WO2022135274A1 - Chip implementation method for routing extension, and chip processing method and apparatus for data packet - Google Patents

Chip implementation method for routing extension, and chip processing method and apparatus for data packet Download PDF

Info

Publication number
WO2022135274A1
WO2022135274A1 PCT/CN2021/138907 CN2021138907W WO2022135274A1 WO 2022135274 A1 WO2022135274 A1 WO 2022135274A1 CN 2021138907 W CN2021138907 W CN 2021138907W WO 2022135274 A1 WO2022135274 A1 WO 2022135274A1
Authority
WO
WIPO (PCT)
Prior art keywords
forwarding
chip
search
route
fdb
Prior art date
Application number
PCT/CN2021/138907
Other languages
French (fr)
Chinese (zh)
Inventor
成伟
王俊杰
Original Assignee
苏州盛科通信股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 苏州盛科通信股份有限公司 filed Critical 苏州盛科通信股份有限公司
Publication of WO2022135274A1 publication Critical patent/WO2022135274A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • H04L45/745Address table lookup; Address filtering
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/02Topology update or discovery
    • H04L45/04Interdomain routing, e.g. hierarchical routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/20Hop count for routing purposes, e.g. TTL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4552Lookup mechanisms between a plurality of directories; Synchronisation of directories, e.g. metadirectories
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]

Definitions

  • the invention relates to a routing expansion technology, in particular to a chip implementation method for routing expansion, a chip processing method and device for data packets.
  • IPDA IP address
  • VXLAN Virtuale Xtensible Local Area Network
  • Internet Protocol the network between the VXLAN (Virtuale Xtensible Local Area Network, virtual extended local area network) network
  • VXLAN Virtuale Xtensible Local Area Network
  • Internet Protocol the network between the VXLAN (Virtuale Xtensible Local Area Network, virtual extended local area network) network
  • interconnecting protocol servers expect to access the same public address (such as 8.8.8.8 or www.163.com). Therefore, in a VXLAN domain, edge devices need to be able to access the external network, but there are a large number of routing entries on the public network, and ordinary switch devices cannot carry hundreds of thousands of routing entries.
  • the key function of the VXLAN border network device is to map the data streams sent by virtual machines on different network segments in the VXLAN domain, corresponding to different VNIs (VXLAN Instances, virtual extended LAN instances) to different VLANs (Virtual Local Area Network, virtual LAN) up. Based on the destination IP of the data packet, the border network device cannot distinguish between the two data streams and perform different forwarding behaviors (for example, adding different VLANs to the data streams sent by servers in different network segments, and forwarding from different egress ports, etc.) .
  • the traditional solution for accessing the public network in a VXLAN domain is to deliver a default policy route on the border network device to match the data traffic accessing the public network. Since the priority of Default PBR (Default Policy Based Routing) policy matching is higher than the default route, but lower than the non-default route (that is, the detailed route), the data flow accessing the public network will first match the default route. It will also match the Default PBR and generate different forwarding behaviors based on the source IP address of the data stream (ie IPSA).
  • IPSA source IP address of the data stream
  • the internal server IP-A of the data center accesses the public network IP-B and the private network server IP-C, and sends the Default PBR entry matching the source IP-A on the gateway device, and the PBR (Policy Based on Routing, the policy-based routing) table entry matching result is to perform the operation of accessing the public network IP-B.
  • a routing table entry matching the destination IP-C is issued on the gateway device, and the matching result of the routing table entry is to perform an operation of accessing the private network IP-C.
  • IP-A server When the IP-A server sends out two data streams: one is the source IP of the data packet from IP-A to IP-B is IP-A, the destination IP is IP-B, and the other is the data from IP-A to IP-C
  • the source IP of the packet is IP-A
  • the destination IP is IP-C.
  • the Key (keyword) sent on the gateway device is the Default PBR entry of IP-A (compared to the PBR policy route, the data flow matching the Default PBR has a lower priority, but higher than the traditional default route, the priority is from high to The lowest order is: PBR>Detailed Routing>Default PBR>Default Routing), therefore, the default PBR entry delivered in the traditional scheme will only match the data packets from server IP-A to public network IP-B, and will not match IP-
  • the data packets from A to IP-C can meet the different requirements of the egress gateway device to provide internal access to the private network server and external access to the public network server.
  • the default PBR default policy routing has a small size of entries in the switch forwarding chip, and even occupies the specifications of the ACL (Access Control List, access control list) TCAM (Ternary Content Addressable Memory, tri-state content addressable memory).
  • ACL Access Control List, access control list
  • TCAM Ternary Content Addressable Memory, tri-state content addressable memory
  • the purpose of the embodiments of the present invention is to overcome the defects of the prior art, and to provide a chip implementation method for routing expansion, and a chip processing method and device for data packets.
  • a chip implementation method for route expansion comprising: adding a bridge forwarding enable field in a route search result, where the bridge forwarding enable field is used to control data packets Whether to enable FDB (Forwarding Data Base, forwarding database) forwarding table entry lookup.
  • FDB Forwarding Data Base, forwarding database
  • the present invention also proposes another technical solution: a chip processing method for data packets based on a chip implementation method for routing expansion, comprising:
  • the chip performs a route search on the received data packet, performs corresponding processing on the packet according to the search result, and obtains a bridge forwarding enable field from the search result;
  • the chip judges whether to search the FDB forwarding table entry for the matched data packet according to the bridge forwarding enable field, if found, the information in the data packet is formed into a search key and the FDB forwarding table entry is searched, if If there is a match, the FDB forwarding next hop processing is performed.
  • the method further includes:
  • the chip parses the received data packet, and obtains packet matching information by parsing, where the packet matching information at least includes a source IP address, a destination IP address, a destination MAC (Media Access Control, media access control layer) address, VLAN information or VNI information.
  • packet matching information at least includes a source IP address, a destination IP address, a destination MAC (Media Access Control, media access control layer) address, VLAN information or VNI information.
  • the S200 includes:
  • S201 Use the destination IP address of the data packet as a route search key, and perform a route search. If the search result matches the detailed route, execute the forwarding next hop processing of the detailed route, and if the search result matches the default route, enter S202;
  • step S202 perform the forwarding next hop processing of the default route on the data packet, and carry the bridge forwarding enable field in the route search result to step S300 for processing.
  • step S300 if the value of the bridge forwarding enable field is 1, it means that the data packet needs to perform the search of the FDB forwarding entry; if the value of the bridge forwarding enable field is 0, it means that the data packet does not execute the search. Lookup of FDB forwarding table entries.
  • step S300 if it is determined according to the bridging forwarding enable field that it is necessary to search the FDB forwarding entry for the data message, then a search keyword is formed according to the destination MAC address and VLAN information or VNI information of the message, and Find FDB forwarding entries.
  • the method further includes:
  • the chip performs a default policy routing lookup on the data packet, and if there is a match, performs forwarding next hop processing on the packet according to the policy routing lookup result.
  • the packet is forwarded to the next hop according to the default route lookup result; if the FDB forwarding entry lookup matches or does not match, and the default policy route lookup If there is a match, the packet is forwarded to the next hop based on the default policy routing result.
  • a chip processing device for data packets comprising:
  • the route lookup module is used to perform route lookup on the received data message, perform corresponding processing on the message according to the lookup result, and obtain the bridge forwarding enable field from the lookup result;
  • the FDB table entry search module is configured to judge whether to search the FDB forwarding table entry for the matched data packet according to the bridge forwarding enable field, and if so, form the information in the data packet into a search keyword and search for the FDB Forwarding entry, if it matches, execute FDB forwarding next hop processing.
  • the device further comprises:
  • the default policy route lookup module is used to perform a default policy route lookup on the data packet after the FDB entry lookup module finds no match. If it matches, the packet is forwarded to the next hop based on the policy route lookup result.
  • the device further comprises:
  • the packet parsing module is used for parsing the received data packet, and parsing to obtain packet matching information, where the packet matching information at least includes source IP address, destination IP address, destination MAC address, VLAN information or VNI information.
  • Layer bridging FDB forwarding entry search can greatly simplify the chip design and switch software implementation of this routing expansion technology, reduce the impact of software and hardware upgrades on existing network equipment, and reduce the difficulty of deployment.
  • the embodiment of the present invention not only solves the problem that the VXLAN domain egress gateway simultaneously provides the virtual machine to access the external network and the private network server, but also avoids the consumption of the Default PBR entry by the traditional solution, and reduces the pressure on the device entry and capability, The difficulty of system and chip design is improved, which is beneficial to actual deployment.
  • Fig. 1 is a schematic diagram of the principle of access between an existing public network server and a private network server;
  • FIG. 2 is a schematic diagram of the principle of access between a public network server and a private network server according to an embodiment of the present invention
  • FIG. 3 and FIG. 4 are schematic flowcharts of a chip processing method for a data packet according to an embodiment of the present invention
  • FIG. 5 is a structural block diagram of a chip processing apparatus for a data packet according to an embodiment of the present invention.
  • a chip implementation method for routing expansion, and a chip processing method and device for data packets disclosed in the embodiments of the present invention enable bridging FDB forwarding table entry lookup through routing expansion technology, instead of using traditional default policy routing (Default Policy Routing).
  • PBR policy routing
  • egress gateways one is to solve the problem that the VXLAN domain egress gateway provides virtual machines to access the external network and private network servers at the same time, and the other is to avoid the consumption of Default PBR entries by traditional solutions and reduce the device list. It increases the difficulty of system and chip design, reduces the difficulty of actual deployment and reduces the difficulty of operation and maintenance.
  • a chip implementation method for route expansion disclosed in an embodiment of the present invention is expanded based on a route forwarding technology, focusing on extending support for unicast routing and default routing respectively.
  • the applications of the solutions in the embodiments of the present invention are mainly oriented to scenarios such as data centers and enterprise networks. In these scenarios, there are few applications of multicast routing. Therefore, it focuses on extending support for unicast routing and multicast routing.
  • a control switch for searching the Layer 2 bridging and forwarding entry is added to the search result of the unicast routing and forwarding entry.
  • the bridge-forwarding enable field (such as Represented as forcebridge field), which is used to control whether the data packet of the routing table entry in the match is enabled to find the Layer 2 (L2) bridging FDB forwarding table entry. Forwarding processing is performed at the forwarding next hop; if the search result of the FDB forwarding table entry is a miss, forwarding processing is performed according to the forwarding next hop searched by the routing table entry.
  • each network segment corresponding to server IP-A and IP-B will be assigned to different VNI domains, and each network segment will be assigned a virtual gateway for routing and forwarding processing, and each network segment will be assigned a corresponding virtual gateway for routing and forwarding processing.
  • the MAC address of each virtual gateway is unique.
  • the bridge forwarding enable field is 1, according to the destination MAC address (MACDA) and FID (a Layer 2 bridge forwarding instance, which can be mapped by VLAN, VXLAN VNI), in the VLAN forwarding scenario, the FID is used as the Mapping value, in the VXLAN forwarding scenario, the FID is used as the mapping value of the VNI; therefore, if it is a VLAN network, the key (Key) is searched according to the MACDA and VLAN group and the FDB table entry is searched; if it is a VXLAN network, it will be based on the VXLAN network.
  • MACDA destination MAC address
  • FID a Layer 2 bridge forwarding instance, which can be mapped by VLAN, VXLAN VNI
  • VNI virtual extended local area network instance
  • Deploying the above routing expansion technology on the data center egress gateway device can satisfy the normal access between the private network server and the public network server.
  • the internal server IP-A of the data center accesses the public network server IP-B and the private network server IP-C, and sends an FDB forwarding entry enabling the default route bridging forwarding lookup on the gateway device.
  • the matching result of the FDB forwarding table entry is to perform the operation of accessing the public network IP-B.
  • a routing table entry matching the destination IP-C is issued on the gateway device, and the matching result of the routing table entry is to perform an operation of accessing the private network IP-C.
  • IP-A server When the IP-A server sends out two data streams: one is the source IP of the data packet from IP-A to IP-B is IP-A, the destination IP is IP-B, and the other is the data from IP-A to IP-C
  • the source IP of the packet is IP-A
  • the destination IP is IP-C.
  • data packets from server IP-A to server IP-B can only match FDB forwarding entries, and data packets from server IP-A to server IP-C can only match routing entries. Normal access between IP-A and private network server IP-C and between server IP-A and public network server IP-B.
  • the route expansion technology is used to enable the bridging FDB forwarding table entry search.
  • the mature and perfect traditional Layer 2 forwarding technology is reused.
  • the size of the FDB table entry is larger than that of the Default PBR, which puts less pressure on equipment costs. . Therefore, the embodiment of the present invention not only solves the problem that the VXLAN domain egress gateway simultaneously provides the virtual machine to access the external network and the private network server, but also avoids the consumption of the Default PBR entry by the traditional solution, and reduces the pressure on the device entry and capability, The difficulty of system and chip design is improved, which is beneficial to actual deployment.
  • the specific processing method of the data packet by the network chip designed based on the above routing expansion technology the key is to add a judgment on whether the forcebridge field is enabled in the chip pipeline, that is, whether the forcebridge field is 1. It is judged that if the forcebridge field in the forwarding information carried by the packet is 1, it means that the FDB entry lookup process needs to be performed on the packet.
  • the chip parses the received data packet, and obtains packet matching information by parsing.
  • the chip when it receives a data packet, it first performs packet parsing processing on the data packet, and parses to obtain packet matching information.
  • the packet matching information includes source MAC address (MACSA), destination MAC address (MACDA), and source IP address. , destination IP address, L4 source port number, L4 destination port number, VLAN or VNI (if it is a VXLAN network, the VNI is obtained by parsing, and if it is a VLAN network, the VLAN ID is obtained by parsing) and other information, and the packet matching information obtained by parsing is carried into the subsequent processing flow.
  • MACSA source MAC address
  • MACDA destination MAC address
  • source IP address destination IP address
  • L4 source port number L4 destination port number
  • VLAN or VNI if it is a VXLAN network, the VNI is obtained by parsing, and if it is a VLAN network, the VLAN ID is obtained by parsing
  • other information if it is a VXLAN network, the V
  • the chip performs a route search on the received data packet, performs corresponding processing on the packet according to the search result, and obtains a bridge forwarding enable field from the search result.
  • the chip uses the parsed destination IP address as a route search key to search for a route forwarding entry. If the result of the search matches the detailed route, the forwarding next hop processing of the detailed route is performed, and the subsequent default route, FDB forwarding entry, Default PBR entry, etc. are not matched; if the detailed route does not match, the default route is continued. When the route is matched, if the result of the search is to hit the default route, the forwarding next hop processing of the default route is performed, and the forcebridge field in the route search result is sent to step S300.
  • the chip judges whether to search the FDB forwarding table entry for the matched data packet according to the bridge forwarding enable field. If the search is made, the information in the data packet is formed into a search keyword and searches for the FDB forwarding table entry. Then perform FDB forwarding next hop processing.
  • a search keyword is formed according to the destination MAC address and information such as VLAN (VLAN network) or VNI (VXLAN network), and the FDB forwarding entry is searched. If the result of the search is a hit, the FDB forwarding next hop processing is performed.
  • the chip supports the default policy routing search and matching function, after the FDB forwarding table entry is searched for matching, regardless of whether the matching result is a hit or a miss, the process continues to step S400; if the chip does not support the default policy routing search and matching function, the direct Executes FDB forwarding next-hop processing, that is, does not perform subsequent processes such as default policy routing search and matching.
  • the chip performs a policy routing lookup on the data packet, and if there is a match, performs forwarding next hop processing on the packet according to the policy routing lookup result.
  • the chip performs a default policy routing lookup on the data packet. If it matches, because the default policy routing lookup has the highest matching priority, the packet is forwarded to the next hop according to the policy routing lookup result. If it does not match and the FDB forwarding table entry search in step S300 does not match, the packet is forwarded to the next hop according to the default route search result. If there is no match and the FDB forwarding table entry search in step S300 matches, the packet is forwarded to the next hop according to the FDB forwarding table entry search result.
  • next hop processing is directly forwarded according to the detailed route; if the detailed route does not match, the default route matches or does not match, and the FDB forwarding table entry matches or does not match and Default PBR table If there is no match between the detailed route and the Default PBR entry, the default route matches or does not match, and the FDB forwarding entry matches, and the FDB forwarding entry is preferred for forwarding.
  • Next-hop processing if the detailed route and the Default PBR entry do not match, the default route matches, and the FDB forwarding entry does not match, the next-hop processing is forwarded according to the default route.
  • the relationship between the detailed route, Default PBR, FDB forwarding entry and the matching priority of the default route is: the default route search priority of the route search ⁇ the search priority of the default policy route ⁇ the lookup of the FDB forwarding entry Priority ⁇ Detailed route lookup priority of route lookup.
  • a chip processing apparatus for data packets disclosed in an embodiment of the present invention includes:
  • the packet parsing module is used to parse the received data packet, and obtain packet matching information through parsing.
  • the route lookup module is used to perform route lookup on the received data message, perform corresponding processing on the message according to the lookup result, and obtain the bridge forwarding enable field from the lookup result.
  • the FDB table entry search module is configured to judge whether to search the FDB forwarding table entry for the matched data packet according to the bridge forwarding enable field, and if so, form the information in the data packet into a search keyword and search for the FDB Forwarding entry, if it matches, execute FDB forwarding next hop processing.
  • the chip processing apparatus for a data packet disclosed in the embodiment of the present invention further includes:
  • the default policy route lookup module is used to perform a default policy route lookup on the data packet after the FDB entry lookup module finds no match. If it matches, the packet is forwarded to the next hop based on the policy route lookup result.

Abstract

Disclosed are a chip implementation method for routing extension, and a chip processing method and apparatus for a data packet. The chip implementation method comprises: adding a bridging forwarding enable field in a routing lookup result, wherein the bridging forwarding enable field is used for controlling whether a data packet enables the lookup of an FDB forwarding table entry. In the embodiments of the present invention, bridging FDB forwarding table entry lookup is enabled by means of routing expansion technology, such that the problem of a VXLAN domain breakout gateway providing a virtual machine access to both an external network and a private network server is solved, and the consumption of a Default PBR table entry is also avoided.

Description

一种路由扩展的芯片实现方法、数据报文的芯片处理方法及装置A chip implementation method for routing expansion, and a chip processing method and device for data packets
本发明要求于2020年12月22日提交中国专利局、申请号为2020115258666、发明名称“一种路由扩展的芯片实现方法、数据报文的芯片处理方法及装置”的中国专利申请的优先权,其全部内容通过引用结合在本发明中。The present invention requires the priority of the Chinese patent application filed with the Chinese Patent Office on December 22, 2020, the application number is 2020115258666, and the invention title is "a chip implementation method for routing expansion, a chip processing method and device for data packets", Its entire contents are incorporated herein by reference.
技术领域technical field
本发明涉及一种路由扩展技术,尤其是涉及一种路由扩展的芯片实现方法、数据报文的芯片处理方法及装置。The invention relates to a routing expansion technology, in particular to a chip implementation method for routing expansion, a chip processing method and device for data packets.
背景技术Background technique
传统的路由技术是基于目的IP地址(即IPDA)来转发,但如果是通过目的IPDA地址,对于VXLAN(Virtuale Xtensible Local Area Network,虚拟扩展局域网)网络内的不同网段IP(Internet Protocol,网络之间互连的协议)的服务器期望都访问相同的公网地址(比如8.8.8.8或www.163.com)。因此,在VXLAN域中,对于边界设备需要具备访问外网的能力,但公网的路由条目数量众多,在普通的交换机设备,无法承载几十万条的路由表项。而该VXLAN边界网络设备的关键功能是将VXLAN域内的不同网段的虚拟机发送的数据流,对应不同的VNI(VXLAN Instance,虚拟扩展局域网实例)映射到不同的VLAN(Virtual Local Area Network,虚拟局域网)上去。边界网络设备基于数据报文的目的IP就无法区分这两个数据流执行不同的转发行为(比如:对于不同网段服务器发出的数据流加上不同的VLAN,以及从不同的出端口转发等)。The traditional routing technology is based on the destination IP address (ie IPDA) to forward, but if it is through the destination IPDA address, for the different network segment IP (Internet Protocol, the network between the VXLAN (Virtuale Xtensible Local Area Network, virtual extended local area network) network). (interconnecting protocol) servers expect to access the same public address (such as 8.8.8.8 or www.163.com). Therefore, in a VXLAN domain, edge devices need to be able to access the external network, but there are a large number of routing entries on the public network, and ordinary switch devices cannot carry hundreds of thousands of routing entries. The key function of the VXLAN border network device is to map the data streams sent by virtual machines on different network segments in the VXLAN domain, corresponding to different VNIs (VXLAN Instances, virtual extended LAN instances) to different VLANs (Virtual Local Area Network, virtual LAN) up. Based on the destination IP of the data packet, the border network device cannot distinguish between the two data streams and perform different forwarding behaviors (for example, adding different VLANs to the data streams sent by servers in different network segments, and forwarding from different egress ports, etc.) .
为了解决这个问题,传统的VXLAN域访问公网的方案,是在边界网络设备上,下发默认策略路由来匹配访问公网的数据流量。由于Default PBR(Default Policy Based Routing,默认策略路由)策略匹配的优先级是高 于默认路由,但低于非默认路由(即明细路由),因此,访问公网的数据流会先匹配默认路由,还会匹配Default PBR,并基于数据流的源IP地址(即IPSA)来出不同的转发行为。To solve this problem, the traditional solution for accessing the public network in a VXLAN domain is to deliver a default policy route on the border network device to match the data traffic accessing the public network. Since the priority of Default PBR (Default Policy Based Routing) policy matching is higher than the default route, but lower than the non-default route (that is, the detailed route), the data flow accessing the public network will first match the default route. It will also match the Default PBR and generate different forwarding behaviors based on the source IP address of the data stream (ie IPSA).
如图1所示,在数据中心内部服务器IP-A访问公网IP-B和私网服务器IP-C,在该网关设备上下发匹配源IP-A的Default PBR表项,且该PBR(Policy Based Routing,策略路由)表项匹配结果是执行访问公网IP-B的操作。在该网关设备上下发匹配目的IP-C的路由表项,且该路由表项匹配结果是执行访问私网IP-C的操作。当IP-A服务器发出两种数据流:一是IP-A到IP-B的数据报文的源IP为IP-A,目的IP为IP-B,二是IP-A到IP-C的数据报文的源IP为IP-A,目的IP为IP-C。在网关设备上下发的Key(关键字)为IP-A的Default PBR表项(相对于PBR策略路由,数据流匹配Default PBR优先级更低,但高于传统的默认路由,优先级从高到低的排序是:PBR>明细路由>Default PBR>默认路由),因此,传统方案下发Default PBR表项只会匹配服务器IP-A到公网IP-B的数据报文,不会匹配IP-A到IP-C的数据报文,能够满足出口网关设备的提供对内访问私网服务器和对外访问公网服务器的不同需求。As shown in Figure 1, the internal server IP-A of the data center accesses the public network IP-B and the private network server IP-C, and sends the Default PBR entry matching the source IP-A on the gateway device, and the PBR (Policy Based on Routing, the policy-based routing) table entry matching result is to perform the operation of accessing the public network IP-B. A routing table entry matching the destination IP-C is issued on the gateway device, and the matching result of the routing table entry is to perform an operation of accessing the private network IP-C. When the IP-A server sends out two data streams: one is the source IP of the data packet from IP-A to IP-B is IP-A, the destination IP is IP-B, and the other is the data from IP-A to IP-C The source IP of the packet is IP-A, and the destination IP is IP-C. The Key (keyword) sent on the gateway device is the Default PBR entry of IP-A (compared to the PBR policy route, the data flow matching the Default PBR has a lower priority, but higher than the traditional default route, the priority is from high to The lowest order is: PBR>Detailed Routing>Default PBR>Default Routing), therefore, the default PBR entry delivered in the traditional scheme will only match the data packets from server IP-A to public network IP-B, and will not match IP- The data packets from A to IP-C can meet the different requirements of the egress gateway device to provide internal access to the private network server and external access to the public network server.
但是,Default PBR默认策略路由在交换机转发芯片中表项规格很小,甚至还会占用ACL(Access Control List,访问控制列表)TCAM(Ternary Content Addressable Memory,三态内容寻址存储器)的规格。而且一些功能较弱的交换机上,有的甚至不支持该Default PBR功能,导致Default PBR方案在部署中存在适用范围受限。However, the default PBR default policy routing has a small size of entries in the switch forwarding chip, and even occupies the specifications of the ACL (Access Control List, access control list) TCAM (Ternary Content Addressable Memory, tri-state content addressable memory). Moreover, some switches with weaker functions do not even support the Default PBR function, resulting in a limited scope of application of the Default PBR solution in deployment.
发明内容SUMMARY OF THE INVENTION
本发明实施例的目的在于克服现有技术的缺陷,提供一种路由扩展的芯片实现方法、数据报文的芯片处理方法及装置。The purpose of the embodiments of the present invention is to overcome the defects of the prior art, and to provide a chip implementation method for routing expansion, and a chip processing method and device for data packets.
为实现上述目的,本发明实施例提出如下技术方案:一种路由扩展的芯片实现方法,包括:在路由查找结果中增加桥接转发使能字段,所述桥 接转发使能字段用于控制数据报文是否使能FDB(Forwarding Data Base,转发数据库)转发表项的查找。In order to achieve the above object, the embodiment of the present invention proposes the following technical solution: a chip implementation method for route expansion, comprising: adding a bridge forwarding enable field in a route search result, where the bridge forwarding enable field is used to control data packets Whether to enable FDB (Forwarding Data Base, forwarding database) forwarding table entry lookup.
本发明还提出另外一种技术方案:一种基于路由扩展的芯片实现方法的数据报文的芯片处理方法,包括:The present invention also proposes another technical solution: a chip processing method for data packets based on a chip implementation method for routing expansion, comprising:
S200,芯片对接收到的数据报文进行路由查找,根据查找结果对报文进行相应的处理,并由查找结果得到桥接转发使能字段;S200, the chip performs a route search on the received data packet, performs corresponding processing on the packet according to the search result, and obtains a bridge forwarding enable field from the search result;
S300,芯片根据所述桥接转发使能字段判断是否对匹配的数据报文执行FDB转发表项的查找,若查找,则将数据报文中的信息组成查找关键字并查找FDB转发表项,若匹配,则执行FDB转发下一跳处理。S300, the chip judges whether to search the FDB forwarding table entry for the matched data packet according to the bridge forwarding enable field, if found, the information in the data packet is formed into a search key and the FDB forwarding table entry is searched, if If there is a match, the FDB forwarding next hop processing is performed.
优选地,在步骤S200之前,所述方法还包括:Preferably, before step S200, the method further includes:
S100,芯片对接收到的数据报文进行解析,解析得到报文匹配信息,所述报文匹配信息至少包括源IP地址、目的IP地址、目的MAC(Media Access Control,介质访问控制层)地址、VLAN信息或VNI信息。S100, the chip parses the received data packet, and obtains packet matching information by parsing, where the packet matching information at least includes a source IP address, a destination IP address, a destination MAC (Media Access Control, media access control layer) address, VLAN information or VNI information.
优选地,所述S200包括:Preferably, the S200 includes:
S201,将数据报文的目的IP地址作为路由查找关键字,并进行路由查找,若查找结果是匹配明细路由,则执行明细路由的转发下一跳处理,若查找结果是匹配默认路由,则进入S202;S201: Use the destination IP address of the data packet as a route search key, and perform a route search. If the search result matches the detailed route, execute the forwarding next hop processing of the detailed route, and if the search result matches the default route, enter S202;
S202,将数据报文执行默认路由的转发下一跳处理,并将路由查找结果中的桥接转发使能字段携带到步骤S300中处理。S202, perform the forwarding next hop processing of the default route on the data packet, and carry the bridge forwarding enable field in the route search result to step S300 for processing.
优选地,步骤S300中,若桥接转发使能字段的值为1,则表示数据报文需要执行FDB转发表项的查找,若桥接转发使能字段的值为0,则表示数据报文不执行FDB转发表项的查找。Preferably, in step S300, if the value of the bridge forwarding enable field is 1, it means that the data packet needs to perform the search of the FDB forwarding entry; if the value of the bridge forwarding enable field is 0, it means that the data packet does not execute the search. Lookup of FDB forwarding table entries.
优选地,步骤S300中,若根据所述桥接转发使能字段判断需要对数据报文执行FDB转发表项的查找,则根据报文的目的MAC地址及VLAN信息或VNI信息组成查找关键字,并查找FDB转发表项。Preferably, in step S300, if it is determined according to the bridging forwarding enable field that it is necessary to search the FDB forwarding entry for the data message, then a search keyword is formed according to the destination MAC address and VLAN information or VNI information of the message, and Find FDB forwarding entries.
优选地,所述方法还包括:Preferably, the method further includes:
S400,芯片对数据报文进行默认策略路由查找,若匹配,则根据策略路由查找结果对报文进行转发下一跳处理。S400, the chip performs a default policy routing lookup on the data packet, and if there is a match, performs forwarding next hop processing on the packet according to the policy routing lookup result.
优选地,若FDB转发表项查找和默认策略路由查找均未匹配,则根据默认路由查找结果对报文进行转发下一跳处理;若FDB转发表项查找匹配或不匹配,且默认策略路由查找匹配,则根据默认策略路由查找结果对报文进行转发下一跳处理。Preferably, if there is no match between the FDB forwarding entry lookup and the default policy route lookup, the packet is forwarded to the next hop according to the default route lookup result; if the FDB forwarding entry lookup matches or does not match, and the default policy route lookup If there is a match, the packet is forwarded to the next hop based on the default policy routing result.
本发明还提出另外一种技术方案:一种数据报文的芯片处理装置,包括:The present invention also proposes another technical solution: a chip processing device for data packets, comprising:
路由查找模块,用于对接收到的数据报文进行路由查找,根据查找结果对报文进行相应的处理,并由查找结果得到桥接转发使能字段;The route lookup module is used to perform route lookup on the received data message, perform corresponding processing on the message according to the lookup result, and obtain the bridge forwarding enable field from the lookup result;
FDB表项查找模块,用于根据所述桥接转发使能字段判断是否对匹配的数据报文执行FDB转发表项的查找,若查找,则将数据报文中的信息组成查找关键字并查找FDB转发表项,若匹配,则执行FDB转发下一跳处理。The FDB table entry search module is configured to judge whether to search the FDB forwarding table entry for the matched data packet according to the bridge forwarding enable field, and if so, form the information in the data packet into a search keyword and search for the FDB Forwarding entry, if it matches, execute FDB forwarding next hop processing.
优选地,所述装置还包括:Preferably, the device further comprises:
默认策略路由查找模块,用于在FDB表项查找模块查找不匹配后,对数据报文进行默认策略路由查找,若匹配,则根据策略路由查找结果对报文进行转发下一跳处理。The default policy route lookup module is used to perform a default policy route lookup on the data packet after the FDB entry lookup module finds no match. If it matches, the packet is forwarded to the next hop based on the policy route lookup result.
优选地,所述装置还包括:Preferably, the device further comprises:
报文解析模块,用于对接收到的数据报文进行解析,解析得到报文匹配信息,所述报文匹配信息至少包括源IP地址、目的IP地址、目的MAC地址、VLAN信息或VNI信息。The packet parsing module is used for parsing the received data packet, and parsing to obtain packet matching information, where the packet matching information at least includes source IP address, destination IP address, destination MAC address, VLAN information or VNI information.
本发明实施例的有益效果是:The beneficial effects of the embodiments of the present invention are:
1、本发明实施例通过复用传统路由技术,在路由转发表项的查找结果中增加对二层桥接转发表项查找的控制字段,来控制匹配中该路由表项的报文是否使能二层桥接FDB转发表项的查找,能够极大简化该路由扩展技术的芯片设计实现与交换机软件实现,降低对现网设备的软硬件升级的影响,降低部署的难度。1. In this embodiment of the present invention, by multiplexing the traditional routing technology, a control field for searching the Layer 2 bridging and forwarding entry is added to the search result of the routing and forwarding entry, so as to control whether the message of the routing entry in the matching is enabled or not. Layer bridging FDB forwarding entry search can greatly simplify the chip design and switch software implementation of this routing expansion technology, reduce the impact of software and hardware upgrades on existing network equipment, and reduce the difficulty of deployment.
2、本发明实施例不仅解决VXLAN域出口网关同时提供虚拟机访问外网和访问私网服务器的问题,还避免传统解决方案对Default PBR表项的消耗,降低了设备表项和能力的压力,提高了系统和芯片设计方案的难度,有利于实际部署。2. The embodiment of the present invention not only solves the problem that the VXLAN domain egress gateway simultaneously provides the virtual machine to access the external network and the private network server, but also avoids the consumption of the Default PBR entry by the traditional solution, and reduces the pressure on the device entry and capability, The difficulty of system and chip design is improved, which is beneficial to actual deployment.
附图说明Description of drawings
图1是现有公网服务器和私网服务器之间访问的原理示意图;Fig. 1 is a schematic diagram of the principle of access between an existing public network server and a private network server;
图2是本发明实施例公网服务器和私网服务器之间访问的原理示意图;2 is a schematic diagram of the principle of access between a public network server and a private network server according to an embodiment of the present invention;
图3、图4均是本发明实施例数据报文的芯片处理方法的流程示意图;FIG. 3 and FIG. 4 are schematic flowcharts of a chip processing method for a data packet according to an embodiment of the present invention;
图5是本发明实施例数据报文的芯片处理装置的结构框图。FIG. 5 is a structural block diagram of a chip processing apparatus for a data packet according to an embodiment of the present invention.
具体实施方式Detailed ways
下面将结合本发明实施例的附图,对本发明实施例的技术方案进行清楚、完整的描述。The technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings of the embodiments of the present invention.
本发明实施例所揭示的一种路由扩展的芯片实现方法、数据报文的芯片处理方法及装置,通过路由扩展技术来使能桥接FDB转发表项查找,而不是采用传统的默认策略路由(Default PBR)技术来满足出口网关的需求,一是解决VXLAN域出口网关同时提供虚拟机访问外网和访问私网服务器的问题,二是避免传统解决方案对Default PBR表项的消耗,降低了设备表项和能力的压力,且提高了系统和芯片设计方案的难度,降低了实际部署并降低运维实施的难度。A chip implementation method for routing expansion, and a chip processing method and device for data packets disclosed in the embodiments of the present invention enable bridging FDB forwarding table entry lookup through routing expansion technology, instead of using traditional default policy routing (Default Policy Routing). PBR) technology to meet the needs of egress gateways, one is to solve the problem that the VXLAN domain egress gateway provides virtual machines to access the external network and private network servers at the same time, and the other is to avoid the consumption of Default PBR entries by traditional solutions and reduce the device list. It increases the difficulty of system and chip design, reduces the difficulty of actual deployment and reduces the difficulty of operation and maintenance.
结合图2~图4所示,本发明实施例所揭示的一种路由扩展的芯片实现方法,通过基于路由转发技术进行扩展,重点是对单播路由和默认路由分别进行扩展支持。本发明实施例的方案的应用主要面向数据中心和企业网等场景,这些场景下组播路由应用少,因此,重点对单播路由和组播路由来扩展支持。With reference to FIGS. 2 to 4 , a chip implementation method for route expansion disclosed in an embodiment of the present invention is expanded based on a route forwarding technology, focusing on extending support for unicast routing and default routing respectively. The applications of the solutions in the embodiments of the present invention are mainly oriented to scenarios such as data centers and enterprise networks. In these scenarios, there are few applications of multicast routing. Therefore, it focuses on extending support for unicast routing and multicast routing.
具体是在单播路由转发表项的查找结果中增加对二层桥接转发表项查找的控制开关,本实施例中,是通过在路由转发表项的查找结果中增加桥接转发使能字段(如表示为forcebridge字段),用于控制匹配中该路由表项的数据报文是否使能二层(L2)桥接FDB转发表项的查找,如果FDB转发表项的查找结果为命中,就优先按照FDB转发下一跳执行转发处理;如果FDB转发表项的查找结果为未命中,就按照路由表项查找的转发下一跳执行转发处理。Specifically, a control switch for searching the Layer 2 bridging and forwarding entry is added to the search result of the unicast routing and forwarding entry. In this embodiment, the bridge-forwarding enable field (such as Represented as forcebridge field), which is used to control whether the data packet of the routing table entry in the match is enabled to find the Layer 2 (L2) bridging FDB forwarding table entry. Forwarding processing is performed at the forwarding next hop; if the search result of the FDB forwarding table entry is a miss, forwarding processing is performed according to the forwarding next hop searched by the routing table entry.
考虑到在实际部署的VXLAN现网中,服务器IP-A,IP-B对应的网段会分配到不同的VNI域,且每个网段会对应分配一个虚拟网关用于路由转发处理,以及每个虚拟网关的MAC地址都是唯一的。本实施例中,若桥接转发使能字段为1,就会根据目的MAC地址(MACDA)和FID(二层桥接转发实例,可由VLAN,VXLAN VNI映射),在VLAN转发场景下,FID作为VLAN的映射值,在VXLAN转发场景下,FID作为VNI的映射值;所以,若是VLAN网络,则根据MACDA和VLAN组查找关键字(Key)并查找FDB表项;如果是VXLAN网络,就会根据VXLAN内层报文的MACDA和虚拟扩展局域网实例(VNI)组Key并查找FDB转发表项,并根据FDB转发表项的查找结果进行转发,执行多种转发行为,如从相应的出端口转发、插入不同的VLAN等行为。Considering that in the actual deployed VXLAN network, the network segments corresponding to server IP-A and IP-B will be assigned to different VNI domains, and each network segment will be assigned a virtual gateway for routing and forwarding processing, and each network segment will be assigned a corresponding virtual gateway for routing and forwarding processing. The MAC address of each virtual gateway is unique. In this embodiment, if the bridge forwarding enable field is 1, according to the destination MAC address (MACDA) and FID (a Layer 2 bridge forwarding instance, which can be mapped by VLAN, VXLAN VNI), in the VLAN forwarding scenario, the FID is used as the Mapping value, in the VXLAN forwarding scenario, the FID is used as the mapping value of the VNI; therefore, if it is a VLAN network, the key (Key) is searched according to the MACDA and VLAN group and the FDB table entry is searched; if it is a VXLAN network, it will be based on the VXLAN network. MACDA and virtual extended local area network instance (VNI) group key of layer packets and look up FDB forwarding entries, and forward according to the search results of FDB forwarding entries, perform a variety of forwarding behaviors, such as forwarding from the corresponding egress port, inserting different VLAN and other behaviors.
本方案不需要重新单独设计芯片功能模块,只需要在原有的单播路由查找结果中增加forcebridge字段即可,能够极大简化该路由扩展技术的芯片设计实现与交换机软件实现,降低对现网设备的软硬件升级的影响,降低部署的难度。This solution does not need to redesign the chip function module separately, but only needs to add the forcebridge field to the original unicast routing search result, which can greatly simplify the chip design and switch software implementation of this routing expansion technology, reducing the need for existing network equipment. The impact of software and hardware upgrades will reduce the difficulty of deployment.
将上述路由扩展技术部署在数据中心出口网关设备上,能够满足私网服务器与公网服务器之间的正常访问。Deploying the above routing expansion technology on the data center egress gateway device can satisfy the normal access between the private network server and the public network server.
如图2所示,在数据中心内部服务器IP-A访问公网服务器IP-B和私网服务器IP-C,在该网关设备上下发使能默认路由桥接转发查找的FDB转发表项,且该FDB转发表项匹配结果是执行访问公网IP-B的操作。在该网关设备上下发匹配目的IP-C的路由表项,且该路由表项匹配结果是执行访问私网IP-C的操作。当IP-A服务器发出两种数据流:一是IP-A到IP-B的数据报文的源IP为IP-A,目的IP为IP-B,二是IP-A到IP-C的数据报文的源IP为IP-A,目的IP为IP-C。As shown in Figure 2, the internal server IP-A of the data center accesses the public network server IP-B and the private network server IP-C, and sends an FDB forwarding entry enabling the default route bridging forwarding lookup on the gateway device. The matching result of the FDB forwarding table entry is to perform the operation of accessing the public network IP-B. A routing table entry matching the destination IP-C is issued on the gateway device, and the matching result of the routing table entry is to perform an operation of accessing the private network IP-C. When the IP-A server sends out two data streams: one is the source IP of the data packet from IP-A to IP-B is IP-A, the destination IP is IP-B, and the other is the data from IP-A to IP-C The source IP of the packet is IP-A, and the destination IP is IP-C.
在该出口网关设备上,服务器IP-A到服务器IP-B的数据报文只会匹配FDB转发表项,服务器IP-A到服务器IP-C的数据报文只会路由表项,从而满足服务器IP-A与私网服务器IP-C之间及服务器IP-A与公网服务器IP-B之间的正常访问。On the egress gateway device, data packets from server IP-A to server IP-B can only match FDB forwarding entries, and data packets from server IP-A to server IP-C can only match routing entries. Normal access between IP-A and private network server IP-C and between server IP-A and public network server IP-B.
本发明实施例通过路由扩展技术来使能桥接FDB转发表项查找,一是复用成熟完善的传统二层转发技术,二是FDB表项大小相对于Default PBR更大,对设备成本压力更小。因此,本发明实施例不仅解决VXLAN域出口网关同时提供虚拟机访问外网和访问私网服务器的问题,还避免传统解决方案对Default PBR表项的消耗,降低了设备表项和能力的压力,提高了系统和芯片设计方案的难度,有利于实际部署。In this embodiment of the present invention, the route expansion technology is used to enable the bridging FDB forwarding table entry search. First, the mature and perfect traditional Layer 2 forwarding technology is reused. Second, the size of the FDB table entry is larger than that of the Default PBR, which puts less pressure on equipment costs. . Therefore, the embodiment of the present invention not only solves the problem that the VXLAN domain egress gateway simultaneously provides the virtual machine to access the external network and the private network server, but also avoids the consumption of the Default PBR entry by the traditional solution, and reduces the pressure on the device entry and capability, The difficulty of system and chip design is improved, which is beneficial to actual deployment.
结合图3和图4所示,基于上述路由扩展技术设计的网络芯片对数据报文的具体处理方法,关键在于在芯片流水线中增加对forcebridge字段是否使能的判断,即forcebridge字段是否为1的判断,若报文所携带的转发信息中forcebridge字段为1,表示需要对该报文执行FDB表项查找处理。As shown in Figure 3 and Figure 4, the specific processing method of the data packet by the network chip designed based on the above routing expansion technology, the key is to add a judgment on whether the forcebridge field is enabled in the chip pipeline, that is, whether the forcebridge field is 1. It is judged that if the forcebridge field in the forwarding information carried by the packet is 1, it means that the FDB entry lookup process needs to be performed on the packet.
本发明实施例所揭示的网络芯片对数据报文的具体处理过程,包括以下步骤:The specific processing process of the data packet by the network chip disclosed in the embodiment of the present invention includes the following steps:
S100,芯片对接收到的数据报文进行解析,解析得到报文匹配信息。S100, the chip parses the received data packet, and obtains packet matching information by parsing.
具体地,芯片接收到数据报文,首先对数据报文进行报文解析处理,解析得到报文匹配信息,报文匹配信息包括源MAC地址(MACSA)、目的MAC地址(MACDA)、源IP地址,目的IP地址、L4源端口号,L4目的端口号,VLAN或者VNI(若是VXLAN网络就解析得到VNI,若是VLAN网络,就解析得到VLAN ID)等信息,并将解析获取的报文匹配信息携带到后续的处理流程中。Specifically, when the chip receives a data packet, it first performs packet parsing processing on the data packet, and parses to obtain packet matching information. The packet matching information includes source MAC address (MACSA), destination MAC address (MACDA), and source IP address. , destination IP address, L4 source port number, L4 destination port number, VLAN or VNI (if it is a VXLAN network, the VNI is obtained by parsing, and if it is a VLAN network, the VLAN ID is obtained by parsing) and other information, and the packet matching information obtained by parsing is carried into the subsequent processing flow.
S200,芯片对接收到的数据报文进行路由查找,根据查找结果对报文进行相应的处理,并由查找结果得到桥接转发使能字段。S200, the chip performs a route search on the received data packet, performs corresponding processing on the packet according to the search result, and obtains a bridge forwarding enable field from the search result.
具体地,芯片将解析得到的目的IP地址作为路由查找关键字,查找路由转发表项。如果查找的结果是匹配明细路由,就执行明细路由的转发下一跳处理,就不执行后续默认路由、FDB转发表项、Default PBR表项等的匹配;如果不匹配明细路由,则继续进行默认路由的匹配,如果查找的结果是命中默认路由,就执行默认路由的转发下一跳处理,并将路由查找结果中的forcebridge字段传送给步骤S300。Specifically, the chip uses the parsed destination IP address as a route search key to search for a route forwarding entry. If the result of the search matches the detailed route, the forwarding next hop processing of the detailed route is performed, and the subsequent default route, FDB forwarding entry, Default PBR entry, etc. are not matched; if the detailed route does not match, the default route is continued. When the route is matched, if the result of the search is to hit the default route, the forwarding next hop processing of the default route is performed, and the forcebridge field in the route search result is sent to step S300.
S300,芯片根据桥接转发使能字段判断是否对匹配的数据报文执行FDB转发表项的查找,若查找,则将数据报文中的信息组成查找关键字并查找FDB转发表项,若匹配,则执行FDB转发下一跳处理。S300, the chip judges whether to search the FDB forwarding table entry for the matched data packet according to the bridge forwarding enable field. If the search is made, the information in the data packet is formed into a search keyword and searches for the FDB forwarding table entry. Then perform FDB forwarding next hop processing.
具体地,本实施例中,当forcebridge字段为1时,会根据目的MAC地址和VLAN(VLAN网络)或者VNI(VXLAN网络)等信息组成查找关键字,并查找FDB转发表项。如果查找的结果是命中,就执行FDB转发下一跳处理。另外,若芯片支持默认策略路由查找匹配功能,则在FDB转发表项查找匹配后,不管匹配结果是命中还是未命中,则继续进入步骤S400;若芯片不支持默认策略路由查找匹配功能,则直接执行FDB转发下一跳处理,即不进行后续默认策略路由查找匹配等过程。Specifically, in this embodiment, when the forcebridge field is 1, a search keyword is formed according to the destination MAC address and information such as VLAN (VLAN network) or VNI (VXLAN network), and the FDB forwarding entry is searched. If the result of the search is a hit, the FDB forwarding next hop processing is performed. In addition, if the chip supports the default policy routing search and matching function, after the FDB forwarding table entry is searched for matching, regardless of whether the matching result is a hit or a miss, the process continues to step S400; if the chip does not support the default policy routing search and matching function, the direct Executes FDB forwarding next-hop processing, that is, does not perform subsequent processes such as default policy routing search and matching.
S400,芯片对数据报文进行策略路由查找,若匹配,则根据策略路由查找结果对报文进行转发下一跳处理。S400 , the chip performs a policy routing lookup on the data packet, and if there is a match, performs forwarding next hop processing on the packet according to the policy routing lookup result.
具体地,芯片对数据报文进行默认策略路由查找,若匹配,因默认策略路由查找匹配的优先级最高,则根据策略路由查找结果对报文进行转发下一跳处理。若不匹配同时步骤S300的FDB转发表项查找也不匹配,则根据默认路由查找结果对报文进行转发下一跳处理。若不匹配同时步骤S300的FDB转发表项查找匹配,则根据FDB转发表项查找结果对报文进行转发下一跳处理。Specifically, the chip performs a default policy routing lookup on the data packet. If it matches, because the default policy routing lookup has the highest matching priority, the packet is forwarded to the next hop according to the policy routing lookup result. If it does not match and the FDB forwarding table entry search in step S300 does not match, the packet is forwarded to the next hop according to the default route search result. If there is no match and the FDB forwarding table entry search in step S300 matches, the packet is forwarded to the next hop according to the FDB forwarding table entry search result.
也就是在上述查找匹配中,若匹配明细路由,则直接按照明细路由转发下一跳处理;若明细路由不匹配,默认路由匹配或不匹配,同时FDB转发表项匹配或不匹配及Default PBR表项匹配,则优先按照Default PBR表项转发下一跳处理;若明细路由和Default PBR表项均不匹配,默认路由匹配或不匹配,同时FDB转发表项匹配,则优先按照FDB转发表项转发下一跳处理;若明细路由和Default PBR表项均不匹配,默认路由匹配,同时FDB转发表项不匹配,则按照默认路由转发下一跳处理。也就是说,明细路由、Default PBR、FDB转发表项和默认路由的匹配优先级之间的关系为:路由查找的默认路由查找优先级<默认策略路由的查找优先级<FDB转发表项的查找优先级<路由查找的明细路由查找优先级。That is, in the above search and matching, if the detailed route is matched, the next hop processing is directly forwarded according to the detailed route; if the detailed route does not match, the default route matches or does not match, and the FDB forwarding table entry matches or does not match and Default PBR table If there is no match between the detailed route and the Default PBR entry, the default route matches or does not match, and the FDB forwarding entry matches, and the FDB forwarding entry is preferred for forwarding. Next-hop processing; if the detailed route and the Default PBR entry do not match, the default route matches, and the FDB forwarding entry does not match, the next-hop processing is forwarded according to the default route. That is to say, the relationship between the detailed route, Default PBR, FDB forwarding entry and the matching priority of the default route is: the default route search priority of the route search < the search priority of the default policy route < the lookup of the FDB forwarding entry Priority<Detailed route lookup priority of route lookup.
与上述数据报文的芯片处理方法相对应的,如图5所示,本发明实施例所揭示的一种数据报文的芯片处理装置,包括:Corresponding to the above-mentioned chip processing method for data packets, as shown in FIG. 5 , a chip processing apparatus for data packets disclosed in an embodiment of the present invention includes:
报文解析模块,用于对接收到的数据报文进行解析,解析得到报文匹配信息。The packet parsing module is used to parse the received data packet, and obtain packet matching information through parsing.
路由查找模块,用于对接收到的数据报文进行路由查找,根据查找结果对报文进行相应的处理,并由查找结果得到桥接转发使能字段。The route lookup module is used to perform route lookup on the received data message, perform corresponding processing on the message according to the lookup result, and obtain the bridge forwarding enable field from the lookup result.
FDB表项查找模块,用于根据所述桥接转发使能字段判断是否对匹配的数据报文执行FDB转发表项的查找,若查找,则将数据报文中的信息组成查找关键字并查找FDB转发表项,若匹配,则执行FDB转发下一跳处理。The FDB table entry search module is configured to judge whether to search the FDB forwarding table entry for the matched data packet according to the bridge forwarding enable field, and if so, form the information in the data packet into a search keyword and search for the FDB Forwarding entry, if it matches, execute FDB forwarding next hop processing.
若芯片支持默认策略路由查找功能,则本发明实施例所揭示的一种数据报文的芯片处理装置还包括:If the chip supports the default policy routing function, the chip processing apparatus for a data packet disclosed in the embodiment of the present invention further includes:
默认策略路由查找模块,用于在FDB表项查找模块查找不匹配后,对数据报文进行默认策略路由查找,若匹配,则根据策略路由查找结果对报文进行转发下一跳处理。The default policy route lookup module is used to perform a default policy route lookup on the data packet after the FDB entry lookup module finds no match. If it matches, the packet is forwarded to the next hop based on the policy route lookup result.
其中,报文解析模块、路由查找模块、默认策略路由匹配模块和策略路由匹配模块的具体原理可分别参照上述步骤S100~S400的描述,这里不做赘述。The specific principles of the packet parsing module, the route search module, the default policy route matching module, and the policy route matching module can be referred to the descriptions of the above steps S100 to S400, which are not repeated here.
本发明的技术内容及技术特征已揭示如上,然而熟悉本领域的技术人员仍可能基于本发明的教示及揭示而作种种不背离本发明精神的替换及修饰,因此,本发明保护范围应不限于实施例所揭示的内容,而应包括各种不背离本发明的替换及修饰,并为本专利申请权利要求所涵盖。The technical content and technical features of the present invention have been disclosed as above. However, those skilled in the art may still make various replacements and modifications based on the teaching and disclosure of the present invention without departing from the spirit of the present invention. Therefore, the protection scope of the present invention should not be limited to The contents disclosed in the embodiments should include various substitutions and modifications without departing from the present invention, and are covered by the claims of this patent application.

Claims (10)

  1. 一种路由扩展的芯片实现方法,所述芯片实现方法包括:在路由查找结果中增加桥接转发使能字段,所述桥接转发使能字段用于控制数据报文是否使能FDB转发表项的查找。A chip implementation method for route expansion, the chip implementation method comprising: adding a bridging forwarding enable field in a route search result, the bridging forwarding enable field is used to control whether a data message is enabled to search for an FDB forwarding entry .
  2. 一种基于权利要求1所述的路由扩展的芯片实现方法的数据报文的芯片处理方法,其中,所述芯片处理方法包括:A chip processing method for data packets based on the chip implementation method for routing expansion according to claim 1, wherein the chip processing method comprises:
    S200,芯片对接收到的数据报文进行路由查找,根据查找结果对报文进行相应的处理,并由查找结果得到桥接转发使能字段;S200, the chip performs a route search on the received data packet, performs corresponding processing on the packet according to the search result, and obtains a bridge forwarding enable field from the search result;
    S300,芯片根据所述桥接转发使能字段判断是否对匹配的数据报文执行FDB转发表项的查找,若查找,则将数据报文中的信息组成查找关键字并查找FDB转发表项,若匹配,则执行FDB转发下一跳处理。S300, the chip judges whether to search the FDB forwarding table entry for the matched data packet according to the bridge forwarding enable field, if found, the information in the data packet is formed into a search key and the FDB forwarding table entry is searched, if If there is a match, the FDB forwarding next hop processing is performed.
  3. 根据权利要求2所述的数据报文的芯片处理方法,其中,在步骤S200之前,所述方法还包括:The chip processing method for data packets according to claim 2, wherein, before step S200, the method further comprises:
    S100,芯片对接收到的数据报文进行解析,解析得到报文匹配信息,所述报文匹配信息至少包括源IP地址、目的IP地址、目的MAC地址、VLAN信息或VNI信息。S100, the chip parses the received data packet, and obtains packet matching information by parsing, where the packet matching information at least includes source IP address, destination IP address, destination MAC address, VLAN information or VNI information.
  4. 根据权利要求2或3所述的数据报文的芯片处理方法,其中,所述S200包括:The chip processing method for data packets according to claim 2 or 3, wherein the S200 comprises:
    S201,将数据报文的目的IP地址作为路由查找关键字,并进行路由 查找,若查找结果是匹配明细路由,则执行明细路由的转发下一跳处理,若查找结果是匹配默认路由,则进入S202;S201: Use the destination IP address of the data packet as a route search key, and perform a route search. If the search result matches the detailed route, execute the forwarding next hop processing of the detailed route, and if the search result matches the default route, enter S202;
    S202,将数据报文执行默认路由的转发下一跳处理,并将路由查找结果中的桥接转发使能字段携带到步骤S300中处理。S202, perform the forwarding next hop processing of the default route on the data packet, and carry the bridge forwarding enable field in the route search result to step S300 for processing.
  5. 根据权利要求2所述的数据报文的芯片处理方法,其中,步骤S300中,若桥接转发使能字段的值为1,则表示数据报文需要执行FDB转发表项的查找,若桥接转发使能字段的值为0,则表示数据报文不执行FDB转发表项的查找。The chip processing method for a data packet according to claim 2, wherein, in step S300, if the value of the bridge forwarding enable field is 1, it means that the data packet needs to be searched for an FDB forwarding entry. If the value of the Enable field is 0, it means that the data packet does not perform the lookup of the FDB forwarding table entry.
  6. 根据权利要求2或5所述的数据报文的芯片处理方法,其中,步骤S300中,若根据所述桥接转发使能字段判断需要对数据报文执行FDB转发表项的查找,则根据报文的目的MAC地址及VLAN信息或VNI信息组成查找关键字,并查找FDB转发表项。The chip processing method for a data packet according to claim 2 or 5, wherein, in step S300, if it is determined according to the bridge forwarding enable field that the data packet needs to be searched for an FDB forwarding entry, the The destination MAC address and VLAN information or VNI information form a search keyword, and search the FDB forwarding table entry.
  7. 根据权利要求2所述的数据报文的芯片处理方法,其中,所述方法还包括:The chip processing method for data packets according to claim 2, wherein the method further comprises:
    S400,芯片对数据报文进行默认策略路由查找,若匹配,则根据策略路由查找结果对报文进行转发下一跳处理。S400, the chip performs a default policy routing lookup on the data packet, and if there is a match, performs forwarding next hop processing on the packet according to the policy routing lookup result.
  8. 根据权利要求7所述的数据报文的芯片处理方法,其中,若FDB转发表项查找和默认策略路由查找均未匹配,则根据默认路由查找结果对报文进行转发下一跳处理;若FDB转发表项查找匹配或不匹配,且默认策略路由查找匹配,则根据默认策略路由查找结果对报文进行转发下一跳处理。The chip processing method for data packets according to claim 7, wherein, if the FDB forwarding table entry search and the default policy routing search do not match, the packet is forwarded to the next hop according to the default route search result; If the forwarding table entry matches or does not match, and the default policy route search matches, the packet is forwarded to the next hop based on the default policy route search result.
  9. 一种数据报文的芯片处理装置,所述装置包括:A chip processing device for a data message, the device comprising:
    路由查找模块,被设置为对接收到的数据报文进行路由查找,根据查找结果对报文进行相应的处理,并由查找结果得到桥接转发使能字段;The route lookup module is configured to perform route lookup on the received data message, process the message accordingly according to the lookup result, and obtain the bridge forwarding enable field from the lookup result;
    FDB表项查找模块,被设置为根据所述桥接转发使能字段判断是否对匹配的数据报文执行FDB转发表项的查找,若查找,则将数据报文中的信息组成查找关键字并查找FDB转发表项,若匹配,则执行FDB转发下一跳处理。The FDB table entry search module is configured to judge whether to perform the search of the FDB forwarding table entry for the matched data packet according to the bridge forwarding enable field; If the FDB forwarding entry matches, the FDB forwarding next hop processing is performed.
  10. 根据权利要求9所述的数据报文的处理装置,其中,所述装置还包括:The apparatus for processing data messages according to claim 9, wherein the apparatus further comprises:
    默认策略路由查找模块,被设置为在FDB表项查找模块查找不匹配后,对数据报文进行默认策略路由查找,若匹配,则根据策略路由查找结果对报文进行转发下一跳处理。The default policy routing lookup module is set to perform a default policy routing lookup on the data packet after the FDB entry lookup module finds no match. If it matches, the packet is forwarded to the next hop based on the policy routing lookup result.
PCT/CN2021/138907 2020-12-22 2021-12-16 Chip implementation method for routing extension, and chip processing method and apparatus for data packet WO2022135274A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202011525866.6A CN112714067B (en) 2020-12-22 2020-12-22 Chip implementation method of route extension, chip processing method and device of data message
CN202011525866.6 2020-12-22

Publications (1)

Publication Number Publication Date
WO2022135274A1 true WO2022135274A1 (en) 2022-06-30

Family

ID=75545056

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/138907 WO2022135274A1 (en) 2020-12-22 2021-12-16 Chip implementation method for routing extension, and chip processing method and apparatus for data packet

Country Status (2)

Country Link
CN (1) CN112714067B (en)
WO (1) WO2022135274A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112714067B (en) * 2020-12-22 2023-05-19 苏州盛科通信股份有限公司 Chip implementation method of route extension, chip processing method and device of data message

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101827038A (en) * 2010-05-24 2010-09-08 杭州华三通信技术有限公司 Distributed equipment and method for forwarding message in distributed equipment
CN104601472A (en) * 2015-02-04 2015-05-06 盛科网络(苏州)有限公司 Chip VXLAN gateway distributed routing implementation method and message processing system
CN104780103A (en) * 2015-04-14 2015-07-15 杭州华三通信技术有限公司 Message forwarding method and device
CN112714067A (en) * 2020-12-22 2021-04-27 盛科网络(苏州)有限公司 Chip implementation method for routing extension, chip processing method and device for data message

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9231866B2 (en) * 2012-12-17 2016-01-05 Dell Products L.P. Systems and methods for routing information in an information handling system using extended L3 lookup tables
CN104717138B (en) * 2013-12-11 2019-07-12 中兴通讯股份有限公司 A kind of method and interchanger for realizing message forwarding

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101827038A (en) * 2010-05-24 2010-09-08 杭州华三通信技术有限公司 Distributed equipment and method for forwarding message in distributed equipment
CN104601472A (en) * 2015-02-04 2015-05-06 盛科网络(苏州)有限公司 Chip VXLAN gateway distributed routing implementation method and message processing system
CN104780103A (en) * 2015-04-14 2015-07-15 杭州华三通信技术有限公司 Message forwarding method and device
CN112714067A (en) * 2020-12-22 2021-04-27 盛科网络(苏州)有限公司 Chip implementation method for routing extension, chip processing method and device for data message

Also Published As

Publication number Publication date
CN112714067A (en) 2021-04-27
CN112714067B (en) 2023-05-19

Similar Documents

Publication Publication Date Title
US7848333B2 (en) Method of multi-port virtual local area network (VLAN) supported by multi-protocol label switch (MPLS)
US9832124B2 (en) Method and apparatus providing single-tier routing in a shortest path bridging (SPB) network
US7039018B2 (en) Technique to improve network routing using best-match and exact-match techniques
US7760720B2 (en) Translating native medium access control (MAC) addresses to hierarchical MAC addresses and their use
US7088689B2 (en) VLAN data switching method using ARP packet
WO2022127714A1 (en) Chip implementation method for default policy based routing, and chip processing method and apparatus for data packet
US20010048661A1 (en) Method and apparatus for multi-protocol redundant router protocol support
US20110032939A1 (en) Network system, packet forwarding apparatus, and method of forwarding packets
WO2009033428A1 (en) Method, system and device for removing media access control address
JPH1056451A (en) Device and method for finding ip
WO2007019755A1 (en) Method for providing the different quality of service for data stream
WO2016045368A1 (en) Three-layer-forwarding device route table capacity expansion method and forwarding device
US20060114904A1 (en) Differentiated services multicast system and method using encapsulation and unicast
WO2022135274A1 (en) Chip implementation method for routing extension, and chip processing method and apparatus for data packet
WO2007082405A1 (en) An implementing method for detecting the legitimacy of label message path
CN116547953A (en) Implementing inter-segment traffic policies by a network fabric control plane
KR20050052639A (en) Apparatus and method of dividing virtual sites with policy properties in multi-protocol label switching networks
WO2010020103A1 (en) Method and device for providing service for the duplicate mac address users
JP2023544870A (en) MLAG link failure switching method and device
US9515924B2 (en) Method and apparatus providing single-tier routing in a shortest path bridging (SPB) network
WO2021000619A1 (en) Method and device for packet forwarding
US20170237691A1 (en) Apparatus and method for supporting multiple virtual switch instances on a network switch
WO2021228090A1 (en) Method and apparatus for sending multicast message
US20100329258A1 (en) Dynamically enabling mpls stations and ports using an arp database
Ichiriu High Performance Layer 3 Forwarding

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21909270

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21909270

Country of ref document: EP

Kind code of ref document: A1