WO2019080750A1 - 一种网络中确定流量传输路径的方法、设备和系统 - Google Patents

一种网络中确定流量传输路径的方法、设备和系统

Info

Publication number
WO2019080750A1
WO2019080750A1 PCT/CN2018/110557 CN2018110557W WO2019080750A1 WO 2019080750 A1 WO2019080750 A1 WO 2019080750A1 CN 2018110557 W CN2018110557 W CN 2018110557W WO 2019080750 A1 WO2019080750 A1 WO 2019080750A1
Authority
WO
WIPO (PCT)
Prior art keywords
packet
l3gw
data center
mac address
host
Prior art date
Application number
PCT/CN2018/110557
Other languages
English (en)
French (fr)
Inventor
曾万梅
高远
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to EP18869516.7A priority Critical patent/EP3691200A4/en
Publication of WO2019080750A1 publication Critical patent/WO2019080750A1/zh
Priority to US16/858,136 priority patent/US20200280463A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/66Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/66Layer 2 routing, e.g. in Ethernet based MAN's
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/10Mapping addresses of different types
    • H04L61/103Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4604LAN interconnection over a backbone network, e.g. Internet, Frame Relay
    • H04L2012/4629LAN interconnection over a backbone network, e.g. Internet, Frame Relay using multilayer switching, e.g. layer 3 switching
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2101/00Indexing scheme associated with group H04L61/00
    • H04L2101/60Types of network addresses
    • H04L2101/618Details of network addresses
    • H04L2101/622Layer-2 addresses, e.g. medium access control [MAC] addresses

Definitions

  • the present invention relates to the field of communications technologies, and in particular, to a method, device, and system for determining a traffic transmission path in a network.
  • Data centers can accelerate the transmission of network information, so enterprises and operators are vigorously building data centers.
  • scale, virtualization, and cloud computing have become the development direction of data centers.
  • data centers are gradually moving to large-tier technologies and virtualization to adapt to larger business volumes and lower maintenance costs.
  • the network includes a first data center and a second data center.
  • the Layer 3 gateway 104 of the first data center and the Layer 3 gateway 105 of the second data center can learn the host in the first data center according to the Address Resolution Protocol (ARP) address entry and the routing table. Routing and routing of hosts within the second data center.
  • ARP Address Resolution Protocol
  • the core router 101 forwards the Layer 3 traffic of the same network segment, it may be sent to the L3GW1 of the first data center or to the L3GW2 of the second data center.
  • the traffic may be forwarded to the L3GW1 of the first data center or may be forwarded to the L3GW2 of the second data center.
  • the traffic is forwarded to the L3GW2 of the second data center, and the traffic needs to be detoured from the second data center to the first data center, and then to the host 1 of the first data center, which causes traffic to bypass. , reduce forwarding efficiency.
  • the embodiment of the present application provides a packet transmission method and a network device to avoid the problem of reducing forwarding efficiency due to traffic bypass.
  • the present application provides a method for determining a traffic transmission path in a network.
  • the network includes a first data center, a second data center, and a first network device.
  • the first data center includes a first three-layer gateway L3GW.
  • the second data center includes a second L3GW.
  • the first L3GW and the second L3GW are in the same subnet.
  • the first network device outside the first data center sends traffic to the first data center by using the first L3GW.
  • the first network device other than the first data sends traffic to the second data center by using the second L3GW.
  • the method includes:
  • the first L3GW sends a first packet to the host in the same subnet as the first L3GW, where the source MAC address of the first packet is the virtual media access control MAC address of the first L3GW. .
  • the first L3GW receives the response packet of the first packet sent by the destination host, where the destination MAC address of the response packet of the first packet is the virtual MAC address, and the first packet
  • the source MAC address of the response packet is the MAC address of the destination host.
  • the method before the first L3GW sends the first packet to the host in the same subnet as the first L3GW, the method further includes:
  • the first L3GW sends a second packet to the host in the same subnet as the first L3GW, where the source MAC address of the second packet is the MAC address of the first L3GW.
  • the first L3GW receives the response packet of the second packet sent by the destination host, where the destination MAC address of the response packet of the second packet is the MAC address of the first L3GW.
  • the first L3GW does not generate a route to the destination host according to the response packet of the second packet.
  • the first packet is an address resolution protocol ARP or a neighbor discovery ND packet.
  • the virtual media of the first L3GW is a virtual MAC address generated by the first L3GW and the second L3GW by using a virtual routing redundancy protocol VRRP.
  • the present application provides a method for determining a traffic transmission path in a network.
  • the network includes a first data center and a second data center.
  • the first Layer 3 gateway L3GW of the first data center and the second L3GW of the second data center are in the same subnet.
  • the first carrier edge PE device of the first data center and the second PE device of the second data center are interconnected.
  • the method includes:
  • the first PE device receives a first packet sent by the first L3GW to a host in the same subnet as the first L3GW, where the first packet includes a virtual media connection of the first L3GW. Enter the control MAC address.
  • the first PE device filters the first packet according to a forwarding rule set by the first PE device interface.
  • the filtering, by the first PE device, the first packet according to a forwarding rule that is configured by the first PE device interface includes:
  • the first PE device confirms that the first packet carries the virtual MAC address of the first L3GW, and discards the first packet according to the forwarding rule.
  • the present application provides a first Layer 3 gateway L3GW for determining a traffic transmission path in a network.
  • the network includes a first data center, a second data center, and a first network device.
  • the first data center includes a first L3GW.
  • the second data center includes a second L3GW.
  • the first L3GW and the second L3GW are in the same subnet.
  • the first network device outside the first data center sends traffic to the first data center by using the first L3GW.
  • the first network device other than the first data sends traffic to the second data center by using the second L3GW.
  • the first L3GW includes:
  • the sending unit is configured to send a first packet to a host that is in the same subnet as the first L3GW, and send a route of the destination host to the first network device, where the route is used by the first network device And the source MAC address of the first packet is a virtual media access control MAC address of the first L3GW.
  • the receiving unit is configured to receive the response packet of the first packet sent by the destination host, where the destination MAC address of the response packet of the first packet is the virtual MAC address, where the first packet is The source MAC address of the response packet is the MAC address of the destination host.
  • the processing unit is configured to generate a route to the destination host according to the response packet of the first packet.
  • the sending unit is further used to send the first packet before the first L3GW sends the first packet to the host in the same subnet as the first L3GW.
  • the host of the first L3GW in the same subnet sends a second packet, where the source MAC address of the second packet is the MAC address of the first L3GW.
  • the receiving unit is further configured to receive a response message of the second packet sent by the destination host, where the destination MAC address of the response packet of the second packet is a MAC address of the first L3GW.
  • the present application provides a first carrier edge PE device that determines a traffic transmission path in a network.
  • the network includes a first data center and a second data center.
  • the first Layer 3 gateway L3GW of the first data center and the second L3GW of the second data center are in the same subnet.
  • the first PE device of the first data center and the second PE device of the second data center are interconnected.
  • the device includes:
  • the receiving unit is configured to receive the first packet, where the first packet includes a virtual media access control MAC address, and the virtual MAC is generated by the first L3GW and the second L3GW by using a virtual routing redundancy protocol. Virtual MAC address.
  • the processing unit is configured to filter the first packet according to the forwarding rule set by the first PE device interface, where the forwarding rule is to filter the packet including the virtual MAC address.
  • the processing unit is configured to discard the first packet that includes a virtual MAC address according to a forwarding rule that is configured by the first PE device interface.
  • the present application provides a system for determining a traffic transmission path in a network.
  • the network includes a first data center, a second data center, and a first network device.
  • the first Layer 3 gateway L3GW of the first data center and the second L3GW of the second data center are in the same subnet.
  • the first network device outside the first data center sends traffic to the first data center by using the first L3GW.
  • the first network device other than the first data sends traffic to the second data center by using the second L3GW.
  • the first carrier edge PE device of the first data center and the second PE device of the second data center are interconnected.
  • the system includes:
  • the first L3GW is configured to send a first packet to a host that is in the same subnet as the first L3GW, and send a route of the destination host to the first network device, and receive the first sent by the destination host.
  • Controlling the MAC address, the destination MAC address of the response packet of the first packet is the virtual MAC address, and the source MAC address of the response packet of the first packet is the MAC address of the destination host, and the routing is used by the routing And the basis for the first network device to send traffic to the destination host.
  • the first PE device is configured to receive the first packet, and filter the first packet according to a forwarding rule set by the first PE device interface, where the first packet includes a virtual media access control MAC address.
  • the first L3GW is further used to send the first packet to the host that is in the same subnet as the first L3GW
  • the host that is in the same subnet as the first L3GW sends a second packet, and receives a response packet of the second packet sent by the destination host, where the first L3GW does not respond according to the second packet.
  • the packet generates a route to the destination host, where the source MAC address of the second packet is the MAC address of the first L3GW, and the destination MAC address of the response packet of the second packet is the The MAC address of an L3GW.
  • the present application provides a computer readable storage medium having stored therein instructions that, when executed on a computer, cause the computer to perform the first aspect and various possible implementations described above The method described.
  • the present application provides another computer readable storage medium having instructions stored therein that, when executed on a computer, cause the computer to perform the second aspect and various possible implementations described above Said method.
  • the present application provides a network device including a network interface, a processor, a memory, and a bus connecting the network interface, the processor, and the memory.
  • the memory is for storing a program, an instruction, or a code
  • the processor is configured to execute a program, an instruction, or a code in the memory to perform the method of the first aspect and the various possible implementations.
  • the present application provides a network device including a network interface, a processor, a memory, and a bus connecting the network interface, the processor, and the memory.
  • the memory is for storing a program, an instruction or a code for executing a program, an instruction or a code in the memory, and the method of the second aspect and the various possible implementations described above.
  • FIG. 1 is a schematic diagram of an application scenario according to an embodiment of the present invention.
  • FIG. 2 is a schematic flowchart of a method for determining a traffic transmission path in a network according to an embodiment of the present invention.
  • FIG. 3 is a schematic flowchart of a method for determining a traffic transmission path in a network according to an embodiment of the present invention.
  • FIG. 4 is a schematic flowchart of a method for determining a traffic transmission path in a network according to an embodiment of the present invention.
  • FIG. 5 is an L3GW according to an embodiment of the present invention.
  • FIG. 6 is a PE device according to an embodiment of the present invention.
  • FIG. 7 is still another L3GW according to an embodiment of the present invention.
  • FIG. 8 is still another PE device according to an embodiment of the present invention.
  • FIG. 9 is a schematic diagram of a system for determining a traffic transmission path in a network according to an embodiment of the present invention.
  • FIG. 1 is a schematic diagram of a system architecture for transmitting traffic in a network.
  • the network system 100 includes: a core router 101, a core router 102, a core router 103, a first data center, a second data center, and a connection to the first data center.
  • Host A and host B connected to the second data center.
  • the rack switch 106 of the first data center is connected to the host A, and the rack switch 107 of the second data center is connected to the host B.
  • the core router 102 connects to the first data center through a gateway 104 of the first data center.
  • the core router 103 connects to the second data center through the gateway 105 of the second data center.
  • the core router 102 and the core router 103 are connected to the core router 101, respectively.
  • the first data center and the second data center are connected to the PE edge 109 of the second data center through a provider edge 108 (English device provider edge).
  • the first data center is interconnected by the gateway 104, the rack switch 106, and the PE device 108 to form a basic architecture of the first data center.
  • the second data center is mutually connected by the gateway 105, the rack switch 107, and the PE device 109. The connections form the basic architecture of the second data center.
  • the core router 101 can obtain the route of the first data center through the gateway 104 of the first data center, and the core router 101 can also pass The gateway 105 of the second data center acquires the route of the second data center, so when the core router 101 forwards the traffic, the traffic can be forwarded to the server through the core router 102 and the gateway 104 of the first data center.
  • the first data center may also forward the traffic to the second data center through the core router 103 and the gateway 105 of the second data center.
  • the core router 101 may select the The traffic is sent to the first data center by the core router 102 and the first data gateway 104, and then the gateway 104 of the first data center passes the traffic through the PE device 108 through route learning. The traffic is sent to the second data center, and finally the traffic to the host B is accessed.
  • the core router 101 may also choose to send the traffic to the second data center through the core router 103 and the gateway 105 of the second data center, and the gateway 105 of the second data center passes the route. Learning to send the traffic to the rack switch 107, the traffic is sent by the rack switch 107 to the host B.
  • the present application provides a schematic flowchart of a method for determining a traffic transmission path in a network.
  • the network includes a first data center, a second data center, and a first network device.
  • the first data center includes a gateway 104, which is referred to as a first L3GW in this embodiment.
  • the second data center includes a gateway 105, which is referred to as a second L3GW in this embodiment.
  • the first L3GW and the second L3GW are in the same subnet.
  • the first network device outside the first data center sends traffic to the first data center by using the first L3GW.
  • the first network device outside the second data center sends traffic to the second data center by using the second L3GW.
  • the first data center is connected to the second data center by a first PE device of the first data center.
  • the method can be run by a first L3GW of a first data center or a second L3GW of a second data center, the method comprising the steps of:
  • the first L3GW sends a first packet to a host in the same subnet as the first L3GW, where a source MAC address of the first packet is a virtual media access control MAC address of the first L3GW.
  • the first packet may be an ARP detection packet, a gratuitous ARP packet, or a neighbor discovery (ND: ND) request packet.
  • the first L3GW and the second L3GW can form a VRRP group by using a Virtual Router Redundancy Protocol (VRRP), which is embodied as a virtual IP address and a virtual MAC address.
  • VRRP Virtual Router Redundancy Protocol
  • the first L3GW sends the virtual MAC address as a source MAC address of the first packet to a host in the same subnet as the first L3GW in a broadcast manner.
  • the first L3GW and the second L3GW may generate a virtual router by activating VRRP, where the virtual router includes a virtual MAC address and a virtual IP address, such as the first L3GW and the
  • the virtual MAC address of the virtual router generated by the second L3GW by activating VRRP is 00-00-5E-00-01-01-01.
  • the first L3GW sends the generated virtual MAC address as the source MAC address of the first packet, and sends the packet to the host in the same subnet as the first L3GW.
  • the first L3GW receives the response packet of the first packet sent by the destination host, where the destination MAC address of the response packet of the first packet is the virtual MAC address, and the first packet The source MAC address of the response packet is the MAC address of the destination host.
  • the destination host is a host in the same subnet as the first L3GW, and the first L3GW generates a route according to the response packet of the first packet sent by the destination host. Host.
  • the type of the response packet of the first packet is the same as the type of the first packet. For example, when the first packet sent by the first L3GW is an ARP probe packet, the first packet is The response packet is an ARP response packet.
  • the first L3GW broadcasts a first packet to a host that is in the same subnet as the first L3GW, and the host that is in the same subnet as the first L3GW receives the first packet, and the first L3GW receives the first packet.
  • each host of the first L3GW in the same subnet checks whether the destination address IP address in the first packet is the same as its own IP address. If not, the host will A packet is directly discarded. If the packet is the same, the host needs to find the destination host of the MAC address.
  • the destination host encapsulates its own MAC address in the response packet for the first packet. And unicast the response packet of the first packet to the first L3GW, where the source MAC address of the response packet of the first packet is the MAC address of the destination host, and the response of the first packet
  • the destination MAC address of the packet is the virtual MAC address of the first L3GW.
  • the first L3GW receives the response packet of the first packet.
  • the first L3GW generates a route to the destination host according to the response packet of the first packet, and sends the route to the first network device, where the route is used by the first The basis for the network device to send traffic to the destination host.
  • the first L3GW after receiving the response packet of the first packet, the first L3GW refreshes its ARP entry according to the source MAC address of the response packet of the first packet, or generates a new one. ARP entry.
  • the first L3GW generates a route to the destination host by learning the ARP entry, and sends the route of the destination host to the first network device except the first data center, so that the first network device is configured according to the first network device. The route sends traffic to the destination host.
  • the response packet of the first packet is an ARP response packet.
  • the first L3GW is configured to enable the first L3GW to generate a route to the destination host according to the ARP response packet carrying the virtual MAC address.
  • the first L3GW is configured with the command arp virtual detect enable and enables the first L3GW to determine the received packet first, if the packet does not include the virtual MAC address of the first L3GW.
  • the destination MAC address of the packet is the real AMC address of the first L3GW
  • the first L3GW generates or updates the ARP entry according to the packet, and does not generate a route according to the ARP entry;
  • the packet includes the virtual MAC address of the first L3GW.
  • the packet is a response packet of the first packet
  • the first L3GW generates or updates its own ARP entry according to the packet.
  • the first L3GW learns the ARP entry to obtain the IP address of the destination host and the actual physical interface corresponding to the destination host, to generate a routing entry including the actual physical port information.
  • a 32-bit ARP virtual link (virtual link, referred to as Vlink) is directly connected.
  • the first L3GW sends the route to the core router by using a routing protocol, so that the core router acquires the route.
  • the core router sends the traffic of the access destination host to the destination host according to the route to determine a transmission path for sending the traffic. In this way, the core router can send the traffic to the corresponding destination host according to the route, so as to avoid the efficiency of traffic bypassing to reduce traffic transmission.
  • the method further includes: the first L3GW sending a second packet to a host in the same subnet as the first L3GW.
  • the source MAC address of the second packet is a real MAC address of the first L3GW.
  • the first L3GW receives the response packet of the second packet sent by the destination host, and the first L3GW does not generate a route to the destination host according to the response packet of the second packet.
  • the destination MAC address of the response packet of the second packet is a real MAC address of the first L3GW.
  • the route of the first L3GW to the second packet is not configured to generate a route to the destination host.
  • the second packet may be an ARP probe packet, a gratuitous ARP packet, or an ND request packet.
  • the first L3GW Before the first L3GW sends the first packet to the host in the same subnet as the first L3GW, the first L3GW broadcasts to the same L3GW as the first L3GW.
  • the host of the network sends the second packet, and the host that is in the same subnet as the first L3GW receives the second packet.
  • the host that is in the same subnet as the first L3GW receives the second packet, check whether the destination address IP address in the second packet is the same as its own IP address. If different, the host will The first packet is directly discarded.
  • the host needs to find the destination host of the MAC address, and the destination host encapsulates its own MAC address in response to the second packet.
  • the unicast response message of the second packet where the source MAC address of the response packet of the second packet is the MAC address of the destination host, and the second The destination MAC address of the response packet of the packet is the real MAC address of the first L3GW.
  • the first L3GW receives the response packet of the second packet.
  • the first L3GW is configured to send a packet carrying the first L3GW real MAC address, for example, the second packet, by using the arp virtual detect enable command and the command in the step S230.
  • the response packet is learned only.
  • the MAC address of the destination host is updated or the ARP entry is generated.
  • the route is not generated based on the ARP entry.
  • the first L3GW can only update or generate an ARP entry according to the content of the response packet even if the MAC address of the destination host is learned by other methods, but cannot generate an ARP entry according to the update or generate an ARP entry.
  • a route to the destination host prevents the core router from obtaining a route to the destination host by other methods, causing traffic bypass.
  • the network includes a first data center, a second data center, and a first network device.
  • the first data center includes a first L3GW.
  • the second data center includes a second L3GW.
  • the first L3GW and the second L3GW are in the same subnet.
  • the first of the first data centers is connected to the second PE of the second data center.
  • the method can be run by a first PE device of a first data center or a second PE device of a second data center, the method comprising the steps of:
  • the first PE device receives a first packet sent by the first L3GW to a host in the same subnet as the first L3GW, where the first packet includes a virtual media connection of the first L3GW. Enter the control MAC address.
  • the first packet may be an ARP probe packet, a gratuitous ARP packet, or an ND request packet.
  • the first packet may be sent by the first L3GW to a host in the same subnet as the first L3GW.
  • the first L3GW and the second L3GW can form a VRRP group through VRRP, and externally represent a virtual Internet protocol (English: Internet Protocol, IP for short) and a virtual MAC address.
  • the first L3GW broadcasts the virtual MAC address as a source MAC address of the first packet to a host in the same subnet as the first L3GW, and the first PE receives the first packet. .
  • the first PE device filters the first packet according to a forwarding rule set by the first PE device interface.
  • the access control list (English: access control list, ACL) policy is configured on the first PE device interface, and the matching condition is set on the PE device interface to classify the first packet.
  • the virtual MAC address is usually 00-00-5E-00-01- ⁇ VRID ⁇ , where 00-00-5E-00-01 is a fixed value of the virtual MAC address, that is, the virtual MAC address carries 00-00-5E -00-01, ⁇ VRID ⁇ is not a fixed value. Different virtual MAC addresses have different values. For example, ⁇ VRID ⁇ can be 01 or 02, so you can configure filtering on the first PE device interface.
  • a packet carrying a virtual MAC address that is, a packet whose source address is 00-00-5E-00-01 is set to be blocked at the first PE device interface to prevent the first packet from passing through the first PE device.
  • the first PE device may be configured to set a packet whose source address is 00-00-5E-00-01, and the first PE device receives the first packet according to the forwarding rule.
  • the first packet is filtered, and the first PE device filters the first packet, the first PE, because the source address of the first packet includes 00-00-5E-00-01.
  • the device may discard the first packet.
  • the network includes a first data center, a second data center, and a first network device.
  • the first data center includes a first L3GW.
  • the second data center includes a second L3GW.
  • the first L3GW and the second L3GW are in the same subnet.
  • the first network device outside the first data center sends traffic to the first data center by using the first L3GW.
  • the first network device outside the second data center sends traffic to the second data center by using the second L3GW.
  • the method can be run by a first PE device of a first data center or a second PE device of a second data center, the method comprising the steps of:
  • the first L3GW sends a first packet to a host in the same subnet as the first L3GW, where a source MAC address of the first packet is a virtual media access control MAC address of the first L3GW.
  • the first packet may be an ARP detection packet, a gratuitous ARP packet, or an ND request packet, for example, the first L3GW sends the information to the network device of the first data center by means of a broadcast.
  • ARP probe packet or ND request packet For the specific implementation of this step, refer to step 210, and details are not described herein again.
  • the first PE device in the first data center receives the first packet sent by the first L3GW to a host in the same subnet as the first L3GW.
  • the first PE device filters the first packet according to a forwarding rule set by the first PE device interface.
  • the first PE device interface is configured to filter the forwarding rule of the first packet, where the forwarding rule may be a packet whose source address carries a virtual MAC address.
  • the first L3GW receives the response packet of the first packet sent by the destination host, the first L3GW generates a route to the destination host according to the response packet of the first packet.
  • the destination MAC address of the response packet of the first packet is the virtual MAC address, and the source MAC address of the response packet of the first packet is the MAC address of the destination host.
  • the first L3GW learns the response packet of the first packet and enables the first L3GW.
  • the route issuance function, and a route to the target host is generated.
  • the specific generation method of the route refer to the description in step S230, and details are not described herein again.
  • the first L3GW sends the route to the first network device, where the route is used by the first network device to send traffic to the destination host.
  • the first network device may be a core router other than the first data center and the second data center.
  • the route generated by the first L3GW may be advertised to the core router by introducing the route into a dynamic routing protocol.
  • the first network device receives a route of the destination host, and determines a transmission path of the traffic according to the route.
  • the route may be an ARP Vlink direct route
  • the first network device may be a core router.
  • the core router receives the ARP Vlink direct route, and uses the route to guide the core router to match the 32-bit destination host route to forward the traffic to the core router.
  • the first L3GW before the first L3GW receives the first packet, the first L3GW obtains the MAC address of the destination host and generates or updates its own ARP entry.
  • the method of obtaining the ARP entry may be: before the first PE of the first data center sets the forwarding rule, the first L3GW sends a second packet to the host that is in the same network segment as the first L3GW, for example, The broadcast sends an ND request message, where the source MAC address of the second packet is the real MAC address of the first L3GW, not the virtual MAC address of the first L3GW.
  • the destination host After the destination host obtains the ND request packet, the destination host adds the MAC address of the destination host to the ND response packet, and sends the ND response packet to the first L3GW.
  • the first L3GW receives the ND response packet, and updates its own ARP entry according to the IP address and MAC address of the destination host in the ND response packet.
  • the first L3GW is configured to send a packet carrying the first L3GW real MAC address, for example, the second packet, by using the arp virtual detect enable command and the command in the step S230.
  • the MAC address of the destination host is updated or the ARP entry is generated. The route is no longer generated based on the ARP entry. In this way, the first L3GW generates a route according to the acquired ARP entry and sends the route to the core router, causing the traffic to bypass.
  • the following takes the first packet as an ARP probe packet as an example to describe a method for determining a traffic transmission path in the network.
  • the first L3GW of the first data center and the second L3GW of the second data center form a VRRP group by using VRRP, and generate a virtual IP address and a virtual MAC address, for example, the generated virtual MAC address is 00-00-5E-00- 01-01.
  • the first L3GW uses the virtual MAC address 00-00-5E-00-01-01 as the source MAC address of the ARP probe packet, and sends the broadcast to the same subnet as the first L3GW. Host.
  • the source MAC address of the first packet is a virtual MAC address of the first L3GW, for example, the virtual MAC address is 0000-5E00- 0101
  • the destination MAC address of the first packet Ethernet header is FFFF-FFFF-FFFF
  • the destination address is 0000-0000-0000
  • the destination IP address is the IP address of the destination host, for example, the IP address of the destination host is 10.10, 10.2
  • the source IP address of the ARP probe packet may be the IP address of the first L3GW, or the virtual IP generated by the first L3GW and the second L3GW through VRRP.
  • the application does not limit the source IP address of the first packet.
  • the IP address may be the IP address 10.10.10.1 of the first L3GW.
  • the first PE device of the first data center receives the ARP probe packet.
  • the first PE device processes the ARP detection packet according to a forwarding rule of the interface of the first PE device.
  • the ACL forwarding rule configured on the interface of the first PE device is that the first PE device discards the packet carrying the source address 00-00-5E-00-01.
  • the interface of the first PE device receives the ARP probe packet, and the ARP probe packet is matched.
  • the ARP probe packet carrying the source MAC address of 00-00-5E-00-01 is discarded according to the set forwarding rule.
  • the ARP detection packet can only be broadcasted and sent in the first data center, and only the host of the first data center can receive the ARP detection packet, so that the AR detection packet cannot pass the The PE device of the first data center forwards to the second data center for diffusion.
  • the first L3GW broadcasts the ARP probe packet to the host in the same subnet as the first L3GW.
  • the ARP probe packet is actually only sent to the host.
  • the host in the first data center broadcasts the broadcast, so the host in the first data center that is in the same subnet as the first L3GW receives the ARP probe packet, and each host receives the ARP probe packet. If the IP address of the destination IP address in the ARP probe packet is the same as the IP address of the ARP probe packet, the host discards the ARP probe packet. If the host is the same, the host is the ARP probe.
  • the destination host needs to look up the MAC address, and the destination host encapsulates its own MAC address in the response packet for the ARP probe packet and unicasts the ARP response packet to the first L3GW, where the ARP response packet is sent.
  • the source MAC address of the packet is the MAC address of the destination host
  • the destination MAC address of the ARP response packet is the virtual MAC address of the first L3GW.
  • the response packet of the first packet may be an ARP response packet.
  • the ARP response packet is sent by the destination host to the first L3GW.
  • the source MAC address of the ARP response packet is the MAC address of the destination host.
  • the MAC address of the destination host is 36d5-8511- 0309
  • the source IP address of the ARP response packet is the IP address 10.10.10.2 of the destination host
  • the destination IP address of the ARP response packet is the IP address of the first L3GW
  • the ARP response packet The destination MAC address is the virtual MAC address 0000-5E00-0101 of the first L3GW.
  • the first L3GW receives the ARP response packet. And the first L3GW determines, by using the arp virtual detect enable command, the first L3GW to determine the received packet, if the packet does not include the virtual MAC address of the first L3GW. For example, if the destination MAC address of the packet is the real AMC address of the first L3GW, the first L3GW generates or updates the ARP entry according to the packet, and does not generate a route according to the ARP entry; The packet includes the virtual MAC address of the first L3GW, for example, the ARP response packet, and the first L3GW not only generates or updates its own ARP entry according to the ARP response packet, but also enables The host routing function enables the first L3GW to learn the ARP entry to obtain the IP address of the destination host and the actual physical interface corresponding to the destination host, to generate a routing entry containing actual physical port information, for example, generating 32 bits.
  • the first L3GW sends the 32-bit direct route to the core router outside the first data center and the second data center by adding the 32-bit direct route to the core router, so that the core router acquires the 32-bit direct route.
  • the core router sends the traffic of the access destination host to the gateway of the data center where the destination host is located according to the route, so as to avoid traffic bypass.
  • the present application provides an L3GW for determining a traffic transmission path in a network, where the L3GW can be either the gateway 104 or the gateway 105 in FIG. 1 or a method flowchart 2 and
  • the first L3GW in 4 can implement the function of the first L3GW.
  • the network includes a first data center, a second data center, and a first network device.
  • the first data center includes a first L3GW.
  • the second data center includes a second L3GW.
  • the first L3GW and the second L3GW are in the same subnet.
  • the first network device outside the first data center sends traffic to the first data center by using the first L3GW, and the first network device except the first data passes the second
  • the L3GW sends traffic to the second data center.
  • the first L3GW includes a sending unit 501, a receiving unit 502, and a processing unit 503.
  • the sending unit 501 is configured to send a first packet to a host in the same subnet as the first L3GW, and send a route of the destination host to the first network device, where the route is used by the first network device
  • the source MAC address of the first packet is the virtual medium access control MAC address of the first L3GW.
  • the receiving unit 502 is configured to receive a response packet of the first packet sent by the destination host, where the destination MAC address of the response packet of the first packet is the virtual MAC address, and the response of the first packet
  • the source MAC address of the packet is the MAC address of the destination host.
  • the processing unit 503 is configured to generate a route to the destination host according to the response packet of the first packet.
  • the first packet may be an ARP detection packet or a free ARP packet, or may be an ND request packet.
  • the first network device may be a core router.
  • the sending unit 502 sends an ARP probe packet or an ND request packet to the host of the first data center by means of a broadcast, where the source MAC address of the first packet is the first L3GW and the second L3GW.
  • the virtual MAC address generated by VRRP. If the receiving unit 502 receives the response packet of the first packet, the processing unit 503 generates a response packet of the first packet received by the receiving unit 502, and according to the entry, The entry is converted into a route to the destination host, and the sending unit 501 sends the route to the core router through a routing protocol.
  • the sending unit 501 is further configured to be in the same subnet as the first L3GW, before the first L3GW sends the first packet to the host in the same subnet as the first L3GW.
  • the host sends a second packet, where the source MAC address of the second packet is the MAC address of the first L3GW.
  • the receiving unit 502 is further configured to receive a response packet of the second packet sent by the destination host, where the destination MAC address of the response packet of the second packet is a MAC address of the first L3GW.
  • the specific implementation of the sending unit 501, the receiving unit 502, and the processing unit 503 may refer to the functions and implementation steps of the first L3GW described in FIG. 2 and FIG. No longer.
  • the present application provides a PE device that determines a traffic transmission path in a network, where the PE device can be either the operator edge 108 or the carrier edge 109, or the method flowcharts 3 and 4
  • the first PE device can implement the function of the first PE device.
  • the network includes a first data center and a second data center, where the first three-layer gateway L3GW of the first data center and the second L3GW of the second data center are in the same subnet, the first data center
  • the first PE device is interconnected with the second PE device of the second data center, the device includes a receiving unit 601 and a processing unit 602.
  • the receiving unit 601 is configured to receive the first packet.
  • the first packet includes a virtual media access control MAC address.
  • the virtual MAC is a virtual MAC address generated by the first L3GW and the second L3GW through a virtual routing redundancy protocol.
  • the processing unit 602 is configured to filter the first packet according to a forwarding rule set by the first PE device interface.
  • the forwarding rule is to filter a packet including a virtual MAC address.
  • the receiving unit 601 receives the first packet, and the processing unit 602 filters the first packet according to the forwarding rule, that is, discards the packet whose source address is the virtual MAC address according to the filtering rule, because The source MAC address of the first packet is a virtual MAC address generated by the first L3GW and the second L3GW through a virtual routing redundancy protocol, so the processing unit 602 filters the first packet.
  • the forwarding rule that is, discards the packet whose source address is the virtual MAC address according to the filtering rule, because
  • the source MAC address of the first packet is a virtual MAC address generated by the first L3GW and the second L3GW through a virtual routing redundancy protocol, so the processing unit 602 filters the first packet.
  • the first PE device discards the first packet including the virtual MAC address according to the forwarding rule set by the first PE device interface.
  • the specific implementation of the receiving unit 601 and the processing unit 602 may refer to the functions and implementation steps of the first PE device described in FIG. 3 and FIG. 4, and details are not described herein for brevity.
  • the L3GW for determining a traffic transmission path in another network is provided in the present application.
  • the L3GW may be the gateway 104 in FIG. 1 or the gateway 105, or may be a method flowchart 2 and
  • the first L3GW in FIG. 4 can implement the functions of the first L3GW.
  • the network includes a first data center, a second data center, and a first network device.
  • the first data center includes a first L3GW.
  • the second data center includes a second L3GW.
  • the first L3GW and the second L3GW are in the same subnet.
  • the first network device outside the first data center sends traffic to the first data center by using the first L3GW, and the first network device except the first data passes the second
  • the L3GW sends traffic to the second data center.
  • the first L3GW includes a network interface 701, and may further include a processor 702 or a memory 703.
  • the processor 702 includes, but is not limited to, a central processing unit (English: central processing unit, CPU for short), a network processor (English: network processor, referred to as NP), and an application-specific integrated circuit (English: application-specific integrated circuit, referred to as: ASIC) or one or more of programmable logic devices (English: programmable logic device, abbreviation: PLD).
  • the above PLD can be a complex programmable logic device (English: complex programmable logic device, abbreviation: CPLD), field-programmable gate array (English: field-programmable gate array, abbreviation: FPGA), general array logic (English: generic array Logic, abbreviation: GAL) or any combination thereof.
  • the processor 702 is responsible for managing the bus 704 and the usual processing, and can also provide various functions including timing, peripheral interfaces, voltage regulation, power management, and other control functions.
  • Memory 703 can be used to store data used by processor 702 in performing operations.
  • the network interface 701 can be a wired interface, such as a Fiber Distributed Data Interface (FDDI) or an Ethernet (English) interface.
  • Network interface 701 can also be a wireless interface, such as a wireless local area network interface.
  • the memory 703 may be, but not limited to, a content-addressable memory (English: content-addressable memory, CAM for short), such as a ternary CAM (abbreviation: TCAM), a random access memory (English: Random-access memory, referred to as: RAM).
  • a content-addressable memory English: content-addressable memory, CAM for short
  • TCAM ternary CAM
  • RAM Random-access memory
  • Memory 703 can also be integrated in processor 702. If memory 703 and processor 702 are mutually independent devices, memory 573 is coupled to processor 702, for example, memory 703 and processor 702 can communicate over a bus. Network interface 701 and processor 702 can communicate over a bus, and network interface 701 can also be directly coupled to processor 702.
  • Bus 704 can include any number of interconnected buses and bridges that link together various circuits including one or more processors 702 represented by processor 702 and memory represented by memory 703.
  • the bus 704 can also link various other circuits, such as peripherals, voltage regulators, and power management circuits, as is known in the art, and therefore, will not be further described herein.
  • the network interface 701 is configured to send a first packet to a host that is in the same subnet as the first L3GW.
  • the first packet includes a virtual medium access control MAC address, where the virtual MAC is a virtual MAC address generated by the first L3GW and the second L3GW by using a virtual routing redundancy protocol VRRP.
  • the processor 702 is configured to generate a route to the destination host according to the response packet of the first packet, and send the route to the The first network device, the route is used by the first network device to send traffic to the destination host, and the first network device is configured to send traffic to the destination host according to the route. If the first L3GW does not receive the response packet of the first packet, the processor 702 does not send the route of the destination host to the first network device.
  • the network interface 701 is further configured to send, to the host that is in the same subnet as the first L3GW, before the first L3GW sends the first packet to the host that is in the same subnet as the first L3GW.
  • the second packet where the source MAC address of the second packet is the MAC address of the first L3GW.
  • the network interface 701 is further configured to receive a response packet of the second packet sent by the destination host, where the destination MAC address of the response packet of the second packet is a MAC address of the first L3GW.
  • the first packet is an address resolution protocol ARP or a neighbor discovery ND packet.
  • the specific implementation of the processor 702 and the network interface 701 may refer to the functions and implementation steps of the first L3GW in FIG. 2 and FIG. 4, and details are not described herein for brevity.
  • a PE device that determines a traffic transmission path in another network is provided in the present application.
  • the PE device may be either the operator edge 108 or the carrier edge 109, or may be the method flowchart 3 and FIG. 4 .
  • the first PE device in the middle can implement the function of the first PE device.
  • the network includes a first data center and a second data center, where the first three-layer gateway L3GW of the first data center and the second L3GW of the second data center are in the same subnet, the first data center
  • the first PE device is interconnected with the second PE device of the second data center, and the device includes a network interface 801 and a processor 802, and may further include a memory 803.
  • the processor 802 includes, but is not limited to, a central processing unit (English: central processing unit, CPU for short), a network processor (English: network processor, abbreviated as: NP), an application specific integrated circuit (English: application-sPE device cific integrated circuit, Abbreviation: ASIC) or one or more of programmable logic devices (English: programmable logic device, abbreviation: PLD).
  • the above PLD can be a complex programmable logic device (English: complex programmable logic device, abbreviation: CPLD), field-programmable gate array (English: field-programmable gate array, abbreviation: FPGA), general array logic (English: generic array Logic, abbreviation: GAL) or any combination thereof.
  • the processor 802 is responsible for managing the bus 804 and the usual processing, and can also provide various functions including timing, peripheral interfaces, voltage regulation, power management, and other control functions.
  • Memory 803 can be used to store data used by processor 802 in performing operations.
  • the network interface 801 can be a wired interface, such as a Fiber Distributed Data Interface (FDDI) or an Ethernet (English) interface.
  • Network interface 801 can also be a wireless interface, such as a wireless local area network interface.
  • the memory 803 may be, but not limited to, a content-addressable memory (English: content-addressable memory, CAM for short), such as a ternary CAM (abbreviation: TCAM), a random access memory (English: Random-access memory, referred to as: RAM).
  • a content-addressable memory English: content-addressable memory, CAM for short
  • TCAM ternary CAM
  • RAM Random-access memory
  • Memory 803 can also be integrated in processor 802. If memory 803 and processor 802 are separate devices, memory 803 is coupled to processor 802, for example, memory 803 and processor 802 can communicate over a bus. Network interface 801 and processor 802 can communicate over a bus, and network interface 801 can also be directly coupled to processor 802.
  • Bus 804 can include any number of interconnected buses and bridges that link together various circuits including one or more processors 802 represented by processor 802 and memory represented by memory 803. Bus 804 can also link various other circuits, such as peripherals, voltage regulators, and power management circuits, as is known in the art, and therefore, will not be further described herein.
  • the network interface 801 is configured to receive the first packet, where the first packet includes a virtual media access control MAC address, the virtual MAC is the first L3GW, and the The virtual MAC address generated by the second L3GW through the virtual routing redundancy protocol.
  • the processor 802 filters the first packet according to the forwarding rule set by the first PE device interface, where the forwarding rule is to filter the packet including the virtual MAC address.
  • the first PE device discards the first packet including the virtual MAC address according to the forwarding rule set by the first PE device interface.
  • the specific implementation of the processor 802 and the network interface 801 may refer to the functions and implementation steps of the first L3GW in FIG. 2 and FIG. 4, and details are not described herein for brevity.
  • the present application provides a system for determining a traffic transmission path in a network.
  • the network includes a first data center, a second data center, and a first network device.
  • the first Layer 3 gateway L3GW 901 of the first data center and the second L3GW of the second data center are in the same subnet.
  • the first network device outside the first data center sends traffic to the first data center by using the first L3GW.
  • the first network device other than the first data sends traffic to the second data center by using the second L3GW.
  • the first carrier edge PE device 902 of the first data center and the second PE device of the second data center are interconnected.
  • the system includes a first L3GW 901 and a first PE device 902.
  • the first L3GW 901 may be the gateway 104 in FIG. 1 or the gateway 105, and may also be the first L3GW in the method flowchart 2 and FIG. 4, and may implement the function of the first L3GW, or may be The first L3GW in Figure 5 or Figure 7.
  • the first PE device may be the operator edge 108 or the operator edge 109, or may be the first PE device in the method flowchart 3 and FIG. 4, and may implement the function of the first PE device, and may also It is the first PE device in Figure 6 or Figure 8.
  • the first L3GW 901 is configured to send a first packet to a host that is in the same subnet as the first L3GW, and send a route of the destination host to the first network device, so that the first network device is configured according to the first network device.
  • the route sends a traffic to the destination host, receives a response packet of the first packet sent by the destination host, and generates a route to the destination host according to the response packet of the first packet, where
  • the source MAC address of the first packet is the virtual medium access control MAC address of the first L3GW, and the destination MAC address of the response packet of the first packet is the virtual MAC address, the first report
  • the source MAC address of the response packet is the MAC address of the destination host.
  • the first PE device 902 is configured to receive the first packet, and filter the first packet according to a forwarding rule set by the first PE device interface, where the first packet includes a virtual media access control MAC address.
  • the first L3GW 901 specifically implements the functions and implementation steps of the first L3GW that can be referred to in FIG. 2 and FIG.
  • the first PE device 902 can implement the functions and implementation steps of the first L3GW that can be referred to in FIG. 3 and FIG. 4, and details are not described herein for brevity.
  • the size of the sequence numbers of the foregoing methods does not mean the order of execution, and the order of execution of each method should be determined by its function and internal logic, and should not be applied to the embodiment of the present application.
  • the implementation process constitutes any limitation.
  • the disclosed methods and apparatus may be implemented in other ways.
  • the device embodiments described above are merely illustrative.
  • the division of the modules is only a logical function division.
  • there may be another division manner for example, multiple modules or components may be combined or Can be integrated into another system, or some features can be ignored or not executed.
  • the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, and may be in an electrical, mechanical or other form.
  • the modules described as separate components may or may not be physically separated, and the components displayed as modules may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.
  • each functional module in each embodiment of the present invention may be integrated into one processing unit, or each module may exist physically separately, or two or more modules may be integrated into one unit.
  • the above integrated modules can be implemented in the form of hardware or in the form of hardware plus software functional units.
  • the integrated unit may be stored in a computer readable storage medium if implemented in the form of hardware in conjunction with software and sold or used as a standalone product. Based on such understanding, some of the technical features of the technical solution of the present invention contributing to the prior art may be embodied in the form of a software product stored in a storage medium, including a plurality of instructions for causing a computer
  • the device (which may be a personal computer, server, or network device, etc.) performs some or all of the steps of the methods described in various embodiments of the present invention.
  • the foregoing storage medium may be a USB flash drive, a mobile hard disk, a read only memory (abbreviation: ROM, English: Read-Only Memory), a random access memory (abbreviation: RAM, English: Random Access Memory), a magnetic disk or an optical disk.
  • ROM read only memory
  • RAM random access memory

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本申请提供了一种网络中确定流量传输路径的方法。该方法包括:第一L3GW向与所述第一L3GW处于同一子网的主机发送第一报文。所述第一L3GW接收所述目的主机发送的第一报文的响应报文。所述第一L3GW根据所述第一报文的响应报文生成指向所述目的主机的路由,并将所述路由发送给所述第一网络设备。通过上述方法可以避免核心路由器向数据中心的目的主机发送流量时流量绕行的问题。

Description

一种网络中确定流量传输路径的方法、设备和系统
本申请要求于2017年10月27日提交中国专利局、申请号为201711020259.2、申请名称为“一种网络中确定流量传输路径的方法、设备和系统”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。
技术领域
本发明涉及通信技术领域,尤其涉及一种网络中确定流量传输路径的方法、设备和系统。
背景技术
数据中心能够加速网络信息的传递,因此企业、运营商都在大力建设数据中心。目前,规模化、虚拟化、云计算已成为数据中心的发展方向,同时,数据中心为适应更大的业务量并降低维护成本,逐渐向大二层技术及虚拟化迁移。
数据中心一方面受到广泛应用,另一方面也存在一些问题。如图1所示,网络包括第一数据中心和第二数据中心。第一数据中心的三层网关104和第二数据中心的三层网关105都能够依据地址解析协议(英文:Address Resolution Protocol简称:ARP)地址表项和路由表,学习到第一数据中心内主机的路由以及第二数据中心内主机的路由。但核心路由器101在对同一网段的三层流量进行转发时,既可能发送给第一数据中心的L3GW1,也可能转发给第二数据中心的L3GW2。如果流量访问的目的主机1(如主机A)是在第一数据中心内,那么所述流量既可能被转发到第一数据中心的L3GW1,也可能被转发到第二数据中心的L3GW2,如果所述流量被转发给第二数据中心的L3GW2,则所述流量需要从所述第二数据中心绕行到所述第一数据中心,然后到达第一数据中心的主机1,这样会造成流量绕行,降低转发效率。
发明内容
本申请实施例提供了一种报文传输的方法和网络设备,以避免由于流量绕行而降低转发效率的问题。
第一方面,本申请提供了一种网络中确定流量传输路径的方法。所述网络包括第一数据中心、第二数据中心和第一网络设备。所述第一数据中心包括第一三层网关L3GW。所述第二数据中心包括第二L3GW。所述第一L3GW和所述第二L3GW处于同一子网中。所述第一数据中心之外的所述第一网络设备通过所述第一L3GW向所述第一数据中心发送流量。所述第一数据之外的所述第一网络设备通过所述第二L3GW向所述第二数据中心发送流量。所述方法包括:
所述第一L3GW向与所述第一L3GW处于同一子网的主机发送第一报文,其中,所述第一报文的源MAC地址为所述第一L3GW的虚拟媒体接入控制MAC地址。
所述第一L3GW接收所述目的主机发送的第一报文的响应报文,其中,所述第一报 文的响应报文的目的MAC地址为所述虚拟MAC地址,所述第一报文的响应报文的源MAC地址为目的主机的MAC地址。
所述第一L3GW根据所述第一报文的响应报文生成指向所述目的主机的路由,并将所述路由发送给所述第一网络设备,所述路由用于所述第一网络设备向所述目的主机发送流量的依据。
结合第一方面,在第一种可能的实现方式中,在所述第一L3GW向与所述第一L3GW处于同一子网的主机发送第一报文之前,所述方法还包括:
所述第一L3GW向与所述第一L3GW处于同一子网的主机发送第二报文,其中,所述第二报文的源MAC地址为所述第一L3GW的MAC地址。
所述第一L3GW接收所述目的主机发送的第二报文的响应报文,其中,所述第二报文的响应报文的目的MAC为所述第一L3GW的MAC地址。
所述第一L3GW不根据所述第二报文的响应报文生成指向所述目的主机的路由。
结合第一方面,在第二种可能的实现方式中,所述第一报文为地址解析协议ARP或者邻居发现ND报文。
结合第一方面,在第三种可能的实现方式中,所述第一L3GW的虚拟媒体为所述第一L3GW和所述第二L3GW通过虚拟路由冗余协议VRRP生成的虚拟MAC地址。
第二方面,本申请提供了一种网络中确定流量传输路径的方法。所述网络包括第一数据中心和第二数据中心。所述第一数据中心的第一三层网关L3GW和所述第二数据中心的第二L3GW处于同一子网中。所述第一数据中心的第一运营商边缘PE设备和所述第二数据中心的第二PE设备互联。所述方法包括:
所述第一PE设备接收所述第一L3GW向与所述第一L3GW处于同一子网的主机发送的第一报文,其中,所述第一报文包括所述第一L3GW的虚拟媒体接入控制MAC地址。
所述第一PE设备根据所述第一PE设备接口设置的转发规则过滤所述第一报文。
结合第二方面,在第一种可能的实现方式中,所述第一PE设备根据所述第一PE设备接口设置的转发规则过滤所述第一报文包括:
所述第一PE设备确认所述第一报文中携带所述第一L3GW的虚拟MAC地址,根据所述转发规则丢弃所述第一报文。
第三方面,本申请提供了一种网络中确定流量传输路径的第一三层网关L3GW。所述网络包括第一数据中心、第二数据中心和第一网络设备。所述第一数据中心包括第一L3GW。所述第二数据中心包括第二L3GW。所述第一L3GW和所述第二L3GW处于同一子网中。所述第一数据中心之外的所述第一网络设备通过所述第一L3GW向所述第一数据中心发送流量。所述第一数据之外的所述第一网络设备通过所述第二L3GW向所述第二数据中心发送流量。所述第一L3GW包括:
发送单元用于向与所述第一L3GW处于同一子网的主机发送第一报文,并将目的主机的路由发送给所述第一网络设备,所述路由用于所述第一网络设备向所述目的主机发送流量的依据,其中,所述第一报文的源MAC地址为所述第一L3GW的虚拟媒体接入控制MAC地址。
接收单元用于接收所述目的主机发送的第一报文的响应报文,其中,所述第一报文的响应报文的目的MAC地址为所述虚拟MAC地址,所述第一报文的响应报文的源MAC 地址为目的主机的MAC地址。
处理单元用于根据所述第一报文的响应报文生成指向所述目的主机的路由。
结合第三方面,在第一种可能的实现方式中,所述发送单元在所述第一L3GW向与所述第一L3GW处于同一子网的主机发送第一报文之前,还用于向与所述第一L3GW处于同一子网的主机发送第二报文,其中,所述第二报文的源MAC地址为所述第一L3GW的MAC地址。
所述接收单元还用于接收所述目的主机发送的第二报文的响应报文,其中,所述第二报文的响应报文的目的MAC为所述第一L3GW的MAC地址。
第四方面,本申请提供了一种网络中确定流量传输路径的第一运营商边缘PE设备。所述网络包括第一数据中心和第二数据中心。所述第一数据中心的第一三层网关L3GW和所述第二数据中心的第二L3GW处于同一子网中。所述第一数据中心的第一PE设备和所述第二数据中心的第二PE设备互联。所述设备包括:
接收单元用于接收第一报文,其中,所述第一报文包括虚拟媒体接入控制MAC地址,所述虚拟MAC为所述第一L3GW和所述第二L3GW通过虚拟路由冗余协议生成的虚拟MAC地址。
处理单元用于根据所述第一PE设备接口设置的转发规则过滤所述第一报文,其中,所述转发规则为过滤包括虚拟MAC地址的报文。
结合第四方面,在第一种可能的实现方式中,所述处理单元具体用于根据所述第一PE设备接口设置的转发规则将包括虚拟MAC地址的所述第一报文丢弃。
第五方面,本申请提供了一种网络中确定流量传输路径的系统。所述网络包括第一数据中心、第二数据中心和第一网络设备。所述第一数据中心的第一三层网关L3GW和所述第二数据中心的第二L3GW处于同一子网中。所述第一数据中心之外的所述第一网络设备通过所述第一L3GW向所述第一数据中心发送流量。所述第一数据之外的所述第一网络设备通过所述第二L3GW向所述第二数据中心发送流量。所述第一数据中心的第一运营商边缘PE设备和所述第二数据中心的第二PE设备互联。所述系统包括:
所述第一L3GW用于向与所述第一L3GW处于同一子网的主机发送第一报文,并将目的主机的路由发送给所述第一网络设备,接收所述目的主机发送的第一报文的响应报文,根据所述第一报文的响应报文生成指向所述目的主机的路由,其中,所述第一报文的源MAC地址为所述第一L3GW的虚拟媒体接入控制MAC地址,所述第一报文的响应报文的目的MAC地址为所述虚拟MAC地址,所述第一报文的响应报文的源MAC地址为目的主机的MAC地址,所述路由用于所述第一网络设备向所述目的主机发送流量的依据。
所述第一PE设备用于接收第一报文,并根据所述第一PE设备接口设置的转发规则过滤所述第一报文,其中,所述第一报文包括虚拟媒体接入控制MAC地址,所述虚拟MAC为所述第一L3GW和所述第二L3GW通过虚拟路由冗余协议生成的虚拟MAC地址。
结合第五方面,在第一种可能的实现方式中,所述第一L3GW在所述第一L3GW向与所述第一L3GW处于同一子网的主机发送第一报文之前,还用于向与所述第一L3GW处于同一子网的主机发送第二报文,并接收所述目的主机发送的第二报文的响应报文,所述第一L3GW不根据所述第二报文的响应报文生成指向所述目的主机的路由,其中, 所述第二报文的源MAC地址为所述第一L3GW的MAC地址,所述第二报文的响应报文的目的MAC为所述第一L3GW的MAC地址。
第六方面,本申请提供了一种计算机可读存储介质,所述计算机可读存储介质中存储有指令,当其在计算机上运行时,使得计算机执行上述第一方面以及各个可能实现方式的所述的方法。
第七方面,本申请提供了另一种计算机可读存储介质,所述计算机可读存储介质中存储有指令,当其在计算机上运行时,使得计算机执行上述第二方面以及各个可能实现方式的所述的方法。
第八方面,本申请提供了一种网络设备,所述网络设备包括网络接口、处理器、存储器和连接所述网络接口、处理器和存储器的总线。所述存储器用于存储程序、指令或代码,所述处理器用于执行所述存储器中的程序、指令或代码,完成上述第一方面以及各个可能实现方式的所述的方法。
第九方面,本申请提供了一种网络设备,所述网络设备包括网络接口、处理器、存储器和连接所述网络接口、处理器和存储器的总线。所述存储器用于存储程序、指令或代码,所述处理器用于执行所述存储器中的程序、指令或代码,完成上述第二方面以及各个可能实现方式的所述的方法。
附图说明
图1为本发明实施例提供的一种应用场景示意图。
图2为本发明实施例提供的一种网络中确定流量传输路径的方法流程示意图。
图3为本发明实施例提供的又一种网络中确定流量传输路径的方法流程示意图。
图4为本发明实施例提供的又一种网络中确定流量传输路径的方法流程示意图。
图5为本发明实施例提供的一种L3GW。
图6为本发明实施例提供的一种PE设备。
图7为本发明实施例提供的又一种L3GW。
图8为本发明实施例提供的又一种PE设备。
图9为本发明实施例提供的一种网络中确定流量传输路径的系统。
具体实施方式
本发明的说明书和权利要求书及上述附图中的术语“第一”、“第二”等(如果存在)是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。应该理解这样使用的数据在适当情况下可以互换,以便这里描述的实施例能够以除了在这里图示或描述的内容以外的顺序实施。此外,术语“包括”和“具有”以及他们的任何变形,意图在于覆盖不排他的包含,例如,包含了一系列步骤或单元的过程、方法、系统、产品或设备不必限于清楚地列出的那些步骤或单元,而是可包括没有清楚地列出的或对于这些过程、方法、产品或设备固有的其它步骤或单元。
图1提供了一种网络中传输流量的系统架构示意图,该网络系统100包括:核心路由器101、核心路由器102、核心路由器103、第一数据中心、第二数据中心以及连接所述第一数据中心的主机A和连接第二数据中心的主机B。所述第一数据中心的机 架交换机106和所述主机A连接,所述第二数据中心的机架交换机107与所述主机B连接。核心路由器102通过第一数据中心的网关104连接所述第一数据中心。核心路由器103通过第二数据中心的网关105连接所述第二数据中心。所述核心路由器102和核心路由器103分别与核心路由器101连接。所述第一数据中心和所述第二数据中心通过第一数据中心的运营商边缘108(英文:provider edge,简称PE设备)和所述第二数据中心的PE设备109连接。所述第一数据中心由网关104、机架交换机106和PE设备108相互连接构成所述第一数据中心的基本架构,所述第二数据中心由网关105、机架交换机107和PE设备109相互连接构成所述第二数据中心的基本架构。由于所述第一数据中心和所述第二数据中心在同一子网中,所述核心路由器101可以通过第一数据中心的网关104获取第一数据中心的路由,所述核心路由器101也可以通过所述第二数据中心的网关105获取第二数据中心的路由,因此所述核心路由器101在转发流量时,既可以通过核心路由器102和第一数据中心的网关104将所述流量转发到所述第一数据中心,也可以通过核心路由器103和第二数据中心的网关105将所述流量转发到所述第二数据中心。
如果所述流量访问的目的主机是与所述第二数据中心连接的主机B,在所述第一数据中心和所述第二数据中心在同一子网的情况下,核心路由器101可以选择将所述流量通过核心路由器102和所述第一数据网关104将所述流量发送到所述第一数据中心,然后所述第一数据中心的网关104通过路由学习将所述流量通过PE设备108将所述流量发送到所述第二数据中心,最终实现流量对主机B的访问。此外,核心路由器101还可以选择将所述流量通过核心路由器103和所述第二数据中心的网关105将所述流量发送到所述第二数据中心,所述第二数据中心的网关105通过路由学习将所述流量发送给机架交换机107,由所述机架交换机107将所述流量发发送到所述主机B。
由上述分析可知,当流量访问主机B时,且所述核心路由器101选择将所述流量通过所述核心路由器102和第一数据中心的网关104发送到所述第一数据中心,就会出现流量绕行的问题,即所述流量从所述第一数据中心绕行到所述第二数据中心,进而达到主机B。这样就会由于流量绕行而降低转发效率。
为了解决上述技术问题,如图2所示,为本申请提供了一种网络中确定流量传输路径的方法流程示意图。所述网络包括第一数据中心、第二数据中心和第一网络设备。所述第一数据中心包括网关104,本实施例中称为第一L3GW。所述第二数据中心包括网关105,本实施例中称为第二L3GW。所述第一L3GW和所述第二L3GW处于同一子网中。所述第一数据中心之外的所述第一网络设备通过所述第一L3GW向所述第一数据中心发送流量。所述第二数据中心之外的所述第一网络设备通过所述第二L3GW向所述第二数据中心发送流量。所述第一数据中心通过所述第一数据中心的第一PE设备与所述第二数据中心连接。该方法可以由第一数据中心的第一L3GW或第二数据中心的第二L3GW运行,该方法包括以下步骤:
S210,所述第一L3GW向与所述第一L3GW处于同一子网的主机发送第一报文,所述第一报文的源MAC地址为所述第一L3GW的虚拟媒体接入控制MAC地址。
在一种可能的实现方式中,所述第一报文可以是ARP探测报文、免费ARP报文或者是邻居发现(英文:neighbor discovery,简称:ND)请求报文。所述第一L3GW 和所述第二L3GW可以通过虚拟路由冗余协议(英文:Virtual Router Redundancy Protocol,简称:VRRP)组成一个VRRP组,对外体现为一个虚拟IP和一个虚拟MAC地址。所述第一L3GW将所述虚拟MAC地址作为所述第一报文的源MAC地址以广播的方式发送给与所述第一L3GW处于同一子网的主机。
举例来说,所述第一L3GW和所述第二L3GW可以通过激活VRRP产生一台虚拟路由器,这台虚拟路由器包括一个虚拟的MAC地址和一个虚拟IP地址,比如所述第一L3GW和所述第二L3GW通过激活VRRP生成的虚拟路由器的虚拟MAC地址为00-00-5E-00-01-01-01。对于所述第一L3GW和所述第二L3GW通过VRRP生成虚拟MAC地址的过程可以参考RFC2338中对VRRP的介绍,此处不再举例说明。所述第一L3GW将上述生成的虚拟MAC地址作为所述第一报文的源MAC地址,并以广播的形式发送给与所述第一L3GW处于同一子网的主机。
S220,所述第一L3GW接收所述目的主机发送的第一报文的响应报文,所述第一报文的响应报文的目的MAC地址为所述虚拟MAC地址,所述第一报文的响应报文的源MAC地址为目的主机的MAC地址。
在一种可能的实现方式中,所述目的主机为与所述第一L3GW处于同一子网的主机,并且所述第一L3GW根据所述目的主机发送的第一报文的响应报文生成路由的主机。所述第一报文的响应报文的类型与所述第一报文类型相同,例如,当所述第一L3GW发送的第一报文是ARP探测报文,则所述第一报文的响应报文为ARP响应报文。所述第一L3GW向与所述第一L3GW处于同一子网的主机广播发送第一报文,与所述第一L3GW处于同一子网的主机都会收到所述第一报文,与所述第一L3GW处于同一子网的每个主机接收到所述第一报文后查看所述第一报文中的目的地址IP地址是否与自身IP地址相同,如果不同,则该主机将所述第一报文直接丢弃,如果相同,则该主机为所述第一报文需要查找MAC地址的目的主机,所述目的主机将自己的MAC地址封装在针对所述第一报文的响应报文中并向所述第一L3GW单播所述第一报文的响应报文,其中第一报文的响应报文的源MAC地址为所述目的主机的MAC地址,所述第一报文的响应报文的目的MAC地址为所述第一L3GW的虚拟MAC地址。所述第一L3GW接收所述第一报文的响应报文。
S230,所述第一L3GW根据所述第一报文的响应报文生成指向所述目的主机的路由,并将所述路由发送给所述第一网络设备,所述路由用于所述第一网络设备向所述目的主机发送流量的依据。
在一种可能的实现方式中,所述第一L3GW收到第一报文的响应报文后会根据第一报文的响应报文的源MAC地址刷新自己的ARP表项,或者生成一个新的ARP表项。所述第一L3GW通过学习所述ARP表项生成一条指向目的主机的路由,并把目的主机的路由发送给所述第一数据中心之外的第一网络设备以使所述第一网络设备根据所述路由向所述目的主机发送流量。
举例来说,当所述第一报文为ARP探测报文,则所述第一报文的响应报文为ARP响应报文。通过配置所述第一L3GW使所述第一L3GW能够根据携带虚拟MAC地址的ARP响应报文生成指向所述目的主机的路由。例如对所述第一L3GW配置命令arp virtual detect enable并使能该命令,使所述第一L3GW对接收的报文先进行判断,如果所述 报文不包括所述第一L3GW的虚拟MAC地址,例如该报文的目的MAC地址为所述第一L3GW的实AMC地址,则所述第一L3GW只根据该报文生成或更新ARP表项不会根据所述ARP表项生成路由;如果所述报文包括所述第一L3GW的虚拟MAC地址,例如该报文为所述第一报文的响应报文,则所述第一L3GW不仅根据该报文生成或更新自身的ARP表项,并通过使能主机路由功能使所述第一L3GW学习该ARP表项以获取所述目的主机的IP地址和所述目的主机对应的实际物理接口,以生成包含实际物理端口信息的路由表项,例如生成掩码32位的ARP虚拟链路(英文:virtual link,简称:Vlink)直连路由。所述第一L3GW通过路由协议将所述路由发送给核心路由器,使得核心路由器获取所述路由。核心路由器根据所述路由将访问目的主机的流量发送给所述目的主机,以确定发送所述流量的传输路径。这样就可以使核心路由器根据所述路由将所述流量发送到对应的目的主机,避免流量绕行降低流量传输的效率。
可选的,在步骤S210之前,所述方法还包括:所述第一L3GW向与所述第一L3GW处于同一子网的主机发送第二报文。所述第二报文的源MAC地址为所述第一L3GW的实MAC地址。所述第一L3GW接收所述目的主机发送的第二报文的响应报文,所述第一L3GW不根据所述第二报文的响应报文生成指向所述目的主机的路由。所述第二报文的响应报文的目的MAC为所述第一L3GW的实MAC地址。通过配置使所述第一L3GW对所述第二报文的响应报文不生成指向所述目的主机的路由。
在一种可能的实现方式中,所述第二报文可以是ARP探测报文、免费ARP报文或者是ND请求报文。所述第二报文的在所述第一L3GW向与所述第一L3GW处于同一子网的主机发送第一报文之前,所述第一L3GW通过广播向与所述第一L3GW处于同一子网的主机发送第二报文,与所述第一L3GW处于同一子网的主机都会收到所述第二报文。当与所述第一L3GW处于同一子网的主机收到所述第二报文时,查看所述第二报文中的目的地址IP地址是否与自身IP地址相同,如果不同,则该主机将所述第一报文直接丢弃,如果相同,则该主机为所述第二报文需要查找MAC地址的目的主机,所述目的主机将自己的MAC地址封装在针对所述第二报文的响应报文中,并向所述第一L3GW单播所述第二报文的响应报文,其中第二报文的响应报文的源MAC地址为所述目的主机的MAC地址,所述第二报文的响应报文的目的MAC地址为所述第一L3GW的实MAC地址。所述第一L3GW接收所述第二报文的响应报文。通过步骤S230中对所述第一L3GW配置命令:arp virtual detect enable并使能该命令,使的所述第一L3GW对携带第一L3GW实MAC地址的报文,例如所述第二报文的响应报文,只学习该报文中目的主机的MAC地址已更新或生成自身ARP表项,不根据所述ARP表项生成路由。这样就可以使得所述第一L3GW即使通过其他方法学习到目的主机的MAC地址时,也仅根据所述响应报文的内容更新或生成ARP表项,而不能根据该更新或生成ARP表项生成指向目的主机的路由,避免核心路由器通过其他方法获得指向所述目的主机的路由,造成流量绕行的问题。
如图3所示,为本申请提供了另一种网络中确定流量传输路径的方法流程示意图。所述网络中包括第一数据中心、第二数据中心和第一网络设备。所述第一数据中心包括第一L3GW。所述第二数据中心包括第二L3GW。所述第一L3GW和所述第二L3GW处于同一子网中。所述第一数据中心的第一与所述第二数据中心的第二PE连接。该方法可 以由第一数据中心的第一PE设备或第二数据中心的第二PE设备运行,该方法包括以下步骤:
S310,所述第一PE设备接收所述第一L3GW向与所述第一L3GW处于同一子网的主机发送的第一报文,所述第一报文包括所述第一L3GW的虚拟媒体接入控制MAC地址。
在一个可能的实现方式中,所述第一报文可以是ARP探测报文、免费ARP报文或者是ND请求报文。所述第一报文可以由所述第一L3GW向与所述第一L3GW处于同一子网的主机发送。所述第一L3GW和所述第二L3GW可以通过VRRP组成一个VRRP组,对外体现为一个虚拟互联网协议(英文:Internet Protocol,简称:IP)和一个虚拟MAC地址。所述第一L3GW将所述虚拟MAC地址作为所述第一报文的源MAC地址向与所述第一L3GW处于同一子网的主机广播发送,所述第一PE接收所述第一报文。
S320,所述第一PE设备根据所述第一PE设备接口设置的转发规则过滤所述第一报文。
在一个可能的实现方式中,对所述第一PE设备接口配置访问控制列表(英文:access control list,简称:ACL)策略,在PE设备接口设置匹配条件对所述第一报文进行分类处理。由于虚拟MAC地址通常为00-00-5E-00-01-{VRID},其中,00-00-5E-00-01是虚拟MAC地址的固定数值,即虚拟MAC地址都携带00-00-5E-00-01,{VRID}并不是固定值,不同的虚拟MAC地址有不同的数值,比如{VRID}可以是01,也可以是02等,因此可以在所述第一PE设备接口处配置过滤携带虚拟MAC地址的报文,即在所述第一PE设备接口处设置过滤源地址包括00-00-5E-00-01的报文以阻止所述第一报文通过所述第一PE设备被发送到所第二数据中心。举例来说,可以在所述第一PE设备接口设置过滤源地址包括00-00-5E-00-01的报文,所述第一PE设备接收所述第一报文,根据该转发规则对所述第一报文进行过滤,由于所述第一报文的源地址包括00-00-5E-00-01,因此所述第一PE设备过滤所述第一报文,所述第一PE设备可以将所述第一报文丢弃。
如图4所示,为本申请提供了又一种网络中确定流量传输路径的方法流程示意图。所述网络中包括第一数据中心、第二数据中心和第一网络设备。所述第一数据中心包括第一L3GW。所述第二数据中心包括第二L3GW。所述第一L3GW和所述第二L3GW处于同一子网中。所述第一数据中心之外的所述第一网络设备通过所述第一L3GW向所述第一数据中心发送流量。所述第二数据中心之外的所述第一网络设备通过所述第二L3GW向所述第二数据中心发送流量。该方法可以由第一数据中心的第一PE设备或第二数据中心的第二PE设备运行,该方法包括以下步骤:
S410,所述第一L3GW向与所述第一L3GW处于同一子网的主机发送第一报文,所述第一报文的源MAC地址为所述第一L3GW的虚拟媒体接入控制MAC地址。
在一个可能的实现方式中,所述第一报文可以ARP探测报文、免费ARP报文或者是ND请求报文,例如第一L3GW通过广播的方式向所述第一数据中心的网络设备发送ARP探测报文或者ND请求报文。该步骤的具体实现方式可以参考步骤210,此处不再赘述。
S420,所述第一数据中心的第一PE设备接收所述第一L3GW向与所述第一L3GW处于同一子网的主机发送的所述第一报文。
S430,所述第一PE设备根据所述第一PE设备接口设置的转发规则过滤所述第一报文。
在一种可能的实现方式中,在所述第一PE设备接口配置过滤所述第一报文的转发规则,转发规则可以是过滤源地址携带虚拟MAC地址的报文。
S440,如果所述第一L3GW接收所述目的主机发送的第一报文的响应报文,则所述第一L3GW根据所述第一报文的响应报文生成指向所述目的主机的路由。所述第一报文的响应报文的目的MAC地址为所述虚拟MAC地址,所述第一报文的响应报文的源MAC地址为目的主机的MAC地址。
在一种可能的实现方式中,如果第一L3GW收到第一报文的响应报文,则所述第一L3GW通过学习所述第一报文的响应报文并使能所述第一L3GW的路由发布功能,生成一条指向目标主机的路由,对于所述路由的具体生成方法可以参考步骤S230中的描述,此处不再赘述。
S450所述第一L3GW将所述路由发送给所述第一网络设备,所述路由用于所述第一网络设备向所述目的主机发送流量的依据。
在一种可能的实现方式中,第一网路设备可以是第一数据中心和第二数据中心之外的核心路由器。所述第一L3GW生成的路由可以通过将所述路由引入到动态路由协议中向所述核心路由器发布。
S460,所述第一网络设备接收所述目的主机的路由,并根据所述路由确定所述流量的传输路径。
在一种可能的实现方式中,所述路由可以是ARP Vlink直连路由,所述第一网络设备可以是核心路由器。所述核心路由器接收到ARP Vlink直连路由,利用所述路由指导核心路由器转发流量时能够匹配到32位目的主机路由,以实现对核心路由器对流量进行本地转发。
S470,如果所述第一L3GW没有接收到所述第一报文,则通过配置使所述第一L3GW不能生成所述路由。
在一种可能的实现方式中,所述第一L3GW在收到所述第一报文之前,所述第一L3GW就已经获取所述目的主机的MAC地址并生成或更新自身的ARP表项。具体获取ARP表项的方式可以是在所述第一数据中心的第一PE设置转发规则之前,所述第一L3GW通过向与第一L3GW处于同一网段的主机广播发送第二报文,例如广播发送ND请求报文,其中第二报文的源MAC地址为所述第一L3GW的实MAC地址,而不是所述第一L3GW的虚拟MAC地址。目的主机获取所述ND请求报文后将目的主机的MAC地址添加到ND响应报文,并将所述ND响应报文单播发送给所述第一L3GW。所述第一L3GW接收到所述ND响应报文,根据所述ND响应报文中目的主机的IP地址和MAC地址更新自己的ARP表项。通过步骤S230中对所述第一L3GW配置命令:arp virtual detect enable并使能该命令,使的所述第一L3GW对携带第一L3GW实MAC地址的报文,例如所述第二报文的响应报文,只学习该报文中目的主机的MAC地址已更新或生成自身ARP表项,不再根据所述ARP表项生成路由。这样可以避免在对第一PE设备设置过滤规则之前,第一L3GW会根据已经获取的ARP表项生成路由并发送给核心路由器,造成流量绕行的问题。
下面以所述第一报文为ARP探测报文为例,说明网络中确定流量传输路径的方法。
第一数据中心的第一L3GW和第二数据中心的第二L3GW通过VRRP组成VRRP组,并生成一个虚拟的IP地址和虚拟MAC地址,例如生成的虚拟MAC地址为00-00-5E-00-01-01。所述第一L3GW将所述虚拟MAC地址00-00-5E-00-01-01作为ARP探测报文的源MAC地址,并以广播的形式发送给与所述第一L3GW处于同一子网的主机。
如下表1所示,当所述第一报文为ARP探测报文时,所述第一报文的源MAC地址为所述第一L3GW的虚拟MAC地址,例如虚拟MAC地址为0000-5E00-0101,所述第一报文以太网头部的目的MAC为FFFF-FFFF-FFFF,目的地址为0000-0000-0000,目的IP地址为所述目的主机的IP地址,例如目的主机的IP地址为10.10、10.2,其中,对于所述ARP探测报文的源IP地址既可以为所述第一L3GW的IP地址,也可以为所述第一L3GW与所述第二L3GW通过VRRP生成的上述虚拟IP地址,本申请对第一报文的源IP地址不做限制,例如该IP地址可以为第一L3GW的IP地址10.10.10.1。
Figure PCTCN2018110557-appb-000001
表1
所述第一数据中心的第一PE设备接收到所述ARP探测报文。所述第一PE设备根据第一PE设备接口的转发规则对所述ARP探测报文进行处理。所述第一PE设备接口配置的ACL转发规则为第一PE设备将源地址携带00-00-5E-00-01的报文丢弃。第一PE设备的接口接收到ARP探测报文,对ARP探测报文进行匹配,根据设置的转发规则将源MAC地址携带有00-00-5E-00-01的所述ARP探测报文丢弃。这样所述ARP探测报文只能在所述第一数据中心广播发送,只有所述第一数据中心的主机能够接收到所述ARP探测报文,使得所述AR探测报文并不能通过所述第一数据中心的PE设备转发给第二数据中心扩散。
所述第一L3GW将所述ARP探测报文广播发送给与所述第一L3GW处于同一子网的主机,由于第一PE设备设置的ACL转发规则,使得所述ARP探测报文实际只会向在所述第一数据中心的主机广播发送,因此与所述第一L3GW处于同一子网的第一数据中心的主机都会收到所述ARP探测报文,每个主机接收到所述ARP探测报文时查看所述ARP探测报文中的目的地址IP地址是否与自身IP地址相同,如果不同,则该主机将所述ARP探测报文直接丢弃,如果相同,则该主机为所述ARP探测报文需要查找MAC地址的目的主机,所述目的主机将自己的MAC地址封装在针对所述ARP探测报文的响应报文中并向所述第一L3GW单播ARP响应报文,其中ARP响应报文的源MAC地址为所述目的主机的MAC地址,所述ARP响应报文的目的MAC地址为所述第一L3GW的虚拟MAC 地址。
如下表2所示,所述第一报文的响应报文可以为ARP响应报文。如表2所示,ARP响应报文由目的主机单播发送给所述第一L3GW,ARP响应报文的源MAC地址为目的主机的MAC地址,例如该目的主机的MAC地址为36d5-8511-0309,所述ARP响应报文的源IP地址为所述目的主机的IP地址10.10.10.2,所述ARP响应报文的目的IP地址为所述第一L3GW的IP地址,所述ARP响应报文的目的MAC地址为所述第一L3GW的虚拟MAC地址0000-5E00-0101。
Figure PCTCN2018110557-appb-000002
表2
所述第一L3GW接收所述ARP响应报文。通过对所述第一L3GW配置命令arp virtual detect enable并使能该命令,使所述第一L3GW对接收的报文先进行判断,如果所述报文不包括所述第一L3GW的虚拟MAC地址,例如该报文的目的MAC地址为所述第一L3GW的实AMC地址,则所述第一L3GW只根据该报文生成或更新ARP表项不会根据所述ARP表项生成路由;如果所述报文包括所述第一L3GW的虚拟MAC地址,例如所述ARP响应报文,则所述第一L3GW不仅根据该所述ARP响应报文生成或更新自身的ARP表项,并通过使能主机路由功能使所述第一L3GW学习该ARP表项以获取所述目的主机的IP地址和所述目的主机对应的实际物理接口,以生成包含实际物理端口信息的路由表项,例如生成32位直连路由。所述第一L3GW通过将所述32位直连路由添加到动态路由协议发送给第一数据中心和第二数据中心之外的核心路由器,使得核心路由器获取所述32位直连路由。核心路由器根据所述路由将访问目的主机的流量发送给所述目的主机所在数据中心的网关,以避免流量的绕行。
如图5所示,为本申请提供了一种网络中确定流量传输路径的L3GW,所述L3GW既可以是图1中的网关104,也可以是网关105,还可以是方法流程图2和图4中的第一L3GW,可以实现所述第一L3GW的功能。该网络中包括第一数据中心、第二数据中心和第一网络设备。所述第一数据中心包括第一L3GW。所述第二数据中心包括第二L3GW。所述第一L3GW和所述第二L3GW处于同一子网中。所述第一数据中心之外的所述第一网络设备通过所述第一L3GW向所述第一数据中心发送流量,所述第一数据之外的所述第一网络设备通过所述第二L3GW向所述第二数据中心发送流量。所述第一L3GW包括发送单元501、接收单元502,处理单元503。
发送单元501用于向与所述第一L3GW处于同一子网的主机发送第一报文,并将目的主机的路由发送给所述第一网络设备,所述路由用于所述第一网络设备向所述目的 主机发送流量的依据,所述第一报文的源MAC地址为所述第一L3GW的虚拟媒体接入控制MAC地址。
接收单元502用于接收所述目的主机发送的第一报文的响应报文,所述第一报文的响应报文的目的MAC地址为所述虚拟MAC地址,所述第一报文的响应报文的源MAC地址为目的主机的MAC地址。
处理单元503用于根据所述第一报文的响应报文生成指向所述目的主机的路由。
在一种可能的实现方式中,所述第一报文既可以是ARP探测报文或免费ARP报文,还可以是ND请求报文。所述第一网络设备可以是核心路由器。发送单元502通过广播的方式向所述第一数据中心的主机发送ARP探测报文或者ND请求报文,其中,第一报文的的源MAC地址为所述第一L3GW和所述第二L3GW通过VRRP生成的虚拟MAC地址。如果接收单元502接收到所述第一报文的响应报文,则处理单元503通过学习所述接收单元502接收到的第一报文的响应报文生成表项,并根据所述表项将所述表项转化为一条指向目的主机的路由,发送单元501通过路由协议将所述路由发送给核心路由器。
可选的,所述发送单元501在所述第一L3GW向与所述第一L3GW处于同一子网的主机发送第一报文之前,还用于向与所述第一L3GW处于同一子网的主机发送第二报文,其中,所述第二报文的源MAC地址为所述第一L3GW的MAC地址。所述接收单元502还用于接收所述目的主机发送的第二报文的响应报文,其中,所述第二报文的响应报文的目的MAC为所述第一L3GW的MAC地址。
在该具体实施方式中,所述发送单元501、所述接收单元502和所述处理单元503的具体实现可以参考图2和图4中所述的第一L3GW的功能和实施步骤,为了简洁,不再赘述。
如图6所示,为本申请提供了一种网络中确定流量传输路径的PE设备,所述PE设备既可以运营商边缘108或运营商边缘109,还可以是方法流程图3和图4中的第一PE设备,可以实现所述第一PE设备的功能。所述网络包括第一数据中心和第二数据中心,所述第一数据中心的第一三层网关L3GW和所述第二数据中心的第二L3GW处于同一子网中,所述第一数据中心的第一PE设备和所述第二数据中心的第二PE设备互联,所述设备包括接收单元601和处理单元602.
接收单元601用于接收第一报文。所述第一报文包括虚拟媒体接入控制MAC地址。所述虚拟MAC为所述第一L3GW和所述第二L3GW通过虚拟路由冗余协议生成的虚拟MAC地址。
处理单元602用于根据所述第一PE设备接口设置的转发规则过滤所述第一报文。所述转发规则为过滤包括虚拟MAC地址的报文。
在一种可能的实现方式中,接收单元601接收第一报文,由处理单元602根据转发规则过滤所述第一报文,即根据过滤规则将源地址为虚拟MAC地址的报文丢弃,由于所述第一报文的源MAC地址为所述第一L3GW和所述第二L3GW通过虚拟路由冗余协议生成的虚拟MAC地址,因此处理单元602会将所述第一报文过滤。
可选的,所述第一PE设备根据所述第一PE设备接口设置的转发规则将包括虚拟MAC地址的所述第一报文丢弃。
在该具体实施方式中,所述接收单元601和所述处理单元602的具体实现可以参考图3和图4中所述的第一PE设备的功能和实施步骤,为了简洁,不再赘述。
如图7所示,为本申请提供了另一种网络中确定流量传输路径的L3GW,所述L3GW既可以是图1中的网关104,也可以是网关105,还可以是方法流程图2和图4中的第一L3GW,可以实现所述第一L3GW的功能。该网络中包括第一数据中心、第二数据中心和第一网络设备。所述第一数据中心包括第一L3GW。所述第二数据中心包括第二L3GW。所述第一L3GW和所述第二L3GW处于同一子网中。所述第一数据中心之外的所述第一网络设备通过所述第一L3GW向所述第一数据中心发送流量,所述第一数据之外的所述第一网络设备通过所述第二L3GW向所述第二数据中心发送流量。所述第一L3GW包括网络接口701,还可以包括处理器702或存储器703。
处理器702包括但不限于中央处理器(英文:central processing unit,简称:CPU),网络处理器(英文:network processor,简称:NP),专用集成电路(英文:application-specific integrated circuit,简称:ASIC)或者可编程逻辑器件(英文:programmable logic device,缩写:PLD)中的一个或多个。上述PLD可以是复杂可编程逻辑器件(英文:complex programmable logic device,缩写:CPLD),现场可编程逻辑门阵列(英文:field-programmable gate array,缩写:FPGA),通用阵列逻辑(英文:generic array logic,缩写:GAL)或其任意组合。处理器702负责管理总线704和通常的处理,还可以提供各种功能,包括定时,外围接口,电压调节,电源管理以及其他控制功能。存储器703可以用于存储处理器702在执行操作时所使用的数据。
网络接口701可以是有线接口,例如光纤分布式数据接口(英文:Fiber Distributed Data Interface,简称:FDDI)、以太网(英文:Ethernet)接口。网络接口701也可以是无线接口,例如无线局域网接口。
存储器703可以是包括但不限于内容寻址存储器(英文:content-addressable memory,简称:CAM),例如三态内容寻址存储器(英文:ternary CAM,简称:TCAM),随机存取存储器(英文:random-access memory,简称:RAM)。
存储器703也可以集成在处理器702中。如果存储器703和处理器702是相互独立的器件,存储器573和处理器702相连,例如存储器703和处理器702可以通过总线通信。网络接口701和处理器702可以通过总线通信,网络接口701也可以与处理器702直连。
总线704可以包括任意数量的互联的总线和桥,总线704将包括由处理器702代表的一个或多个处理器702和存储器703代表的存储器的各种电路链接在一起。总线704还可以将诸如外围设备、稳压器和功率管理电路等之类的各种其他电路链接在一起,这些都是本领域所公知的,因此,本文不再对其进行进一步描述。
在一种可能的实现方式中,网络接口701用于向与所述第一L3GW处于同一子网的主机发送第一报文。所述第一报文包括虚拟媒体接入控制MAC地址,其中,所述虚拟MAC为所述第一L3GW和所述第二L3GW通过虚拟路由冗余协议VRRP生成的虚拟MAC地址。如果所述第一L3GW接收到第一报文的响应报文,则处理器702用于将根据所述第一报文的响应报文生成指向目的主机的路由,并将所述路由发送给所述第一网络设备, 所述路由用于所述第一网络设备向所述目的主机发送流量的依据,所述第一网络设备用于根据所述路由将流量发送到所述目的主机。如果所述第一L3GW没有接收到所述第一报文的响应报文,则处理器702不向所述第一网络设备发送目的主机的路由。
可选的,网络接口701在所述第一L3GW向与所述第一L3GW处于同一子网的主机发送第一报文之前,还用于向与所述第一L3GW处于同一子网的主机发送第二报文,其中,所述第二报文的源MAC地址为所述第一L3GW的MAC地址。
所述网络接口701还用于接收所述目的主机发送的第二报文的响应报文,其中,所述第二报文的响应报文的目的MAC为所述第一L3GW的MAC地址。
可选的,所述所述第一报文为地址解析协议ARP或者邻居发现ND报文。
在该具体实施方式中,所述处理器702和所述网络接口701的具体实现可以参考图2和图4中所述第一L3GW的功能和实施步骤,为了简洁,不再赘述。
如图8所示,为本申请提供了另一种网络中确定流量传输路径的PE设备,所述PE设备既可以运营商边缘108或运营商边缘109,还可以是方法流程图3和图4中的第一PE设备,可以实现所述第一PE设备的功能。所述网络包括第一数据中心和第二数据中心,所述第一数据中心的第一三层网关L3GW和所述第二数据中心的第二L3GW处于同一子网中,所述第一数据中心的第一PE设备和所述第二数据中心的第二PE设备互联,所述设备包括网络接口801和处理器802,还可以包括存储器803。
处理器802包括但不限于中央处理器(英文:central processing unit,简称:CPU),网络处理器(英文:network processor,简称:NP),专用集成电路(英文:application-sPE设备cific integrated circuit,简称:ASIC)或者可编程逻辑器件(英文:programmable logic device,缩写:PLD)中的一个或多个。上述PLD可以是复杂可编程逻辑器件(英文:complex programmable logic device,缩写:CPLD),现场可编程逻辑门阵列(英文:field-programmable gate array,缩写:FPGA),通用阵列逻辑(英文:generic array logic,缩写:GAL)或其任意组合。处理器802负责管理总线804和通常的处理,还可以提供各种功能,包括定时,外围接口,电压调节,电源管理以及其他控制功能。存储器803可以用于存储处理器802在执行操作时所使用的数据。
网络接口801可以是有线接口,例如光纤分布式数据接口(英文:Fiber Distributed Data Interface,简称:FDDI)、以太网(英文:Ethernet)接口。网络接口801也可以是无线接口,例如无线局域网接口。
存储器803可以是包括但不限于内容寻址存储器(英文:content-addressable memory,简称:CAM),例如三态内容寻址存储器(英文:ternary CAM,简称:TCAM),随机存取存储器(英文:random-access memory,简称:RAM)。
存储器803也可以集成在处理器802中。如果存储器803和处理器802是相互独立的器件,存储器803和处理器802相连,例如存储器803和处理器802可以通过总线通信。网络接口801和处理器802可以通过总线通信,网络接口801也可以与处理器802直连。
总线804可以包括任意数量的互联的总线和桥,总线804将包括由处理器802代表的一个或多个处理器802和存储器803代表的存储器的各种电路链接在一起。总线 804还可以将诸如外围设备、稳压器和功率管理电路等之类的各种其他电路链接在一起,这些都是本领域所公知的,因此,本文不再对其进行进一步描述。
在一种可能的实现方式中,网络接口801用于接收第一报文,其中,所述第一报文包括虚拟媒体接入控制MAC地址,所述虚拟MAC为所述第一L3GW和所述第二L3GW通过虚拟路由冗余协议生成的虚拟MAC地址。处理器802根据所述第一PE设备接口设置的转发规则过滤所述第一报文,所述转发规则为过滤包括虚拟MAC地址的报文。
在一种可能的实现方式中,所述第一PE设备根据所述第一PE设备接口设置的转发规则将包括虚拟MAC地址的所述第一报文丢弃。
在该具体实施方式中,所述处理器802和所述网络接口801的具体实现可以参考图2和图4中所述的第一L3GW的功能和实施步骤,为了简洁,不再赘述。
如图9所示,为本申请提供一种网络中确定流量传输路径的系统。所述网络包括第一数据中心、第二数据中心和第一网络设备。所述第一数据中心的第一三层网关L3GW901和所述第二数据中心的第二L3GW处于同一子网中。所述第一数据中心之外的所述第一网络设备通过所述第一L3GW向所述第一数据中心发送流量。所述第一数据之外的所述第一网络设备通过所述第二L3GW向所述第二数据中心发送流量。所述第一数据中心的第一运营商边缘PE设备902和所述第二数据中心的第二PE设备互联。所述系统包括第一L3GW 901和第一PE设备902。
所述第一L3GW 901可以是图1中的网关104,也可以是网关105,还可以是方法流程图2和图4中的第一L3GW,可以实现所述第一L3GW的功能,还可以是图5或图7中的第一L3GW。
所述所述第一PE设备既可以运营商边缘108或运营商边缘109,还可以是方法流程图3和图4中的第一PE设备,可以实现所述第一PE设备的功能,还可以是图6或图8中的第一PE设备。
所述第一L3GW 901用于向与所述第一L3GW处于同一子网的主机发送第一报文,并将目的主机的路由发送给所述第一网络设备以使所述第一网络设备根据所述路由向所述目的主机发送流量,接收所述目的主机发送的第一报文的响应报文,根据所述第一报文的响应报文生成指向所述目的主机的路由,其中,所述第一报文的源MAC地址为所述第一L3GW的虚拟媒体接入控制MAC地址,所述第一报文的响应报文的目的MAC地址为所述虚拟MAC地址,所述第一报文的响应报文的源MAC地址为目的主机的MAC地址。
所述第一PE设备902用于用于接收第一报文,根据所述第一PE设备接口设置的转发规则过滤所述第一报文,所述第一报文包括虚拟媒体接入控制MAC地址,其中,所述虚拟MAC为所述第一L3GW和所述第二L3GW通过虚拟路由冗余协议生成的虚拟MAC地址。
在该具体实施方式中,所述第一L3GW 901具体实现可以参考图2和图4中所述的第一L3GW的功能和实施步骤。所述第一PE设备902具体实现可以参考图3和图4中所述的第一L3GW的功能和实施步骤,为了简洁,不再赘述。
应理解,在本申请的各种实施例中,上述各方法的序号的大小并不意味着执行顺序的先后,各方法的执行顺序应以其功能和内在逻辑确定,而不应对本申请实施例的 实施过程构成任何限定。
在本申请所提供的几个实施例中,应该理解到,所公开的方法和设备,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述模块的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个模块或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。
所述作为分离部件说明的模块可以是或者也可以不是物理上分开的,作为模块显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。
另外,在本发明各个实施例中的各功能模块可以集成在一个处理单元中,也可以是各个模块单独物理存在,也可以两个或两个以上模块集成在一个单元中。上述集成的模块既可以采用硬件的形式实现,也可以采用硬件加软件功能单元的形式实现。
所述集成的单元如果以硬件结合软件的形式实现并作为独立的产品销售或使用时,所述软件可以存储在一个计算机可读取存储介质中。基于这样的理解,本发明的技术方案对现有技术做出贡献的部分技术特征可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本发明各个实施例所述方法的部分或全部步骤。而前述的存储介质可以是U盘、移动硬盘、只读存储器(简称:ROM,英文:Read-Only Memory)、随机存取存储器(简称:RAM,英文:Random Access Memory)、磁碟或者光盘。
以上所述,仅为本发明的具体实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的技术范围内,可轻易想到变化或替换,都应涵盖在本发明的保护范围之内。因此,本发明的保护范围应以所述权利要求的保护范围为准。

Claims (12)

  1. 一种网络中确定流量传输路径的方法,所述网络包括第一数据中心、第二数据中心和第一网络设备,所述第一数据中心包括第一三层网关L3GW,所述第二数据中心包括第二L3GW,所述第一L3GW和所述第二L3GW处于同一子网中,所述第一数据中心之外的所述第一网络设备通过所述第一L3GW向所述第一数据中心发送流量,所述第一数据之外的所述第一网络设备通过所述第二L3GW向所述第二数据中心发送流量,其特征在于,所述方法包括:
    所述第一L3GW向与所述第一L3GW处于同一子网的主机发送第一报文,所述第一报文携带所述第一L3GW的虚拟媒体接入控制MAC地址;
    所述第一L3GW接收目的主机发送的第一报文的响应报文,所述第一报文的响应报文的目的MAC地址为所述虚拟MAC地址,所述第一报文的响应报文的源MAC地址为目的主机的MAC地址;
    所述第一L3GW根据所述第一报文的响应报文生成指向所述目的主机的路由,并将所述路由发送给所述第一网络设备,所述路由用于所述第一网络设备向所述目的主机发送流量的依据。
  2. 根据权利要求1所述的方法,其特征在于,在所述第一L3GW向与所述第一L3GW处于同一子网的主机发送第一报文之前,所述方法还包括:
    所述第一L3GW向与所述第一L3GW处于同一子网的主机发送第二报文,所述第二报文的源MAC地址为所述第一L3GW的MAC地址;
    所述第一L3GW接收所述目的主机发送的第二报文的响应报文,所述第二报文的响应报文的目的MAC为所述第一L3GW的MAC地址;
    所述第一L3GW不根据所述第二报文的响应报文生成指向所述目的主机的路由。
  3. 根据权利要求1或2所述的方法,其特征在于,所述第一报文为地址解析协议ARP或者邻居发现ND报文。
  4. 根据权利要求1至3所述的方法,其特征在于,所述第一L3GW的虚拟媒体为所述第一L3GW和所述第二L3GW通过虚拟路由冗余协议VRRP生成的虚拟MAC地址。
  5. 一种网络中确定流量传输路径的方法,所述网络包括第一数据中心和第二数据中心,所述第一数据中心的第一三层网关L3GW和所述第二数据中心的第二L3GW处于同一子网中,所述第一数据中心的第一运营商边缘PE设备和所述第二数据中心的第二PE设备互联,其特征在于,所述方法包括:
    所述第一PE设备接收所述第一L3GW向与所述第一L3GW处于同一子网的主机发送的第一报文,所述第一报文包括所述第一L3GW的虚拟媒体接入控制MAC地址;
    所述第一PE设备根据所述第一PE设备接口设置的转发规则过滤所述第一报文,以阻止所述第一报文向所述第一数据中心之外的主机发送。
  6. 根据权利要求5所述的方法,其特征在于,所述第一PE设备根据所述第一PE设 备接口设置的转发规则过滤所述第一报文,包括:
    所述第一PE设备确认所述第一报文中携带所述第一L3GW的虚拟MAC地址,根据所述转发规则丢弃所述第一报文。
  7. 一种网络中确定流量传输路径的第一三层网关L3GW,所述网络包括第一数据中心、第二数据中心和第一网络设备,所述第一数据中心包括第一L3GW,所述第二数据中心包括第二L3GW,所述第一L3GW和所述第二L3GW处于同一子网中,所述第一数据中心之外的所述第一网络设备通过所述第一L3GW向所述第一数据中心发送流量,所述第一数据之外的所述第一网络设备通过所述第二L3GW向所述第二数据中心发送流量,其特征在于,所述第一L3GW包括:
    发送单元,用于向与所述第一L3GW处于同一子网的主机发送第一报文,并将目的主机的路由发送给所述第一网络设备,所述路由用于所述第一网络设备向所述目的主机发送流量的依据,所述第一报文的源MAC地址为所述第一L3GW的虚拟媒体接入控制MAC地址;
    接收单元,用于接收所述目的主机发送的第一报文的响应报文,所述第一报文的响应报文的目的MAC地址为所述虚拟MAC地址,所述第一报文的响应报文的源MAC地址为目的主机的MAC地址;
    处理单元,用于根据所述第一报文的响应报文生成指向所述目的主机的路由。
  8. 根据权利要求7所述的方法,其特征在于,
    所述发送单元,在所述第一L3GW向与所述第一L3GW处于同一子网的主机发送第一报文之前,还用于向与所述第一L3GW处于同一子网的主机发送第二报文,所述第二报文的源MAC地址为所述第一L3GW的MAC地址;
    所述接收单元,还用于接收所述目的主机发送的第二报文的响应报文,所述第二报文的响应报文的目的MAC为所述第一L3GW的MAC地址。
  9. 一种网络中确定流量传输路径的第一运营商边缘PE设备,所述网络包括第一数据中心和第二数据中心,所述第一数据中心的第一三层网关L3GW和所述第二数据中心的第二L3GW处于同一子网中,所述第一数据中心的第一PE设备和所述第二数据中心的第二PE设备互联,其特征在于,所述设备包括:
    接收单元,用于接收所述第一L3GW向与所述第一L3GW处于同一子网的主机发送的第一报文,所述第一报文包括虚拟媒体接入控制MAC地址;
    处理单元,用于根据所述第一PE设备接口设置的转发规则过滤所述第一报文,所述转发规则为过滤包括虚拟MAC地址的报文,以阻止所述第一报文向所述第一数据中心之外的主机发送。
  10. 根据权利要求9所述的设备,其特征在于,所述处理单元具体用于根据所述第一PE设备接口设置的转发规则将包括虚拟MAC地址的所述第一报文丢弃。
  11. 一种网络中确定流量传输路径的系统,所述网络包括第一数据中心、第二数据中心和第一网络设备,所述第一数据中心的第一三层网关L3GW和所述第二数据中心的第 二L3GW处于同一子网中,所述第一数据中心之外的所述第一网络设备通过所述第一L3GW向所述第一数据中心发送流量,所述第一数据之外的所述第一网络设备通过所述第二L3GW向所述第二数据中心发送流量,所述第一数据中心的第一运营商边缘PE设备和所述第二数据中心的第二PE设备互联,其特征在于,所述系统包括:
    所述第一L3GW,用于向与所述第一L3GW处于同一子网的主机发送第一报文,接收所述目的主机发送的第一报文的响应报文,根据所述第一报文的响应报文生成指向所述目的主机的路由,并将目的主机的路由发送给所述第一网络设备,所述路由用于所述第一网络设备向所述目的主机发送流量的依据,所述第一报文的源MAC地址为所述第一L3GW的虚拟媒体接入控制MAC地址;所述第一报文的响应报文的目的MAC地址为所述虚拟MAC地址,所述第一报文的响应报文的源MAC地址为目的主机的MAC地址。
    所述第一PE设备,用于接收第一报文,根据所述第一PE设备接口设置的转发规则过滤所述第一报文,所述第一报文包括虚拟媒体接入控制MAC地址,以阻止所述第一报文向所述第一数据中心之外的主机发送。
  12. 根据权利要求11所述的系统,其特征在于,所述第一L3GW在所述第一L3GW向与所述第一L3GW处于同一子网的主机发送第一报文之前,还用于向与所述第一L3GW处于同一子网的主机发送第二报文,并接收所述目的主机发送的第二报文的响应报文,所述第一L3GW不根据所述第二报文的响应报文生成指向所述目的主机的路由,所述第二报文的源MAC地址为所述第一L3GW的MAC地址,所述第二报文的响应报文的目的MAC为所述第一L3GW的MAC地址。
PCT/CN2018/110557 2017-10-27 2018-10-17 一种网络中确定流量传输路径的方法、设备和系统 WO2019080750A1 (zh)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP18869516.7A EP3691200A4 (en) 2017-10-27 2018-10-17 METHOD, DEVICE AND SYSTEM FOR DETERMINING TRAFFIC TRANSMISSION PATH IN A NETWORK
US16/858,136 US20200280463A1 (en) 2017-10-27 2020-04-24 Method, device, and system for determining traffic transmission path on network

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201711020259.2A CN109729010B (zh) 2017-10-27 2017-10-27 一种网络中确定流量传输路径的方法、设备和系统
CN201711020259.2 2017-10-27

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US16/858,136 Continuation US20200280463A1 (en) 2017-10-27 2020-04-24 Method, device, and system for determining traffic transmission path on network

Publications (1)

Publication Number Publication Date
WO2019080750A1 true WO2019080750A1 (zh) 2019-05-02

Family

ID=66247751

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/110557 WO2019080750A1 (zh) 2017-10-27 2018-10-17 一种网络中确定流量传输路径的方法、设备和系统

Country Status (4)

Country Link
US (1) US20200280463A1 (zh)
EP (1) EP3691200A4 (zh)
CN (1) CN109729010B (zh)
WO (1) WO2019080750A1 (zh)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114430364A (zh) * 2022-01-21 2022-05-03 京东科技信息技术有限公司 信息展示方法、装置、电子设备和计算机可读介质

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112511398B (zh) * 2019-09-16 2023-11-28 中兴通讯股份有限公司 一种防止流量绕行的方法及装置

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8363666B2 (en) * 2010-02-22 2013-01-29 Cisco Technology, Inc. Multiple network architecture providing for migration of devices
CN104115453A (zh) * 2013-12-31 2014-10-22 华为技术有限公司 一种实现虚拟机通信的方法和装置
CN106878134A (zh) * 2016-12-16 2017-06-20 新华三技术有限公司 数据中心互通方法和装置
CN106878168A (zh) * 2017-03-20 2017-06-20 新华三技术有限公司 一种报文转发方法及装置

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8959201B2 (en) * 2009-12-16 2015-02-17 Juniper Networks, Inc. Limiting control traffic in a redundant gateway architecture
US20130003738A1 (en) * 2011-06-29 2013-01-03 Brocade Communications Systems, Inc. Trill based router redundancy
US8799510B2 (en) * 2011-07-05 2014-08-05 Cisco Technology, Inc. Managing host routes for local computer networks with a plurality of field area routers
US8923149B2 (en) * 2012-04-09 2014-12-30 Futurewei Technologies, Inc. L3 gateway for VXLAN
EP2853066B1 (en) * 2012-05-23 2017-02-22 Brocade Communications Systems, Inc. Layer-3 overlay gateways
CN102932251B (zh) * 2012-10-31 2016-01-27 杭州华三通信技术有限公司 实现本地三层终结的方法及设备
US9426060B2 (en) * 2013-08-07 2016-08-23 International Business Machines Corporation Software defined network (SDN) switch clusters having layer-3 distributed router functionality
US9264347B2 (en) * 2013-12-27 2016-02-16 Dell Products L.P. N-node virtual link trunking (VLT) systems control plane
CN104869063B (zh) * 2014-02-21 2019-02-12 华为技术有限公司 虚拟子网中的主机路由处理方法及相关设备和通信系统

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8363666B2 (en) * 2010-02-22 2013-01-29 Cisco Technology, Inc. Multiple network architecture providing for migration of devices
CN104115453A (zh) * 2013-12-31 2014-10-22 华为技术有限公司 一种实现虚拟机通信的方法和装置
CN106878134A (zh) * 2016-12-16 2017-06-20 新华三技术有限公司 数据中心互通方法和装置
CN106878168A (zh) * 2017-03-20 2017-06-20 新华三技术有限公司 一种报文转发方法及装置

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP3691200A4

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114430364A (zh) * 2022-01-21 2022-05-03 京东科技信息技术有限公司 信息展示方法、装置、电子设备和计算机可读介质

Also Published As

Publication number Publication date
EP3691200A1 (en) 2020-08-05
EP3691200A4 (en) 2020-11-11
US20200280463A1 (en) 2020-09-03
CN109729010A (zh) 2019-05-07
CN109729010B (zh) 2021-06-22

Similar Documents

Publication Publication Date Title
US11029982B2 (en) Configuration of logical router
US10116559B2 (en) Operations, administration and management (OAM) in overlay data center environments
EP3282649B1 (en) Data packet forwarding
US9083642B2 (en) Systems and methods for optimizing layer three routing in an information handling system
US9729578B2 (en) Method and system for implementing a network policy using a VXLAN network identifier
WO2016055027A1 (en) Table entry in software defined network
US10601702B1 (en) Flexible packet replication and filtering for multicast/broadcast
US10057162B1 (en) Extending Virtual Routing and Forwarding at edge of VRF-aware network
US10616105B1 (en) Extending virtual routing and forwarding using source identifiers
JP2013051729A (ja) 仮想ルータ機能を提供する方法
WO2013029440A1 (en) Method and apparatus for implementing layer-2 interconnection of data centers
CN116547953A (zh) 由网络结构控制平面实施段间流量策略
US10554547B2 (en) Scalable network address translation at high speed in a network environment
CN118266203A (zh) 智能nic的成组
WO2019080750A1 (zh) 一种网络中确定流量传输路径的方法、设备和系统
WO2017036384A1 (zh) 运营商边缘设备及数据转发方法
CN109818869B (zh) 组播流量转发端口的生成方法及相关设备
US10341259B1 (en) Packet forwarding using programmable feature prioritization
US20170237691A1 (en) Apparatus and method for supporting multiple virtual switch instances on a network switch
US10630596B1 (en) Forwarding action redirection

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18869516

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 2018869516

Country of ref document: EP

Effective date: 20200501