WO2021017619A1 - Dmvpn control method, network device, communication system and storage medium - Google Patents

Dmvpn control method, network device, communication system and storage medium Download PDF

Info

Publication number
WO2021017619A1
WO2021017619A1 PCT/CN2020/093800 CN2020093800W WO2021017619A1 WO 2021017619 A1 WO2021017619 A1 WO 2021017619A1 CN 2020093800 W CN2020093800 W CN 2020093800W WO 2021017619 A1 WO2021017619 A1 WO 2021017619A1
Authority
WO
WIPO (PCT)
Prior art keywords
central node
node
standby
address
dmvpn
Prior art date
Application number
PCT/CN2020/093800
Other languages
French (fr)
Chinese (zh)
Inventor
马飞
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2021017619A1 publication Critical patent/WO2021017619A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0654Management of faults, events, alarms or notifications using network fault recovery
    • H04L41/0668Management of faults, events, alarms or notifications using network fault recovery by dynamic selection of recovery network elements, e.g. replacement by the most appropriate element after failure

Definitions

  • the embodiments of the present disclosure relate to but not limited to the communication field, and specifically, relate to but not limited to a DMVPN control method, a network device, a communication system, and a storage medium.
  • DMVPN Dynamic Multipoint Virtual Private Network
  • the DMVPN network includes hub nodes (central nodes) and spoke nodes (branch nodes), using NHRP (Next Hop Resolution Protocol, next hop resolution protocol) technical analysis requires the establishment of VPN (Virtual Private Network, virtual private network) tunnel
  • NHRP Next Hop Resolution Protocol, next hop resolution protocol
  • mGRE multipoint Generic Routing Encapsulation, multipoint general routing encapsulation
  • DMVPN networking communication between nodes usually needs to pass through the central node. If the central node fails, it will cause communication interruption and network paralysis, which reduces the stability of DMVPN networking communication.
  • the DMVPN control method, network equipment, communication system, and storage medium provided by the embodiments of the present disclosure mainly solve the technical problem of low stability of existing DMVPN network communication.
  • embodiments of the present disclosure provide a DMVPN control method, which includes: when the main central node fails, the standby central node provides services for branch nodes and/or central nodes in the DMVPN network.
  • the embodiment of the present disclosure further provides a network device, including: a first processor, a first memory, and a first communication bus; the first communication bus is configured to realize connection and communication between the first processor and the first memory; The first processor is configured to execute one or more computer programs stored in the first memory to implement the steps of the central node in the DMVPN control method.
  • the embodiment of the present disclosure further provides a network device, including: a second processor, a second memory, and a second communication bus; the second communication bus is configured to realize connection and communication between the second processor and the second memory; The second processor is configured to execute one or more computer programs stored in the second memory to implement the step of the branch node in the DMVPN control method
  • the embodiments of the present disclosure also provide a storage medium, the storage medium stores one or more computer programs, and the one or more computer programs can be executed by one or more processors to implement the DMVPN control method described in Steps of the central node or the branch node.
  • the beneficial effects of the present disclosure are: according to the DMVPN control method, network equipment, communication system, and storage medium provided by the embodiments of the present disclosure, when the main central node fails, the standby central node is the branch node and/or center in the DMVPN network The nodes provide services. In some implementations, after the main central node fails, the standby central node can ensure communication, thereby improving the stability of DMVPN network communication.
  • Fig. 1 is a flowchart of a DMVPN control method according to the first embodiment of the disclosure
  • FIG. 2 is a flowchart of the election of the primary central node and the standby central node in the first embodiment of the disclosure
  • FIG. 3 is a detailed flowchart of the DMVPN control method according to the second embodiment of the disclosure.
  • FIG. 4 is a schematic diagram of a DMVPN architecture according to the second embodiment of the disclosure.
  • FIG. 5 is a schematic diagram of encapsulation and encryption according to the second embodiment of the disclosure.
  • FIG. 6 is a schematic diagram of a network device structure according to the fourth embodiment of the disclosure.
  • Fig. 7 is a schematic structural diagram of another network device according to the fourth embodiment of the disclosure.
  • FIG. 1 is a flowchart of the DMVPN control method provided by an embodiment of the present disclosure, including:
  • the standby central node provides services for branch nodes and/or central nodes in the DMVPN network.
  • the DMVPN network includes at least two central nodes.
  • the node in the working state of the main central node is the main central node
  • the node in the working state of the standby central node is the standby central node.
  • a central node based on its different working status, can be the main central node or the standby central node.
  • the main central node is set to provide services for communication in the DMVPN network, that is, to provide services for communication between branch nodes and/or central nodes in the DMVPN network.
  • the backup center node may be in an idle state.
  • the standby central node provides services for communications in the DMVPN network, that is, the standby central node serves as the DMVPN network
  • the branch node and/or the central node in the communication provide service to ensure the normal communication of the DMVPN network and improve the reliability of the DMVPN network communication. It should be understood that the provision of services for communications in the DMVPN networking includes but is not limited to providing communication services such as data forwarding. Regardless of whether the main central node or the standby central node, the objects that provide communication services include but are not limited to branch nodes and central nodes Wait.
  • the master central node may periodically send keep-alive messages to the standby central node. If the backup center node does not receive the including message sent by the master center node within the preset time period, it is determined that the master center node is faulty and provides services for communication in the DMVPN network.
  • each central node may determine whether it is a primary central node or a standby central node based on configuration information.
  • each central node may also select the main central node and the standby central node based on preset election rules, where the preset election rules include, but are not limited to, that the address identifier of the primary central node is greater than the address identifier of the standby central node, or the primary center The address identifier of the node is smaller than the address identifier of the standby center node.
  • the preset election rule is that the address identifier of the primary center node is greater than the address identifier of the backup center node
  • the election process of the primary center node and the backup center node includes:
  • S201 The first central node sends an interactive message to the second central node.
  • the first central node and the second central node are central nodes in the DMVPN networking, and are not the same central node.
  • the first central node is the election initiator, and the first central node can determine itself as the election initiator based on the received election initiation command, and send an interactive message to the second central node to start the election of the primary central node and the standby central node.
  • the interactive message here and the interactive message mentioned later include information such as the address identifier of the sender.
  • the first central node sends an interactive message to the second central node
  • the first central node is the sender. Therefore, the interactive message includes the address identifier of the first central node.
  • the address identifier may be at least one of an IP address (for example, a direct connection port address, etc.), a mac (Media Access Control Address, media access control) address (for example, a device loopback address, etc.).
  • IGP Interior Gateway Protocol
  • S202 The second central node sends an interactive message to the first central node.
  • the second central node After receiving the interactive message sent by the first central node, the second central node sends the interactive message to the first central node. It should be understood that the interactive message sent by the second central node to the first central node also includes the address identifier of the sender. Here, the sender of the interactive message is the second central node and therefore includes the second central node The address identification.
  • the first central node judges whether the address identifier of the local end is greater than the address identifier of the second central node.
  • the first central node After receiving the interactive message sent by the second central node, the first central node extracts the address identifier of the second central node from the interactive message, and compares it with the address identifier corresponding to the local end to determine the first central node Whether the address identifier of is greater than the address identifier of the second central node, if yes, go to S204; if not, go to S206. For example, assuming that the interactive message includes the address of the direct connection port, the first central node extracts the direct connection port address of the second central node from the interactive message sent by the second central node to the first central node, and adds the direct connection port address of the local end. The connection port address is compared with the direct connection port address of the second central node.
  • the first central node sets its own working state as the working state of the main central node, and sends a confirmation message to the second central node.
  • the first central node When the address identifier of the first central node is greater than the address identifier of the second central node, the first central node sets its own working status to the working status of the primary central node, that is, at this time, the first central node is the primary central node .
  • the first central node sends a confirmation message to the second central node.
  • the confirmation message may include at least one of the sender's group ID number, address identification, etc., where the address identification includes but is not limited to at least one of an IP address and a mac address (device address). That is to say, the confirmation message sent by the first central node to the second central node includes at least one of the group ID number and address identification of the first central node.
  • S205 The second central node sets its own working state to the working state of the standby central node.
  • the second central node After receiving the confirmation message sent by the first central node, the second central node sets its own working status as the standby central node working status, that is, at this time, the second central node is the standby central node.
  • S206 The first central node sends an interactive message to the second central node.
  • the first central node When the address identifier of the first central node is smaller than the address identifier of the first central node, the first central node sends an interactive message to the second central node. It should be understood that the sender of the interactive message here is the first center The node, therefore, includes the address identification of the first central node.
  • the second central node sets the working status of the main central node, and sends a confirmation message to the first central node.
  • the second central node After receiving the interactive message, the second central node can directly set its own working state as the working state of the main central node, and send a confirmation message to the first central node.
  • the second central node may also obtain the address identification of the first central node from the interaction message sent by the first central node, and compare it with its own address identification. The address identification of the second central node is greater than that of the first central node.
  • the sender of the confirmation message here is the second central node. Therefore, it may include at least one of the group ID number and address identification of the second central node, wherein the address identification includes but not It is limited to at least one of IP address, mac address (device address), etc.
  • S208 The first central node sets the working state to the working state of the standby central node.
  • the first central node After receiving the confirmation message sent by the second central node, the first central node sets its working state as the standby central node, that is, at this time, the first central node is the standby central node.
  • the first central node and the second central node belong to the same networking. Therefore, it is necessary to determine whether the first central node and the second central node are in the same networking. Among them, it can be judged whether the first central node and the second central node belong to the same network based on whether the group ID numbers of the first central node and the second central node are the same. Of course, it can also be judged based on other information. Whether the second center reception belongs to the same network.
  • the judgment process can be executed by the first central node or the second central node.
  • the interactive message in the aforementioned election process may include the sender’s group ID number.
  • the second central node extracts the group ID of the first central node after receiving the interactive message sent by the first central node. ID number, and compare it with its own group ID number. If they are consistent, the interactive message is sent to the first central node.
  • the first central node extracts the group ID number of the second central node from it, and compares it with its own group ID number, if they are consistent , It is determined whether the address identification of the first central node is greater than the address identification of the second central node, that is, the group ID number of the first central node at the local end is consistent with the group ID number of the second central node, and the address identification of the local end is greater than
  • the working status is set as the working status of the primary central node, and a confirmation message is sent to the second central node.
  • the election process can refer to the above preset election rule when the address identifier of the primary center node is greater than the address identifier of the standby center node. The election process will not be repeated here.
  • the central node whose identification information has changed can be used as the first central node to re-initiate the primary central node.
  • the central node and the central node election process to redefine the main central node and standby central node.
  • the identification information may be at least one of the IP address, group ID number, and mac address of the central node.
  • the primary central node can act as the first central node to send interactive messages to the second central node (standby central node) to start the election process of the primary central node and standby central node. Re-determine the main central node and standby central node.
  • each branch node in the DMVPN network sends a registration request to the main center node and the backup center node to complete the registration on the main center node and the backup center node.
  • the main central node updates the NHRP mapping table of the main central node based on the registration request;
  • the standby central node updates the NHRP mapping of the standby central node based on the registration request after receiving the registration request sent by the branch node table.
  • the NHRP mapping table includes the mapping relationship between the tunnel address and the next hop address.
  • the branch node may send a registration request to the main central node and the standby central node based on the configured main and standby routing table and the NHRP main and standby mapping table, respectively.
  • the active/standby routing table includes the route of the active central node and the route of the standby central node.
  • the main and standby route outlets point to the tunnel interfaces of the active and standby central nodes respectively;
  • the NHRP active/standby mapping table includes the tunnel address of the active central node and the next The mapping relationship of the hop address, the mapping relationship between the tunnel address of the backup center node and the next hop address.
  • the active and standby routing tables can be implemented based on a static routing protocol (that is, active and standby static routing tables), or can be implemented based on a dynamic routing protocol (that is, active and standby dynamic routing tables).
  • the NHRP master-slave mapping table can be dynamic (that is, the NHRP dynamic master-slave mapping table) or static (that is, the NHRP static master-slave mapping table).
  • the branch node communicates with the outside through the standby central node based on the configured main-standby routing table and the NHRP main-standby mapping table. That is, the branch node finds the route of the backup center node based on the main backup routing table, and finds the next hop address corresponding to the center node based on the NHRP master backup mapping table, encapsulates and encrypts the data and sends it to the backup center node.
  • the active/standby routing table and/or the NHRP active/standby mapping table may include switchback configuration information, where the switchback configuration information may include switchback configuration information and/or switchback waiting time.
  • the branch node can determine whether to switch back to the main central node based on the switch back configuration information, that is, determine whether to switch back to communicating with the outside world through the main central node from the current standby central node communicating with the outside world .
  • the switchback configuration information is switchback, after the main central node is restored, the branch node switches back to communicate with the outside world through the main central node; If the switchback configuration information is no switchback, after the main central node is restored, the branch node continues to communicate with the outside world through the standby central node.
  • both the active/standby routing table and the NHRP active/standby mapping table include whether to switch back configuration information, when the switchback configuration information in the active/standby routing table and the NHRP active/standby mapping table are both switchback, then the main center node will be restored Later, the branch node switches back to communicating with the outside world through the main central node; in other cases, even if the main central node is restored, the branch node continues to communicate with the outside world through the standby central node.
  • the switchback waiting time is not included in the switchback configuration information, after the main center node is restored, when the branch node determines the switchback based on whether the switchback configuration information, the switchback is performed immediately; if the switchback configuration information is The switchback waiting time is included in the main center node. After the main center node is restored, the branch node can determine the switchback time based on the switchback waiting time. That is to say, when the branch node determines that it needs to switch back, wait for the switchback waiting time, and then Switch back.
  • the switchback waiting time can be flexibly set according to actual needs, for example, set to 1 second, 10 seconds, etc.
  • the standby central node when the main central node fails, provides services for branch nodes and/or central nodes in the DMVPN network. In some implementations, the main central node fails. Later, the communication can be guaranteed through the standby central node, thereby improving the stability of the DMVPN networking communication.
  • the embodiments of the present disclosure provide a DMVPN control method on the basis of Embodiment 1. As shown in FIG. 3, the method includes:
  • the first central node receives an election initiation command.
  • the DMVPN network includes two central nodes and n (n is an integer greater than or equal to 1) branch nodes, which are the first central node and the second central node, and the first central node and the second central node. Node connection. After receiving the election initiation command, the first central node transfers to S302.
  • S302 The first central node sends an interactive message to the second central node.
  • the first central node After receiving the election initiation command, the first central node sends an interactive message to the second central node to start the election process of the primary central node and the standby central node.
  • the interactive message includes the address identification and the group ID number of the first central node.
  • the address identifier is at least one of an IP address, a mac address, and the like.
  • the second central node sends an interactive message to the first central node.
  • the second central node After receiving the interactive message sent by the first central node, the second central node sends the interactive message to the first central node, where the interactive message sent by the second central node includes the address identifier and group of the second central node ID number.
  • the address identification is at least one of an IP address, a mac address, and the like. It should be noted that the address identifier in each interactive message may be the same kind of address identifier.
  • the first central node judges whether the group ID number of the first central node is consistent with the group ID number of the second central node.
  • the first central node After the first central node receives the interactive message sent by the second central node, it extracts the group ID number and address identification of the second central node, and compares the group ID number of the second central node with its own group ID number. Compare and judge whether the two are consistent. If they are consistent, go to S305; if they are not consistent, then end.
  • the first central node judges whether the address identifier of the first central node is greater than the address identifier of the second central node.
  • the first central node When the group ID numbers of the first central node and the second central node are the same, it indicates that the first central node and the second central node belong to the same network, and the first central node continues to identify its own address with that of the second central node Compare and determine whether the address identifier of the first central node is greater than the address identifier of the second central node, if yes, go to S306; if not, go to S308. For example, if the interactive message includes the direct interface address of the sender, it is determined whether the direct interface address of the first central node is greater than the direct interface address of the second central node, if yes, go to S306; if not, go to S308.
  • the first central node sets the working status as the working status of the main central node, and sends a confirmation message to the second central node.
  • the first central node When the address identifier of the first central node is greater than the address identifier of the second central node, the first central node sets its own working status as the working status of the main central node, provides communication services for the branch nodes, and sends confirmation to the second central node Message. That is, at this time, the first central node is the main central node.
  • the confirmation message includes the group ID number and address identification of the sender, that is, the confirmation message here includes the group ID number and address identification of the first central node.
  • S307 The second central node sets its own working state as the working state of the standby central node.
  • the second central node After receiving the confirmation message sent by the first central node, the second central node sets its own working state to the working state of the standby central node, that is, at this time, the second central node is the standby central node.
  • the first central node When the address identifier of the first central node is smaller than the address identifier of the second central node, the first central node sends an interactive message to the second central node, where the interactive message here includes the address identifier of the first central node and Group ID number.
  • the second central node compares the address identifiers of the first central node and the second central node.
  • the second central node After receiving the interactive message sent by the first central node, the second central node extracts the address identifier of the first central node from the interactive message, and compares it with its own corresponding address identifier.
  • the second central node determines that its own address identifier is greater than the address identifier of the first central node, it sets its own working state as the working state of the primary central node, and sends a confirmation message to the first central node. That is, at this time, the second central node is the main central node.
  • the confirmation message here may include the group ID number and address identification of the second central node, and the address identification is at least one of an IP address and a mac address.
  • S311 The first central node sets its own working state to the working state of the standby central node.
  • the first central node After receiving the confirmation message sent by the second central node, the first central node sets its own working status to the working status of the standby central node, that is, at this time, the first central node is the standby central node.
  • a central node initiates the election process and re-determines the main central node and the auxiliary central node.
  • the main central node periodically sends a keep-alive message to the standby central node.
  • the primary central node After the election of the primary central node and the standby central node is completed, the primary central node periodically sends keep-alive messages to the standby central node. For example, 3 keep-alive messages can be sent every cycle, and the cycle can be set to 10 seconds, with an interval of 3 seconds. Send a message.
  • the branch node sends a registration request to the main central node and the standby central node based on the active-standby static routing table and the NHRP static active-standby mapping table.
  • the branch node After the election of the primary center node and the backup center node is completed, the branch node sends registration requests to the primary center node and the backup center node respectively based on the configured primary and backup static routing table and the NHRP static primary and backup mapping table to complete the registration request between the primary center node and the backup center node. Registration on the central node.
  • the active and standby static routing table includes the tunnel address of the active central node and the tunnel address of the standby central node.
  • the NHRP static active standby mapping table includes the mapping relationship between the tunnel address of the active central node and the next hop address, and the tunnel of the standby central node. The mapping relationship between the address and the next hop address.
  • the main central node and the standby central node update their respective NHRP mapping tables based on the registration request.
  • the main central node After receiving the registration request sent by the branch node, the main central node updates its own NHRP mapping table to save the branch node information.
  • the backup center node After receiving the registration request sent by the branch node, the backup center node updates its own NHRP mapping table to save the branch node information.
  • the NHRP mapping table includes the mapping relationship between the tunnel address and the next hop address.
  • the standby central node provides communication services for the branch nodes based on the NHRP mapping table, and the branch nodes communicate with the outside through the standby central node based on the active standby static routing table and the NHRP static active standby mapping table.
  • the backup center node within a preset time period, if the backup center node does not receive the keep-alive message sent by the master center node, it is determined that the master center node has failed, and the backup center node is a branch based on its stored NHRP mapping table
  • the nodes provide communication services, and the branch nodes communicate with the outside through the standby central node based on the active-standby static routing table and the NHRP static active-standby mapping table.
  • the primary central node periodically sends keep-alive messages to the standby central node, and the preset time period can be a cycle. For example, suppose the primary central node sends 3 keep-alive messages to the standby central node every cycle, and a cycle is 10 seconds. , The preset time can be set to 10 seconds. Within 10 seconds, if the backup center node does not receive a keep-alive message, it will provide communication services for the branch node based on the NHRP mapping table stored in it.
  • the branch node determines whether to switch back based on the switch back configuration information.
  • the active/standby static routing table and the NHRP static active/standby mapping table include the switchback configuration information.
  • the switchback configuration information includes the switchback configuration information. After the main central node is restored, the branch nodes will be in the active/standby static routing table and the NHRP static active/standby When the switchback configuration information in the mapping table is for switchback, the main central node communicates with the outside again.
  • the DMVPN network includes two central nodes and two branch nodes, namely a first central node 401 and a second central node 402, and the first central node 401 and the second central node 402 are connected.
  • the group ID numbers of the first central node 401 and the second central node 402 are the same, and the direct connection port address of the first central node 401 is greater than the direct connection port address of the second central node 402. Therefore, the first central node 401 is the master The central node, the second central node 402 is a standby central node.
  • the main and standby routing tables configured in the first branch node 403 and the second branch node 404 are shown in Table 1, which includes the GRE tunnel address and network address of the main central node, and the GRE tunnel address and network address of the standby central node.
  • NHRP static The master-backup mapping table is shown in Table 2, which includes the NBMA (Non-Broadcast Multiple Access, non-broadcast-multiple access network) address corresponding to the GRE tunnel address of the master central node 401, and the GRE tunnel address corresponding to the backup center node 402 NBMA address.
  • NBMA Non-Broadcast Multiple Access, non-broadcast-multiple access network
  • the branch node sends a registration request to the main center node 401 and the backup center node 402 to complete the registration based on the active/standby static routing table and the NHRP static active/standby mapping table.
  • the main center node 401 and the standby center node 402 update themselves
  • the NHRP mapping tables of the primary central node 401 and the standby central node 402 are shown in Table 3, including the GRE tunnel addresses of the first branch node 403 and the second branch node 404 and the corresponding NBMA addresses.
  • the first branch node 403 and the second branch node 404 find the tunnel address of the main central node 401 from the main-standby routing table, look up the NHRP static main-standby mapping table, perform next-hop analysis, and then After the data is encapsulated and encrypted by IPSEC, it is sent to the main central node 401, and the main central node 401 processes the received data; when the main central node 401 fails to send, the first branch node 403 and the second branch node 404 are static from the active and standby nodes Find the tunnel address of the backup center node 402 in the routing table, look up the NHRP static master/backup mapping table, perform next-hop analysis, and then send the data to the backup center node 402 after encapsulation and IPSEC encryption.
  • the backup center node 402 compares the received Data is processed.
  • the first branch node 403 and the second branch node 404 can communicate with the outside based on the main central node again based on the switchback configuration information in the main-standby static routing table and the NHRP static main-standby mapping table.
  • the data encapsulation and encryption process can be seen in Figure 5.
  • the standby central node when the main central node fails, provides services to the branch nodes in the DMVPN network.
  • the standby central The nodes guarantee communication, thereby improving the stability of DMVPN network communication.
  • a communication system which includes a main central node, a standby central node and a branch node.
  • the standby central node provides services for the central node and/or branch node in the DMVPN network.
  • the communication system includes at least two central nodes.
  • the node in the working state of the main central node is the main central node
  • the node in the working state of the standby central node is the standby central node.
  • the central node based on its different working status, can be the main central node or the standby central node.
  • the main central node is set to provide services for communication in the DMVPN network, that is, to provide services for communication between branch nodes and/or central nodes in the DMVPN network.
  • the backup center node may be in an idle state.
  • the standby central node provides services for communications in the DMVPN network, that is, the standby central node serves as the DMVPN network
  • the branch node and/or the central node in the communication provide service to ensure the normal communication of the DMVPN network and improve the reliability of the DMVPN network communication. It should be understood that providing services for communications in the DMVPN networking includes but is not limited to providing communications services such as data forwarding. It should be understood that, regardless of the main central node or the standby central node, the objects that provide communication services include but are not limited to branch nodes, central nodes, and the like.
  • the master central node may periodically send keep-alive messages to the standby central node. If the backup center node does not receive the including message sent by the master center node within the preset time period, it is determined that the master center node is faulty and provides services for communication in the DMVPN network.
  • each central node may determine whether it is a primary central node or a standby central node based on configuration information.
  • each central node may also select the main central node and the standby central node based on preset election rules, where the preset election rules include, but are not limited to, that the address identifier of the primary central node is greater than the address identifier of the standby central node, or the primary center The address identifier of the node is smaller than the address identifier of the standby center node.
  • the election process of the primary center node and the backup center node can refer to Embodiment 1, and will not be repeated here.
  • the central node whose identification information has changed can be used as the first central node to re-initiate The main central node and the central node election process to redefine the main central node and standby central node.
  • the identification information may be at least one of the IP address, group ID number, and mac address of the central node.
  • the primary central node can act as the first central node to send interactive messages to the second central node (standby central node) to start the election process of the primary central node and standby central node, and redefine the primary central node.
  • Central node and standby central node are examples of the central node.
  • the communication system further includes a branch node.
  • the branch node After the election of the main center node and the standby center node is completed, the branch node sends a registration request to the main center node and the standby center node to complete the registration request on the main center node and the standby center node. Registration.
  • the main central node updates the NHRP mapping table of the main central node based on the registration request;
  • the standby central node updates the NHRP mapping of the standby central node based on the registration request after receiving the registration request sent by the branch node table.
  • the NHRP mapping table includes the mapping relationship between the tunnel address and the next hop address.
  • the branch node may send a registration request to the main central node and the standby central node based on the configured main and standby routing table and the NHRP main and standby mapping table, respectively.
  • the active/standby routing table includes the route of the active central node and the route of the standby central node.
  • the main and standby route outlets point to the tunnel interfaces of the active and standby central nodes respectively;
  • the NHRP active/standby mapping table includes the tunnel address of the active central node and the next The mapping relationship of the hop address, the mapping relationship between the tunnel address of the backup center node and the next hop address.
  • the active and standby routing tables can be implemented based on a static routing protocol (that is, active and standby static routing tables), or can be implemented based on a dynamic routing protocol (that is, active and standby dynamic routing tables).
  • the NHRP master-slave mapping table can be dynamic (that is, the NHRP dynamic master-slave mapping table) or static (that is, the NHRP static master-slave mapping table).
  • the branch node communicates with the outside through the standby central node based on the configured main-standby routing table and the NHRP main-standby mapping table. That is, the branch node finds the route of the backup center node based on the main backup routing table, and finds the next hop address corresponding to the center node based on the NHRP master backup mapping table, encapsulates and encrypts the data and sends it to the backup center node.
  • the active/standby routing table and/or the NHRP active/standby mapping table may include switchback configuration information, where the switchback configuration information may include switchback configuration information and/or switchback waiting time.
  • the branch node can determine whether to switch back to the main central node based on the switch back configuration information, that is, determine whether to switch back to communicating with the outside world through the main central node from the current standby central node communicating with the outside world .
  • the switchback configuration information is switchback, after the main central node is restored, the branch node switches back to communicate with the outside world through the main central node; If the switchback configuration information is no switchback, after the main central node is restored, the branch node continues to communicate with the outside world through the standby central node.
  • both the active/standby routing table and the NHRP active/standby mapping table include whether to switch back configuration information, when the switchback configuration information in the active/standby routing table and the NHRP active/standby mapping table are both switchback, then the main center node will be restored Later, the branch node switches back to communicating with the outside world through the main central node; in other cases, even if the main central node is restored, the branch node continues to communicate with the outside world through the standby central node.
  • the switchback waiting time is not included in the switchback configuration information, after the main center node is restored, when the branch node determines the switchback based on whether the switchback configuration information, the switchback is performed immediately; if the switchback configuration information is The switchback waiting time is included in the main center node. After the main center node is restored, the branch node can determine the switchback time based on the switchback waiting time. That is to say, when the branch node determines that it needs to switch back, wait for the switchback waiting time, and then Switch back.
  • the switchback waiting time can be flexibly set according to actual needs, for example, set to 1 second, 10 seconds, etc.
  • the standby central node when the main central node fails, provides services for branch nodes and/or central nodes in the DMVPN network.
  • the communication can be ensured through the standby central node, thereby improving the stability of DMVPN networking communication.
  • the embodiment of the present disclosure also provides a network device, as shown in FIG. 6, including: a first processor 601, a first memory 602, and a first communication bus 603; the first communication bus 603 is configured to implement the first processor Connection communication between 601 and the first memory 602; the first processor 601 is configured to execute one or more computer programs stored in the first memory 602 to implement the DMVPN control as described in the first and second embodiments At least one step of the central node in the method.
  • a network device according to different working states, when in the working state of the main central node, it is the main central node device; when in the working state of the standby central node, it is the standby central node device.
  • the embodiment of the present disclosure also provides a network device, as shown in FIG. 7, including: a second processor 701, a second memory 702, and a second communication bus 703; the second communication bus 703 is configured to implement the second processor 701 and the second memory 702 for connection and communication; the second processor 701 is configured to execute one or more computer programs stored in the second memory 702, so as to implement the steps described in the first and second embodiments At least one step of the branch node in the DMVPN control method.
  • the embodiments of the present disclosure also provide a storage medium, which includes volatile or non-volatile data implemented in any method or technology for storing information (such as computer-readable instructions, data structures, computer program modules, or other data).
  • volatile or non-volatile data implemented in any method or technology for storing information (such as computer-readable instructions, data structures, computer program modules, or other data).
  • Non-volatile, removable or non-removable media are examples of volatile or non-volatile data implemented in any method or technology for storing information (such as computer-readable instructions, data structures, computer program modules, or other data).
  • Computer readable storage media include but are not limited to RAM (Random Access Memory), ROM (Read-Only Memory, read-only memory), EEPROM (Electrically Erasable Programmable read only memory, charged Erasable Programmable Read-Only Memory) ), flash memory or other storage technology, CD-ROM (Compact Disc Read-Only Memory), digital versatile disk (DVD) or other optical disk storage, magnetic cassettes, magnetic tapes, magnetic disk storage or other magnetic storage devices, Or any other medium that can be used to store desired information and can be accessed by a computer.
  • RAM Random Access Memory
  • ROM Read-Only Memory
  • read-only memory read-only memory
  • EEPROM Electrical Erasable Programmable Read only memory, charged Erasable Programmable Read-Only Memory
  • flash memory or other storage technology CD-ROM (Compact Disc Read-Only Memory), digital versatile disk (DVD) or other optical disk storage, magnetic cassettes, magnetic tapes, magnetic disk storage or other magnetic storage devices, Or any other medium that can be used to
  • the storage medium stores one or more computer programs, and the one or more computer programs can be executed by one or more processors to implement the central node or the central node in the DMVPN control method described in the first and second embodiments. Steps to branch nodes.
  • the standby central node when the main central node fails, provides services for the branch nodes and/or central nodes in the DMVPN network.
  • the main central node After the mode fails, the communication can be ensured through the standby central node, thereby improving the stability of the DMVPN network communication.
  • communication media usually contain computer-readable instructions, data structures, computer program modules, or other data in a modulated data signal such as a carrier wave or other transmission mechanism, and may include any information delivery medium. Therefore, the present disclosure is not limited to any specific hardware and software combination.
  • the standby central node when the main central node fails, provides services for the branch nodes and/or central nodes in the DMVPN network.
  • the standby central node can ensure communication, thereby improving the stability of DMVPN network communication.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Provided are a DMVPN control method, a network device, a communication system and a storage medium. The method comprises: when a main central node fails, a standby central node providing a service for a branch node and/or a central node in a DMVPN network. In some implementation processes, after the main central node fails, communication can be ensured by means of the standby central node, thereby improving the stability of DMVPN networking communication.

Description

DMVPN控制方法、网络设备、通信系统及存储介质DMVPN control method, network equipment, communication system and storage medium 技术领域Technical field
本公开实施例涉及但不限于通信领域,具体而言,涉及但不限于DMVPN控制方法、网络设备、通信系统及存储介质。The embodiments of the present disclosure relate to but not limited to the communication field, and specifically, relate to but not limited to a DMVPN control method, a network device, a communication system, and a storage medium.
背景技术Background technique
DMVPN(Dynamic Multipoint Virtual Private Network,动态多点虚拟专用网络)是一种动态建立VPN Tunnel(虚拟专线隧道)的网络。在DMVPN组网中包含hub节点(中心节点)和spoke节点(分支节点),使用NHRP(Next Hop Resolution Protocol,下一跳解析协议)技术解析需要建立VPN(Virtual Private Network,虚拟专用网络)隧道的对端地址,并使用mGRE(multipoint Generic Routing Encapsulation,多点通用路由封装)tunnel(隧道)端口建立多点的GRE over IPSec(Internet Protocol Security,互联网安全协议)VPN隧道,实现中心节点与分支节点以及各分支节点之间的通信。DMVPN (Dynamic Multipoint Virtual Private Network, Dynamic Multipoint Virtual Private Network) is a network that dynamically establishes a VPN Tunnel (Virtual Private Line Tunnel). The DMVPN network includes hub nodes (central nodes) and spoke nodes (branch nodes), using NHRP (Next Hop Resolution Protocol, next hop resolution protocol) technical analysis requires the establishment of VPN (Virtual Private Network, virtual private network) tunnel The peer address, and use the mGRE (multipoint Generic Routing Encapsulation, multipoint general routing encapsulation) tunnel (tunnel) port to establish a multi-point GRE over IPSec (Internet Protocol Security, Internet Security Protocol) VPN tunnel, to achieve the central node and branch nodes and Communication between branch nodes.
在DMVPN组网中,各节点之间的通信通常需要通过中心节点,若中心节点出现故障,则会导致通信中断、网络瘫痪,降低了DMVPN组网通信的稳定性。In DMVPN networking, communication between nodes usually needs to pass through the central node. If the central node fails, it will cause communication interruption and network paralysis, which reduces the stability of DMVPN networking communication.
发明内容Summary of the invention
本公开实施例提供的DMVPN控制方法、网络设备、通信系统及存储介质,主要解决的技术问题是现有DMVPN网络通信的稳定性低的问题。The DMVPN control method, network equipment, communication system, and storage medium provided by the embodiments of the present disclosure mainly solve the technical problem of low stability of existing DMVPN network communication.
为解决上述技术问题,本公开实施例提供一种DMVPN控制方法,包括:在所述主中心节点发生故障时,备中心节点为所述DMVPN网络中的分支节点和/或中心节点提供服务。In order to solve the above technical problems, embodiments of the present disclosure provide a DMVPN control method, which includes: when the main central node fails, the standby central node provides services for branch nodes and/or central nodes in the DMVPN network.
本公开实施例还提供一种网络设备,包括:第一处理器、第一存储器及第一通信总线;所述第一通信总线设置为实现第一处理器和第一存储器之间的连接通信;所述第一处理器设置为执行所述第一存储器中存储的一个或者多个计算机程序,以实现DMVPN控制方法中所述中心节点的步骤。The embodiment of the present disclosure further provides a network device, including: a first processor, a first memory, and a first communication bus; the first communication bus is configured to realize connection and communication between the first processor and the first memory; The first processor is configured to execute one or more computer programs stored in the first memory to implement the steps of the central node in the DMVPN control method.
本公开实施例还提供一种网络设备,包括:第二处理器、第二存储器及第二通信总线;所述第二通信总线设置为实现第二处理器和第二存储器之间的连接通信;所述第二处理器设置为执行所述第二存储器中存储的一个或者多个计算机程序,以实现DMVPN控制方法中所述分支节点的步骤The embodiment of the present disclosure further provides a network device, including: a second processor, a second memory, and a second communication bus; the second communication bus is configured to realize connection and communication between the second processor and the second memory; The second processor is configured to execute one or more computer programs stored in the second memory to implement the step of the branch node in the DMVPN control method
本公开实施例还提供一种存储介质,所述存储介质存储有一个或者多个计算机程序,所述一个或者多个计算机程序可被一个或者多个处理器执行,以实现DMVPN控制方法中所述中心节点或所述分支节点的步骤。The embodiments of the present disclosure also provide a storage medium, the storage medium stores one or more computer programs, and the one or more computer programs can be executed by one or more processors to implement the DMVPN control method described in Steps of the central node or the branch node.
本公开的有益效果是:根据本公开实施例提供的DMVPN控制方法、网络设备、通信系统及存储介质,通过在主中心节点发生故障时,备中心节点为DMVPN网络中的分支节点和/或中心节点提供服务,在某些实施过程中,在主中心节点方式故障后,可以通过备中心节点保证通信,从而提升了DMVPN组网通信的稳定性。The beneficial effects of the present disclosure are: according to the DMVPN control method, network equipment, communication system, and storage medium provided by the embodiments of the present disclosure, when the main central node fails, the standby central node is the branch node and/or center in the DMVPN network The nodes provide services. In some implementations, after the main central node fails, the standby central node can ensure communication, thereby improving the stability of DMVPN network communication.
本公开其他特征和相应的有益效果在说明书的后面部分进行阐述说明,且应当理解,至少部分有益效果从本公开说明书中的记载变的显而易见。Other features and corresponding beneficial effects of the present disclosure are described in the latter part of the specification, and it should be understood that at least part of the beneficial effects will become obvious from the description in the specification of the present disclosure.
附图说明Description of the drawings
图1为本公开实施例一的DMVPN控制方法流程图;Fig. 1 is a flowchart of a DMVPN control method according to the first embodiment of the disclosure;
图2为本公开实施例一的主中心节点和备中心节点选举流程图;FIG. 2 is a flowchart of the election of the primary central node and the standby central node in the first embodiment of the disclosure;
图3为本公开实施例二的DMVPN控制方法细化流程图。FIG. 3 is a detailed flowchart of the DMVPN control method according to the second embodiment of the disclosure.
图4为本公开实施例二的一种DMVPN架构示意图;FIG. 4 is a schematic diagram of a DMVPN architecture according to the second embodiment of the disclosure;
图5为本公开实施例二的一种封装、加密示意图;FIG. 5 is a schematic diagram of encapsulation and encryption according to the second embodiment of the disclosure;
图6为本公开实施例四的一种网络设备结构示意图;FIG. 6 is a schematic diagram of a network device structure according to the fourth embodiment of the disclosure;
图7为本公开实施例四的另一种网络设备结构示意图。Fig. 7 is a schematic structural diagram of another network device according to the fourth embodiment of the disclosure.
具体实施方式Detailed ways
为了使本公开的目的、技术方案及优点更加清楚明白,下面通过具体实施方式结合附图对本公开实施例作进一步详细说明。应当理解,此处所描述的具体实施例仅仅用以解释本公开,并不用于限定本公开。In order to make the objectives, technical solutions, and advantages of the present disclosure clearer, the following further describes the embodiments of the present disclosure in detail through specific implementations in conjunction with the accompanying drawings. It should be understood that the specific embodiments described herein are only used to explain the present disclosure, but not used to limit the present disclosure.
实施例一:Example one:
现有技术中,DMVPN组网中的中心节点发生故障后,通信中断、网络瘫痪,从而降低了DMVPN组网通信的可靠性。为了解决该问题,本公开实施例提出一种DMVPN控制方法,参见图1所示,图1为本公开实施例提供的DMVPN控制方法流程图,包括:In the prior art, after the central node in the DMVPN networking fails, the communication is interrupted and the network is paralyzed, thereby reducing the reliability of the DMVPN networking communication. In order to solve this problem, an embodiment of the present disclosure proposes a DMVPN control method, as shown in FIG. 1, which is a flowchart of the DMVPN control method provided by an embodiment of the present disclosure, including:
S101、在主中心节点发生故障时,备中心节点为DMVPN网络中的分支节点和/或中心节点提供服务。S101. When the main central node fails, the standby central node provides services for branch nodes and/or central nodes in the DMVPN network.
本公开实施例中,DMVPN组网中包括至少两个中心节点,其中,处于主中心节点工作状态的节点为主中心节点,处于备中心节点工作状态的节点为备中心节点,需要说明的是,一个中心节点,基于其工作状态的不同,其可以是主中心节点,也可以是备中心节点。在主中心节点处于正常工作状态下,主中心节点设置为为DMVPN组网中的通信提供服务,即为DMVPN组网中的分支节点和/或中心节点之间的通信通过服务,为了节约资源,此时,备中心节点可以处于空闲状态。在主中心节点发生故障时,此时,主中心节点无法再为DMVPN组网中的通信提供服务,因此,由备中心节点为DMVPN组网中的通信提供服务,即由备中心节点为DMVPN网络中的分支节点和/或中心节点的通信提供服务,以保证DMVPN组网通信正常,提升了DMVPN组网通信的可靠性。应当理解的是,为DMVPN组网中的通信提供服务包括但不限于提供数据的转发等通信服务,无论主中心节点还是备中心节点,其提供通信服务的对象包括但不限于分支节点、 中心节点等。In the embodiment of the present disclosure, the DMVPN network includes at least two central nodes. Among them, the node in the working state of the main central node is the main central node, and the node in the working state of the standby central node is the standby central node. It should be noted that, A central node, based on its different working status, can be the main central node or the standby central node. When the main central node is in a normal working state, the main central node is set to provide services for communication in the DMVPN network, that is, to provide services for communication between branch nodes and/or central nodes in the DMVPN network. In order to save resources, At this time, the backup center node may be in an idle state. When the main central node fails, the main central node can no longer provide services for communications in the DMVPN network. Therefore, the standby central node provides services for communications in the DMVPN network, that is, the standby central node serves as the DMVPN network The branch node and/or the central node in the communication provide service to ensure the normal communication of the DMVPN network and improve the reliability of the DMVPN network communication. It should be understood that the provision of services for communications in the DMVPN networking includes but is not limited to providing communication services such as data forwarding. Regardless of whether the main central node or the standby central node, the objects that provide communication services include but are not limited to branch nodes and central nodes Wait.
本公开实施例中,主中心节点可以定期向备中心节点发送保活报文。备中心节点在预设时间段内若未接收到主中心节点发送的包括报文,则判定主中心节点发生故障,为DMVPN网络中的通信提供服务。In the embodiment of the present disclosure, the master central node may periodically send keep-alive messages to the standby central node. If the backup center node does not receive the including message sent by the master center node within the preset time period, it is determined that the master center node is faulty and provides services for communication in the DMVPN network.
本公开实施例中,各中心节点可以基于配置信息确定其为主中心节点还是备中心节点。或者,各中心节点还可以基于预设选举规则从中选择出主中心节点和备中心节点,其中,预设选举规则包括但不限于主中心节点的地址标识大于备中心节点的地址标识、或者主中心节点的地址标识小于备中心节点的地址标识。例如,参见图2所示,预设选举规则为主中心节点的地址标识大于备中心节点的地址标识时,主中心节点和备中心节点的选举过程包括:In the embodiment of the present disclosure, each central node may determine whether it is a primary central node or a standby central node based on configuration information. Alternatively, each central node may also select the main central node and the standby central node based on preset election rules, where the preset election rules include, but are not limited to, that the address identifier of the primary central node is greater than the address identifier of the standby central node, or the primary center The address identifier of the node is smaller than the address identifier of the standby center node. For example, referring to Figure 2, when the preset election rule is that the address identifier of the primary center node is greater than the address identifier of the backup center node, the election process of the primary center node and the backup center node includes:
S201、第一中心节点向第二中心节点发送交互报文。S201: The first central node sends an interactive message to the second central node.
本公开实施例中,第一中心节点和第二中心节点为DMVPN组网中的中心节点,且非同一中心节点。In the embodiment of the present disclosure, the first central node and the second central node are central nodes in the DMVPN networking, and are not the same central node.
第一中心节点为选举发起方,第一中心节点可以基于接收到的选举发起命令确定自身为选举发起方,向第二中心节点发送交互报文,开始主中心节点和备中心节点的选举。The first central node is the election initiator, and the first central node can determine itself as the election initiator based on the received election initiation command, and send an interactive message to the second central node to start the election of the primary central node and the standby central node.
需要说明的是,此处的交互报文以及后续提到的交互报文中,均包括发送方的地址标识等信息。例如,第一中心节点向第二中心节点发送交互报文,则第一中心节点为发送方,因此,该交互报文中包括第一中心节点的地址标识。其中,地址标识可以是IP地址(例如,直连口地址等)、mac(Media Access Control Address,介质访问控制)地址(例如,设备环回地址等)等中的至少一种。在交互报文中包括设备环回地址时,需要第一中心节点和第二中心节点通过IGP(Interior Gateway Protocol,内部网关协议)互通基础路由,保证路由可达。It should be noted that the interactive message here and the interactive message mentioned later include information such as the address identifier of the sender. For example, if the first central node sends an interactive message to the second central node, the first central node is the sender. Therefore, the interactive message includes the address identifier of the first central node. The address identifier may be at least one of an IP address (for example, a direct connection port address, etc.), a mac (Media Access Control Address, media access control) address (for example, a device loopback address, etc.). When the device loopback address is included in the interactive message, the first central node and the second central node need to communicate basic routes through IGP (Interior Gateway Protocol) to ensure that the routes are reachable.
S202、第二中心节点向第一中心节点发送交互报文。S202: The second central node sends an interactive message to the first central node.
第二中心节点在接收到第一中心节点发送的交互报文后,向第一中心 节点发送交互报文。应当理解的是,第二中心节点向第一中心节点发送的交互报文中,也包括发送方的地址标识,此处交互报文的发送方为第二中心节点,因此,包括第二中心节点的地址标识。After receiving the interactive message sent by the first central node, the second central node sends the interactive message to the first central node. It should be understood that the interactive message sent by the second central node to the first central node also includes the address identifier of the sender. Here, the sender of the interactive message is the second central node and therefore includes the second central node The address identification.
S203、第一中心节点判断本端的地址标识是否大于第二中心节点的地址标识。S203. The first central node judges whether the address identifier of the local end is greater than the address identifier of the second central node.
若是,转S204;若否,转S206。If yes, go to S204; if not, go to S206.
第一中心节点在接收到第二中心节点发送的交互报文后,从交互报文中提取第二中心节点的地址标识,并将其与本端对应的地址标识进行比较,判断第一中心节点的地址标识是否大于第二中心节点的地址标识,若是,则转S204;若否,则转S206。例如,假设交互报文中包括直连口地址,则第一中心节点从第二中心节点发送给第一中心节点的交互报文中提取第二中心节点的直连口地址,并将本端的直连口地址与第二中心节点的直连口地址进行比较,在第一中心节点的直连口地址大于第二中心节点的直连口地址时,转S204;在第一中心节点的直连口地址小于第二中心节点的直连口地址时,转S206。After receiving the interactive message sent by the second central node, the first central node extracts the address identifier of the second central node from the interactive message, and compares it with the address identifier corresponding to the local end to determine the first central node Whether the address identifier of is greater than the address identifier of the second central node, if yes, go to S204; if not, go to S206. For example, assuming that the interactive message includes the address of the direct connection port, the first central node extracts the direct connection port address of the second central node from the interactive message sent by the second central node to the first central node, and adds the direct connection port address of the local end. The connection port address is compared with the direct connection port address of the second central node. When the direct connection port address of the first central node is greater than the direct connection port address of the second central node, go to S204; at the direct connection port address of the first central node When the address is smaller than the direct connection port address of the second central node, go to S206.
S204、第一中心节点将自身的工作状态设置为主中心节点工作状态,并向第二中心节点发送确认报文。S204: The first central node sets its own working state as the working state of the main central node, and sends a confirmation message to the second central node.
在第一中心节点的地址标识大于第二中心节点的地址标识时,第一中心节点将自身的工作状态设置为主中心节点工作状态,也就是说,此时,第一中心节点为主中心节点。并且,第一中心节点向第二中心节点发送确认报文。其中,确认报文中可以包括发送方的组ID号、地址标识等中的至少一种,其中,地址标识包括但不限于IP地址、mac地址(设备地址)中的至少一种。也就是说,第一中心节点向第二中心节点但是的确认报文中,包括第一中心节点的组ID号、地址标识等中的至少一种。When the address identifier of the first central node is greater than the address identifier of the second central node, the first central node sets its own working status to the working status of the primary central node, that is, at this time, the first central node is the primary central node . In addition, the first central node sends a confirmation message to the second central node. Wherein, the confirmation message may include at least one of the sender's group ID number, address identification, etc., where the address identification includes but is not limited to at least one of an IP address and a mac address (device address). That is to say, the confirmation message sent by the first central node to the second central node includes at least one of the group ID number and address identification of the first central node.
S205、第二中心节点将自身的工作状态设置为备中心节点工作状态。S205: The second central node sets its own working state to the working state of the standby central node.
第二中心节点在接收到第一中心节点发送的确认报文后,将自身的工作状态设置为备中心节点工作状态,也就是说,此时,第二中心节点为备 中心节点。After receiving the confirmation message sent by the first central node, the second central node sets its own working status as the standby central node working status, that is, at this time, the second central node is the standby central node.
S206、第一中心节点向第二中心节点发送交互报文。S206: The first central node sends an interactive message to the second central node.
在第一中心节点的地址标识小于第一中心节点的地址标识时,第一中心节点向第二中心节点发送交互报文,应当理解的是,此处的交互报文的发送方为第一中心节点,因此,其包括第一中心节点的地址标识。When the address identifier of the first central node is smaller than the address identifier of the first central node, the first central node sends an interactive message to the second central node. It should be understood that the sender of the interactive message here is the first center The node, therefore, includes the address identification of the first central node.
S207、第二中心节点将工作状态设置为主中心节点工作状态,并向第一中心节点发送确认报文。S207: The second central node sets the working status of the main central node, and sends a confirmation message to the first central node.
第二中心节点在接收到交互报文后,可以直接将自身的工作状态设置为主中心节点工作状态,并向第一中心节点发送确认报文。或者,第二中心节点也可以从第一中心节点发送的交互报文中获取第一中心节点的地址标识,并将其与自身的地址标识进行比较,在第二中心节点的地址标识大于第一中心节点的地址标识时,将第二中心节点的工作状态设置为主中心节点工作状态,并向第一中心节点发送确认报文。需要说明的是,此处的确认报文的发送方为第二中心节点,因此,其可以包括第二中心节点的组ID号、地址标识等中的至少一种,其中,地址标识包括但不限于IP地址、mac地址(设备地址)等中的至少一种。After receiving the interactive message, the second central node can directly set its own working state as the working state of the main central node, and send a confirmation message to the first central node. Alternatively, the second central node may also obtain the address identification of the first central node from the interaction message sent by the first central node, and compare it with its own address identification. The address identification of the second central node is greater than that of the first central node. When the address of the central node is identified, the working state of the second central node is set as the working state of the main central node, and a confirmation message is sent to the first central node. It should be noted that the sender of the confirmation message here is the second central node. Therefore, it may include at least one of the group ID number and address identification of the second central node, wherein the address identification includes but not It is limited to at least one of IP address, mac address (device address), etc.
S208、第一中心节点将工作状态设置为备中心节点工作状态。S208: The first central node sets the working state to the working state of the standby central node.
第一中心节点在接收到第二中心节点发送的确认报文后,将其工作状态设置为备中心节点,也就是说,此时,第一中心节点为备中心节点。After receiving the confirmation message sent by the second central node, the first central node sets its working state as the standby central node, that is, at this time, the first central node is the standby central node.
本公开实施例中,第一中心节点和第二中心节点属于同一组网,因此,需要判断第一中心节点和第二中心节点是否处于同一组网。其中,可以基于第一中心节点和第二中心节点的组ID号是否一致来判断第一中心节点和第二中心接待是否属于同一组网,当然,还可以基于其他信息来判断第一中心节点和第二中心接待是否属于同一组网。该判断过程可以由第一中心节点执行,也可以由第二中心节点来执行。例如,上述选举过程中的交互报文中可以包括发送方的组ID号,在S202中,第二中心节点在接收到第一中心节点发送的交互报文后,提取出第一中心节点的组ID号,并将 其与自身的组ID号进行比较,若一致,才向第一中心节点发送交互报文。或者,在S203中,第一中心节点在接收到第二中心节点发送的交互报文后,从中提取出第二中心节点的组ID号,并将其与自身的组ID号进行比较,若一致,才判断第一中心节点的地址标识是否大于第二中心节点的地址标识,也即,第一中心节点在本端的组ID号与第二中心节点的组ID号一致,且本端的地址标识大于第二中心节点的地址标识时,将工作状态设置为主中心节点工作状态,并向第二中心节点发送确认报文。In the embodiment of the present disclosure, the first central node and the second central node belong to the same networking. Therefore, it is necessary to determine whether the first central node and the second central node are in the same networking. Among them, it can be judged whether the first central node and the second central node belong to the same network based on whether the group ID numbers of the first central node and the second central node are the same. Of course, it can also be judged based on other information. Whether the second center reception belongs to the same network. The judgment process can be executed by the first central node or the second central node. For example, the interactive message in the aforementioned election process may include the sender’s group ID number. In S202, the second central node extracts the group ID of the first central node after receiving the interactive message sent by the first central node. ID number, and compare it with its own group ID number. If they are consistent, the interactive message is sent to the first central node. Or, in S203, after receiving the interaction message sent by the second central node, the first central node extracts the group ID number of the second central node from it, and compares it with its own group ID number, if they are consistent , It is determined whether the address identification of the first central node is greater than the address identification of the second central node, that is, the group ID number of the first central node at the local end is consistent with the group ID number of the second central node, and the address identification of the local end is greater than When the address of the second central node is identified, the working status is set as the working status of the primary central node, and a confirmation message is sent to the second central node.
其中,对于预设选举规则为主中心节点的地址标识小于备中心节点的地址标识等时,其选举过程可以参见上述预设选举规则为主中心节点的地址标识大于备中心节点的地址标识时的选举过程,此处不再赘述。Among them, for the preset election rules when the address identifier of the primary center node is less than the address identifier of the standby center node, etc., the election process can refer to the above preset election rule when the address identifier of the primary center node is greater than the address identifier of the standby center node. The election process will not be repeated here.
本公开实施例中,在选定主中心节点或备中心节点后,若主中心节点或备中心节点的标识信息发生变化,可以由标识信息发生变化的中心节点作为第一中心节点,重新发起主中心节点和被中心节点选举过程,以重新确定主中心节点和备中心节点。其中,标识信息可以是中心节点的IP地址、组ID号、mac地址等中的至少一种。例如,在主中心节点的IP地址发生变化后,主中心节点可以作为第一中心节点向第二中心节点(备中心节点)发送交互报文,以开启主中心节点和备中心节点的选举过程,重新确定主中心节点和备中心节点。In the embodiment of the present disclosure, after the primary central node or the secondary central node is selected, if the identification information of the primary central node or secondary central node changes, the central node whose identification information has changed can be used as the first central node to re-initiate the primary central node. The central node and the central node election process to redefine the main central node and standby central node. The identification information may be at least one of the IP address, group ID number, and mac address of the central node. For example, after the IP address of the primary central node changes, the primary central node can act as the first central node to send interactive messages to the second central node (standby central node) to start the election process of the primary central node and standby central node. Re-determine the main central node and standby central node.
本公开实施例中,在主中心节点、备中心节点选举完成后,DMVPN组网中的各分支节点分别向主中心节点和备中心节点发送注册请求完成在主中心节点和备中心节点上的注册。主中心节点在接收到分支节点发送的注册请求后,基于注册请求更新主中心节点的NHRP映射表;备中心节点在接收到分支节点发送的注册请求后,基于注册请求更新备中心节点的NHRP映射表。其中,NHRP映射表中包括隧道地址与下一跳地址的映射关系。In the embodiments of the present disclosure, after the election of the main center node and the backup center node is completed, each branch node in the DMVPN network sends a registration request to the main center node and the backup center node to complete the registration on the main center node and the backup center node. . After receiving the registration request sent by the branch node, the main central node updates the NHRP mapping table of the main central node based on the registration request; the standby central node updates the NHRP mapping of the standby central node based on the registration request after receiving the registration request sent by the branch node table. Among them, the NHRP mapping table includes the mapping relationship between the tunnel address and the next hop address.
本公开实施例中,分支节点可以基于配置的主备路由表和NHRP主备映射表分别向主中心节点和备中心节点发送注册请求。其中,主备路由表 包括主中心节点的路由和备中心节点的路由,主、备路由出口分别指向主、备中心节点的隧道接口;NHRP主备映射表包括主中心节点的隧道地址与下一跳地址的映射关系、备中心节点的隧道地址与下一跳地址的映射关系。其中,主备路由表可以基于静态路由协议实现(即主备静态路由表),也可以基于动态路由协议实现(即主备动态路由表)。NHRP主备映射表可以是动态的(即NHRP动态主备映射表),也可以是静态的(即NHRP静态主备映射表)。In the embodiment of the present disclosure, the branch node may send a registration request to the main central node and the standby central node based on the configured main and standby routing table and the NHRP main and standby mapping table, respectively. Among them, the active/standby routing table includes the route of the active central node and the route of the standby central node. The main and standby route outlets point to the tunnel interfaces of the active and standby central nodes respectively; the NHRP active/standby mapping table includes the tunnel address of the active central node and the next The mapping relationship of the hop address, the mapping relationship between the tunnel address of the backup center node and the next hop address. Among them, the active and standby routing tables can be implemented based on a static routing protocol (that is, active and standby static routing tables), or can be implemented based on a dynamic routing protocol (that is, active and standby dynamic routing tables). The NHRP master-slave mapping table can be dynamic (that is, the NHRP dynamic master-slave mapping table) or static (that is, the NHRP static master-slave mapping table).
在主中心节点发生故障后,分支节点基于配置的主备路由表和NHRP主备映射表,通过备中心节点与外部进行通信。也即,分支节点基于主备路由表查找到备中心节点的路由,并基于NHRP主备映射表查找到被中心节点对应的下一跳地址,将数据进行封装并加密后发送给备中心节点。After the main central node fails, the branch node communicates with the outside through the standby central node based on the configured main-standby routing table and the NHRP main-standby mapping table. That is, the branch node finds the route of the backup center node based on the main backup routing table, and finds the next hop address corresponding to the center node based on the NHRP master backup mapping table, encapsulates and encrypts the data and sends it to the backup center node.
本公开实施例中,主备路由表和/或NHRP主备映射表中可以包括回切配置信息,其中,回切配置信息可以包括是否回切配置信息和/或回切等待时间。在主中心节点恢复后,分支节点可以基于是否回切配置信息确定是否回切至主中心节点,即确定是否由当前的通过备中心节点与外界进行通信回切到通过主中心节点与外界进行通信。若主备路由表或NHRP主备映射表包括是否回切配置信息,且回切配置信息为回切时,则在主中心节点恢复后,分支节点回切到通过主中心节点与外界进行通信;若回切配置信息为不回切,则在主中心节点恢复后,分支节点继续通过备中心节点与外界继续通信。若主备路由表和NHRP主备映射表中均包括是否回切配置信息,则在主备路由表和NHRP主备映射表中的回切配置信息均为回切时,则在主中心节点恢复后,分支节点回切到通过主中心节点与外界进行通信;在其他情况下,则即使主中心节点恢复,分支节点继续通过备中心节点与外界进行通信。In the embodiments of the present disclosure, the active/standby routing table and/or the NHRP active/standby mapping table may include switchback configuration information, where the switchback configuration information may include switchback configuration information and/or switchback waiting time. After the main central node is restored, the branch node can determine whether to switch back to the main central node based on the switch back configuration information, that is, determine whether to switch back to communicating with the outside world through the main central node from the current standby central node communicating with the outside world . If the active/standby routing table or the NHRP active/standby mapping table includes the switchback configuration information, and the switchback configuration information is switchback, after the main central node is restored, the branch node switches back to communicate with the outside world through the main central node; If the switchback configuration information is no switchback, after the main central node is restored, the branch node continues to communicate with the outside world through the standby central node. If both the active/standby routing table and the NHRP active/standby mapping table include whether to switch back configuration information, when the switchback configuration information in the active/standby routing table and the NHRP active/standby mapping table are both switchback, then the main center node will be restored Later, the branch node switches back to communicating with the outside world through the main central node; in other cases, even if the main central node is restored, the branch node continues to communicate with the outside world through the standby central node.
本公开实施例中,若回切配置信息中不包括回切等待时间,则在主中心节点恢复后,分支节点基于是否回切配置信息确定回切时,立即进行回切;若回切配置信息中包括回切等待时间,则在主中心节点恢复后,分支节点可以基于回切等待时间确定回切的时间,也就是说,分支节点在判定 需要回切时,等待回切等待时间后,再进行回切。其中,回切等待时间可以根据实际需要灵活设置,例如,设置为1秒,10秒等。In the embodiment of the present disclosure, if the switchback waiting time is not included in the switchback configuration information, after the main center node is restored, when the branch node determines the switchback based on whether the switchback configuration information, the switchback is performed immediately; if the switchback configuration information is The switchback waiting time is included in the main center node. After the main center node is restored, the branch node can determine the switchback time based on the switchback waiting time. That is to say, when the branch node determines that it needs to switch back, wait for the switchback waiting time, and then Switch back. Among them, the switchback waiting time can be flexibly set according to actual needs, for example, set to 1 second, 10 seconds, etc.
本公开实施例提供的DMVPN控制方法,通过在主中心节点发生故障时,备中心节点为DMVPN网络中的分支节点和/或中心节点提供服务,在某些实施过程中,在主中心节点方式故障后,可以通过备中心节点保证通信,从而提升了DMVPN组网通信的稳定性。In the DMVPN control method provided by the embodiments of the present disclosure, when the main central node fails, the standby central node provides services for branch nodes and/or central nodes in the DMVPN network. In some implementations, the main central node fails. Later, the communication can be guaranteed through the standby central node, thereby improving the stability of the DMVPN networking communication.
实施例二:Embodiment two:
为了更好的理解本公开,本公开实施例在实施例一的基础上,提供一种DMVPN控制方法,请参见图3所示,该方法包括:In order to better understand the present disclosure, the embodiments of the present disclosure provide a DMVPN control method on the basis of Embodiment 1. As shown in FIG. 3, the method includes:
S301、第一中心节点接收选举发起命令。S301. The first central node receives an election initiation command.
本公开实施例中,DMVPN组网中包括两个中心节点以及n(n为大于等于1的整数)个分支节点,分别是第一中心节点和第二中心节点,第一中心节点和第二中心节点连接。第一中心节点接收到选举发起命令后,转S302。In the embodiment of the present disclosure, the DMVPN network includes two central nodes and n (n is an integer greater than or equal to 1) branch nodes, which are the first central node and the second central node, and the first central node and the second central node. Node connection. After receiving the election initiation command, the first central node transfers to S302.
S302、第一中心节点向第二中心节点发送交互报文。S302: The first central node sends an interactive message to the second central node.
第一中心节点接收到选举发起命令后,向第二中心节点发送交互报文,以开始主中心节点和备中心节点的选举过程。其中,该交互报文中包括第一中心节点的地址标识和组ID号。其中,地址标识为IP地址、mac地址等中的至少一种。After receiving the election initiation command, the first central node sends an interactive message to the second central node to start the election process of the primary central node and the standby central node. Wherein, the interactive message includes the address identification and the group ID number of the first central node. Wherein, the address identifier is at least one of an IP address, a mac address, and the like.
S303、第二中心节点向第一中心节点发送交互报文。S303. The second central node sends an interactive message to the first central node.
第二中心节点在接收到第一中心节点发送的交互报文后,向第一中心节点发送交互报文,其中,第二中心节点发送的交互报文中包括第二中心节点的地址标识和组ID号。地址标识为IP地址、mac地址等中的至少一种。需要说明的是,各交互报文中的地址标识可以是同种地址标识。After receiving the interactive message sent by the first central node, the second central node sends the interactive message to the first central node, where the interactive message sent by the second central node includes the address identifier and group of the second central node ID number. The address identification is at least one of an IP address, a mac address, and the like. It should be noted that the address identifier in each interactive message may be the same kind of address identifier.
S304、第一中心节点判断第一中心节点的组ID号与第二中心节点的 组ID号是否一致。S304. The first central node judges whether the group ID number of the first central node is consistent with the group ID number of the second central node.
若是,转S305;若否,结束If yes, go to S305; if no, end
第一中心节点在接收到第二中心节点发送的交互报文后,从中提取出第二中心节点的组ID号和地址标识,并将第二中心节点的组ID号与自身的组ID号进行比较,判断二者是否一致。若一致,则转S305;若不一致,则结束。After the first central node receives the interactive message sent by the second central node, it extracts the group ID number and address identification of the second central node, and compares the group ID number of the second central node with its own group ID number. Compare and judge whether the two are consistent. If they are consistent, go to S305; if they are not consistent, then end.
S305、第一中心节点判断第一中心节点的地址标识是否大于第二中心节点的地址标识。S305. The first central node judges whether the address identifier of the first central node is greater than the address identifier of the second central node.
若是,转S306;若否,转S308。If yes, go to S306; if not, go to S308.
在第一中心节点和第二中心节点的组ID号一致时,表明第一中心节点和第二中心节点属于同一组网,第一中心节点继续将自身的地址标识与第二中心节点的地址标识进行比较,并判断第一中心节点的地址标识是否大于第二中心节点的地址标识,若是,则转S306;若否,则转S308。例如,交互报文包括发送方的直连口地址,则判断第一中心节点的直连口地址是否大于第二中心节点的直连口地址,若是,转S306;若否,转S308。When the group ID numbers of the first central node and the second central node are the same, it indicates that the first central node and the second central node belong to the same network, and the first central node continues to identify its own address with that of the second central node Compare and determine whether the address identifier of the first central node is greater than the address identifier of the second central node, if yes, go to S306; if not, go to S308. For example, if the interactive message includes the direct interface address of the sender, it is determined whether the direct interface address of the first central node is greater than the direct interface address of the second central node, if yes, go to S306; if not, go to S308.
S306、第一中心节点将工作状态设置为主中心节点工作状态,向第二中心节点发送确认报文。S306: The first central node sets the working status as the working status of the main central node, and sends a confirmation message to the second central node.
在第一中心节点的地址标识大于第二中心节点的地址标识时,第一中心节点将自身的工作状态设置为主中心节点工作状态,为分支节点提供通信服务,并向第二中心节点发送确认报文。也就是说,此时,第一中心节点为主中心节点。其中,确认报文中包括发送方的组ID号和地址标识,也即,此处的确认报文包括第一中心节点的组ID号和地址标识。When the address identifier of the first central node is greater than the address identifier of the second central node, the first central node sets its own working status as the working status of the main central node, provides communication services for the branch nodes, and sends confirmation to the second central node Message. That is, at this time, the first central node is the main central node. Wherein, the confirmation message includes the group ID number and address identification of the sender, that is, the confirmation message here includes the group ID number and address identification of the first central node.
S307、第二中心节点将自身的工作状态设置为备中心节点工作状态。S307: The second central node sets its own working state as the working state of the standby central node.
第二中心节点在接收到第一中心节点发送的确认报文后,将自身的工作状态设置为备中心节点工作状态,即此时,第二中心节点为备中心节点。After receiving the confirmation message sent by the first central node, the second central node sets its own working state to the working state of the standby central node, that is, at this time, the second central node is the standby central node.
S308、第一中心节点向第二中心节点发送交互报文。S308: The first central node sends an interactive message to the second central node.
在第一中心节点的地址标识小于第二中心节点的地址标识时,第一中心节点向第二中心节点发送交互报文,其中,此处的交互报文,包括第一中心节点的地址标识和组ID号。When the address identifier of the first central node is smaller than the address identifier of the second central node, the first central node sends an interactive message to the second central node, where the interactive message here includes the address identifier of the first central node and Group ID number.
S309、第二中心节点将第一中心节点和第二中心节点的地址标识进行比较。S309. The second central node compares the address identifiers of the first central node and the second central node.
第二中心节点在接收到第一中心节点发送的交互报文后,从交互报文中提取出第一中心节点的地址标识,并将其与自身对应的地址标识进行比较。After receiving the interactive message sent by the first central node, the second central node extracts the address identifier of the first central node from the interactive message, and compares it with its own corresponding address identifier.
S310、第二中心节点在其地址标识大于第一中心节点的地址标识时,将工作状态设置为主中心节点工作状态,并向第一中心节点发送确认报文。S310: When the address identifier of the second central node is greater than the address identifier of the first central node, the working state is set as the working state of the primary central node, and a confirmation message is sent to the first central node.
第二中心节点在判定自身的地址标识大于第一中心节点的地址标识时,将自身的工作状态设置为主中心节点工作状态,并向第一中心节点发送确认报文。也就是说,此时,第二中心节点为主中心节点。其中,此处的确认报文中可以包括第二中心节点的组ID号和地址标识,地址标识为IP地址、mac地址等中的至少一种。When the second central node determines that its own address identifier is greater than the address identifier of the first central node, it sets its own working state as the working state of the primary central node, and sends a confirmation message to the first central node. That is, at this time, the second central node is the main central node. Wherein, the confirmation message here may include the group ID number and address identification of the second central node, and the address identification is at least one of an IP address and a mac address.
S311、第一中心节点将自身的工作状态设置为备中心节点工作状态。S311: The first central node sets its own working state to the working state of the standby central node.
第一中心节点在接收到第二中心节点发送的确认报文后,将自身的工作状态设置为备中心节点工作状态,也就是说,此时,第一中心节点为备中心节点。After receiving the confirmation message sent by the second central node, the first central node sets its own working status to the working status of the standby central node, that is, at this time, the first central node is the standby central node.
在主中心节点和备中节点选举完成后,若主中心节点或备中心节点的IP地址、组ID号等信息发生变化,则由信息发生变化的中心节点作为上述S302-S311选举过程中的第一中心节点,发起选举过程,重新确定主中心节点和辅中心节点。After the election of the primary center node and the backup center node is completed, if the IP address, group ID number and other information of the primary center node or backup center node changes, the center node whose information has changed will be used as the first in the S302-S311 election process. A central node initiates the election process and re-determines the main central node and the auxiliary central node.
S312、主中心节点定期向备中心节点发送保活报文。S312. The main central node periodically sends a keep-alive message to the standby central node.
在主中心节点和备中心节点选举完成后,主中心节点定期向备中心节点发送保活报文,例如,可以每周期发送3个保活报文,可以设置周期为10秒,每间隔3秒发送一个报文。After the election of the primary central node and the standby central node is completed, the primary central node periodically sends keep-alive messages to the standby central node. For example, 3 keep-alive messages can be sent every cycle, and the cycle can be set to 10 seconds, with an interval of 3 seconds. Send a message.
S313、分支节点基于主备静态路由表和NHRP静态主备映射表向主中心节点和备中心节点发送注册请求。S313. The branch node sends a registration request to the main central node and the standby central node based on the active-standby static routing table and the NHRP static active-standby mapping table.
在主中心节点和备中心节点选举完成后,分支节点基于配置的主备静态路由表和NHRP静态主备映射表,分别向主中心节点和备中心节点发送注册请求,完成在主中心节点和备中心节点上的注册。其中,主备静态路由表中包括主中心节点的隧道地址和备中心节点的隧道地址,NHRP静态主备映射表包括主中心节点的隧道地址与下一跳地址的映射关系、备中心节点的隧道地址与下一跳地址的映射关系。After the election of the primary center node and the backup center node is completed, the branch node sends registration requests to the primary center node and the backup center node respectively based on the configured primary and backup static routing table and the NHRP static primary and backup mapping table to complete the registration request between the primary center node and the backup center node. Registration on the central node. Among them, the active and standby static routing table includes the tunnel address of the active central node and the tunnel address of the standby central node. The NHRP static active standby mapping table includes the mapping relationship between the tunnel address of the active central node and the next hop address, and the tunnel of the standby central node. The mapping relationship between the address and the next hop address.
S314、主中心节点和备中心节点基于注册请求更新各自的NHRP映射表。S314. The main central node and the standby central node update their respective NHRP mapping tables based on the registration request.
主中心节点在接收到分支节点发送的注册请求后,更新自身的NHRP映射表,以保存分支节点的信息。备中心节点在接收到分支节点发送的注册请求后,更新自身的NHRP映射表,以保存分支节点的信息。NHRP映射表中包括隧道地址与下一跳地址的映射关系。After receiving the registration request sent by the branch node, the main central node updates its own NHRP mapping table to save the branch node information. After receiving the registration request sent by the branch node, the backup center node updates its own NHRP mapping table to save the branch node information. The NHRP mapping table includes the mapping relationship between the tunnel address and the next hop address.
S315、在主中心节点发生故障时,备中心节点基于NHRP映射表为分支节点提供通信服务,分支节点基于主备静态路由表和NHRP静态主备映射表通过备中心节点与外部进行通信。S315. When the main central node fails, the standby central node provides communication services for the branch nodes based on the NHRP mapping table, and the branch nodes communicate with the outside through the standby central node based on the active standby static routing table and the NHRP static active standby mapping table.
本公开实施例中,在预设时间段内,若备中心节点未接收到主中心节点发送的保活报文,则判定主中心节点发生故障,备中心节点基于自身存储的NHRP映射表为分支节点提供通信服务,分支节点基于主备静态路由表和NHRP静态主备映射表通过备中心节点与外部进行通信。其中,主中心节点定期向备中心节点发送保活报文,预设时间段可以是一个周期,例如,假设主中心节点每周期发送3个保活报文给备中心节点,一个周期为10秒,则预设时间可以设置为10秒,在10秒内,备中心节点若未接收到保活报文,则基于自身存储的NHRP映射表为分支节点提供通信服务。In the embodiment of the present disclosure, within a preset time period, if the backup center node does not receive the keep-alive message sent by the master center node, it is determined that the master center node has failed, and the backup center node is a branch based on its stored NHRP mapping table The nodes provide communication services, and the branch nodes communicate with the outside through the standby central node based on the active-standby static routing table and the NHRP static active-standby mapping table. Among them, the primary central node periodically sends keep-alive messages to the standby central node, and the preset time period can be a cycle. For example, suppose the primary central node sends 3 keep-alive messages to the standby central node every cycle, and a cycle is 10 seconds. , The preset time can be set to 10 seconds. Within 10 seconds, if the backup center node does not receive a keep-alive message, it will provide communication services for the branch node based on the NHRP mapping table stored in it.
S316、在主中心节点恢复后,分支节点基于回切配置信息确定是否回切。S316. After the main central node is restored, the branch node determines whether to switch back based on the switch back configuration information.
主备静态路由表和NHRP静态主备映射表中包括回切配置信息,回切配置信息包括是否回切配置信息,在主中心节点恢复后,分支节点在主备静态路由表和NHRP静态主备映射表中的是否回切配置信息均为回切时,重新通过主中心节点与外部进行通信。The active/standby static routing table and the NHRP static active/standby mapping table include the switchback configuration information. The switchback configuration information includes the switchback configuration information. After the main central node is restored, the branch nodes will be in the active/standby static routing table and the NHRP static active/standby When the switchback configuration information in the mapping table is for switchback, the main central node communicates with the outside again.
为了更好的理解,此处以一个示例进行说明。参见图4所示,DMVPN组网中包括两个中心节点以及2个分支节点,分别是第一中心节点401和第二中心节点402,第一中心节点401和第二中心节点402连接。其中,第一中心节点401和第二中心节点402的组ID号一致,第一中心节点401的直连口地址大于第二中心节点402的直连口地址,因此,第一中心节点401为主中心节点,第二中心节点402为备中心节点。第一分支节点403和第二分支节点404中配置的主备路由表如表1所示,其包括主中心节点的GRE隧道地址和网络地址,备中心节点的GRE隧道地址和网络地址,NHRP静态主备映射表如表2所示,其包括主中心节点401的GRE隧道地址对应的NBMA(Non-Broadcast Multiple Access,非广播-多路访问网络)地址,备中心节点402的GRE隧道地址对应的NBMA地址。分支节点基于主备静态路由表和NHRP静态主备映射表分别向主中心节点401和备中心节点402发送注册请求以完成注册,主中心节点401和备中心节点402接收到注册请求后,更新自身的NHRP映射表,此时,主中心节点401和备中心节点402的NHRP映射表如表3所示,包括第一分支节点403和第二分支节点404的GRE隧道地址和对应的NBMA地址。在主中心节点正常工作时,第一分支节点403和第二分支节点404从主备路由表中找到主中心节点401的隧道地址,查找NHRP静态主备映射表,进行下一跳解析,然后将数据经过封装、IPSEC加密后发送给主中心节点401,主中心节点401对接收到的数据进行处理;在主中心节点401发送故障时,第一分支节点403和第二分支节点404从主备静态路由表中找到备中心节点402的隧道地址,查找NHRP静态主备映射表,进行下一跳解析,然后将数据经过封装、IPSEC加密后发送给备中心节点402,备中心节点402对接收到的数据进行处理。当主中心节点401恢复后,第一分支节点403和 第二分支节点404可以基于主备静态路由表和NHRP静态主备映射表中的回切配置信息,重新基于主中心节点与外部进行通信。其中,数据的封装、加密过程可以参见图5所示。For a better understanding, here is an example for illustration. As shown in FIG. 4, the DMVPN network includes two central nodes and two branch nodes, namely a first central node 401 and a second central node 402, and the first central node 401 and the second central node 402 are connected. Among them, the group ID numbers of the first central node 401 and the second central node 402 are the same, and the direct connection port address of the first central node 401 is greater than the direct connection port address of the second central node 402. Therefore, the first central node 401 is the master The central node, the second central node 402 is a standby central node. The main and standby routing tables configured in the first branch node 403 and the second branch node 404 are shown in Table 1, which includes the GRE tunnel address and network address of the main central node, and the GRE tunnel address and network address of the standby central node. NHRP static The master-backup mapping table is shown in Table 2, which includes the NBMA (Non-Broadcast Multiple Access, non-broadcast-multiple access network) address corresponding to the GRE tunnel address of the master central node 401, and the GRE tunnel address corresponding to the backup center node 402 NBMA address. The branch node sends a registration request to the main center node 401 and the backup center node 402 to complete the registration based on the active/standby static routing table and the NHRP static active/standby mapping table. After receiving the registration request, the main center node 401 and the standby center node 402 update themselves At this time, the NHRP mapping tables of the primary central node 401 and the standby central node 402 are shown in Table 3, including the GRE tunnel addresses of the first branch node 403 and the second branch node 404 and the corresponding NBMA addresses. When the main central node is working normally, the first branch node 403 and the second branch node 404 find the tunnel address of the main central node 401 from the main-standby routing table, look up the NHRP static main-standby mapping table, perform next-hop analysis, and then After the data is encapsulated and encrypted by IPSEC, it is sent to the main central node 401, and the main central node 401 processes the received data; when the main central node 401 fails to send, the first branch node 403 and the second branch node 404 are static from the active and standby nodes Find the tunnel address of the backup center node 402 in the routing table, look up the NHRP static master/backup mapping table, perform next-hop analysis, and then send the data to the backup center node 402 after encapsulation and IPSEC encryption. The backup center node 402 compares the received Data is processed. When the main central node 401 is restored, the first branch node 403 and the second branch node 404 can communicate with the outside based on the main central node again based on the switchback configuration information in the main-standby static routing table and the NHRP static main-standby mapping table. Among them, the data encapsulation and encryption process can be seen in Figure 5.
表1Table 1
Figure PCTCN2020093800-appb-000001
Figure PCTCN2020093800-appb-000001
表2Table 2
Figure PCTCN2020093800-appb-000002
Figure PCTCN2020093800-appb-000002
表3table 3
Figure PCTCN2020093800-appb-000003
Figure PCTCN2020093800-appb-000003
本公开实施例提供的DMVPN控制方法,通过在主中心节点发生故障时,备中心节点为DMVPN网络中分支节点提供服务,在某些实施过程中,在主中心节点方式故障后,可以通过备中心节点保证通信,从而提升了DMVPN组网通信的稳定性。In the DMVPN control method provided by the embodiments of the present disclosure, when the main central node fails, the standby central node provides services to the branch nodes in the DMVPN network. In some implementation processes, after the main central node fails, the standby central The nodes guarantee communication, thereby improving the stability of DMVPN network communication.
实施例三;Example three;
本公开实施例在实施例一和实施例二的基础上。提供一种通信系统,包括主中心节点、备中心节点和分支节点,在主中心节点发生故障时,备中心节点为DMVPN网络中的中心节点和/或分支节点提供服务。The embodiments of the present disclosure are based on the first and second embodiments. A communication system is provided, which includes a main central node, a standby central node and a branch node. When the main central node fails, the standby central node provides services for the central node and/or branch node in the DMVPN network.
本公开实施例中,通信系统中包括至少两个中心节点,其中,处于主中心节点工作状态的节点为主中心节点,处于备中心节点工作状态的节点为备中心节点,需要说明的是,一个中心节点,基于其工作状态的不同,其可以是主中心节点,也可以是备中心节点。在主中心节点处于正常工作状态下,主中心节点设置为为DMVPN组网中的通信提供服务,即为DMVPN组网中的分支节点和/或中心节点之间的通信通过服务,为了节约资源,此时,备中心节点可以处于空闲状态。在主中心节点发生故障时,此时,主中心节点无法再为DMVPN组网中的通信提供服务,因此,由备中心节点为DMVPN组网中的通信提供服务,即由备中心节点为DMVPN网络中的分支节点和/或中心节点的通信提供服务,以保证DMVPN组网通信正常,提升了DMVPN组网通信的可靠性。应当理解的是,为DMVPN组网中的通信提供服务包括但不限于提供数据的转发等通信服务。应当理解的是,无论主中心节点还是备中心节点,其提供通信服务的对象包括但不限于分支节点、中心节点等。In the embodiment of the present disclosure, the communication system includes at least two central nodes. Among them, the node in the working state of the main central node is the main central node, and the node in the working state of the standby central node is the standby central node. It should be noted that one The central node, based on its different working status, can be the main central node or the standby central node. When the main central node is in a normal working state, the main central node is set to provide services for communication in the DMVPN network, that is, to provide services for communication between branch nodes and/or central nodes in the DMVPN network. In order to save resources, At this time, the backup center node may be in an idle state. When the main central node fails, the main central node can no longer provide services for communications in the DMVPN network. Therefore, the standby central node provides services for communications in the DMVPN network, that is, the standby central node serves as the DMVPN network The branch node and/or the central node in the communication provide service to ensure the normal communication of the DMVPN network and improve the reliability of the DMVPN network communication. It should be understood that providing services for communications in the DMVPN networking includes but is not limited to providing communications services such as data forwarding. It should be understood that, regardless of the main central node or the standby central node, the objects that provide communication services include but are not limited to branch nodes, central nodes, and the like.
本公开实施例中,主中心节点可以定期向备中心节点发送保活报文。备中心节点在预设时间段内若未接收到主中心节点发送的包括报文,则判定主中心节点发生故障,为DMVPN网络中的通信提供服务。In the embodiment of the present disclosure, the master central node may periodically send keep-alive messages to the standby central node. If the backup center node does not receive the including message sent by the master center node within the preset time period, it is determined that the master center node is faulty and provides services for communication in the DMVPN network.
本公开实施例中,各中心节点可以基于配置信息确定其为主中心节点还是备中心节点。或者,各中心节点还可以基于预设选举规则从中选择出主中心节点和备中心节点,其中,预设选举规则包括但不限于主中心节点的地址标识大于备中心节点的地址标识、或者主中心节点的地址标识小于备中心节点的地址标识。其中,预设选举规则为主中心节点的地址标识大于备中心节点的地址标识时,主中心节点和备中心节点的选举过程可以参见实施例一,此处不再赘述。In the embodiment of the present disclosure, each central node may determine whether it is a primary central node or a standby central node based on configuration information. Alternatively, each central node may also select the main central node and the standby central node based on preset election rules, where the preset election rules include, but are not limited to, that the address identifier of the primary central node is greater than the address identifier of the standby central node, or the primary center The address identifier of the node is smaller than the address identifier of the standby center node. Among them, when the preset election rule is that the address identifier of the primary center node is greater than the address identifier of the backup center node, the election process of the primary center node and the backup center node can refer to Embodiment 1, and will not be repeated here.
本公开实施例中,在选定主中心节点或备中心节点后,若主中心节点或备中心节点的标识信息发生变化后,可以由标识信息发生变化的中心节点作为第一中心节点,重新发起主中心节点和被中心节点选举过程,以重新确定主中心节点和备中心节点。其中,标识信息可以是中心节点的IP地址、组ID号、mac地址等中的至少一种。例如,在主中心节点发生故障后,主中心节点可以作为第一中心节点向第二中心节点(备中心节点)发送交互报文,以开启主中心节点和备中心节点的选举过程,重新确定主中心节点和备中心节点。In the embodiment of the present disclosure, after the primary central node or the secondary central node is selected, if the identification information of the primary central node or secondary central node changes, the central node whose identification information has changed can be used as the first central node to re-initiate The main central node and the central node election process to redefine the main central node and standby central node. The identification information may be at least one of the IP address, group ID number, and mac address of the central node. For example, after the primary central node fails, the primary central node can act as the first central node to send interactive messages to the second central node (standby central node) to start the election process of the primary central node and standby central node, and redefine the primary central node. Central node and standby central node.
本公开实施例中,通信系统中还包括分支节点,在主中心节点、备中心节点选举完成后,分支节点分别向主中心节点和备中心节点发送注册请求完成在主中心节点和备中心节点上的注册。主中心节点在接收到分支节点发送的注册请求后,基于注册请求更新主中心节点的NHRP映射表;备中心节点在接收到分支节点发送的注册请求后,基于注册请求更新备中心节点的NHRP映射表。其中,NHRP映射表中包括隧道地址与下一跳地址的映射关系。In the embodiment of the present disclosure, the communication system further includes a branch node. After the election of the main center node and the standby center node is completed, the branch node sends a registration request to the main center node and the standby center node to complete the registration request on the main center node and the standby center node. Registration. After receiving the registration request sent by the branch node, the main central node updates the NHRP mapping table of the main central node based on the registration request; the standby central node updates the NHRP mapping of the standby central node based on the registration request after receiving the registration request sent by the branch node table. Among them, the NHRP mapping table includes the mapping relationship between the tunnel address and the next hop address.
本公开实施例中,分支节点可以基于配置的主备路由表和NHRP主备映射表分别向主中心节点和备中心节点发送注册请求。其中,主备路由表包括主中心节点的路由和备中心节点的路由,主、备路由出口分别指向主、备中心节点的隧道接口;NHRP主备映射表包括主中心节点的隧道地址与下一跳地址的映射关系、备中心节点的隧道地址与下一跳地址的映射关系。其中,主备路由表可以基于静态路由协议实现(即主备静态路由表),也可以基于动态路由协议实现(即主备动态路由表)。NHRP主备映射表可以是动态的(即NHRP动态主备映射表),也可以是静态的(即NHRP静态主备映射表)。In the embodiment of the present disclosure, the branch node may send a registration request to the main central node and the standby central node based on the configured main and standby routing table and the NHRP main and standby mapping table, respectively. Among them, the active/standby routing table includes the route of the active central node and the route of the standby central node. The main and standby route outlets point to the tunnel interfaces of the active and standby central nodes respectively; the NHRP active/standby mapping table includes the tunnel address of the active central node and the next The mapping relationship of the hop address, the mapping relationship between the tunnel address of the backup center node and the next hop address. Among them, the active and standby routing tables can be implemented based on a static routing protocol (that is, active and standby static routing tables), or can be implemented based on a dynamic routing protocol (that is, active and standby dynamic routing tables). The NHRP master-slave mapping table can be dynamic (that is, the NHRP dynamic master-slave mapping table) or static (that is, the NHRP static master-slave mapping table).
在主中心节点发生故障后,分支节点基于配置的主备路由表和NHRP主备映射表,通过备中心节点与外部进行通信。也即,分支节点基于主备路由表查找到备中心节点的路由,并基于NHRP主备映射表查找到被中心节点对应的下一跳地址,将数据进行封装并加密后发送给备中心节点。After the main central node fails, the branch node communicates with the outside through the standby central node based on the configured main-standby routing table and the NHRP main-standby mapping table. That is, the branch node finds the route of the backup center node based on the main backup routing table, and finds the next hop address corresponding to the center node based on the NHRP master backup mapping table, encapsulates and encrypts the data and sends it to the backup center node.
本公开实施例中,主备路由表和/或NHRP主备映射表中可以包括回切配置信息,其中,回切配置信息可以包括是否回切配置信息和/或回切等待时间。在主中心节点恢复后,分支节点可以基于是否回切配置信息确定是否回切至主中心节点,即确定是否由当前的通过备中心节点与外界进行通信回切到通过主中心节点与外界进行通信。若主备路由表或NHRP主备映射表包括是否回切配置信息,且回切配置信息为回切时,则在主中心节点恢复后,分支节点回切到通过主中心节点与外界进行通信;若回切配置信息为不回切,则在主中心节点恢复后,分支节点继续通过备中心节点与外界继续通信。若主备路由表和NHRP主备映射表中均包括是否回切配置信息,则在主备路由表和NHRP主备映射表中的回切配置信息均为回切时,则在主中心节点恢复后,分支节点回切到通过主中心节点与外界进行通信;在其他情况下,则即使主中心节点恢复,分支节点继续通过备中心节点与外界进行通信。In the embodiments of the present disclosure, the active/standby routing table and/or the NHRP active/standby mapping table may include switchback configuration information, where the switchback configuration information may include switchback configuration information and/or switchback waiting time. After the main central node is restored, the branch node can determine whether to switch back to the main central node based on the switch back configuration information, that is, determine whether to switch back to communicating with the outside world through the main central node from the current standby central node communicating with the outside world . If the active/standby routing table or the NHRP active/standby mapping table includes the switchback configuration information, and the switchback configuration information is switchback, after the main central node is restored, the branch node switches back to communicate with the outside world through the main central node; If the switchback configuration information is no switchback, after the main central node is restored, the branch node continues to communicate with the outside world through the standby central node. If both the active/standby routing table and the NHRP active/standby mapping table include whether to switch back configuration information, when the switchback configuration information in the active/standby routing table and the NHRP active/standby mapping table are both switchback, then the main center node will be restored Later, the branch node switches back to communicating with the outside world through the main central node; in other cases, even if the main central node is restored, the branch node continues to communicate with the outside world through the standby central node.
本公开实施例中,若回切配置信息中不包括回切等待时间,则在主中心节点恢复后,分支节点基于是否回切配置信息确定回切时,立即进行回切;若回切配置信息中包括回切等待时间,则在主中心节点恢复后,分支节点可以基于回切等待时间确定回切的时间,也就是说,分支节点在判定需要回切时,等待回切等待时间后,再进行回切。其中,回切等待时间可以根据实际需要灵活设置,例如,设置为1秒,10秒等。In the embodiment of the present disclosure, if the switchback waiting time is not included in the switchback configuration information, after the main center node is restored, when the branch node determines the switchback based on whether the switchback configuration information, the switchback is performed immediately; if the switchback configuration information is The switchback waiting time is included in the main center node. After the main center node is restored, the branch node can determine the switchback time based on the switchback waiting time. That is to say, when the branch node determines that it needs to switch back, wait for the switchback waiting time, and then Switch back. Among them, the switchback waiting time can be flexibly set according to actual needs, for example, set to 1 second, 10 seconds, etc.
本公开实施例提供的通信系统,通过在主中心节点发生故障时,备中心节点为DMVPN网络中的分支节点和/或中心节点提供服务,在某些实施过程中,在主中心节点方式故障后,可以通过备中心节点保证通信,从而提升了DMVPN组网通信的稳定性。In the communication system provided by the embodiments of the present disclosure, when the main central node fails, the standby central node provides services for branch nodes and/or central nodes in the DMVPN network. In some implementations, after the main central node fails , The communication can be ensured through the standby central node, thereby improving the stability of DMVPN networking communication.
实施例四:Embodiment four:
本公开实施例还提供了一种网络设备,请参见图6所示,包括:第一处理器601、第一存储器602及第一通信总线603;第一通信总线603设 置为实现第一处理器601和第一存储器602之间的连接通信;第一处理器601设置为执行第一存储器602中存储的一个或者多个计算机程序,以实现如实施例一、实施例二中所述的DMVPN控制方法中中心节点的至少一个步骤。需要说明的是,一个网络设备,其根据工作状态的不同,在处于主中心节点工作状态时,其为主中心节点设备;在处于备中心节点工作状态时,其为备中心节点设备。The embodiment of the present disclosure also provides a network device, as shown in FIG. 6, including: a first processor 601, a first memory 602, and a first communication bus 603; the first communication bus 603 is configured to implement the first processor Connection communication between 601 and the first memory 602; the first processor 601 is configured to execute one or more computer programs stored in the first memory 602 to implement the DMVPN control as described in the first and second embodiments At least one step of the central node in the method. It should be noted that a network device, according to different working states, when in the working state of the main central node, it is the main central node device; when in the working state of the standby central node, it is the standby central node device.
本公开实施例还提供了一种网络设备,请参见图7所示,包括:第二处理器701、第二存储器702及第二通信总线703;第二通信总线703设置为实现第二处理器701和第二存储器702之间的连接通信;第二处理器701设置为执行所述第二存储器702中存储的一个或者多个计算机程序,以实现如实施例一、实施例二中所述的DMVPN控制方法中分支节点的至少一个步骤。The embodiment of the present disclosure also provides a network device, as shown in FIG. 7, including: a second processor 701, a second memory 702, and a second communication bus 703; the second communication bus 703 is configured to implement the second processor 701 and the second memory 702 for connection and communication; the second processor 701 is configured to execute one or more computer programs stored in the second memory 702, so as to implement the steps described in the first and second embodiments At least one step of the branch node in the DMVPN control method.
本公开实施例还提供了一种存储介质,该存储介质包括在用于存储信息(诸如计算机可读指令、数据结构、计算机程序模块或其他数据)的任何方法或技术中实施的易失性或非易失性、可移除或不可移除的介质。计算机可读存储介质包括但不限于RAM(Random Access Memory,随机存取存储器),ROM(Read-Only Memory,只读存储器),EEPROM(Electrically Erasable Programmable read only memory,带电可擦可编程只读存储器)、闪存或其他存储器技术、CD-ROM(Compact Disc Read-Only Memory,光盘只读存储器),数字多功能盘(DVD)或其他光盘存储、磁盒、磁带、磁盘存储或其他磁存储装置、或者可以用于存储期望的信息并且可以被计算机访问的任何其他的介质。The embodiments of the present disclosure also provide a storage medium, which includes volatile or non-volatile data implemented in any method or technology for storing information (such as computer-readable instructions, data structures, computer program modules, or other data). Non-volatile, removable or non-removable media. Computer readable storage media include but are not limited to RAM (Random Access Memory), ROM (Read-Only Memory, read-only memory), EEPROM (Electrically Erasable Programmable read only memory, charged Erasable Programmable Read-Only Memory) ), flash memory or other storage technology, CD-ROM (Compact Disc Read-Only Memory), digital versatile disk (DVD) or other optical disk storage, magnetic cassettes, magnetic tapes, magnetic disk storage or other magnetic storage devices, Or any other medium that can be used to store desired information and can be accessed by a computer.
存储介质存储有一个或者多个计算机程序,所述一个或者多个计算机程序可被一个或者多个处理器执行,以实现如实施例一、实施例二中所述的DMVPN控制方法中中心节点或分支节点的步骤。The storage medium stores one or more computer programs, and the one or more computer programs can be executed by one or more processors to implement the central node or the central node in the DMVPN control method described in the first and second embodiments. Steps to branch nodes.
本公开实施例提供的网络设备、存储介质,通过在主中心节点发生故障时,备中心节点为DMVPN网络中的分支节点和/或中心节点提供服务, 在某些实施过程中,在主中心节点方式故障后,可以通过备中心节点保证通信,从而提升了DMVPN组网通信的稳定性。In the network equipment and storage medium provided by the embodiments of the present disclosure, when the main central node fails, the standby central node provides services for the branch nodes and/or central nodes in the DMVPN network. In some implementations, the main central node After the mode fails, the communication can be ensured through the standby central node, thereby improving the stability of the DMVPN network communication.
可见,本领域的技术人员应该明白,上文中所公开方法中的全部或某些步骤、系统、装置中的功能模块/单元可以被实施为软件(可以用计算装置可执行的计算机程序代码来实现)、固件、硬件及其适当的组合。在硬件实施方式中,在以上描述中提及的功能模块/单元之间的划分不一定对应于物理组件的划分;例如,一个物理组件可以具有多个功能,或者一个功能或步骤可以由若干物理组件合作执行。某些物理组件或所有物理组件可以被实施为由处理器,如中央处理器、数字信号处理器或微处理器执行的软件,或者被实施为硬件,或者被实施为集成电路,如专用集成电路。It can be seen that those skilled in the art should understand that all or some of the steps, functional modules/units in the system and the device in the method disclosed above can be implemented as software (which can be implemented by computer program code executable by a computing device ), firmware, hardware and their appropriate combination. In hardware implementations, the division between functional modules/units mentioned in the above description does not necessarily correspond to the division of physical components; for example, one physical component may have multiple functions, or one function or step may consist of several physical components. The components are executed cooperatively. Some physical components or all physical components can be implemented as software executed by a processor, such as a central processing unit, a digital signal processor, or a microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit .
此外,本领域普通技术人员公知的是,通信介质通常包含计算机可读指令、数据结构、计算机程序模块或者诸如载波或其他传输机制之类的调制数据信号中的其他数据,并且可包括任何信息递送介质。所以,本公开不限制于任何特定的硬件和软件结合。In addition, as is well known to those of ordinary skill in the art, communication media usually contain computer-readable instructions, data structures, computer program modules, or other data in a modulated data signal such as a carrier wave or other transmission mechanism, and may include any information delivery medium. Therefore, the present disclosure is not limited to any specific hardware and software combination.
以上内容是结合具体的实施方式对本公开实施例所作的进一步详细说明,不能认定本公开的具体实施只局限于这些说明。对于本公开所属技术领域的普通技术人员来说,在不脱离本公开构思的前提下,还可以做出若干简单推演或替换,都应当视为属于本公开的保护范围。The above content is a further detailed description of the embodiments of the present disclosure in combination with specific implementations, and it cannot be considered that the specific implementations of the present disclosure are limited to these descriptions. For those of ordinary skill in the technical field to which the present disclosure belongs, several simple deductions or substitutions can be made without departing from the concept of the present disclosure, which should be regarded as falling within the protection scope of the present disclosure.
工业实用性Industrial applicability
根据本公开实施例提供的DMVPN控制方法、网络设备、通信系统及存储介质,通过在主中心节点发生故障时,备中心节点为DMVPN网络中的分支节点和/或中心节点提供服务,在某些实施过程中,在主中心节点方式故障后,可以通过备中心节点保证通信,从而提升了DMVPN组网通信的稳定性。According to the DMVPN control method, network equipment, communication system and storage medium provided by the embodiments of the present disclosure, when the main central node fails, the standby central node provides services for the branch nodes and/or central nodes in the DMVPN network. In the implementation process, after the main central node fails, the standby central node can ensure communication, thereby improving the stability of DMVPN network communication.

Claims (11)

  1. 一种动态多点虚拟专用网络DMVPN控制方法,所述DMVPN控制方法包括:A dynamic multipoint virtual private network DMVPN control method, the DMVPN control method includes:
    在所述主中心节点发生故障时,备中心节点为所述DMVPN网络中的分支节点和/或中心节点提供服务。When the main central node fails, the standby central node provides services for branch nodes and/or central nodes in the DMVPN network.
  2. 如权利要求1所述的DMVPN控制方法,其中,还包括主中心节点和备中心节点选举过程,所述主中心节点和备中心节点选举过程包括:The DMVPN control method according to claim 1, further comprising an election process of the main central node and the standby central node, and the election process of the main central node and the standby central node includes:
    第一中心节点向第二中心节点发送包括本端地址标识的交互报文,所述地址标识包括直连口地址和/或设备环回地址;The first central node sends an interactive message including a local address identifier to the second central node, where the address identifier includes a direct connection port address and/or a device loopback address;
    所述第二中心节点接收到所述第一中心节点发送的交互报文后,向所述第一中心节点发送包括本端地址标识的交互报文;After receiving the interactive message sent by the first central node, the second central node sends an interactive message including the local address identifier to the first central node;
    所述第一中心节点在本端的地址标识大于所述第二中心节点的地址标识时,将工作状态设置为主中心节点工作状态,并向所述第二中心节点发送确认报文;When the address identifier of the first central node at the local end is greater than the address identifier of the second central node, set the working status to the working status of the primary central node, and send a confirmation message to the second central node;
    所述第二中心节点在接收到所述第一中心节点发送的确认报文后,将工作状态设置为备中心节点工作状态。After receiving the confirmation message sent by the first central node, the second central node sets the working state to the working state of the standby central node.
  3. 如权利要求2所述的DMVPN控制方法,其中,还包括:The DMVPN control method according to claim 2, further comprising:
    所述第一中心节点在本端的地址标识小于所述第一中心节点的地址标识时,向所述第二中心节点发送包括本端地址标识的交互报文;When the address identifier of the local end of the first central node is smaller than the address identifier of the first central node, sending an interactive message including the local address identifier to the second central node;
    所述第二中心节点在本端的地址标识大于所述第一中心节点的地址标识时,将工作状态设置为主中心节点工作状态,并向所述第一中心节点发送确认报文;When the address identifier of the local end of the second central node is greater than the address identifier of the first central node, the working state is set as the working state of the primary central node, and a confirmation message is sent to the first central node;
    所述第一中心节点在接收到所述第一中心节点发送的确认报文后,将工作状态设置为备中心节点工作状态。After receiving the confirmation message sent by the first central node, the first central node sets the working state to the working state of the standby central node.
  4. 如权利要求2所述的DMVPN控制方法,其中,所述交互报文还包括发送方的组ID号;3. The DMVPN control method according to claim 2, wherein the interactive message further includes the group ID number of the sender;
    所述方法还包括:The method also includes:
    所述第一中心节点从所述第二中心节点发送的交互报文中提取所述第二中心节点的地址标识与组ID号,在本端的组ID号与所述第二中心节点的组ID号一致,且本端的地址标识大于所述第二中心节点的地址标识时,将工作状态设置为主中心节点工作状态,并向所述第二中心节点发送确认报文。The first central node extracts the address identification and group ID number of the second central node from the interactive message sent by the second central node, the group ID number at the local end and the group ID of the second central node When the numbers are the same and the address identifier of the local end is greater than the address identifier of the second central node, the working state is set as the working state of the main central node, and a confirmation message is sent to the second central node.
  5. 如权利要求2所述的DMVPN控制方法,其中,还包括:The DMVPN control method according to claim 2, further comprising:
    在所述主中心节点或所述备中心节点的标识信息变化后,由标识信息变化的中心节点作为所述第一中心节点重新选举主中心节点和备中心节点,所述标识信息包括IP地址、组ID号、mac地址中的至少一种。After the identification information of the primary central node or the backup central node changes, the central node whose identification information has changed serves as the first central node to re-elect the primary central node and the secondary central node. The identification information includes an IP address, At least one of group ID number and mac address.
  6. 如权利要求1所述的DMVPN控制方法,其中,还包括:The DMVPN control method according to claim 1, further comprising:
    所述主中心节点定期向所述备中心节点发送保活报文;The main central node periodically sends keep-alive messages to the standby central node;
    所述备中心节点在预设时间段内未接收到所述保活报文时,判定所述主中心节点发生故障,为所述DMVPN网络中的分支节点和/或中心节点提供服务。When the standby central node does not receive the keep-alive message within a preset time period, it is determined that the primary central node is faulty and provides services for the branch nodes and/or central nodes in the DMVPN network.
  7. 如权利要求1至6任一项所述的DMVPN控制方法,其中,还包括:The DMVPN control method according to any one of claims 1 to 6, further comprising:
    所述分支节点基于配置的主备路由表和NHRP主备映射表分别 向所述主中心节点和所述备中心节点发送注册请求完成在所述主中心节点和所述备中心节点上的注册,所述主备路由表包括所述主中心节点的路由和所述备中心节点的路由,所述NHRP主备映射表包括所述主中心节点的隧道地址与下一跳地址的映射关系、以及所述备中心节点的隧道地址与下一跳地址的映射关系;The branch node sends a registration request to the main central node and the standby central node to complete the registration on the main central node and the standby central node based on the configured active and standby routing table and the NHRP active standby mapping table, respectively, The active/standby routing table includes the route of the active central node and the route of the standby central node, and the NHRP active/standby mapping table includes the mapping relationship between the tunnel address of the active central node and the next hop address, and all State the mapping relationship between the tunnel address of the central node and the next hop address;
    所述主中心节点基于所述注册请求更新所述主中心节点的NHRP映射表;The main central node updates the NHRP mapping table of the main central node based on the registration request;
    所述备中心节点基于所述注册请求更新所述备中心节点的NHRP映射表。The backup center node updates the NHRP mapping table of the backup center node based on the registration request.
  8. 如权利要求7所述的DMVPN控制方法,其中,所述主备路由表和/或所述NHRP主备映射表包括回切配置信息,所述回切配置信息包括是否回切配置信息和/或回切等待时间,所述方法还包括:The DMVPN control method according to claim 7, wherein the active/standby routing table and/or the NHRP active/standby mapping table includes switchback configuration information, and the switchback configuration information includes whether to switch back configuration information and/or For the switchback waiting time, the method further includes:
    在所述主中心节点恢复后,所述分支节点基于所述是否回切配置信息确定是否由通过所述备中心节点与外界进行通信回切到通过所述主中心节点与外界进行通信,基于所述回切等待时间确定回切的时间。After the main central node is restored, the branch node determines whether to switch back from communicating with the outside world through the standby central node to communicating with the outside through the main central node based on the switch-back configuration information, based on all The switchback waiting time is described to determine the switchback time.
  9. 一种网络设备,包括:第一处理器、第一存储器及第一通信总线;A network device includes: a first processor, a first memory, and a first communication bus;
    所述第一通信总线设置为实现第一处理器和第一存储器之间的连接通信;The first communication bus is configured to realize connection and communication between the first processor and the first memory;
    所述第一处理器设置为执行所述第一存储器中存储的一个或者多个计算机程序,以实现如权利要求1至8中任一项所述的DMVPN控制方法中所述中心节点的步骤。The first processor is configured to execute one or more computer programs stored in the first memory to implement the steps of the central node in the DMVPN control method according to any one of claims 1 to 8.
  10. 一种网络设备,包括:第二处理器、第二存储器及第二通信 总线;A network device includes: a second processor, a second memory, and a second communication bus;
    所述第二通信总线设置为实现第二处理器和第二存储器之间的连接通信;The second communication bus is configured to realize connection and communication between the second processor and the second memory;
    所述第二处理器设置为执行所述第二存储器中存储的一个或者多个计算机程序,以实现如权利要求1至8中任一项所述的DMVPN控制方法中所述分支节点的步骤。The second processor is configured to execute one or more computer programs stored in the second memory to implement the step of the branch node in the DMVPN control method according to any one of claims 1 to 8.
  11. 一种存储介质,所述存储介质存储有一个或者多个计算机程序,所述一个或者多个计算机程序可被一个或者多个处理器执行,以实现如权利要求1至8中任一项所述的DMVPN控制方法中所述中心节点或所述分支节点的步骤。A storage medium, the storage medium stores one or more computer programs, and the one or more computer programs can be executed by one or more processors to implement the one or more of claims 1 to 8 The step of the central node or the branch node in the DMVPN control method.
PCT/CN2020/093800 2019-07-29 2020-06-01 Dmvpn control method, network device, communication system and storage medium WO2021017619A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910691465.9 2019-07-29
CN201910691465.9A CN112311569A (en) 2019-07-29 2019-07-29 DMVPN control method, network device, communication system and storage medium

Publications (1)

Publication Number Publication Date
WO2021017619A1 true WO2021017619A1 (en) 2021-02-04

Family

ID=74230006

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/093800 WO2021017619A1 (en) 2019-07-29 2020-06-01 Dmvpn control method, network device, communication system and storage medium

Country Status (2)

Country Link
CN (1) CN112311569A (en)
WO (1) WO2021017619A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113630276A (en) * 2021-08-16 2021-11-09 迈普通信技术股份有限公司 Main/standby switching control method and device and DVPN network system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101106454A (en) * 2007-08-17 2008-01-16 杭州华三通信技术有限公司 Method and device for originating Internet secret key exchange and negotiation
US20100142410A1 (en) * 2008-12-09 2010-06-10 Olivier Huynh Van System and method for providing virtual private networks
US20160098327A1 (en) * 2014-10-02 2016-04-07 Cisco Technology, Inc. Bypassing failed hub devices in hub-and-spoke telecommunication networks
CN109314705A (en) * 2016-07-14 2019-02-05 英特尔公司 Use the systems, devices and methods for extensive scalable Dynamic Multipoint Virtual private network of group encryption keys

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8473734B2 (en) * 2010-06-30 2013-06-25 Juniper Networks, Inc. Multi-service VPN network client for mobile device having dynamic failover
CN106027313B (en) * 2016-06-30 2019-12-20 上海携程商务有限公司 Network link disaster tolerance system and method
CN108092889B (en) * 2017-12-27 2024-02-23 上海地面通信息网络股份有限公司 End-to-end multi-link multi-node full-automatic redundancy backup routing system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101106454A (en) * 2007-08-17 2008-01-16 杭州华三通信技术有限公司 Method and device for originating Internet secret key exchange and negotiation
US20100142410A1 (en) * 2008-12-09 2010-06-10 Olivier Huynh Van System and method for providing virtual private networks
US20160098327A1 (en) * 2014-10-02 2016-04-07 Cisco Technology, Inc. Bypassing failed hub devices in hub-and-spoke telecommunication networks
CN109314705A (en) * 2016-07-14 2019-02-05 英特尔公司 Use the systems, devices and methods for extensive scalable Dynamic Multipoint Virtual private network of group encryption keys

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
F DETIENNE , M KUMAR , M SULLENBERGER , CISCO: "Flexible Dynamic Mesh VPN; draft-detienne-dmvpn-01", INTERNET DRAFT, 20 December 2013 (2013-12-20), pages 1 - 32, XP015097699 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113630276A (en) * 2021-08-16 2021-11-09 迈普通信技术股份有限公司 Main/standby switching control method and device and DVPN network system
CN113630276B (en) * 2021-08-16 2024-04-09 迈普通信技术股份有限公司 Main-standby switching control method and device and DVPN network system

Also Published As

Publication number Publication date
CN112311569A (en) 2021-02-02

Similar Documents

Publication Publication Date Title
EP2993838B1 (en) Methods for setting a member identity of gateway device and corresponding management gateway devices
US10129137B2 (en) Transferring data in a gateway
US20200244485A1 (en) Packet processing method, device, and system
CN111865779B (en) Route synchronization method and cross-device link aggregation group
US11398956B2 (en) Multi-Edge EtherChannel (MEEC) creation and management
WO2018156421A1 (en) Load balancing in distributed computing systems
US20130198558A1 (en) Dual Adjacency Between Edge Devices at a Network Site
CN108600074B (en) Method and device for forwarding multicast data message
WO2016173403A1 (en) Routing device, load balancing device, and message distribution method and system
US10447652B2 (en) High availability bridging between layer 2 networks
WO2021082803A1 (en) Routing information transmission method and apparatus, and data center interconnection network
US12003424B2 (en) Load balancing communication sessions in a networked computing environment
EP3896927A1 (en) Packet transmission method, apparatus, and system
CN108833272A (en) A kind of route management method and device
US11063784B2 (en) Centralized management of authoritative edge devices
CN113489640B (en) Message forwarding method, device and gateway system
WO2021017619A1 (en) Dmvpn control method, network device, communication system and storage medium
CN112995027B (en) Route publishing method and VTEP node
CN108881024B (en) Multicast traffic forwarding method and device
CN106209634B (en) Learning method and device of address mapping relation
CN114531396B (en) Fault back switching method and device in Ethernet virtual private network
US20140293827A1 (en) Method And Apparatus For Peer Node Synchronization
CN111565141B (en) Data transmission method, first PE and second PE
EP4398542A1 (en) Message sending method, network device and communication system
KR102097999B1 (en) The IP in IP communication system using virtual router

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20848305

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20848305

Country of ref document: EP

Kind code of ref document: A1

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 21/09/2022)

122 Ep: pct application non-entry in european phase

Ref document number: 20848305

Country of ref document: EP

Kind code of ref document: A1