统域两类业务,正是因为如此,所以本实施例中网络设备的端口接收到的报文可能不再单纯是SDN域的报文或者单纯是传统域的报文了。但针对这两类报文的处理方式有很大的不同。因此,在本实施例中,在接收到网络设备的端口传输的报文之后,需要确定针对该报文的处理方式,应当理解的是,确定针对报文的处理方式实际上就是对报文的类型进行区分。In the prior art, each port of the network device processes only one type of service, either an SDN domain service or a traditional domain service, so each port only receives the related services of the type that can be processed by itself. Message. In this embodiment, the SDN domain VLAN identifier and the traditional domain VLAN identifier are configured for one port at the same time. Therefore, one port can carry two types of services, that is, the SDN domain and the traditional domain. Therefore, the port of the network device in this embodiment is used. The received packet may not be simply a packet of the SDN domain or a packet of the traditional domain. However, the processing of these two types of messages is very different. Therefore, in this embodiment, after receiving the packet transmitted by the port of the network device, it is necessary to determine the processing manner for the packet, and it should be understood that determining the processing manner for the packet is actually the packet. Types are distinguished.
首先,假定给网络设备一个端口配置了VLAN3~VLAN9的SDN域VLAN,同时还配置了VLAN13~VLAN19的传统域VLAN;在此基础上,如果该端口接收到的报文中携带的VLAN信息为VLAN1,则该网络设备无法对这个报文进行处理,因此,可以直接将该报文丢弃。First, it is assumed that the SDN domain VLAN of VLAN 3 to VLAN 9 is configured for a port of the network device, and the traditional domain VLAN of VLAN 13 to VLAN 19 is also configured. On the basis of this, the VLAN information carried in the packet received by the port is VLAN 1. The network device cannot process the packet. Therefore, the packet can be directly discarded.
若接收到的报文中间携带的VLAN信息为VLAN7,则进一步判断该报文是否是未知单播的数据报文。判断一个报文是否是未知单播的数据报文主要可以分为两个过程:If the VLAN information carried in the received packet is VLAN 7, the device further determines whether the packet is an unknown unicast data packet. Determining whether a packet is an unknown unicast data packet can be mainly divided into two processes:
一、判断报文是否是数据报文。这个判断过程可以根据报文中包含的协议标识和访问控制列表进行。任何一个报文中都携带有协议标识,如果一个报文是数据报文,则其携带的可能就是比较普通的TCP协议标识或者UDP协议标识,而如果其为协议报文,那么其携带的协议标识就不再是这些普通的TCP协议标识或UDP协议标识了。在访问控制列表中保存了比较特殊的那一类协议标识,当获取到报文中携带的协议标识之后,可以在访问控制列表中进行查找,确定报文中携带的协议标识在访问控制列表中是否存在。如果访问控制列表中存在该报文携带的协议标识,则说明该报文为协议报文,对于协议报文的处理方式比较简单,可以控制直接将 其发送给网络设备的CPU,由CPU将其发送至网络设备中的协议栈模块进行处理;如果访问控制列表中不存在对应的协议标识,则说明该报文为数据报文。1. Determine whether the message is a data message. This judgment process can be performed according to the protocol identifier and the access control list included in the message. Any packet carries a protocol identifier. If a packet is a data packet, it may carry a relatively common TCP protocol identifier or a UDP protocol identifier. If it is a protocol packet, the protocol it carries is The identity is no longer the normal TCP protocol identifier or UDP protocol identifier. A specific type of protocol identifier is stored in the ACL. After obtaining the protocol identifier carried in the packet, the ACL can be searched in the ACL to determine that the protocol identifier carried in the packet is in the ACL. does it exist. If the protocol identifier carried in the packet exists in the ACL, the packet is a protocol packet. The protocol packet processing mode is simple and can be directly controlled. The CPU sent to the network device is sent by the CPU to the protocol stack module in the network device for processing. If the corresponding protocol identifier does not exist in the ACL, the packet is a data packet.
二、判断该报文是否是未知单播的报文。在前面已经介绍过硬件转发表了,在硬件转发表当中以目的地信息作为单位,存储了发送到这些目的地的报文的转发规则。所以当接收到一个报文的时候,还可以根据报文中携带的目的地信息,在硬件转发表中查找报文中携带的目的地信息是否存在,如果存在,则说明该报文不是未知单播报文,可以直接由网络设备进行普通的转发处理;如果在硬件转发表中不存在该报文携带的目的地信息,那么就说明网络设备当前还不知道应当将该报文转发到哪一个具体的端口上,因此,该报文属于未知单播报文。2. Determine whether the message is an unknown unicast message. The hardware forwarding table has been introduced in the foregoing, and the forwarding rules of the messages sent to these destinations are stored in the hardware forwarding table in units of destination information. Therefore, when a packet is received, the destination information carried in the packet may be found in the hardware forwarding table according to the destination information carried in the packet. If yes, the packet is not unknown. The broadcast packet can be directly forwarded by the network device. If the destination information carried in the packet does not exist in the hardware forwarding table, it indicates that the network device does not currently know which specific packet should be forwarded to. On the port, therefore, the message belongs to an unknown unicast message.
可以理解的是,在本实施例中,确定报文为数据报文和确定报文为未知单播报文的过程没有严格的时序限制。可以依次确定,也可以同时确定。It can be understood that, in this embodiment, there is no strict time limit for determining that the message is a data message and the process of determining that the message is an unknown unicast message. It can be determined sequentially or simultaneously.
当确定报文属于未知单播的数据报文之后,可以根据报文中的VLAN信息与传输该报文的端口下的VLAN标识确定该报文属于SDN域还是传统域。确定的方式可以是将该报文中的VLAN信息与端口下的SDN域的VLAN标识进行匹配,如果匹配成功则说明该报文属于SDN域,如果匹配不成功,则说明该报文属于传统域。同样的,也可以将该报文的VLAN信息与端口下的传统域VLAN标识进行匹配,如果匹配成功则说明该报文属于传统域,否则,该报文属于SDN域。After determining that the packet belongs to an unknown unicast data packet, the packet may be determined to belong to the SDN domain or the legacy domain according to the VLAN information in the packet and the VLAN identifier of the port transmitting the packet. The method may be that the VLAN information in the packet matches the VLAN identifier of the SDN domain in the packet. If the matching succeeds, the packet belongs to the SDN domain. If the matching is unsuccessful, the packet belongs to the traditional domain. . Similarly, the VLAN information of the packet can be matched with the traditional domain VLAN identifier of the port. If the match is successful, the packet belongs to the traditional domain. Otherwise, the packet belongs to the SDN domain.
对与那些属于SDN域的报文,可以按照SDN域对未知单播的数据报文的处理方式进行处理。SDN域对未知单播的数据报文的处理流程可以参见图2:For the packets that belong to the SDN domain, the SDN domain can process the unknown unicast data packets. For the processing flow of unknown unicast data packets in the SDN domain, see Figure 2:
S202、利用SDN域的协议对报文进行封装处理后传输给控制器。S202: Encapsulate the packet by using a protocol of the SDN domain, and then transmit the packet to the controller.
一般,在确定报文属于SDN域的未知单播数据报文之后,会将该报文上送至网络设备中的协议栈模块,由协议栈模块中的SDN协议栈根据SDN域协议对报文进行封装处理,加上上层协议标记之后传输给控制器。 SDN协议主要包括OpenFlow等。Generally, after determining that the packet belongs to the unknown unicast data packet of the SDN domain, the packet is sent to the protocol stack module in the network device, and the SDN protocol stack in the protocol stack module is used to match the packet according to the SDN domain protocol. The encapsulation process is performed, and the upper layer protocol tag is added and transmitted to the controller. The SDN protocol mainly includes OpenFlow and the like.
S204、接收控制器发送的针对报文的处理表。S204. Receive a processing table for the packet sent by the controller.
控制器在接收到经封装处理的报文之后,会根据一系列的算法或者处理规则确定出该报文应当如何发送至其目的地。这些转发规则会被包含在处理表中下发至网络设备。After receiving the encapsulated message, the controller determines how the message should be sent to its destination according to a series of algorithms or processing rules. These forwarding rules are included in the processing table and delivered to the network device.
S206、根据处理表对报文进行转发并将处理表中包含的信息更新至硬件转发表。S206. Forward the packet according to the processing table and update the information included in the processing table to the hardware forwarding table.
获取到处理表之后,可以根据处理表中包含的转发规则将报文发送出,例如在处理表中指示该目的地信息为A的报文应当网络设备的3号端口发送出去,则根据指示将报文传输至3号端口上。对于SDN域内所有的目的地信息为A的数据报文,以后都可以根据该转发规则从3号端口进行外发,因此,为了便于后续网络设备对后续报文的处理,可以将该处理表更新至硬件转发表中,当后续过程中再次出现目的地信息同样为A的报文后,可以根据该目的地信息A对应的转发规则对报文进行处理。After the processing table is obtained, the packet may be sent out according to the forwarding rule included in the processing table. For example, in the processing table, the packet indicating that the destination information is A should be sent out on the network device's port 3, according to the indication. The message is transmitted to port 3. For all the data packets whose destination information is A in the SDN domain, the data packet can be forwarded from port 3 according to the forwarding rule. Therefore, the processing table can be updated to facilitate subsequent network device processing of subsequent packets. In the hardware forwarding table, after the packet whose destination information is also A is reappeared in the subsequent process, the packet can be processed according to the forwarding rule corresponding to the destination information A.
对与那些属于传统域的报文,可以按照传统域对未知单播的数据报文的处理方式进行处理。传统域对未知单播的数据报文的处理流程可以参见图3:For packets that belong to the traditional domain, the processing of unknown unicast data packets can be processed according to the traditional domain. For the processing of unknown unicast data packets, see Figure 3:
S302、根据报文包含的VLAN信息获取对应的虚拟转发实例。S302. Obtain a corresponding virtual forwarding instance according to the VLAN information included in the packet.
在网络设备,例如,交换机当中,可以交换芯片可以从转发控制模块获取虚拟转发实例,如果在一个交换机当中,各个端口的VLAN标识不同,那么在获取虚拟转发实例的时候,可以仅根据报文中包含的VLAN信息进行。如果一个交换机的两个端口分别是SDN端口和传统端口,而这两个端口下配置有相同的VLAN标识,那么在获取虚拟转发实例的时候,可以根据报文中的VLAN信息和接收该报文的端口的标识信息来获取虚拟转发实例,便于转发控制模块根据端口的标识信息确定该报文到底是由SDN端口接收的,还是由传统端口接收的,从而根据实际情况为该报文分配虚拟转发实例。 In a network device, for example, a switch, the switchable chip can obtain a virtual forwarding instance from the forwarding control module. If the VLAN identifier of each port is different in a switch, the virtual forwarding instance can be obtained only according to the packet. The included VLAN information is carried out. If the two ports of a switch are the SDN port and the traditional port, and the two ports are configured with the same VLAN ID, you can obtain the virtual forwarding instance based on the VLAN information in the packet and receive the packet. The identification information of the port is used to obtain the virtual forwarding instance. The forwarding control module determines whether the packet is received by the SDN port or received by the traditional port according to the identification information of the port, so that the packet is allocated virtual forwarding according to the actual situation. Example.
S304、根据虚拟转发实例确定作为该报文洪泛出口的端口。S304. Determine, according to the virtual forwarding instance, a port that is a flooding outlet of the packet.
虚拟转发实例与报文中的VLAN信息对应,同时,它也与配置有与该VLAN信息对应的VLAN标识的端口对应,虚拟转发实例与端口之间的对应关系可以是一对一,但更多的情况是一对多。The virtual forwarding instance corresponds to the VLAN information in the packet. It also corresponds to the port configured with the VLAN ID corresponding to the VLAN information. The mapping between the virtual forwarding instance and the port can be one-to-one, but more The situation is one-to-many.
在SDN域对未知单播的数据报文的处理方式中,会利用SDN域的协议对报文进行封装处理,而封装处理的这个过程一般都会由网络设备的CPU来执行,因此,当确定报文属于SDN域对未知单播的数据报文时,也可以到转发控制模块上去获取对应的虚拟转发实例,只是这个虚拟转发实例中会指示报文的洪泛出口为CPU。In the processing mode of the unicast data packet, the SDN domain uses the protocol of the SDN domain to encapsulate the packet, and the process of encapsulation processing is generally performed by the CPU of the network device. Therefore, when the packet is determined When the MPLS domain belongs to the unknown unicast data packet, the forwarding control module can also obtain the corresponding virtual forwarding instance. The virtual forwarding instance indicates that the flooding exit of the packet is the CPU.
S306、将报文洪泛到确定出各端口上。S306. Flooding the packet to determine each port.
在上面的介绍当中,本发明给出了一种给SDN端口和传统端口配置相同VLAN标识的方案,在该方案当中,不同的端口下配置相同的VLAN,可以有效节约VLAN资源,提高资源利用率。In the above description, the present invention provides a scheme for configuring the same VLAN identifier for an SDN port and a legacy port. In this solution, the same VLAN is configured on different ports, which can effectively save VLAN resources and improve resource utilization. .
在网络设备中,底层的交换芯片会在接收到的报文之后该报文的MAC信息或者是路由信息,然后将学习消息上报至上层软件,由上层软件进行处理,但是对于SDN域而言,不需要这种学习消息是不必要的,因此,可以直接丢弃。所以,在本实施例中,当接收到学习消息之后,可以先判断该学习消息是否是SDN域的,如果是,则直接丢弃,如果否,则将学习消息交给上层软件进行处理。In the network device, the underlying switching chip will report the MAC information or routing information of the packet after receiving the message, and then report the learning message to the upper layer software for processing by the upper layer software, but for the SDN domain, It is not necessary to need such a learning message, and therefore, it can be discarded directly. Therefore, in this embodiment, after receiving the learning message, it may first determine whether the learning message is an SDN domain, and if so, discard it directly, and if not, hand the learning message to the upper layer software for processing.
本实施例提供的报文处理方法,在一个端口下可以同时配置SDN域VLAN标识和传统域VLAN标识,在接收到端口传输的报文时,根据报文中携带的VLAN信息与对应的端口下配置的VLAN标识确定针对该报文的处理方式。这种方式使得网络设备上的同一个端口可以同时处理SDN域的业务和传统域的业务,不需要再分别为SDN域的业务和传统域的业务分别设置对应的端口,从而节约了网络设备的端口资源,实现了资源的优化配置,有利于网络应用灵活性的提高。In the packet processing method provided in this embodiment, the SDN domain VLAN identifier and the traditional domain VLAN identifier can be configured on one port at the same time, and the VLAN information carried in the packet and the corresponding port are received when the packet is received. The configured VLAN ID determines how the packet is processed. In this way, the same port on the network device can process the service of the SDN domain and the service of the traditional domain at the same time, and the corresponding port is not separately set for the service of the SDN domain and the service of the traditional domain, thereby saving the network device. The port resource realizes the optimal configuration of resources, which is beneficial to the improvement of network application flexibility.
实施例二: Embodiment 2:
本实施例提供一种报文处理装置,请参考图4,图4示出的报文处理装置40包括接收模块402和处理模块404。The present embodiment provides a message processing apparatus. Referring to FIG. 4, the message processing apparatus 40 shown in FIG. 4 includes a receiving module 402 and a processing module 404.
接收模块402设置为接收网络设备端口传输的报文。The receiving module 402 is configured to receive a message transmitted by the network device port.
本实施例中的网络设备可以是交换机或者是路由器。网络设备的端口下可以同时配置SDN域VLAN标识和传统域VLAN标识,例如,给网络设备一个端口配置的SDN域VLAN标识为VLAN3~VLAN9,传统域的VLAN标识为VLAN13~VLAN19。这标志着该端口可以处理VLAN3~VLAN9的SDN域业务,同时还可以处理VLAN13~VLAN19的传统域业务。可以理解的是,在同一个端口下,SDN域的VLAN标识和传统域的VLAN标识应当不同。The network device in this embodiment may be a switch or a router. The SDN domain VLAN ID and the traditional domain VLAN ID can be configured on the port of the network device. For example, the VLAN ID of the SDN domain configured for the port of the network device is VLAN 3 to VLAN 9. The VLAN ID of the traditional domain is VLAN 13 to VLAN 19. This indicates that the port can handle the SDN domain services of VLANs 3 to 9 and the traditional domain services of VLANs 13 to 19. It can be understood that the VLAN identifier of the SDN domain and the VLAN identifier of the legacy domain should be different under the same port.
在报文中至少应当包含有该报文的VLAN信息,VLAN信息可以用于根据接收该报文的端口下所配置的VLAN标识来确定对该报文的处理方式。The packet should contain at least the VLAN information of the packet. The VLAN information can be used to determine the processing mode of the packet according to the VLAN identifier configured on the port that receives the packet.
处理模块404根据报文中携带的VLAN信息以及传输报文的端口下配置的VLAN标识确定针对该报文的处理方式,并对报文进行相应的处理。The processing module 404 determines the processing mode of the packet according to the VLAN information carried in the packet and the VLAN identifier configured on the port for transmitting the packet, and performs corresponding processing on the packet.
在网络设备中,硬件转发表中存储了一些目的地信息对应的报文转发规则,这里的目的地信息包括报文的目的IP或者目的MAC地址。以目的地信息为IP地址为例,对于目的地信息为“125.120.218.106”的报文,在硬件转发表中存储的转发规则是从port4传输出去;以目的地信息为MAC地址为例,对于目的MAC为“00-01-6C-06-A6-29”的报文,则从网络设备的port7输出。所以,网络设备的端口接收到一个报文后,可以通过将报文中携带的报文目的地信息到硬件转发表中进行查询,如果发现硬件转发表中已经记录了对应于该报文目的地信息的转发规则,那么网络设备可以直接将该报文按照硬件转发表中的转发规则传输出去。而对于那些无法从硬件转发表中查询到转发规则的报文,即硬件转发表中没有记录转发规则的报文,我们称之为“未知单播”。In the network device, the hardware forwarding table stores some packet forwarding rules corresponding to the destination information, where the destination information includes the destination IP address or the destination MAC address of the packet. Taking the destination information as an IP address as an example, for a packet whose destination information is "125.120.218.106", the forwarding rule stored in the hardware forwarding table is transmitted from port 4; taking the destination information as a MAC address as an example, If the destination MAC address is "00-01-6C-06-A6-29", the packet is output from port 7 of the network device. Therefore, after receiving a packet, the port of the network device can query the destination information of the packet carried in the packet to the hardware forwarding table. If it is found that the destination of the packet has been recorded in the hardware forwarding table. The forwarding rule of the information, the network device can directly transmit the packet according to the forwarding rule in the hardware forwarding table. For those packets that cannot be queried from the hardware forwarding table, that is, packets that do not record forwarding rules in the hardware forwarding table, we call it "unknown unicast."
在交换机工作原理中,当交换机启动时,其硬件转发表是空的,所以 如果此时主机A通过该交换机发送一个报文给主机B,那么当交换机接收到此报文时,并不能确定主机B在哪个端口上(因为硬件转发表中没有主机B的MAC或者IP地址),所以这个报文就是未知单播报文。In the working principle of the switch, when the switch starts, its hardware forwarding table is empty, so If host A sends a packet to host B through the switch at this time, when the switch receives the packet, it cannot determine which port the host B is on (because there is no MAC or IP address of host B in the hardware forwarding table) , so this message is an unknown unicast message.
对于未知单播报文,传统域的处理方式是对报文进行洪泛(Flooding)处理。泛洪是交换机和网桥使用的一种数据流传递技术,将某个接口收到的数据流从除该接口之外的所有接口发送出去。For an unknown unicast packet, the traditional domain is processed by flooding the packet. Flooding is a data stream delivery technology used by switches and bridges to send data streams received by an interface from all interfaces except the interface.
根据该报文中携带的VLAN信息获取到该报文的虚拟转发实例,虚拟转发实例与报文中的VLAN信息对应,同时,它也与配置有与该VLAN信息对应的VLAN标识的端口对应,虚拟转发实例与端口之间的对应关系可以是一对一,但更多的情况是一对多。例如,一个报文中携带的VLAN信息为VLAN3,根据VLAN3可以获取到一个虚拟转发实例A,该虚拟转发实例A与网络设备中所有配置了VLAN3这个VLAN标识的端口对应。因此,可以通过虚拟转发实例作为媒介,获取到网络设备中所有具有VLAN3标识的端口的信息。例如,在网络设备中,端口1、端口7、端口8都具备VLAN3这个VLAN标识,所以,端口1、端口7、端口8都是与报文中VLAN信息相关联的端口,这些端口也都可以作为报文的洪泛出口。Obtaining a virtual forwarding instance of the packet according to the VLAN information carried in the packet, the virtual forwarding instance corresponding to the VLAN information in the packet, and corresponding to the port configured with the VLAN identifier corresponding to the VLAN information. The correspondence between the virtual forwarding instance and the port can be one-to-one, but more often than one-to-many. For example, the VLAN information carried in a packet is VLAN 3. According to VLAN 3, a virtual forwarding instance A can be obtained. The virtual forwarding instance A corresponds to all the ports in the network device configured with the VLAN ID of VLAN 3. Therefore, the information of all the ports with the VLAN 3 identifier in the network device can be obtained through the virtual forwarding instance as a medium. For example, in a network device, port 1, port 7, and port 8 all have the VLAN ID of VLAN 3. Therefore, port 1, port 7, and port 8 are the ports associated with the VLAN information in the packet. As a flood of exports of messages.
而SDN域对未知单播报文的处理方式则与传统域有些不同,SDN端口通常会利用SDN域的协议对该报文进行封装,然后传输给控制器,由控制器根据一系列的算法进行处理计算后确定针对该报文的转发处理规则。然后在接收到控制器下发的转发处理规则之后,可以根据该转发处理规则对报文进行对应的转发处理。The SDN domain processes the unknown unicast packets differently from the traditional ones. The SDN port usually encapsulates the packets by using the protocol of the SDN domain, and then transmits the packets to the controller. The controller processes the packets according to a series of algorithms. After the calculation, the forwarding processing rule for the message is determined. Then, after receiving the forwarding processing rule sent by the controller, the packet may be forwarded according to the forwarding processing rule.
由于现有技术中,网络设备的每个端口仅处理一类业务,要么是SDN域的业务,要么是传统域的业务,所以每一个端口也只会接收到自己可以处理的那类业务的相关报文。而本实施例中因为给一个端口同时配置了SDN域VLAN标识和传统域VLAN标识,所以一个端口可以承载SDN域和传统域两类业务,正是因为如此,所以本实施例中网络设备的端口接 收到的报文可能不再单纯是SDN域的报文或者单纯是传统域的报文了。但针对这两类报文的处理方式有很大的不同。因此,在本实施例中,在接收到网络设备的端口传输的报文之后,需要确定针对该报文的处理方式,应当理解的是,确定针对报文的处理方式实际上就是对报文的类型进行区分。In the prior art, each port of the network device processes only one type of service, either an SDN domain service or a traditional domain service, so each port only receives the related services of the type that can be processed by itself. Message. In this embodiment, the SDN domain VLAN identifier and the traditional domain VLAN identifier are configured for one port at the same time. Therefore, one port can carry two types of services, that is, the SDN domain and the traditional domain. Therefore, the port of the network device in this embodiment is used. Connect The received packet may no longer be simply a message in the SDN domain or a message in the traditional domain. However, the processing of these two types of messages is very different. Therefore, in this embodiment, after receiving the packet transmitted by the port of the network device, it is necessary to determine the processing manner for the packet, and it should be understood that determining the processing manner for the packet is actually the packet. Types are distinguished.
首先,假定给网络设备一个端口配置了VLAN3~VLAN9的SDN域VLAN,同时还配置了VLAN13~VLAN19的传统域VLAN;在此基础上,如果该端口接收到的报文中携带的VLAN信息为VLAN1,则该网络设备无法对这个报文进行处理,因此,可以直接将该报文丢弃。First, it is assumed that the SDN domain VLAN of VLAN 3 to VLAN 9 is configured for a port of the network device, and the traditional domain VLAN of VLAN 13 to VLAN 19 is also configured. On the basis of this, the VLAN information carried in the packet received by the port is VLAN 1. The network device cannot process the packet. Therefore, the packet can be directly discarded.
若接收到的报文中间携带的VLAN信息为VLAN7,则进一步判断该报文是否是未知单播的数据报文。判断一个报文是否是未知单播的数据报文主要可以分为两个过程:If the VLAN information carried in the received packet is VLAN 7, the device further determines whether the packet is an unknown unicast data packet. Determining whether a packet is an unknown unicast data packet can be mainly divided into two processes:
一、判断报文是否是数据报文。这个判断过程可以根据报文中包含的协议标识和访问控制列表进行。任何一个报文中都携带有协议标识,如果一个报文是数据报文,则其携带的可能就是比较普通的TCP协议标识或者UDP协议标识,而如果其为协议报文,那么其携带的协议标识就不再是这些普通的TCP协议标识或UDP协议标识了。在访问控制列表中保存了比较特殊的那一类协议标识,当获取到报文中携带的协议标识之后,可以在访问控制列表中进行查找,确定报文中携带的协议标识在访问控制列表中是否存在。如果访问控制列表中存在该报文携带的协议标识,则说明该报文为协议报文,对于协议报文的处理方式比较简单,可以控制直接将其发送给网络设备的CPU,由CPU将其发送至网络设备中的协议栈模块进行处理;如果访问控制列表中不存在对应的协议标识,则说明该报文为数据报文。1. Determine whether the message is a data message. This judgment process can be performed according to the protocol identifier and the access control list included in the message. Any packet carries a protocol identifier. If a packet is a data packet, it may carry a relatively common TCP protocol identifier or a UDP protocol identifier. If it is a protocol packet, the protocol it carries is The identity is no longer the normal TCP protocol identifier or UDP protocol identifier. A specific type of protocol identifier is stored in the ACL. After obtaining the protocol identifier carried in the packet, the ACL can be searched in the ACL to determine that the protocol identifier carried in the packet is in the ACL. does it exist. If the protocol identifier of the packet exists in the ACL, the packet is a protocol packet. The protocol packet is processed in a simple manner. You can control the CPU directly to send it to the CPU of the network device. The protocol is sent to the protocol stack module in the network device for processing. If the corresponding protocol identifier does not exist in the ACL, the packet is a data packet.
二、判断该报文是否是未知单播的报文。在前面已经介绍过硬件转发表了,在硬件转发表当中以目的地信息作为单位,存储了发送到这些目的地的报文的转发规则。所以当接收到一个报文的时候,还可以根据报文中 携带的目的地信息,在硬件转发表中查找报文中携带的目的地信息是否存在,如果存在,则说明该报文不是未知单播报文,可以直接由网络设备进行普通的转发处理;如果在硬件转发表中不存在该报文携带的目的地信息,那么就说明网络设备当前还不知道应当将该报文转发到哪一个具体的端口上,因此,该报文属于未知单播报文。2. Determine whether the message is an unknown unicast message. The hardware forwarding table has been introduced in the foregoing, and the forwarding rules of the messages sent to these destinations are stored in the hardware forwarding table in units of destination information. Therefore, when receiving a message, it can also be based on the message. The destination information is carried in the hardware forwarding table to check whether the destination information carried in the packet exists. If it exists, the packet is not an unknown unicast packet, and can be directly forwarded by the network device; If the destination information of the packet does not exist in the hardware forwarding table, the network device does not know which port to forward the packet to. The packet belongs to the unknown unicast packet.
可以理解的是,在本实施例中,确定报文为数据报文和确定报文为未知单播报文的过程没有严格的时序限制。可以依次确定,也可以同时确定。It can be understood that, in this embodiment, there is no strict time limit for determining that the message is a data message and the process of determining that the message is an unknown unicast message. It can be determined sequentially or simultaneously.
当确定报文属于未知单播的数据报文之后,可以根据报文中的VLAN信息与传输该报文的端口下的VLAN标识确定该报文属于SDN域还是传统域。确定的方式可以是将该报文中的VLAN信息与端口下的SDN域的VLAN标识进行匹配,如果匹配成功则说明该报文属于SDN域,如果匹配不成功,则说明该报文属于传统域。同样的,也可以将该报文的VLAN信息与端口下的传统域VLAN标识进行匹配,如果匹配成功则说明该报文属于传统域,否则,该报文属于SDN域。After determining that the packet belongs to an unknown unicast data packet, the packet may be determined to belong to the SDN domain or the legacy domain according to the VLAN information in the packet and the VLAN identifier of the port transmitting the packet. The method may be that the VLAN information in the packet matches the VLAN identifier of the SDN domain in the packet. If the matching succeeds, the packet belongs to the SDN domain. If the matching is unsuccessful, the packet belongs to the traditional domain. . Similarly, the VLAN information of the packet can be matched with the traditional domain VLAN identifier of the port. If the match is successful, the packet belongs to the traditional domain. Otherwise, the packet belongs to the SDN domain.
对与那些属于SDN域的报文,处理模块404可以按照SDN域对未知单播的数据报文的处理方式进行处理:For the packets belonging to the SDN domain, the processing module 404 can process the processing manner of the unknown unicast data packet according to the SDN domain:
处理模块404利用SDN域的协议对报文进行封装处理后传输给控制器。The processing module 404 encapsulates the packet by using the protocol of the SDN domain and transmits the packet to the controller.
一般,在确定报文属于SDN域的未知单播数据报文之后,处理模块404会将该报文上送至网络设备中的协议栈模块,由协议栈模块中的SDN协议栈根据SDN域协议对报文进行封装处理,加上上层协议标记之后传输给控制器。SDN协议主要包括OpenFlow等。Generally, after determining that the packet belongs to the unknown unicast data packet of the SDN domain, the processing module 404 sends the packet to the protocol stack module in the network device, and the SDN protocol stack in the protocol stack module is based on the SDN domain protocol. The packet is encapsulated, and the upper layer protocol tag is added to the controller. The SDN protocol mainly includes OpenFlow and the like.
控制器在接收到经封装处理的报文之后,会根据一系列的算法或者处理规则确定出该报文应当如何发送至其目的地。这些转发规则会被包含在处理表中下发至网络设备。处理模块404接收控制器发送的针对报文的处理表。After receiving the encapsulated message, the controller determines how the message should be sent to its destination according to a series of algorithms or processing rules. These forwarding rules are included in the processing table and delivered to the network device. The processing module 404 receives a processing table for the message sent by the controller.
处理模块404根据处理表对报文进行转发并将处理表中包含的信息更 新至硬件转发表。The processing module 404 forwards the message according to the processing table and further includes information included in the processing table. New to hardware forwarding table.
处理模块404获取到处理表之后,可以根据处理表中包含的转发规则将报文发送出,例如在处理表中指示该目的地信息为A的报文应当网络设备的3号端口发送出去,则根据指示将报文传输至3号端口上。对于SDN域内所有的目的地信息为A的数据报文,以后都可以根据该转发规则从3号端口进行外发,因此,为了便于后续网络设备对后续报文的处理,处理模块404可以将该处理表更新至硬件转发表中,当后续过程中再次出现目的地信息同样为A的报文后,可以根据该目的地信息A对应的转发规则对报文进行处理。After the processing module 404 obtains the processing table, the packet may be sent according to the forwarding rule included in the processing table. For example, if the packet indicating that the destination information is A in the processing table should be sent by the port 3 of the network device, Transfer the message to port 3 according to the instructions. For all the data packets whose destination information is A in the SDN domain, the data packet can be forwarded from port 3 according to the forwarding rule. Therefore, in order to facilitate subsequent network device processing of subsequent packets, the processing module 404 can The processing table is updated to the hardware forwarding table. After the packet whose destination information is also A is reappeared in the subsequent process, the packet can be processed according to the forwarding rule corresponding to the destination information A.
对与那些属于传统域的报文,处理模块404可以按照传统域对未知单播的数据报文的处理方式进行处理:For the packets that belong to the traditional domain, the processing module 404 can process the processing manner of the unknown unicast data packet according to the traditional domain:
处理模块404根据报文包含的VLAN信息获取对应的虚拟转发实例。The processing module 404 obtains a corresponding virtual forwarding instance according to the VLAN information included in the packet.
在网络设备,例如,交换机当中,可以交换芯片可以从转发控制模块获取虚拟转发实例,如果在一个交换机当中,各个端口的VLAN标识不同,那么在获取虚拟转发实例的时候,可以仅根据报文中包含的VLAN信息进行。如果一个交换机的两个端口分别是SDN端口和传统端口,而这两个端口下配置有相同的VLAN标识,那么在获取虚拟转发实例的时候,可以根据报文中的VLAN信息和接收该报文的端口的标识信息来获取虚拟转发实例,便于转发控制模块根据端口的标识信息确定该报文到底是由SDN端口接收的,还是由传统端口接收的,从而根据实际情况为该报文分配虚拟转发实例。In a network device, for example, a switch, the switchable chip can obtain a virtual forwarding instance from the forwarding control module. If the VLAN identifier of each port is different in a switch, the virtual forwarding instance can be obtained only according to the packet. The included VLAN information is carried out. If the two ports of a switch are the SDN port and the traditional port, and the two ports are configured with the same VLAN ID, you can obtain the virtual forwarding instance based on the VLAN information in the packet and receive the packet. The identification information of the port is used to obtain the virtual forwarding instance. The forwarding control module determines whether the packet is received by the SDN port or received by the traditional port according to the identification information of the port, so that the packet is allocated virtual forwarding according to the actual situation. Example.
虚拟转发实例与报文中的VLAN信息对应,同时,它也与配置有与该VLAN信息对应的VLAN标识的端口对应,虚拟转发实例与端口之间的对应关系可以是一对一,但更多的情况是一对多。处理模块404根据虚拟转发实例确定作为该报文洪泛出口的端口。The virtual forwarding instance corresponds to the VLAN information in the packet. It also corresponds to the port configured with the VLAN ID corresponding to the VLAN information. The mapping between the virtual forwarding instance and the port can be one-to-one, but more The situation is one-to-many. The processing module 404 determines, as the virtual forwarding instance, a port that is a flooding outlet of the packet.
在SDN域对未知单播的数据报文的处理方式中,会利用SDN域的协议对报文进行封装处理,而封装处理的这个过程一般都会由网络设备的 CPU来执行,因此,当确定报文属于SDN域对未知单播的数据报文时,也可以到转发控制模块上去获取对应的虚拟转发实例,只是这个虚拟转发实例中会指示报文的洪泛出口为CPU。In the SDN domain, the SDN domain protocol is used to encapsulate the packet processing, and the process of encapsulation processing is generally performed by the network device. The CPU performs the process. Therefore, when it is determined that the packet belongs to the SDN domain and the unknown unicast data packet, the forwarding control module may also obtain the corresponding virtual forwarding instance, but the virtual forwarding instance indicates the flooding of the packet. The exit is CPU.
最后,处理模块404将报文洪泛到确定出各端口上。Finally, processing module 404 floods the message to determine each port.
在上面的介绍当中,本发明给出了一种给SDN端口和传统端口配置相同VLAN标识的方案,在该方案当中,不同的端口下配置相同的VLAN,可以有效节约VLAN资源,提高资源利用率。In the above description, the present invention provides a scheme for configuring the same VLAN identifier for an SDN port and a legacy port. In this solution, the same VLAN is configured on different ports, which can effectively save VLAN resources and improve resource utilization. .
在网络设备中,底层的交换芯片会在接收到的报文之后该报文的MAC信息或者是路由信息,然后将学习消息上报至上层软件,由上层软件进行处理,但是对于SDN域而言,不需要这种学习消息是不必要的,因此,可以直接丢弃。所以,在本实施例中,当接收到学习消息之后,处理模块404可以先判断该学习消息是否是SDN域的,如果是,则直接丢弃,如果否,则将学习消息交给上层软件进行处理。In the network device, the underlying switching chip will report the MAC information or routing information of the packet after receiving the message, and then report the learning message to the upper layer software for processing by the upper layer software, but for the SDN domain, It is not necessary to need such a learning message, and therefore, it can be discarded directly. Therefore, in this embodiment, after receiving the learning message, the processing module 404 may first determine whether the learning message is an SDN domain, and if so, discard it directly, and if not, hand the learning message to the upper layer software for processing. .
本实施例中提供的报文处理装置40可以部署在交换机或者路由器上,其中接收模块402可以由交换机或者路由器中的交换芯片来实现,而处理模块404则可以由交换机或者路由器中的交换芯片与CPU共同实现。在本实施例中,控制器可以是一种物理设备,或者是运行在通用服务器上的应用程序。The packet processing apparatus 40 provided in this embodiment may be deployed on a switch or a router, where the receiving module 402 may be implemented by a switch chip in a switch or a router, and the processing module 404 may be replaced by a switch chip in a switch or a router. The CPU is implemented together. In this embodiment, the controller may be a physical device or an application running on a general purpose server.
本实施例提供的报文处理装置40,在一个端口下可以同时配置SDN域VLAN标识和传统域VLAN标识,在接收到端口传输的报文时,根据报文中携带的VLAN信息与对应的端口下配置的VLAN标识确定针对该报文的处理方式。这种方式使得网络设备上的同一个端口可以同时处理SDN域的业务和传统域的业务,不需要再分别为SDN域的业务和传统域的业务分别设置对应的端口,从而节约了网络设备的端口资源,实现了资源的优化配置,有利于网络应用灵活性的提高。The packet processing apparatus 40 of the present embodiment can simultaneously configure the SDN domain VLAN identifier and the traditional domain VLAN identifier on one port, and according to the VLAN information and the corresponding port carried in the packet when receiving the packet transmission packet. The VLAN ID configured below determines how the packet is processed. In this way, the same port on the network device can process the service of the SDN domain and the service of the traditional domain at the same time, and the corresponding port is not separately set for the service of the SDN domain and the service of the traditional domain, thereby saving the network device. The port resource realizes the optimal configuration of resources, which is beneficial to the improvement of network application flexibility.
实施例三:Embodiment 3:
下面结合具体的示例对实施例一中的报文处理方法和实施例二提供 的报文处理装置进行说明,本实施例中的网络设备以交换机为例,但本领域技术人员应当明白的是,网络设备也可以是路由器,图5示出的是本实施例中交换机的一种结构示意图:The message processing method and the second embodiment in the first embodiment are provided below with reference to specific examples. The packet processing device is described. The network device in this embodiment takes a switch as an example. However, those skilled in the art should understand that the network device may also be a router. FIG. 5 shows a switch in this embodiment. Schematic diagram of the structure:
交换机5中包括交换芯片51和CPU52,交换芯片51通过端口接收外界设备传输的报文。交换机提供配置接口,用户可以从配置接口下发对该交换机5的配置,例如,用户可以在交换芯片5的一个端口511下既配置SDN域的VLAN标识,也同时配置传统域的VLAN标识。The switch 5 includes a switch chip 51 and a CPU 52. The switch chip 51 receives the message transmitted by the external device through the port. The switch provides a configuration interface. The user can configure the configuration of the switch 5 from the configuration interface. For example, the user can configure the VLAN ID of the SDN domain and the VLAN ID of the traditional domain on one port 511 of the switch chip 5.
下面结合图6对本实施例中交换机对报文的处理进行说明:The following describes the processing of the packet by the switch in this embodiment with reference to FIG. 6:
S601、端口511接收报文。S601. The port 511 receives the packet.
端口511接收到报文之后,交换芯片51可以提取报文中包含的VLAN信息。After receiving the packet, the switch chip 51 can extract the VLAN information contained in the packet.
S602、交换芯片51判断提取出的VLAN信息在端口511的配置中是否存在。S602. The switch chip 51 determines whether the extracted VLAN information exists in the configuration of the port 511.
若存在,则执行S603,若不存在,则执行S604。If yes, execute S603, if not, execute S604.
S603、交换芯片51判断报文是否是数据报文。S603. The switch chip 51 determines whether the message is a data message.
如果端口511下存在与报文中携带的VLAN信息对应的VLAN标识,则可以根据报文中包含的协议标识和访问控制列表判断报文是否是数据报文。若是,则执行S605,否则,执行S606。If the VLAN ID corresponding to the VLAN information carried in the packet exists on the port 511, the device can determine whether the packet is a data packet according to the protocol identifier and the access control list included in the packet. If yes, execute S605, otherwise, execute S606.
S604、交换芯片51将报文丢弃。S604. The switch chip 51 discards the packet.
如果报文中携带的VLAN信息在端口511下没有配置,则交换机无法对这个报文进行处理,因此,可以直接将该报文丢弃。If the VLAN information carried in the packet is not configured on port 511, the switch cannot process the packet. Therefore, the packet can be directly discarded.
S605、交换芯片51判断该报文是否是未知单播的报文。S605. The switch chip 51 determines whether the message is an unknown unicast message.
如果报文是数据报文,则需要进一步根据硬件转发表和报文中携带的目的地信息判断该数据报文是否是未知单播的报文,若是,则执行S607,否则,执行S608。If the packet is a data packet, the device further determines whether the data packet is an unknown unicast packet according to the destination information carried in the hardware forwarding table and the packet. If yes, execute S607; otherwise, execute S608.
S606、交换芯片51将该报文上送至CPU。 S606. The switch chip 51 sends the message to the CPU.
如果报文是不是数据报文,那就说明该报文为协议报文,对于协议报文的处理方式比较简单,可以控制直接将其发送给网络设备的CPU。If the packet is a data packet, it indicates that the packet is a protocol packet. The protocol packet is processed in a simple manner and can be directly sent to the CPU of the network device.
S607、交换芯片51根据报文中的VLAN信息与传输该报文的端口下的VLAN标识判断该报文是否属于SDN域。S607. The switch chip 51 determines whether the packet belongs to the SDN domain according to the VLAN information in the packet and the VLAN identifier of the port that transmits the packet.
进行判断的时候,可以是将该报文中的VLAN信息与端口下的SDN域的VLAN标识进行匹配,如果匹配成功则说明该报文属于SDN域,执行步骤如果匹配不成功,则说明该报文属于传统域。When the judgment is made, the VLAN information in the packet is matched with the VLAN ID of the SDN domain in the packet. If the matching succeeds, the packet belongs to the SDN domain. If the matching is unsuccessful, the packet is reported. The text belongs to the traditional domain.
S608、交换芯片51根据硬件转发表对报文进行转发。S608. The switch chip 51 forwards the packet according to the hardware forwarding table.
如果交换芯片51确定硬件转发表中已经记录了该报文目的地信息的转发规则,则可以直接根据对应的转发规则进行转发处理。If the switching chip 51 determines that the forwarding rule of the packet destination information has been recorded in the hardware forwarding table, the forwarding process may be directly performed according to the corresponding forwarding rule.
S609、交换芯片对报文进行洪泛。S609. The switch chip floods the packet.
如果判断结果表明报文属于SDN域,则可以将该报文上报给CPU。上报的时候,如果报文属于二层业务,则根据ACL(Access Control List,访问控制列表ACL)进行,如果是三层业务,则通过路由进行。如果判断结果为否,则说明该报文属于传统域,可以直接根据传统域对未知单播的数据报文的处理方式对报文进行洪泛。If the result of the judgment indicates that the packet belongs to the SDN domain, the packet can be reported to the CPU. If the packet is a Layer 2 service, it is based on the ACL (Access Control List ACL). If it is a Layer 3 service, it is routed. If the result of the judgment is no, the packet belongs to the traditional domain, and the packet can be directly flooded according to the processing manner of the unknown unicast data packet.
S610、CPU判断根据报文中的VLAN信息与传输该报文的端口下的VLAN标识判断该报文是否属于SDN域。S610: The CPU determines, according to the VLAN information in the packet and the VLAN identifier of the port that transmits the packet, whether the packet belongs to the SDN domain.
由于上报到CPU的报文并非都是SDN域的未知单播的数据报文,也可能是传统域的协议报文,因此,CPU在进行封装处理之前需要先进行判断,当判断结果为是,则执行S611。The packets reported to the CPU are not all unicast data packets of the SDN domain, and may be protocol packets of the traditional domain. Therefore, the CPU needs to judge before performing the encapsulation process. When the judgment result is yes, Then execute S611.
S611、CPU利用SDN域的协议对报文进行封装。S611. The CPU encapsulates the packet by using a protocol of the SDN domain.
常见的封装协议可以采用OpenFlow协议进行。Common encapsulation protocols can be performed using the OpenFlow protocol.
S612、CPU将报文发送给控制器6。S612. The CPU sends the message to the controller 6.
控制器6接收到封装的报文后,会根据一系列的算法或者处理规则确定出该报文应当如何发送至其目的地。这些转发规则会被包含在处理表中 下发至CPU中转发控制模块。After receiving the encapsulated message, the controller 6 determines how the message should be sent to its destination according to a series of algorithms or processing rules. These forwarding rules will be included in the processing table It is sent to the forwarding control module in the CPU.
S613、根据控制器下发的转发规则对报文进行转发,同时更新硬件转发表。S613. Forward the packet according to the forwarding rule sent by the controller, and update the hardware forwarding table.
图7为本实施例提供的报文处理方法的一种运用场景:服务器71和服务器72分别单网卡接入网络设备73和网络设备74,与网络设备73和74的连接口为SDN口,服务器71与72的业务流量的转发控制走SDN控制平面,与此同时服务器71与72访问存储网络也通过SDN实例口接入,但这部分流量走传统控制平面不受SDN控制器控制。由于服务器71和72通过单网卡接入,所以网络设备73和网络设备74与服务器71及72的连接口既要走SDN控制面也要走传统平面控制面。FIG. 7 is an application scenario of the packet processing method provided by the embodiment: the server 71 and the server 72 respectively access the network device 73 and the network device 74, and the connection ports of the network devices 73 and 74 are SDN ports, and the server The forwarding of service traffic of 71 and 72 is controlled by the SDN control plane. At the same time, the servers 71 and 72 access the storage network and also access through the SDN instance port, but this part of the traffic goes away from the traditional control plane and is not controlled by the SDN controller. Since the servers 71 and 72 are accessed through a single network card, the connection ports of the network device 73 and the network device 74 and the servers 71 and 72 must follow the traditional plane control plane from the SDN control plane.
本实施例提供的报文处理方法和装置,能做到同一个端口既受传统的协议层控制,又能够受控制器的控制,节省端口资源,同时大大增加SDN交换机在一些场景中应用的灵活性。The packet processing method and device provided in this embodiment can ensure that the same port is controlled by the traditional protocol layer and can be controlled by the controller, which saves port resources and greatly increases the flexibility of application of the SDN switch in some scenarios. Sex.
显然,本领域的技术人员应该明白,上述本发明实施例的各模块或各步骤可以用通用的计算装置来实现,它们可以集中在单个的计算装置上,或者分布在多个计算装置所组成的网络上,可选地,它们可以用计算装置可执行的程序代码来实现,从而,可以将它们存储在计算机存储介质(ROM/RAM、磁碟、光盘)中由计算装置来执行,并且在某些情况下,可以以不同于此处的顺序执行所示出或描述的步骤,或者将它们分别制作成各个集成电路模块,或者将它们中的多个模块或步骤制作成单个集成电路模块来实现。所以,本发明不限制于任何特定的硬件和软件结合。Obviously, those skilled in the art should understand that the modules or steps of the above embodiments of the present invention can be implemented by a general computing device, which can be concentrated on a single computing device or distributed among multiple computing devices. On the network, optionally, they may be implemented by program code executable by the computing device, such that they may be stored in a computer storage medium (ROM/RAM, disk, optical disk) by a computing device, and at some In some cases, the steps shown or described may be performed in an order different than that herein, or they may be separately fabricated into individual integrated circuit modules, or a plurality of modules or steps may be fabricated into a single integrated circuit module. . Therefore, the invention is not limited to any particular combination of hardware and software.
以上内容是结合具体的实施方式对本发明实施例所作的进一步详细说明,不能认定本发明的具体实施只局限于这些说明。对于本发明所属技术领域的普通技术人员来说,在不脱离本发明构思的前提下,还可以做出若干简单推演或替换,都应当视为属于本发明的保护范围。 The above is a detailed description of the embodiments of the present invention in conjunction with the specific embodiments, and the specific embodiments of the present invention are not limited to the description. It will be apparent to those skilled in the art that the present invention may be made without departing from the spirit and scope of the invention.
工业实用性Industrial applicability
如上所述,本发明实施例提供的一种数据报文处理方法及装置具有以下有益效果:使得网络设备上的同一个端口可以同时处理SDN域的业务和传统域的业务,不需要再分别为SDN域的业务和传统域的业务分别设置对应的端口,从而节约了网络设备的端口资源,实现了资源的优化配置。 As described above, the data packet processing method and apparatus provided by the embodiment of the present invention have the following beneficial effects: the same port on the network device can simultaneously process the service of the SDN domain and the service of the traditional domain, and need not be separately The services of the SDN domain and the services of the traditional domain are respectively set to corresponding ports, thereby saving port resources of the network device and realizing optimal resource configuration.

Claims (11)

  1. 一种报文处理方法,包括:A packet processing method includes:
    接收网络设备的端口传输的报文,所述端口下同时配置有SDN域VLAN标识和传统域VLAN标识,所述报文中携带有VLAN信息;Receiving the packet transmitted by the port of the network device, the port is configured with the SDN domain VLAN identifier and the traditional domain VLAN identifier, and the packet carries the VLAN information.
    根据所述报文中携带的VLAN信息以及所述端口下配置的VLAN标识确定针对所述报文的处理方式,并对所述报文进行相应的处理。The processing manner of the packet is determined according to the VLAN information carried in the packet and the VLAN identifier configured on the port, and the packet is processed accordingly.
  2. 如权利要求1所述的报文处理方法,其中,所述根据所述报文中携带的VLAN信息以及所述端口下配置的VLAN标识确定针对所述报文的处理方式,并对所述报文进行相应的处理包括:The packet processing method according to claim 1, wherein the determining the processing manner of the packet according to the VLAN information carried in the packet and the VLAN identifier configured on the port, and the report The corresponding processing of the text includes:
    确定所述报文是未知单播的数据报文;Determining that the packet is an unknown unicast data packet;
    根据所述报文中的VLAN信息与所述端口下的VLAN标识确定所述报文属于SDN域;Determining that the packet belongs to an SDN domain according to the VLAN information in the packet and the VLAN identifier of the port;
    对所述报文按照SDN域未知单播的数据报文的处理方式进行处理。The packet is processed according to the processing manner of the data message that is unknown to the unicast unicast.
  3. 如权利要求2所述的报文处理方法,其中,所述对所述报文按照SDN域未知单播的数据报文的处理方式进行处理包括:The packet processing method according to claim 2, wherein the processing of the processing manner of the data packet in which the packet is not unicast according to the SDN domain includes:
    利用SDN域的协议对所述报文进行封装处理后传输给控制器;The packet is encapsulated and processed by the protocol of the SDN domain and then transmitted to the controller;
    接收所述控制器发送的针对所述报文的处理表,所述处理表中包括所述报文的目的地信息以及与所述目的地信息对应的报文转发规则;Receiving, by the controller, a processing table for the packet, where the processing table includes destination information of the packet and a packet forwarding rule corresponding to the destination information;
    根据所述处理表对所述报文进行转发并将所述处理表中包含的信息更新至硬件转发表,当报文中携带的目的地信息在所述硬件转发表中存在时,确定所述报文不属于未知单播报文。And forwarding, according to the processing table, the packet, and updating information included in the processing table to a hardware forwarding table, where the destination information carried in the packet exists in the hardware forwarding table, determining the The packet does not belong to an unknown unicast packet.
  4. 如权利要求1所述的报文处理方法,其中,所述根据所述报文中携带的VLAN信息以及所述端口下配置的VLAN标识确定针对所述报文的处理方式,并对所述报文进行相应的处理包括:The packet processing method according to claim 1, wherein the determining the processing manner of the packet according to the VLAN information carried in the packet and the VLAN identifier configured on the port, and the report The corresponding processing of the text includes:
    确定所述报文是未知单播的数据报文; Determining that the packet is an unknown unicast data packet;
    根据所述报文中的VLAN信息与所述端口下的VLAN标识确定所述报文属于传统域;Determining, according to the VLAN information in the packet and the VLAN identifier in the port, that the packet belongs to a traditional domain;
    对所述报文按照传统域未知单播的数据报文的处理方式进行处理。The packet is processed according to the processing manner of the data packet whose unicast is unknown in the traditional domain.
  5. 如权利要求4所述的报文处理方法,其中,所述对所述报文按照传统域未知单播的数据报文的处理方式进行处理包括:The packet processing method according to claim 4, wherein the processing of the processing manner of the data packet according to the traditional domain unknown unicast includes:
    根据所述报文包含的VLAN信息获取对应的虚拟转发实例,所述虚拟转发实例用于根据所述VLAN信息确定所述报文的洪泛出口,所述洪泛出口为配置有与所述VLAN信息对应的VLAN标识的端口;Acquiring a corresponding virtual forwarding instance according to the VLAN information included in the packet, where the virtual forwarding instance is configured to determine a flooding outlet of the packet according to the VLAN information, where the flooding outlet is configured with the VLAN The port of the VLAN ID corresponding to the information;
    将所述报文洪泛到各所述端口。Flooding the message to each of the ports.
  6. 如权利要求5所述的报文处理方法,其中,当传统域的端口和SDN域的端口具有相同的VLAN标识时,根据所述报文包含的VLAN信息和接收所述报文的端口的标识信息获取对应的虚拟转发实例,所述端口标识信息用于表征接收所述报文的端口为传统域端口或SDN域端口。The packet processing method according to claim 5, wherein when the port of the legacy domain and the port of the SDN domain have the same VLAN identifier, the VLAN information included in the packet and the identifier of the port receiving the packet are The information is obtained by the corresponding virtual forwarding instance. The port identification information is used to indicate that the port that receives the packet is a traditional domain port or an SDN domain port.
  7. 如权利要求2-6任一项所述的报文处理方法,其中,所述确定所述报文是未知单播的数据报文包括:The packet processing method according to any one of claims 2-6, wherein the determining that the message is an unknown unicast data message comprises:
    提取所述报文包含的协议标识和目的地信息,所述目的地信息包括MAC地址与路由中的任意一种;Extracting a protocol identifier and destination information included in the packet, where the destination information includes any one of a MAC address and a route;
    在访问控制列表中查找所述协议标识;Finding the protocol identifier in the access control list;
    在硬件转发表中查找所述目的地信息;Finding the destination information in a hardware forwarding table;
    若所述访问控制列表中不包含所述协议标识,且所述硬件转发表中不包含所述目的地信息,则判定所述报文为未知单播的数据报文。And if the protocol identifier is not included in the access control list, and the destination information is not included in the hardware forwarding table, determining that the packet is an unknown unicast data packet.
  8. 一种报文处理装置,包括:A message processing device comprising:
    接收模块,设置为接收网络设备的端口传输的报文,所述端口下同时配置有SDN域VLAN标识和传统域VLAN标识,所述报文中携 带有VLAN信息;a receiving module, configured to receive a packet transmitted by a port of the network device, where the port is configured with an SDN domain VLAN identifier and a legacy domain VLAN identifier, where the packet carries With VLAN information;
    处理模块,设置为根据所述报文中携带的VLAN信息以及所述端口下配置的VLAN标识确定针对所述报文的处理方式,并对所述报文进行相应的处理。The processing module is configured to determine a processing manner of the packet according to the VLAN information carried in the packet and the VLAN identifier configured on the port, and perform corresponding processing on the packet.
  9. 如权利要求8所述的报文处理装置,其中,所述处理模块设置为确定所述报文是未知单播的数据报文;根据所述报文中的VLAN信息与所述端口下的VLAN标识确定所述报文属于SDN域;对所述报文按照SDN域未知单播的数据报文的处理方式进行处理。The packet processing apparatus according to claim 8, wherein the processing module is configured to determine that the message is an unknown unicast data message; and according to VLAN information in the packet and a VLAN under the port The identifier determines that the packet belongs to the SDN domain, and processes the packet according to the processing manner of the data packet whose SDN domain is unknown unicast.
  10. 如权利要求8所述的报文处理装置,其中,所述处理模块设置为确定所述报文是未知单播的数据报文;根据所述报文中的VLAN信息与所述端口下的VLAN标识确定所述报文属于传统域;对所述报文按照传统域未知单播的数据报文的处理方式进行处理。The packet processing apparatus according to claim 8, wherein the processing module is configured to determine that the message is an unknown unicast data message; and according to VLAN information in the packet and a VLAN under the port The identifier determines that the packet belongs to the traditional domain; and processes the packet according to the processing manner of the data packet whose unicast is unknown in the traditional domain.
  11. 一种存储介质,所述存储介质包括存储的程序,其中,所述程序运行时执行权利要求1至7中任一项所述的方法。 A storage medium, the storage medium comprising a stored program, wherein the program is executed to perform the method of any one of claims 1 to 7.
PCT/CN2017/090326 2016-06-30 2017-06-27 Data-message processing method and apparatus WO2018001242A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201610514793.8A CN107566237B (en) 2016-06-30 2016-06-30 Data message processing method and device
CN201610514793.8 2016-06-30

Publications (1)

Publication Number Publication Date
WO2018001242A1 true WO2018001242A1 (en) 2018-01-04

Family

ID=60785835

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/090326 WO2018001242A1 (en) 2016-06-30 2017-06-27 Data-message processing method and apparatus

Country Status (2)

Country Link
CN (1) CN107566237B (en)
WO (1) WO2018001242A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110830371A (en) * 2019-11-13 2020-02-21 迈普通信技术股份有限公司 Message redirection method and device, electronic equipment and readable storage medium
CN113079030A (en) * 2020-05-29 2021-07-06 新华三信息安全技术有限公司 Configuration information issuing method and access equipment
CN113452593A (en) * 2021-06-10 2021-09-28 烽火通信科技股份有限公司 Method and device for coexistence of OLT VXLAN and multi-slice
CN114205185A (en) * 2020-09-16 2022-03-18 厦门网宿有限公司 Proxy method and device for control message
WO2023104054A1 (en) * 2021-12-07 2023-06-15 中兴通讯股份有限公司 Network processing module, data processing method, network node and storage medium

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109495370B (en) * 2018-12-29 2020-11-24 瑞斯康达科技发展股份有限公司 Message transmission method and device based on VPLS
CN113497799B (en) * 2020-04-08 2022-09-16 维沃移动通信有限公司 Protocol architecture determination method, device and equipment
CN115225585A (en) * 2021-04-14 2022-10-21 华为技术有限公司 DCN message processing method, network equipment and system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103763146A (en) * 2014-01-29 2014-04-30 杭州华三通信技术有限公司 Soft defined network controller and transmission information generating method of soft defined network controller
US20150043382A1 (en) * 2013-08-09 2015-02-12 Nec Laboratories America, Inc. Hybrid network management
CN104823417A (en) * 2012-11-29 2015-08-05 华为技术有限公司 Transformation and unified control of hybrid networks composed of OpenFlow switches and other programmable switches

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100553220C (en) * 2007-08-22 2009-10-21 杭州华三通信技术有限公司 A kind of method and apparatus of realizing that downlink user is isolated in the VLAN
CN105429870B (en) * 2015-11-30 2018-10-02 北京瑞和云图科技有限公司 VXLAN security gateway devices under SDN environment and its application process
CN105357099A (en) * 2015-12-18 2016-02-24 南京优速网络科技有限公司 Implementation method of VPN (virtual private network) on basis of SDN (software defined network)

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104823417A (en) * 2012-11-29 2015-08-05 华为技术有限公司 Transformation and unified control of hybrid networks composed of OpenFlow switches and other programmable switches
US20150043382A1 (en) * 2013-08-09 2015-02-12 Nec Laboratories America, Inc. Hybrid network management
CN103763146A (en) * 2014-01-29 2014-04-30 杭州华三通信技术有限公司 Soft defined network controller and transmission information generating method of soft defined network controller

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
ZHANG, WEIFENG: "Deep Analysis of SDN-Interest, Strategy, Technology and Practice", vol. 31, 31 January 2014 (2014-01-31), pages 113 *

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110830371A (en) * 2019-11-13 2020-02-21 迈普通信技术股份有限公司 Message redirection method and device, electronic equipment and readable storage medium
CN113079030A (en) * 2020-05-29 2021-07-06 新华三信息安全技术有限公司 Configuration information issuing method and access equipment
CN113079030B (en) * 2020-05-29 2022-05-24 新华三信息安全技术有限公司 Configuration information issuing method and access equipment
CN114205185A (en) * 2020-09-16 2022-03-18 厦门网宿有限公司 Proxy method and device for control message
CN114205185B (en) * 2020-09-16 2023-03-24 厦门网宿有限公司 Proxy method and device for control message
CN113452593A (en) * 2021-06-10 2021-09-28 烽火通信科技股份有限公司 Method and device for coexistence of OLT VXLAN and multi-slice
CN113452593B (en) * 2021-06-10 2022-06-03 烽火通信科技股份有限公司 Method and device for coexistence of OLT VXLAN and multiple slices
WO2023104054A1 (en) * 2021-12-07 2023-06-15 中兴通讯股份有限公司 Network processing module, data processing method, network node and storage medium

Also Published As

Publication number Publication date
CN107566237B (en) 2021-06-29
CN107566237A (en) 2018-01-09

Similar Documents

Publication Publication Date Title
WO2018001242A1 (en) Data-message processing method and apparatus
US20160301603A1 (en) Integrated routing method based on software-defined network and system thereof
CN109561108B (en) Policy-based container network resource isolation control method
EP2567529B1 (en) Specifying priority on a virtual station interface discovery and configuration protocol response
EP2874359B1 (en) Extended ethernet fabric switches
US9654395B2 (en) SDN-based service chaining system
JP5991424B2 (en) Packet rewriting device, control device, communication system, packet transmission method and program
US11190435B2 (en) Control apparatus, communication system, tunnel endpoint control method, and program
US9331936B2 (en) Switch fabric support for overlay network features
US9426095B2 (en) Apparatus and method of switching packets between virtual ports
EP3017569B1 (en) Virtual network
US10038627B2 (en) Selective rule management based on traffic visibility in a tunnel
WO2017114342A1 (en) Control of packet of virtual machine
US9559896B2 (en) Network-assisted configuration and programming of gateways in a network environment
WO2015149563A1 (en) Communication method and system, resource pool management system, switch and control device
US20150281075A1 (en) Method and apparatus for processing address resolution protocol (arp) packet
US9900238B2 (en) Overlay network-based original packet flow mapping apparatus and method therefor
WO2016115836A1 (en) Routing state and/or policy information processing method and apparatus
EP2915315B1 (en) Otv scaling using site virtual mac addresses
CN104579894B (en) The IGMP Snooping implementation methods and device of the distributed virtual switch system
WO2014183518A1 (en) Method and system for realizing forwarding of data packet
KR101797112B1 (en) Manegement system for container network
KR101797115B1 (en) Method for container networking of container network
US10177935B2 (en) Data transfer system, data transfer server, data transfer method, and program recording medium
KR102024545B1 (en) Overlay network based on the original packet flow mapping apparatus and method therefor

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17819239

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17819239

Country of ref document: EP

Kind code of ref document: A1