WO2023029750A1 - Mac learning method and apparatus, electronic device, and storage medium - Google Patents

Mac learning method and apparatus, electronic device, and storage medium Download PDF

Info

Publication number
WO2023029750A1
WO2023029750A1 PCT/CN2022/104760 CN2022104760W WO2023029750A1 WO 2023029750 A1 WO2023029750 A1 WO 2023029750A1 CN 2022104760 W CN2022104760 W CN 2022104760W WO 2023029750 A1 WO2023029750 A1 WO 2023029750A1
Authority
WO
WIPO (PCT)
Prior art keywords
mac
drift range
data packet
sender information
drift
Prior art date
Application number
PCT/CN2022/104760
Other languages
French (fr)
Chinese (zh)
Inventor
刘冬梅
王玉保
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2023029750A1 publication Critical patent/WO2023029750A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Definitions

  • the present application relates to the EVPN technology in the field of data communication, and in particular to a MAC learning method, device, electronic equipment and storage medium.
  • RFC7432 defines MAC (Media Access Control, media access control layer)/IP (Internet Protocol, protocol for interconnection between networks) address notification route, which is used to communicate from local PE (Provider Edge, operator edge router) to EVPN ( Other PEs in the Ethernet Virtual Private Network (Ethernet Virtual Private Network) network publish the reachability information of the MAC/IP address.
  • the extended attribute of MAC drift is defined for MAC/IP routing, and the attribute can carry a static mark, indicating that the MAC is a static MAC and does not allow drift.
  • the dynamically learned MAC can carry the MAC drift sequence number. Whenever MAC drift occurs, the sequence number increases by 1, and each PE selects the MAC with the largest sequence number to take effect.
  • the MAC address notification carries the ESI (Ethernet Segment ID, Ethernet segment identifier) attribute.
  • ESI Ethernet Segment ID, Ethernet segment identifier
  • MAC routing notifications carry special tags. If static tags are carried in MAC notifications learned by PEs, although the purpose of not drifting to the remote end can be solved, it cannot be achieved between multi-homed devices. drift between.
  • An embodiment of the present application provides a MAC learning method, which is applied to an edge router PE, including: acquiring a first MAC drift range corresponding to the MAC according to the MAC of the received data packet; wherein, the first A MAC drift range includes credible sender information; when the sender information of the data packet changes and the changed sender information is within the corresponding first MAC drift range, the data packet Performing MAC learning; notifying the MAC learning result of the data packet to other PEs in the network to which it belongs.
  • An embodiment of the present application provides a MAC learning device, including: an acquisition module, configured to acquire a first MAC drift range corresponding to the MAC according to the MAC of the received data packet; wherein, the first The MAC drift range includes credible sender information; the learning module is configured to, when the sender information of the data packet changes and the changed sender information is within the corresponding first MAC drift range, performing MAC learning on the data packet; notifying the MAC learning result of the data packet to other PEs in the network to which it belongs.
  • An embodiment of the present application also provides an electronic device, including: at least one processor; and a memory connected in communication with the at least one processor; wherein, the memory stores information that can be executed by the at least one processor.
  • An instruction the instruction is executed by the at least one processor, so that the at least one processor can execute the above MAC learning method applied to PE.
  • the embodiment of the present application also provides a computer-readable storage medium storing a computer program, and when the computer program is executed by a processor, the above-mentioned MAC learning method is implemented.
  • FIG. 1 is a schematic structural diagram of an application environment provided by an embodiment of the present application
  • FIG. 2 is a flow chart 1 of a MAC learning method provided by an embodiment of the present application.
  • FIG. 3 is a second flow chart of a MAC learning method provided by an embodiment of the present application.
  • FIG. 4 is a schematic structural diagram of a MAC learning device provided by an embodiment of the present application.
  • Fig. 5 is a schematic structural diagram of an electronic device provided by an embodiment of the present application.
  • the purpose of this application is to solve the above problems, provide a MAC learning method, device, electronic equipment and storage medium, to realize that the local MAC on the PE is allowed to drift between reliable ACs or between multi-homing access devices, but avoid Drift to unreliable AC or remote to prevent MAC spoofing.
  • the embodiment of this application can be used in a variety of EVPN scenarios without distinguishing VxLAN (Virtual Extensible Local Area Network, virtual extended local area network), MPLS (Multi-Protocol Label Switching, multi-protocol label switching), SRv6 (Segment Routing IPv6, based on IPv6 forwarding plane Segment routing) and other encapsulation types of EVPN.
  • VxLAN Virtual Extensible Local Area Network, virtual extended local area network
  • MPLS Multi-Protocol Label Switching, multi-protocol label switching
  • SRv6 Segment Routing IPv6, based on IPv6 forwarding plane Segment routing
  • PE1 ⁇ PE2 ⁇ PE3 form an EVPN network and propagate MAC ⁇ IP routes through the BGP protocol.
  • CE1 and CE2 are connected to multiple gateway devices, and the gateway can be migrated between CE1 and CE2.
  • CE3 and CE4 are connected to unreliable user access. If a user on CE3 or CE4 forges the MAC address of CE1/CE2, the simulated service in the entire area will be interrupted.
  • a policy is required to ensure that the MAC addresses learned by PE1 and PE2 from the AC interfaces connected to CE1 and CE2 on the local gateway will not drift to the AC connected to CE3.
  • An embodiment of the present application relates to a MAC learning method, which is applied to PEs.
  • the first MAC drift range corresponding to the MAC is obtained; wherein, the first MAC drift range includes credible sender information; in the When the sender information of the data packet changes and the changed sender information is within the corresponding first MAC drift range, perform MAC learning on the data packet; notify the MAC learning result of the data packet to Other PEs in the network to which it belongs.
  • This application allows the local MAC on the PE to drift between reliable ACs or multi-homing access devices, and also achieves the purpose of not drifting the local MAC to the unreliable AC or the remote end, and the configuration of this application is simple , Flexible operation.
  • the second MAC drift range of the MAC is configured through a user interface.
  • the MAC is MACA
  • the second MAC drift range is configured for MACA through a user interface.
  • the MAC drift range includes sender information, for example, the sender information includes the AC interface.
  • the second MAC drift range of the locally configured MAC matches the third MAC drift range of the MAC learned from the access link AC, that is, the second drift range and the third drift range contain a common sender message, then The commonly included sender information is saved as the first MAC drift range corresponding to the MAC, and the MAC drift range corresponding to the MAC is notified to other PEs in the network to which the MAC belongs.
  • the third MAC drift range of the MACA learned from the AC is AC1 interface, AC2 interface, and AC3 interface
  • the second MAC drift range of the locally configured MACA is also AC1 interface, AC2 interface, AC3 interface, and AC4.
  • the third drift range and the second drift range jointly include the sender message: AC1 interface, AC2 interface, and AC3 interface, then it means that the locally configured second MAC drift range and the third MAC drift of the same MAC learned from AC
  • the commonly included sender information: AC1 interface, AC2 interface, and AC3 interface are stored as the first MAC drift range corresponding to the MACA. And notify other PEs in the network of the MAC drift range corresponding to the MAC.
  • PE1 in Figure 1 PE1 notifies PE2 and/or PE3 in Figure 1 of the first MAC drift range of the MACA, that is, both PE2 and/or PE3 can receive MAC routes and form a MAC table, And save the "MAC Drift Range" information.
  • PE2 may configure and match the MAC drift range, and notify PE1 and/or PE3 of the first MAC drift range of the matched MAC.
  • Step 201 Configure a second MAC drift range of the MAC through the ESI.
  • the MAC drift range includes sender information.
  • the sender information includes an AC interface, and the AC interface is represented by ESI.
  • the PE can set the second MAC drifting range of the MAC by configuring an ESI list or ESI group that allows MAC drifting.
  • the purpose of controlling MAC flapping can be achieved by configuring an ESI list or ESI group that allows MAC flapping on the user interface.
  • the PE in this embodiment can be a dual-homed PE, as shown in Figure 1. PE1 or PE2.
  • the general ESI list or ESI group is planned in advance, and the configuration is relatively simple. It is simpler and more convenient than the current configuration of ACL filter table based on each MAC command, and it is flexible enough.
  • step 202 match the second MAC drift range of the MAC locally configured with the third MAC drift range of the MAC learned from the access link AC according to preset rules, and determine that the MAC corresponds to Save the first MAC drifting range of the MAC, and notify other PEs in the network of the first MAC drifting range corresponding to the MAC; wherein, the locally configured MAC and the learned MAC are the same MAC.
  • the PE that is not configured with the second MAC drifting range of the MAC may obtain the first MAC drifting range corresponding to the MAC according to the notification of other PEs in the network.
  • the PE obtains sender information contained in both the second MAC drift range and the third MAC drift range, and saves the sender information contained in common as the first MAC drift range corresponding to the MAC .
  • the MAC drift range carried by BGP can be a series of ESI values that allow drift. It can also be abstracted, the ESI group name or group ID formed by a series of ESIs. For example ESI1 and ESI2 are allowed to drift, but not allowed to drift to ESI3 and the far end.
  • a first MAC drift range corresponding to the MAC of the data packet is obtained. For example, if the MAC of the data packet received from the AC is MACA, then in this step, the first MAC drift range corresponding to MACA is obtained.
  • the PE may also receive data packets from other PEs in the network to which it belongs, and obtain the MAC drift range corresponding to the MAC of the data packets.
  • step 204 if the sender information of the data packet is changed, and the changed sender information is still within the corresponding first MAC drift range, MAC learning is performed on the data packet, and the The MAC learning result of the above data packet is notified to other PEs in the network to which it belongs.
  • the first MAC drift range of MACA is the AC1 interface, AC2 interface, and AC3 interface.
  • the previous MACA data packet was transmitted to the PE through the AC1 interface, but the MACA data packet received this time is transmitted to the PE through the AC2 interface.
  • the MACA data packet received this time is transmitted to the PE through the AC4 interface, since the AC4 interface is not within the drift range of the MACA, the MACA is not learned, that is, the MACA data packet is kept as the information transmitted through the AC1 interface constant.
  • the PE in this embodiment may include the following components: a command configuration component, a BGP packet sending component, a BGP packet receiving component, and a MAC drift policy component.
  • the command configuration component is used to configure the ESI list or ESI group that allows MAC drift;
  • the BGP packet sending component is used to send MAC/IP routing to carry the ESI list or ESI group information that allows drift;
  • the BGP packet receiving component is used to save
  • the MAC entry records the ESI list or ESI group information that allows drifting;
  • the MAC drifting policy component is used to receive MAC updates and find that the new MAC points to the ESI list that allows drifting, then allow drifting; otherwise, drifting is not allowed.
  • the PE configures the local second MAC drift range in advance through the ESI, which is simpler and more convenient than configuring the ACL filter table based on the MAC command.
  • MAC/IP routing packets to carry ESI groups that allow drifting allows MACs to drift between pooled CEs, that is, ESI groups, but does not allow MACs to be drifted from untrusted CEs or remote ends, thereby achieving the purpose of preventing MAC spoofing.
  • FIG. 3 Another embodiment of the present application relates to a MAC learning method, and the specific process is shown in FIG. 3 . May include the following steps:
  • a second MAC drift range of the MAC is configured through IP.
  • the second MAC drift range includes sender information, and in this embodiment, the sender message includes an IP address.
  • a peer IP whitelist that allows MAC flapping can be configured on the PE.
  • the purpose of controlling MAC flapping can be achieved by configuring neighbor addresses that allow MAC flapping on the user interface.
  • the general BGP neighbors are planned in advance, and the configuration is relatively simple, which is simpler and more convenient than the current configuration of the ACL filter table based on each MAC command, and is flexible enough.
  • step 302 match the second MAC drift range of the MAC locally configured with the third MAC drift range of the MAC learned from the access link AC according to preset rules, and determine that the MAC corresponds to Save the first MAC drifting range of the MAC, and notify other PEs in the network of the first MAC drifting range corresponding to the MAC, where the locally configured MAC and the learned MAC are the same MAC.
  • the PE that is not configured with the second MAC drifting range of the MAC may obtain the first MAC drifting range corresponding to the MAC according to the notification of other PEs in the network.
  • other PEs may be notified through the border gateway protocol.
  • the PE obtains sender information contained in both the second MAC drift range and the third MAC drift range, and saves the sender information contained in common as the first MAC drift range corresponding to the MAC .
  • step 303 according to the MAC of the received data packet, a first MAC drift range corresponding to the MAC of the data packet is acquired.
  • the first MAC drift range of MACA is obtained in this step.
  • the PE may also receive data packets from other PEs in the network to which it belongs, and obtain the first MAC drift range corresponding to the MAC of the data packets.
  • step 304 if the sender information of the data packet to which it belongs is changed, and the changed sender information is still within the corresponding first MAC drift range, MAC learning is performed on the data packet, and the The MAC learning result of the data packet is notified to other PEs in the network to which it belongs.
  • the first MAC drift range of MACA is IP1, IP2, and IP3.
  • the previous MACA data packet was transmitted to the PE through IP1, and the MACA data packet received this time was transmitted to the current PE through IP2. It is necessary to determine whether IP2 is within the first MAC drift range of the MACA. If it is within the MAC drift range of MACA, then IP2 is considered reliable, MACA drift is allowed, and the learning result of MACA is obtained, that is, it has drifted from IP1 to IP2. And notify the learning result of the MACA to other PEs in the network to which it belongs. If the MACA data packet received this time is transmitted to the PE through IP4, since IP4 is not within the drift range of MACA, the MACA is not learned, that is, the information that the MACA data packet is transmitted through IP1 remains unchanged.
  • neighbor addresses that allow MAC flapping are configured in advance on the user interface, and the configuration is relatively simple, which is simpler and more convenient than configuring an ACL filter table based on MAC commands. It can also realize that the local MAC on the PE is allowed to drift between IPs or multi-homing access devices, and at the same time avoid the problem of drifting to unreliable IPs or remote ends, and achieve the purpose of preventing MAC spoofing.
  • step division of the above various methods is only for the sake of clarity of description. During implementation, it can be combined into one step or some steps can be split and decomposed into multiple steps. As long as they include the same logical relationship, they are all within the scope of protection of this patent. ; Adding insignificant modifications or introducing insignificant designs to the algorithm or process, but not changing the core design of the algorithm and process are all within the scope of protection of this patent.
  • the embodiment of the present application also provides a MAC learning device. As shown in FIG. 4 , it includes: an acquisition module 401 and a learning module 402 .
  • the acquiring module 401 is configured to acquire a first MAC drift range corresponding to the MAC according to the MAC of the received data packet; wherein the first MAC drift range includes trusted sender information
  • the learning module 402 is configured to perform MAC learning on the data packet when the sender information of the data packet changes and the changed sender information is within the corresponding first MAC drift range; The MAC learning result of the data packet is notified to other PEs in the network to which it belongs.
  • the MAC learning device may also include a configuration module (not shown in the figure), configured to configure the second MAC drift range of the MAC through a user interface; if the locally configured second MAC drift range of the MAC is the same as that from The third MAC drift range of the MAC learned by the access link AC matches, that is, the second drift range and the third drift range contain a common sender message, and the commonly contained sender information is used as the MAC
  • the corresponding first MAC drift range is saved, and the first MAC drift range corresponding to the MAC is notified to other PEs in the network to which the MAC belongs.
  • the PEs may be dual-homed PEs.
  • the MAC learning device may further include a MAC drift range acquisition module (not shown in the figure), configured to acquire the first MAC drift range corresponding to each MAC according to notifications from other PEs in the network to which it belongs.
  • a MAC drift range acquisition module (not shown in the figure), configured to acquire the first MAC drift range corresponding to each MAC according to notifications from other PEs in the network to which it belongs.
  • the sender information includes the AC interface.
  • the AC interface may be represented by an Ethernet segment identifier ESI list or an ESI group.
  • the sender information may include an IP address.
  • the MAC is learned. And notify the learning results to other PEs in the network to which it belongs. If the drift range is set by the ESI list or ESI group, then the changed sender information is the AC interface. If the drift range is set by the peer IP address , then the changed sender information is the IP address.
  • the MAC learning device can configure the ESI list or ESI group that allows MAC drifting on the user interface, and can also configure the neighbor addresses that allow MAC drifting on the user interface to achieve the purpose of controlling MAC drifting.
  • ESI and BGP neighbors are It is planned in advance and the configuration is relatively simple, which is easier and more convenient than configuring the ACL filter table based on MAC commands.
  • This application allows the local MAC on the PE to drift between reliable ACs or multi-homing access devices, and also achieves the purpose of not drifting the local MAC to the unreliable AC or the remote end, and the configuration of this application is simple , Flexible operation.
  • this embodiment is an apparatus embodiment corresponding to the above-mentioned method embodiment applied to PE, and this embodiment may be implemented in cooperation with the above-mentioned method embodiment applied to a base station.
  • the relevant technical details mentioned in the foregoing embodiment of the method applied to PE are still valid in this implementation manner, and will not be repeated here in order to reduce repetition.
  • the relevant technical details mentioned in this implementation manner can also be applied to the above embodiments of the MAC learning method applied to PEs.
  • modules involved in the above embodiments of the present application are logical modules.
  • a logical unit can be a physical unit, or a part of a physical unit, and can also Combination of physical units.
  • units that are not closely related to solving the technical problems proposed in the present application are not introduced in this embodiment, but this does not mean that there are no other units in this embodiment.
  • An embodiment of the present application also provides an electronic device, as shown in FIG. 5 , including at least one processor 501; and a memory 502 communicatively connected to the at least one processor 501; An instruction executed by the at least one processor 501, where the instruction is executed by the at least one processor 501, so that the at least one processor can execute the foregoing MAC learning method applied to PEs.
  • the memory and the processor are connected by a bus
  • the bus may include any number of interconnected buses and bridges, and the bus connects one or more processors and various circuits of the memory together.
  • the bus may also connect together various other circuits such as peripherals, voltage regulators, and power management circuits, all of which are well known in the art and therefore will not be further described herein.
  • the bus interface provides an interface between the bus and the transceivers.
  • a transceiver may be a single element or multiple elements, such as multiple receivers and transmitters, providing means for communicating with various other devices over a transmission medium.
  • the data processed by the processor is transmitted on the wireless medium through the antenna, and further, the antenna receives the data and transmits the data to the processor.
  • the processor is responsible for managing the bus and general processing, and can also provide various functions, including timing, peripheral interface, voltage regulation, power management, and other control functions. Instead, memory can be used to store data that the processor uses when performing operations.
  • Embodiments of the present application also provide a computer-readable storage medium storing a computer program.
  • the above method embodiments are implemented when the computer program is executed by the processor.
  • a device which can be A single chip microcomputer, a chip, etc.
  • a processor processor
  • the aforementioned storage media include: U disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disk or optical disc, etc., which can store program codes. .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiments of the present application relate to the field of data communications. Disclosed are a MAC learning method and apparatus, an electronic device, and a storage medium. The method comprises: according to a media access control (MAC) of a received data packet, acquiring a first MAC drift range corresponding to the MAC, wherein the first MAC drift range comprises trusted sender information; when the sender information of the data packet changes and the changed sender information is within the corresponding first MAC drift range, performing MAC learning on the data packet; and notifying other PEs in a belonging network of a MAC learning result of the data packet.

Description

MAC学习方法、装置、电子设备及存储介质MAC learning method, device, electronic equipment and storage medium
相关申请的交叉引用Cross References to Related Applications
本申请基于申请号为“202111007246.8”、申请日为2021年8月30日的中国专利申请提出,并要求该中国专利申请的优先权,该中国专利申请的全部内容在此以引入方式并入本申请。This application is based on the Chinese patent application with the application number "202111007246.8" and the filing date is August 30, 2021, and claims the priority of the Chinese patent application. The entire content of the Chinese patent application is hereby incorporated by reference. Apply.
技术领域technical field
本申请涉及数据通信领域的EVPN技术,尤其涉及一种MAC学习方法、装置、电子设备及存储介质。The present application relates to the EVPN technology in the field of data communication, and in particular to a MAC learning method, device, electronic equipment and storage medium.
背景技术Background technique
RFC7432中定义MAC(Media Access Control,媒体介入控制层)/IP(Internet Protocol,网络之间互连的协议)地址通告路由,用于从本端PE(Provider Edge,运营商边缘路由器)向EVPN(Ethernet Virtual Private Network,以太网虚拟专用网)网络中的其他PE发布MAC/IP地址的可达信息。同时为MAC/IP路由定义了MAC漂移扩展属性,属性中可以携带静态标记,表示该MAC为静态MAC不允许漂移。对于动态学习到的MAC可以携带MAC漂移序列号,每当发生MAC漂移时,序列号增加1,各PE选择序列号最大的MAC生效。RFC7432 defines MAC (Media Access Control, media access control layer)/IP (Internet Protocol, protocol for interconnection between networks) address notification route, which is used to communicate from local PE (Provider Edge, operator edge router) to EVPN ( Other PEs in the Ethernet Virtual Private Network (Ethernet Virtual Private Network) network publish the reachability information of the MAC/IP address. At the same time, the extended attribute of MAC drift is defined for MAC/IP routing, and the attribute can carry a static mark, indicating that the MAC is a static MAC and does not allow drift. The dynamically learned MAC can carry the MAC drift sequence number. Whenever MAC drift occurs, the sequence number increases by 1, and each PE selects the MAC with the largest sequence number to take effect.
对于双归接入的PE,MAC地址通告时携带ESI(Ethernet Segment ID,以太网段标识符)属性,其余PE接收到该MAC地址通告路由时发现本地存在该ESI,则认为该MAC也可以本地接入,此时不认为发生了漂移。For dual-homing PEs, the MAC address notification carries the ESI (Ethernet Segment ID, Ethernet segment identifier) attribute. When other PEs receive the MAC address notification route and find that the ESI exists locally, they consider that the MAC address can also be local. Access, drifting is not considered to have occurred at this time.
当某个PE的多个AC(Attachment Circuit,接入链路)接入的设备都是服务器,MAC来源安全性要求较高,且为了保证AC接入的可靠性多采用双归接入方式。为了安全性,需要实现PE上本地MAC允许在可靠的AC之间,或多归接入的设备之间漂移,但是避免向不可靠的AC或远端漂移。When multiple ACs (Attachment Circuits, access links) of a PE are connected to devices that are all servers, the MAC source security requirements are relatively high, and the dual-homing access method is often used to ensure the reliability of AC access. For security, it is necessary to allow the local MAC address on the PE to drift between reliable ACs or multi-homed devices, but avoid drifting to unreliable ACs or remote devices.
在防止网络攻击的方法中,MAC路由通告中携带特殊标记,如果将PE学习的MAC通告中携带静态标记,虽然可以解决不向远端漂移的目的,但是无法实现在多归接入的设备之间的漂移。In the method of preventing network attacks, MAC routing notifications carry special tags. If static tags are carried in MAC notifications learned by PEs, although the purpose of not drifting to the remote end can be solved, it cannot be achieved between multi-homed devices. drift between.
发明内容Contents of the invention
本申请的实施例提供了一种MAC学习方法,应用于边缘路由器PE,包括:根据接收的数据包的媒体介入控制层MAC,获取所述MAC对应的第一MAC漂移范围;其中,所述第一MAC漂移范围包括可信的发送方信息;在所述数据包的发送方信息发生变化且变化后的发送方信息位于所述对应的第一MAC漂移范围内的情况下,对所述数据包进行MAC学习;将所述数据包的MAC学习结果通告给所属网络中的其他PE。An embodiment of the present application provides a MAC learning method, which is applied to an edge router PE, including: acquiring a first MAC drift range corresponding to the MAC according to the MAC of the received data packet; wherein, the first A MAC drift range includes credible sender information; when the sender information of the data packet changes and the changed sender information is within the corresponding first MAC drift range, the data packet Performing MAC learning; notifying the MAC learning result of the data packet to other PEs in the network to which it belongs.
本申请的实施例提供了一种MAC学习装置,包括:获取模块,用于根据接收的数据包的媒体介入控制层MAC,获取所述MAC对应的第一MAC漂移范围;其中,所述第一MAC漂移范围包括可信的发送方信息;学习模块,用于在所述数据包的发送方信息发生变化且变 化后的发送方信息位于所述对应的第一MAC漂移范围内的情况下,对所述数据包进行MAC学习;将所述数据包的MAC学习结果通告给所属网络中的其他PE。An embodiment of the present application provides a MAC learning device, including: an acquisition module, configured to acquire a first MAC drift range corresponding to the MAC according to the MAC of the received data packet; wherein, the first The MAC drift range includes credible sender information; the learning module is configured to, when the sender information of the data packet changes and the changed sender information is within the corresponding first MAC drift range, performing MAC learning on the data packet; notifying the MAC learning result of the data packet to other PEs in the network to which it belongs.
本申请的实施例还提供了一种电子设备,包括:至少一个处理器;以及,与所述至少一个处理器通信连接的存储器;其中,所述存储器存储有可被所述至少一个处理器执行的指令,所述指令被所述至少一个处理器执行,以使所述至少一个处理器能够执行上述应用于PE的MAC学习方法。An embodiment of the present application also provides an electronic device, including: at least one processor; and a memory connected in communication with the at least one processor; wherein, the memory stores information that can be executed by the at least one processor. An instruction, the instruction is executed by the at least one processor, so that the at least one processor can execute the above MAC learning method applied to PE.
本申请的实施例还提供了一种计算机可读存储介质,存储有计算机程序,所述计算机程序被处理器执行时实现上述应用于MAC学习方法。The embodiment of the present application also provides a computer-readable storage medium storing a computer program, and when the computer program is executed by a processor, the above-mentioned MAC learning method is implemented.
附图说明Description of drawings
图1是本申请一实施例提供的应用环境的结构示意图;FIG. 1 is a schematic structural diagram of an application environment provided by an embodiment of the present application;
图2是本申请一实施例提供的MAC学习方法的流程图一;FIG. 2 is a flow chart 1 of a MAC learning method provided by an embodiment of the present application;
图3是本申请一实施例提供的MAC学习方法的流程图二;FIG. 3 is a second flow chart of a MAC learning method provided by an embodiment of the present application;
图4是本申请一实施例提供的MAC学习装置的结构示意图;FIG. 4 is a schematic structural diagram of a MAC learning device provided by an embodiment of the present application;
图5是本申请一实施例提供的电子设备结构示意图。Fig. 5 is a schematic structural diagram of an electronic device provided by an embodiment of the present application.
具体实施方式Detailed ways
本申请的目的在于解决上述问题,提供一种MAC学习方法、装置、电子设备及存储介质,实现PE上本地MAC允许在可靠的AC之间,或多归接入的设备之间漂移,但是避免向不可靠的AC或远端漂移,达到防止MAC欺骗的目的。The purpose of this application is to solve the above problems, provide a MAC learning method, device, electronic equipment and storage medium, to realize that the local MAC on the PE is allowed to drift between reliable ACs or between multi-homing access devices, but avoid Drift to unreliable AC or remote to prevent MAC spoofing.
为使本申请实施例的目的、技术方案和优点更加清楚,下面将结合附图对本申请的各实施方式进行详细的阐述。然而,本领域的普通技术人员可以理解,在本申请各实施方式中,为了使读者更好地理解本申请而提出了许多技术细节。但是,即使没有这些技术细节和基于以下各实施方式的种种变化和修改,也可以实现本申请所要求保护的技术方案。In order to make the purpose, technical solutions and advantages of the embodiments of the present application clearer, various implementations of the present application will be described in detail below in conjunction with the accompanying drawings. However, those of ordinary skill in the art can understand that, in each implementation manner of the present application, many technical details are provided for readers to better understand the present application. However, even without these technical details and various changes and modifications based on the following implementation modes, the technical solution claimed in this application can also be realized.
本申请实施例可用于多种EVPN场景,不区分VxLAN(Virtual Extensible Local Area Network,虚拟扩展局域网),MPLS(Multi-Protocol Label Switching,多协议标签交换),SRv6(Segment Routing IPv6,基于IPv6转发平面的段路由)等各种封装类型的EVPN。The embodiment of this application can be used in a variety of EVPN scenarios without distinguishing VxLAN (Virtual Extensible Local Area Network, virtual extended local area network), MPLS (Multi-Protocol Label Switching, multi-protocol label switching), SRv6 (Segment Routing IPv6, based on IPv6 forwarding plane Segment routing) and other encapsulation types of EVPN.
下面对本实施例的应用环境进行具体的描述,具体内容如图1所示。The application environment of this embodiment is described in detail below, and the specific content is shown in FIG. 1 .
新型城域网中主推EVPN方案,PE1\PE2\PE3组成EVPN网络,通过BGP协议传播MAC\IP路由。CE1和CE2连接多个网关设备,且网关在CE1和CE2之间是可以迁移的。CE3和CE4连接的是不可靠的用户接入,如果CE3或CE4上的用户伪造CE1/CE2的MAC,则会导致整个区域模拟的业务中断。In the new MAN, the EVPN solution is mainly promoted. PE1\PE2\PE3 form an EVPN network and propagate MAC\IP routes through the BGP protocol. CE1 and CE2 are connected to multiple gateway devices, and the gateway can be migrated between CE1 and CE2. CE3 and CE4 are connected to unreliable user access. If a user on CE3 or CE4 forges the MAC address of CE1/CE2, the simulated service in the entire area will be interrupted.
为了解决该问题,需要策略保证PE1、PE2从连接在本地网关的CE1、CE2的AC接口学习的MAC,不会漂移到连接CE3的AC。To solve this problem, a policy is required to ensure that the MAC addresses learned by PE1 and PE2 from the AC interfaces connected to CE1 and CE2 on the local gateway will not drift to the AC connected to CE3.
本申请的一实施例涉及一种MAC学习方法,应用于PE。在本实施例中,根据接收的数据包的媒体介入控制层MAC,获取所述MAC对应的第一MAC漂移范围;其中,所述第一MAC漂移范围包括可信的发送方信息;在所述数据包的发送方信息发生变化且变化后的发送方信息位于所述对应的第一MAC漂移范围内的情况下,对所述数据包进行MAC学习;将所述数据包的MAC学习结果通告给所属网络中的其他PE。本申请实现了PE上本地MAC允许在可靠的AC之间,或者多归接入的设备之间的漂移,也达到了本地MAC不向不可靠AC或 远端漂移的目的,且本申请配置简洁、操作灵活。An embodiment of the present application relates to a MAC learning method, which is applied to PEs. In this embodiment, according to the media access control layer MAC of the received data packet, the first MAC drift range corresponding to the MAC is obtained; wherein, the first MAC drift range includes credible sender information; in the When the sender information of the data packet changes and the changed sender information is within the corresponding first MAC drift range, perform MAC learning on the data packet; notify the MAC learning result of the data packet to Other PEs in the network to which it belongs. This application allows the local MAC on the PE to drift between reliable ACs or multi-homing access devices, and also achieves the purpose of not drifting the local MAC to the unreliable AC or the remote end, and the configuration of this application is simple , Flexible operation.
下面对本实施例中的MAC学习方法的实现细节进行具体的说明,以下内容仅为方便理解本方案的实现细节,并非实施本方案的必须。The implementation details of the MAC learning method in this embodiment are described in detail below. The following content is only for the convenience of understanding the implementation details of the solution, and is not necessary for implementing the solution.
在本实施例中,通过用户界面配置MAC的第二MAC漂移范围。例如,MAC为MACA,通过用户界面为MACA配置第二MAC漂移范围。MAC可以有一个,也可以有多个,若有多个MAC,则为多个MAC分别配置相应的第二MAC漂移范围。MAC漂移范围包括发送方信息,如发送方信息包括AC接口。In this embodiment, the second MAC drift range of the MAC is configured through a user interface. For example, the MAC is MACA, and the second MAC drift range is configured for MACA through a user interface. There may be one MAC or multiple MACs. If there are multiple MACs, corresponding second MAC drift ranges are respectively configured for the multiple MACs. The MAC drift range includes sender information, for example, the sender information includes the AC interface.
若本地配置的MAC的第二MAC漂移范围与从接入链路AC学习到的MAC的第三MAC漂移范围匹配,即第二漂移范围内和第三漂移范围内包含共同的发送方消息,则将共同包含的发送方信息作为所述MAC对应的第一MAC漂移范围进行保存,并向所属网络中的其他PE通告MAC对应的MAC漂移范围。例如,从AC学习到的MACA的第三MAC漂移范围为AC1接口、AC2接口、AC3接口,根据MACA查找到本地配置的MACA的第二MAC漂移范围也为AC1接口、AC2接口、AC3接口、AC4接口,由于第三漂移范围和第二漂移范围共同包含发送方消息:AC1接口、AC2接口、AC3接口,那么说明本地配置的第二MAC漂移范围与从AC学习到的同一MAC的第三MAC漂移范围匹配,将共同包含的发送方信息:AC1接口、AC2接口、AC3接口作为MACA对应的第一MAC漂移范围进行保存。并向所属网络中的其他PE通告MAC对应的MAC漂移范围。以图1中的PE1为例,PE1将MACA的第一MAC漂移范围通告给图1中的PE2和/或PE3,也就是说,PE2和/或PE3都可以接收到MAC路由并形成MAC表,并保存“MAC漂移范围”信息。在另一个例子中,也可以是PE2进行MAC漂移范围的配置和匹配,并将匹配的MAC的第一MAC漂移范围通告给PE1和/或PE3。If the second MAC drift range of the locally configured MAC matches the third MAC drift range of the MAC learned from the access link AC, that is, the second drift range and the third drift range contain a common sender message, then The commonly included sender information is saved as the first MAC drift range corresponding to the MAC, and the MAC drift range corresponding to the MAC is notified to other PEs in the network to which the MAC belongs. For example, the third MAC drift range of the MACA learned from the AC is AC1 interface, AC2 interface, and AC3 interface, and the second MAC drift range of the locally configured MACA is also AC1 interface, AC2 interface, AC3 interface, and AC4. interface, since the third drift range and the second drift range jointly include the sender message: AC1 interface, AC2 interface, and AC3 interface, then it means that the locally configured second MAC drift range and the third MAC drift of the same MAC learned from AC For range matching, the commonly included sender information: AC1 interface, AC2 interface, and AC3 interface are stored as the first MAC drift range corresponding to the MACA. And notify other PEs in the network of the MAC drift range corresponding to the MAC. Taking PE1 in Figure 1 as an example, PE1 notifies PE2 and/or PE3 in Figure 1 of the first MAC drift range of the MACA, that is, both PE2 and/or PE3 can receive MAC routes and form a MAC table, And save the "MAC Drift Range" information. In another example, PE2 may configure and match the MAC drift range, and notify PE1 and/or PE3 of the first MAC drift range of the matched MAC.
具体流程如图2所示,可包括如下步骤:The specific process is shown in Figure 2, and may include the following steps:
步骤201:通过ESI配置MAC的第二MAC漂移范围。其中,所述MAC漂移范围包括发送方信息,在本实施例中,发送方信息包括AC接口,通过ESI表征AC接口。Step 201: Configure a second MAC drift range of the MAC through the ESI. Wherein, the MAC drift range includes sender information. In this embodiment, the sender information includes an AC interface, and the AC interface is represented by ESI.
具体地说,PE可以通过配置允许MAC漂移的ESI列表或ESI组来设置MAC的第二MAC漂移范围。Specifically, the PE can set the second MAC drifting range of the MAC by configuring an ESI list or ESI group that allows MAC drifting.
在一个例子中,可以通过在用户界面配置允许MAC漂移的ESI列表或ESI组来达到控制MAC漂移的目的,其中,本实施例中的PE可以是双归接入的PE,如图1中的PE1或PE2。In one example, the purpose of controlling MAC flapping can be achieved by configuring an ESI list or ESI group that allows MAC flapping on the user interface. The PE in this embodiment can be a dual-homed PE, as shown in Figure 1. PE1 or PE2.
在本实施例中,一般ESI列表或ESI组是提前规划好的,配置相对简单。比目前的基于每个MAC命令配置ACL过滤表要更简单方便,且足够灵活。In this embodiment, the general ESI list or ESI group is planned in advance, and the configuration is relatively simple. It is simpler and more convenient than the current configuration of ACL filter table based on each MAC command, and it is flexible enough.
在步骤202中,将本地配置的所述MAC的第二MAC漂移范围与从接入链路AC学习到的所述MAC的第三MAC漂移范围按预设规则进行匹配,确定出所述MAC对应的第一MAC漂移范围进行保存,并向所属网络中的其他PE通告所述MAC对应的第一MAC漂移范围;其中,本地配置的MAC与学习到的MAC是同一个MAC。In step 202, match the second MAC drift range of the MAC locally configured with the third MAC drift range of the MAC learned from the access link AC according to preset rules, and determine that the MAC corresponds to Save the first MAC drifting range of the MAC, and notify other PEs in the network of the first MAC drifting range corresponding to the MAC; wherein, the locally configured MAC and the learned MAC are the same MAC.
也就是说,没有配置MAC的第二MAC漂移范围的PE,可以根据所述网络中的其他PE的通告,获取MAC对应的第一MAC漂移范围。That is to say, the PE that is not configured with the second MAC drifting range of the MAC may obtain the first MAC drifting range corresponding to the MAC according to the notification of other PEs in the network.
具体地说,PE获取所述第二MAC漂移范围内和所述第三MAC漂移范围内共同包含的发送方信息,将共同包含的发送方信息作为所述MAC对应的第一MAC漂移范围进行保存。Specifically, the PE obtains sender information contained in both the second MAC drift range and the third MAC drift range, and saves the sender information contained in common as the first MAC drift range corresponding to the MAC .
在本实施例中,是通过边界网关协议BGP对其它PE进行通告的。也就是说,BGP携带 的MAC漂移范围,可以是允许漂移的一系列ESI的值。也可以是抽象过的,一系列ESI形成的ESI组名或组ID。例如ESI1和ESI2允许漂移,但不允许漂移到ESI3和远端。In this embodiment, other PEs are notified through the Border Gateway Protocol BGP. That is to say, the MAC drift range carried by BGP can be a series of ESI values that allow drift. It can also be abstracted, the ESI group name or group ID formed by a series of ESIs. For example ESI1 and ESI2 are allowed to drift, but not allowed to drift to ESI3 and the far end.
在步骤203中,根据接收的数据包的MAC,获取该数据包的MAC对应的第一MAC漂移范围。例如,从AC上接收的数据包的MAC为MACA,则在本步骤中获取MACA对应的第一MAC漂移范围。In step 203, according to the MAC of the received data packet, a first MAC drift range corresponding to the MAC of the data packet is obtained. For example, if the MAC of the data packet received from the AC is MACA, then in this step, the first MAC drift range corresponding to MACA is obtained.
在一个例子中,PE还可以从所属网络中的其他PE接收数据包,并获取该数据包的MAC对应的MAC漂移范围。In an example, the PE may also receive data packets from other PEs in the network to which it belongs, and obtain the MAC drift range corresponding to the MAC of the data packets.
在步骤204中,若所述数据包的发送方信息发生改变,且改变后的发送方信息仍位于所述对应的第一MAC漂移范围中,则对所述数据包进行MAC学习,并将所述数据包的MAC学习结果通告给所属网络中的其他PE。In step 204, if the sender information of the data packet is changed, and the changed sender information is still within the corresponding first MAC drift range, MAC learning is performed on the data packet, and the The MAC learning result of the above data packet is notified to other PEs in the network to which it belongs.
例如,MACA的第一MAC漂移范围为AC1接口、AC2接口、AC3接口,之前的MACA的数据包是通过AC1接口传输到PE的,而本次接收到的MACA的数据包是通过AC2接口传输到本PE的,则需要判断AC2接口是否位于MACA的第一MAC漂移范围内。如果位于MACA的第一MAC漂移范围内,则认为AC2接口是可靠的,允许MACA的漂移,得到MACA的学习结果,即从AC1接口漂移到了AC2接口,并将该MACA的学习结果通告给所属网络中的其他PE。以PE1为例,PE1得到MACA的学习结果后,将MACA的学习结果通告给PE2和PE3,PE2和PE3都可以接收到MAC路由并形成MAC表,并保存漂移范围信息。For example, the first MAC drift range of MACA is the AC1 interface, AC2 interface, and AC3 interface. The previous MACA data packet was transmitted to the PE through the AC1 interface, but the MACA data packet received this time is transmitted to the PE through the AC2 interface. For the local PE, it is necessary to determine whether the AC2 interface is within the first MAC drift range of the MACA. If it is within the first MAC drift range of MACA, the AC2 interface is considered reliable, and MACA drift is allowed, and the learning result of MACA is obtained, that is, it has drifted from the AC1 interface to the AC2 interface, and the MACA learning result is notified to the network to which it belongs. Other PEs in . Take PE1 as an example. After obtaining the MACA learning result, PE1 notifies PE2 and PE3 of the MACA learning result. Both PE2 and PE3 can receive the MAC route and form a MAC table, and save the drift range information.
如果本次接收到的MACA的数据包是通过AC4接口传输到本PE的,由于AC4接口不在MACA的漂移范围内,所以不对该MACA进行学习,即保持MACA的数据包是通过AC1接口传输的信息不变。If the MACA data packet received this time is transmitted to the PE through the AC4 interface, since the AC4 interface is not within the drift range of the MACA, the MACA is not learned, that is, the MACA data packet is kept as the information transmitted through the AC1 interface constant.
本实施例中的PE可以包含以下几个组件:命令配置组件,BGP发包组件,BGP收包组件,以及MAC漂移策略组件。The PE in this embodiment may include the following components: a command configuration component, a BGP packet sending component, a BGP packet receiving component, and a MAC drift policy component.
具体地说,命令配置组件,用于配置允许MAC漂移的ESI列表或ESI组;BGP发包组件,用于MAC/IP路由发送携带允许漂移ESI列表或ESI组信息;BGP收包组件,用于保存MAC条目,记录允许漂移的ESI列表或ESI组信息;MAC漂移策略组件,用于收到MAC更新,发现在新的MAC指向允许漂移的ESI列表,则允许漂移;否则不允许漂移。Specifically, the command configuration component is used to configure the ESI list or ESI group that allows MAC drift; the BGP packet sending component is used to send MAC/IP routing to carry the ESI list or ESI group information that allows drift; the BGP packet receiving component is used to save The MAC entry records the ESI list or ESI group information that allows drifting; the MAC drifting policy component is used to receive MAC updates and find that the new MAC points to the ESI list that allows drifting, then allow drifting; otherwise, drifting is not allowed.
在本实施例中,PE通过ESI提前配置本地第二MAC漂移范围,比基于MAC命令配置ACL过滤表更简单方便。采用MAC/IP路由报文携带允许漂移的ESI组允许MAC在池化的CE即ESI组之间漂移,但不允许MAC被来自不可信的CE或远端漂移,达到了防止MAC欺骗的目的。In this embodiment, the PE configures the local second MAC drift range in advance through the ESI, which is simpler and more convenient than configuring the ACL filter table based on the MAC command. Using MAC/IP routing packets to carry ESI groups that allow drifting allows MACs to drift between pooled CEs, that is, ESI groups, but does not allow MACs to be drifted from untrusted CEs or remote ends, thereby achieving the purpose of preventing MAC spoofing.
本申请还有一实施例涉及一种MAC学习方法,具体流程如图3所示。可包括如下步骤:Another embodiment of the present application relates to a MAC learning method, and the specific process is shown in FIG. 3 . May include the following steps:
在步骤301中,通过IP配置MAC的第二MAC漂移范围。其中,所述第二MAC漂移范围包括发送方信息,在本实施例中,发送方消息包括IP地址。在一个例子中,可以在PE配置允许MAC漂移的对端IP白名单。In step 301, a second MAC drift range of the MAC is configured through IP. Wherein, the second MAC drift range includes sender information, and in this embodiment, the sender message includes an IP address. In an example, a peer IP whitelist that allows MAC flapping can be configured on the PE.
在一个例子中,可以通过在用户界面配置允许MAC漂移的邻居地址来达到控制MAC漂移的目的。In an example, the purpose of controlling MAC flapping can be achieved by configuring neighbor addresses that allow MAC flapping on the user interface.
在本实施例中,一般BGP邻居是提前规划好的,配置相对简单,比目前的基于每个MAC命令配置ACL过滤表要更简单方便,且足够灵活。In this embodiment, the general BGP neighbors are planned in advance, and the configuration is relatively simple, which is simpler and more convenient than the current configuration of the ACL filter table based on each MAC command, and is flexible enough.
在步骤302中,将本地配置的所述MAC的第二MAC漂移范围与从接入链路AC学习到 的所述MAC的第三MAC漂移范围按预设规则进行匹配,确定出所述MAC对应的第一MAC漂移范围进行保存,并向所属网络中的其他PE通告所述MAC对应的第一MAC漂移范围,其中,本地配置的MAC与学习到的MAC是同一个MAC。In step 302, match the second MAC drift range of the MAC locally configured with the third MAC drift range of the MAC learned from the access link AC according to preset rules, and determine that the MAC corresponds to Save the first MAC drifting range of the MAC, and notify other PEs in the network of the first MAC drifting range corresponding to the MAC, where the locally configured MAC and the learned MAC are the same MAC.
也就是说,没有配置MAC的第二MAC漂移范围的PE,可以根据所述网络中的其他PE的通告,获取MAC对应的第一MAC漂移范围。在本实施例中,可以通过边界网关协议对其它PE进行通告。That is to say, the PE that is not configured with the second MAC drifting range of the MAC may obtain the first MAC drifting range corresponding to the MAC according to the notification of other PEs in the network. In this embodiment, other PEs may be notified through the border gateway protocol.
具体地说,PE获取所述第二MAC漂移范围内和所述第三MAC漂移范围内共同包含的发送方信息,将共同包含的发送方信息作为所述MAC对应的第一MAC漂移范围进行保存。Specifically, the PE obtains sender information contained in both the second MAC drift range and the third MAC drift range, and saves the sender information contained in common as the first MAC drift range corresponding to the MAC .
在步骤303中,根据接收的数据包的MAC,获取该数据包的MAC对应的第一MAC漂移范围。In step 303, according to the MAC of the received data packet, a first MAC drift range corresponding to the MAC of the data packet is acquired.
例如,从AC上接收的数据包的MAC为MACA,则在本步骤中获取MACA的第一MAC漂移范围。For example, if the MAC of the data packet received from the AC is MACA, the first MAC drift range of MACA is obtained in this step.
在一个例子中,PE还可以从所属网络中的其他PE接收数据包,并获取该数据包的MAC对应的第一MAC漂移范围。In an example, the PE may also receive data packets from other PEs in the network to which it belongs, and obtain the first MAC drift range corresponding to the MAC of the data packets.
在步骤304中,若所属数据包的发送方信息发生改变,且改变后的发送方信息仍位于所述对应的第一MAC漂移范围中,则对所述数据包进行MAC学习,并将所述数据包的MAC学习结果通告给所属网络中的其他PE。In step 304, if the sender information of the data packet to which it belongs is changed, and the changed sender information is still within the corresponding first MAC drift range, MAC learning is performed on the data packet, and the The MAC learning result of the data packet is notified to other PEs in the network to which it belongs.
例如,MACA的第一MAC漂移范围为IP1、IP2、IP3,之前的MACA的数据包是通过IP1传输到PE的,而本次接收到的MACA的数据包是通过IP2传输到本PE的,则需要判断IP2是否位于MACA的第一MAC漂移范围内。如果位于MACA的MAC漂移范围内,则认为IP2是可靠的,允许MACA的漂移,得到MACA的学习结果,即从IP1漂移到了IP2。并将该MACA的学习结果通告给所属网络中的其他PE。如果本次接收到的MACA的数据包是通过IP4传输到本PE的,由于IP4不在MACA的漂移范围内,所以不对该MACA进行学习,即保持MACA的数据包是通过IP1传输的信息不变。For example, the first MAC drift range of MACA is IP1, IP2, and IP3. The previous MACA data packet was transmitted to the PE through IP1, and the MACA data packet received this time was transmitted to the current PE through IP2. It is necessary to determine whether IP2 is within the first MAC drift range of the MACA. If it is within the MAC drift range of MACA, then IP2 is considered reliable, MACA drift is allowed, and the learning result of MACA is obtained, that is, it has drifted from IP1 to IP2. And notify the learning result of the MACA to other PEs in the network to which it belongs. If the MACA data packet received this time is transmitted to the PE through IP4, since IP4 is not within the drift range of MACA, the MACA is not learned, that is, the information that the MACA data packet is transmitted through IP1 remains unchanged.
在本实施例中,在用户界面提前配置好允许MAC漂移的邻居地址,配置相对简单,比基于MAC命令配置ACL过滤表要简单方便。并可以实现PE上本地MAC允许在IP之间,或多归接入的设备之间漂移,同时也避免了向不可靠的IP或远端漂移的问题,达到了防止MAC欺骗的目的。In this embodiment, neighbor addresses that allow MAC flapping are configured in advance on the user interface, and the configuration is relatively simple, which is simpler and more convenient than configuring an ACL filter table based on MAC commands. It can also realize that the local MAC on the PE is allowed to drift between IPs or multi-homing access devices, and at the same time avoid the problem of drifting to unreliable IPs or remote ends, and achieve the purpose of preventing MAC spoofing.
上面各种方法的步骤划分,只是为了描述清楚,实现时可以合并为一个步骤或者对某些步骤进行拆分,分解为多个步骤,只要包括相同的逻辑关系,都在本专利的保护范围内;对算法中或者流程中添加无关紧要的修改或者引入无关紧要的设计,但不改变其算法和流程的核心设计都在该专利的保护范围内。The step division of the above various methods is only for the sake of clarity of description. During implementation, it can be combined into one step or some steps can be split and decomposed into multiple steps. As long as they include the same logical relationship, they are all within the scope of protection of this patent. ; Adding insignificant modifications or introducing insignificant designs to the algorithm or process, but not changing the core design of the algorithm and process are all within the scope of protection of this patent.
本申请的实施例还提供了一种MAC学习装置。如图4所示,包括:获取模块401,学习模块402。The embodiment of the present application also provides a MAC learning device. As shown in FIG. 4 , it includes: an acquisition module 401 and a learning module 402 .
具体地说,获取模块401,用于根据接收的数据包的媒体介入控制层MAC,获取所述MAC对应的第一MAC漂移范围;其中,所述第一MAC漂移范围包括可信的发送方信息;学习模块402,用于在所述数据包的发送方信息发生变化且变化后的发送方信息位于所述对应的第一MAC漂移范围内的情况下,对所述数据包进行MAC学习;将所述数据包的MAC学习结果通告给所属网络中的其他PE。Specifically, the acquiring module 401 is configured to acquire a first MAC drift range corresponding to the MAC according to the MAC of the received data packet; wherein the first MAC drift range includes trusted sender information The learning module 402 is configured to perform MAC learning on the data packet when the sender information of the data packet changes and the changed sender information is within the corresponding first MAC drift range; The MAC learning result of the data packet is notified to other PEs in the network to which it belongs.
在一个例子中,MAC学习装置还可以包括配置模块(图中未示出),用于通过用户界面配置MAC的第二MAC漂移范围;若本地配置的所述MAC的第二MAC漂移范围与从接入链路AC学习到的所述MAC的第三MAC漂移范围匹配,即第二漂移范围内和第三漂移范围内包含共同的发送方消息,则将共同包含的发送方信息作为所述MAC对应的第一MAC漂移范围进行保存,,并向所属网络中的其他PE通告所述MAC对应的第一MAC漂移范围。PE可以为双归接入的PE。In an example, the MAC learning device may also include a configuration module (not shown in the figure), configured to configure the second MAC drift range of the MAC through a user interface; if the locally configured second MAC drift range of the MAC is the same as that from The third MAC drift range of the MAC learned by the access link AC matches, that is, the second drift range and the third drift range contain a common sender message, and the commonly contained sender information is used as the MAC The corresponding first MAC drift range is saved, and the first MAC drift range corresponding to the MAC is notified to other PEs in the network to which the MAC belongs. The PEs may be dual-homed PEs.
在一个例子中,MAC学习装置还可以包括MAC漂移范围获取模块(图中未示出),用于根据所属网络中的其他PE的通告,获取各MAC对应的第一MAC漂移范围。In an example, the MAC learning device may further include a MAC drift range acquisition module (not shown in the figure), configured to acquire the first MAC drift range corresponding to each MAC according to notifications from other PEs in the network to which it belongs.
在一个例子中,发送方信息包括AC接口。具体地,AC接口可以通过以太网段标识符ESI列表或ESI组表示。在另一个例子中,发送方信息可以包括IP地址。In one example, the sender information includes the AC interface. Specifically, the AC interface may be represented by an Ethernet segment identifier ESI list or an ESI group. In another example, the sender information may include an IP address.
也就是说,将新获取到的MAC的数据包的发送方信息与之前保存的所述MAC的发送方信息进行比对,若变化后的发送方信息仍处于第一MAC漂移范围内,则对所述MAC进行学习。并将学习结果通告给所属网络中的其他PE,其中,若漂移范围是由ESI列表或ESI组来设置的,那么改变的发送方信息是AC接口,若漂移范围是由对端IP地址来设置的,那么改变的发送方信息是IP地址。That is to say, comparing the sender information of the newly obtained MAC data packet with the previously saved sender information of the MAC, if the changed sender information is still within the first MAC drift range, then The MAC is learned. And notify the learning results to other PEs in the network to which it belongs. If the drift range is set by the ESI list or ESI group, then the changed sender information is the AC interface. If the drift range is set by the peer IP address , then the changed sender information is the IP address.
本实施例提供的MAC学习装置,可以在用户界面配置允许MAC漂移的ESI列表或ESI组,也可以在用户界面配置允许MAC漂移的邻居地址来达到控制MAC漂移的目的,一般ESI和BGP邻居是提前规划好的,配置相对简单,比基于MAC命令配置ACL过滤表更加简单方便。本申请实现了PE上本地MAC允许在可靠的AC之间,或者多归接入的设备之间的漂移,也达到了本地MAC不向不可靠AC或远端漂移的目的,且本申请配置简洁、操作灵活。The MAC learning device provided by this embodiment can configure the ESI list or ESI group that allows MAC drifting on the user interface, and can also configure the neighbor addresses that allow MAC drifting on the user interface to achieve the purpose of controlling MAC drifting. Generally, ESI and BGP neighbors are It is planned in advance and the configuration is relatively simple, which is easier and more convenient than configuring the ACL filter table based on MAC commands. This application allows the local MAC on the PE to drift between reliable ACs or multi-homing access devices, and also achieves the purpose of not drifting the local MAC to the unreliable AC or the remote end, and the configuration of this application is simple , Flexible operation.
不难发现,本实施方式为上述应用于PE的方法实施例相对应的装置实施例,本实施方式可与上述应用于基站的方法实施例互相配合实施。上述应用于PE的方法实施例提到的相关技术细节在本实施方式中依然有效,为了减少重复,这里不再赘述。相应地,本实施方式中提到的相关技术细节也可应用在上述应用于PE的MAC学习方法实施例中。It is not difficult to find that this embodiment is an apparatus embodiment corresponding to the above-mentioned method embodiment applied to PE, and this embodiment may be implemented in cooperation with the above-mentioned method embodiment applied to a base station. The relevant technical details mentioned in the foregoing embodiment of the method applied to PE are still valid in this implementation manner, and will not be repeated here in order to reduce repetition. Correspondingly, the relevant technical details mentioned in this implementation manner can also be applied to the above embodiments of the MAC learning method applied to PEs.
值得一提的是,本申请上述实施方式中所涉及到的各模块均为逻辑模块,在实际应用中,一个逻辑单元可以是一个物理单元,也可以是一个物理单元的一部分,还可以以多个物理单元的组合实现。此外,为了突出本申请的创新部分,本实施方式中并没有将与解决本申请所提出的技术问题关系不太密切的单元引入,但这并不表明本实施方式中不存在其它的单元。It is worth mentioning that all the modules involved in the above embodiments of the present application are logical modules. In practical applications, a logical unit can be a physical unit, or a part of a physical unit, and can also Combination of physical units. In addition, in order to highlight the innovative part of the present application, units that are not closely related to solving the technical problems proposed in the present application are not introduced in this embodiment, but this does not mean that there are no other units in this embodiment.
本申请的实施例还提供一种电子设备,如图5所示,包括至少一个处理器501;以及,与所述至少一个处理器501通信连接的存储器502;其中,所述存储器502存储有可被所述至少一个处理器501执行的指令,所述指令被所述至少一个处理器501执行,以使所述至少一个处理器能够执行上述应用于PE的MAC学习方法。An embodiment of the present application also provides an electronic device, as shown in FIG. 5 , including at least one processor 501; and a memory 502 communicatively connected to the at least one processor 501; An instruction executed by the at least one processor 501, where the instruction is executed by the at least one processor 501, so that the at least one processor can execute the foregoing MAC learning method applied to PEs.
其中,存储器和处理器采用总线方式连接,总线可以包括任意数量的互联的总线和桥,总线将一个或多个处理器和存储器的各种电路连接在一起。总线还可以将诸如外围设备、稳压器和功率管理电路等之类的各种其他电路连接在一起,这些都是本领域所公知的,因此,本文不再对其进行进一步描述。总线接口在总线和收发机之间提供接口。收发机可以是一个元件,也可以是多个元件,比如多个接收器和发送器,提供用于在传输介质上与各种其他装置通信的单元。经处理器处理的数据通过天线在无线介质上进行传输,进一步,天线还接收 数据并将数据传送给处理器。Wherein, the memory and the processor are connected by a bus, and the bus may include any number of interconnected buses and bridges, and the bus connects one or more processors and various circuits of the memory together. The bus may also connect together various other circuits such as peripherals, voltage regulators, and power management circuits, all of which are well known in the art and therefore will not be further described herein. The bus interface provides an interface between the bus and the transceivers. A transceiver may be a single element or multiple elements, such as multiple receivers and transmitters, providing means for communicating with various other devices over a transmission medium. The data processed by the processor is transmitted on the wireless medium through the antenna, and further, the antenna receives the data and transmits the data to the processor.
处理器负责管理总线和通常的处理,还可以提供各种功能,包括定时,外围接口,电压调节、电源管理以及其他控制功能。而存储器可以被用于存储处理器在执行操作时所使用的数据。The processor is responsible for managing the bus and general processing, and can also provide various functions, including timing, peripheral interface, voltage regulation, power management, and other control functions. Instead, memory can be used to store data that the processor uses when performing operations.
上述产品可执行本申请实施例所提供的方法,具备执行方法相应的功能模块和有益效果,未在本实施例中详尽描述的技术细节,可参见本申请实施例所提供的方法。The above-mentioned products can execute the method provided in the embodiment of this application, and have corresponding functional modules and beneficial effects for executing the method. For technical details not described in detail in this embodiment, please refer to the method provided in the embodiment of this application.
本申请的实施例还提供一种计算机可读存储介质,存储有计算机程序。计算机程序被处理器执行时实现上述方法实施例。Embodiments of the present application also provide a computer-readable storage medium storing a computer program. The above method embodiments are implemented when the computer program is executed by the processor.
本领域技术人员可以理解,实现上述实施例方法中的全部或部分步骤是可以通过程序来指令相关的硬件来完成,该程序存储在一个存储介质中,包括若干指令用以使得一个设备(可以是单片机,芯片等)或处理器(processor)执行本申请各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质。Those skilled in the art can understand that all or part of the steps in the method of the above-mentioned embodiments can be completed by instructing related hardware through a program, the program is stored in a storage medium, and includes several instructions to make a device (which can be A single chip microcomputer, a chip, etc.) or a processor (processor) executes all or part of the steps of the methods described in the various embodiments of the present application. The aforementioned storage media include: U disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disk or optical disc, etc., which can store program codes. .
上述实施例是提供给本领域普通技术人员来实现和使用本申请的,本领域普通技术人员可以在脱离本申请的发明思想的情况下,对上述实施例做出种种修改或变化,因而本申请的保护范围并不被上述实施例所限,而应该符合权利要求书所提到的创新性特征的最大范围。The above-mentioned embodiments are provided for those of ordinary skill in the art to implement and use this application. Those of ordinary skill in the art can make various modifications or changes to the above-mentioned embodiments without departing from the inventive idea of this application. Therefore, this application The scope of protection is not limited by the above-mentioned embodiments, but should conform to the maximum scope of the innovative features mentioned in the claims.

Claims (12)

  1. 一种MAC学习方法,应用于边缘路由器PE,包括:A MAC learning method applied to an edge router PE, comprising:
    根据接收的数据包的媒体介入控制层MAC,获取所述MAC对应的第一MAC漂移范围;其中,所述第一MAC漂移范围包括可信的发送方信息;Acquiring a first MAC drift range corresponding to the MAC according to the media access control layer MAC of the received data packet; wherein the first MAC drift range includes credible sender information;
    在所述数据包的发送方信息发生变化且变化后的发送方信息位于所述对应的第一MAC漂移范围内的情况下,对所述数据包进行MAC学习;When the sender information of the data packet changes and the changed sender information is within the corresponding first MAC drift range, perform MAC learning on the data packet;
    将所述数据包的MAC学习结果通告给所属网络中的其他PE。Notify the MAC learning result of the data packet to other PEs in the network to which it belongs.
  2. 根据权利要求1所述的MAC学习方法,其中,所述根据接收的数据包的媒体介入控制层MAC,获取所述MAC对应的第一MAC漂移范围之前,还包括:The MAC learning method according to claim 1, wherein, before obtaining the first MAC drift range corresponding to the MAC according to the media access control layer MAC of the received data packet, further comprising:
    通过用户界面配置所述MAC的第二MAC漂移范围;configuring a second MAC drift range of the MAC through a user interface;
    将本地配置的所述MAC的第二MAC漂移范围与从接入链路AC学习到的所述MAC的第三MAC漂移范围按预设规则进行匹配,确定出所述MAC对应的第一MAC漂移范围进行保存,并向所述所属网络中的其他PE通告所述MAC对应的第一MAC漂移范围。matching the second MAC drift range of the MAC locally configured with the third MAC drift range of the MAC learned from the access link AC according to a preset rule, and determining the first MAC drift corresponding to the MAC The first MAC drift range corresponding to the MAC is notified to other PEs in the network to which the MAC belongs.
  3. 根据权利要求2所述的MAC学习方法,其特征在于,所述将本地配置的所述MAC的第二MAC漂移范围与从接入链路AC学习到的所述目标MAC的第三MAC漂移范围按预设规则进行匹配,确定出所述MAC对应的第一MAC漂移范围进行保存,包括:The MAC learning method according to claim 2, wherein the second MAC drift range of the locally configured MAC is combined with the third MAC drift range of the target MAC learned from the access link AC Matching is performed according to preset rules, and the first MAC drift range corresponding to the MAC is determined for storage, including:
    获取所述第二MAC漂移范围内和所述第三MAC漂移范围内共同包含的发送方信息;Acquiring sender information contained in both the second MAC drift range and the third MAC drift range;
    将所述共同包含的发送方信息作为所述MAC对应的第一MAC漂移范围进行保存。Save the commonly included sender information as the first MAC drift range corresponding to the MAC.
  4. 根据权利要求1至3中任一项所述的MAC学习方法,其特征在于,所述PE为双归接入的PE。The MAC learning method according to any one of claims 1 to 3, wherein the PE is a dual-homed PE.
  5. 根据权利要求1至4中任一项所述的MAC学习方法,其特征在于,所述根据接收的数据包的媒体介入控制层MAC,获取所述MAC对应的第一MAC漂移范围之前,还包括:The MAC learning method according to any one of claims 1 to 4, wherein the media intervention control layer MAC according to the received data packet, before obtaining the first MAC drift range corresponding to the MAC, further includes :
    根据所述所属网络中的其他PE的通告,获取各所述MAC对应的第一MAC漂移范围。Obtain the first MAC drift range corresponding to each of the MACs according to the notifications of other PEs in the network to which the network belongs.
  6. 根据权利要求1至5中任一项所述的MAC学习方法,其特征在于,所述发送方信息包括AC接口。The MAC learning method according to any one of claims 1 to 5, wherein the sender information includes an AC interface.
  7. 根据权利要求6所述的MAC学习方法,其特征在于,所述AC接口通过以太网段标识符ESI列表或ESI组表示。The MAC learning method according to claim 6, wherein the AC interface is represented by an Ethernet segment identifier (ESI) list or ESI group.
  8. 根据权利要求1至7中任一项所述的MAC学习方法,其特征在于,所述发送方信息包括IP地址。The MAC learning method according to any one of claims 1 to 7, wherein the sender information includes an IP address.
  9. 根据权利要求1至8中任一项所述的MAC学习方法,其特征在于,所述接收的数据 包包括:从接入链路AC上接收的数据包和/或从所述所属网络中的其他PE接收的数据包。The MAC learning method according to any one of claims 1 to 8, wherein the received data packets include: data packets received from the access link AC and/or from the Packets received by other PEs.
  10. 一种MAC学习装置,其特征在于,包括:A MAC learning device, characterized in that, comprising:
    获取模块,用于根据接收的数据包的媒体介入控制层MAC,获取所述MAC对应的第一MAC漂移范围;其中,所述第一MAC漂移范围包括可信的发送方信息;An acquisition module, configured to acquire a first MAC drift range corresponding to the MAC according to the MAC of the received data packet; wherein the first MAC drift range includes credible sender information;
    学习模块,用于在所述数据包的发送方信息发生变化且变化后的发送方信息位于所述对应的第一MAC漂移范围内的情况下,对所述数据包进行MAC学习;将所述数据包的MAC学习结果通告给所属网络中的其他PE。A learning module, configured to perform MAC learning on the data packet when the sender information of the data packet changes and the changed sender information is within the corresponding first MAC drift range; The MAC learning result of the data packet is notified to other PEs in the network to which it belongs.
  11. 一种电子设备,其特征在于,包括:An electronic device, characterized in that it comprises:
    至少一个处理器;以及,at least one processor; and,
    与所述至少一个处理器通信连接的存储器;其中,a memory communicatively coupled to the at least one processor; wherein,
    所述存储器存储有可被所述至少一个处理器执行的指令,所述指令被所述至少一个处理器执行,以使所述至少一个处理器能够执行如权利要求1至9中任一项所述的MAC学习方法。The memory stores instructions executable by the at least one processor, the instructions are executed by the at least one processor, so that the at least one processor can perform the operation described in any one of claims 1 to 9 The MAC learning method described above.
  12. 一种计算机可读存储介质,存储有计算机程序,其特征在于,所述计算机程序被处理器执行时实现权利要求1至9中任一项所述的MAC学习方法。A computer-readable storage medium storing a computer program, wherein the computer program implements the MAC learning method according to any one of claims 1 to 9 when executed by a processor.
PCT/CN2022/104760 2021-08-30 2022-07-08 Mac learning method and apparatus, electronic device, and storage medium WO2023029750A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202111007246.8 2021-08-30
CN202111007246.8A CN115733643A (en) 2021-08-30 2021-08-30 MAC learning method, device, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
WO2023029750A1 true WO2023029750A1 (en) 2023-03-09

Family

ID=85291131

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2022/104760 WO2023029750A1 (en) 2021-08-30 2022-07-08 Mac learning method and apparatus, electronic device, and storage medium

Country Status (2)

Country Link
CN (1) CN115733643A (en)
WO (1) WO2023029750A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101778035A (en) * 2010-03-09 2010-07-14 中兴通讯股份有限公司 Virtual private LAN service communication method and device
CN102014062A (en) * 2010-12-01 2011-04-13 中兴通讯股份有限公司 Method and device for controlling drift of MAC (media access control) addresses
CN105830400A (en) * 2014-11-04 2016-08-03 华为技术有限公司 Method, apparatus and system for controlling mac address flapping
US20200014623A1 (en) * 2017-03-14 2020-01-09 Huawei Technologies Co., Ltd. EVPN Packet Processing Method, Device, and System

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101778035A (en) * 2010-03-09 2010-07-14 中兴通讯股份有限公司 Virtual private LAN service communication method and device
CN102014062A (en) * 2010-12-01 2011-04-13 中兴通讯股份有限公司 Method and device for controlling drift of MAC (media access control) addresses
CN105830400A (en) * 2014-11-04 2016-08-03 华为技术有限公司 Method, apparatus and system for controlling mac address flapping
US20200014623A1 (en) * 2017-03-14 2020-01-09 Huawei Technologies Co., Ltd. EVPN Packet Processing Method, Device, and System

Also Published As

Publication number Publication date
CN115733643A (en) 2023-03-03

Similar Documents

Publication Publication Date Title
US11799831B2 (en) Intelligent service layer for separating application from physical networks and extending service layer intelligence over IP across the internet, cloud, and edge networks
CN110266592B (en) Communication method and device for SRV6 network and IP MPLS network
US11711242B2 (en) Secure SD-WAN port information distribution
US10091102B2 (en) Tunnel sub-interface using IP header field
EP3289728B1 (en) Distribution of internal routes for virtual networking
CN109474507B (en) Message forwarding method and device
US11489752B2 (en) Forwarding entry monitoring method and apparatus
WO2021014204A1 (en) Domain name system-over-hypertext transfer protocol secure with edge cloud or content delivery network localization
US20220141761A1 (en) Dynamic access network selection based on application orchestration information in an edge cloud system
EP3456020A1 (en) Mechanism for inline packet response generation in software defined networks
US11522792B2 (en) Method for discovering forwarding path and related device thereof
Pawar et al. Segmented proactive flow rule injection for service chaining using SDN
WO2023029750A1 (en) Mac learning method and apparatus, electronic device, and storage medium
US11876881B2 (en) Mechanism to enable third party services and applications discovery in distributed edge computing environment
Cisco Network Protocols Configuration Guide, Part 3 Cisco IOS Release 12.0 Apollo Domain, Banyan VINES, DECnet, ISO CLNS, XNS
US20240137339A1 (en) Intelligent service layer for separating application from physical networks and extending service layer intelligence over ip across the internet, cloud, and edge networks
US11778043B2 (en) Horizontal scaling for a software defined wide area network (SD-WAN)
US11546432B2 (en) Horizontal scaling for a software defined wide area network (SD-WAN)
WO2022053007A1 (en) Network reachability verification method and apparatus, and computer storage medium
CN115996157A (en) Routing message processing method and device, storage medium and electronic device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22862891

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE