WO2022068330A1 - 一种检测路由环路的方法、设备及系统 - Google Patents
一种检测路由环路的方法、设备及系统 Download PDFInfo
- Publication number
- WO2022068330A1 WO2022068330A1 PCT/CN2021/106983 CN2021106983W WO2022068330A1 WO 2022068330 A1 WO2022068330 A1 WO 2022068330A1 CN 2021106983 W CN2021106983 W CN 2021106983W WO 2022068330 A1 WO2022068330 A1 WO 2022068330A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- network device
- identifier
- routing
- routing information
- domain
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0823—Errors, e.g. transmission errors
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/18—Loop-free operations
Definitions
- the embodiments of the present application relate to the field of communications technologies, and in particular, to a method, device, and system for detecting routing loops.
- Figure 1 shows a schematic diagram of a deployment scenario of a routing protocol. Each routing protocol and routing information between different processes of the same routing protocol are isolated and are an independent routing domain. Please refer to the schematic diagram of the network scenario of route redistribution shown in Figure 2. Since devices across routing domains need to be able to access each other in many cases, it is necessary to spread the routing information reachable by routing devices between different routing domains, that is, Route redistribution. Please refer to the schematic diagram of the network scenario of routing loop shown in Figure 3. The process of route redistribution is realized by configuring route import rules on the device. Since import rules are usually bidirectional, routes may be sent back to the In their own situation, it is easy to cause hidden dangers of routing loops.
- the routing device ID is used as the routing attribute at the routing cross-protocol or cross-process introduction point.
- the information is advertised back to the routing device that has been advertised, it is determined that a routing loop occurs.
- the maximum capacity of the protocol packets from the intermediate system to the intermediate system (IS-IS, intermediate system to intermediate system) of the interior gateway (IGP, interior gateway protocol) protocol if the routing protocol is extended, the expansion The routing attributes will occupy the capacity, which will reduce the maximum specification of the number of advertised routing information.
- OSPF open shortest path first
- An embodiment of the present application provides a method for detecting a routing loop, which is used to determine whether a routing loop occurs by using an extended maintenance attribute generated during a route redistribution process.
- the present application also provides corresponding network devices, controllers, computer-readable storage media, and computer program products.
- the first network device will receive the first routing information sent by the second network device.
- a program may be pre-coded for the network device, so that after the network device publishes the routing information, an extended maintenance attribute corresponding to the routing information will be generated. Therefore, the first network device also receives the first extended maintenance attribute corresponding to the first routing information.
- the first extended maintenance attribute includes a first identifier
- the first identifier may include a routing domain identifier of an advertisement path of the first routing information. all routing domains passed. Each process of each network protocol that each network device works will have different independent routing domains, and each of these routing domains can be set with a corresponding routing domain identifier.
- the transmission protocol of the routing information is different from the transmission protocol of the extended maintenance attribute.
- the routing information is transmitted through the original service protocol, and the extended maintenance attribute corresponding to the routing information is transmitted through other different transmission protocols.
- a protocol other than the original service protocol that can be extended to transmit attributes is defined as an out-of-band protocol.
- the network equipment transmits the above-mentioned extended maintenance attributes through the out-of-band protocol, and does not need to expand the original service protocol, and will not affect the performance of the original service protocol, so the technical solution of the present invention can be applied to the prior art, ISIS Route republishing scenario of protocol or OSPF protocol.
- the first network device may determine whether the first identifier in the first extended maintenance attribute satisfies the preset condition, and if so, the first network device may determine that a routing loop occurs; if not, the first network device may determine that a routing loop occurs; Then the first network device can determine that no routing loop occurs, and the first network device can continue to use the first routing information.
- the extended maintenance attribute is transmitted between network devices, and the receiving device of the extended maintenance attribute can directly determine whether a routing loop occurs according to the received extended maintenance attribute.
- the whole solution process does not need to introduce other new equipment, which improves the convenience of the solution.
- the first network device determines whether the first identifier satisfies the preset condition.
- the first network device may It is judged whether the same routing domain identifier exists in the first identifier. Because each routing domain identifier in the extended maintenance attribute represents that the corresponding routing information has been advertised through the routing domain. Therefore, if the same routing domain identifier exists in the first identifier, it means that after the first routing information is advertised to a certain routing domain, it is advertised to the same routing domain again. At this time, the first network device can determine that the first routing information Caused a routing loop. If the same routing domain identifier does not exist in the first identifier, the first network device may determine that the first routing information does not cause a routing loop.
- the first network device in a scenario when the first network device receives a certain piece of routing information, the first network device directly determines whether a routing loop occurs through the extended maintenance attribute corresponding to the routing information.
- the first network device in addition to receiving the second routing information sent by the third network device, the first network device also receives the second extended attribute sent by the third network device, where the second extended attribute includes: The second identifier, where the second identifier includes the routing domain identifier of the advertisement path corresponding to the second routing information.
- the first network device has received the first routing information and the second routing information, and the first network device can also judge whether a routing loop occurs through the extended maintenance attributes corresponding to the two routing information: when the first network device When the received second identifier in the second extended maintenance attribute includes at least one routing domain identifier in the first identifier, the first network device may determine that the second routing information causes a routing loop. If the second identifier does not include at least one routing domain identifier in the first identifier, the first network device may determine that the first routing information does not cause a routing loop.
- the first network device will receive multiple pieces of routing information, so it will also receive multiple extended maintenance attributes.
- the first network device may compare two or more received extended maintenance attributes to determine whether a routing loop occurs.
- a self-maintenance negotiation relationship under the autonomous network integration model and method (ANIMA, autonomic network integrated model and approach) network may be established.
- the first network device may establish a self-maintenance negotiation relationship with a neighbor network device, and the neighbor device includes a second network device and a third network device.
- the general self-organizing signaling protocol (grasp, generic autonomic signaling protocol) under the ANIMA network can be used as an out-of-band protocol to transmit extended maintenance properties.
- the ANIMA network mainly provides four functions: self-configuration, self-protection, self-healing and self-optimization. After the self-maintenance negotiation relationship under the ANIMA network is established between network devices, out-of-band protocols are configured, routing loops are determined, and network self-healing is performed. and other steps to reduce the dependence on network administrators or centralized management systems, and improve the convenience of the solution.
- the first network device Before the first network device establishes a self-maintenance negotiation relationship with neighbor network devices (including the second network device and the third network device), it needs to discover network neighbor devices through the Grasp protocol.
- the first network device may search for neighbor network devices through a service discovery function (discover) interface of the grab protocol. Then, the neighbor network device also sends a protocol-assisted-protocol (PAP, protocol-assisted-protocol) communication address corresponding to the device through the discover interface of the grab protocol.
- PAP protocol-assisted-protocol
- each network device needs to obtain the PAP communication address of the peer device from each other, so as to establish a self-maintenance negotiation relationship with each other.
- the first network device can also actively flood the PAP communication address of the device to neighboring network devices through the flood interface of the Grasp protocol, and then the neighboring network devices can obtain the flood value through the Grasp protocol.
- the (flood_get) function interface receives the PAP communication destination flooded by the first network device.
- each network device has its own corresponding PAP communication address.
- the first network device needs to send a negotiation request message to the neighbor network device, where the negotiation request message is used to indicate the first network device.
- the network device needs to establish a self-maintenance negotiation relationship with the neighbor network device.
- the neighbor network device After the neighbor network device receives the negotiation request message, it will respond to the negotiation request message and send a negotiation response message to the first network device.
- the negotiation response message is used to indicate that the neighbor network device agrees to establish a self-maintenance negotiation with the first network device. relation.
- the first network device After receiving the negotiation response message sent by the neighbor network device, the first network device will perform security verification of the security policy parameters of the self-maintenance function on the negotiation response. After the negotiation response message has passed the security verification of the first network device, the first network device will A self-maintaining negotiation relationship between a network device and a neighbor network device can be successfully established. If the security verification of the negotiation response message fails, the first network device will not establish a self-maintenance negotiation relationship with the neighbor network device.
- the establishment of a self-maintenance negotiation relationship between network devices requires security verification of the security policy parameters of the self-maintenance function, which prevents any unauthorized network device from establishing a self-maintenance negotiation relationship with each network device at will, and improves the security of the solution. sex.
- the first network device may start to transmit packets (including extended maintenance attributes) conforming to the ANIMA network data representation specification to each other.
- the first network device receives the negotiation rejection message sent by the neighbor network device, the first network device can disconnect the self-maintenance negotiation relationship with the neighbor network device, and at this time, the first network device cannot disconnect from the self-maintenance Neighboring network devices that negotiate a relationship transmit extended maintenance attributes to each other.
- each network device has a security policy parameter of the self-maintenance function, and the security policy parameter of the self-maintenance function is used to verify whether the protocol packets exchanged between the devices meet the security requirements.
- the first network device may directly inherit the security policy parameters of the self-maintenance function from the security policy parameters of the routing protocol.
- the network device can directly inherit the security policy parameters of the self-maintenance function directly from the security policy parameters of the routing protocol, eliminating the step of manually configuring the security policy parameters of the self-maintenance function, and improving the convenience of the solution.
- the extended maintenance attribute may be transmitted through the grasp protocol under the ANIMA network.
- the first network device determines that a routing loop has occurred, it can lower the priority of the first routing information, and the first network device will not use the first routing information at this time. , or directly delete the first routing information, or send alarm information to a management device (eg, a switch or a server), and the management device issues a management action instruction to the first network device.
- a management device eg, a switch or a server
- the third network device and the second network device may be the same device. That is, the applicable scenarios of the technical solution of the present invention are not limited to the number of network devices, so the technical solution of the present invention is also applicable to the situation that a routing loop occurs when a route is republished between two devices.
- the first network device may acquire the PAP communication address of the neighbor network device by static manual configuration. For example, when the neighbor network device does not support the discover function or the flooding function, the PAP communication address of the neighbor network device can be obtained by static manual configuration, thereby establishing a self-maintenance negotiation relationship.
- the first network device will also send the first extension corresponding to the first routing information to the controller through an out-of-band protocol.
- the first extended maintenance attribute includes a first identifier, and the first identifier includes an identifier of the first source routing domain and an identifier of the first destination routing domain corresponding to the first routing information.
- the source routing domain refers to the routing domain that works when the sending device of routing information sends the routing information
- the destination routing domain refers to the routing domain that is used when the receiving device of routing information receives the routing information.
- Working routing domain The network device sends the identifier of the source routing domain and the identifier of the destination routing domain in the extended maintenance attribute to the controller, so as to notify the controller of the publishing direction of the routing information. After the controller receives the extended maintenance attribute, it will save it.
- the second network device may send the second routing information to the third network device, and the second network device will also send the second extended maintenance attribute corresponding to the second routing information to the controller through the out-of-band protocol.
- the attribute includes a second identifier, and the second identifier includes an identifier of the second source routing domain and an identifier of the second destination routing domain corresponding to the second routing information.
- the controller may determine that the first routing information and the second routing information belong to the same route, and the second routing information is from the first network The routing domain in which the device works is advertised to the routing domain in which the second network device works, and then advertised to the routing domain in which the third network device works.
- the controller organizes and combines the first identifier and the second identifier into a first target identifier, and the first target identifier includes the routing domain identifier of the publishing path of the second routing information, that is, it includes the identifier of the first source routing domain, the second The identifier of the source routing domain and the identifier of the third source routing domain.
- the controller may judge the first destination identifier obtained by the organization and synthesis, and if the first destination identifier satisfies a preset condition, the controller may determine that a routing loop occurs. If the first target identifier does not meet the preset condition, the controller may determine that no routing loop occurs.
- the network device only needs to send the corresponding extended maintenance attribute to the controller after publishing the routing information, and the controller determines the routing domain identifier of the publishing path of the routing information and judges whether a routing loop occurs, which reduces the computing power of the network device. burden.
- the controller may determine whether the first target identifier satisfies the preset condition in many cases. In some possible implementation manners, the controller may determine whether the first target identifier has the same routing domain logo. Because each routing domain identifier in the first target identifier represents that the corresponding routing information has been advertised through the routing domain. Therefore, if the same routing domain ID exists in the first target ID, it means that after the second routing information is advertised to a certain routing domain, it is advertised to the same routing domain again. At this time, the controller can determine that the second routing information causes routing loop. If the same routing domain identifier does not exist in the first identifier, the controller may determine that the second routing information does not cause a routing loop.
- the above-mentioned out-of-band protocol may be a border gateway protocol.
- the network device uses the Border Gateway Protocol as an out-of-band protocol to send extended maintenance attributes to the controller, and does not need to extend the original routing information transmission protocol.
- the controller may send a management instruction to the third network device that receives the second routing information.
- the management instruction is used to notify the third network device not to use the second routing information.
- the third network may lower the priority of the second routing information or delete the second routing information.
- the third network device may receive third routing information sent by other network devices, and the controller will also receive the third extended maintenance attribute corresponding to the third routing information.
- the controller may determine the second target identifier according to the similar method described in the second aspect, and the second target identifier includes the routing domain identifier of the publishing path of the third routing information.
- the method for the controller to judge whether the first target identifier satisfies the preset condition may be: the controller determines whether the second target identifier includes at least one routing domain identifier in the first target identifier, and if so, the controller can determine the third target identifier.
- the routing information causes a routing loop, and if not, the controller may determine that the third routing information does not cause a routing loop.
- a third aspect of the embodiments of the present application provides a network device configured to execute the method in the first aspect or any possible implementation manner of the first aspect.
- the network device includes a unit for performing the method in the first aspect or any possible implementation manner of the first aspect.
- a fourth aspect of the embodiments of the present application provides a controller, configured to execute the method in the second aspect or any possible implementation manner of the second aspect.
- the controller includes a unit for executing the method of the second aspect or any one of possible implementations of the second aspect.
- a fifth aspect of the embodiments of the present application provides a network device, including:
- processors memories, input and output devices, and buses;
- the processor, the memory, and the input and output devices are connected to the bus;
- the processor is configured to perform the method for detecting a routing loop described in the first aspect or any implementation manner of the first aspect.
- a sixth aspect of the embodiments of the present application provides a controller, including:
- processors memories, input and output devices, and buses;
- the processor, the memory, and the input and output devices are connected to the bus;
- the processor is configured to perform the method for detecting a routing loop described in the second aspect or any implementation manner of the second aspect.
- a seventh aspect of the embodiments of the present application provides a computer-readable storage medium, where instructions or codes are stored in the computer-readable storage medium, when the computer-readable storage medium runs on a device such as a computer device, the device causes the device to perform the first aspect or the first aspect.
- An eighth aspect of the embodiments of the present application provides a computer-readable storage medium, where instructions or codes are stored in the computer-readable storage medium, when the computer-readable storage medium runs on a device such as a computer device, the device causes the device to perform the second aspect or the first The method for detecting a routing loop described in any one of the implementation manners of the second aspect.
- a ninth aspect of the embodiments of the present application provides a system for detecting routing loops, including a first network device and a second network device;
- the second network device sends a first extended maintenance attribute to the first network device through an out-of-band protocol, where the first extended maintenance attribute includes a first identifier, and the first identifier includes a distribution path corresponding to the first routing information.
- the first routing information includes routing information advertised by the second network device to the first network device;
- the first network device determines that a routing loop occurs;
- the first network device determines that no routing loop has occurred.
- a tenth aspect of the embodiments of the present application provides a system for detecting routing loops, including a controller, a first network device, a second network device, and a third network device;
- the first network device sends a first extended maintenance attribute to the controller through an out-of-band protocol, where the first extended maintenance attribute includes a first identifier, and the first identifier includes the information of the first source routing domain corresponding to the first routing information.
- the identifier and the identifier of the first destination routing domain, the first source routing domain is the routing domain from which the first network device sends the first routing information, and the first destination routing domain is the second network device to receive. the routing domain of the first routing information;
- the second network device sends a second extended maintenance attribute to the controller through the out-of-band protocol, where the second extended maintenance attribute includes a second identifier, and the second identifier includes a second identifier corresponding to the second routing information
- the identifier of the source routing domain and the identifier of the second destination routing domain, the second source routing domain is the routing domain from which the second network device sends the second routing information, and the second destination routing domain is the first routing domain. 3.
- the network device receives the routing domain of the second routing information;
- the controller determines a first target identification according to the first identification and the second identification, and the first target identification includes The identifier of the routing domain of the publishing path of the first routing information and the identifier of the routing domain of the publishing path of the second routing information;
- the controller judges whether the first target identifier satisfies a preset condition
- the controller determines that a routing loop occurs;
- the controller determines that a routing loop has not occurred.
- FIG. 1 is a schematic diagram of a deployment scenario of a routing protocol
- Fig. 2 is a kind of network scenario schematic diagram of route redistribution
- FIG. 3 is a schematic diagram of a network scenario in which a routing loop occurs
- FIG. 4 is a schematic diagram of a network scenario for detecting routing loops
- FIG. 5 is a schematic diagram of the architecture of an ANIMA network system
- FIG. 6 is a schematic diagram of an embodiment of a method for detecting a routing loop
- FIG. 7 is a schematic diagram of a single-node state machine of a network device in a negotiation process
- FIG. 8 is a schematic diagram of a judgment logic for detecting a routing loop
- Fig. 9 is another kind of judgment logic schematic diagram of detecting routing loop
- FIG. 10 is a schematic diagram of another embodiment of a method for detecting a routing loop
- FIG. 11 is a schematic structural diagram of a network device
- FIG. 12 is a schematic structural diagram of a network device
- FIG. 13 is a schematic structural diagram of a controller
- 15 is a schematic structural diagram of a network device
- FIG. 16 is a schematic structural diagram of a controller.
- Embodiments of the present application provide a method, related equipment, and system for detecting routing loops, which are used to prevent routing loops and complete self-healing.
- the embodiments of the present application will be described in further detail below with reference to the accompanying drawings.
- the terms “first”, “second” and the like in the description and claims of the present application and the above drawings are used to distinguish similar objects, and are not necessarily used to describe a specific order or sequence. It should be understood that the terms used in this way can be interchanged under appropriate circumstances, and this is only a distinguishing manner adopted when describing objects with the same attributes in the embodiments of the present application.
- the ANIMA network is introduced as follows:
- FIG. 5 provides a schematic diagram of the architecture of an ANIMA network system.
- the ANIMA network is a self-organizing network.
- the autonomy of the ANIMA network mainly completes four purposes: self-configuration, self-protection, self-healing, and self-optimization, so as to minimize the Reliance on network administrators or centralized management systems.
- the ANIMA network is divided into two layers, the autonomous service agent (ASA, autonomic service agent) and the autonomous network infrastructure (ANI, autonomic network infrastructure).
- ASA autonomous service agent
- ANI autonomous network infrastructure
- ANI includes bootstrap, autonomic control plane (ACP, autonomic control pannel) and grabp protocol.
- ACP autonomic control plane
- ACP autonomic control pannel
- Bootstrap is responsible for the secure startup of network devices, and enables network devices to access the ANIMA system by authenticating the network devices.
- ACP is responsible for establishing hop-by-hop encrypted Internet Protocol (IP, internet protocol) tunnels between network devices to form a stable management virtual private network (VPN, virtual private network), based on IGP in the VPN Realize the intercommunication between multi-hop network devices.
- IP Internet Protocol
- VPN virtual private network
- the grasp protocol is a standard signaling protocol for interaction between ASAs. It is responsible for enabling ASAs and completing functions such as dynamic neighbor discovery, synchronization status, and negotiation parameter settings.
- the grasp protocol is a standard signaling protocol for interaction between ASAs, which can provide the ASA with a GRASP application programming interface (API, application programming interface), which is the core module for the operation of the ANIMA system.
- API application programming interface
- the grasp protocol provides the following mechanisms:
- ASA can discover other pre-specified target ASAs through M_DISCOVERY and M_RESPONS in the grab protocol;
- the ASA can start target negotiation with other ASAs through M_REQ_NEG in the grab protocol. Once the negotiation starts, the negotiation process is symmetrical, and each ASA participating in the negotiation can use negotiation messages (ie, M_NEGOTIATE in the GRASP protocol) to each other. In addition, there are two negotiation related messages M_WAIT and M_END in the GRASP protocol;
- Synchronization mechanism that is, the ASA can request the current value of the target from other ASAs through M_REQ_SYN in the grab protocol.
- the corresponding synchronization response message is M_SYNCH in the grab protocol;
- the flooding mechanism that is, the ASA can actively push the current value of the target to all other ASAs on the self-negotiation nodes that are willing to receive through M_FLOOD in the grab protocol.
- the technical solution of the present invention is applicable to a scenario where a routing loop occurs between multiple network devices.
- a routing loop occurs between two network devices is used as an example for description.
- the routing information may be sent by the second network device to the first network device after passing through multiple routing domains or multiple devices during the route re-publishing process.
- the network device or controller only needs to determine whether a routing loop occurs according to the extended maintenance attribute corresponding to the routing information.
- the above-mentioned network device may be a router, and may also be other network devices capable of sending routing information, such as a switch, which is not specifically limited here.
- the first network device and the second network device both run the ISIS protocol as an example for illustration.
- other network protocols such as OSPF, BGP
- TE label switching path (TE, traffic engineering) protocol of the protocol or traffic engineering, which is not limited here.
- routing information in the process of route republishing, routing information needs to be transmitted through an original service protocol, such as the above-mentioned OSPF protocol or ISIS protocol.
- the extended maintenance attribute corresponding to the routing information does not need to be transmitted through the above-mentioned original service protocol, and can be transmitted through other network protocols, such as the Grasp protocol or the BGP protocol under the ANIMA network.
- other network protocols other than the original service protocol that can be used to transmit extended maintenance attributes are defined as out-of-band protocols. Routing information is used to represent the capabilities of the IP addresses in the network to which packets can be forwarded.
- the extended maintenance attribute can be transmitted between network devices, or the network device can also send the extended maintenance attribute to the controller, which are described below:
- Extended maintenance attributes are passed between network devices:
- a method for detecting a routing loop in an embodiment of the present application includes:
- the first network device and the second network device start the neighbor discovery function and the capability negotiation function;
- the first network device registers the PAP ASA service through the Grasp Registration interface, and registers the routing protocol maintenance object under the service;
- the first network device Before applying the neighbor discovery function under the ANIMA network, the first network device needs to first register the PAP ASA service through the Registration interface of the Grasp in the ANIMA network.
- the PAP ASA service can complete network protocol self-maintenance tasks by means of distributed interaction, such as service deployment or parameter configuration.
- the first network device also needs to register the routing protocol self-maintenance object under the PAP ASA service, and the name may include "PAP_protocol name" and the local IP address of the protocol.
- the self-maintenance object of the ISIS protocol of the PAP ASA service can be defined by the following content:
- the negotiation message is a message that conforms to the ANIMA grasp negotiation message format.
- the negotiation object is the content defined above: it includes the protocol self-maintenance capability type to be negotiated.
- the above example identifies the ISIS self-maintenance capability;
- the part is the security policy parameter, which is the same as the protocol validation security policy parameter.
- obj_auth_key_id is the id of the authentication key used by the protocol on the device, through which the algorithm and algorithm parameters of user authentication can be obtained;
- obj_cryp_seq is the random sequence number used to prevent replay attacks;
- obj_auth_digest is the beginning of the authentication object to the front of this data.
- the self-maintenance relationship between devices and the protocol relationship between devices are equivalent in terms of security control.
- the security policy parameters of the original routing protocol of the protocol are obtained in the network device and applied in the process of the protocol self-maintenance message. Therefore, the security policy parameters of the self-maintenance function can avoid the manual deployment process by inheriting the security policy parameters of the routing protocol, thereby supporting the self-establishment of the self-maintaining secure communication channel.
- the security policy parameters of the self-maintenance function may not inherit the security policy parameters of the routing protocol, but are specially set for the protocol maintenance communication mechanism through manual configuration. But this loses the feature that the self-maintenance function of the protocol takes effect automatically without the user's perception. Stronger security management policies required by users are not excluded, such as: prohibiting the self-maintenance function between devices from taking effect, allowing only some self-maintenance functions to take effect, or independently replacing self-maintenance security policy parameters, etc. Therefore, the more common practice is to inherit the protocol security policy by default, and support the scheme that the security policy can be changed by the command line.
- the first network device searches for the second network device through the Discover interface of the grab;
- grasp provides a Discover interface
- the first network device can search for the second network device through the Discover interface.
- each device has its own corresponding PAP communication address, and the first network device needs to find the PAP communication address of the second network device to complete the search and discovery of neighbor devices, and the subsequent discovery between neighbor network devices , negotiation, and information transfer will need to use the PAP communication address of the peer.
- the PAP communication address of the neighbor of the self-maintenance negotiation function may not be found through the grab discover mechanism.
- the first network device can also use the grab flood mechanism to connect the self-maintenance function of the device to The PAP communication address of the first network device is actively flooded to the second network device, so that the second network device can obtain the PAP communication address of the first network device.
- the first network device can also obtain the PAP communication address of the second network device that is flooded by the second network device through the grab_flood_get interface; it can also be statically manually configured parameters or through hard coding during implementation that cannot be changed in the program, However, the automatic capability and flexibility of the self-maintenance function will be less, and this method can be used when the intermediary device does not support this function.
- the second network device sends the PAP communication address to the first network device
- the second network device sends a PAP communication address to the first network device.
- the PAP communication address may be an IP address and a TCP port number.
- the first network device uses the PAP communication address sent by the second network device to initiate self-maintenance neighbor negotiation;
- the first network device After receiving the PAP communication address sent by the second network device, the first network device uses the PAP communication address to start the self-maintaining neighbor negotiation function with the second network device. Since the first network device only discovers the second network device at this time, the establishment of the self-maintenance relationship with the second network device is not completed.
- Negotiation packets need to be sent between network devices.
- the negotiation packets conform to the ANIMA grasp negotiation packet format.
- Negotiation packets can only be transmitted after obtaining the PAP address of the neighbor.
- the self-maintenance relationship can be established only after the negotiation packets pass the verification of the security policy parameters of the self-maintenance function.
- the network devices want to send negotiation packets they also need to activate the self-maintaining neighbor negotiation function with the second network device. After successful activation, they can send negotiation packets to each other and perform security verification.
- the aforementioned steps 601 to 605 performed by the first network device also need to be executed to initiate the self-maintaining neighbor negotiation with the first network device.
- the second network device responds to the negotiation
- the negotiation packets sent between the network devices also need to pass the security verification of the security policy parameters of the self-maintenance function, which prevents any device from arbitrarily establishing a negotiation relationship without passing the security verification, and improves the reliability of the solution. safety.
- network devices can exist in various states.
- the status of the network device will change according to the type of the negotiation packet received and whether the negotiation packet passes the verification of the security policy parameters of the self-maintenance function.
- the initial state (Init state) of the state machine is a state in which the first network device starts the routing protocol, but the neighbor does not start the self-maintaining neighbor negotiation function. Any packets received in this state are directly discarded.
- the negotiation state (Wait_ack state) of the state machine is that after the neighbor initiates the self-maintaining neighbor negotiation function, the first network device starts a timer and regularly sends a negotiation request (M_REQ_NEG) to the protocol neighbor. The first network device needs to wait for the neighbor to send a negotiation response message (M_NEGOTIATE); if a negotiation rejection message (M_END&decline) is received or the security verification of the received message fails, the message will be discarded and the state will remain unchanged.
- M_REQ_NEG negotiation request
- M_NEGOTIATE negotiation response message
- M_END&decline negotiation rejection message
- the negotiation success state (UP state) of the state machine is the state that the first network device has received the neighbor negotiation response message (M_NEGOTIATE) in the Wait_ack state, and has passed the security verification, indicating that the self-maintenance negotiation relationship between the devices has been Correctly established, the subsequent self-maintaining functional process can be carried out. In this state, packets that fail security verification will be discarded without affecting the current state. Receiving a negotiation reject message (M_END&decline) will cause the state to be downgraded to the Wait_ack state and renegotiate.
- M_END&decline the negotiation reject message
- the first network device notifies the second network device of the final negotiation result
- the first network device and the second network device After the first network device and the second network device successfully establish a self-maintenance relationship, they can transmit information through the ANIMA network by sending a message conforming to the ANIMA grasp negotiation message format.
- the extended maintenance attribute mentioned later in this embodiment can be Transmission over the ANIMA network.
- the static configuration can be used to implement the spanning of the unsupported devices.
- the service discovery between the first network device and the second network device can be performed by means of the statically configured service name and service address local mapping table. At this time, the service discovery in the process of establishing the self-maintenance connection is realized by static configuration. , but the capability negotiation and security negotiation process between the first network device and the second network device continue as usual.
- the first network device needs to establish a self-maintenance relationship with the second network device, but since the second network device does not support self-maintenance services, it cannot implement the self-maintenance function between neighbors, and other indirect neighbor devices can be added through static configuration.
- the neighbor device of the second network device that does not support the self-maintenance service is statically configured to the current device, so as to achieve the purpose of spanning the unsupported device. This spanning can expand the effective range of this function when the spanned equipment is lacking for the self-maintenance function. Routing loop detection and self-healing only take effect between nodes that support the self-maintenance function.
- the first network device sends the first routing information to the second network device
- route re-publishing starts between the network devices, that is, the first network device publishes the first routing information to the second network device.
- the first network device runs the ISIS protocol as an example for illustration.
- the first routing information is a link state packet (LSP, link- state packet).
- LSP link state packet
- the first routing information is link-state advertisement (LSA, link-state advertisement).
- the PAP module in the first network device acquires the first extended maintenance attribute
- a program is pre-coded in the network device, so that after the network device publishes the routing information, an extended maintenance attribute corresponding to the routing information is generated.
- the extended maintenance attribute does not need to be transmitted through the transmission protocol of the routing information, so there is no need to expand or modify the routing protocol of the network device itself, and can be transmitted through an out-of-band protocol.
- the out-of-band protocol may be the Grasp protocol under the ANIMA network.
- a PAP module needs to be configured to implement the transmission of the extended maintenance attribute.
- a first extended maintenance attribute corresponding to the first routing information is generated.
- the PAP module in the first network device is responsible for sending the message conforming to the ANIMA format through the grab protocol, so the PAP module needs to obtain the first extended maintenance attribute.
- each different network protocol running on the network device and different processes of the same network protocol have mutually independent routing domains, and each routing domain will have a corresponding routing domain identifier.
- routing information will pass through multiple routing domains.
- the complete publishing path is used to indicate the entire complete end-to-end publishing direction of the routing information during the route re-publishing process.
- the extended maintenance attribute includes the routing domain identifier on the complete publishing path of the routing information.
- the first network device works in two routing domains identified as rd1 and rd2, the second network works in the routing domain identified as rd2, and the first network device routes from the rd1 routing domain to rd2
- the first extended maintenance attribute generated by the first network device also carries the identifier rd2 of the routing domain in which the second network device works, and the first extended maintenance attribute may be (rd1, rd2 ), indicating that the first routing information is advertised from the rd1 routing domain to the rd2 routing domain.
- the content format is a negotiation object that conforms to the ANIMA data representation specification, including the following parts:
- Protocol maintenance object It includes the name of the protocol maintenance object, which is used by PAP to distinguish which protocol self-maintenance module processes the object data.
- F_NEG sets the negotiation status bit, and loopcount_16 indicates that this object can be propagated up to 16 times;
- Routing synchronization number information which is used by the extended maintenance information to match the specific published routing table entry.
- the original routing protocol will have this information when publishing routing information;
- Extended maintenance attribute information which defines the name of the extended maintenance attribute, the transit identifier and the value of the extended maintenance attribute
- the method is the same as the security policy parameter of the self-maintenance function described in step 602; the verification digest range is the data from the maintenance extended attribute object to the data before obj_auth_digest.
- the PAP module in the first network device sends the first extended maintenance attribute to the second network device through the grab protocol;
- the first extended maintenance attribute is sent over an out-of-band protocol.
- the first network device and the second network device since the first network device and the second network device have completed the establishment of a self-maintenance relationship under the ANIMA network, the first network device may use the grasp protocol under the ANIMA network to send the first extended maintenance to the second network device Attributes.
- the PAP module in the first network device may send the first extended maintenance attribute to the second network device, and at this time, the first extended maintenance attribute may be (rd1, rd2).
- the timing relationship between the step of sending routing information and the step of sending extended maintenance attributes is not limited.
- the network device may also send the extended maintenance attribute and routing information at the same time after generating the extended maintenance attribute, or may also send the extended maintenance attribute first and then send the routing information after generating the extended maintenance attribute, which is not limited herein.
- the second network device After receiving the first extended maintenance attribute and passing the verification, the second network device responds;
- the second network device After receiving the first extended maintenance attribute sent by the first network device, the second network device will first verify the security policy parameters of the self-maintenance function, and after the verification is passed, it will feed back a response message to the first network device.
- the second network device sends the second routing information to the first network device
- the PAP module in the second network device acquires the second extended maintenance attribute
- the second network device sends the second extended maintenance attribute to the first network device through the grab protocol
- the second network device sends the second routing information and the second extended maintenance attribute to the first network device.
- the relevant steps 612 to 614 are similar to the foregoing steps 608 to 610, and details are not described here.
- the second routing information is imported from the rd2 routing domain working on the second network device to the rd1 routing domain working on the first network device, the corresponding second extended maintenance attribute will import the identifier of the rd1 routing domain, then the second extended maintenance Attributes can be (rd1, rd2, rd1).
- the first network device does not use the second routing information
- the first network device When the first network device receives the second routing information whose extended maintenance attribute is (rd1, rd2, rd1), the first network device can determine, according to the extended maintenance attribute, that the second routing information is sent back to rd1 from the rd1 routing domain Therefore, the first network device determines that a routing loop occurs, and the second routing information is a feedback route, so the first network device may complete self-healing without using the second routing information.
- the manner in which the first network device does not use the second routing information may be to lower the priority of the second routing information or delete the second routing information.
- a judgment logic for detecting routing loops in the embodiment of the present application includes:
- the routing information is imported into the rd1 routing domain for the first time on the network device 1, and the extended maintenance attribute of the routing information is (rd1) at this time;
- the extended maintenance attribute of the routing information is (rd1, rd2);
- the extended maintenance attribute of the routing information is (rd1, rd2, rd3);
- the extended maintenance attribute of the routing information is (rd1, rd2, rd3, rd4);
- the extended maintenance attribute of the routing information is (rd1, rd2, rd3, rd4, rd5);
- the extended maintenance attribute of the routing information is (rd1, rd2, rd3, rd4, rd5, rd3).
- the same routing information is advertised to the same routing domain after passing through a certain routing domain.
- the judgment logic is that the last routing domain identifier of the extended maintenance attribute of a route is the same as that of the extended maintenance attribute. If the ID of the routing domain is duplicated, it can be determined that the route causes a routing loop. For example, when the above routing information is imported in step f, the extended maintenance attribute of the routing information is (rd1, rd2, rd3, rd4, rd5, rd3), and the last routing domain identifier of the extended maintenance attribute is rd3, and the extended maintenance attribute is changed to rd3.
- the maintenance attribute also has rd3 in the identifier of the previous advertisement path, indicating that the routing information is advertised to the rd3 routing domain again after it was previously advertised to the rd3 routing domain. At this time, it can be judged that a routing loop occurs, and the routing information is feedback routing.
- another judgment logic for detecting routing loops in the embodiment of the present application includes:
- the routing information is imported into the routing domain rd1 in the network device 2, and the extended maintenance attribute of the routing information is (rd1) at this time;
- the extended maintenance attribute of the routing information is (rd1, rd2), and the network device 2 will forward the service packet to the network device 3.
- the network device 2 will receive two routing information with an inclusion relationship on the advertisement path.
- the judgment logic is that if the routing domain identifiers of the extended maintenance attributes of the two routing information have an inclusion relationship, then the routing information can be included.
- the routing information identified by the longer routing domain is determined as a feedback route. For example, the above network device 2 has received two pieces of routing information with the routing domain identifier (rd1) and the routing domain identifiers (rd1, rd2).
- (rd1, rd2) contains (rd1), it means that the routing information with the routing domain identifier (rd1, rd2) comes from the routing information with the routing domain identifier (rd1), so network device 2 determines that the domain identifier is (rd1, The routing information of rd2) is a feedback routing.
- the routing information corresponding to the extended maintenance attribute can be determined to cause a routing loop.
- network devices may first establish a self-maintenance relationship between neighbors through the ANIMA network.
- the corresponding extended maintenance attribute is also sent to the neighbor device through the Grasp protocol.
- the neighbor device can judge according to the received extended maintenance attribute. Whether the routing information corresponding to the extended maintenance attribute causes a routing loop, if so, the neighbor device may not use the routing information.
- this embodiment complies with the standard specification of ANIMA self-maintenance network, which facilitates mutual compatibility between devices of multiple manufacturers.
- the routing domain identifiers of the extended maintenance attribute are set to rd1, rd2, etc. as examples for description.
- it can also be the ID of the routing domain or the management IP of the network device, which is not limited here, but the final result Both can identify whether a route is sent back to the same routing domain of the same network device or a different routing domain of the same network device but is preferred.
- the network device sends the extended maintenance attribute to the controller:
- the extended maintenance attribute generated by the network device does not need to be directly transmitted between the network devices, but the generated extended maintenance attribute is directly sent to the controller, and the controller identifies the routing loop. Therefore, the network devices do not need to establish a self-maintenance relationship through the ANIMA network to transmit the extended maintenance attribute, that is, the solution in this embodiment may not need to use the ANIMA network.
- controller is only a general term for devices that perform functions such as managing extended maintenance attributes, identifying routing loops, and sending management instructions, and does not specifically refer to one or some devices.
- the device that performs the above functions may not be called a “controller”, but is replaced by other names, such as a switch, a base station, or a controller in a datacom networking, which is not specifically limited here.
- the "controller” is used as an example.
- Another method for detecting routing loops in routing information in this embodiment of the present application includes:
- a first network device sends first routing information to a second network device.
- the first network device generates a first extended maintenance attribute, and sends it to the controller.
- a program may be pre-coded in the network device by means of pre-configuration, so that after the network device publishes the routing information, an extended maintenance attribute corresponding to the routing information will be generated.
- the content format of the extended maintenance attribute is the same as the content format of the extended maintenance attribute described in step 609, and details are not repeated here.
- the identifiers carried by the extended maintenance attribute are the identifiers of the source routing domain and the identifier of the destination routing domain in which the routing information is published.
- the source routing domain and the destination routing domain are used to indicate the publishing direction of routing information, indicating that the publishing direction of routing information is from the source routing domain to the destination routing domain.
- the first network device works in two routing domains identified as rd1 and rd2 respectively, the second network device works in the routing domain identified as rd2, and the first network device routes from the rd1 routing domain to rd2
- the second network device in the domain publishes routing information
- the source routing domain of the first routing information is the rd1 routing domain that works when the first network device sends the first routing information
- the destination routing domain is the second network device receiving the first routing information.
- the rd2 routing domain that works when a routing information is used, so the first extended maintenance attribute can be (rd1, rd2) at this time.
- the transmission protocol of the routing information itself does not need to be extended or modified, and can be transmitted through an out-of-band protocol.
- the out-of-band protocol can be a border gateway protocol (BGP, border gateway protocol) monitoring protocol, or can also be other protocols, such as a BGP address family (BGP LS, BGP link-state) protocol, which is not limited here.
- BGP border gateway protocol
- BGP LS BGP address family
- BGP link-state BGP address family
- the controller combines the identifiers in the first extended maintenance attribute into a complete identifier of the first release path.
- the extended maintenance attribute received by the controller only includes the domain identifier of the source route and the identifier of the destination routing domain of the first routing information, and the identifier of the complete advertisement path of the routing information needs to be organized and synthesized by the controller. Since each time the network device advertises routing information, it will send the identifier of the source routing domain and the identifier of the destination routing domain corresponding to the routing information to the controller, so the controller can know the complete advertisement path of each routing information. When the controller receives the extended maintenance attribute corresponding to the new routing information, it will combine the source routing domain identifier and the destination routing domain identifier in the extended maintenance attribute with the routing domain identifier before the routing information, and organize them into The complete advertisement path corresponding to the routing information. Since the first routing information only passes through the rd1 routing domain and the rd2 routing domain, the identifier of the complete advertisement path of the first routing information is also (rd1, rd2).
- the second network device sends the second routing information to the first network device.
- the second network device generates a second extended maintenance attribute, and sends the second extended maintenance attribute to the controller.
- the second routing information is sent from the rd2 routing domain of the second network device to the rd1 routing domain of the first network device.
- the source routing domain of the second routing information is the source routing domain that the second network device works when sending the second routing information.
- the rd2 routing domain, the destination routing domain is the rd1 routing domain that works when the first network device receives the first routing information, so the second extended maintenance attribute generated by the second network device at this time can be (rd2, rd1), and the first Two extended maintenance attributes are sent to the controller via an out-of-band protocol.
- the controller combines the identifiers in the second extended maintenance attribute into an identifier of a complete second release path.
- the controller can determine that the second routing information is sent from the rd1 routing domain to the rd2 route domain, and then sent from the rd2 routing domain back to the rd1 routing domain, so after the controller receives the second extended maintenance attribute, the identifier of the complete second publishing path of the second routing information organized and synthesized is (rd1, rd2, rd1) .
- the controller determines that a routing loop occurs.
- the controller After the controller organizes the second extended maintenance attribute into a complete second distribution path of the second routing information, since the identifier of the complete second distribution path is (rd1, rd2, rd1), the controller can determine the The second routing information is sent back from the rd1 routing domain to the rd1 routing domain, so the controller determines that the second routing information causes a routing loop, and the second routing information is a feedback route.
- the controller sends a management instruction to the first network device.
- the controller After judging that the second routing information is a feedback route, the controller sends a management instruction to the first network device to notify the first network device not to use the second routing information and complete self-healing.
- the manner in which the first network device does not use the second routing information may be to lower the priority of the second routing information or delete the second routing information.
- protocol interfaces that can be used by the centralized server to issue management instructions to network devices, such as a network management netconf interface or BGP extension, which is not specifically limited here.
- the controller can also extend these protocols or add new protocol interfaces to issue management instructions.
- the first network device does not prefer the second routing information.
- the first network device After receiving the management instruction sent by the controller, the first network device does not prefer the second routing information according to the management instruction.
- the corresponding extended maintenance attributes are also sent to the controller through an out-of-band protocol.
- the maintenance attribute determines whether the routing information corresponding to the extended maintenance attribute is a feedback route, and if so, the controller sends a management instruction to the network device that receives the feedback route, and the network device does not prefer the feedback route after receiving the management instruction.
- the network device is only responsible for sending the extended maintenance attribute to the controller, and the subsequent organization and synthesis of the extended maintenance attribute and the judgment of the routing loop are performed by the controller, which reduces the computing burden of the network device and affects the computing performance of the network device. Less demanding.
- an embodiment of the present application also provides a schematic structural diagram of a network device.
- the network device 1100 can implement the functions of the first network device in FIG. 6 and FIG. 7 .
- the network device 1100 may include the following functional structural modules:
- a receiving unit 1101 configured to receive a first extended maintenance attribute sent by a second network device through an out-of-band protocol, where the first extended maintenance attribute includes a first identifier, and the first identifier includes a publishing path corresponding to the first routing information
- the routing domain identifier, the first routing information includes routing information advertised by the second network device to the first network device;
- the processing unit 1102 is configured to determine whether the first identifier satisfies a preset condition; in response to determining that the first identifier satisfies the preset condition, determine that a routing loop occurs; or, in response to determining that the first identifier does not If the preset condition is satisfied, it is determined that no routing loop occurs.
- routing loops Since there are many scenarios in which routing loops occur, the corresponding judgment logic is also different. Therefore, the specific implementation manners for different scenarios in which routing loops occur in this embodiment may be as follows:
- the processing unit 1102 is specifically configured to determine whether the first identifier in the first extended maintenance attribute has the same routing domain identifier; if so, the processing unit 1102 determines that the occurrence of Routing loop; if not, the processing unit 1102 determines that no routing loop has occurred.
- the processing unit 1102 is specifically configured to determine whether the second identifier in the second extended maintenance attribute includes at least one routing domain identifier in the first identifier; if If included, the processing unit 1102 determines that a routing loop occurs; if not, the processing unit 1102 determines that no routing loop occurs.
- the processing unit 1102 may be further configured to establish a self-maintenance negotiation relationship with a neighbor network device, where the self-maintenance negotiation relationship is used for the first network device and the The first extended maintenance attribute is transmitted between neighbor network devices, and the neighbor network devices include a second network device and a third network device.
- the processing unit 1102 may discover the neighbor network device through the Grasp protocol; receive the PAP communication sent by the neighbor network device address; using the PAP communication address to establish a self-maintaining negotiation relationship with the neighbor network device.
- the processing unit 1102 is specifically configured to use the PAP communication address to start a self-maintenance negotiation function; send a negotiation request to the neighbor network device message; receive a negotiation response message sent by the neighbor network device in response to the negotiation request message; when the negotiation response message passes the security verification of the network device, establish an automatic communication with the neighbor network device. Maintain the negotiated relationship.
- the processing unit is further configured to disconnect from the neighbor network device. Self-maintaining negotiation relationship between neighboring network devices.
- the security policy parameters of the self-maintenance function can be verified on the packets.
- the first network device can inherit the security policy parameters of the self-maintenance function from the security policy of the routing protocol. parameter.
- the out-of-band protocol may be a grab protocol.
- the processing unit 1102 is further configured to not use the first routing information; or send alarm information that a routing loop is found.
- an embodiment of the present application also provides a schematic structural diagram of a possible controller.
- the controller 1200 can implement the functions of the controller in FIG. 10 .
- the controller 1200 may include the following functional structural modules:
- a receiving unit 1201 configured to receive a first extended maintenance attribute sent by a first network device through an out-of-band protocol, where the first extended maintenance attribute includes a first identifier, and the first identifier includes a first source corresponding to the first routing information A routing domain identifier and a first destination routing domain identifier, where the first source routing domain is the routing domain from which the first network device sends the first routing information, and the first destination routing domain is the second network device receiving the routing domain of the first routing information;
- the receiving unit 1201 is configured to receive a second extended maintenance attribute sent by a second network device through the out-of-band protocol, where the second extended maintenance attribute includes a second identifier, and the second identifier includes the second route
- a processing unit 1202 configured to determine a first target identifier according to the first identifier and the second identifier, where the first target identifier includes the identifier of the routing domain of the distribution path of the first routing information and the second routing information determine whether the first target identifier satisfies a preset condition; in response to determining that the first target identifier satisfies the preset condition, determine that a routing loop occurs; or, in response to determining that the If the first target identifier does not meet the preset condition, it is determined that no routing loop occurs.
- the manner in which the processing unit 1202 determines whether the first target identifier satisfies the preset condition may be: the processing unit 1202 determines whether the first target identifier has the same routing domain identifier; if yes, then determine The first target identifier satisfies the preset condition; if not, it is determined that the first target identifier does not meet the preset condition.
- the out-of-band protocol may be a BGP protocol.
- the processing unit 1202 is further configured to send a management instruction to the third network device, where the management instruction is used to notify the third network device not to use the second routing information.
- the division of modules in the embodiments of the present application is schematic, and is only a logical function division. In actual implementation, there may be other division methods.
- the functional modules in the various embodiments of the present application may be integrated into one processing unit. In a unit, it can also exist physically alone, or two or more modules can be integrated into one module.
- the above-mentioned integrated modules can be implemented in the form of hardware, and can also be implemented in the form of software function modules.
- the network device can have the structure shown in FIG. 13 , and the processing unit provided in FIG. 11 can correspond to the processor 1301 in FIG. 13 .
- the processor 1301 may be a central processing unit (CPU, central processing unit), a specific integrated circuit (ASIC, application specific integrated circuit), or one or more integrated circuits configured to implement the embodiments of the present application , for example: one or more digital signal processors (DSP, digital signal processor), or, one or more field programmable gate arrays (FPGA, field programmable gate array).
- DSP digital signal processor
- FPGA field programmable gate array
- the network device may also include a communication interface 1302 for communicating with other network devices.
- the network device may further include: a memory 1303 for storing programs executed by the processor 1301.
- the memory 1303 may be a volatile memory (volatile memory), such as random-access memory (RAM, random-access memory); or a non-volatile memory (non-volatile memory), such as read-only memory (ROM, read-only memory) memory), flash memory (flash memory), hard disk (HDD, hard disk drive) or solid-state drive (SSD, solid-state drive); or a combination of the above-mentioned types of memories, for storing program codes that can implement the method of the present application , configuration files or other content of network devices in the TSN domain.
- Memory 1303 is any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer, but is not limited thereto.
- the processor 1301 is used for executing program codes stored in the memory 1303 .
- the specific connection medium between the communication interface 1302 , the processor 1301 , and the memory 1303 is not limited in the embodiments of the present application.
- the memory 1303, the processor 1302, and the communication interface 1302 are connected by a bus 1304 in FIG. 13.
- the bus is represented by a thick line in FIG. 13, and the connection mode between other components is only for schematic illustration. , is not limited.
- the bus can be divided into an address bus, a data bus, a control bus, and the like. For ease of presentation, only one thick line is used in FIG. 13, but it does not mean that there is only one bus or one type of bus.
- the communication interface 1302 is configured to receive a second extended maintenance attribute, where the second extended maintenance attribute includes a second identifier, and the second identifier includes a routing domain identifier of a publishing path corresponding to the second routing information, the The second routing information includes routing information advertised by the third network device to the first device.
- the processor 1301 is specifically configured to determine whether the second identifier in the second extended maintenance attribute includes at least one routing domain identifier in the first identifier; if it does, the processor 1302 determines that a routing loop occurs; if it does not include , the processor 1302 determines that no routing loop has occurred.
- the communication interface 1302 is configured to receive a negotiation reject message sent by the neighbor network device,
- the processor 1301 may be specifically configured to disconnect the self-maintenance negotiation relationship with the neighbor network device.
- the network device 1300 can implement the functions of the first network device in FIG. 6 and FIG. 7 , and for details, reference may be made to the description of the methods related to the drawings.
- the controller can have the structure shown in FIG. 14 , and the processing unit provided in FIG. 12 can correspond to the processor 1401 in FIG. 14 .
- the processor 1401 may be a central processing unit (CPU, central processing unit), a specific integrated circuit (ASIC, application specific integrated circuit), or one or more integrated circuits configured to implement the embodiments of the present application , for example: one or more digital signal processors (DSP, digital signal processor), or, one or more field programmable gate arrays (FPGA, field programmable gate array).
- the network device may also include a communication interface 1402 for communicating with other network devices.
- the network device may further include: a memory 1403 for storing programs executed by the processor 1401 .
- the memory 1403 may be a volatile memory (volatile memory), such as random-access memory (RAM, random-access memory); or a non-volatile memory (non-volatile memory), such as read-only memory (ROM, read-only memory) memory), flash memory (flash memory), hard disk (HDD, hard disk drive) or solid-state drive (SSD, solid-state drive); or a combination of the above-mentioned types of memories, for storing program codes that can implement the method of the present application , configuration files of controllers within the TSN domain, or other content.
- Memory 1403 is any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer, but is not limited thereto.
- the processor 1401 is used to execute program codes stored in the memory 1403 .
- the specific connection medium between the communication interface 1402 , the processor 1401 , and the memory 1403 is not limited in the embodiments of the present application.
- the memory 1403, the processor 1402, and the communication interface 1402 are connected through a bus 1404 in FIG. 14.
- the bus is represented by a thick line in FIG. 14, and the connection mode between other components is only for schematic illustration. , is not limited.
- the bus can be divided into an address bus, a data bus, a control bus, and the like. For ease of presentation, only one thick line is shown in FIG. 14, but it does not mean that there is only one bus or one type of bus.
- the controller 1400 can implement the functions of the controller in FIG. 10 , and for details, refer to the description of the methods related to the drawings.
- an embodiment of the present application further provides a system for detecting routing loops.
- the system includes a network device applied in a multi-protocol or multi-process route republishing scenario, and the system includes at least a first network device 1501 and a second network device 1502; wherein the second network device sends the first routing information to the first network device.
- the second network device 1502 is configured to generate a first extended maintenance attribute corresponding to the first routing information, where the first extended maintenance attribute includes a first identifier, and the first identifier includes a publishing path corresponding to the first routing information The routing domain ID of the . After generating the first extended maintenance attribute, the second network device 1502 sends the first extended maintenance attribute to the first network device through an out-of-band protocol.
- the first network device 1501 is configured to receive the first extended maintenance attribute sent by the second network device 1502 through an out-of-band protocol; determine whether the first identifier has the same routing domain identifier; if there is the same routing domain identifier, then It is determined that a routing loop occurs; if the same routing domain ID does not exist, it is determined that no routing loop occurs.
- the system may further include a third network device, where the third network device sends the second routing information to the first network device.
- the third network device is configured to generate a second extended maintenance attribute corresponding to the second routing information, where the second extended maintenance attribute includes a second identifier, and the first identifier includes a distribution path corresponding to the first routing information. Routing domain ID. After generating the second extended maintenance attribute, the third network device sends the second extended maintenance attribute to the first network device through an out-of-band protocol.
- the first network device 1501 is configured to receive the first extended maintenance attribute sent by the third network device 1503 through an out-of-band protocol; determine whether the second identifier includes at least one routing domain identifier in the first identifier; if so, then It is determined that a routing loop has occurred; if not, it is determined that a routing loop has occurred.
- the network device in the system detects the routing loop, it is based on the manner provided by the above-mentioned embodiment, and the specific implementation will not be described in detail.
- an embodiment of the present application further provides a system for detecting routing loops.
- the system includes a network device applied in a multi-protocol or multi-process route republishing scenario.
- the system includes at least a controller 1601 , a first A network device 1602, a second network device 1603 and a third network device 1604; wherein the first network device will send the first routing information to the second network device, and the second network device will send the second routing information to the third network device.
- the first network device 1602 is configured to generate a first extended maintenance attribute corresponding to the first routing information, where the first extended maintenance attribute includes a first identifier, and the first identifier includes a first source corresponding to the first routing information
- the identifier of the routing domain and the identifier of the first destination routing domain, the first source routing domain is the routing domain from which the first network device sends the first routing information, and the first destination routing domain is the second routing domain
- the network device receives the routing domain of the first routing information; after generating the first extended maintenance attribute, the first network device 1602 sends the first extended maintenance attribute to the controller through an out-of-band protocol.
- the second network device 1603 is configured to generate a second extended maintenance attribute corresponding to the second routing information, where the second extended maintenance attribute includes a second identifier, and the second identifier includes a second source corresponding to the second routing information
- the identifier of the routing domain and the identifier of the second destination routing domain, the second source routing domain is the routing domain from which the second network device sends the second routing information, and the second destination routing domain is the third
- the network device receives the routing domain of the second routing information; after generating the first extended maintenance attribute, the second network device 1603 sends the second extended maintenance attribute to the controller through an out-of-band protocol.
- the third network device 1604 is configured to receive the second routing information sent by the second network device 1603, and may also be configured to receive a management instruction sent by the controller 1601, where the management instruction is used to notify the third network device not to use the second routing information.
- the controller 1601 is configured to receive the first extended maintenance attribute sent by the first network device 1602 through the out-of-band protocol, and receive the second extended maintenance attribute sent by the second network device 1603 through the out-of-band protocol;
- the identifier determines a first target identifier, and the first target identifier includes the identifier of the routing domain of the publishing path of the first routing information and the identifier of the routing domain of the publishing path of the second routing information; determine the first target Identify whether the preset condition is met; if the preset condition is met, it is determined that a routing loop occurs; if the preset condition is not met, it is determined that no routing loop occurs.
- the embodiments of the present application may be provided as a method, a system, or a computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
- computer-usable storage media including, but not limited to, disk storage, CD-ROM, optical storage, etc.
- the disclosed system, apparatus and method may be implemented in other manners.
- the apparatus embodiments described above are only illustrative.
- the division of the units is only a logical function division. In actual implementation, there may be other division methods.
- multiple units or components may be combined or Can be integrated into another system, or some features can be ignored, or not implemented.
- the shown or discussed mutual coupling or direct coupling or communication connection may be through some interfaces, indirect coupling or communication connection of devices or units, and may be in electrical, mechanical or other forms.
- the units described as separate components may or may not be physically separated, and components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution in this embodiment.
- each functional unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist physically alone, or two or more units may be integrated into one unit.
- the above-mentioned integrated units may be implemented in the form of hardware, or may be implemented in the form of software functional units.
- the integrated unit if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer-readable storage medium.
- the technical solutions of the present application can be embodied in the form of software products in essence, or the parts that contribute to the prior art, or all or part of the technical solutions, and the computer software products are stored in a storage medium , including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute all or part of the steps of the methods described in the various embodiments of the present application.
- the aforementioned storage medium includes: U disk, mobile hard disk, read-only memory (ROM, read-only memory), random access memory (RAM, random access memory), magnetic disk or optical disk and other media that can store program codes .
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Environmental & Geological Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
本申请公开了一种检测路由环路的方法、设备及系统。本申请方法包括:第一网络设备接收第一路由信息之外,还会接收到与第一路由信息对应的第一扩展维护属性,第一扩展维护属性包括第一标识,第一标识包括第一路由信息对应的发布路径的路由域标识。第一网络设备可以判断第一标识是否满足预设条件,若满足,则第一网络设备确定发生路由环路;若不满足,则第一网络设备确定没有发生路由环路。通过路由重发布过程中生成的扩展维护属性判断是否发成路由环路。
Description
本申请要求于2020年9月30日提交的申请号为202011063146.2、发明名称为“一种检测路由环路的方法、设备及系统”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。
本申请实施例涉及通信技术领域,尤其涉及一种检测路由环路的方法、设备及系统。
如图1所示为路由协议的部署场景示意图,每个不同路由协议以及同一个路由协议的不同进程间路由信息是隔离的,是一个独立的路由域。请参阅图2所示的路由重发布的网络场景示意图,由于在很多时候需要跨路由域的设备间能够相互访问,所以需要将路由设备可达的路由信息在不同路由域之间扩散,也就是路由重发布。请参阅图3所示的路由环路的网络场景示意图,路由重发布的过程是通过在设备上配置路由引入规则实现的,而由于引入规则通常是双向的,所以就可能导致路由被发回给自己的情况,容易导致路由环路隐患。
请参阅图4的传统的防止路由环路方案中,通过扩展路由协议,在路由跨协议或跨进程引入点处将路由设备ID作为路由属性,该路由属性在路由重发布过程中携带,当路由信息发布回到曾经发布过的路由设备时,判断发生路由环路。然而,一方面因为内部网关(IGP,interior gateway protocol)协议的中间系统到中间系统(IS-IS,intermediate system to intermediate system)的协议报文有最大容量限制,如果对路由协议进行扩展,而扩展的路由属性将占用容量,会导致发布路由信息数量的最大规格减少。另一方面由于IGP协议的开放最短路径优先(OSPF,open shortest path first)协议的报文格式是固定的,无法进行扩展,导致OSPF协议无法落实该方案。
发明内容
本申请实施例提供了一种检测路由环路的方法,用于通过路由重发布过程中生成的扩展维护属性判断是否发生路由环路。本申请还提供了对应的网络设备、控制器、计算机可读存储介质以及计算机程序产品。
本申请实施例第一方面提供了一种检测路由环路的方法:
在路由重发布的过程中,第一网络设备会接收到第二网络设备发送的第一路由信息。本申请实施例中,可以对网络设备预先编码了一个程序,使得当网络设备发布了路由信息后,会生成与该路由信息对应的扩展维护属性。所以,第一网络设备还会接收到与第一路由信息对应的第一扩展维护属性。
本实施例中,第一扩展维护属性中包括第一标识,第一标识可以包括该第一路由信息的发布路径的路由域标识,发布路径指的是路由信息从第一次引入开始,所发布过的所有路由域。每个网络设备所工作的各个网络协议的各个进程,都会有不同的独立的路由域, 这些路由域都可以设置一个对应的路由域的标识。
需要说明的是,本申请实施例中,路由信息的传输协议与扩展维护属性的传输协议是不同的。路由信息通过原有的业务协议进行传输,而该路由信息对应的扩展维护属性则通过其他不同的传输协议进行传输。本申请实施例中,将原有业务协议之外的能够传输扩展为属性的协议定义为带外协议。网络设备通过带外协议传输上述扩展维护属性,不需要对原有的业务协议进行扩展,也不会影响原有的业务协议的性能,所以本发明技术方案,可以适用于现有技术中,ISIS协议或OSPF协议的路由重发布场景。
第一网络设备接收到第一扩展维护属性后,可以判断第一扩展维护属性中的第一标识是否满足预设条件,若满足,则第一网络设备可以确定发生路由环路;若不满足,则第一网络设备可以确定没有发生路由环路,第一网络设备可以继续使用该第一路由信息。
本实施例中,扩展维护属性在网络设备之间传输,而扩展维护属性的接收设备可以直接根据接收到的扩展维护属性,判断是否发生路由环路。整个方案过程无需引入其他新的设备,提升了方案的便捷性。
在一种可能的实现方式中,第一网络设备判断第一标识是否满足预设条件的情况有多种,在一些可能的实现方式中,第一网络设备接收到第一扩展维护属性之后,可以判断第一标识中是否存在相同的路由域标识。由于扩展维护属性中的每个路由域标识,都代表着对应的路由信息曾发布经过该路由域。所以,若第一标识中存在相同的路由域标识,表示第一路由信息发布到了某个路由域后,又再次发布到了同一个路由域,此时,第一网络设备可以确定,第一路由信息造成了路由环路。若第一标识中不存在相同的路由域标识,则第一网络设备可以确定,第一路由信息没有造成路由环路。
本实施例中,第一网络设备接收到某一条路由信息时的场景,第一网络设备直接通过该路由信息对应的扩展维护属性判断是否发生路由环路。
在一种可能的实现方式中,第一网络设备接收了第三网络设备发送的第二路由信息之外,还接收了第三网络设备发送的第二扩展为属性,该第二扩展为属性包括第二标识,该第二标识包括第二路由信息对应的发布路径的路由域标识。
此时,第一网络设备接收到了第一路由信息和第二路由信息,第一网络设备还可以通过上述两条路由信息分别对应的扩展维护属性,判断是否发生路由环路:当第一网络设备接收到的第二扩展维护属性中的第二标识包括了上述第一标识中的至少一个路由域标识时,第一网络设备可以确定第二路由信息造成了路由环路。若该第二标识中不包括第一标识中的至少一个路由域标识,则第一网络设备可以确定,第一路由信息没有造成路由环路。
本实施例中,第一网络设备会接收到多条路由信息,所以也会接收到多个扩展维护属性。第一网络设备可以将接收到的两条或以上的扩展维护属性进行对比,判断是否发生路由环路。
在一种可能的实现方式中,在网络设备之间互相传输扩展维护属性之前,可以先建立自主网络集成模型和方法(ANIMA,autonomic networking integrated model and approach)网络下的自维护协商关系。本实施例中,第一网络设备可以与邻居网络设备互相建立自维护协商关系,邻居设备包括第二网络设备和第三网络设备。网络设备之间建立自维护协商 关系之后,便可以使用ANIMA网络下的通用自组织信令协议(grasp,generic autonomic signaling protocol)作为带外协议,进行传输扩展维护属性。
ANIMA网络主要提供了自主配置、自主保护、自主治愈和自主优化等四个功能,网络设备之间建立了ANIMA网络下的自维护协商关系后,配置带外协议、判断路由环路和网络自愈等步骤,减少对网络管理员或集中管理系统的依赖,提升了方案的便利性。
在一种可能的实现方式中,第一网络设备建立与邻居网络设备(包括第二网络设备和第三网络设备)之间的自维护协商关系之前,需要先通过grasp协议发现网络邻居设备。
具体的,第一网络设备可以通过grasp协议的服务发现功能(discover)接口查找邻居网络设备。则该邻居网络设备也会通过grasp协议的discover接口发送本设备对应的辅助协议的协议(PAP,protocol-assisted-protocol)通信地址。
进一步的各个网络设备之间,都需要互相获取对端设备的PAP通信地址,才能互相建立自维护协商关系。
需要说明的是,第一网络设备也可以通过grasp协议的泛洪功能(flood)接口将本设备的PAP通信地址主动泛洪到邻居网络设备,则邻居网络设备可以通过grasp协议的获取泛洪值(flood_get)功能接口接收第一网络设备泛洪过来的PAP通信地。
需要说明的是,每个网络设备,都有各自对应的PAP通信地址。对于需要彼此建立自维护协商关系的网络设备而言,都是都需要互相获取对端设备的PAP通信地址,才能互相建立自维护协商关系。所以,每个网络设备,都需要通过上述方式,获取对端设备的PAP通信地址。
在一种可能的实现方式中,在第一网络设备与邻居网络设备建立自维护协商关系的过程中,第一网络设备需要向邻居网络设备发送协商请求消息,该协商请求消息用于表示第一网络设备需要与该邻居网络设备建立自维护协商关系。邻居网络设备接收到协商请求消息后,会对该协商请求消息作出响应,向第一网络设备发送协商应答消息,该协商应答消息用于表示该邻居网络设备同意与第一网络设备建立自维护协商关系。
第一网络设备接收到邻居网络设备发送的协商应答消息后,会对该协商应答进行自维护功能的安全策略参数的安全验证,当该协商应答消息通过了第一网络设备的安全验证后,第一网络设备与邻居网络设备之间的自维护协商关系便可以成功建立。若该协商应答消息的安全验证失败,则第一网络设备不会与该邻居网络设备建立自维护协商关系。
网络设备之间建立自维护协商关系,需要经过自维护功能的安全策略参数的安全验证,避免了任意未经授权的网络设备可以随意地与各网络设备建立自维护协商关系,提升了方案的安全性。
在一种可能的实现方式中,第一网络设备在与邻居网络设备建立了自维护协商关系之后,便可以开始互相传输符合ANIMA网络数据表达规范的报文(包括扩展维护属性)。当第一网络设备接收到了邻居网络设备发送的协商拒绝消息时,第一网络设备便可以断开与该邻居网络设备的自维护协商关系,此时第一网络设备便不能与该断开自维护协商关系的邻居网络设备互相传输扩展维护属性。
网络设备之间,可以根据业务需要,随时选择断开自维护协商关系。提升了方案的灵 活性。
在一种可能的实现方式中,在ANIMA网络下,各个网络设备存在自维护功能的安全策略参数,该自维护功能的安全策略参数用于验证设备之间交互的协议报文,是否符合安全要求。本申请实施例中,第一网络设备可以将自维护功能的安全策略参数直接继承路由协议的安全策略参数。
网络设备可以直接将自维护功能的安全策略参数直接继承路由协议的安全策略参数,免去了人工配置自维护功能的安全策略参数的步骤,提升了方案的便捷性。
在一种可能的实现方式中,本申请实施例中,网络设备之间,可以通过ANIMA网络下的grasp协议传输扩展维护属性。
在一种可能的实现方式中,第一网络设备确定发生了路由环路的情况后,可以调低该第一路由信息的优先级,此时第一网络设备便不会使用该第一路由信息,或者直接删除该第一路由信息,或者也可以向管理设备(例如交换机或服务器)发送告警信息,由管理设备向第一网络设备下发管理动作的指令。
在一种可能的实现方式中,第三网络设备可以与第二网络设备是同一设备。即本发明技术方案的适用场景并不限于网络设备的数量,所以本发明技术方案也同样适用于两个设备之间进行路由重发布时,发生路由环路的情况。
在一种可能的实现方式中,第一网络设备可以通过静态手动配置的方式,来获取邻居网络设备的PAP通信地址。例如在邻居网络设备不支持discover功能或者泛洪功能的时候,可以使用静态手动配置的方式获取该邻居网络设备的PAP通信地址,从而建立自维护协商关系。
本申请实施例第二方面提供了一种检测路由环路的方法:
在路由重发布的过程中,第一网络设备会除了向第二网络设备发送第一路由信息之外,第一网络设备还会通过带外协议向控制器发送第一路由信息对应的第一扩展维护属性。第一扩展维护属性中包括第一标识,第一标识包括第一路由信息对应的第一源路由域的标识和第一目的路由域的标识。
具体的,本申请实施例中,源路由域指的是路由信息的发送设备发送该路由信息时,所工作的路由域,目的路由域指的是路由信息的接收设备接收该路由信息时,所工作的路由域。网络设备将扩展维护属性中的源路由域的标识和目的路由域的标识发送到控制器,用于通知控制器,该路由信息的发布方向。控制器接收到该扩展维护属性后,会进行保存。
进一步的,第二网络设备可以向第三网络设备发送第二路由信息,而第二网络设备也会通过带外协议向控制器发送第二路由信息对应的第二扩展维护属性,第二扩展维护属性中包括第二标识,第二标识包括第二路由信息对应的第二源路由域的标识和第二目的路由域的标识。
当控制器确定第二源路由域的标识等于第一目的路由域的标识时,控制器可以确定,第一路由信息和第二路由信息属于同一条路由,且第二路由信息是从第一网络设备工作的路由域发布到第二网络设备所工作的路由域,再发布到第三网络设备所工作的路由域。此时控制器将第一标识和第二标识组织合成为第一目标标识,第一目标标识包括第二路由信 息的发布路径的路由域标识,即包括了第一源路由域的标识、第二源路由域的标识和第三源路由域的标识。
控制器可以对组织合成得到的第一目的标识进行判断,若第一目标标识满足预设条件,则控制器可以确定发生路由环路。若第一目标标识没有满足预设条件,则控制器可以确定没有发生路由环路。
网络设备只需要在发布路由信息后,将对应的扩展维护属性发送给控制器,由控制器来确定路由信息的发布路径的路由域标识并且判断是否发生路由环路,减少了网络设备的计算力的负担。
在一种可能的实现方式中,控制器判断第一目标标识是否满足预设条件的情况有多种,在一些可能的实现方式中,控制器可以判断第一目标标识中是否存在相同的路由域标识。由于第一目标标识中的每个路由域标识,都代表着对应的路由信息曾发布经过该路由域。所以,若第一目标标识中存在相同的路由域标识,表示第二路由信息发布到了某个路由域后,又再次发布到了同一个路由域,此时,控制器可以确定,第二路由信息造成了路由环路。若第一标识中不存在相同的路由域标识,则控制器可以确定,第二路由信息没有造成路由环路。
在一种可能的实现方式中,上述带外协议,可以是边界网关协议。网络设备将边界网关协议作为带外协议向控制器发送扩展维护属性,不需要对原有的路由信息的传输协议进行扩展。
在一种可能的实现方式中,控制器确定第二路由信息造成路由环路后,可以向接收该第二路由信息的第三网络设备发送管理指令。该管理指令,用于通知第三网络设备,不使用该第二路由信息。具体可以是第三网络降低第二路由信息的优先级或者删除第二路由信息。
在一种可能的实现方式中,第三网络设备可以接收到其他网络设备发送的第三路由信息,则控制器也会接收到与该第三路由信息对应的第三扩展维护属性。控制器可以根据第二方面所述的类似方法,确定出第二目标标识,第二目标标识中包括第三路由信息的发布路径的路由域标识。则此时控制器判断第一目标标识是否满足预设条件的方法可以是:控制器判断第二目标标识是否包括第一目标标识中的至少一个路由域标识,若是,则控制器可以确定第三路由信息造成路由环路,若不是,则控制器可以确定第三路由信息没有造成路由环路。
本申请实施例第三方面提供了一种网络设备,用于执行第一方面或第一方面的任意一种可能的实现方式中的方法。具体地,该网络设备包括用于执行第一方面或第一方面的任意一种可能的实现方式中的方法的单元。
本申请实施例第四方面提供了一种控制器,用于执行第二方面或第二方面的任意一种可能的实现方式中的方法。具体地,该控制器包括用于执行第二方面或第二方面的任意一种可能的实现方式中的方法的单元。
本申请实施例第五方面提供了一种网络设备,包括:
处理器、存储器、输入输出设备以及总线;
所述处理器、存储器、输入输出设备与所述总线相连;
所述处理器用于执行第一方面或第一方面的任一种实施方式中所述的检测路由环路的方法。
本申请实施例第六方面提供了一种控制器,包括:
处理器、存储器、输入输出设备以及总线;
所述处理器、存储器、输入输出设备与所述总线相连;
所述处理器用于执行第二方面或第二方面的任一种实施方式中所述的检测路由环路的方法。
本申请实施例第七方面提供了一种计算机可读存储介质,所述计算机可读存储介质中存储有指令或代码,当其在设备如计算机设备上运行时,使得设备执行第一方面或第一方面的任一种实施方式中所述的检测路由环路的方法。
本申请实施例第八方面提供了一种计算机可读存储介质,所述计算机可读存储介质中存储有指令或代码,当其在设备如计算机设备上运行时,使得设备执行第二方面或第二方面的任一种实施方式中所述的检测路由环路的方法。
本申请实施例第九方面提供了一种检测路由环路的系统,包括第一网络设备及第二网络设备;
第二网络设备通过带外协议向所述第一网络设备发送第一扩展维护属性,所述第一扩展维护属性包括第一标识,所述第一标识包括与第一路由信息对应的发布路径的路由域标识,所述第一路由信息包括所述第二网络设备向所述第一网络设备发布的路由信息;
所述第一网络设备接收第二网络设备通过带外协议发送的第一扩展维护属性,判断所述第一标识是否满足预设条件;
响应于所述第一设备确定所述第一标识满足所述预设条件,所述第一网络设备确定发生路由环路;或者
响应于所述第一设备确定所述第一标识不满足所述预设条件,所述第一网络设备确定没有发生路由环路。
本申请实施例第十方面提供了一种检测路由环路的系统,包括控制器、第一网络设备、第二网络设备及第三网络设备;
第一网络设备通过带外协议向所述控制器发送第一扩展维护属性,所述第一扩展维护属性包括第一标识,所述第一标识包括第一路由信息对应的第一源路由域的标识和第一目的路由域的标识,所述第一源路由域为所述第一网络设备发送所述第一路由信息的路由域,所述第一目的路由域为所述第二网络设备接收所述第一路由信息的路由域;
第二网络设备通过所述带外协议向所述控制器发送第二扩展维护属性,所述第二扩展维护属性包括第二标识,所述第二标识包括所述第二路由信息对应的第二源路由域的标识和第二目的路由域的标识,所述第二源路由域为所述第二网络设备发送所述第二路由信息的路由域,所述第二目的路由域为所述第三网络设备接收所述第二路由信息的路由域;
响应于所述第二源路由域的标识与所述第一目的路由域的标识相同,所述控制器根据所述第一标识和第二标识确定第一目标标识,所述第一目标标识包括所述第一路由信息发 发布路径的路由域的标识和所述第二路由信息的发布路径的路由域的标识;
所述控制器判断所述第一目标标识是否满足预设条件;
响应于所述控制器确定所述第一目标标识满足所述预设条件,所述控制器确定发生路由环路;或者
响应于所述控制器确定所述第一目标标识不满足所述预设条件,所述控制器确定没有发生路由环路。
图1为一种路由协议的部署场景示意图;
图2为一种路由重发布的网络场景示意图;
图3为一种发生路由环路的网络场景示意图;
图4为一种检测路由环路的网络场景示意图;
图5为一种ANIMA网络系统的架构示意图;
图6为一种检测路由环路的方法的一个实施例示意图;
图7为一种网络设备在协商过程中的单节点状态机示意图;
图8为一种检测路由环路的判断逻辑示意图;
图9为另一种检测路由环路的判断逻辑示意图;
图10为一种检测路由环路的方法的另一个实施例示意图;
图11为一种网络设备的结构示意图;
图12为一种网络设备的结构示意图;
图13为一种控制器的结构示意图;
图14为一种控制器的结构示意图;
图15为一种网络设备的结构示意图;
图16为一种控制器的结构示意图。
本申请实施例提供了一种检测路由环路的方法、相关设备及系统,用于防止路由环路,完成自愈。下面将结合附图对本申请实施方式作进一步地详细描述。本申请的说明书和权利要求书及上述附图中的术语“第一”、“第二”等是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。应该理解这样使用的术语在适当情况下可以互换,这仅仅是描述本申请的实施例中对相同属性的对象在描述时所采用的区分方式。
在此先对ANIMA网络进行如下介绍:
图5提供了一种ANIMA网络系统的架构示意图,如图5所示,ANIMA网络是一种自组织型网络。ANIMA网络的自主化主要完成自主配置(self-configuration)、自主保护(self-protection)、自主治愈(self-healing)、自主优化(self-optimization)4个目的,以便通过自主功能最大限度的减少对网络管理员或集中管理系统的依赖。ANIMA网络在架构上分为自主服务代理(ASA,autonomic service agent)和自主网络底层架构(ANI, autonomic network infrastructure)两层。其中,ANI又包括引导程序(bootstrap)、自主控制平面(ACP,autonomic control pannel)和grasp协议。Bootstrap负责实现网络设备的安全启动,通过对网络设备进行认证,使得网络设备接入ANIMA系统中。ACP负责网络设备之间建立逐跳(hop-by-hop)的加密互联网协议(IP,internet protocol)隧道,形成一个稳定的管理虚拟专用网络(VPN,virtual private network),在该VPN中基于IGP实现多跳网络设备之间的互通。grasp协议是ASA之间交互的标准信令协议,负责使能ASA,完成动态邻居发现、同步状态和协商参数设置等功能。
其中,grasp协议为ASA之间交互的标准信令协议,可以向ASA提供GRASP应用程序编程接口(API,application programming interface),为ANIMA系统运行的核心模块。
grasp协议提供了如下几种机制:
发现机制,即ASA可以通过grasp协议中的M_DISCOVERY、M_RESPONS发现预先指定的其他目标ASA;
协商机制,即ASA可以通过grasp协议中的M_REQ_NEG开始与其他ASA进行目标协商。一旦协商开始后,协商过程是对称的,参与协商的每个ASA皆可以相互使用协商消息(即GRASP协议中的M_NEGOTIATE)。此外,GRASP协议中还存在两个协商相关消息M_WAIT和M_END;
同步机制,即ASA可以通过grasp协议中的M_REQ_SYN向其他ASA请求目标的当前值。与之对应的同步响应消息为grasp协议中的M_SYNCH;
泛洪机制,即ASA可以通过grasp协议中的M_FLOOD,将目标的当前值主动推送给所有愿意接收的自协商节点上的其他ASA。
下面对本申请实施例所提供的检测路由环路方案进行介绍:
本发明技术方案适用于多个网络设备之间发生路由环路的场景,本申请实施例中,以两个网络设备之间发生路由环路为例进行阐述。在实际应用中,路由信息可以是在路由重发布过程中经过了多个路由域或多个设备之后,再由第二网络设备发送到第一网络设备中。网络设备或控制器只需要根据该路由信息对应的扩展维护属性便可以判断是否发生路由环路。上述网络设备可以是路由器,还可以是其他能够发送路由信息的网络设备,例如交换机,具体此处不做限定。
需要说明的是,在后面的各实施例中,以第一网络设备和第二网络设备均运行ISIS协议为例进行阐述,在实际应用中,还可以是其他的网络协议,例如OSPF协议,BGP协议或流量工程的标签交换路径(TE,traffic engineering)协议,具体此处不做限定。
进一步的,关于本申请实施例所述的带外协议,由于在路由重发布的过程中,路由信息需要通过原有业务协议进行传输,例如上述的OSPF协议或ISIS协议等。而路由信息对应的扩展维护属性是不需要通过上述原有业务协议进行传输的,可以通过其他的网络协议进行传输,例如ANIMA网络下的grasp协议或BGP协议等。本申请实施例将能够用于传输扩展维护属性的原有业务协议之外的其他网络协议,定义为带外协议。路由信息则用于表示网络中数据包所能够转发到的IP地址的能力。
本申请实施例中,扩展维护属性可以在网络设备之间传递,或者网络设备也可以将扩 展维护属性发送到控制器,下面分别进行说明:
一、扩展维护属性在网络设备之间传递:
请参阅图6,本申请实施例中一种检测路由环路的方法包括:
601、邻居网络设备启动路由协议后,第一网络设备和第二网络设备启动邻居发现功能和能力协商功能;
网络设备之间想要生成并传递扩展维护属性,需要先建立ANIMA网络下的邻居网络设备之间的自维护关系。而上述自维护关系,是需要网络设备先启动了协议功能,然后才需要伴生的自维护功能。当邻居启动了路由协议之后,第一网络设备和第二网络设备都需要开启ANIMA网络下的邻居发现功能和能力协商功能,以便建立自维护关系。
602、第一网络设备通过grasp的Registration接口注册PAP ASA服务,并注册该服务下的路由协议维护对象;
在应用ANIMA网络下的邻居发现功能之前,第一网络设备需要先通过ANIMA网络中的grasp的Registration接口注册PAP ASA服务。该PAP ASA服务能够用分布式交互的方法来完成网络协议自维护任务,例如业务布放或参数配置等。第一网络设备还需要注册PAP ASA服务下的路由协议自维护对象,名字可以包括“PAP_协议名”和该协议本地IP地址。
以ISIS协议为例,可以通过以下内容定义PAP ASA服务的ISIS协议的自维护对象:
协商报文是符合ANIMA grasp协商报文格式的报文,协商对象是如上定义的内容:包括了待协商的协议自维护能力类型,上例标识的是ISIS自维护能力;能力协商对象值的后面部分是安全策略参数,与协议验证安全策略参数相同。上例中obj_auth_key_id是设备上协议使用的验证key的id,通过它可以得到用户验证的算法和算法参数;obj_cryp_seq是用于防止重放攻击的随机序列号;obj_auth_digest是验证对象开头到本数据之前的内容的验证摘要值,整个自维护功能安全策略参数的使用与被伴生的协议携带验证数据的方法相同。
进一步的,关于上述的自维护功能,一般情况下设备间自维护关系与设备间协议关系在安全控制方面是等价的,在邻居发现和能力协商以及后续网络设备间的交互过程中,都需要在网络设备内获取协议原有的路由协议的安全策略参数并应用在协议自维护报文过程中。所以自维护功能安全策略参数可以通过继承路由协议的安全策略参数的方式,避免人工部署过程,进而支持自维护安全通信通道的自建立。
需要说明的是,自维护功能安全策略参数也可以不继承路由协议的安全策略参数,而通过人工配置的方式专门设置给协议维护通信机制。但这就丧失了协议自维护功能对用户不感知自动生效的特点。不排除有用户要求的更强的安全管理策略,例如:禁止设备间自维护功能生效、只允许部分自维护功能生效、或独立更换自维护安全策略参数等等。所以,比较常见的做法是:默认继承协议安全策略,并支持命令行可变更安全策略的方案。
603、第一网络设备通过grasp的Discover接口查找第二网络设备;
grasp提供了Discover接口,第一网络设备可以通过Discover接口查找第二网络设备。在ANIMA网络下,各设备有自己对应的PAP通信地址,而第一网络设备需要查找到第二网络设备的PAP通信地址,才能完成邻居设备的查找发现,并且,邻居网络设备之间后续的发现、协商、信息传递都会需要用到对端的PAP通信地址。
本申请实施例中,自维护协商功能的邻居的PAP通信地址,也可以不是通过grasp discover机制查找到的,在ANIMA网络下,第一网络设备还可以通过grasp的flood机制将本设备自维护功能的PAP通信地址主动泛洪到第二网络设备,这样第二网络设备便能够获得第一网络设备的PAP通信地址。之后第一网络设备也可以通过grasp_flood_get接口获取第二网络设备泛洪过来的第二网络设备的PAP通信地址;也还可以通过静态手工配置参数的方式或通过实现时硬编码在程序中不可改变,但自维护功能的自动能力和灵活性就会差一些,在跨越中间设备不支持本功能的时候可以使用这种方式。
604、第二网络设备向第一网络设备发送PAP通信地址;
第二网络设备向第一网络设备发送PAP通信地址,本实施例中,该PAP通信地址可以是IP地址和TCP端口号。
605、第一网络设备使用第二网络设备发送过来的PAP通信地址,来启动自维护邻居协商;
第一网络设备接收到第二网络设备发送的PAP通信地址后,使用该PAP通信地址来启动与第二网络设备之间的自维护邻居协商功能。由于此时第一网络设备只是发现了第二网络设备,并未完成建立与第二网络设备之间的自维护关系。网络设备间,还需要发送协商报文,该协商报文是符合ANIMA grasp协商报文格式的报文,需要获取邻居的PAP通信地址之后才能进行协商报文的传递。当协商报文通过自维护功能安全策略参数的验证后,才能建立自维护关系。而网络设备之间想要发送协商报文前,还需要先启动与第二网络设备之间的自维护邻居协商功能,启动成功后,便可以互相发送协商报文并进行安全验证。
需要说明的是,对于第二网络设备而言,同样需要执行第一网络设备所做的前述步骤601至步骤605来启动与第一网络设备之间的自维护邻居协商。
606、第二网络设备对协商进行回应;
当第一网络设备与第二网络设备全部启动了自维护邻居协商后,便可以发送协商报文进行协商。如步骤605所述,网络设备之间发送的协商报文还需要经过自维护功能安全策略参数的安全验证,避免了任意设备在不经过安全验证的情况下,随意建立协商关系,提升了方案的安全性。
网络设备在传递协商报文的过程中,可以存在多种状态。网络设备的状态会根据接收 到的协商报文的类型以及该协商报文是否通过自维护功能安全策略参数的验证而改变。请参阅图7所示的协商过程的单节点状态机,用于描述单个网络设备在不同场景下的状态变化:
A、状态机的初始状态(Init状态)是第一网络设备启动路由协议后,但邻居没有启动自维护邻居协商功能的状态。这种状态下收到任何报文都是直接丢弃掉。
B、状态机的协商状态(Wait_ack状态)是邻居启动自维护邻居协商功能后,第一网络设备启动定时器,定时发送协商请求(M_REQ_NEG)给协议邻居,第一网络设备需要等待邻居发送协商应答报文(M_NEGOTIATE);收到协商拒绝报文(M_END&decline)或收到的报文安全验证失败,会导致报文被丢弃,状态不变。
C、状态机的协商成功状态(UP状态)是第一网络设备在Wait_ack状态下收到了邻居协商应答报文(M_NEGOTIATE),并且通过了安全验证的状态,表示设备之间的自维护协商关系已经正确建立起来,可以进行后续的自维护功能过程。此状态下,收到安全验证失败的报文,会被丢弃而不影响现在状态。收到协商拒绝报文(M_END&decline)会导致状态降级到Wait_ack状态,重新协商。
607、第一网络设备将最终的协商结果告知给第二网络设备;
第一网络设备与第二网络设备成功建立自维护关系后,便可以通过ANIMA网络发送符合ANIMA grasp协商报文格式的报文来传输信息,比如本实施例后续提到的扩展维护属性,便可以通过ANIMA网络进行传输。
本实施例中,在现实的应用场景下,可能存在现网不完全支持本功能的情况,这时可以通过静态配置的方式实现跨越不支持的设备,主要有以下2个场景:
A、第一网络设备与第二网络设备之间存在其他邻居设备,第一网络设备与第二网络设备之间的通信需要由该邻居设备进行转接。但由于该邻居设备不支持ANIMA网络,所以第一网络无法自动查找该邻居设备的服务地址。则可以通过静态配置的服务名称与服务地址本地映射表的方式进行第一网络设备与第二网络设备之间的服务发现,此时自维护连接建立过程中的服务发现通过静态配置的方式实现了,但第一网络设备与第二网络设备之间的能力协商和安全协商过程照常进行。
B、第一网络设备需要与第二网络设备建立自维护关系,但由于第二网络设备不支持自维护服务,所以无法实现邻居间自维护功能,可以通过静态配置增加非直接的其他邻居设备。例如:将该不支持自维护服务的第二网络设备的邻居设备静态配置到当前设备,达到跨越不支持的设备的目的。在这个被跨越的设备对自维护功能来说可以缺少时,这种跨越可以扩大本功能的生效范围。而路由环路检测与自愈,则只在支持自维护功能的节点间生效。
608、第一网络设备向第二网络设备发送第一路由信息;
在第一网络设备与第二网络设备建立了自维护关系之后,网络设备之间开始进行路由重发布,即第一网络设备向第二网络设备发布第一路由信息。在本实施例以及后续实施例中,以第一网络设备运行ISIS协议为例进行举例阐述,相对应的在路由重发布的过程中,第一路由信息即是链路状态包(LSP,link-state packet)。在实际应用中,若网络设备运 行的是OSPF协议,则第一路由信息即为链路状态广播(LSA,link-state advertisement)。
609、第一网络设备中的PAP模块获取第一扩展维护属性;
本申请实施例中,网络设备中预先编码了一个程序,使得当网络设备发布了路由信息后,会生成与该路由信息对应的扩展维护属性。而该扩展维护属性,是不需要经过该路由信息的传输协议进行传输的,所以也不需要对网络设备的路由协议本身进行扩展或者修改,可以通过带外协议进行传输。本实施例中,该带外协议可以是ANIMA网络下的grasp协议。而ANIMA网络下的设备,需要配置PAP模块,用于实现该扩展维护属性的传输。
所以,当第一网络设备发送了第一路由信息后,会生成与第一路由信息相对应的第一扩展维护属性。而第一网络设备中的PAP模块则负责通过grasp协议发送符合ANIMA格式的报文,所以PAP模块需要获取该第一扩展维护属性。
具体的,网络设备运行的每个不同网络协议以及同一个网络协议的不同进程间,都存在互相独立的路由域,而每个路由域都会有相对应的路由域标识。路由重发布过程中,路由信息会经过多个路由域,本申请实施例中,完整发布路径用于表示该路由信息在路由重发布过程中整个完整的端到端的发布方向。
本实施例中,扩展维护属性包括了路由信息的完整发布路径上的路由域标识。例如本申请实施例中,第一网络设备工作在标识分别为rd1和rd2的两个路由域中,第二网络工作在标识为rd2的路由域中,第一网络设备从rd1路由域向rd2路由域中的第二网络设备发布路由信息后,第一网络设备生成的第一扩展维护属性还会携带第二网络设备工作的路由域的标识rd2,则第一扩展维护属性可以为(rd1,rd2),表示第一路由信息从rd1路由域发布到rd2路由域。
下文定义了扩展维护属性的内容格式:
该内容格式是符合ANIMA数据表达规范的一个协商对象,包括以下几个部分:
A、协议维护对象:包括了协议维护对象的名字,被PAP用来区分哪个协议自维护模块处理该对象数据,F_NEG设置了协商状态位,loopcount_16表示这个对象最多能被中转扩散16次;
B、路由同步号信息,被扩展维护信息用来匹配具体哪一次发布的路由表项,原始路由协议在发布路由信息时会有该信息;
C、扩展维护属性信息,定义了扩展维护属性的名字、中转传递标识以及扩展维护属性的值;
D、定义了该特定次(见步骤609中B小节内容)路由发布中具有相同扩展维护属性(见步骤609中C小节内容)的路由前缀列表;
E、安全验证信息,方法同步骤602所述的自维护功能安全策略参数;验证摘要范围是从本维护扩展属性对象开始到obj_auth_digest之前的数据。
610、第一网络设备中的PAP模块通过grasp协议将第一扩展维护属性发送给第二网络设备;
如上所述,第一扩展维护属性是通过带外协议发送的。本实施例中,由于第一网络设备与第二网络设备已经完成建立了ANIMA网络下的自维护关系,所以第一网络设备可以使用ANIMA网络下的grasp协议向第二网络设备发送第一扩展维护属性。
第一网络设备中的PAP模块获取该第一扩展维护属性后,可以向第二网络设备发送,此时该第一扩展维护属性可以为(rd1,rd2)。
需要说明的是,本实施例及后续实施例中,并不限定发送路由信息步骤与发送扩展维护属性步骤的时序关系。网络设备还可以在生成扩展维护属性后,同时发送扩展维护属性与路由信息,或者还可以在生成扩展维护属性之后,先发送扩展维护属性再发送路由信息,具体此处不做限定。
611、第二网络设备接收到第一扩展维护属性并验证通过后,进行回应;
第二网络设备接收到第一网络设备发送的第一扩展维护属性后,会先经过自维护功能安全策略参数的验证,验证通过后,会向第一网络设备反馈响应消息。
612、第二网络设备向第一网络设备发送第二路由信息;
613、第二网络设备中的PAP模块获取第二扩展维护属性;
614、第二网络设备通过grasp协议将第二扩展维护属性发送给第一网络设备;
第二网络设备将第二路由信息和第二扩展维护属性发送给第一网络设备,相关步骤612至614与前述步骤608至610类似,具体此处不做赘述。此时第二路由信息从第二网络设备工作的rd2路由域引入到第一网络设备工作的rd1路由域时,其对应的第二扩展维护属性会引入rd1路由域的标识,则第二扩展维护属性可以为(rd1,rd2,rd1)。
615、第一网络设备不使用第二路由信息;
当第一网络设备接收到扩展维护属性为(rd1,rd2,rd1)的第二路由信息时,第一网络设备可以根据该扩展维护属性判断该第二路由信息从rd1路由域又发回到rd1路由域,因此第一网络设备确定发生路由环路,该第二路由信息为回馈路由,则第一网络设备可以不使用第二路由信息,完成自愈。
具体的,第一网络设备不使用该第二路由信息的方式,可以是降低该第二路由信息的优先级或者是删除该第二路由信息。
本申请实施例中,以同一条路由重复发布到同一路由域造成路由环路的场景为例进行阐述。需要说明的是,本申请实施例同样适用于其他的发生路由环路的场景,只要扩展维护属性满足预设条件,都可以根据该扩展维护属性判断是否发生路由环路。下面对本申请实施例中的两种发生路由环路的场景及判断逻辑进行介绍:
A、请参阅图8,本申请实施例中一种检测路由环路的判断逻辑包括:
a:路由信息在网络设备1第一次被引入到rd1路由域,此时该路由信息的扩展维护属性为(rd1);
b:当该路由信息在网络设备2引入到rd2路由域时,该路由信息的扩展维护属性为(rd1,rd2);
c:当该路由信息在网络设备4引入到rd3路由域时,该路由信息的扩展维护属性为(rd1,rd2,rd3);
d:当该路由信息在网络设备6引入到rd4路由域时,该路由信息的扩展维护属性为(rd1,rd2,rd3,rd4);
e:当该路由信息在网络设备7引入到rd5路由域时,该路由信息的扩展维护属性为 (rd1,rd2,rd3,rd4,rd5);
f:当该路由信息在网络设备8设备引入到rd3路由域时,该路由信息的扩展维护属性为(rd1,rd2,rd3,rd4,rd5,rd3)。
上述路由发布场景中,同一条路由信息经过了某个路由域后又再次发布到同一个路由域,此时判断逻辑为某条路由的扩展维护属性最后一个路由域标识与该扩展维护属性的其他路由域标识存在重复了,即可判断该路由引发路由环路。例如当上述路由信息在f步骤引入时,该路由信息的扩展维护属性为(rd1,rd2,rd3,rd4,rd5,rd3),其中该扩展维护属性的最后一个路由域标识为rd3,而改扩展维护属性在之前的发布路径的标识中也存在rd3,说明该路由信息在之前发布到rd3路由域后,又一次发布到rd3路由域,此时,可以判断发生路由环路,该路由信息为回馈路由。
B、请参阅图9,本申请实施例中另一种检测路由环路的判断逻辑包括:
g:路由信息在网络设备2中被引入到路由域rd1,此时该路由信息的扩展维护属性为(rd1);
h:当该路由信息在网络设备3引入到rd1路由域时,该路由信息的扩展维护属性为(rd1),网络设备3会向网络设备2转发业务报文;
i:当该路由信息在网络设备2引入到rd2路由域时,该路由信息的扩展维护属性为(rd1,rd2),网络设备2会向网络设备3转发业务报文。
上述路由发布场景中,网络设备2会接收到两条在发布路径上具有包含关系的路由信息,此时判断逻辑为若两条路由信息的扩展维护属性的路由域标识存在包含关系时,则可以确定较长的路由域标识的路由信息为回馈路由。例如上述网络设备2一共接收到了路由域标识为(rd1)和路由域标识为(rd1,rd2)的两条路由信息。由于(rd1,rd2)包含了(rd1),说明该路由域标识为(rd1,rd2)的路由信息来源于路由域标识为(rd1)的路由信息,所以网络设备2确定域标识为(rd1,rd2)的路由信息为回馈路由。
需要说明的是,本申请实施例中,只要扩展维护属性满足上述任一判断逻辑的条件,则该扩展维护属性对应的路由信息就可以被判定为引发路由环路。
本实施例中,网络设备之间可以先通过ANIMA网络建立邻居间的自维护关系。网络设备之间进行路由重发布的过程中,除了向邻居设备发送路由信息之外,还会通过grasp协议向该邻居设备发送对应的扩展维护属性,该邻居设备可以根据接收到的扩展维护属性判断与该扩展维护属性对应的路由信息是否造成路由环路,若是,则邻居设备可以不使用该路由信息。整个自愈过程,只需要在原有的网络设备上建立ANIMA网络下的自维护关系即可,不需要引入新的管理设备对扩展维护属性进行管理和计算,提升了方案的便捷性。同时本实施例遵从ANIMA自维护网络的标准规范,易于多厂家的设备之间互相兼容。
需要说明的是,本申请实施例中,将扩展维护属性的路由域标识设置为rd1,rd2等作为例子进行阐述。在实际应用中,收集跨路由协议或相同路由协议不同进程的引入点标识法可以有很多种,例如还可以是路由域的ID或网络设备的管理IP,具体此处不做限定,但最终结果都是可以识别出路由是否发回到同一网络设备的相同路由域或同一网络设备不同路由域但被优选。
二、网络设备向控制器发送扩展维护属性:
本实施例中,网络设备生成的扩展维护属性并不需要直接在网络设备之间传递,而是直接将生成的扩展维护属性发送到控制器,由控制器识别路由环路。所以网络设备之间无须通过ANIMA网络建立自维护关系来传输扩展维护属性,即本实施例中方案可以不需要使用到ANIMA网络。
本申请实施例中,“控制器”只是对执行管理扩展维护属性、识别路由环路及发送管理指令等功能的设备的统称,并不特指某个或某些设备,在实际应用中,也可能对执行上述功能的设备不称之为“控制器”,而以其他名称代替,例如交换机、基站或数通组网中的控制器,具体此处不做限定,本申请实施例中只以“控制器”为例进行说明。
请参阅图10,本申请实施例中路由信息另一种检测路由环路的方法包括:
1001、第一网络设备向第二网络设备发送第一路由信息。
1002、第一网络设备生成第一扩展维护属性,并发送到控制器。
本实施例中,可以通过预先配置的方式,在网络设备中预先编码了一个程序,使得当网络设备发布了路由信息后,会生成与该路由信息对应的扩展维护属性。该扩展维护属性的内容格式与步骤609所述的扩展维护属性的内容格式相同,具体此处不做赘述。
需要说明的是,本实施例中,扩展维护属性所携带的标识,为路由信息发布的源路由域的标识和目的路由域的标识。源路由域指和目的路由域用于表示路由信息的的发布方向,说明路由信息的发布方向是从源路由域发布到目的路由域的。例如本实施例中,第一网络设备工作在标识分别为rd1和rd2的两个路由域中,第二网络设备工作在标识为rd2的路由域中,第一网络设备从rd1路由域向rd2路由域中的第二网络设备发布路由信息,则第一路由信息的源路由域为第一网络设备发送该第一路由信息时所工作的rd1路由域,目的路由域为第二网络设备接收该第一路由信息时所工作的rd2路由域,所以此时第一扩展维护属性可以为(rd1,rd2)。
由于扩展维护属性是不需要经过该路由信息的传输协议进行传输的,所以也不需要对该路由信息的传输协议本身进行扩展或者修改,可以通过带外协议进行传输。该带外协议可以是边界网关协议(BGP,border gateway protocol)监控协议,也还可以是其他协议,例如BGP地址族(BGP LS,BGP link-state)协议,具体此处不做限定。本实施例中,第一网络设备可以通过扩展上述协议或增加个新协议接口将第一扩展维护属性发送到控制器。
1003、控制器将第一扩展维护属性中的标识组合为完整的第一发布路径的标识。
控制器接收到的扩展维护属性,只包括了第一路由信息的源路由的域标识和目的路由域的标识,而路由信息的完整发布路径的标识,需要由控制器组织合成。由于网络设备每发布一次路由信息,都会向控制器发送该路由信息对应的源路由域的标识和目的路由域的标识,所以控制器能够知道每条路由信息的完整发布路径。当控制器接收到新的路由信息对应的扩展维护属性时,都会将该扩展维护属性中的源路由域的标识和目的路由域的标识与该路由信息之前的路由域标识相结合,组织合成为该路由信息对应的完整发布路径。由于第一路由信息只经过rd1路由域和rd2路由域,所以第一路由信息的完整发布路径的标识也是(rd1,rd2)。
1004、第二网络设备向第一网络设备发送第二路由信息。
1005、第二网络设备生成第二扩展维护属性,并发送到控制器。
第二路由信息由第二网络设备工作的rd2路由域发送到第一网络设备工作的rd1路由域,此时第二路由信息的源路由域为第二网络设备发送第二路由信息时所工作的rd2路由域,目的路由域为第一网络设备接收第一路由信息时所工作的rd1路由域,所以此时第二网络设备生成的第二扩展维护属性可以为(rd2,rd1),并将第二扩展维护属性通过带外协议发送到控制器。
1006、控制器将第二扩展维护属性中的标识组合为完整的第二发布路径的标识。
由于控制器接收到第二扩展维护属性(rd2,rd1)之前,还接收到了第一扩展维护属性(rd1,rd2),所以控制器可以确定,第二路由信息是从rd1路由域发送到rd2路由域,再从rd2路由域再发送回rd1路由域的,所以控制器接收到第二扩展维护属性后,组织合成的第二路由信息的完整第二发布路径的标识为(rd1,rd2,rd1)。
1007、控制器判断发生路由环路。
当控制器将第二扩展维护属性组织合成为第二路由信息的完整第二发布路径后,由于此时完整第二发布路径的标识为(rd1,rd2,rd1),所以控制器可以判断该第二路由信息从rd1路由域又发回到rd1路由域,因此控制器确定第二路由信息引发路由环路,该第二路由信息为回馈路由。
1008、控制器向第一网络设备发送管理指令。
控制器判断第二路由信息为回馈路由后,向第一网络设备发送管理指令,通知第一网络设备不使用该第二路由信息,完成自愈。
具体的,第一网络设备不使用该第二路由信息的方式,可以是降低该第二路由信息的优先级或者是删除该第二路由信息。
本实施例中,有多种协议接口可用于集中式服务器下发管理指令给网络设备的,例如网管netconf接口或BGP扩展,具体此处不做限定。控制器也可以使用扩展这些协议或增加新协议接口完成管理指令的下发。
1009、第一网络设备不优选第二路由信息。
第一网络设备接收到控制器发送的管理指令后,根据管理指令不优选第二路由信息。
本实施例中,当网络设备之间进行路由重发布时,除了向邻居设备发送路由信息之外,还会通过带外协议向控制器发送对应的扩展维护属性,控制器可以根据接收到的扩展维护属性判断与该扩展维护属性对应的路由信息是否为回馈路由,若是,则控制器向接收到该回馈路由的网络设备发送管理指令,该网络设备接收到管理指令后,不优选该回馈路由。整个自愈过程,网络设备只负责发送扩展维护属性到控制器,后续的扩展维护属性的组织合成以及路由环路的判断由控制器执行,减少了网络设备的计算负担,对网络设备的计算性能要求较低。
下面对本申请实施例中的网络设备和控制器进行描述:
如图11所示,本申请实施例还提供一种网络设备可能的结构示意图,该网络设备1100可以实现图6和图7中第一网络设备的功能,对于网络设备各单元具备的功能可以参考上 述方法步骤中的描述。
该网络设备1100可以包括以下功能结构模块:
接收单元1101,用于接收第二网络设备通过带外协议发送的第一扩展维护属性,所述第一扩展维护属性包括第一标识,所述第一标识包括与第一路由信息对应的发布路径的路由域标识,所述第一路由信息包括所述第二网络设备向所述第一网络设备发布的路由信息;
处理单元1102,用于判断所述第一标识是否满足预设条件;响应于确定所述第一标识满足所述预设条件,确定发生路由环路;或者,响应于确定所述第一标识不满足所述预设条件,确定没有发生路由环路。
由于存在多种发生路由环路的场景,相对应的判断逻辑也不相同。所以该实施例中针对不同的发生路由环路的场景的具体实现方式分别可以是:
针对接收单元1101接收到第一扩展维护属性的场景:处理单元1102具体用于判断所述第一扩展维护属性中的第一标识是否存在相同的路由域标识;若存在,则处理单元1102确定发生路由环路;若不存在,则处理单元1102确定没有发生路由环路。
针对接收单元1101还接收到了第二扩展维护属性的场景:处理单元1102具体用于判断所述第二扩展维护属性中的第二标识是否包括所述第一标识中的至少一个路由域标识;若包括,则处理单元1102确定发生路由环路;若不包括,则处理单元1102确定没有发生路由环路。
在第一网络设备接收第一扩展维护属性之前,所述处理单元1102还可以用于建立与邻居网络设备之间的自维护协商关系,所述自维护协商关系用于第一网络设备与所述邻居网络设备之间传输所述第一扩展维护属性,所述邻居网络设备包括第二网络设备和第三网络设备。
具体的,在第一网络设备建立与邻居网络设备之间的自维护协商关系的过程中,所述处理单元1102可以通过grasp协议发现所述邻居网络设备;接收所述邻居网络设备发送的PAP通信地址;使用所述PAP通信地址建立与所述邻居网络设备之间的自维护协商关系。
进一步的,第一网络设备接收到所述邻居网络设备发送的PAP通信地址之后,所述处理单元1102具体用于使用所述PAP通信地址启动自维护协商功能;向所述邻居网络设备发送协商请求消息;接收所述邻居网络设备发送的响应于所述协商请求消息的协商应答消息;当所述协商应答消息通过了所述网络设备的安全验证时,建立与所述邻居网络设备之间的自维护协商关系。
第一网络设备与所述邻居网络设备建立了自维护协商关系之后,当所述接收单元1101接收到所述邻居网络设备发送的协商拒绝消息时,所述处理单元还用于断开与所述邻居网络设备之间的自维护协商关系。
网络设备之间传输ANIMA网络下的报文时,可以对报文进行自维护功能的安全策略参数的验证,具体的,第一网络设备可以将自维护功能的安全策略参数继承路由协议的安全策略参数。
本申请实施例中,所述带外协议可以是grasp协议。
在网络设备确定接收到的第一路由信息引发路由环路时,所述处理单元1102还用于不 使用所述第一路由信息;或者发送发现路由环路的告警信息。
如图12所示,本申请实施例还提供一种控制器可能的结构示意图,该控制器1200可以实现图10中控制器的功能,对于控制器各单元具备的功能可以参考上述方法步骤中的描述。
该控制器1200可以包括以下功能结构模块:
接收单元1201,用于接收第一网络设备通过带外协议发送的第一扩展维护属性,所述第一扩展维护属性包括第一标识,所述第一标识包括第一路由信息对应的第一源路由域标识和第一目的路由域标识,所述第一源路由域为所述第一网络设备发送所述第一路由信息的路由域,所述第一目的路由域为所述第二网络设备接收所述第一路由信息的路由域;
所述接收单元1201,用于接收第二网络设备通过所述带外协议发送的第二扩展维护属性,所述第二扩展维护属性包括第二标识,所述第二标识包括所述第二路由信息对应的第二源路由域标识和第二目的路由域标识,所述第二源路由域为所述第二网络设备发送所述第二路由信息的路由域,所述第二目的路由域为所述第三网络设备接收所述第二路由信息的路由域;
处理单元1202,用于根据所述第一标识和第二标识确定第一目标标识,所述第一目标标识包括所述第一路由信息发发布路径的路由域的标识和所述第二路由信息的发布路径的路由域的标识;判断所述第一目标标识是否满足预设条件;响应于确定所述第一目标标识满足所述预设条件,确定发生路由环路;或者,响应于确定所述第一目标标识不满足所述预设条件,确定没有发生路由环路。
进一步的,所述处理单元1202判断所述第一目标标识是否满足预设条件的方式可以是:所述处理单元1202判断所述第一目标标识中是否存在相同的路由域标识;若是,则确定所述第一目标标识满足预设条件;若不是,则确定所述第一目标标识没有满足预设条件。
本申请实施例中,所述带外协议可以是BGP协议。
当控制器确定所述第二路由信息引发路由环路时,所述处理单元1202还用于向所述第三网络设备发送管理指令,所述管理指令用于通知所述第三网络设备不使用所述第二路由信息。
本申请实施例中对模块的划分是示意性的,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,另外,在本申请各个实施例中的各功能模块可以集成在一个处理单元中,也可以是单独物理存在,也可以两个或两个以上模块集成在一个模块中。上述集成的模块既可以采用硬件的形式实现,也可以采用软件功能模块的形式实现。
其中,集成的模块既可以采用硬件的形式实现时,网络设备可以是图13所示的结构,则图11中所提供处理单元可以对应图13中的处理器1301。处理器1301,可以是一个中央处理器(CPU,central processing unit),也可以是特定集成电路(ASIC,application specific integrated circuit),或者是被配置成实施本申请实施例的一个或多个集成电路,例如:一个或多个数字信号处理器(DSP,digital signal processor),或,一个或者多个现场可编程门阵列(FPGA,field programmable gate array)。该网络设备还可以包括通信接口1302,通信接口1302用于与其他网络设备进行通信。该网络设备还可以包 括:存储器1303,用于存储处理器1301执行的程序。存储器1303可以是易失性存储器(volatile memory),例如随机存取存储器(RAM,random-access memory);或者非易失性存储器(non-volatile memory),例如只读存储器(ROM,read-only memory),快闪存储器(flash memory),硬盘(HDD,hard disk drive)或固态硬盘(SSD,solid-state drive);或者上述种类的存储器的组合,用于存储可实现本申请方法的程序代码、TSN域内网络设备的配置文件或其他内容。存储器1303是能够用于携带或存储具有指令或数据结构形式的期望的程序代码并能够由计算机存取的任何其他介质,但不限于此。
处理器1301用于执行存储器1303存储的程序代码。本申请实施例中不限定上述通信接口1302、处理器1301以及存储器1303之间的具体连接介质。本申请实施例在图13中以存储器1303、处理器1302以及通信接口1302之间通过总线1304连接,总线在图13中以粗线表示,其它部件之间的连接方式,仅是进行示意性说明,并不引以为限。所述总线可以分为地址总线、数据总线、控制总线等。为便于表示,图13中仅用一条粗线表示,但并不表示仅有一根总线或一种类型的总线。
在一个示例中,通信接口1302用于接收第二扩展维护属性,所述第二扩展维护属性包括第二标识,所述第二标识包括第二路由信息对应的发布路径的路由域标识,所述第二路由信息包括所述第三网络设备向所述第一设备发布的路由信息。
处理器1301具体用于判断所述第二扩展维护属性中的第二标识是否包括所述第一标识中的至少一个路由域标识;若包括,则处理器1302确定发生路由环路;若不包括,则处理器1302确定没有发生路由环路。
在一个示例中,通信接口1302用于接收所述邻居网络设备发送的协商拒绝消息,
处理器1301具体可以用于断开与所述邻居网络设备之间的自维护协商关系。
该网络设备1300可以实现图6和图7中第一网络设备的功能,具体可以参考与附图相关的方法的描述。
集成的模块既可以采用硬件的形式实现时,控制器可以是图14所示的结构,则图12中所提供处理单元可以对应图14中的处理器1401。处理器1401,可以是一个中央处理器(CPU,central processing unit),也可以是特定集成电路(ASIC,application specific integrated circuit),或者是被配置成实施本申请实施例的一个或多个集成电路,例如:一个或多个数字信号处理器(DSP,digital signal processor),或,一个或者多个现场可编程门阵列(FPGA,field programmable gate array)。该网络设备还可以包括通信接口1402,通信接口1402用于与其他网络设备进行通信。该网络设备还可以包括:存储器1403,用于存储处理器1401执行的程序。存储器1403可以是易失性存储器(volatile memory),例如随机存取存储器(RAM,random-access memory);或者非易失性存储器(non-volatile memory),例如只读存储器(ROM,read-only memory),快闪存储器(flash memory),硬盘(HDD,hard disk drive)或固态硬盘(SSD,solid-state drive);或者上述种类的存储器的组合,用于存储可实现本申请方法的程序代码、TSN域内控制器的配置文件或其他内容。存储器1403是能够用于携带或存储具有指令或数据结构形式的期望的程序代码并能够由计算机存取的任何其他介质,但不限于此。
处理器1401用于执行存储器1403存储的程序代码。本申请实施例中不限定上述通信接口1402、处理器1401以及存储器1403之间的具体连接介质。本申请实施例在图14中以存储器1403、处理器1402以及通信接口1402之间通过总线1404连接,总线在图14中以粗线表示,其它部件之间的连接方式,仅是进行示意性说明,并不引以为限。所述总线可以分为地址总线、数据总线、控制总线等。为便于表示,图14中仅用一条粗线表示,但并不表示仅有一根总线或一种类型的总线。
该控制器1400可以实现图10中控制器的功能,具体可以参考与附图相关的方法的描述。
如图15所示,本申请实施例还提供一种检测路由环路的系统,该系统包括应用于多协议或者多进程的路由重发布场景中的网络设备,该系统至少包括第一网络设备1501和第二网络设备1502;其中第二网络设备向第一网络设备发送第一路由信息。
第二网络设备1502用于生成与所述第一路由信息对应的第一扩展维护属性,所述第一扩展维护属性包括第一标识,所述第一标识包括与第一路由信息对应的发布路径的路由域标识。第二网络设备1502生成所述第一扩展维护属性后,通过带外协议向第一网络设备发送所述第一扩展维护属性。
第一网络设备1501用于通过带外协议接收所述第二网络设备1502发送第一扩展维护属性;判断所述第一标识中是否存在相同的路由域标识;若存在相同的路由域标识,则确定发生路由环路;若没有存在相同的路由域标识,则确定没有发生路由环路。
上述是基于第一网络设备接收到第一扩展维护属性的场景,在一个示例中,该系统还可以包括第三网络设备,其中第三网络设备会向第一网络设备发送第二路由信息。
第三网络设备用于生成与所述第二路由信息对应的第二扩展维护属性,所述第二扩展维护属性包括第二标识,所述第一标识包括与第一路由信息对应的发布路径的路由域标识。第三网络设备生成所述第二扩展维护属性后,通过带外协议向第一网络设备发送所述第二扩展维护属性。
第一网络设备1501用于通过带外协议接收所述第三网络设备1503发送第一扩展维护属性;判断所述第二标识是否包括所述第一标识中的至少一个路由域标识;若是,则确定发生路由环路;若不是,则确定发生路由环路。
该系统中的网络设备进行检测路由环路的时候是基于上述实施例所提供的方式,具体实现不在赘述。
如图16所示,本申请实施例还提供一种检测路由环路的系统,该系统包括应用于多协议或者多进程的路由重发布场景中的网络设备,该系统至少包括控制器1601、第一网络设备1602、第二网络设备1603和第三网络设备1604;其中第一网络设备会向第二网络设备发送第一路由信息,第二网络设备会向第三网络设备发送第二路由信息。
第一网络设备1602用于生成与所述第一路由信息对应的第一扩展维护属性,所述第一扩展维护属性包括第一标识,所述第一标识包括第一路由信息对应的第一源路由域的标识和第一目的路由域的标识,所述第一源路由域为所述第一网络设备发送所述第一路由信息的路由域,所述第一目的路由域为所述第二网络设备接收所述第一路由信息的路由域;第 一网络设备1602生成所述第一扩展维护属性后,通过带外协议向控制器发送所述第一扩展维护属性。
第二网络设备1603用于生成与所述第二路由信息对应的第二扩展维护属性,所述第二扩展维护属性包括第二标识,所述第二标识包括第二路由信息对应的第二源路由域的标识和第二目的路由域的标识,所述第二源路由域为所述第二网络设备发送所述第二路由信息的路由域,所述第二目的路由域为所述第三网络设备接收所述第二路由信息的路由域;第二网络设备1603生成所述第一扩展维护属性后,通过带外协议向控制器发送所述第二扩展维护属性。
第三网络设备1604用于接收第二网络设备1603发送的第二路由信息,还可以用于接收控制器1601发送的管理指令,所述管理指令用于通知所述第三网络设备不使用所述第二路由信息。
控制器1601用于通过带外协议接收第一网络设备1602发送的第一扩展维护属性,通过带外协议接收第二网络设备1603发送的第二扩展维护属性;根据所述第一标识和第二标识确定第一目标标识,所述第一目标标识包括所述第一路由信息发发布路径的路由域的标识和所述第二路由信息的发布路径的路由域的标识;判断所述第一目标标识是否满足预设条件;若满足预设条件,则确定发生路由环路;若没有满足预设条件,则确定没有发生路由环路。
本领域内的技术人员应明白,本申请的实施例可提供为方法、系统、或计算机程序产品。因此,本申请可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本申请可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。
所属领域的技术人员可以清楚地了解到,为描述的方便和简洁,上述描述的系统,装置和单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。
在本申请所提供的几个实施例中,应该理解到,所揭露的系统,装置和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。
所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。
另外,在本申请各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。
所述集成的单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可 以存储在一个计算机可读取存储介质中。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的全部或部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本申请各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,read-only memory)、随机存取存储器(RAM,random access memory)、磁碟或者光盘等各种可以存储程序代码的介质。
Claims (32)
- 一种检测路由环路的方法,其特征在于,所述方法包括:第一网络设备接收第二网络设备通过带外协议发送的第一扩展维护属性,所述第一扩展维护属性包括第一标识,所述第一标识包括与第一路由信息对应的发布路径的路由域标识,所述第一路由信息包括所述第二网络设备向所述第一网络设备发布的路由信息;所述第一网络设备判断所述第一标识是否满足预设条件;响应于所述第一设备确定所述第一标识满足所述预设条件,所述第一网络设备确定发生路由环路;或者响应于所述第一设备确定所述第一标识不满足所述预设条件,所述第一网络设备确定没有发生路由环路。
- 根据权利要求1所述的方法,其特征在于,所述第一网络设备判断所述第一标识是否满足预设条件包括:所述第一网络设备判断所述第一标识中是否存在相同的路由域标识;若是,则所述第一网络设备确定所述第一标识满足预设条件;若不是,则所述第一网络设备确定所述第一标识没有满足预设条件。
- 根据权利要求1所述的方法,其特征在于,所述方法还包括:所述第一网络设备通过所述带外协议接收第三网络设备发送的第二扩展维护属性,所述第二扩展维护属性包括第二标识,所述第二标识包括第二路由信息对应的发布路径的路由域标识,所述第二路由信息包括所述第三网络设备向所述第一设备发布的路由信息;所述第一网络设备判断所述第一标识是否满足预设条件包括:所述第一网络设备判断所述第二标识是否包括所述第一标识中的至少一个路由域标识;若是,则所述第一网络设备确定所述第一标识满足预设条件;若不是,则所述第一网络设备确定所述第一标识没有满足预设条件。
- 根据权利要求1至3中任一项所述的方法,其特征在于,所述第一网络设备接收第二网络设备通过带外协议发送的第一扩展维护属性之前,所述方法还包括:所述第一网络设备建立与邻居网络设备之间的自维护协商关系,所述自维护协商关系用于第一网络设备与所述邻居网络设备之间传输所述第一扩展维护属性,所述邻居网络设备包括第二网络设备。
- 根据权利要求4所述的方法,其特征在于,所述第一网络设备建立与邻居网络设备之间的自维护协商关系包括:所述第一网络设备通过通用自组织信令协议发现所述邻居网络设备;所述第一网络设备接收所述邻居网络设备发送的辅助协议的协议PAP通信地址;所述第一网络设备使用所述PAP通信地址建立与所述邻居网络设备之间的自维护协商关系。
- 根据权利要求5所述的方法,其特征在于,所述第一网络设备使用所述PAP通信地址建立与所述邻居网络设备之间的自维护协商关系包括:所述第一网络设备使用所述PAP通信地址启动自维护协商功能;所述第一网络设备向所述邻居网络设备发送协商请求消息;所述第一网络设备接收所述邻居网络设备发送的响应于所述协商请求消息的协商应答消息;当所述协商应答消息通过了所述第一网络设备的安全验证时,所述第一网络设备建立与所述邻居网络设备之间的自维护协商关系。
- 根据权利要求4至6中任一项所述的方法,其特征在于,所述第一网络设备建立与所述邻居网络设备之间的自维护协商关系之后,所述方法还包括:所述第一网络设备接收所述邻居网络设备发送的协商拒绝消息;所述第一网络设备断开与所述邻居网络设备之间的自维护协商关系。
- 根据权利要求4至7中任一项所述的方法,其特征在于,所述第一网络设备根据路由协议的安全策略参数确定自维护功能的安全策略参数。
- 根据权利要求1至8中任一项所述的方法,其特征在于,所述带外协议为通用自组织信令协议。
- 根据权利要求1、2或4所述的方法,其特征在于,响应于所述第一设备确定所述第一标识满足所述预设条件,所述第一网络设备确定发生路由环路,所述方法还包括:所述第一网络设备不使用所述第一路由信息;或者所述第一网络设备发送发现路由环路的告警信息。
- 一种检测路由环路的方法,其特征在于,包括:控制器接收第一网络设备通过带外协议发送的第一扩展维护属性,所述第一扩展维护属性包括第一标识,所述第一标识包括第一路由信息对应的第一源路由域的标识和第一目的路由域的标识,所述第一源路由域为所述第一网络设备发送所述第一路由信息的路由域,所述第一目的路由域为所述第二网络设备接收所述第一路由信息的路由域;所述控制器接收第二网络设备通过所述带外协议发送的第二扩展维护属性,所述第二扩展维护属性包括第二标识,所述第二标识包括所述第二路由信息对应的第二源路由域的标识和第二目的路由域的标识,所述第二源路由域为所述第二网络设备发送所述第二路由信息的路由域,所述第二目的路由域为所述第三网络设备接收所述第二路由信息的路由域;响应于所述第二源路由域的标识与所述第一目的路由域的标识相同,所述控制器根据所述第一标识和第二标识确定第一目标标识,所述第一目标标识包括所述第一路由信息发发布路径的路由域的标识和所述第二路由信息的发布路径的路由域的标识;所述控制器判断所述第一目标标识是否满足预设条件;响应于所述控制器确定所述第一目标标识满足所述预设条件,所述控制器确定发生路由环路;或者响应于所述控制器确定所述第一目标标识不满足所述预设条件,所述控制器确定没有发生路由环路。
- 根据权利要求11所述的方法,其特征在于,所述控制器判断所述第一目标标识是否满足预设条件包括:所述控制器判断所述第一目标标识中是否存在相同的路由域标识;若是,则所述控制器确定所述第一目标标识满足预设条件;若不是,则所述控制器确定所述第一目标标识没有满足预设条件。
- 根据权利要求11或12所述的方法,其特征在于,所述带外协议为边界网关协议。
- 根据权利要求11至13中任一项所述的方法,其特征在于,所述方法还包括:响应于所述控制器确定所述第一目标标识满足所述预设条件,所述控制器向所述第三网络设备发送管理指令,所述管理指令用于通知所述第三网络设备不使用所述第二路由信息。
- 一种网络设备,其特征在于,包括:接收单元,用于接收第二网络设备通过带外协议发送的第一扩展维护属性,所述第一扩展维护属性包括第一标识,所述第一标识包括与第一路由信息对应的发布路径的路由域标识,所述第一路由信息包括所述第二网络设备向所述第一网络设备发布的路由信息;处理单元,用于判断所述第一标识是否满足预设条件;所述处理单元,还用于响应于所述第一标识满足所述预设条件,确定发生路由环路;或者所述处理单元,还用于响应于所述第一标识不满足所述预设条件,确定没有发生路由环路。
- 根据权利要求15所述的网络设备,其特征在于,所述处理单元具体用于:判断所述第一标识中是否存在相同的路由域标识;若是,则确定所述第一标识满足预设条件;若不是,则确定所述第一标识没有满足预设条件。
- 根据权利要求15所述的网络设备,其特征在于,所述接收单元还用于:通过所述带外协议接收第三网络设备发送的第二扩展维护属性,所述第二扩展维护属性包括第二标识,所述第二标识包括第二路由信息对应的发布路径的路由域标识,所述第二路由信息包括所述第三网络设备向所述第一设备发布的路由信息;所述处理单元还用于:判断所述第二标识是否包括所述第一标识中的至少一个路由域标识;若是,则确定所述第一标识满足预设条件;若不是,则确定所述第一标识没有满足预设条件。
- 根据权利要求15至17中任一项所述的网络设备,其特征在于,所述处理单元还用于:建立与邻居网络设备之间的自维护协商关系,所述自维护协商关系用于第一网络设备与所述邻居网络设备之间传输所述第一扩展维护属性,所述邻居网络设备包括第二网络设备。
- 根据权利要求18所述的网络设备,其特征在于,所述处理单元具体用于:通过通用自组织信令协议发现所述邻居网络设备;接收所述邻居网络设备发送的辅助协议的协议PAP通信地址;使用所述PAP通信地址建立与所述邻居网络设备之间的自维护协商关系。
- 根据权利要求19所述的网络设备,其特征在于,所述处理单元具体用于:使用所述PAP通信地址启动自维护协商功能;向所述邻居网络设备发送协商请求消息;接收所述邻居网络设备发送的响应于所述协商请求消息的协商应答消息;当所述协商应答消息通过了所述网络设备的安全验证时,建立与所述邻居网络设备之间的自维护协商关系。
- 根据权利要求18至20中任一项所述的网络设备,其特征在于,所述接收单元还用于:接收所述邻居网络设备发送的协商拒绝消息;所述处理单元还用于:断开与所述邻居网络设备之间的自维护协商关系。
- 根据权利要求18至21中任一项所述的网络设备,其特征在于,所述第一网络设备根据路由协议的安全策略参数确定自维护功能的安全策略参数。
- 根据权利要求15至22中任一项所述的网络设备,其特征在于,所述带外协议为通用自组织信令协议。
- 根据权利要求15、16或18所述的网络设备,其特征在于,所述处理单元还用于:不使用所述第一路由信息;或者发送发现路由环路的告警信息。
- 一种控制器,其特征在于,包括:接收单元,用于接收第一网络设备通过带外协议发送的第一扩展维护属性,所述第一扩展维护属性包括第一标识,所述第一标识包括第一路由信息对应的第一源路由域标识和第一目的路由域标识,所述第一源路由域为所述第一网络设备发送所述第一路由信息的路由域,所述第一目的路由域为所述第二网络设备接收所述第一路由信息的路由域;所述接收单元,用于接收第二网络设备通过所述带外协议发送的第二扩展维护属性,所述第二扩展维护属性包括第二标识,所述第二标识包括所述第二路由信息对应的第二源路由域标识和第二目的路由域标识,所述第二源路由域为所述第二网络设备发送所述第二路由信息的路由域,所述第二目的路由域为所述第三网络设备接收所述第二路由信息的路由域;处理单元,用于根据所述第一标识和第二标识确定第一目标标识,所述第一目标标识包括所述第一路由信息发发布路径的路由域的标识和所述第二路由信息的发布路径的路由域的标识;判断所述第一目标标识是否满足预设条件;所述处理单元,还用于响应于所述第一目标标识满足所述预设条件,确定发生路由环路;或者所述处理单元,还用于响应于确定所述第一目标标识不满足所述预设条件,确定没有发生路由环路。
- 根据权利要求25所述的控制器,其特征在于,所述处理单元具体用于:判断所述第一目标标识中是否存在相同的路由域标识;若是,则确定所述第一目标标识满足预设条件;若不是,则确定所述第一目标标识没有满足预设条件。
- 根据权利要求25或26所述的控制器,其特征在于,所述带外协议为边界网关协议。
- 根据权利要求25至27中任一项所述的控制器,其特征在于,所述处理单元还用于:响应于确定所述第一目标标识满足所述预设条件,向所述第三网络设备发送管理指令,所述管理指令用于通知所述第三网络设备不使用所述第二路由信息。
- 一种计算机可读存储介质,包括指令,当其在计算机上运行时,使得计算机执行如权利要求1至10中任意一项所述的方法。
- 一种计算机可读存储介质,包括指令,当其在计算机上运行时,使得计算机执行如权利要求11至14中任意一项所述的方法。
- 一种检测路由环路的系统,其特征在于,包括第一网络设备及第二网络设备;所述第二网络设备用于通过带外协议向所述第一网络设备发送第一扩展维护属性,所述第一扩展维护属性包括第一标识,所述第一标识包括与第一路由信息对应的发布路径的路由域标识,所述第一路由信息包括所述第二网络设备向所述第一网络设备发布的路由信息;所述第一网络设备用于判断所述第一标识是否满足预设条件,当所述第一标识满足所述预设条件时,确定发生路由环路;或者,当所述第一标识不满足所述预设条件时,确定没有发生路由环路。
- 一种检测路由环路的系统,其特征在于,包括控制器、第一网络设备、第二网络设备及第三网络设备;所述第一网络设备用于通过带外协议向所述控制器发送第一扩展维护属性,所述第一扩展维护属性包括第一标识,所述第一标识包括第一路由信息对应的第一源路由域的标识和第一目的路由域的标识,所述第一源路由域为所述第一网络设备发送所述第一路由信息的路由域,所述第一目的路由域为所述第二网络设备接收所述第一路由信息的路由域;所述第二网络设备用于通过所述带外协议向所述控制器发送第二扩展维护属性,所述第二扩展维护属性包括第二标识,所述第二标识包括所述第二路由信息对应的第二源路由域的标识和第二目的路由域的标识,所述第二源路由域为所述第二网络设备发送所述第二路由信息的路由域,所述第二目的路由域为所述第三网络设备接收所述第二路由信息的路由域;所述控制器用于根据所述第一标识和第二标识确定第一目标标识,所述第一目标标识包括所述第一路由信息发发布路径的路由域的标识和所述第二路由信息的发布路径的路由域的标识;所述控制器判断所述第一目标标识是否满足预设条件,当确定所述第一目标标识满足所述预设条件时,所述控制器确定发生路由环路;或者,当所述第一目标标识不满足所述预设条件时,所述控制器确定没有发生路由环路。
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011063146.2A CN114338508A (zh) | 2020-09-30 | 2020-09-30 | 一种检测路由环路的方法、设备及系统 |
CN202011063146.2 | 2020-09-30 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2022068330A1 true WO2022068330A1 (zh) | 2022-04-07 |
Family
ID=80949162
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2021/106983 WO2022068330A1 (zh) | 2020-09-30 | 2021-07-19 | 一种检测路由环路的方法、设备及系统 |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN114338508A (zh) |
WO (1) | WO2022068330A1 (zh) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115118647A (zh) * | 2022-05-20 | 2022-09-27 | 北京邮电大学 | 算力网络中算力信息感知和通告系统及其方法 |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101425978A (zh) * | 2008-12-02 | 2009-05-06 | 中兴通讯股份有限公司 | 防止自治系统内路由环路的方法和设备 |
US20170171227A1 (en) * | 2015-12-10 | 2017-06-15 | Dell Software Inc. | Automatic tunnels routing loop attack defense |
CN108134707A (zh) * | 2016-12-01 | 2018-06-08 | 华为技术有限公司 | 一种路由检测的方法及网络设备 |
CN111385206A (zh) * | 2018-12-29 | 2020-07-07 | 北京华为数字技术有限公司 | 报文转发的方法、网络系统、相关设备及计算机存储介质 |
CN111698189A (zh) * | 2019-03-11 | 2020-09-22 | 华为技术有限公司 | Bgp路由识别方法、装置及设备 |
-
2020
- 2020-09-30 CN CN202011063146.2A patent/CN114338508A/zh active Pending
-
2021
- 2021-07-19 WO PCT/CN2021/106983 patent/WO2022068330A1/zh active Application Filing
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101425978A (zh) * | 2008-12-02 | 2009-05-06 | 中兴通讯股份有限公司 | 防止自治系统内路由环路的方法和设备 |
US20170171227A1 (en) * | 2015-12-10 | 2017-06-15 | Dell Software Inc. | Automatic tunnels routing loop attack defense |
CN108134707A (zh) * | 2016-12-01 | 2018-06-08 | 华为技术有限公司 | 一种路由检测的方法及网络设备 |
CN111385206A (zh) * | 2018-12-29 | 2020-07-07 | 北京华为数字技术有限公司 | 报文转发的方法、网络系统、相关设备及计算机存储介质 |
CN111698189A (zh) * | 2019-03-11 | 2020-09-22 | 华为技术有限公司 | Bgp路由识别方法、装置及设备 |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115118647A (zh) * | 2022-05-20 | 2022-09-27 | 北京邮电大学 | 算力网络中算力信息感知和通告系统及其方法 |
CN115118647B (zh) * | 2022-05-20 | 2024-02-09 | 北京邮电大学 | 算力网络中算力信息感知和通告系统及其方法 |
Also Published As
Publication number | Publication date |
---|---|
CN114338508A (zh) | 2022-04-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108574616B (zh) | 一种处理路由的方法、设备及系统 | |
US11128611B2 (en) | Method for determining path computation element and communications device | |
US7978631B1 (en) | Method and apparatus for encoding and mapping of virtual addresses for clusters | |
JP6597802B2 (ja) | マルチグループピアツーピアネットワークにおけるグループ形成制御 | |
CN113261248A (zh) | 安全sd-wan端口信息分发 | |
CN111385165A (zh) | 配置无缝双向转发检测sbfd机制的方法和装置 | |
WO2014047784A1 (zh) | 报文转发路径确定方法及网络设备、控制设备 | |
US9288686B2 (en) | Topology discovery based on SCTP/X2 snooping | |
WO2009000178A1 (fr) | Procédé et système de réseau visant à négocier une capacité de sécurité entre un pcc et un pce | |
TW201134151A (en) | RSVP-TE graceful restart under fast re-route conditions | |
US12009984B2 (en) | Targeted neighbor discovery for border gateway protocol | |
US20210218737A1 (en) | Autoconfiguration of macsec between devices | |
WO2009105983A1 (zh) | 边界网关协议分布式系统中邻居迁移的方法和系统 | |
WO2013152718A1 (zh) | 一种路径计算单元通信协议会话建立方法及装置 | |
WO2015010519A1 (zh) | 拓扑结构发现方法及装置 | |
US20130286890A1 (en) | Method and System for Implementing PW Control Bit Capability Negotiation | |
WO2022068330A1 (zh) | 一种检测路由环路的方法、设备及系统 | |
CN114978975B (zh) | 以太网虚拟私有网络中的bum业务的快速重路由 | |
WO2014183657A1 (zh) | 一种确定下一跳、发布路由信息的方法和装置 | |
WO2021213185A1 (zh) | 一种路由处理方法及设备 | |
US11095514B2 (en) | System and method for propagating anima network objective changes | |
WO2022257773A1 (zh) | 路由检测方法、设备、系统及存储介质 | |
JP7553608B2 (ja) | ソフトウェア定義ワイドエリアネットワーク(sd-wan)のための水平スケーリング | |
JP2005347978A (ja) | 通信システム、通信装置及びその動作制御方法並びにプログラム | |
WO2023221742A1 (zh) | 一种路由选择方法、网络设备及系统 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 21873992 Country of ref document: EP Kind code of ref document: A1 |