WO2022001669A1 - Procédé permettant d'établir un tunnel vxlan et dispositif associé - Google Patents

Procédé permettant d'établir un tunnel vxlan et dispositif associé Download PDF

Info

Publication number
WO2022001669A1
WO2022001669A1 PCT/CN2021/100425 CN2021100425W WO2022001669A1 WO 2022001669 A1 WO2022001669 A1 WO 2022001669A1 CN 2021100425 W CN2021100425 W CN 2021100425W WO 2022001669 A1 WO2022001669 A1 WO 2022001669A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
network device
network
terminal device
vxlan
Prior art date
Application number
PCT/CN2021/100425
Other languages
English (en)
Chinese (zh)
Inventor
林志鸿
畅文俊
于斌
马家斌
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2022001669A1 publication Critical patent/WO2022001669A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • H04L12/4675Dynamic sharing of VLAN information amongst network nodes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • H04L12/4645Details on frame tagging

Definitions

  • the present application relates to the field of communication technologies, and in particular, to a method for establishing a virtual extensible local area network (VXLAN) tunnel and related equipment.
  • VXLAN virtual extensible local area network
  • VXLAN technology can superimpose a Layer 2 virtual network on any reachable network, thereby improving the scale expansion capability of the network.
  • VXLAN includes network devices with two roles. One is called a border device. The border device represents the exit of the VXLAN. Therefore, the border device can forward packets to other VXLANs or non-VXLANs. The other is called an edge device. The edge device represents a service access point of the VXLAN, and the user equipment can forward packets to the VXLAN through the edge device. A VXLAN tunnel is established between the edge device and the edge device to implement packet forwarding in the VXLAN.
  • VXLAN includes one or more edge devices, but the one or more edge devices are in a master-standby relationship, and the control plane operations performed on one edge device are synchronized to other edge devices. Therefore, the following contents may be described by taking a boundary device as an example.
  • a VXLAN tunnel is established between any edge device and the edge device, and between any two edge devices through dynamic routing in advance, so as to facilitate subsequent tasks.
  • an edge device receives a packet sent by a user equipment, it can forward the packet based on a pre-established VXLAN tunnel.
  • each edge device needs to establish a large number of VXLAN tunnels, which in turn causes more information to be stored in the forwarding table of each edge device, which not only leads to the loss of forwarding table resources on edge devices It is wasteful, and also makes the query efficiency of the forwarding table when forwarding the message low.
  • the present application provides a method and related equipment for establishing a VXLAN tunnel, which can reduce the data storage pressure on the equipment in the VXLAN, thereby saving forwarding table resources, and at the same time improving the forwarding table query efficiency when forwarding packets.
  • the technical solution is as follows:
  • a method for establishing a VXLAN tunnel is provided, the method is applied to a first network device in a VXLAN, the VXLAN includes multiple network devices, and the first network device is any one of the multiple network devices.
  • the first network device receives a first packet from the first terminal device, the destination address of the first packet is the address of the second terminal device, and in response to querying the second network device connected to the second terminal device failure, establish a correspondence between the address of the second terminal device and the tunnel identifier, where the tunnel identifier identifies the VXLAN tunnel between the first network device and the second network device.
  • establishing a VXLAN tunnel is essentially to obtain the identifier of the VXLAN tunnel, and then establish a correspondence between the destination address of the packet and the tunnel identifier, so that subsequent packets sent to the destination address can pass through the VXLAN tunnel.
  • the tunnel identifier can be the identifier of the peer device of the VXLAN tunnel (such as the IP address of the peer device), or it can be other unique symbols other than the identifier of the peer device of the VXLAN tunnel that can uniquely identify the tunnel, for example, the tunnel identifier is for VXLAN A unique number for the tunnel. The network device can use this number to index the corresponding entry, and the entry stores the VXLAN tunnel parameters including the IP address of the peer device.
  • the above-mentioned implementation process of establishing the correspondence between the address of the second terminal device and the tunnel identifier is: sending a terminal query request to the control device, the terminal The query request includes the address of the second terminal device; the terminal query result returned by the control device is received, and the terminal query result includes the identifier of the second network device, and the second network device is the network device connected to the second terminal device; Second, the identification of the network device, and establish a correspondence between the address of the second terminal device and the tunnel identification.
  • control device can act as a service center to provide each network device with a query service, and the query service can query which network device any terminal device is connected to. Therefore, the first network device realizes the dynamic establishment of the VXLAN tunnel by controlling the device.
  • the terminal query result further includes an access policy corresponding to the second terminal device, and the access policy indicates the conditions that the packet sent to the second terminal device needs to meet.
  • the first network device receives the second packet sent by the first terminal device, and the destination address carried in the second packet is the address of the second terminal device; if the second packet satisfies the access policy, the second packet is forwarded through the established VXLAN tunnel.
  • the access policy of each terminal device is also stored in the control device, so that after the VXLAN tunnel is dynamically established, the access policy of the second terminal device is also sent to the first network device, so that the first network device can access the device according to the access policy.
  • the policy manages the traffic sent to the second terminal device, which improves the flexibility of forwarding packets based on the dynamic establishment of the VXLAN tunnel.
  • a second packet is received from the first terminal device, and the source address of the second packet is the address of the first terminal device; if The second packet is a packet received from the first terminal device for the first time, and a terminal access announcement message is sent to the control device, the terminal access announcement message includes the address of the first terminal device, and the terminal access announcement message indicates the first terminal device.
  • the terminal device is connected to the first network device.
  • the network device can notify the terminal device to the control device, so that the terminal access table of each network device is stored in the control device, and the terminal access table of any network device includes the terminal access table related to the terminal device.
  • the address of each terminal device connected to the network device so as to realize the on-demand dynamic establishment of the VXLAN tunnel provided by this application.
  • the first packet is sent to the control device via the VXLAN tunnel between the network device and the control device.
  • the packet Before the establishment of the VXLAN tunnel between the first network device and the second network device is completed, the packet may be sent to the second terminal device by detouring through the control device, so as to minimize the forwarding delay of the packet.
  • VXLAN tunnels are dynamically established, in order to avoid idle VXLAN tunnels occupying network resources, the resources occupied by VXLAN tunnels can be cleaned up by means of aging time, thereby further avoiding the waste of forwarding table resources.
  • the first network device further stores a correspondence between the tunnel identifier and the identifier of the second network device.
  • the first network device further stores a correspondence between the tunnel identifier and the identifier of the second network device.
  • the first network device after the aging of the correspondence between the address of the second terminal device and the tunnel identifier, if the correspondence between the address of any terminal device and the tunnel identifier is all aged out, delete the corresponding relationship between the address of the second terminal device and the tunnel identifier. The corresponding relationship between the tunnel identifier and the identifier of the second network device.
  • the VXLAN tunnel refers to deleting the corresponding relationship between the tunnel ID and the tunnel peer device ID), but deletes the established VXLAN tunnel after determining that the traffic does not reach any terminal device under the second network device within the aging time. , so as to ensure normal forwarding of traffic accessing other terminal devices connected to the second network device.
  • a first network device in a second aspect, is provided, and the first network device has a function of implementing the behavior of the method for establishing a VXLAN tunnel in the first aspect.
  • the apparatus includes at least one module, and the at least one module is configured to implement the method for establishing a VXLAN tunnel provided in the first aspect above.
  • a network device in a third aspect, includes a processor and a memory, and the memory is used to store a program that supports the network device to execute the method for establishing a VXLAN tunnel provided in the first aspect, and Data involved in implementing the method for establishing a VXLAN tunnel provided by the first aspect is stored.
  • the processor is configured to execute programs stored in the memory.
  • the operating means of the storage device may further include a communication bus for establishing a connection between the processor and the memory.
  • a computer-readable storage medium where instructions are stored in the computer-readable storage medium, when the computer-readable storage medium runs on a computer, the computer executes the method for establishing a VXLAN tunnel described in the first aspect.
  • a computer program product containing instructions, which, when executed on a computer, cause the computer to execute the method for establishing a VXLAN tunnel described in the first aspect above.
  • FIG. 1 is a schematic diagram of a VXLAN system provided by an embodiment of the present application.
  • FIG. 2 is a schematic diagram of another VXLAN system provided by an embodiment of the present application.
  • FIG. 3 is a schematic diagram of a VXLAN tunnel distribution provided by an embodiment of the present application.
  • FIG. 4 is a schematic diagram of a format of a VXLAN message provided by an embodiment of the present application.
  • FIG. 5 is a schematic diagram of another VXLAN tunnel distribution provided by an embodiment of the present application.
  • FIG. 6 is a schematic diagram of dynamically establishing a VXLAN tunnel according to an embodiment of the present application.
  • FIG. 7 is a flowchart of a method for establishing a VXLAN tunnel provided by an embodiment of the present application.
  • FIG. 8 is a flowchart of another method for establishing a VXLAN tunnel provided by an embodiment of the present application.
  • FIG. 9 is a schematic structural diagram of a first network device provided by an embodiment of the present application.
  • FIG. 10 is a schematic structural diagram of a network device provided by an embodiment of the present application.
  • VXLAN technology is one of the standard technologies of Network Virtualization over Layer 3 (NVO3) defined by the Internet Engineering Task Force (IETF).
  • Request for comments (request for comments, RFC) 7348 defines the VXLAN message format.
  • MAC Media Access Control
  • UDP User Datagram Protocol
  • VXLAN can meet the needs of virtual migration and multi-tenancy of data center networks.
  • VXLAN is also suitable for the scenario of "one network with multiple uses" in the campus network. For example, the same bearer network is virtualized into multiple service networks to achieve mutual isolation between different service networks.
  • VXLAN can superimpose Layer 2 virtual networks on any network that can be reached by routes, and realize intercommunication within the VXLAN network through VXLAN gateways. At the same time, the VXLAN network can also realize the intercommunication with the traditional non-VXLAN network.
  • VXLAN technology extends the Layer 2 network by encapsulating the MAC into UDP, encapsulates the Ethernet packet on the Internet protocol (IP) packet, and transmits it in the network through the VXLAN gateway without paying attention to the MAC address of the terminal device. . Since the routing network has no network structure restrictions, it has the ability to expand on a large scale. Therefore, through the routing network, the migration of user equipment such as virtual machines is not limited by the network architecture.
  • FIG. 1 is a schematic structural diagram of a VXLAN network provided by an embodiment of the present application.
  • the basic physical network is called the underlay network
  • the virtualized network is called the overlay network or the virtual switch network (Fabric).
  • VXLAN network The virtual network devices in the VXLAN network are divided into two roles, one represents the exit of the VXLAN network, called the border device, which means it is connected to the external network, usually the three-layer gateway of the VXLAN network, corresponding to the bottom layer.
  • the network's egress gateway is a schematic structural diagram of a VXLAN network provided by an embodiment of the present application.
  • the basic physical network is called the underlay network
  • the virtualized network is called the overlay network or the virtual switch network (Fabric).
  • the virtual network devices in the VXLAN network are divided into two roles, one represents the exit of the VXLAN network, called the border device, which means it is connected to the external network, usually the three-layer gateway of the VXLAN network, corresponding to the bottom layer.
  • VXLAN network Another type of access that represents the VXLAN network is called the edge device, which represents the part of the VXLAN network that accesses the user equipment, and corresponds to the virtual access point (VAP) in the VXLAN network, usually corresponding to A network access device in an underlay network, such as an access switch or an access point (AP).
  • VAP virtual access point
  • C1-C5 in the top-level network correspond to access devices A1-A5 in the bottom-level network, respectively, and border device D1 (border) in the top-level network corresponds to network egress device B1 in the bottom-level network.
  • VAP or VXLAN Tunnel Endpoints may also be deployed in the non-access layer network equipment of the underlying network.
  • C1 and C2 correspond to aggregation devices Agg1 and Agg2 in the underlying network, respectively.
  • the edge device and the edge device communicate through VXLAN tunnels.
  • Layer 3 VXLAN tunnels are created between edge devices and edge devices, and the mutual access between terminal devices across different VXLANs (Layer 3 mutual access) needs to be forwarded through the Layer 3 VXLAN tunnel.
  • Layer 2 VXLAN tunnels are created between edge devices and edge devices, and terminal devices communicate with each other within the same VXLAN (Layer 2 mutual access) through Layer 2 VXLAN tunnels.
  • the encapsulation format of the VXLAN message is also explained.
  • the original frame original L2 frame
  • the outer UDP frame header the IP and MAC addresses of the bearer network are used as the outer header for encapsulation , you can get a VXLAN packet.
  • VXLAN Network Identifier Similar to the VLAN ID in traditional networks, it is used to distinguish VXLAN network segments. Tenants in different VXLAN segments cannot directly communicate at Layer 2. A network can be divided into one or more VNIs.
  • Broadcast domain Similar to the method of dividing the broadcast domain by VLAN in the traditional network, the broadcast domain is divided by BD in the VXLAN network. In a VXLAN network, a VNI is mapped to a broadcast domain BD in a 1:1 manner. A BD represents a broadcast domain, and hosts in the same BD can communicate at Layer 2.
  • VXLAN Tunnel Endpoints can encapsulate and decapsulate VXLAN packets.
  • the source IP address is the IP address of the source VTEP
  • the destination IP address is the IP address of the destination VTEP.
  • a pair of VTEP addresses corresponds to a VXLAN tunnel. After the source end encapsulates the packet, the encapsulated packet is sent to the destination VTEP through the tunnel, and the destination VTEP decapsulates the received encapsulated packet.
  • VAP Virtual Access Point
  • VXLAN service access point which can access services based on VLAN or packet flow encapsulation type.
  • NVE Network Virtualization Edge
  • the VXLAN network Similar to the traditional VLAN network, the VXLAN network also has mutual access within the VXLAN network and mutual access between the VXLAN networks.
  • Layer 2 gateway Similar to a Layer 2 access device on a traditional network, in a VXLAN network, a Layer 2 gateway enables tenants to access the VXLAN virtual network. Layer 2 gateways can also be used for subnet communication within the same VXLAN virtual network. Combined with the foregoing explanation of the functions of edge devices and edge devices, in VXLAN, edge devices can be used as Layer 2 gateways.
  • Layer 3 gateway Similar to traditional networks, users in different VLANs cannot directly communicate with each other at Layer 2, and VXLANs between different VNIs and between VXLANs and non-VXLANs cannot directly communicate with each other. To enable communication between VXLANs and between VXLANs and non-VXLANs, the concept of VXLAN Layer 3 gateways is introduced. Layer 3 gateways are used for cross-subnet communication of VXLAN virtual networks and access to external networks. Likewise, in conjunction with the foregoing explanations of the functions of the edge device and the edge device, in VXLAN, the edge device can be used as a Layer 3 gateway.
  • the method provided by the embodiment of the present application is applied to the above scenario of forwarding packets through VXLAN, and the purpose is to provide a method for dynamically establishing a VXLAN tunnel according to traffic requirements, so as to avoid the need to establish a VXLAN between all network devices during network initialization. Tunnel, thereby avoiding the waste of forwarding table resources of each network device, and also improving the forwarding table query efficiency when forwarding and forwarding packets.
  • the essence of establishing a VXLAN tunnel is to obtain the identifier of the VXLAN tunnel, and then establish a correspondence between the destination address of the packet and the tunnel identifier, so that subsequent packets sent to the destination address can be forwarded through the VXLAN tunnel.
  • the tunnel identifier can be the identifier of the peer device of the VXLAN tunnel (such as the IP address of the peer device), or it can be other unique symbols other than the identifier of the peer device of the VXLAN tunnel that can uniquely identify the tunnel, for example, the tunnel identifier is for VXLAN A unique number for the tunnel. The network device can use this number to index the corresponding entry, and the entry stores the VXLAN tunnel parameters including the IP address of the peer device.
  • VXLAN tunnels between all network devices are not established. Instead, the VXLAN tunnel between the two network devices is established only when there is a traffic access requirement between the two network devices.
  • configure a control device for the VXLAN network After the control device is configured, the following configuration is performed between the control device and each network device in the VXLAN.
  • the above-mentioned control device is a certain network device in the VXLAN.
  • the control device may also be a device other than the above VXLAN, for example, the control device supports VXLAN but is in a VXLAN different from the virtual network identifier (VNI) of the network device, or the control device may not support VXLAN.
  • VNI virtual network identifier
  • OCP overlay control protocol
  • OCP protocol is only an optional control plane protocol for realizing the communication between the control device and other network devices in the VXLAN.
  • This embodiment of the present application does not limit how the control device establishes the control plane protocol with each network device.
  • control device is set as a border device in the VXLAN.
  • a virtual network control protocol overlay control protocol, OCP
  • OCP overlay control protocol
  • any edge device can first establish a north-south VXLAN tunnel with the edge device. information does not establish a VXLAN tunnel between edge devices.
  • the technical effect of establishing a north-south VXLAN tunnel between the edge device and the edge device is: before the VXLAN tunnel is established between the edge devices, the VXLAN packets between the two edge devices can bypass the edge device, avoiding the need for edge devices. The packet transmission delay is long before the VXLAN tunnel is established between devices.
  • FIG. 5 is a schematic diagram of the architecture of a VXLAN provided by an embodiment of the present application.
  • the VXLAN includes five VTEPs, which are marked as VTEP-1, VTEP-2, VTEP-3, VTEP-4, and VTEP-5.
  • VTEP P-1, VTEP-2, VTEP-3, and VTEP-4 are edge devices
  • VTEP-5 is a border device. Deploy the OCP protocol on VTEP-1, VTEP-2, VTEP-3, VTEP-4, and VTEP-5 respectively, so that VTEP-5 acts as the OCP server, VTEP P-1, VTEP-2, VTEP-3, VTEP -4 as OCP client.
  • VTEP-1, VTEP-2, VTEP-3, and VTEP-4 establish VXLAN tunnels with VTEP-5 respectively, and obtain four VXLAN tunnels in the north-south direction as shown in Figure 5. .
  • VXLAN tunnels are not established between VTEP-1, VTEP-2, VTEP-3, and VTEP-4.
  • any edge device and the edge device do not first establish a north-south VXLAN tunnel.
  • the packets are transmitted after the VXLAN tunnel between the two edge devices is established.
  • the terminal device is usually also configured with an access policy.
  • the access policy is used to indicate the conditions that the packet sent to the terminal device needs to meet, so as to realize the management and control of the traffic in the network.
  • each network device other than the control device since each network device other than the control device does not communicate during network initialization, any network device cannot obtain the access policy of a terminal device connected to another network device. Therefore, in order to facilitate the subsequent implementation of sending packets to a terminal device according to the access policy of a terminal device, the access policy of each terminal device can be configured at the control device, so that a network device can obtain the information from the control device in the future. Access policies for individual end devices. The specific function of the access policy will be described in detail in the embodiments of the subsequent packet forwarding, which will not be described here.
  • a network administrator defines an access policy for a terminal device according to the needs of network services.
  • the access policy includes the access priority of the terminal device, the bandwidth accessed by the terminal device, whether the terminal device allows broadcast access, and other conditions.
  • the network administrator can directly configure the access policy on the control device, so that the access policy of each terminal device is stored on the control device.
  • the network administrator can define access policies for each terminal device on the authentication server.
  • the authentication server delivers the access policy of the terminal device to the control device, so that the control device stores the access policy of the terminal device.
  • the access policy of each edge device is stored in the edge device.
  • each network device except the control device notifies the control device of its currently connected terminal device, so that the control device stores the terminal access table of each network device.
  • the terminal access table of any network device includes the addresses of each terminal device connected to the network device.
  • the above-mentioned terminal access table is a possible data structure of a terminal access set, and the terminal access set of a certain network device includes the addresses of each terminal device connected to the network device.
  • the terminal access set may also be represented by other data structures, such as a linked list, a list, and the like, which are not specifically limited in this embodiment of the present application.
  • each network device In order to dynamically establish a VXLAN tunnel between subsequent network devices, each network device notifies the information of the connected terminal device to the control device, so that any subsequent network device can learn through the control device that the terminal device to be accessed is accessed. network device to establish a VXLAN tunnel between the two network devices.
  • the VXLAN includes multiple network devices, and the first network device is any one of the multiple network devices.
  • the first network device is taken as an example to illustrate that each of the foregoing network devices notifies the control device of the terminal devices currently connected to them.
  • the first network device receives the second packet sent by the first terminal device, and the source address of the second packet is the address of the first terminal device. If the second packet is the first network device For the first received packet from the second terminal device, the first network device sends a terminal access announcement message to the control device, where the terminal access announcement message carries the address of the first terminal device. The terminal access announcement message indicates that the first terminal device is connected to the first edge device.
  • the control device can add the address of the first terminal device to the terminal access device of the first network device. In the entry table, the terminal access table maintains the addresses of each terminal device connected to the first network device.
  • terminal device A accesses edge device VTEP-1.
  • terminal device A sends a packet to VTEP-1, and the packet carries the address of terminal device A.
  • the address includes an IP address and/or a MAC address. If the message is the first time that VTEP-1 receives a message from terminal device A and learns that terminal device A is currently connected to VTEP-1, VTEP-1 sends a terminal access notification message to the border device through the OCP protocol, and the terminal The access announcement message carries the address of the terminal device A and the identifier of VTEP-1, and the identifier of VTEP-1 may be VTEP IP.
  • the border device When the border device receives the terminal access announcement message, according to the address of terminal device A and the identity of VTEP-1 carried in the terminal access announcement message, it learns that terminal device A is currently connected to VTEP-1, and sends terminal device A to VTEP-1.
  • the identifier of VTEP-1 is added to the terminal access table of VTEP-1.
  • the foregoing process may be referred to as a “terminal reporting” process, the purpose is that the edge device can obtain the address of the terminal device connected to each edge device.
  • terminal device B when terminal device B accesses VTEP-4, it can report the address of terminal device B to the border device by referring to the above "terminal reporting" process, so that the border device can add the address of terminal device B to the VTEP -4 in the terminal access table.
  • the terminal access notification message reported by the above edge device to the border device may also include the identification VNI of the network segment where the terminal device is located, so that the subsequent edge device sends a message to a terminal device based on the VNI where the terminal device is located. to send.
  • the embodiments of the present application do not specifically describe the detailed implementation manner in which the border device forwards the packet based on the VNI where the terminal device is located.
  • FIG. 5 and FIG. 6 illustrate an example in which the control device is a border device in the VXLAN.
  • the control device is an edge device in the VXLAN, at this time, other network devices in the VXLAN and the edge device can also be configured with reference to the above method.
  • the control device is a non-VXLAN device, in this scenario, the control device and any network device in the VXLAN only need to deploy the OCP protocol, and the north-south VXLAN shown in Figure 5 is not established. tunnel.
  • VXLAN can dynamically establish VXLAN tunnels when there is a traffic demand, instead of establishing VXLAN tunnels between all network devices in advance.
  • FIG. 7 is a flowchart of a method for establishing a VXLAN tunnel provided by an embodiment of the present application, which is used to explain how to dynamically establish a VXLAN tunnel based on traffic requirements. As shown in Figure 7, the method includes the following steps.
  • Step 701 The first network device receives a first packet from the first terminal device, and the destination address of the first packet is the address of the second terminal device.
  • the VXLAN provided by the embodiment of the present application includes multiple network devices, and the first network device is any one of the multiple network devices.
  • the embodiment shown in FIG. 7 uses the first network device as an example to illustrate how to dynamically establish a VXLAN tunnel based on traffic requirements. Any network device in the VXLAN network can refer to the embodiment shown in FIG. 7 to implement the embodiment of the present application provided method.
  • the VXLAN tunnel between all network devices is not established when the VXLAN network configuration is completed. Instead, the VXLAN tunnel between the two network devices is established only when there is a traffic access requirement between the two network devices. Therefore, after the first network device receives the first packet, it needs to determine the network device in the VXLAN to which the second terminal device is connected. If the first network device can query locally that the network device in the VXLAN connected to the second terminal device is the second network device, the first packet can be forwarded based on the VXLAN tunnel from the first network device to the second network device. If the first network device cannot locally query the network device connected to the second terminal device, the first packet is dynamically forwarded through the following step 702.
  • the first network device stores a forwarding table.
  • the forwarding table includes a plurality of terminal device addresses and tunnel identifiers corresponding to the respective terminal device addresses.
  • the function of the forwarding table is to forward the message to the terminal device indicated by the address of the terminal device through the VXLAN tunnel indicated by the tunnel identifier corresponding to the address of any terminal device.
  • the above-mentioned tunnel identifier is an identifier of the VTEP at the receiving end of the VXLAN tunnel (eg, the IP address of the peer device).
  • the tunnel identifier of the VXLAN tunnel is the identifier of the second network device.
  • the tunnel identifier is a symbol other than the identifier of the peer device of the VXLAN tunnel that can uniquely identify the tunnel, for example, the tunnel identifier is a unique number for the VXLAN tunnel.
  • the tunnel identifier of the VXLAN tunnel is tunnel 1 .
  • the network device in order to facilitate the subsequent query of the peer device of a certain VXLAN tunnel to forward packets, the network device can use this number to index the corresponding entry, and the entry stores information including the peer device.
  • VXLAN tunnel parameters including the IP address. Therefore, in a possible implementation manner, the first network device may also maintain a tunnel list, where the tunnel list includes the identifiers of the VTEPs at the receiving end of the VXLAN tunnels that correspond one-to-one with each tunnel identifier.
  • the first network device searches in the forwarding table whether there is a connection with the first packet.
  • the tunnel identifier corresponding to the address of the second terminal device. If there is a tunnel identifier corresponding to the address of the second terminal device in the forwarding table, it indicates that there is a VXLAN tunnel between the first edge device and the second edge device.
  • the identifier of the VXLAN tunnel corresponding to the address forwards the first packet.
  • a network device sends the first packet according to the following step 702.
  • Step 702 In response to the failure to query the second network device connected to the second terminal device, establish a correspondence between the address of the second terminal device and the tunnel identifier, the tunnel identifier being between the first network device and the second network device VXLAN tunnel.
  • the control device stores the terminal access table of each network device, and the terminal access table of any network device includes the address of the terminal device connected to the corresponding network device. Therefore, in a possible implementation manner, the above-mentioned implementation process of establishing the correspondence between the address of the second terminal device and the tunnel identifier may be: the first network device sends a terminal query request to the control device.
  • the terminal query request is used to query the network device currently accessed by the second terminal device, and the terminal information query request includes the address of the second terminal device.
  • the control device receives the terminal query request, it queries the terminal access table including the address of the second terminal device from the stored terminal access table of each network device, and searches the network device corresponding to the queried terminal access table.
  • the control device finds out that the network device currently connected to the second terminal device is the second network device.
  • the control device sends a terminal query result to the first network device, where the terminal query result carries the identifier of the second network device.
  • the first network device receives the terminal query result returned by the control device, and learns that the network device currently accessed by the second terminal device is the second network device. Therefore, the first network device can establish the first network device according to the identifier of the second network device. The correspondence between the addresses of the two terminal devices and the tunnel identifier.
  • the first network device establishes the correspondence between the address of the second terminal device and the tunnel identifier according to the identifier of the second network device. different implementations.
  • the tunnel identifier in the forwarding table is the identifier of the device at the receiving end of the VXLAN tunnel.
  • the identifier of the second network device is used as the tunnel identifier of the VXLAN tunnel between the first network device and the second network device, and then the correspondence between the identifier of the second network device and the address of the second terminal device is established, namely Can.
  • "acting" means not including any operation.
  • the first network device obtains the identifier of the second network device, it is equivalent to determining the VXLAN between the first network device and the second network device.
  • the tunnel ID of the tunnel is the identifier of the device at the receiving end of the VXLAN tunnel.
  • the tunnel identifier in the forwarding table is a symbol other than the identifier of the peer device of the VXLAN tunnel that can uniquely identify the tunnel, for example, the tunnel identifier is a unique number for the VXLAN tunnel.
  • establishing a correspondence between the address of the second terminal device and the tunnel identifier according to the identifier of the second network device means: searching for the corresponding tunnel receiving end from the tunnel list according to the identifier of the second network device as the first 2.
  • the tunnel identifier of the VXLAN tunnel of the network device is a symbol other than the identifier of the peer device of the VXLAN tunnel that can uniquely identify the tunnel.
  • the tunnel identifier is the identifier of the VXLAN tunnel between the first network device and the second network device, indicating that the first network device to the second network device has been established.
  • the VXLAN tunnel of the network device does not create a correspondence between the address of the second terminal device and the tunnel ID of the VXLAN tunnel, so the correspondence between the address of the second terminal device and the tunnel ID of the VXLAN tunnel is established relationship. If no tunnel identifier is found, the tunnel identifier of the VXLAN tunnel between the first network device and the second network device is generated based on the tunnel identifier generation rule.
  • the tunnel identification generation rule is a rule for generating a unique VXLAN tunnel symbol, which is not specifically limited in this embodiment of the present application.
  • the tunnel identifier is generated based on the number of VXLAN tunnels from the first network device to other network devices.
  • the packet sent to the second terminal device can be passed through the forwarding table subsequently.
  • the VXLAN tunnel between the first network device and the second network device performs forwarding.
  • the control device is the edge device VTEP-5.
  • the terminal device A connected to the network device VTEP-1, it is assumed that the terminal device A currently needs to send the first packet to the terminal device B.
  • VTEP-1 receives the first packet, it identifies the address of the terminal device B to be accessed according to the packet header of the first packet, and the address includes, for example, MAC and IP addresses.
  • VTEP-1 sends a terminal query request to the control device through the OCP protocol, and the terminal query request carries the address of the terminal device.
  • the control device When the control device receives the terminal query request, it queries the terminal access table including the address of terminal device B from the terminal access table of each network device, and the query result is that the terminal access table of VTEP-4 includes the address of terminal device B. address. Therefore, the control device returns a terminal query result to VTEP-1, and the terminal query result carries the identifier of VTEP-4, and the identifier of VTEP-4 is, for example, VTEP IP.
  • VTEP-1 After VTEP-1 receives the query result of the terminal, it can determine the tunnel ID of the VXLAN tunnel from VTEP-1 to VTEP-4 according to the ID of VTEP-4, and then add the tunnel ID and the address of the second terminal device in the forwarding table Correspondence between.
  • the above process is also referred to as a "terminal inquiry" process.
  • the control device also stores the access policies of each terminal device. Therefore, optionally, the terminal query result returned by the control device to VTEP-1 also includes the access policy of terminal device B, so that the subsequent VTEP-1 sends the access policy of terminal device A to terminal device B based on the access policy of terminal device B. flow.
  • the traffic sent by the VTEP-1 to the terminal device A to access the terminal device B based on the access policy of the terminal device B will also be explained in detail later, and will not be elaborated here.
  • the traffic response of the first terminal device currently accessing the second terminal device is slow, if the query of the network device connected to the second terminal device fails, the first network The device first sends the first packet to the control device, and the control device forwards the first packet to the second network device. After establishing the correspondence between the address of the second terminal device and the tunnel identifier of the VXLAN tunnel between the first network device and the second network device, if the first network device receives the packet sent by the first terminal device, the The destination address of the packet is still the second terminal device, and at this time, the first network device directly forwards the packet through the VXLAN tunnel between the first network device and the second network device.
  • the first terminal device accesses The traffic of the second terminal device is detoured through the control device. After the correspondence between the address of the second terminal device and the tunnel identifier of the VXLAN tunnel between the first network device and the second network device is established, the first terminal device can access the VXLAN through which the traffic of the second terminal device can pass. The tunnel is forwarded directly.
  • a VXLAN tunnel may be established between other network devices in the VXLAN and the control device in advance. In this way, between the first network device and the second network Before the VXLAN tunnel between the devices is established, the traffic from the first terminal device to the second terminal device is passed through the VXLAN tunnel between the first network device and the control device and the VXLAN tunnel between the control device and the second network device. Bypass forwarding.
  • the control device is the edge device VTEP-5.
  • the traffic of terminal device A is forwarded and detoured from the control device through the north-south VXLAN tunnel.
  • the traffic of terminal device A is sent to terminal device B through the east-west horizontal VXLAN tunnel.
  • the terminal query result also carries an access policy corresponding to the second terminal device
  • the first network device when sending a packet through the established VXLAN tunnel, the first network device first determines whether the packet meets the requirements of the second terminal device. If the packet satisfies the access policy of the second terminal device, the packet is sent to the second network device through the established VXLAN tunnel.
  • the access policy of terminal device B includes the access priority of terminal device B.
  • VTEP-1 when VTEP-1 sends the packet, it first assigns a specific priority to the packet according to the access priority of terminal device B, and VTEP-1 performs forwarding according to the priority of each packet.
  • the access policy of terminal device B includes the accessed bandwidth of terminal device B.
  • VTEP-1 when VTEP-1 sends the packet, it needs to first determine whether the traffic that has been sent exceeds the above-mentioned bandwidth. If it exceeds, the packet will not be sent first. If the above bandwidth is not exceeded, the packet is sent.
  • the access policy of the terminal device B includes whether the terminal device B is allowed to be accessed by broadcasting. If the access policy indicates that the terminal device B is allowed to be accessed by broadcast, VTEP-1 is allowed to send the message by broadcasting when sending the message. If the access policy indicates that terminal device B is not allowed to be accessed by broadcast, VTEP-1 is not allowed to send the message by broadcasting when sending the message.
  • VTEP-4 creates a unidirectional VXLAN tunnel to the peer VTEP-1, which is not repeated here.
  • VXLAN tunnels between network devices are dynamically established based on traffic requirements, further, in order to avoid that some VXLAN tunnels are not used for a long time after being established, which leads to waste of forwarding table resources. Therefore, after the first network device establishes the correspondence between the address of the second terminal device and the tunnel identifier of the VXLAN tunnel between the first network device and the second network device, if the correspondence continues to be missed, it will age out the corresponding relationship. Correspondence.
  • the continuous miss of the correspondence between the address of the second terminal device and the tunnel identifier of the VXLAN tunnel between the first network device and the second network device means that the first network device does not receive a destination address of address of the second terminal device. In this scenario, it indicates that the second terminal device has no need to access the first terminal device within the reference time period. At this time, the first network device deletes the address of the second terminal device and the link between the first network device and the second terminal device from the forwarding table. Correspondence between tunnel identifiers of VXLAN tunnels between network devices. The above process may also be referred to as the aging process of the forwarding table.
  • the tunnel identifier in the forwarding table is a symbol other than the identifier of the peer device of the VXLAN tunnel that can uniquely identify the tunnel, for example, the tunnel identifier is a unique number for the VXLAN tunnel.
  • the network device can use this number to index the corresponding entry, and the entry stores the VXLAN tunnel parameters including the IP address of the peer device.
  • the first network device also maintains a tunnel list, where the tunnel list includes the VTEP identifiers of the receiving ends of the tunnels that correspond to each tunnel identifier one-to-one.
  • the tunnel ID and the second network device in the tunnel list are deleted.
  • the first terminal device is When there is no need to access the second terminal device, the first network device only deletes the correspondence between the address of the second terminal device and the tunnel identifier of the VXLAN tunnel between the first network device and the second network device from the forwarding table, that is, Yes, the related information of the VXLAN tunnel between the first network device and the second network device is not deleted from the tunnel list.
  • the first network device deletes the correspondence between the address of the second terminal device and the tunnel identifier of the VXLAN tunnel between the first network device and the second network device from the forwarding table
  • the forwarding table does not exist the address of the terminal device corresponding to the tunnel identifier of the VXLAN tunnel between the first network device and the second network device, indicating that the terminal device currently under the first network device does not have the requirement to access all the terminal devices accessed by the second terminal device, Therefore, the relevant information of the VXLAN tunnel between the first network device and the second network device is deleted from the tunnel list (the relevant information here is the tunnel identifier of the VXLAN tunnel between the first network device and the second network device and the second The corresponding relationship between the identifiers of network devices), so as to avoid idle VXLAN tunnels occupying network resources.
  • the above reference duration is also referred to as aging time, etc., which is not specifically limited in this embodiment of the present application.
  • the control device is the edge device VTEP-5.
  • the network device ages the forwarding table according to the traffic of the terminal. Specifically, when terminal device A and terminal device B do not exchange traffic for a period of time, and VTEP-1 does not receive traffic with the destination address of terminal device B within the aging time, VTEP-1 deletes the terminal device from the forwarding table.
  • Information of B (the information of terminal device B here refers to the address of terminal device B in the forwarding table and the tunnel identifier of the VXLAN tunnel from VTEP-1 to VTEP-4), and there is no VTEP-4 connection in the forwarding table. In the case of the addresses of other terminal devices, delete the VXLAN tunnel from VTEP-1 to VTEP-4.
  • VTEP-4 deletes the information of terminal device A in the forwarding table (the information of terminal device A here refers to the forwarding table. address of terminal device A and the tunnel identifier of the VXLAN tunnel from VTEP-4 to VTEP-1), and if the addresses of other terminal devices connected to VTEP-1 do not exist in the forwarding table, delete VTEP-4 to VTEP- 1 VXLAN tunnel.
  • VXLAN tunnels between all network devices are not established. Instead, the VXLAN tunnel between the two network devices is established only when there is a traffic access requirement between the two network devices.
  • the information stored in the forwarding table of each network device is reduced, and the data storage pressure of each network device is relieved.
  • the following takes the VXLAN shown in FIG. 5 as an example to describe in detail the method for establishing a VXLAN tunnel provided by the embodiment of the present application.
  • the method includes the following steps:
  • the edge device serves as the OCP server and the edge device serves as the OCP client.
  • the administrator deploys the access policy of the terminal device on the boundary device.
  • the access policy includes the access priority of the terminal device, the bandwidth of the terminal device to be accessed, and whether the terminal device allows broadcast access and other access conditions.
  • the edge device initiates registration with the edge device through OCP.
  • the OCP client and the OCP server establish a north-south VXLAN tunnel.
  • Terminal device A goes online and sends a traffic request to the gateway.
  • the edge device 1 receives the traffic of the terminal device A, identifies the information (MAC, IP) of the terminal device A, and the edge device 1 stores the information of the terminal device A, and combines the information of the terminal device A with the identity of the edge device 1 (VTEP IP) is reported to the border device through the OCP protocol.
  • MAC information
  • IP information of the terminal device A
  • VTEP IP identity of the edge device 1
  • the edge device stores the information of the terminal device A in the terminal access table of the edge device 1 .
  • Terminal device B goes online and sends a traffic request to the gateway.
  • the edge device 2 receives the traffic of the terminal device B, identifies the information (MAC, IP) of the terminal device B, and the edge device 2 stores the information of the terminal device B, and reports the information of the terminal device B to the edge device through the OCP protocol. .
  • the edge device stores the information of the terminal device B in the terminal access table of the edge device 2.
  • Terminal device A sends traffic to access terminal device B.
  • the edge device 1 receives the traffic of the terminal device A, searches the forwarding table of the device according to the destination IP (terminal device B), and does not find the information of the terminal device B. Through the OCP protocol, a query is initiated to the border device to query the relevant information of the terminal device B.
  • the border device queries the relevant information of terminal equipment B, and the relevant information of terminal equipment B (the relevant information includes, for example, the VNI of the network where terminal equipment B is located, the VTEP IP of the network equipment connected to terminal equipment B, the The access priority, the accessed bandwidth of the terminal device B, whether the terminal device B allows broadcast access, etc.) reply to the edge device 1 through the OCP protocol.
  • the relevant information includes, for example, the VNI of the network where terminal equipment B is located, the VTEP IP of the network equipment connected to terminal equipment B, the The access priority, the accessed bandwidth of the terminal device B, whether the terminal device B allows broadcast access, etc.
  • the edge device 1 stores the relevant information of the terminal device B. According to the relevant information of the terminal device B, it is determined that the terminal device B is connected to the edge device 2, and an east-west VXLAN tunnel from the edge device 1 to the edge device 2 is created.
  • the traffic of terminal device A accessing terminal device B is forwarded from the east-west tunnel, and the accessed policy of terminal device B is executed.
  • Terminal device B sends traffic back to terminal device A.
  • the edge device 2 receives the traffic of the terminal device B, searches the forwarding table of the device according to the destination IP (terminal device A), and does not find the relevant information of the terminal device A. Through the OCP protocol, a query is initiated to the border device to query the information of the terminal device A.
  • the edge device queries the related information of the terminal device A, and replies the related information of the terminal device A to the edge device 2 through the OCP protocol.
  • the edge device 2 stores the relevant information of the terminal device A. According to the relevant information of terminal device A, it is determined that terminal device A is connected to edge device 1, and an east-west VXLAN tunnel from edge device 2 to edge device 1 is created.
  • the edge device 1 device does not receive the traffic whose destination IP is terminal device B for a period of time, and deletes the entry of terminal device B in the forwarding table (the entry of terminal device B here refers to the entry in the forwarding table.
  • the edge device 1 device determines that there is no entry for the terminal device under the edge device 2 device on the forwarding table, and deletes the VXLAN tunnel from edge device 1 to edge device 2 (here, delete the VXLAN tunnel from edge device 1 to edge device 2 Refers to: delete the corresponding relationship between the tunnel ID of the VXLAN tunnel from edge device 1 to edge device 2 and the ID of edge device 2 in the tunnel list). If the edge device 1 device determines that there are other terminal device entries under the edge device 2 device on the forwarding table, the VXLAN tunnel is not deleted.
  • the edge device 2 does not receive the traffic whose destination IP is terminal device A for a period of time, the entry of terminal device A in the forwarding table is deleted (the entry of terminal device A here refers to the forwarding The correspondence between the address of terminal device A and the identifier of the VXLAN tunnel between edge device 2 and edge device 1 in the publication).
  • the edge device 2 device determines that there is no entry for the terminal device under the edge device 1 device on the forwarding table, and deletes the VXLAN tunnel from edge device 2 to edge device 1 (here, delete the VXLAN tunnel from edge device 2 to edge device 1 Refers to: delete the corresponding relationship between the tunnel ID of the VXLAN tunnel from edge device 2 to edge device 1 and the ID of edge device 1 in the tunnel list). If the edge device 2 device determines that there are other terminal device entries under the edge device 1 device on the forwarding table, the VXLAN tunnel is not deleted.
  • FIG. 9 is a schematic structural diagram of a first network device in a VXLAN provided by an embodiment of the present application.
  • the installed VXLAN includes multiple network devices, and the first network device is any one of the multiple network devices.
  • the first network device 900 includes:
  • a receiving module 901 configured to receive a first message from a first terminal device, where the destination address of the first message is the address of the second terminal device;
  • the establishment module 902 is configured to, in response to the failure to query the second network device connected to the second terminal device, establish a correspondence between the address of the second terminal device and the tunnel identifier, where the tunnel identifier identifies the first network device to VXLAN tunnel between second network devices.
  • build modules for:
  • the terminal query result includes an identifier of a second network device, and the second network device is a network device connected to the second terminal device;
  • a corresponding relationship between the address of the second terminal device and the tunnel identifier is established.
  • a receiving module further configured to receive a second packet from the first terminal device, where the source address of the second packet is the address of the first terminal device;
  • the first network device further includes a sending module, configured to send a terminal access announcement message to the control device if the second message is a message received from the first terminal device for the first time, where the terminal access announcement message includes the first terminal The address of the device, the terminal access announcement message indicates that the first terminal device is connected to the first network device.
  • a sending module configured to send a terminal access announcement message to the control device if the second message is a message received from the first terminal device for the first time, where the terminal access announcement message includes the first terminal The address of the device, the terminal access announcement message indicates that the first terminal device is connected to the first network device.
  • the first network device further includes a sending module
  • the sending module is configured to send the first packet to the control device via the VXLAN tunnel between the first network device and the control device.
  • the first network device further includes an aging module
  • An aging module configured to age the corresponding relationship between the address of the second terminal device and the tunnel identifier if the corresponding relationship continues to miss.
  • the first network device also stores a correspondence between the tunnel identifier and the identifier of the second network device;
  • the aging module is further configured to delete the corresponding relationship between the tunnel identifier and the identifier of the second network device if the corresponding relationship between any one of the terminal device addresses and the tunnel identifier is aging.
  • the embodiments of the present application can dynamically establish VXLAN tunnels between network devices and network devices only when there is a traffic forwarding requirement, which avoids the need to pre-establish VXLAN tunnels between all network devices, thereby saving network device processing time forwarding table resource. Since the information of the VXLAN tunnel stored in the forwarding table is reduced, the query efficiency of the forwarding table when forwarding packets can also be improved.
  • the first network device provided in the above embodiment establishes a VXLAN tunnel
  • only the division of the above functional modules is used as an example for illustration.
  • the above functions can be allocated to different functional modules as required. , that is, dividing the internal structure of the device into different functional modules to complete all or part of the functions described above.
  • the first network device provided in the above embodiment and the method embodiment for establishing a VXLAN tunnel belong to the same concept, and the specific implementation process thereof is detailed in the method embodiment, which will not be repeated here.
  • FIG. 10 is a schematic structural diagram of a network device provided by an embodiment of the present application.
  • the edge devices or border devices in the above-mentioned embodiments can all be implemented by the network devices shown in FIG. 10 .
  • the network device includes at least one processor 1001 , a communication bus 1002 , a memory 1003 and at least one communication interface 1004 .
  • the processor 1001 may be a general-purpose central processing unit (central processing unit, CPU), an application-specific integrated circuit (application-specific integrated circuit, ASIC), or one or more integrated circuits for controlling the execution of the programs of the present application.
  • CPU central processing unit
  • ASIC application-specific integrated circuit
  • the functions of modules such as the establishment module and the aging module in the embodiment of FIG. 9 can all be implemented by a processor.
  • Communication bus 1002 may include a path to communicate information between the above-described components.
  • the memory 1003 can be read-only memory (ROM), random access memory (RAM), electrically erasable programmable read-only memory (EEPROM), optical disk (including compact disc read-only memory (CD-ROM), compact disc, laser disc, digital versatile disc, Blu-ray disc, etc.), magnetic disk or other magnetic storage device, or capable of carrying or storing instructions or data A desired program code in a structured form and any other medium that can be accessed by a computer, but is not limited thereto.
  • the memory 1003 can exist independently and is connected to the processor 1001 through the communication bus 1002 .
  • the memory 1003 may also be integrated with the processor 1001 .
  • the memory 1003 is used for storing the program code for executing the solution of the present application, and the execution is controlled by the processor 1001 .
  • the processor 1001 is used to execute program codes stored in the memory 1003 .
  • One or more software modules may be included in the program code.
  • the network device in FIGS. 1 to 6 may determine data for developing an application through the processor 1001 and one or more software modules in the program code in the memory 1003 .
  • Communication interface 1004 using any transceiver-like device, for communicating with other devices or communication networks, such as Ethernet, radio access networks (RAN), wireless local area networks (WLAN), etc. .
  • RAN radio access networks
  • WLAN wireless local area networks
  • the functions of the receiving module and the sending module in the embodiment of FIG. 9 may be implemented through a communication interface.
  • the computer program product includes one or more computer instructions.
  • the computer may be a general purpose computer, special purpose computer, computer network, or other programmable device.
  • the computer instructions may be stored in or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be downloaded from a website site, computer, server, or data center Transmission to another website site, computer, server, or data center by wire (eg, coaxial cable, optical fiber, digital subscriber line (DSL)) or wireless (eg, infrared, wireless, microwave, etc.).
  • the computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device such as a server, a data center, or the like that includes an integration of one or more available media.
  • the usable media may be magnetic media (eg: floppy disk, hard disk, magnetic tape), optical media (eg: digital versatile disc (DVD)), or semiconductor media (eg: solid state disk (SSD)) )Wait.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

La présente invention concerne un procédé permettant d'établir un tunnel VXLAN, ainsi qu'un dispositif associé, qui appartiennent au domaine technique des communications. Le procédé comprend les étapes suivantes : un premier dispositif réseau reçoit un premier message d'un premier dispositif terminal, l'adresse de destination du premier message étant une adresse d'un second dispositif terminal; et en réponse à un échec d'interrogation d'un second dispositif réseau connecté au second dispositif terminal, établit une corrélation entre l'adresse du second dispositif terminal et un identifiant de tunnel, l'identifiant de tunnel étant un tunnel VXLAN entre le premier dispositif réseau et le second dispositif réseau. Par conséquent, au moyen du procédé, lorsqu'il existe une exigence de transfert de trafic, un tunnel VXLAN entre des dispositifs réseau peut être établi de manière dynamique, ce qui permet d'éviter la nécessité de pré-établir des tunnels VXLAN entre tous les dispositifs réseau et donc d'économiser des ressources de table de transfert au niveau des dispositifs réseau. Comme les informations des tunnels VXLAN stockées dans une table de transfert sont réduites, l'efficacité d'interrogation de la table de transfert lors du transfert d'un message peut également être améliorée.
PCT/CN2021/100425 2020-06-30 2021-06-16 Procédé permettant d'établir un tunnel vxlan et dispositif associé WO2022001669A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202010617508.1A CN113872845B (zh) 2020-06-30 2020-06-30 建立vxlan隧道的方法及相关设备
CN202010617508.1 2020-06-30

Publications (1)

Publication Number Publication Date
WO2022001669A1 true WO2022001669A1 (fr) 2022-01-06

Family

ID=78981764

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/100425 WO2022001669A1 (fr) 2020-06-30 2021-06-16 Procédé permettant d'établir un tunnel vxlan et dispositif associé

Country Status (2)

Country Link
CN (1) CN113872845B (fr)
WO (1) WO2022001669A1 (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115022120A (zh) * 2022-05-20 2022-09-06 浪潮思科网络科技有限公司 一种vxlan网络中mlag的报文抑制方法、设备及介质
CN115150224A (zh) * 2022-06-29 2022-10-04 济南浪潮数据技术有限公司 一种集群间网络二层打通方法、装置、设备及存储介质
WO2023221452A1 (fr) * 2022-05-17 2023-11-23 阿里云计算有限公司 Système et procédé de traitement de paquets, dispositif et support de stockage

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113923075A (zh) * 2020-07-09 2022-01-11 华为技术有限公司 一种数据传输方法和装置
CN115426217A (zh) * 2022-09-30 2022-12-02 上海地面通信息网络股份有限公司 一种基于vxlan的互联网接入控制系统及方法
CN116055398A (zh) * 2022-12-29 2023-05-02 天翼云科技有限公司 一种vxlan集群系统的转发方法和系统节点

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101299723A (zh) * 2008-07-02 2008-11-05 杭州华三通信技术有限公司 标签交换路径隧道信息管理方法及装置
US20150341263A1 (en) * 2012-12-27 2015-11-26 Hangzhou H3C Technologies Co., Ltd. Associating internet protocol (ip) addresses with ethernet virtualisation interconnection (evi) links
CN106998286A (zh) * 2017-05-05 2017-08-01 杭州迪普科技股份有限公司 一种vxlan报文转发方法及装置
CN110391961A (zh) * 2018-04-18 2019-10-29 华为技术有限公司 一种隧道绑定方法、设备及系统

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1138367C (zh) * 2001-09-17 2004-02-11 华为技术有限公司 用于网络区域节点间安全通信的安全联盟产生方法
US7894369B2 (en) * 2005-08-19 2011-02-22 Opnet Technologies, Inc. Network physical connection inference for IP tunnels
CN101207546A (zh) * 2006-12-18 2008-06-25 华为技术有限公司 一种动态建立隧道的方法、隧道服务器和系统
CN102045233B (zh) * 2009-10-22 2013-03-13 杭州华三通信技术有限公司 一种网络通信中控制报文转发的方法和设备
CN104904254B (zh) * 2013-01-11 2018-11-23 Lg 电子株式会社 用于在无线通信系统中发送信息的方法和设备
CN103259736A (zh) * 2013-05-24 2013-08-21 杭州华三通信技术有限公司 一种隧道建立方法和网络设备
US20140376558A1 (en) * 2013-06-19 2014-12-25 Alcatel-Lucent Usa Inc. Dynamic Network Service Association and On Demand Service Provisioning
CN104022936B (zh) * 2014-06-20 2018-02-06 新华三技术有限公司 一种隧道建立方法和装置
CN109412926B (zh) * 2018-11-16 2021-04-27 新华三技术有限公司 一种隧道建立方法和装置
CN110430116B (zh) * 2019-07-26 2021-05-07 新华三技术有限公司成都分公司 数据转发方法及装置、边缘设备及可读存储介质

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101299723A (zh) * 2008-07-02 2008-11-05 杭州华三通信技术有限公司 标签交换路径隧道信息管理方法及装置
US20150341263A1 (en) * 2012-12-27 2015-11-26 Hangzhou H3C Technologies Co., Ltd. Associating internet protocol (ip) addresses with ethernet virtualisation interconnection (evi) links
CN106998286A (zh) * 2017-05-05 2017-08-01 杭州迪普科技股份有限公司 一种vxlan报文转发方法及装置
CN110391961A (zh) * 2018-04-18 2019-10-29 华为技术有限公司 一种隧道绑定方法、设备及系统

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023221452A1 (fr) * 2022-05-17 2023-11-23 阿里云计算有限公司 Système et procédé de traitement de paquets, dispositif et support de stockage
CN115022120A (zh) * 2022-05-20 2022-09-06 浪潮思科网络科技有限公司 一种vxlan网络中mlag的报文抑制方法、设备及介质
CN115022120B (zh) * 2022-05-20 2024-05-14 浪潮思科网络科技有限公司 一种vxlan网络中mlag的报文抑制方法、设备及介质
CN115150224A (zh) * 2022-06-29 2022-10-04 济南浪潮数据技术有限公司 一种集群间网络二层打通方法、装置、设备及存储介质

Also Published As

Publication number Publication date
CN113872845B (zh) 2023-04-07
CN113872845A (zh) 2021-12-31

Similar Documents

Publication Publication Date Title
WO2022001669A1 (fr) Procédé permettant d'établir un tunnel vxlan et dispositif associé
US11394644B2 (en) EVPN packet processing method, device, and system
EP3591912B1 (fr) Procédé, dispositif et système de traitement de paquets evpn
US9787632B2 (en) Centralized configuration with dynamic distributed address management
JP5986692B2 (ja) ネットワークデバイスのためのネットワーク機能仮想化
CN105791463B (zh) 一种实现虚拟机通信的方法和装置
CN112929273A (zh) 一种处理路由的方法、设备及系统
EP4027593B1 (fr) Procédé, dispositif, système et support de stockage de configuration de tunnel
WO2017032300A1 (fr) Procédé de transmission de données, appareil de gestion de réseau virtuel et système de transmission de données
WO2017113300A1 (fr) Procédé de détermination de route, procédé de configuration de réseau et dispositif associé
WO2015180154A1 (fr) Procédé et appareil de contrôle de réseau
US11223597B2 (en) Network and network management method
US12068955B2 (en) Method for controlling traffic forwarding, device, and system
WO2014180199A1 (fr) Procédé d'établissement de réseau et dispositif de commande
CN113726915A (zh) 网络系统及其中的报文传输方法和相关装置
WO2023035836A1 (fr) Procédé de traitement de message et appareil associé
US20220329566A1 (en) Access Control Method, Apparatus, and System
WO2022001666A1 (fr) Procédé de création d'un tunnel vxlan, et dispositifs associés
CN114389992A (zh) 一种控制流量转发方法、设备及系统
CN113300931B (zh) 一种虚拟机迁移发现方法及vtep
WO2024016869A1 (fr) Procédé et appareil de configuration de multidiffusion
US11902166B2 (en) Policy based routing in extranet networks
WO2022053007A1 (fr) Procédé et appareil de vérification d'accessibilité de réseau, et support de stockage informatique
WO2023083103A1 (fr) Procédé de traitement de données et appareil associé
WO2013053293A1 (fr) Procédé d'interconnexion et d'intercommunication de réseau d'identification et de réseau classique, routeur de service d'accès (asr) et routeur de service d'intercommunication (isr)

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21833183

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21833183

Country of ref document: EP

Kind code of ref document: A1