WO2018033153A1 - Method and device for processing ip address conflict in evpn - Google Patents

Method and device for processing ip address conflict in evpn Download PDF

Info

Publication number
WO2018033153A1
WO2018033153A1 PCT/CN2017/098165 CN2017098165W WO2018033153A1 WO 2018033153 A1 WO2018033153 A1 WO 2018033153A1 CN 2017098165 W CN2017098165 W CN 2017098165W WO 2018033153 A1 WO2018033153 A1 WO 2018033153A1
Authority
WO
WIPO (PCT)
Prior art keywords
address
local
mac
correspondence table
conflict
Prior art date
Application number
PCT/CN2017/098165
Other languages
French (fr)
Chinese (zh)
Inventor
刘冬梅
李卓
盛威
王琳
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2018033153A1 publication Critical patent/WO2018033153A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5046Resolving address allocation conflicts; Testing of addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5007Internet protocol [IP] addresses

Definitions

  • the present disclosure relates to the field of communications, for example, to a method and apparatus for processing IP address conflicts in an EVPN.
  • VXLAN Virtual Extensible Local Area Network
  • VPLS Virtual Private LAN Service
  • MAC Media/Medium Access Control
  • the service is distributed by the Multi-Protocol-Border Gateway Protocol (MP-BGP) control plane for media access control/Internet Protocol (IP) routing, thereby canceling the broadcast for the forwarding plane.
  • MP-BGP Multi-Protocol-Border Gateway Protocol
  • IP Internet Protocol
  • IP Internet Protocol
  • ARP Address Resolution Protocol
  • VM Virtual machine
  • the present disclosure provides a method and a device for processing an IP address conflict in an EVPN, which solves the problem that the IP address conflict of the virtual machine cannot be detected due to the elimination of broadcast messages in the EVPN scenario.
  • the disclosure provides a method for processing a network protocol IP address conflict in an enhanced virtual private network (EVPN), which is applied to the first network side edge device PE, and includes:
  • routing message carries an IP address of the second PE local virtual machine VM and a medium access control MAC address
  • the step of performing conflict detection processing on the IP address in the correspondence table of the IP address-MAC address locally maintained by the first PE according to the routing message includes:
  • IP address from the second PE local VM conflicts with the IP address of the first PE local VM obtained through local learning, it is determined that the IP address from the second PE local VM is obtained and the IP address of the first PE local VM is obtained.
  • the correspondence table is updated in order, and according to the IP address obtained later.
  • the step of performing conflict detection processing on the IP address in the correspondence table of the IP address-MAC address locally maintained by the first PE according to the routing message includes:
  • the IP address from the second PE local VM conflicts with the IP address from the third PE local VM recorded in the correspondence table, according to a preset rule, the IP address from the second PE local VM and from the first Among the IP addresses of the three PE local VMs, an IP address is selected, and the correspondence table is updated according to the selected IP address.
  • the rule is that an IP address of a local VM corresponding to a PE with a smaller IP of the PE device is selected among the IP addresses of the plurality of PE local VMs, or an IP address specified in advance is selected;
  • the step of selecting an IP address from the IP address from the second PE local VM and the IP address from the third PE local VM includes:
  • a pre-designated IP address is selected from an IP address from the second PE local VM and an IP address from the third PE local VM.
  • the rule is that an IP address corresponding to a static MAC is selected among IP addresses of multiple PE local VMs or an IP address corresponding to a pre-designated MAC segment is selected;
  • the step of selecting an IP address from the IP address from the second PE local VM and the IP address from the third PE local VM includes:
  • An IP address corresponding to the pre-designated MAC segment is selected from the IP address from the second PE local VM and the IP address from the third PE local VM.
  • the rule is that an IP address corresponding to the network identifier VNI of the smaller virtual scalable local area network is selected among the IP addresses of the plurality of PE local VMs or an IP address corresponding to the pre-designated VNI is selected;
  • the step of selecting an IP address from the IP address from the second PE local VM and the IP address from the third PE local VM includes:
  • the step of performing conflict detection processing on the IP address in the correspondence table of the IP address-MAC address locally maintained by the first PE according to the routing message includes:
  • the present disclosure also provides a processing device for a network protocol IP address conflict in an enhanced virtual private network (EVPN), which is applied to the first network side edge device PE, and includes:
  • EVPN enhanced virtual private network
  • a receiving module configured to receive a routing message from the second PE, where the routing message carries an IP address of the second PE local virtual machine VM and a medium access control MAC address;
  • the conflict processing module is configured to perform a conflict detection process on the IP address in the correspondence table of the IP address-MAC address locally maintained by the first PE according to the routing message, where the correspondence table records an EVPN IP address and MAC address of all PE local VMs in the broadcast domain.
  • the conflict processing module includes:
  • the first update unit is configured to determine, if the IP address from the second PE local VM conflicts with the IP address of the first PE local VM obtained through local learning, to obtain the IP address from the second PE local VM and obtain the first
  • the IP address of the PE local VM is sequentially updated, and the correspondence table is updated according to the IP address obtained later.
  • the conflict processing module includes:
  • a second update unit configured to: if an IP address from the second PE local VM conflicts with an IP address from the third PE local VM recorded in the correspondence table, according to a preset rule, from the second PE local Select one of the VM's IP address and the IP address from the third PE's local VM.
  • the IP address is updated according to the selected IP address.
  • the embodiment further provides a computer readable storage medium storing computer executable instructions for performing a method for processing an IP address conflict in the EVPN.
  • the embodiment also provides a communication device including one or more processors, a memory, and one or more programs, the one or more programs being stored in the memory when executed by one or more processors.
  • the method for processing the IP address conflict in the above EVPN is performed.
  • the embodiment further provides a computer program product comprising a computer program stored on a non-transitory computer readable storage medium, the computer program comprising program instructions, when the program instructions are executed by a computer And causing the computer to perform a processing method of IP address conflict in any of the above EVPNs.
  • the method for processing the IP address conflict in the EVPN of the present disclosure can perform the IP address conflict detection processing on the IP address of the VM synchronized by the remote PE in the EVPN scenario by maintaining the mapping table of the IP address-MAC address locally. If the IP address conflicts in the same broadcast domain are found, the problem that the virtual machine IP address conflict cannot be detected due to the elimination of broadcast packets in the EVPN scenario is solved.
  • FIG. 1 is a flowchart of a method for processing an IP address conflict in an EVPN according to an embodiment
  • FIG. 2 is a schematic diagram of an application environment of an IP address conflict processing method in an EVPN according to an embodiment of the present invention
  • FIG. 3 is a schematic structural diagram of an apparatus for processing an IP address conflict in an EVPN according to an embodiment of the present invention
  • FIG. 4 is a schematic structural diagram of another processing apparatus for conflicting IP addresses in an EVPN according to an embodiment of the present invention.
  • FIG. 5 is a schematic structural diagram of another processing apparatus for conflicting IP addresses in an EVPN according to an embodiment
  • FIG. 6 is a schematic structural diagram of hardware of a communication device according to an embodiment of the present disclosure.
  • the IP address includes the IP address of the Provider Edge (PE) and the IP address of the VM.
  • PE Provider Edge
  • the method and device for processing the IP address conflict in the EVPN in this embodiment are directed to the conflict processing of the IP address of the VM.
  • the IP addresses that are not explicitly stated are the IP addresses of the VM.
  • the method for processing an IP address conflict in an EVPN in this embodiment is applied to a first PE, and the processing method includes the following steps.
  • step 101 a routing message is received from the second PE, where the routing message carries an IP address and a MAC address of the second PE local virtual machine VM.
  • the second PE After learning the IP address and MAC address of the local VM, the second PE routes the MAC/IP address to the remote PE (the first PE) through the MP-BGP protocol.
  • the routing message of the second PE may be a MAC/IP route advertisement Advertisement Route message.
  • step 102 a conflict detection process is performed on the IP address in the correspondence table of the IP address-MAC address locally maintained by the first PE according to the routing message, where the correspondence table records a broadcast of the EVPN. IP address and MAC address of all PE local VMs in the domain.
  • All the PEs in the broadcast domain of the EVPN will synchronize the IP address and MAC address of the local VM to the remote PE. Therefore, the first PE can learn the IP addresses and MAC addresses of all PE local VMs in the broadcast domain and save them to the locally maintained IP address.
  • Address-MAC address correspondence table can perform IP address collision detection processing on the IP addresses of VMs routed by other PEs.
  • the PEs in the same broadcast domain have the same VXLAN Network Identifier (VNI) or are located in the same VPN.
  • VNI VXLAN Network Identifier
  • the method for processing the IP address conflict in the EVPN in this embodiment is to maintain the IP address-MAC locally.
  • the IP address conflict detection process is performed on the IP address of the VM that is synchronized by the remote PE in the EVPN scenario, and the IP address conflicts in the same broadcast domain are found in the EVPN scenario.
  • the problem is that the virtual machine IP address conflict cannot be detected.
  • the foregoing step 102 may further include the following steps.
  • IP address from the second PE local VM conflicts with the IP address of the first PE local VM obtained through local learning, it is determined that the IP address from the second PE local VM is obtained and the IP address of the first PE local VM is obtained.
  • the correspondence table is updated in order, and according to the IP address obtained later.
  • IP address of the second PE local VM conflicts with the IP address of the first PE local VM, the IP address obtained afterwards and the corresponding MAC address are selected as effective addresses, so that the newly obtained IP address can be obtained during the virtual machine migration. Updates can prevent virtual machines from migrating to invalid IP addresses, ensuring efficient virtual machine migration.
  • one of the IP address of the second PE local VM and the IP address of the first PE local VM may be selected as the effective address by static configuration.
  • the IP address of the VM of the local PE first PE
  • the IP address of the VM of the remote PE second PE
  • the foregoing step 102 may further include the following steps.
  • the IP address from the second PE local VM conflicts with the IP address from the third PE local VM recorded in the correspondence table, according to a preset rule, the IP address from the second PE local VM and from the first Among the IP addresses of the three PE local VMs, an IP address is selected, and the correspondence table is updated according to the selected IP address.
  • the IP address of the second PE local VM conflicts with the IP address of the third PE local VM, the IP address corresponding to the priority and the corresponding MAC address are selected as effective addresses according to a preset rule. It can prevent attacks from other illegal addresses and improve network security and reliability.
  • the rules for the IP address of the local PE (the first PE) and the remote PE (the second PE and the third PE) should be the same. If the IP address of the second PE local VM conflicts with the IP address of the third PE local VM, the first PE selects the IP address of the second PE local VM as the effective address, and the second PE and the third PE should also select the first The IP address of the second PE local VM is a valid address.
  • the rule is to select an IP address of a local VM corresponding to a PE with a smaller IP of the PE device among the IP addresses of the multiple PE local VMs, or select a pre-designated IP address.
  • the IP address of the VM corresponding to the PE with the smaller PE IP address is high. Therefore, you can select the IP address of the VM corresponding to the PE with the smaller PE IP address as the effective address. In addition, you can also specify the IP address that takes precedence based on historical experience.
  • selecting an IP address from the IP address from the second PE local VM and the IP address from the third PE local VM may include the following steps.
  • a pre-designated IP address is selected from an IP address from the second PE local VM and an IP address from the third PE local VM.
  • an IP address with high security can be obtained to prevent an attack.
  • the IP address of the local PE device and the IP address of the remote PE device can be obtained through the MP-BGP tunnel information.
  • the rule is: selecting an IP address corresponding to the static MAC among the IP addresses of the multiple PE local VMs or selecting an IP address corresponding to the pre-designated MAC segment.
  • the IP address corresponding to the static MAC address is high. Therefore, you can select the IP address corresponding to the static MAC address as the effective address.
  • the priority-effective MAC segment can be specified based on historical experience, and the corresponding IP address can be obtained.
  • selecting an IP address from the IP address from the second PE local VM and the IP address from the third PE local VM may include the following steps.
  • An IP address corresponding to the pre-designated MAC segment is selected from the IP address from the second PE local VM and the IP address from the third PE local VM.
  • an IP address corresponding to a static MAC address or an IP address corresponding to a pre-designated MAC segment is selected to obtain a highly secure IP address to prevent an attack.
  • the rule is to select an IP address corresponding to a smaller VNI among the IP addresses of the plurality of PE local VMs or select an IP address corresponding to the pre-designated VNI.
  • the IP address corresponding to the smaller VNI is highly secure, so the IP address corresponding to the smaller VNI can be selected as the effective address.
  • the priority effective VNI can be specified based on historical experience, and the corresponding IP address can be obtained.
  • selecting an IP address from the IP address from the second PE local VM and the IP address from the third PE local VM includes the following steps.
  • An IP address corresponding to the pre-designated VNI is selected from the IP address from the second PE local VM and the IP address from the third PE local VM.
  • IP address corresponding to a smaller VNI By selecting an IP address corresponding to a smaller VNI or selecting an IP address corresponding to a pre-designated VNI, a highly secure IP address can be obtained to prevent an attack.
  • step of step 102 above may further include the following steps.
  • PE A, PE B, and PE C are located in the same broadcast domain of the EVPN.
  • PE B uses the MP-BGP protocol to spread the MAC address of the local VM and sends the information of the MAC B to PE A and PE C.
  • PE C also uses the MP-BGP protocol to spread the MAC address of the local VM and sends the MAC C information to PE A and PE B.
  • the IP addresses of PE B and PE C are the same.
  • PE B finds that it conflicts with the IP address of the VM of the PE C, selects the IP address obtained after it takes effect, and updates the local IP address-MAC address correspondence table.
  • PE C finds that the IP address of the VM of PE B conflicts, selects the IP address obtained later, and updates the local IP address-MAC address correspondence table.
  • the PE A finds that the MAC addresses from different remote ends correspond to the IP addresses of the same VMs, that is, the IP addresses of the VMs from the PE B conflict with the IP addresses of the VMs from the PE C, and select the IP with higher priority according to the preset rules.
  • the address takes effect and the local IP address-MAC address correspondence table is updated. If the collision duration exceeds the preset time threshold, an alarm is issued to the conflict situation to notify other devices PE B and The IP address conflict of the PE C VM.
  • the IP addresses that PE A, PE B, and PE C choose to take effect should be consistent.
  • the method for processing the IP address conflict in the EVPN in this embodiment can perform the IP address conflict detection process on the IP address of the VM synchronized by the remote PE in the EVPN scenario by maintaining the mapping table of the IP address-MAC address locally.
  • the IP address conflicts in the same broadcast domain can be discovered in a timely manner. This solves the problem that the IP address conflict of the virtual machine cannot be detected due to the elimination of broadcast packets in the EVPN scenario.
  • the embodiment further provides an apparatus for processing an IP address conflict in an EVPN, which is applied to a first PE, and the processing apparatus includes the following modules.
  • the receiving module 310 is configured to receive a routing message from the second PE, where the routing message carries an IP address and a MAC address of the second PE local virtual machine VM.
  • the conflict processing module 320 is configured to perform an IP address conflict detection process on the IP address in the correspondence table of the IP address-MAC address locally maintained by the first PE according to the routing message, where the correspondence relationship table records The IP address and MAC address of all PE local VMs in a broadcast domain with EVPN.
  • the device for processing the IP address conflict in the EVPN in the embodiment can perform the IP address conflict detection process on the IP address of the VM synchronized by the remote PE in the EVPN scenario by maintaining the mapping table of the IP address-MAC address locally.
  • the IP address conflicts in the same broadcast domain can be discovered in a timely manner. This solves the problem that the IP address conflict of the virtual machine cannot be detected due to the elimination of broadcast packets in the EVPN scenario.
  • the conflict processing module 320 includes a first update unit 321, as shown in FIG.
  • the first update unit 321 is configured to determine, if the IP address from the second PE local VM conflicts with the IP address of the first PE local VM obtained through local learning, to obtain the IP address from the second PE local VM and obtain the first
  • the order of the IP addresses of the PE local VMs is updated, and the correspondence table is updated according to the IP addresses obtained later.
  • the conflict processing module 320 includes a second update unit 322, as shown in FIG.
  • the second update unit 322 is configured to: if the IP address from the second PE local VM conflicts with the IP address of the third PE local VM recorded in the correspondence table, according to a preset rule, from the second PE An IP address is selected from an IP address of the local VM and an IP address from the third PE local VM, and the correspondence table is updated according to the selected IP address.
  • the rule is to select an IP address of a local VM corresponding to a PE with a smaller IP of the PE device among the IP addresses of the multiple PE local VMs, or select a pre-designated IP address.
  • the second update unit may include a first selection unit.
  • the second update unit may include a second selection unit.
  • the second selection unit is configured to select a pre-designated IP address from an IP address from the second PE local VM and an IP address from the third PE local VM.
  • the rule is: selecting an IP address corresponding to the static MAC among the IP addresses of the multiple PE local VMs or selecting an IP address corresponding to the pre-designated MAC segment.
  • the second update unit may include the following selection unit.
  • the third selection unit is configured to select an IP address corresponding to the static MAC from the IP address from the second PE local VM and the IP address from the third PE local VM.
  • the second update unit may include a fourth selection unit.
  • a fourth selecting unit configured to select an IP address corresponding to the pre-designated MAC segment from the IP address from the second PE local VM and the IP address from the third PE local VM.
  • the rule is to select, in the IP addresses of the multiple PE local VMs, to correspond to the smaller VNIs.
  • the second update unit may include the following selection unit.
  • the fifth selection unit is configured to select an IP address corresponding to the smaller VNI from the IP address from the second PE local VM and the IP address from the third PE local VM.
  • the second update unit may include a sixth selection unit.
  • the sixth selection unit is configured to select an IP address corresponding to the pre-designated VNI from the IP address from the second PE local VM and the IP address from the third PE local VM.
  • the conflict processing module further includes an alarm unit.
  • the alarm unit is configured to: if the IP address from the second PE local VM conflicts with the IP address of the first PE local VM, or the IP address from the second PE local VM and the third PE local VM recorded in the correspondence table If the IP address conflicts and the collision duration exceeds the preset time threshold, an alarm is generated for the conflict.
  • the device for processing the IP address conflict in the EVPN in the embodiment can perform the IP address conflict detection process on the IP address of the VM synchronized by the remote PE in the EVPN scenario by maintaining the mapping table of the IP address-MAC address locally.
  • the IP address conflicts in the same broadcast domain can be discovered in a timely manner. This solves the problem that the IP address conflict of the virtual machine cannot be detected due to the elimination of broadcast packets in the EVPN scenario.
  • the processing device for the IP address conflict in the EVPN is a device corresponding to the processing method of the IP address conflict in the EVPN, wherein all the implementation manners in the foregoing method embodiments are applicable to the embodiment of the device, and the same technology can be achieved. effect.
  • the embodiment further provides a computer readable storage medium storing computer executable instructions for performing the above method.
  • FIG. 6 is a schematic diagram showing the hardware structure of a communication device according to the present embodiment.
  • the electronic device includes: one or more processors 410 and a memory 420.
  • One processor 410 is shown in FIG. For example.
  • the communication device may also include an input device 430 and an output device 440.
  • the processor 410, the memory 420, the input device 430, and the output device 440 in the communication device may be connected by a bus or other means, and the bus connection is taken as an example in FIG.
  • the input device 430 can receive input numeric or character information
  • the output device 440 can include a display device such as a display screen.
  • the memory 420 is a computer readable storage medium that can be used to store software programs, computer executable programs, and modules.
  • the processor 410 executes various functional applications and data processing by executing software programs, instructions, and modules stored in the memory 420 to implement any of the above-described embodiments.
  • the memory 420 may include a storage program area and an storage data area, wherein the storage program area may store an operating system, an application required for at least one function; the storage data area may store data created according to usage of the electronic device, and the like.
  • the memory may include volatile memory such as random access memory (RAM), and may also include non-volatile memory such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device.
  • Memory 420 can be a non-transitory computer storage medium or a transitory computer storage medium.
  • the non-transitory computer storage medium such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device.
  • memory 420 can optionally include memory remotely located relative to processor 410, which can be connected to the electronic device over a network. Examples of the above networks may include the Internet, an intranet, a local area network, a mobile communication network, and combinations thereof.
  • Input device 430 can be used to receive input digital or character information and to generate key signal inputs related to user settings and function control of the electronic device.
  • Output device 440 can include a display device such as a display screen.
  • the electronic device of the present embodiment may further include a communication device 450 that transmits and/or receives information over a communication network.
  • a person skilled in the art can understand that all or part of the process of implementing the above embodiment method can be completed by executing related hardware by a computer program, and the program can be stored in a non-transitory computer readable storage medium.
  • the program when executed, may include the flow of an embodiment of the method as described above, wherein the non-transitory computer readable storage medium may be a magnetic disk, an optical disk, a read only memory (ROM), or a random access memory (RAM). Wait.
  • the method and device for processing an IP address conflict in the EVPN provided by the present disclosure can perform IP address conflict detection on the IP address of the VM synchronized by the remote PE in the EVPN scenario by locally maintaining the correspondence table of the IP address-MAC address. If the IP address conflicts in the same broadcast domain are found, the IP address conflict between the virtual machine and the virtual machine cannot be detected in the EVPN scenario.

Abstract

A method and device for processing an internet protocol (IP) address conflict in an enhanced virtual private network (EVPN). The method is applicable to a first PE, and comprises: receiving a routing message from a second PE and containing an IP address and a medium access control (MAC) address of a local virtual machine of the second PE; and detecting, according to the routing information, an IP address conflict of IP addresses in an IP address-MAC address correspondence table maintained by the first PE; wherein the correspondence table records all IP addresses and MAC addresses in a broadcast domain of an EVPN.

Description

EVPN中IP地址冲突的处理方法及装置Method and device for processing IP address conflict in EVPN 技术领域Technical field
本公开涉及通信领域,例如涉及一种EVPN中IP地址冲突的处理方法及装置。The present disclosure relates to the field of communications, for example, to a method and apparatus for processing IP address conflicts in an EVPN.
背景技术Background technique
虚拟可扩展局域网(Virtual Extensible Local Area Network,VXLAN)/虚拟专用局域网业务(Virtual Private LAN Service,VPLS)架构中,介质访问控制(Media/Medium Access Control,MAC)学习在转发面进行,这依赖于转发面的广播机制。互联网工程任务组(Internet Engineering Task Force,IETF)和二层虚拟专用网(Level 2 Virtual Private Network,L2 VPN)工作组提出一种新的业务形态,加强型虚拟专用网络(Enhanced Virtual Private Network,EVPN)业务,由多协议-边界网关协议(Multi-Protocol-Border Gateway Protocol,MP-BGP)控制面进行介质访问控制/网络协议(Internet Protocol,IP)路由的分发,由此取消对于转发面广播的依赖性。In the Virtual Extensible Local Area Network (VXLAN)/Virtual Private LAN Service (VPLS) architecture, Media/Medium Access Control (MAC) learning is performed on the forwarding plane, which depends on The broadcast mechanism of the forwarding plane. The Internet Engineering Task Force (IETF) and the Level 2 Virtual Private Network (L2 VPN) working group proposed a new business model, Enhanced Virtual Private Network (EVPN). The service is distributed by the Multi-Protocol-Border Gateway Protocol (MP-BGP) control plane for media access control/Internet Protocol (IP) routing, thereby canceling the broadcast for the forwarding plane. Dependence.
互联网协议(Internet Protocol,IP)冲突的检测,依赖于地址解析协议(Address Resolution Protocol,ARP)广播报文或者免费ARP报文,因此EVPN业务在消除广播报文的同时也带来了无法检测虚拟机(Virtual Machine,VM)IP地址冲突的问题。The detection of Internet Protocol (IP) conflicts depends on the Address Resolution Protocol (ARP) broadcast message or the free ARP packet. Therefore, the EVPN service can also detect the virtual message while eliminating the broadcast message. Virtual machine (VM) IP address conflicts.
发明内容 Summary of the invention
本公开提供一种EVPN中IP地址冲突的处理方法及装置,解决EVPN场景中由于消除广播报文而无法检测虚拟机IP地址冲突的问题。The present disclosure provides a method and a device for processing an IP address conflict in an EVPN, which solves the problem that the IP address conflict of the virtual machine cannot be detected due to the elimination of broadcast messages in the EVPN scenario.
本公开提供一种加强型虚拟专用网络EVPN中网络协议IP地址冲突的处理方法,应用于第一网络侧边缘设备PE,包括:The disclosure provides a method for processing a network protocol IP address conflict in an enhanced virtual private network (EVPN), which is applied to the first network side edge device PE, and includes:
接收来自第二PE的路由消息,所述路由消息携带第二PE本地虚拟机VM的IP地址及介质访问控制MAC地址;Receiving a routing message from the second PE, where the routing message carries an IP address of the second PE local virtual machine VM and a medium access control MAC address;
根据所述路由消息,对第一PE本地维护的IP地址-MAC地址的对应关系表中的IP地址,进行冲突检测处理,其中,所述对应关系表记录有EVPN的一广播域内所有PE本地VM的IP地址及MAC地址。Performing a conflict detection process on the IP address in the correspondence table of the IP address-MAC address locally maintained by the first PE according to the routing message, where the correspondence table records all PE local VMs in a broadcast domain of the EVPN. IP address and MAC address.
其中,所述根据所述路由消息,对第一PE本地维护的IP地址-MAC地址的对应关系表中的IP地址,进行冲突检测处理的步骤包括:The step of performing conflict detection processing on the IP address in the correspondence table of the IP address-MAC address locally maintained by the first PE according to the routing message includes:
若来自第二PE本地VM的IP地址,与通过本地学习得到的第一PE本地VM的IP地址冲突,则确定得到来自第二PE本地VM的IP地址与得到第一PE本地VM的IP地址的先后顺序,并根据在后得到的IP地址,更新所述对应关系表。If the IP address from the second PE local VM conflicts with the IP address of the first PE local VM obtained through local learning, it is determined that the IP address from the second PE local VM is obtained and the IP address of the first PE local VM is obtained. The correspondence table is updated in order, and according to the IP address obtained later.
其中,所述根据所述路由消息,对第一PE本地维护的IP地址-MAC地址的对应关系表中的IP地址,进行冲突检测处理的步骤包括:The step of performing conflict detection processing on the IP address in the correspondence table of the IP address-MAC address locally maintained by the first PE according to the routing message includes:
若来自第二PE本地VM的IP地址,与所述对应关系表记录的来自第三PE本地VM的IP地址冲突,则根据预设的规则,从来自第二PE本地VM的IP地址和来自第三PE本地VM的IP地址中,选择出一个IP地址,并根据选择出的IP地址,更新所述对应关系表。If the IP address from the second PE local VM conflicts with the IP address from the third PE local VM recorded in the correspondence table, according to a preset rule, the IP address from the second PE local VM and from the first Among the IP addresses of the three PE local VMs, an IP address is selected, and the correspondence table is updated according to the selected IP address.
其中,所述规则为在多个PE本地VM的IP地址中选择PE设备的IP较小的PE所对应的本地VM的IP地址或者选择预先指定的一IP地址; The rule is that an IP address of a local VM corresponding to a PE with a smaller IP of the PE device is selected among the IP addresses of the plurality of PE local VMs, or an IP address specified in advance is selected;
所述从来自第二PE本地VM的IP地址和来自第三PE本地VM的IP地址中,选择出一个IP地址的步骤包括:The step of selecting an IP address from the IP address from the second PE local VM and the IP address from the third PE local VM includes:
比较第二PE设备的IP地址与第三PE设备的IP地址,从来自第二PE本地VM的IP地址和来自第三PE本地VM的IP地址中,选择出一个PE设备的IP较小的PE所对应的本地VM的IP地址;或者Comparing the IP address of the second PE device with the IP address of the third PE device, selecting a PE with a smaller IP of the PE device from the IP address from the second PE local VM and the IP address from the third PE local VM The IP address of the corresponding local VM; or
从来自第二PE本地VM的IP地址和来自第三PE本地VM的IP地址中,选择出预先指定的一IP地址。A pre-designated IP address is selected from an IP address from the second PE local VM and an IP address from the third PE local VM.
其中,所述规则为在多个PE本地VM的IP地址中选择与静态MAC对应的IP地址或者选择与预先指定的MAC段对应的IP地址;The rule is that an IP address corresponding to a static MAC is selected among IP addresses of multiple PE local VMs or an IP address corresponding to a pre-designated MAC segment is selected;
所述从来自第二PE本地VM的IP地址和来自第三PE本地VM的IP地址中,选择出一个IP地址的步骤包括:The step of selecting an IP address from the IP address from the second PE local VM and the IP address from the third PE local VM includes:
从来自第二PE本地VM的IP地址和来自第三PE本地VM的IP地址中,选择出一个与静态MAC对应的IP地址;或者Selecting an IP address corresponding to the static MAC from an IP address from the second PE local VM and an IP address from the third PE local VM; or
从来自第二PE本地VM的IP地址和来自第三PE本地VM的IP地址中,选择出一个与预先指定的MAC段对应的IP地址。An IP address corresponding to the pre-designated MAC segment is selected from the IP address from the second PE local VM and the IP address from the third PE local VM.
其中,所述规则为在多个PE本地VM的IP地址中选择与较小虚拟可扩展局域网的网络标识VNI对应的IP地址或者选择与预先指定的VNI对应的IP地址;The rule is that an IP address corresponding to the network identifier VNI of the smaller virtual scalable local area network is selected among the IP addresses of the plurality of PE local VMs or an IP address corresponding to the pre-designated VNI is selected;
所述从来自第二PE本地VM的IP地址和来自第三PE本地VM的IP地址中,选择出一个IP地址的步骤包括:The step of selecting an IP address from the IP address from the second PE local VM and the IP address from the third PE local VM includes:
从来自第二PE本地VM的IP地址和来自第三PE本地VM的IP地址中,选择出一个与较小VNI对应的IP地址;或者Selecting an IP address corresponding to the smaller VNI from the IP address from the second PE local VM and the IP address from the third PE local VM; or
从来自第二PE本地VM的IP地址和来自第三PE本地VM的IP地址中, 选择出一个与预先指定的VNI对应的IP地址。From the IP address from the second PE local VM and the IP address from the third PE local VM, Select an IP address that corresponds to the pre-assigned VNI.
其中,所述根据所述路由消息,对第一PE本地维护的IP地址-MAC地址的对应关系表中的IP地址,进行冲突检测处理的步骤包括:The step of performing conflict detection processing on the IP address in the correspondence table of the IP address-MAC address locally maintained by the first PE according to the routing message includes:
若来自第二PE本地VM的IP地址与第一PE本地VM的IP地址冲突,或者来自第二PE本地VM的IP地址与所述对应关系表记录的来自第三PE本地VM的IP地址冲突,且冲突持续时间超过预设时间阈值,则对冲突情况发出告警。If the IP address from the second PE local VM conflicts with the IP address of the first PE local VM, or the IP address from the second PE local VM conflicts with the IP address from the third PE local VM recorded in the correspondence table, If the collision duration exceeds the preset time threshold, an alarm is issued for the conflict.
本公开还提供一种加强型虚拟专用网络EVPN中网络协议IP地址冲突的处理装置,应用于第一网络侧边缘设备PE,包括:The present disclosure also provides a processing device for a network protocol IP address conflict in an enhanced virtual private network (EVPN), which is applied to the first network side edge device PE, and includes:
接收模块,设置为接收来自第二PE的路由消息,所述路由消息携带第二PE本地虚拟机VM的IP地址及介质访问控制MAC地址;a receiving module, configured to receive a routing message from the second PE, where the routing message carries an IP address of the second PE local virtual machine VM and a medium access control MAC address;
冲突处理模块,设置为根据所述路由消息,对第一PE本地维护的IP地址-MAC地址的对应关系表中的IP地址,进行冲突检测处理,其中,所述对应关系表记录有EVPN的一广播域内所有PE本地VM的IP地址及MAC地址。The conflict processing module is configured to perform a conflict detection process on the IP address in the correspondence table of the IP address-MAC address locally maintained by the first PE according to the routing message, where the correspondence table records an EVPN IP address and MAC address of all PE local VMs in the broadcast domain.
其中,所述冲突处理模块包括:The conflict processing module includes:
第一更新单元,设置为若来自第二PE本地VM的IP地址,与通过本地学习得到的第一PE本地VM的IP地址冲突,则确定得到来自第二PE本地VM的IP地址与得到第一PE本地VM的IP地址的先后顺序,并根据在后得到的IP地址,更新所述对应关系表。The first update unit is configured to determine, if the IP address from the second PE local VM conflicts with the IP address of the first PE local VM obtained through local learning, to obtain the IP address from the second PE local VM and obtain the first The IP address of the PE local VM is sequentially updated, and the correspondence table is updated according to the IP address obtained later.
其中,所述冲突处理模块包括:The conflict processing module includes:
第二更新单元,设置为若来自第二PE本地VM的IP地址,与所述对应关系表记录的来自第三PE本地VM的IP地址冲突,则根据预设的规则,从来自第二PE本地VM的IP地址和来自第三PE本地VM的IP地址中,选择出一个 IP地址,并根据选择出的IP地址,更新所述对应关系表。a second update unit, configured to: if an IP address from the second PE local VM conflicts with an IP address from the third PE local VM recorded in the correspondence table, according to a preset rule, from the second PE local Select one of the VM's IP address and the IP address from the third PE's local VM. The IP address is updated according to the selected IP address.
本实施例还提供一种计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令用于执行上述EVPN中IP地址冲突的处理方法。The embodiment further provides a computer readable storage medium storing computer executable instructions for performing a method for processing an IP address conflict in the EVPN.
本实施例还提供一种通信设备,该通信设备包括一个或多个处理器、存储器以及一个或多个程序,所述一个或多个程序存储在存储器中,当被一个或多个处理器执行时,执行上述EVPN中IP地址冲突的处理方法。The embodiment also provides a communication device including one or more processors, a memory, and one or more programs, the one or more programs being stored in the memory when executed by one or more processors The method for processing the IP address conflict in the above EVPN is performed.
本实施例还提供了一种计算机程序产品,所述计算机程序产品包括存储在非暂态计算机可读存储介质上的计算机程序,所述计算机程序包括程序指令,当所述程序指令被计算机执行时,使所述计算机执行上述任意一种EVPN中IP地址冲突的处理方法。The embodiment further provides a computer program product comprising a computer program stored on a non-transitory computer readable storage medium, the computer program comprising program instructions, when the program instructions are executed by a computer And causing the computer to perform a processing method of IP address conflict in any of the above EVPNs.
本公开的EVPN中IP地址冲突的处理方法,通过在本地维护IP地址-MAC地址的对应关系表,可在EVPN场景中对远端PE同步过来的VM的IP地址进行IP地址冲突检测处理,及时发现同一广播域内的IP地址冲突的情况,解决了EVPN场景中由于消除广播报文而无法检测虚拟机IP地址冲突的问题。The method for processing the IP address conflict in the EVPN of the present disclosure can perform the IP address conflict detection processing on the IP address of the VM synchronized by the remote PE in the EVPN scenario by maintaining the mapping table of the IP address-MAC address locally. If the IP address conflicts in the same broadcast domain are found, the problem that the virtual machine IP address conflict cannot be detected due to the elimination of broadcast packets in the EVPN scenario is solved.
附图说明DRAWINGS
图1为本实施例EVPN中IP地址冲突的处理方法流程图;FIG. 1 is a flowchart of a method for processing an IP address conflict in an EVPN according to an embodiment;
图2为本实施例EVPN中IP地址冲突的处理方法一应用环境示意图;2 is a schematic diagram of an application environment of an IP address conflict processing method in an EVPN according to an embodiment of the present invention;
图3为本实施例EVPN中IP地址冲突的处理装置的结构示意图;3 is a schematic structural diagram of an apparatus for processing an IP address conflict in an EVPN according to an embodiment of the present invention;
图4为本实施例EVPN中IP地址冲突的另一种处理装置的结构示意图;4 is a schematic structural diagram of another processing apparatus for conflicting IP addresses in an EVPN according to an embodiment of the present invention;
图5为本实施例EVPN中IP地址冲突的另一种处理装置的结构示意图;FIG. 5 is a schematic structural diagram of another processing apparatus for conflicting IP addresses in an EVPN according to an embodiment;
图6为本实施例提供通信设备的硬件结构示意图。 FIG. 6 is a schematic structural diagram of hardware of a communication device according to an embodiment of the present disclosure.
具体实施方式detailed description
下面将结合附图及实施例对本公开的技术方案进行描述。The technical solutions of the present disclosure will be described below with reference to the accompanying drawings and embodiments.
本实施例中所言的IP地址的简要说明如下。A brief description of the IP address stated in this embodiment is as follows.
IP地址包括网络侧边缘设备(Provider Edge,PE)的IP地址和VM的IP地址。本实施例的EVPN中IP地址冲突的处理方法及装置,针对的是VM的IP地址的冲突处理,本文中,没有明确说明的IP地址均为VM的IP地址。The IP address includes the IP address of the Provider Edge (PE) and the IP address of the VM. The method and device for processing the IP address conflict in the EVPN in this embodiment are directed to the conflict processing of the IP address of the VM. In this document, the IP addresses that are not explicitly stated are the IP addresses of the VM.
如图1所示,本实施例的EVPN中IP地址冲突的处理方法,应用于第一PE,所述处理方法包括以下步骤。As shown in FIG. 1, the method for processing an IP address conflict in an EVPN in this embodiment is applied to a first PE, and the processing method includes the following steps.
在步骤101中,接收来自第二PE的路由消息,所述路由消息携带第二PE本地虚拟机VM的IP地址及MAC地址。In step 101, a routing message is received from the second PE, where the routing message carries an IP address and a MAC address of the second PE local virtual machine VM.
第二PE学习到本地VM的IP地址及MAC地址后,通过MP-BGP协议将MAC/IP地址路由给远端PE(第一PE)。其中,第二PE的路由消息可以为MAC/IP路由公告Advertisement Route消息。After learning the IP address and MAC address of the local VM, the second PE routes the MAC/IP address to the remote PE (the first PE) through the MP-BGP protocol. The routing message of the second PE may be a MAC/IP route advertisement Advertisement Route message.
在步骤102中,根据所述路由消息,对第一PE本地维护的IP地址-MAC地址的对应关系表中的IP地址,进行冲突检测处理,其中,所述对应关系表记录有EVPN的一广播域内所有PE本地VM的IP地址及MAC地址。In step 102, a conflict detection process is performed on the IP address in the correspondence table of the IP address-MAC address locally maintained by the first PE according to the routing message, where the correspondence table records a broadcast of the EVPN. IP address and MAC address of all PE local VMs in the domain.
EVPN的一广播域内所有PE都会将本地VM的IP地址及MAC地址同步给远端PE,因此第一PE能够学习到广播域内所有PE本地VM的IP地址及MAC地址,并保存到本地维护的IP地址-MAC地址的对应关系表中。通过该对应关系表可对其他PE路由过来的VM的IP地址进行IP地址的冲突检测处理。All the PEs in the broadcast domain of the EVPN will synchronize the IP address and MAC address of the local VM to the remote PE. Therefore, the first PE can learn the IP addresses and MAC addresses of all PE local VMs in the broadcast domain and save them to the locally maintained IP address. Address-MAC address correspondence table. The correspondence table can perform IP address collision detection processing on the IP addresses of VMs routed by other PEs.
其中,同一个广播域的PE具有同一个VXLAN网络标识(VXLAN Network Identifier,VNI)或者位于同一个VPN内。The PEs in the same broadcast domain have the same VXLAN Network Identifier (VNI) or are located in the same VPN.
本实施例的EVPN中IP地址冲突的处理方法,通过在本地维护IP地址-MAC 地址的对应关系表,可在EVPN场景中对远端PE同步过来的VM的IP地址进行IP地址冲突检测处理,及时发现同一广播域内的IP地址冲突的情况,解决了EVPN场景中由于消除广播报文而无法检测虚拟机IP地址冲突的问题。The method for processing the IP address conflict in the EVPN in this embodiment is to maintain the IP address-MAC locally. In the EVPN scenario, the IP address conflict detection process is performed on the IP address of the VM that is synchronized by the remote PE in the EVPN scenario, and the IP address conflicts in the same broadcast domain are found in the EVPN scenario. The problem is that the virtual machine IP address conflict cannot be detected.
可选地,上述步骤102还可以包括以下步骤。Optionally, the foregoing step 102 may further include the following steps.
若来自第二PE本地VM的IP地址,与通过本地学习得到的第一PE本地VM的IP地址冲突,则确定得到来自第二PE本地VM的IP地址与得到第一PE本地VM的IP地址的先后顺序,并根据在后得到的IP地址,更新所述对应关系表。If the IP address from the second PE local VM conflicts with the IP address of the first PE local VM obtained through local learning, it is determined that the IP address from the second PE local VM is obtained and the IP address of the first PE local VM is obtained. The correspondence table is updated in order, and according to the IP address obtained later.
如果第二PE本地VM的IP地址与第一PE本地VM的IP地址冲突,则选择在后得到的IP地址及对应的MAC地址为有效地址,从而能够在虚拟机迁移时根据最新得到的IP地址进行更新,可以避免虚拟机迁移到无效的IP地址,保证了虚拟机迁移的有效进行。If the IP address of the second PE local VM conflicts with the IP address of the first PE local VM, the IP address obtained afterwards and the corresponding MAC address are selected as effective addresses, so that the newly obtained IP address can be obtained during the virtual machine migration. Updates can prevent virtual machines from migrating to invalid IP addresses, ensuring efficient virtual machine migration.
可选地也可通过静态配置的方式,在第二PE本地VM的IP地址与第一PE本地VM的IP地址中选择一个作为有效地址。如选择本地PE(第一PE)的VM的IP地址为有效地址,或者选择远端PE(第二PE)的VM的IP地址为有效地址。Alternatively, one of the IP address of the second PE local VM and the IP address of the first PE local VM may be selected as the effective address by static configuration. For example, the IP address of the VM of the local PE (first PE) is selected as the effective address, or the IP address of the VM of the remote PE (second PE) is selected as the effective address.
可选地,上述步骤102还可以包括以下步骤。Optionally, the foregoing step 102 may further include the following steps.
若来自第二PE本地VM的IP地址,与所述对应关系表记录的来自第三PE本地VM的IP地址冲突,则根据预设的规则,从来自第二PE本地VM的IP地址和来自第三PE本地VM的IP地址中,选择出一个IP地址,并根据选择出的IP地址,更新所述对应关系表。If the IP address from the second PE local VM conflicts with the IP address from the third PE local VM recorded in the correspondence table, according to a preset rule, the IP address from the second PE local VM and from the first Among the IP addresses of the three PE local VMs, an IP address is selected, and the correspondence table is updated according to the selected IP address.
如果第二PE本地VM的IP地址与第三PE本地VM的IP地址冲突,则根据预先设定的规则,选择出优先生效的IP地址及对应的MAC地址为有效地址, 能够防止其他非法地址产生的攻击,提高了网络安全性和可靠性。If the IP address of the second PE local VM conflicts with the IP address of the third PE local VM, the IP address corresponding to the priority and the corresponding MAC address are selected as effective addresses according to a preset rule. It can prevent attacks from other illegal addresses and improve network security and reliability.
本地PE(第一PE)与远端PE(第二PE、第三PE)对于IP地址的规则应该保持一致。如在第二PE本地VM的IP地址与第三PE本地VM的IP地址冲突时,第一PE选择第二PE本地VM的IP地址为有效地址,则第二PE、第三PE也应该选择第二PE本地VM的IP地址为有效地址。The rules for the IP address of the local PE (the first PE) and the remote PE (the second PE and the third PE) should be the same. If the IP address of the second PE local VM conflicts with the IP address of the third PE local VM, the first PE selects the IP address of the second PE local VM as the effective address, and the second PE and the third PE should also select the first The IP address of the second PE local VM is a valid address.
可选地,所述规则为在多个PE本地VM的IP地址中选择PE设备的IP较小的PE所对应的本地VM的IP地址或者选择预先指定的一IP地址。Optionally, the rule is to select an IP address of a local VM corresponding to a PE with a smaller IP of the PE device among the IP addresses of the multiple PE local VMs, or select a pre-designated IP address.
PE设备IP较小的PE所对应的VM的IP地址安全性高,因此可以选择PE设备IP较小的PE所对应的VM的IP地址为有效地址。另外,也可根据历史经验指定出优先生效的IP地址。The IP address of the VM corresponding to the PE with the smaller PE IP address is high. Therefore, you can select the IP address of the VM corresponding to the PE with the smaller PE IP address as the effective address. In addition, you can also specify the IP address that takes precedence based on historical experience.
基于上述规则,上述步骤中,所述从来自第二PE本地VM的IP地址和来自第三PE本地VM的IP地址中,选择出一个IP地址可以包括以下步骤。Based on the above rules, in the foregoing step, selecting an IP address from the IP address from the second PE local VM and the IP address from the third PE local VM may include the following steps.
比较第二PE设备的IP地址与第三PE设备的IP地址,从来自第二PE本地VM的IP地址和来自第三PE本地VM的IP地址中,选择出一个PE设备的IP较小的PE所对应的本地VM的IP地址;或者Comparing the IP address of the second PE device with the IP address of the third PE device, selecting a PE with a smaller IP of the PE device from the IP address from the second PE local VM and the IP address from the third PE local VM The IP address of the corresponding local VM; or
从来自第二PE本地VM的IP地址和来自第三PE本地VM的IP地址中,选择出预先指定的一IP地址。A pre-designated IP address is selected from an IP address from the second PE local VM and an IP address from the third PE local VM.
本实施例通过选择PE设备IP较小的PE所对应的VM的IP地址或者选择预先指定的VM的IP地址,可以得到安全性较高的IP地址,以防止攻击。In this embodiment, by selecting the IP address of the VM corresponding to the PE with a small PE device IP address or selecting the IP address of the VM specified in advance, an IP address with high security can be obtained to prevent an attack.
其中,可通过MP-BGP的隧道信息得到本地PE设备的IP地址和远端PE设备的IP地址。The IP address of the local PE device and the IP address of the remote PE device can be obtained through the MP-BGP tunnel information.
可选地,所述规则为在多个PE本地VM的IP地址中选择与静态MAC对应的IP地址或者选择与预先指定的MAC段对应的IP地址。 Optionally, the rule is: selecting an IP address corresponding to the static MAC among the IP addresses of the multiple PE local VMs or selecting an IP address corresponding to the pre-designated MAC segment.
静态MAC对应的IP地址安全性高,因此可以选择静态MAC对应的IP地址为有效地址。另外,也可根据历史经验指定出优先生效MAC段,进而得到对应的IP地址。The IP address corresponding to the static MAC address is high. Therefore, you can select the IP address corresponding to the static MAC address as the effective address. In addition, the priority-effective MAC segment can be specified based on historical experience, and the corresponding IP address can be obtained.
基于上述规则,上述步骤中,所述从来自第二PE本地VM的IP地址和来自第三PE本地VM的IP地址中,选择出一个IP地址可以包括以下步骤。Based on the above rules, in the foregoing step, selecting an IP address from the IP address from the second PE local VM and the IP address from the third PE local VM may include the following steps.
从来自第二PE本地VM的IP地址和来自第三PE本地VM的IP地址中,选择出一个与静态MAC对应的IP地址;或者Selecting an IP address corresponding to the static MAC from an IP address from the second PE local VM and an IP address from the third PE local VM; or
从来自第二PE本地VM的IP地址和来自第三PE本地VM的IP地址中,选择出一个与预先指定的MAC段对应的IP地址。An IP address corresponding to the pre-designated MAC segment is selected from the IP address from the second PE local VM and the IP address from the third PE local VM.
本实施例通过选择与静态MAC对应的IP地址或者选择与预先指定的MAC段对应的IP地址,得到安全性较高的IP地址,以防止攻击。In this embodiment, an IP address corresponding to a static MAC address or an IP address corresponding to a pre-designated MAC segment is selected to obtain a highly secure IP address to prevent an attack.
可选地,所述规则为在多个PE本地VM的IP地址中选择与较小VNI对应的IP地址或者选择与预先指定的VNI对应的IP地址。Optionally, the rule is to select an IP address corresponding to a smaller VNI among the IP addresses of the plurality of PE local VMs or select an IP address corresponding to the pre-designated VNI.
在VNI较小的情况下,与较小的VNI对应的IP地址安全性高,因此可以选择与较小VNI对应的IP地址为有效地址。另外,也可根据历史经验指定出优先生效VNI,进而得到对应的IP地址。In the case where the VNI is small, the IP address corresponding to the smaller VNI is highly secure, so the IP address corresponding to the smaller VNI can be selected as the effective address. In addition, the priority effective VNI can be specified based on historical experience, and the corresponding IP address can be obtained.
其中,上述基于VNI建立的规则针对的是位于同一个VPN内的PE。The above rules based on the VNI are for PEs located in the same VPN.
基于上述规则,上述步骤中,所述从来自第二PE本地VM的IP地址和来自第三PE本地VM的IP地址中,选择出一个IP地址包括以下步骤。Based on the above rules, in the above step, selecting an IP address from the IP address from the second PE local VM and the IP address from the third PE local VM includes the following steps.
从来自第二PE本地VM的IP地址和来自第三PE本地VM的IP地址中,选择出一个与较小VNI对应的IP地址;或者Selecting an IP address corresponding to the smaller VNI from the IP address from the second PE local VM and the IP address from the third PE local VM; or
从来自第二PE本地VM的IP地址和来自第三PE本地VM的IP地址中,选择出一个与预先指定的VNI对应的IP地址。 An IP address corresponding to the pre-designated VNI is selected from the IP address from the second PE local VM and the IP address from the third PE local VM.
通过选择较小VNI对应的IP地址或者选择预先指定的VNI对应的IP地址,都能得到安全性较高的IP地址,以防止攻击。By selecting an IP address corresponding to a smaller VNI or selecting an IP address corresponding to a pre-designated VNI, a highly secure IP address can be obtained to prevent an attack.
可选地,上述步骤102的步骤还可以包括以下步骤。Optionally, the step of step 102 above may further include the following steps.
若来自第二PE本地VM的IP地址与第一PE本地VM的IP地址冲突,或者来自第二PE本地VM的IP地址与所述对应关系表记录的来自第三PE本地VM的IP地址冲突,且冲突持续时间超过预设时间阈值,则对冲突情况发出告警。If the IP address from the second PE local VM conflicts with the IP address of the first PE local VM, or the IP address from the second PE local VM conflicts with the IP address from the third PE local VM recorded in the correspondence table, If the collision duration exceeds the preset time threshold, an alarm is issued for the conflict.
当同一个广播域内存在相同的IP地址,且持续时间超过预设时间阈值,就对IP地址冲突情况发出告警,以将IP地址冲突情况通告给其他设备,便于其他设备对冲突情况执行应对策略。When the same IP address exists in the same broadcast domain and the duration exceeds the preset time threshold, an alarm is generated for the IP address conflict to notify the other device of the IP address conflict.
下面对本实施例的处理方法的一具体应用情况举例说明如下。A specific application case of the processing method of this embodiment is exemplified as follows.
如图2所示,假定PE A、PE B、PE C,位于EVPN的同一广播域内。PE B将本地VM的MAC/IP地址采用MP-BGP协议进行扩散,将MAC B的信息发送到PE A和PE C。PE C也将本地VM的MAC/IP地址采用MP-BGP协议进行扩散,将MAC C的信息发送到PE A和PE B。且PE B与PE C的IP地址相同。As shown in Figure 2, it is assumed that PE A, PE B, and PE C are located in the same broadcast domain of the EVPN. PE B uses the MP-BGP protocol to spread the MAC address of the local VM and sends the information of the MAC B to PE A and PE C. PE C also uses the MP-BGP protocol to spread the MAC address of the local VM and sends the MAC C information to PE A and PE B. The IP addresses of PE B and PE C are the same.
PE B发现与PE C的VM的IP地址冲突,选择在后得到的IP地址生效,并更新本地IP地址-MAC地址对应关系表。PE B finds that it conflicts with the IP address of the VM of the PE C, selects the IP address obtained after it takes effect, and updates the local IP address-MAC address correspondence table.
同样,PE C发现与PE B的VM的IP地址冲突,选择在后得到的IP地址生效,并更新本地IP地址-MAC地址对应关系表。Similarly, PE C finds that the IP address of the VM of PE B conflicts, selects the IP address obtained later, and updates the local IP address-MAC address correspondence table.
而PE A发现来自不同远端的MAC地址对应相同的VM的IP地址,即来自PE B的VM的IP地址和来自PE C的VM的IP地址冲突,根据预设的规则选择优先级高的IP地址生效,并更新本地IP地址-MAC地址对应关系表。如果冲突持续时间超过预设时间阈值,则对冲突情况发出告警,通告其他设备PE B和 PE C的VM的IP地址冲突。The PE A finds that the MAC addresses from different remote ends correspond to the IP addresses of the same VMs, that is, the IP addresses of the VMs from the PE B conflict with the IP addresses of the VMs from the PE C, and select the IP with higher priority according to the preset rules. The address takes effect and the local IP address-MAC address correspondence table is updated. If the collision duration exceeds the preset time threshold, an alarm is issued to the conflict situation to notify other devices PE B and The IP address conflict of the PE C VM.
PE A、PE B和PE C选择生效的IP地址应该保持一致。The IP addresses that PE A, PE B, and PE C choose to take effect should be consistent.
本实施例的EVPN中IP地址冲突的处理方法,通过在本地维护IP地址-MAC地址的对应关系表,可在EVPN场景中对远端PE同步过来的VM的IP地址进行IP地址冲突检测处理,可以及时发现同一广播域内的IP地址冲突的情况,解决了EVPN场景中由于消除广播报文而无法检测虚拟机IP地址冲突的问题。The method for processing the IP address conflict in the EVPN in this embodiment can perform the IP address conflict detection process on the IP address of the VM synchronized by the remote PE in the EVPN scenario by maintaining the mapping table of the IP address-MAC address locally. The IP address conflicts in the same broadcast domain can be discovered in a timely manner. This solves the problem that the IP address conflict of the virtual machine cannot be detected due to the elimination of broadcast packets in the EVPN scenario.
如图3所示,本实施例还提供一种EVPN中IP地址冲突的处理装置,应用于第一PE,所述处理装置包括以下模块。As shown in FIG. 3, the embodiment further provides an apparatus for processing an IP address conflict in an EVPN, which is applied to a first PE, and the processing apparatus includes the following modules.
接收模块310,设置为接收来自第二PE的路由消息,所述路由消息携带第二PE本地虚拟机VM的IP地址及MAC地址。The receiving module 310 is configured to receive a routing message from the second PE, where the routing message carries an IP address and a MAC address of the second PE local virtual machine VM.
冲突处理模块320,设置为根据所述路由消息,对第一PE本地维护的IP地址-MAC地址的对应关系表中的IP地址,进行IP地址的冲突检测处理,其中,所述对应关系表记录有EVPN的一广播域内所有PE本地VM的IP地址及MAC地址。The conflict processing module 320 is configured to perform an IP address conflict detection process on the IP address in the correspondence table of the IP address-MAC address locally maintained by the first PE according to the routing message, where the correspondence relationship table records The IP address and MAC address of all PE local VMs in a broadcast domain with EVPN.
本实施例的EVPN中IP地址冲突的处理装置,通过在本地维护IP地址-MAC地址的对应关系表,可在EVPN场景中对远端PE同步过来的VM的IP地址进行IP地址冲突检测处理,可以及时发现同一广播域内的IP地址冲突的情况,解决了EVPN场景中由于消除广播报文而无法检测虚拟机IP地址冲突的问题。The device for processing the IP address conflict in the EVPN in the embodiment can perform the IP address conflict detection process on the IP address of the VM synchronized by the remote PE in the EVPN scenario by maintaining the mapping table of the IP address-MAC address locally. The IP address conflicts in the same broadcast domain can be discovered in a timely manner. This solves the problem that the IP address conflict of the virtual machine cannot be detected due to the elimination of broadcast packets in the EVPN scenario.
可选地,所述冲突处理模块320包括第一更新单元321,如图4所示。Optionally, the conflict processing module 320 includes a first update unit 321, as shown in FIG.
第一更新单元321,设置为若来自第二PE本地VM的IP地址,与通过本地学习得到的第一PE本地VM的IP地址冲突,则确定得到来自第二PE本地VM的IP地址与得到第一PE本地VM的IP地址的先后顺序,并根据在后得到的IP地址,更新所述对应关系表。 The first update unit 321 is configured to determine, if the IP address from the second PE local VM conflicts with the IP address of the first PE local VM obtained through local learning, to obtain the IP address from the second PE local VM and obtain the first The order of the IP addresses of the PE local VMs is updated, and the correspondence table is updated according to the IP addresses obtained later.
可选地,所述冲突处理模块320包括第二更新单元322,如图5所示。Optionally, the conflict processing module 320 includes a second update unit 322, as shown in FIG.
第二更新单元322,设置为若来自第二PE本地VM的IP地址,与所述对应关系表记录的来自第三PE本地VM的IP地址冲突,则根据预设的规则,从来自第二PE本地VM的IP地址和来自第三PE本地VM的IP地址中,选择出一个IP地址,并根据选择出的IP地址,更新所述对应关系表。The second update unit 322 is configured to: if the IP address from the second PE local VM conflicts with the IP address of the third PE local VM recorded in the correspondence table, according to a preset rule, from the second PE An IP address is selected from an IP address of the local VM and an IP address from the third PE local VM, and the correspondence table is updated according to the selected IP address.
可选地,所述规则为在多个PE本地VM的IP地址中选择PE设备的IP较小的PE所对应的本地VM的IP地址或者选择预先指定的一IP地址。Optionally, the rule is to select an IP address of a local VM corresponding to a PE with a smaller IP of the PE device among the IP addresses of the multiple PE local VMs, or select a pre-designated IP address.
所述第二更新单元可以包括第一选择单元。The second update unit may include a first selection unit.
第一选择单元,设置为比较第二PE设备的IP地址与第三PE设备的IP地址,从来自第二PE本地VM的IP地址和来自第三PE本地VM的IP地址中,选择出一个PE设备的IP较小的PE所对应的本地VM的IP地址。或者,所述第二更新单元可以包括第二选择单元。a first selecting unit, configured to compare an IP address of the second PE device with an IP address of the third PE device, and select a PE from an IP address from the second PE local VM and an IP address from the third PE local VM IP address of the local VM corresponding to the PE with the smaller IP address of the device. Alternatively, the second update unit may include a second selection unit.
第二选择单元,设置为从来自第二PE本地VM的IP地址和来自第三PE本地VM的IP地址中,选择出预先指定的一IP地址。The second selection unit is configured to select a pre-designated IP address from an IP address from the second PE local VM and an IP address from the third PE local VM.
可选地,所述规则为在多个PE本地VM的IP地址中选择与静态MAC对应的IP地址或者选择与预先指定的MAC段对应的IP地址。Optionally, the rule is: selecting an IP address corresponding to the static MAC among the IP addresses of the multiple PE local VMs or selecting an IP address corresponding to the pre-designated MAC segment.
所述第二更新单元可以包括以下选择单元。The second update unit may include the following selection unit.
第三选择单元,设置为从来自第二PE本地VM的IP地址和来自第三PE本地VM的IP地址中,选择出一个与静态MAC对应的IP地址。或者所述第二更新单元可以包括第四选择单元。The third selection unit is configured to select an IP address corresponding to the static MAC from the IP address from the second PE local VM and the IP address from the third PE local VM. Or the second update unit may include a fourth selection unit.
第四选择单元,设置为从来自第二PE本地VM的IP地址和来自第三PE本地VM的IP地址中,选择出一个与预先指定的MAC段对应的IP地址。And a fourth selecting unit, configured to select an IP address corresponding to the pre-designated MAC segment from the IP address from the second PE local VM and the IP address from the third PE local VM.
可选地,所述规则为在多个PE本地VM的IP地址中选择与较小VNI对应 的IP地址或者选择与预先指定的VNI对应的IP地址。Optionally, the rule is to select, in the IP addresses of the multiple PE local VMs, to correspond to the smaller VNIs. The IP address or the IP address corresponding to the pre-designated VNI.
所述第二更新单元可以包括以下选择单元。The second update unit may include the following selection unit.
第五选择单元,设置为从来自第二PE本地VM的IP地址和来自第三PE本地VM的IP地址中,选择出一个与较小VNI对应的IP地址。或者第二更新单元可以包括第六选择单元。The fifth selection unit is configured to select an IP address corresponding to the smaller VNI from the IP address from the second PE local VM and the IP address from the third PE local VM. Or the second update unit may include a sixth selection unit.
第六选择单元,设置为从来自第二PE本地VM的IP地址和来自第三PE本地VM的IP地址中,选择出一个与预先指定的VNI对应的IP地址。The sixth selection unit is configured to select an IP address corresponding to the pre-designated VNI from the IP address from the second PE local VM and the IP address from the third PE local VM.
可选地,所述冲突处理模块还包括告警单元。Optionally, the conflict processing module further includes an alarm unit.
告警单元,设置为若来自第二PE本地VM的IP地址与第一PE本地VM的IP地址冲突,或者来自第二PE本地VM的IP地址与所述对应关系表记录的来自第三PE本地VM的IP地址冲突,且冲突持续时间超过预设时间阈值,则对冲突情况发出告警。The alarm unit is configured to: if the IP address from the second PE local VM conflicts with the IP address of the first PE local VM, or the IP address from the second PE local VM and the third PE local VM recorded in the correspondence table If the IP address conflicts and the collision duration exceeds the preset time threshold, an alarm is generated for the conflict.
本实施例的EVPN中IP地址冲突的处理装置,通过在本地维护IP地址-MAC地址的对应关系表,可在EVPN场景中对远端PE同步过来的VM的IP地址进行IP地址冲突检测处理,可以及时发现同一广播域内的IP地址冲突的情况,解决了EVPN场景中由于消除广播报文而无法检测虚拟机IP地址冲突的问题。The device for processing the IP address conflict in the EVPN in the embodiment can perform the IP address conflict detection process on the IP address of the VM synchronized by the remote PE in the EVPN scenario by maintaining the mapping table of the IP address-MAC address locally. The IP address conflicts in the same broadcast domain can be discovered in a timely manner. This solves the problem that the IP address conflict of the virtual machine cannot be detected due to the elimination of broadcast packets in the EVPN scenario.
该EVPN中IP地址冲突的处理装置是与上述EVPN中IP地址冲突的处理方法相对应的装置,其中上述方法实施例中所有实现方式均适用于该装置的实施例中,也能达到同样的技术效果。The processing device for the IP address conflict in the EVPN is a device corresponding to the processing method of the IP address conflict in the EVPN, wherein all the implementation manners in the foregoing method embodiments are applicable to the embodiment of the device, and the same technology can be achieved. effect.
本实施例还提供一种计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令用于执行上述方法。The embodiment further provides a computer readable storage medium storing computer executable instructions for performing the above method.
图6是根据本实施例的一种通信设备的硬件结构示意图,如图6所示,该电子设备包括:一个或多个处理器410和存储器420。图6中以一个处理器410 为例。FIG. 6 is a schematic diagram showing the hardware structure of a communication device according to the present embodiment. As shown in FIG. 6, the electronic device includes: one or more processors 410 and a memory 420. One processor 410 is shown in FIG. For example.
所述通信设备还可以包括:输入装置430和输出装置440。The communication device may also include an input device 430 and an output device 440.
所述通信设备中的处理器410、存储器420、输入装置430和输出装置440可以通过总线或者其他方式连接,图6中以通过总线连接为例。The processor 410, the memory 420, the input device 430, and the output device 440 in the communication device may be connected by a bus or other means, and the bus connection is taken as an example in FIG.
输入装置430可以接收输入的数字或字符信息,输出装置440可以包括显示屏等显示设备。The input device 430 can receive input numeric or character information, and the output device 440 can include a display device such as a display screen.
存储器420作为一种计算机可读存储介质,可用于存储软件程序、计算机可执行程序以及模块。处理器410通过运行存储在存储器420中的软件程序、指令以及模块,从而执行多种功能应用以及数据处理,以实现上述实施例中的任意一种方法。The memory 420 is a computer readable storage medium that can be used to store software programs, computer executable programs, and modules. The processor 410 executes various functional applications and data processing by executing software programs, instructions, and modules stored in the memory 420 to implement any of the above-described embodiments.
存储器420可以包括存储程序区和存储数据区,其中,存储程序区可存储操作系统、至少一个功能所需要的应用程序;存储数据区可存储根据电子设备的使用所创建的数据等。此外,存储器可以包括随机存取存储器(Random Access Memory,RAM)等易失性存储器,还可以包括非易失性存储器,例如至少一个磁盘存储器件、闪存器件或者其他非暂态固态存储器件。The memory 420 may include a storage program area and an storage data area, wherein the storage program area may store an operating system, an application required for at least one function; the storage data area may store data created according to usage of the electronic device, and the like. In addition, the memory may include volatile memory such as random access memory (RAM), and may also include non-volatile memory such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device.
存储器420可以是非暂态计算机存储介质或暂态计算机存储介质。该非暂态计算机存储介质,例如至少一个磁盘存储器件、闪存器件、或其他非易失性固态存储器件。在一些实施例中,存储器420可选包括相对于处理器410远程设置的存储器,这些远程存储器可以通过网络连接至电子设备。上述网络的实例可以包括互联网、企业内部网、局域网、移动通信网及其组合。 Memory 420 can be a non-transitory computer storage medium or a transitory computer storage medium. The non-transitory computer storage medium, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some embodiments, memory 420 can optionally include memory remotely located relative to processor 410, which can be connected to the electronic device over a network. Examples of the above networks may include the Internet, an intranet, a local area network, a mobile communication network, and combinations thereof.
输入装置430可用于接收输入的数字或字符信息,以及产生与电子设备的用户设置以及功能控制有关的键信号输入。输出装置440可包括显示屏等显示设备。 Input device 430 can be used to receive input digital or character information and to generate key signal inputs related to user settings and function control of the electronic device. Output device 440 can include a display device such as a display screen.
本实施例的电子设备还可以包括通信装置450,通过通信网络传输和/或接收信息。The electronic device of the present embodiment may further include a communication device 450 that transmits and/or receives information over a communication network.
本领域普通技术人员可理解实现上述实施例方法中的全部或部分流程,是可以通过计算机程序来执行相关的硬件来完成的,该程序可存储于一个非暂态计算机可读存储介质中,该程序在执行时,可包括如上述方法的实施例的流程,其中,该非暂态计算机可读存储介质可以为磁碟、光盘、只读存储记忆体(ROM)或随机存储记忆体(RAM)等。A person skilled in the art can understand that all or part of the process of implementing the above embodiment method can be completed by executing related hardware by a computer program, and the program can be stored in a non-transitory computer readable storage medium. The program, when executed, may include the flow of an embodiment of the method as described above, wherein the non-transitory computer readable storage medium may be a magnetic disk, an optical disk, a read only memory (ROM), or a random access memory (RAM). Wait.
工业实用性Industrial applicability
本公开提供的EVPN中IP地址冲突的处理方法及装置,通过在本地维护IP地址-MAC地址的对应关系表,可在EVPN场景中对远端PE同步过来的VM的IP地址进行IP地址冲突检测处理,可以及时发现同一广播域内的IP地址冲突的情况,解决了EVPN场景中由于消除广播报文而无法检测虚拟机IP地址冲突的问题。 The method and device for processing an IP address conflict in the EVPN provided by the present disclosure can perform IP address conflict detection on the IP address of the VM synchronized by the remote PE in the EVPN scenario by locally maintaining the correspondence table of the IP address-MAC address. If the IP address conflicts in the same broadcast domain are found, the IP address conflict between the virtual machine and the virtual machine cannot be detected in the EVPN scenario.

Claims (11)

  1. 一种加强型虚拟专用网络EVPN中网络协议IP地址冲突的处理方法,应用于第一网络侧边缘设备PE,包括:A method for processing a network protocol IP address conflict in an enhanced virtual private network (EVPN) is applied to a first network side edge device PE, including:
    接收来自第二PE的路由消息,所述路由消息携带第二PE本地虚拟机VM的IP地址及介质访问控制MAC地址;Receiving a routing message from the second PE, where the routing message carries an IP address of the second PE local virtual machine VM and a medium access control MAC address;
    根据所述路由消息,对第一PE本地维护的IP地址-MAC地址的对应关系表中的IP地址,进行冲突检测处理,其中,所述对应关系表记录有EVPN的一广播域内所有PE本地VM的IP地址及MAC地址。Performing a conflict detection process on the IP address in the correspondence table of the IP address-MAC address locally maintained by the first PE according to the routing message, where the correspondence table records all PE local VMs in a broadcast domain of the EVPN. IP address and MAC address.
  2. 根据权利要求1所述的处理方法,其中,所述根据所述路由消息,对第一PE本地维护的IP地址-MAC地址的对应关系表中的IP地址,进行冲突检测处理的步骤包括:The processing method according to claim 1, wherein the step of performing collision detection processing on the IP address in the correspondence table of the IP address-MAC address locally maintained by the first PE according to the routing message includes:
    若来自第二PE本地VM的IP地址,与通过本地学习得到的第一PE本地VM的IP地址冲突,则确定得到来自第二PE本地VM的IP地址与得到第一PE本地VM的IP地址的先后顺序,并根据在后得到的IP地址,更新所述对应关系表。If the IP address from the second PE local VM conflicts with the IP address of the first PE local VM obtained through local learning, it is determined that the IP address from the second PE local VM is obtained and the IP address of the first PE local VM is obtained. The correspondence table is updated in order, and according to the IP address obtained later.
  3. 根据权利要求1所述的处理方法,其中,所述根据所述路由消息,对第一PE本地维护的IP地址-MAC地址的对应关系表中的IP地址,进行冲突检测处理的步骤包括:The processing method according to claim 1, wherein the step of performing collision detection processing on the IP address in the correspondence table of the IP address-MAC address locally maintained by the first PE according to the routing message includes:
    若来自第二PE本地VM的IP地址,与所述对应关系表记录的来自第三PE本地VM的IP地址冲突,则根据预设的规则,从来自第二PE本地VM的IP地址和来自第三PE本地VM的IP地址中,选择出一个IP地址,并根据选择出的IP地址,更新所述对应关系表。If the IP address from the second PE local VM conflicts with the IP address from the third PE local VM recorded in the correspondence table, according to a preset rule, the IP address from the second PE local VM and from the first Among the IP addresses of the three PE local VMs, an IP address is selected, and the correspondence table is updated according to the selected IP address.
  4. 根据权利要求3所述的处理方法,其中,所述规则为在多个PE本地VM的IP地址中选择PE设备的IP较小的PE所对应的本地VM的IP地址或者选择 预先指定的一IP地址;The processing method according to claim 3, wherein the rule is to select an IP address or a selection of a local VM corresponding to a PE with a smaller IP of the PE device among the IP addresses of the plurality of PE local VMs. a pre-designated IP address;
    所述从来自第二PE本地VM的IP地址和来自第三PE本地VM的IP地址中,选择出一个IP地址的步骤包括:The step of selecting an IP address from the IP address from the second PE local VM and the IP address from the third PE local VM includes:
    比较第二PE设备的IP地址与第三PE设备的IP地址,从来自第二PE本地VM的IP地址和来自第三PE本地VM的IP地址中,选择出一个PE设备的IP较小的PE所对应的本地VM的IP地址;或者Comparing the IP address of the second PE device with the IP address of the third PE device, selecting a PE with a smaller IP of the PE device from the IP address from the second PE local VM and the IP address from the third PE local VM The IP address of the corresponding local VM; or
    从来自第二PE本地VM的IP地址和来自第三PE本地VM的IP地址中,选择出预先指定的一IP地址。A pre-designated IP address is selected from an IP address from the second PE local VM and an IP address from the third PE local VM.
  5. 根据权利要求3所述的处理方法,其中,所述规则为在多个PE本地VM的IP地址中选择与静态MAC对应的IP地址或者选择与预先指定的MAC段对应的IP地址;The processing method according to claim 3, wherein the rule is to select an IP address corresponding to a static MAC among IP addresses of a plurality of PE local VMs or select an IP address corresponding to a pre-designated MAC segment;
    所述从来自第二PE本地VM的IP地址和来自第三PE的IP地址中,选择出一个IP地址的步骤包括:The step of selecting an IP address from the IP address from the second PE local VM and the IP address from the third PE includes:
    从来自第二PE本地VM的IP地址和来自第三PE本地VM的IP地址中,选择出一个与静态MAC对应的IP地址;或者Selecting an IP address corresponding to the static MAC from an IP address from the second PE local VM and an IP address from the third PE local VM; or
    从来自第二PE本地VM的IP地址和来自第三PE本地VM的IP地址中,选择出一个与预先指定的MAC段对应的IP地址。An IP address corresponding to the pre-designated MAC segment is selected from the IP address from the second PE local VM and the IP address from the third PE local VM.
  6. 根据权利要求3所述的处理方法,其中,所述规则为在多个PE本地VM的IP地址中选择与较小虚拟可扩展局域网的网络标识VNI对应的IP地址或者选择与预先指定的VNI对应的IP地址;The processing method according to claim 3, wherein the rule is to select an IP address corresponding to the network identifier VNI of the smaller virtual scalable local area network among the IP addresses of the plurality of PE local VMs or to select and correspond to the pre-designated VNI IP address;
    所述从来自第二PE本地VM的IP地址和来自第三PE本地VM的IP地址中,选择出一个IP地址的步骤包括:The step of selecting an IP address from the IP address from the second PE local VM and the IP address from the third PE local VM includes:
    从来自第二PE本地VM的IP地址和来自第三PE本地VM的IP地址中, 选择出一个与较小VNI对应的IP地址;或者From the IP address from the second PE local VM and the IP address from the third PE local VM, Select an IP address that corresponds to the smaller VNI; or
    从来自第二PE本地VM的IP地址和来自第三PE本地VM的IP地址中,选择出一个与预先指定的VNI对应的IP地址。An IP address corresponding to the pre-designated VNI is selected from the IP address from the second PE local VM and the IP address from the third PE local VM.
  7. 根据权利要求1-6任一项所述的处理方法,其中,所述根据所述路由消息,对第一PE本地维护的IP地址-MAC地址的对应关系表中的IP地址,进行冲突检测处理的步骤包括:The processing method according to any one of claims 1-6, wherein the conflict detection processing is performed on the IP address in the correspondence table of the IP address-MAC address locally maintained by the first PE according to the routing message. The steps include:
    若来自第二PE本地VM的IP地址与第一PE本地VM的IP地址冲突,或者来自第二PE本地VM的IP地址与所述对应关系表记录的来自第三PE本地VM的IP地址冲突,且冲突持续时间超过预设时间阈值,则对冲突情况发出告警。If the IP address from the second PE local VM conflicts with the IP address of the first PE local VM, or the IP address from the second PE local VM conflicts with the IP address from the third PE local VM recorded in the correspondence table, If the collision duration exceeds the preset time threshold, an alarm is issued for the conflict.
  8. 一种加强型虚拟专用网络EVPN中网络协议IP地址冲突的处理装置,应用于第一网络侧边缘设备PE,包括:A device for processing a network protocol IP address conflict in an enhanced virtual private network (EVPN) is applied to a first network side edge device PE, including:
    接收模块,设置为接收来自第二PE的路由消息,所述路由消息携带第二PE本地虚拟机VM的IP地址及介质访问控制MAC地址;a receiving module, configured to receive a routing message from the second PE, where the routing message carries an IP address of the second PE local virtual machine VM and a medium access control MAC address;
    冲突处理模块,设置为根据所述路由消息,对第一PE本地维护的IP地址-MAC地址的对应关系表中的IP地址,进行冲突检测处理,其中,所述对应关系表记录有EVPN的一广播域内所有PE本地VM的IP地址及MAC地址。The conflict processing module is configured to perform a conflict detection process on the IP address in the correspondence table of the IP address-MAC address locally maintained by the first PE according to the routing message, where the correspondence table records an EVPN IP address and MAC address of all PE local VMs in the broadcast domain.
  9. 根据权利要求8所述的处理装置,其中,所述冲突处理模块包括:The processing device of claim 8, wherein the conflict handling module comprises:
    第一更新单元,设置为若来自第二PE本地VM的IP地址,与通过本地学习得到的第一PE本地VM的IP地址冲突,则确定得到来自第二PE本地VM的IP地址与得到第一PE本地VM的IP地址的先后顺序,并根据在后得到的IP地址,更新所述对应关系表。The first update unit is configured to determine, if the IP address from the second PE local VM conflicts with the IP address of the first PE local VM obtained through local learning, to obtain the IP address from the second PE local VM and obtain the first The IP address of the PE local VM is sequentially updated, and the correspondence table is updated according to the IP address obtained later.
  10. 根据权利要求8所述的处理装置,其中,所述冲突处理模块包括: The processing device of claim 8, wherein the conflict handling module comprises:
    第二更新单元,设置为若来自第二PE本地VM的IP地址,与所述对应关系表记录的来自第三PE本地VM的IP地址冲突,则根据预设的规则,从来自第二PE本地VM的IP地址和来自第三PE本地VM的IP地址中,选择出一个IP地址,并根据选择出的IP地址,更新所述对应关系表。a second update unit, configured to: if an IP address from the second PE local VM conflicts with an IP address from the third PE local VM recorded in the correspondence table, according to a preset rule, from the second PE local Among the IP address of the VM and the IP address from the third PE local VM, an IP address is selected, and the correspondence table is updated according to the selected IP address.
  11. 一种计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令用于执行权利要求1-7任一项的方法。 A computer readable storage medium storing computer executable instructions for performing the method of any of claims 1-7.
PCT/CN2017/098165 2016-08-18 2017-08-18 Method and device for processing ip address conflict in evpn WO2018033153A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201610683421.8 2016-08-18
CN201610683421.8A CN107770294B (en) 2016-08-18 2016-08-18 Processing method and device for IP address conflict in EVPN

Publications (1)

Publication Number Publication Date
WO2018033153A1 true WO2018033153A1 (en) 2018-02-22

Family

ID=61196342

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/098165 WO2018033153A1 (en) 2016-08-18 2017-08-18 Method and device for processing ip address conflict in evpn

Country Status (2)

Country Link
CN (1) CN107770294B (en)
WO (1) WO2018033153A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111988153A (en) * 2019-05-21 2020-11-24 广东美的制冷设备有限公司 Network exception handling method and device and household electrical appliance

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110661714B (en) * 2018-06-30 2022-06-28 华为技术有限公司 Method for sending BGP message, method for receiving BGP message and equipment
CN111629077B (en) * 2019-02-28 2021-11-19 华为技术有限公司 Method, device and storage medium for processing address conflict
CN113542441B (en) * 2020-04-20 2023-02-17 亚信科技(中国)有限公司 Communication processing method and device
CN113746950B (en) * 2021-09-07 2023-11-21 中国联合网络通信集团有限公司 IP address conflict pre-detection method, system, computer equipment and storage medium
CN116208582A (en) * 2021-11-30 2023-06-02 华为技术有限公司 Address detection method and device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102710814A (en) * 2012-06-21 2012-10-03 奇智软件(北京)有限公司 Method and device for controlling Internet protocol (IP) address of virtual machine
CN102801820A (en) * 2012-08-10 2012-11-28 杭州华三通信技术有限公司 MAC address publishing method and device in EVI network
CN104113459A (en) * 2013-04-16 2014-10-22 杭州华三通信技术有限公司 Method for smoothly migrating virtual machine in Ethernet virtual interconnection (EVI) network, and device for smoothly migrating virtual machine in EVI network
US20150095505A1 (en) * 2013-09-30 2015-04-02 Vmware, Inc. Resolving network address conflicts
CN105430114A (en) * 2015-11-13 2016-03-23 上海斐讯数据通信技术有限公司 Internet protocol (IP) address conflict detection method and system, and access stratum device

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101977245A (en) * 2010-01-07 2011-02-16 中兴通讯股份有限公司 Method, network equipment and system for detecting IP (Internet Protocol) address conflict
CN103188354B (en) * 2013-03-29 2016-05-25 北京东土科技股份有限公司 A kind of detection method and device of node address conflict
CN105594185B (en) * 2013-06-18 2019-05-28 瑞典爱立信有限公司 Repeat MAC Address detection

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102710814A (en) * 2012-06-21 2012-10-03 奇智软件(北京)有限公司 Method and device for controlling Internet protocol (IP) address of virtual machine
CN102801820A (en) * 2012-08-10 2012-11-28 杭州华三通信技术有限公司 MAC address publishing method and device in EVI network
CN104113459A (en) * 2013-04-16 2014-10-22 杭州华三通信技术有限公司 Method for smoothly migrating virtual machine in Ethernet virtual interconnection (EVI) network, and device for smoothly migrating virtual machine in EVI network
US20150095505A1 (en) * 2013-09-30 2015-04-02 Vmware, Inc. Resolving network address conflicts
CN105430114A (en) * 2015-11-13 2016-03-23 上海斐讯数据通信技术有限公司 Internet protocol (IP) address conflict detection method and system, and access stratum device

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111988153A (en) * 2019-05-21 2020-11-24 广东美的制冷设备有限公司 Network exception handling method and device and household electrical appliance
CN111988153B (en) * 2019-05-21 2022-02-25 广东美的制冷设备有限公司 Network exception handling method and device and household electrical appliance

Also Published As

Publication number Publication date
CN107770294A (en) 2018-03-06
CN107770294B (en) 2021-12-07

Similar Documents

Publication Publication Date Title
WO2018033153A1 (en) Method and device for processing ip address conflict in evpn
US10191758B2 (en) Directing data traffic between intra-server virtual machines
EP2910003B1 (en) Duplicate mac address detection
US10320838B2 (en) Technologies for preventing man-in-the-middle attacks in software defined networks
US9674139B2 (en) Detection of a misconfigured duplicate IP address in a distributed data center network fabric
CN107783815B (en) Method and device for determining virtual machine migration
US10263808B2 (en) Deployment of virtual extensible local area network
US10341131B2 (en) Avoiding unknown unicast floods resulting from MAC address table overflows
US11228558B2 (en) Method and apparatus for isolating transverse communication between terminal devices in intranet
US10419267B2 (en) Network control software notification with advance learning
US10122548B2 (en) Services execution
US20150326524A1 (en) Address resolution in software-defined networks
US8842577B2 (en) Enabling media access control address mobility in an ethernet virtual private network
CN106878288B (en) message forwarding method and device
JP6633775B2 (en) Packet transmission
JP5134141B2 (en) Unauthorized access blocking control method
US20190215191A1 (en) Deployment Of Virtual Extensible Local Area Network
US20150207664A1 (en) Network control software notification with denial of service protection
CN105490995A (en) Method and device for forwarding message by NVE in NVO3 network
US11606333B1 (en) Synchronizing dynamic host configuration protocol snoop information
CN106899706B (en) Flooding inhibition method and device
CN104426759A (en) Host machine router acquiring method, host machine router acquiring device, and host machine router acquiring system
WO2017219777A1 (en) Packet processing method and device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17841125

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17841125

Country of ref document: EP

Kind code of ref document: A1