WO2023246161A1 - Policy routing implementation method and device, and storage medium - Google Patents

Policy routing implementation method and device, and storage medium Download PDF

Info

Publication number
WO2023246161A1
WO2023246161A1 PCT/CN2023/079008 CN2023079008W WO2023246161A1 WO 2023246161 A1 WO2023246161 A1 WO 2023246161A1 CN 2023079008 W CN2023079008 W CN 2023079008W WO 2023246161 A1 WO2023246161 A1 WO 2023246161A1
Authority
WO
WIPO (PCT)
Prior art keywords
target
acl
forwarded
rule
route
Prior art date
Application number
PCT/CN2023/079008
Other languages
French (fr)
Chinese (zh)
Inventor
林宁
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2023246161A1 publication Critical patent/WO2023246161A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0893Assignment of logical groups to network elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/2557Translation policies or rules

Definitions

  • the present disclosure relates to the field of network communication technology, and in particular, to a method, device and storage medium for implementing policy routing.
  • the current operation of policy routing is to configure a series of access control lists (Access Control List, ACL), match routing rules and forwarding actions, and bind them to ports or VLANs (Virtual Local Area Network) so that this matching action is hit
  • ACL Access Control List
  • VLANs Virtual Local Area Network
  • the present disclosure provides a policy routing implementation method, equipment and storage medium, aiming to solve the technical problem of low flexibility of current policy routing implementation methods.
  • the present disclosure provides a method for implementing policy routing, which includes: determining a target route hit by a packet to be forwarded in at least one subnet route based on a policy routing table and preset matching rules; and obtaining initial rules in the target route and the pre-assigned access control list ACL aggregation group, and based on the target address in the packet to be forwarded, determine the target rule that the packet to be forwarded hits among the initial rules and the hit rules in the ACL aggregation group; there is a link on the main path In the event of a path failure, the packets to be forwarded are redirected and forwarded based on the destination path corresponding to the destination rule.
  • the present disclosure also provides a policy routing implementation device.
  • the policy routing implementation device includes a processor, a memory, a computer program stored on the memory and executable by the processor, and a connection between the processor and the memory.
  • a data bus for communication wherein when the computer program is executed by a processor, any one of the policy routing implementation methods provided by this disclosure is implemented.
  • the present disclosure also provides a storage medium for computer-readable storage, the storage medium stores one or Or multiple programs, one or more programs can be executed by one or more processors to implement any policy routing implementation method provided in this disclosure.
  • Figure 1 is a schematic flow chart of a first embodiment of a policy routing implementation method provided by the present disclosure
  • Figure 2 is a schematic flowchart of a second embodiment of the policy routing implementation method provided by the present disclosure
  • Figure 3 is a schematic flowchart of a third embodiment of the policy routing implementation method provided by the present disclosure.
  • Figure 4 is a schematic flowchart of the fourth embodiment of the policy routing implementation method provided by the present disclosure.
  • Figure 5 is a schematic structural block diagram of a policy routing implementation device provided by the present disclosure.
  • the current operation of policy routing is to configure a series of access control lists (Access Control List, ACL), match routing rules and forwarding actions, and bind them to ports or VLANs (Virtual Local Area Network) so that the matching action is hit
  • ACL Access Control List
  • VLANs Virtual Local Area Network
  • the forwarding path of packets can be modified according to the forwarding action of policy routing.
  • this application method makes policy routing only effective when bound to a port or VLAN, resulting in low flexibility in implementing policy routing.
  • the present disclosure provides a policy routing implementation method, device and storage medium.
  • the policy routing implementation method can be applied to mobile terminals, which can be electronic devices such as mobile phones, tablet computers, notebook computers, desktop computers, personal digital assistants, and wearable devices.
  • the policy routing implementation method provided by the embodiment of the present disclosure will be introduced in detail with reference to the scenario in Figure 1 . It should be noted that the scenario in Figure 1 is only used to explain the policy routing implementation method provided by the present disclosure, but does not constitute a limitation on the application scenarios of the policy routing implementation method provided by the present disclosure.
  • FIG. 1 is a schematic flowchart of a first embodiment of a policy routing implementation method provided by the present disclosure.
  • the policy routing implementation method includes steps S101 to S103.
  • Step S101 Based on the policy routing table and preset matching rules, determine the target route that the packet to be forwarded hits in at least one subnet route.
  • the policy routing table includes the mask information of all subnet routes, and the packet to be forwarded contains data units exchanged and transmitted in the network, that is, data blocks to be sent by the station at one time.
  • the message contains the complete data information to be sent, as well as path information.
  • the subnet route that is hit by the packet to be forwarded is determined by querying and matching the path address in the packet to be forwarded with the subnet mask in the policy routing table as the target route.
  • the preset matching rules can be based on the IP address of the packet to be forwarded, or can be field information of any packet, such as source and destination MAC addresses, protocol fields, and other ACL-matchable rules.
  • Step S102 Obtain the initial rules in the target route and the pre-assigned access control list ACL aggregation group, and based on the target address in the packet to be forwarded, determine the packet to be forwarded among the initial rules and the hit rules in the ACL aggregation group. Hit target rules.
  • the device after receiving the message, the device will first match the ACL matching rules in the target route one by one. If there is no match, match the next one. Once a matching rule is found, the action defined in the rule is executed and no further matching is performed with subsequent rules. If no matching rule is found, the initial rule of the destination route is used as the destination rule and the packet is forwarded.
  • the ACL aggregation group and the initial rules of the subnet route can be used as parallel rules, where the ACL aggregation group has a higher priority than the initial rule.
  • the initial rule can also be aggregated in the ACL aggregation group as one of the hit rules in the ACL aggregation group, and the initial rule can be arranged at the lowest priority of the ACL aggregation group.
  • Step S103 When there is a link failure on the main path, the packet to be forwarded is redirected and forwarded based on the target path corresponding to the target rule.
  • the main path is used as the highest priority path, and the hit rule of policy routing is used as the backup path; when there is a link failure on the main path, the path to be forwarded is switched to If the packet hits the target path in the policy routing, the packet will be redirected and forwarded to improve the stability and reliability of packet forwarding.
  • This embodiment provides a method for implementing policy routing. Based on the policy routing table and preset matching rules, the method determines the target route that the packet to be forwarded hits in at least one subnet route; and obtains the initial rules and preset rules in the target route.
  • the assigned access control list ACL aggregation group and based on the target address in the packet to be forwarded, determine the target rule that the packet to be forwarded hits in the initial rule and the hit rule in the ACL aggregation group; there is a link failure on the main path In the case of , based on the target path corresponding to the target rule, the packet to be forwarded is redirected and forwarded.
  • this embodiment pre-distributes the ACL aggregation group to each subnet route, and turns the hit rules in the ACL aggregation group into the rule attributes of the subnet route, so that the subnet route becomes a policy route; through the policy routing table and Preset matching rules.
  • the redirection and forwarding operation enables policy routing to take effect simultaneously with the execution of the target rules by the target route, thereby avoiding the problem that policy routing cannot be configured and effective simultaneously when the routing configuration changes. This solves the technical problem of low application flexibility of existing policy routing.
  • Figure 2 is a schematic flow chart of a second embodiment of the policy routing implementation method provided by the present disclosure.
  • step S101 before step S101, it further includes: steps S001 to step S003.
  • Step S001 Obtain the hit rules of the policy routing, group the hit rules based on the mask of each hit rule, and obtain at least one ACL aggregation group.
  • Step S002 Based on the subnet mask of each subnet route and the mask of each ACL aggregation group in the preset routing table, allocate the ACL aggregation group to the corresponding subnet route to obtain the policy rules of the subnet route.
  • Step S003 Obtain a policy routing table based on the policy rules of each subnet routing.
  • the device matches all ACL policy routing rules with the device's local default routing table, and all ACL policy routing according to the preset routing table.
  • the attributes of the ACL aggregation group when configuring policy routing as an ACL matching entry, all policy routing hit rules belonging to the same subnet routing mask are aggregated according to the ACL aggregation group; and Use the index of the ACL aggregation group as the next hop of the route and integrate it with the default routing table to obtain the policy routing table so that the route After looking up the table, the index of the ACL aggregation group can be hit. In this way, the packet can directly hit the related ACL aggregation group index after going through the routing table lookup, so that the packet can be redirected and forwarded by policy routing according to the ACL matching entry in this index.
  • step S002 specifically includes: based on the corresponding matching between the subnet mask of each subnet route in the preset routing table and the mask of each ACL aggregation group, allocate each ACL aggregation group to the corresponding In subnet routing; obtain the initial rules of the subnet routing, and obtain the policy rules of the subnet routing based on the initial rules and the hit rules in the ACL aggregation group.
  • the hit rules of all ACL policy routes are matched with the subnet masks of each subnet route in the preset routing table, and the ACL aggregation group corresponding to the same subnet mask is assigned to the corresponding subnet route. middle.
  • the ACL aggregation group can exist as a separate attribute of the route, and it exists as a routing attribute in parallel with the original next hop of the route. If the forwarding logic of the route is hit at this time, the ACL aggregation group will be matched first. If the ACL aggregation group cannot be matched, The entry then reroutes the normal next-hop forwarding logic.
  • the initial rule of the atomic network routing can also be used as a hit rule of this policy routing, and can be arranged at the last of each group of ACL policy routing rules, and finally all the rules that can match the device itself can be arranged.
  • All ACL policy routes in the machine's routing table are generated to generate several groups of ACL aggregation groups that can correspond to the machine's subnet routing table. At this time, replace the index of the original subnet route with the index of the ACL aggregation group to complete the policy routing processing of the original subnet route.
  • step S102 specifically includes: based on the target address of the message to be forwarded, query the ACL aggregation group in the target route, and determine whether there is an ACL aggregation group pointing to the target.
  • the hit rule of the address if there is a hit rule pointing to the target address in the ACL aggregation group, the hit rule pointing to the target address will be used as the target rule.
  • the initial rule is used as the target rule.
  • the ACL matching method is to match one by one from top to bottom, when the next hop of the subnet route becomes the ACL aggregation group index, the packets that can hit this subnet route will be processed according to the The aggregation groups formed by ACL policy routing are matched one by one in order.
  • switch A is configured with policy routing matching entries: 10.10.10.1 is redirected to 1.1.1.1; 10.10.10.2 is redirected to 2.2.2.2.
  • the next hop is 3.3.3.3.
  • the policy routing entries are compared with the routing table in switch A.
  • the 10.10.10.0/24 routing table can match two matching entries 10.10.10.1/10.10.10.2. Put these two matching entries in ACL aggregation group entry 1, and make ACL aggregation group index1 exist as a separate attribute of route 10.10.10.0/24.
  • the original next hop of route 10.10.10.0/24 is 3.3.3.3. No changes are made at this time.
  • route 10.10.10.0/24 is in the routing table and there is an ACL aggregation group. attributes and a common next hop.
  • switch A receives a message with the destination address 10.10.10.1 and hits the routing entry 10.0.0.0/24, it will first match the ACL aggregation group attribute, and the matched 10.10.10.1 will be redirected to the next hop address 1.1.
  • the entry for 1.1 is forwarded to the next hop 1.1.1.1.
  • the rule will be matched and redirected to 2.2.2.2.
  • switch A receives the message with the destination address 10.10.10.3, since it cannot match the ACL aggregation group attribute, it continues to match the forwarding rule of the original next hop of the route and forwards it to the next hop of the original route 10.10.10.0/24.
  • the next hop of the atomic network route that is, the initial rule
  • the next hop of the atomic network route can also be used as a hit rule of this policy route and arranged in each
  • the last one of a set of ACL policy routing rules will eventually combine all the ACL policy routes that can match the device's local routing table to generate several groups of ACL aggregation groups that can correspond to the local subnet routing table.
  • replace the index of the original subnet route with the index of the ACL aggregation group to complete the policy routing processing of the original subnet route.
  • switch A is configured with policy routing matching entries: 10.10.10.1 is redirected to 1.1.1.1; 10.10.10.2 is redirected to 2.2.2.2.
  • the next hop is 3.3.3.3.
  • the policy routing entries are compared with the routing table in switch A.
  • the 10.10.10.0/24 routing table can match two matching entries 10.10.10.1/10.10.10.2. Place these two matching entries in ACL aggregation group entry 1, and set the next hop of the original route matching entry 10.10.10.0/24 to 3.3.3.3 as the third matching entry, also place it in ACL aggregation group entry 1 .
  • the rule will be matched and redirected to 2.2.2.2.
  • switch A receives the packet with the destination address 10.10.10.3, it will match the forwarding rule of the third original next hop and forward it to the next hop address 3.3.3.3 of the original route 10.10.10.0/24.
  • the above completes the entire policy routing action of replacing the next hop of the original route.
  • the definition of policy routing can be more refined. For example, in addition to matching the IP address of the message, it can also match the field information of any message, such as source and destination. MAC addresses, protocol fields and other behaviors that ACL can match. Therefore, such a matching method can make the forwarding of a route have a very rich and refined matching behavior.
  • Figure 3 is a schematic flow chart of a third embodiment of the policy routing implementation method provided by the present disclosure.
  • steps S201 to S202 are also included.
  • Step S201 Generate a main path based on fast rerouting FRR, and determine whether there is a link obstacle on the main path.
  • Step S202 If there is no link failure on the main path, forward the packet to be forwarded through the main path.
  • policy routing ACL is at the forefront of forwarding logic. Therefore, as long as all packets come in from a certain port or a certain VLAN according to the ACL binding policy, they will directly match and hit the ACL policy of policy routing. Therefore, it is impossible to proceed to the subsequent routing process. As a result, although this function is called policy routing, its policy routing ACL does not have any connection with routing.
  • the policy route becomes the next hop attribute of the route and can take effect following the route, it can effectively respond to various behaviors of the route.
  • the ACL aggregation group of policy routing can be directly used as its next hop to take effect, which can realize the function of routing FRR and policy routing superimposed to take effect, thus completing the expansion of FRR functions similar to routing.
  • FRR Fast Reroute
  • the policy routing next hop of route 10.10.10.0/24 is formed.
  • switch A is configured with policy routing matching entries: 10.10.10.1 redirects to 1.1.1.1; 10.10.10.2 redirects to 2.2.2.2.
  • the next hop is 3.3.3.3.
  • route 10.10.10.0/24 forms an FRR path, the main path is the next hop IP address 4.4.4.4, and the backup path is the next hop of the above policy routing.
  • FRR triggers switchover all packets hitting this route 10.10.10.0/24 are forwarded along the main path 4.4.4.4.
  • the packets that hit this route 10.10.10.0/24 are forwarded according to the next hop of policy routing, that is, the packets that hit the policy routing ACL aggregation group are forwarded in a refined manner.
  • the formation of policy routing FRR is completed. Since policy routing becomes the next hop attribute of the route, the active and backup switching of FRR from ordinary routing to policy routing will be very simple and convenient, and two sets of policies can be formed. The effect of routing switching between each other.
  • FIG. 4 is a schematic flowchart of a fourth embodiment of the policy routing implementation method provided by the present disclosure.
  • redirecting and forwarding messages to be forwarded based on the target path corresponding to the target rule also includes: steps S301 to step S302.
  • Step S301 Generate equal-cost paths based on equal-cost multi-path routing ECMP.
  • Step S302 based on the target path and so on price path, diverting and forwarding the packets to be forwarded.
  • the policy route becomes the next hop attribute of the route and can take effect following the route, it can effectively respond to various behaviors of the route.
  • routing ECMP you can directly use the ACL aggregation group of policy routing as its next hop to take effect, which can realize the function of superimposing routing ECMP and policy routing to take effect, thereby completing the expansion of ECMP functions similar to routing.
  • EMCP Equal Cost Multi-path, equal cost routing
  • step S302 specifically includes: based on the load balancing principle and the data size of the packet to be forwarded, determining the load flow of the target path and the equal-cost path corresponding to the target rule; based on the load flow, controlling the target path and Equal-cost paths forward packets to be forwarded.
  • the policy routing next hop of route 10.10.10.0/24 is formed.
  • switch A is configured with policy routing matching entries: 10.10.10.1 redirects to 1.1.1.1; 10.10.10.2 redirects to 2.2.2.2.
  • the next hop is 3.3.3.3.
  • the route 10.10.10.0/24 forms an ECMP path and forms two equal-cost next hops.
  • One of the paths has a next hop address of 4.4.4.4, and the other path is the next hop of the above-mentioned policy routing.
  • All packets that hit this route 10.10.10.0/24 are forwarded load-balanced according to the two next hops, that is, part of the traffic goes through 4.4.4.4, and the other part of the traffic goes through the policy route next hop exit.
  • the formation of policy routing ECMP is completed. Since policy routing becomes the next hop attribute of the route, the ECMP load sharing method will be more diverse.
  • FIG. 5 is a schematic structural block diagram of a policy routing implementation device provided by the present disclosure.
  • the policy routing implementation device 300 includes a processor 301 and a memory 302.
  • the processor 301 and the memory 302 are connected through a bus 303, which is, for example, an I2C (Inter-integrated Circuit) bus.
  • I2C Inter-integrated Circuit
  • the processor 301 is used to provide computing and control capabilities to support the operation of the entire policy routing implementation device.
  • the processor 301 can be a central processing unit (Central Processing Unit, CPU).
  • the processor 301 can also be other general-purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC). ), Field-Programmable Gate Array (FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc.
  • the general processor may be a microprocessor or the processor may be any conventional processor.
  • the memory 302 may be a Flash chip, a read-only memory (ROM, Read-Only Memory) disk, an optical disk, a USB disk, a mobile hard disk, or the like.
  • ROM Read-Only Memory
  • the memory 302 may be a Flash chip, a read-only memory (ROM, Read-Only Memory) disk, an optical disk, a USB disk, a mobile hard disk, or the like.
  • FIG. 5 is only a block diagram of a partial structure related to the disclosed solution, and does not constitute a limitation on the policy routing implementation equipment to which the disclosed solution is applied. Specific policies A routing implementation device may include more or fewer components than shown in the figures, or combine certain components, or have a different arrangement of components.
  • the processor 301 is used to run a computer program stored in the memory 302, and implement any of the policy routing implementation methods provided by this disclosure when executing the computer program.
  • the processor 301 is used to run a computer program stored in the memory, and implement the following steps when executing the computer program: In one embodiment, when implemented, the processor 301 is used to implement: policy-based routing table and preset matching rules, determine the target route that the packet to be forwarded hits in at least one subnet route; obtain the initial rules in the target route and the pre-assigned access control list ACL aggregation group, and based on the packet to be forwarded The target address determines the target rule that the packet to be forwarded hits among the initial rules and the hit rules in the ACL aggregation group; in the case of a link failure on the main path, based on the target path corresponding to the target rule, redirection forwarding is performed. message.
  • the present disclosure also provides a storage medium for computer-readable storage.
  • the storage medium stores one or more programs.
  • the one or more programs can be executed by one or more processors to implement any of the tasks provided by the present disclosure.
  • a policy routing implementation method is also provided.
  • the storage medium may be an internal storage unit of the policy routing implementation device described in the previous embodiment, such as a hard disk or memory of the policy routing implementation device.
  • the storage medium can also be an external storage device of the policy routing implementation device, such as a plug-in hard disk, smart memory card (Smart Media Card, SMC), secure digital (SD) card, flash memory card equipped on the policy routing implementation device (Flash Card) etc.
  • the present disclosure provides a method for implementing policy routing.
  • This disclosure pre-distributes ACL aggregation groups to each subnet route, and converts the hit rules in the ACL aggregation group into rule attributes of the subnet routing, so that the subnet routing becomes a policy routing;
  • the technical solution of the present disclosure pre-distributes ACL aggregation groups to each subnet route, and turns the hit rules in the ACL aggregation group into rule attributes of the subnet route, so that policy routing can follow the target Target routing takes effect simultaneously with the execution of target rules, which solves the technical problem of low flexibility in the application of current policy routing.
  • Such software may be distributed on computer-readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media).
  • computer storage media includes volatile and nonvolatile media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data. removable, removable and non-removable media.
  • Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, Digital Versatile Disk (DVD) or other optical disk storage, magnetic cassettes, tapes, disk storage or other magnetic storage devices, or may Any other medium used to store the desired information and that can be accessed by a computer.
  • communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism, and may include any information delivery media .

Abstract

The present disclosure relates to the technical field of network communications, and provides a policy routing implementation method and device, and a storage medium. The method comprises: on the basis of a policy routing table and a preset matching rule, determining, in at least one subnet route, a target route hit by a packet to be forwarded; obtaining an initial rule in the target route and a pre-allocated access control list (ACL) aggregation group, and determining, on the basis of a target address in the packet to be forwarded, a target rule hit by the packet to be forwarded; and on the basis of a target path corresponding to the target rule, redirecting and forwarding the packet to be forwarded.

Description

策略路由实现方法、设备及存储介质Policy routing implementation method, equipment and storage medium
相关申请的交叉引用Cross-references to related applications
本公开要求享有2022年06月22日提交的名称为“策略路由实现方法、设备及存储介质”的中国专利申请CN202210713346.0的优先权,其全部内容通过引用并入本公开中。This disclosure claims priority to Chinese patent application CN202210713346.0 titled "Policy Routing Implementation Method, Device and Storage Medium" submitted on June 22, 2022, the entire content of which is incorporated into this disclosure by reference.
技术领域Technical field
本公开涉及网络通信技术领域,尤其涉及一种策略路由实现方法、设备及存储介质。The present disclosure relates to the field of network communication technology, and in particular, to a method, device and storage medium for implementing policy routing.
背景技术Background technique
目前的策略路由的运行是配置一系列的访问控制列表(Access Control List,ACL),匹配路由的规则和转发动作,并且绑定到端口或者VLAN(Virtual Local Area Network)上,使得命中此匹配动作的报文可以按照策略路由的转发动作修改转发路径。但是这种应用方式存在策略路由实现方法的灵活性较低的技术问题。The current operation of policy routing is to configure a series of access control lists (Access Control List, ACL), match routing rules and forwarding actions, and bind them to ports or VLANs (Virtual Local Area Network) so that this matching action is hit The forwarding path of packets can be modified according to the forwarding action of policy routing. However, this application method has the technical problem that the flexibility of the policy routing implementation method is low.
发明内容Contents of the invention
本公开提供了一种策略路由实现方法、设备及存储介质,旨在解决目前策略路由实现方法灵活性低的技术问题。The present disclosure provides a policy routing implementation method, equipment and storage medium, aiming to solve the technical problem of low flexibility of current policy routing implementation methods.
第一方面,本公开提供一种策略路由实现方法,包括:基于策略路由表和预设匹配规则,在至少一个子网路由中确定待转发报文命中的目标路由;获取目标路由中的初始规则和预分配的访问控制列表ACL聚合组,并基于待转发报文中的目标地址,在初始规则和ACL聚合组中的命中规则中,确定待转发报文命中的目标规则;在主路径存在链路故障的情况下,基于目标规则对应的目标路径,重定向转发待转发报文。In a first aspect, the present disclosure provides a method for implementing policy routing, which includes: determining a target route hit by a packet to be forwarded in at least one subnet route based on a policy routing table and preset matching rules; and obtaining initial rules in the target route and the pre-assigned access control list ACL aggregation group, and based on the target address in the packet to be forwarded, determine the target rule that the packet to be forwarded hits among the initial rules and the hit rules in the ACL aggregation group; there is a link on the main path In the event of a path failure, the packets to be forwarded are redirected and forwarded based on the destination path corresponding to the destination rule.
第二方面,本公开还提供一种策略路由实现设备,策略路由实现设备包括处理器、存储器、存储在存储器上并可被处理器执行的计算机程序以及用于实现处理器和存储器之间的连接通信的数据总线,其中所述计算机程序被处理器执行时,实现如本公开说明书提供的任一项策略路由实现方法。In a second aspect, the present disclosure also provides a policy routing implementation device. The policy routing implementation device includes a processor, a memory, a computer program stored on the memory and executable by the processor, and a connection between the processor and the memory. A data bus for communication, wherein when the computer program is executed by a processor, any one of the policy routing implementation methods provided by this disclosure is implemented.
第三方面,本公开还提供一种存储介质,用于计算机可读存储,存储介质存储有一个或 者多个程序,一个或者多个程序可被一个或者多个处理器执行,以实现如本公开说明书提供的任一项策略路由实现方法。In a third aspect, the present disclosure also provides a storage medium for computer-readable storage, the storage medium stores one or Or multiple programs, one or more programs can be executed by one or more processors to implement any policy routing implementation method provided in this disclosure.
附图说明Description of the drawings
为了更清楚地说明本公开技术方案,下面将对实施例描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图是本公开的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to explain the technical solutions of the present disclosure more clearly, the drawings needed to be used in the description of the embodiments will be briefly introduced below. Obviously, the drawings in the following description are some embodiments of the present disclosure. For those of ordinary skill in the art, As far as workers are concerned, other drawings can also be obtained based on these drawings without exerting creative work.
图1为图1为本公开提供的一种策略路由实现方法的第一实施例流程示意图;Figure 1 is a schematic flow chart of a first embodiment of a policy routing implementation method provided by the present disclosure;
图2为本公开提供的策略路由实现方法的第二实施例流程示意图;Figure 2 is a schematic flowchart of a second embodiment of the policy routing implementation method provided by the present disclosure;
图3为本公开提供的策略路由实现方法的第三实施例流程示意图;Figure 3 is a schematic flowchart of a third embodiment of the policy routing implementation method provided by the present disclosure;
图4为本公开提供的策略路由实现方法的第四实施例流程示意图;Figure 4 is a schematic flowchart of the fourth embodiment of the policy routing implementation method provided by the present disclosure;
图5为本公开提供的一种策略路由实现设备的结构示意框图。Figure 5 is a schematic structural block diagram of a policy routing implementation device provided by the present disclosure.
具体实施方式Detailed ways
下面将结合本公开中的附图,对本公开中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本公开的一部分实施例,而不是全部的实施例。基于本公开中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本公开保护的范围。The technical solutions in this disclosure will be clearly and completely described below with reference to the accompanying drawings in this disclosure. Obviously, the described embodiments are part of the embodiments of this disclosure, rather than all embodiments. Based on the embodiments in this disclosure, all other embodiments obtained by those of ordinary skill in the art without making creative efforts fall within the scope of protection of this disclosure.
附图中所示的流程图仅是示例说明,不是必须包括所有的内容和操作/步骤,也不是必须按所描述的顺序执行。例如,有的操作/步骤还可以分解、组合或部分合并,因此实际执行的顺序有可能根据实际情况改变。The flowcharts shown in the accompanying drawings are only examples and do not necessarily include all contents and operations/steps, nor are they necessarily performed in the order described. For example, some operations/steps can also be decomposed, combined or partially merged, so the actual order of execution may change according to actual conditions.
应当理解,在此本公开说明书中所使用的术语仅仅是出于描述特定实施例的目的而并不意在限制本公开。如在本公开说明书和所附权利要求书中所使用的那样,除非上下文清楚地指明其它情况,否则单数形式的“一”、“一个”及“该”意在包括复数形式。It should be understood that the terminology used in the description of the disclosure is for the purpose of describing particular embodiments only and is not intended to limit the disclosure. As used in this disclosure and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms unless the context clearly dictates otherwise.
目前的策略路由的运行是配置一系列的访问控制列表(Access Control List,ACL),匹配路由的规则和转发动作,并且绑定到端口或者VLAN(Virtual Local Area Network)上,使得命中此匹配动作的报文可以按照策略路由的转发动作修改转发路径。但是这种应用方式使得策略路由只能绑定在端口或者VLAN上生效,导致策略路由实现方法的灵活性较低。 The current operation of policy routing is to configure a series of access control lists (Access Control List, ACL), match routing rules and forwarding actions, and bind them to ports or VLANs (Virtual Local Area Network) so that the matching action is hit The forwarding path of packets can be modified according to the forwarding action of policy routing. However, this application method makes policy routing only effective when bound to a port or VLAN, resulting in low flexibility in implementing policy routing.
本公开提供一种策略路由实现方法、设备及存储介质。其中,该策略路由实现方法可应用于移动终端中,该移动终端可以手机、平板电脑、笔记本电脑、台式电脑、个人数字助理和穿戴式设备等电子设备。The present disclosure provides a policy routing implementation method, device and storage medium. Among them, the policy routing implementation method can be applied to mobile terminals, which can be electronic devices such as mobile phones, tablet computers, notebook computers, desktop computers, personal digital assistants, and wearable devices.
下面结合附图,对本公开的一些实施例作详细说明。在不冲突的情况下,下述的实施例及实施例中的特征可以相互组合。Some embodiments of the present disclosure will be described in detail below with reference to the accompanying drawings. The following embodiments and features in the embodiments may be combined with each other without conflict.
以下,将结合图1中的场景对本公开的实施例提供的策略路由实现方法进行详细介绍。需知,图1中的场景仅用于解释本公开提供的策略路由实现方法,但并不构成对本公开提供的策略路由实现方法应用场景的限定。Below, the policy routing implementation method provided by the embodiment of the present disclosure will be introduced in detail with reference to the scenario in Figure 1 . It should be noted that the scenario in Figure 1 is only used to explain the policy routing implementation method provided by the present disclosure, but does not constitute a limitation on the application scenarios of the policy routing implementation method provided by the present disclosure.
请参照图1,图1为本公开提供的一种策略路由实现方法的第一实施例流程示意图。Please refer to FIG. 1 , which is a schematic flowchart of a first embodiment of a policy routing implementation method provided by the present disclosure.
如图1所示,该策略路由实现方法包括步骤S101至步骤S103。As shown in Figure 1, the policy routing implementation method includes steps S101 to S103.
步骤S101、基于策略路由表和预设匹配规则,在至少一个子网路由中确定待转发报文命中的目标路由。Step S101: Based on the policy routing table and preset matching rules, determine the target route that the packet to be forwarded hits in at least one subnet route.
本实施例中,策略路由表中包括了所有子网路由的掩码信息,待转发报文中则是网络中交换与传输的数据单元,即站点一次性要发送的数据块。报文包含了将要发送的完整的数据信息,以及路径信息。在接收到待转发报文时,通过将待转发报文中的路径地址与策略路由表中的子网掩码进行查询匹配,确定待转发报文命中的子网路由,作为目标路由。In this embodiment, the policy routing table includes the mask information of all subnet routes, and the packet to be forwarded contains data units exchanged and transmitted in the network, that is, data blocks to be sent by the station at one time. The message contains the complete data information to be sent, as well as path information. When receiving a packet to be forwarded, the subnet route that is hit by the packet to be forwarded is determined by querying and matching the path address in the packet to be forwarded with the subnet mask in the policy routing table as the target route.
可以理解地是,预设匹配规则可以是将待转发报文的IP地址作为匹配依据,也可以是任意报文的字段信息,比如源目的MAC地址、协议字段等ACL可匹配的规则。It can be understood that the preset matching rules can be based on the IP address of the packet to be forwarded, or can be field information of any packet, such as source and destination MAC addresses, protocol fields, and other ACL-matchable rules.
步骤S102、获取目标路由中的初始规则和预分配的访问控制列表ACL聚合组,并基于待转发报文中的目标地址,在初始规则和ACL聚合组中的命中规则中,确定待转发报文命中的目标规则。Step S102: Obtain the initial rules in the target route and the pre-assigned access control list ACL aggregation group, and based on the target address in the packet to be forwarded, determine the packet to be forwarded among the initial rules and the hit rules in the ACL aggregation group. Hit target rules.
本实施例中,设备收到报文后,会先对目标路由中的ACL命中规则逐条匹配。如果不匹配,则匹配下一条。一旦找到一条匹配的规则,则执行规则中定义的动作,并不再继续与后续规则进行匹配。如果找不到匹配的规则,则将目标路由的初始规则作为目标规则,转发报文。In this embodiment, after receiving the message, the device will first match the ACL matching rules in the target route one by one. If there is no match, match the next one. Once a matching rule is found, the action defined in the rule is executed and no further matching is performed with subsequent rules. If no matching rule is found, the initial rule of the destination route is used as the destination rule and the packet is forwarded.
在一示例性的实施方式中,在将ACL聚合组分配至子网路由时,可以将ACL聚合组与子网路由的初始规则作为并列规则使用,其中,ACL聚合组的优先级高于初始规则;在一示例性的实施方式中,还可以将初始规则作为ACL聚合组的其中一条命中规则,聚合在ACL聚合组中,并且将该初始规则排列在ACL聚合组的最低优先级处。 In an exemplary implementation, when allocating an ACL aggregation group to a subnet route, the ACL aggregation group and the initial rules of the subnet route can be used as parallel rules, where the ACL aggregation group has a higher priority than the initial rule. ; In an exemplary implementation, the initial rule can also be aggregated in the ACL aggregation group as one of the hit rules in the ACL aggregation group, and the initial rule can be arranged at the lowest priority of the ACL aggregation group.
步骤S103、在主路径存在链路故障的情况下,基于目标规则对应的目标路径,重定向转发待转发报文。Step S103: When there is a link failure on the main path, the packet to be forwarded is redirected and forwarded based on the target path corresponding to the target rule.
本实施例中,在待转发报文命中多个转发路径时,以主路径为最高优先级路径,而将策略路由的命中规则作为备用路径;当主路径存在链路故障时,则切换至待转发报文命中的策略路由中的目标路径,重定向转发报文,以提高报文转发的稳定性和可靠性。In this embodiment, when the packet to be forwarded hits multiple forwarding paths, the main path is used as the highest priority path, and the hit rule of policy routing is used as the backup path; when there is a link failure on the main path, the path to be forwarded is switched to If the packet hits the target path in the policy routing, the packet will be redirected and forwarded to improve the stability and reliability of packet forwarding.
本实施例提供了一种策略路由实现方法,该方法基于策略路由表和预设匹配规则,在至少一个子网路由中确定待转发报文命中的目标路由;获取目标路由中的初始规则和预分配的访问控制列表ACL聚合组,并基于待转发报文中的目标地址,在初始规则和ACL聚合组中的命中规则中,确定待转发报文命中的目标规则;在主路径存在链路故障的情况下,基于目标规则对应的目标路径,重定向转发待转发报文。通过上述方式,本实施例通过将ACL聚合组预分配到各子网路由中,将ACL聚合组中的命中规则成为子网路由的规则属性,使得子网路由成为策略路由;通过策略路由表和预设匹配规则,确定待转发报文命中的目标路由后,可以在目标路由包含的命中规则和初始规则中,查询匹配对应的目标规则;并根据目标规则对应的目标路径,执行对待转发报文的重定向转发操作,使得策略路由可以跟随目标路由对目标规则的执行而同步生效,从而避免了在路由配置发生改变时,策略路由不能同步配置和生效的问题。由此,解决了现有策略路由的应用灵活性低的技术问题。This embodiment provides a method for implementing policy routing. Based on the policy routing table and preset matching rules, the method determines the target route that the packet to be forwarded hits in at least one subnet route; and obtains the initial rules and preset rules in the target route. The assigned access control list ACL aggregation group, and based on the target address in the packet to be forwarded, determine the target rule that the packet to be forwarded hits in the initial rule and the hit rule in the ACL aggregation group; there is a link failure on the main path In the case of , based on the target path corresponding to the target rule, the packet to be forwarded is redirected and forwarded. Through the above method, this embodiment pre-distributes the ACL aggregation group to each subnet route, and turns the hit rules in the ACL aggregation group into the rule attributes of the subnet route, so that the subnet route becomes a policy route; through the policy routing table and Preset matching rules. After determining the target route that the packet to be forwarded hits, you can query the matching target rule in the hit rules and initial rules contained in the target route; and execute the packet to be forwarded based on the target path corresponding to the target rule. The redirection and forwarding operation enables policy routing to take effect simultaneously with the execution of the target rules by the target route, thereby avoiding the problem that policy routing cannot be configured and effective simultaneously when the routing configuration changes. This solves the technical problem of low application flexibility of existing policy routing.
请参照图2,图2为本公开提供的策略路由实现方法的第二实施例流程示意图;Please refer to Figure 2, which is a schematic flow chart of a second embodiment of the policy routing implementation method provided by the present disclosure;
本实施例中,基于上述图1所示实施例,步骤S101之前,具体还包括:步骤S001至步骤S003。In this embodiment, based on the above-mentioned embodiment shown in FIG. 1 , before step S101, it further includes: steps S001 to step S003.
步骤S001,获取策略路由的命中规则,并基于各命中规则的掩码,对各命中规则进行分组,获得至少一个ACL聚合组。步骤S002,基于预设路由表中各子网路由的子网掩码和各ACL聚合组的掩码,将ACL聚合组分配至对应的子网路由中,获得子网路由的策略规则。步骤S003,基于各子网路由的策略规则,获得策略路由表。Step S001: Obtain the hit rules of the policy routing, group the hit rules based on the mask of each hit rule, and obtain at least one ACL aggregation group. Step S002: Based on the subnet mask of each subnet route and the mask of each ACL aggregation group in the preset routing table, allocate the ACL aggregation group to the corresponding subnet route to obtain the policy rules of the subnet route. Step S003: Obtain a policy routing table based on the policy rules of each subnet routing.
本实施例中,在用户配置所有的ACL策略路由的命中规则和重定向条目之后,设备将所有的ACL策略路由规则和设备本机的预设路由表进行匹配,将所有的ACL策略路由按照预设路由表中各子网路由的子网掩码进行分组,并分配相应的ACL聚合组index,使得所有的ACL策略路由命中规则,按照本机的预设路由表的子网掩码分为若干组。In this embodiment, after the user configures all ACL policy routing hit rules and redirect entries, the device matches all ACL policy routing rules with the device's local default routing table, and all ACL policy routing according to the preset routing table. Set the subnet masks of each subnet route in the routing table to group them, and assign the corresponding ACL aggregation group index so that all ACL policy routing hit rules are divided into several subnet masks according to the preset routing table of the machine. Group.
在一示例性的实施方式中,利用ACL聚合组的属性,将策略路由配置成ACL匹配条目时,将属于同一子网路由掩码下的策略路由命中规则,全部按照ACL聚合组来聚合;并将ACL聚合组的index作为路由下一跳,与预设路由表整合在一起,获得策略路由表,使得路 由表查表之后,可以命中ACL聚合组的index。这样就可以让报文经过路由表查表之后,直接命中与之相关的ACL聚合组index,从而让报文按照此index中的ACL匹配条目进行策略路由的重定向转发。In an exemplary implementation, using the attributes of the ACL aggregation group, when configuring policy routing as an ACL matching entry, all policy routing hit rules belonging to the same subnet routing mask are aggregated according to the ACL aggregation group; and Use the index of the ACL aggregation group as the next hop of the route and integrate it with the default routing table to obtain the policy routing table so that the route After looking up the table, the index of the ACL aggregation group can be hit. In this way, the packet can directly hit the related ACL aggregation group index after going through the routing table lookup, so that the packet can be redirected and forwarded by policy routing according to the ACL matching entry in this index.
在一示例性的实施方式中,步骤S002具体包括:基于预设路由表中各子网路由的子网掩码和各ACL聚合组的掩码的对应匹配,将各ACL聚合组分配至对应的子网路由中;获取子网路由的初始规则,并基于初始规则和ACL聚合组中的命中规则,获得子网路由的策略规则。In an exemplary implementation, step S002 specifically includes: based on the corresponding matching between the subnet mask of each subnet route in the preset routing table and the mask of each ACL aggregation group, allocate each ACL aggregation group to the corresponding In subnet routing; obtain the initial rules of the subnet routing, and obtain the policy rules of the subnet routing based on the initial rules and the hit rules in the ACL aggregation group.
本实施例中,将所有的ACL策略路由的命中规则和预设路由表中各子网路由的子网掩码进行匹配,将对应同一子网掩码的ACL聚合组分配至对应的子网路由中。ACL聚合组可以作为路由的一个单独属性存在,与路由的原下一跳成为并列的路由属性存在,而此时命中路由的转发逻辑,则优先去匹配ACL聚合组,若无法匹配ACL聚合组的条目则重新走路由的正常下一跳转发逻辑。In this embodiment, the hit rules of all ACL policy routes are matched with the subnet masks of each subnet route in the preset routing table, and the ACL aggregation group corresponding to the same subnet mask is assigned to the corresponding subnet route. middle. The ACL aggregation group can exist as a separate attribute of the route, and it exists as a routing attribute in parallel with the original next hop of the route. If the forwarding logic of the route is hit at this time, the ACL aggregation group will be matched first. If the ACL aggregation group cannot be matched, The entry then reroutes the normal next-hop forwarding logic.
在一示例性的实施方式中,可以将原子网路由的初始规则,也作为此策略路由的一个命中规则,排布在每一组ACL策略路由规则的最后一条,最终将所有能匹配到设备本机路由表的所有ACL策略路由,生成若干组可以与本机子网路由表对应的ACL聚合组。此时,将ACL聚合组的index去替代原有子网路由的index,即可完成对原有子网路由的策略路由处理。In an exemplary implementation, the initial rule of the atomic network routing can also be used as a hit rule of this policy routing, and can be arranged at the last of each group of ACL policy routing rules, and finally all the rules that can match the device itself can be arranged. All ACL policy routes in the machine's routing table are generated to generate several groups of ACL aggregation groups that can correspond to the machine's subnet routing table. At this time, replace the index of the original subnet route with the index of the ACL aggregation group to complete the policy routing processing of the original subnet route.
在一示例性的实施方式中,基于上述图2所示实施例,步骤S102具体包括:基于待转发报文的目标地址,查询目标路由中的ACL聚合组,判断ACL聚合组中是否存在指向目标地址的命中规则;在ACL聚合组中存在指向目标地址的命中规则的情况下,将指向目标地址的命中规则作为目标规则。In an exemplary implementation, based on the above embodiment shown in Figure 2, step S102 specifically includes: based on the target address of the message to be forwarded, query the ACL aggregation group in the target route, and determine whether there is an ACL aggregation group pointing to the target. The hit rule of the address; if there is a hit rule pointing to the target address in the ACL aggregation group, the hit rule pointing to the target address will be used as the target rule.
在一示例性的实施方式中,在ACL聚合组中不存在指向目标地址的命中规则的情况下,将初始规则作为目标规则。In an exemplary implementation, if there is no matching rule pointing to the target address in the ACL aggregation group, the initial rule is used as the target rule.
本实施例中,由于ACL匹配的方式是从上到下挨个进行匹配,因此,当子网路由的下一跳变成ACL聚合组index后,可以命中此子网路由的报文,即会按照ACL策略路由形成的聚合组,按照顺序挨个进行匹配。In this embodiment, since the ACL matching method is to match one by one from top to bottom, when the next hop of the subnet route becomes the ACL aggregation group index, the packets that can hit this subnet route will be processed according to the The aggregation groups formed by ACL policy routing are matched one by one in order.
在一示例性的实施方式中,假定交换机A配置了策略路由匹配条目:10.10.10.1重定向到1.1.1.1;10.10.10.2重定向到2.2.2.2。交换机A中路由表存在10.10.10.0/24路由下一跳为3.3.3.3。策略路由条目与交换机A中路由表进行比较,10.10.10.0/24路由表可以匹配10.10.10.1/10.10.10.2两条匹配条目。将此两条匹配条目放在ACL聚合组条目1中,将ACL聚合组index1作为路由10.10.10.0/24的一个单独属性存在。路由10.10.10.0/24的原下一跳3.3.3.3,此时不做任何变化,但是路由10.10.10.0/24在路由表中,同时存在一个ACL聚合组 属性和一个普通下一跳。此时,若交换机A收到报文目的地址为10.10.10.1,命中路由条目10.0.0.0/24,则优先匹配ACL聚合组属性,匹配到其中10.10.10.1重定向到下一跳地址为1.1.1.1的条目,则转发至下一跳1.1.1.1。同理,若收到报文目的地址为10.10.10.2的报文,则匹配规则并重定向转发至2.2.2.2。此时,若交换机A收到报文目的地址为10.10.10.3,由于无法匹配ACL聚合组属性,因此继续匹配该路由的原下一跳的转发规则,转发至原始路由10.10.10.0/24的下一跳地址3.3.3.3。In an exemplary implementation, it is assumed that switch A is configured with policy routing matching entries: 10.10.10.1 is redirected to 1.1.1.1; 10.10.10.2 is redirected to 2.2.2.2. There is a route 10.10.10.0/24 in the routing table of switch A. The next hop is 3.3.3.3. The policy routing entries are compared with the routing table in switch A. The 10.10.10.0/24 routing table can match two matching entries 10.10.10.1/10.10.10.2. Put these two matching entries in ACL aggregation group entry 1, and make ACL aggregation group index1 exist as a separate attribute of route 10.10.10.0/24. The original next hop of route 10.10.10.0/24 is 3.3.3.3. No changes are made at this time. However, route 10.10.10.0/24 is in the routing table and there is an ACL aggregation group. attributes and a common next hop. At this time, if switch A receives a message with the destination address 10.10.10.1 and hits the routing entry 10.0.0.0/24, it will first match the ACL aggregation group attribute, and the matched 10.10.10.1 will be redirected to the next hop address 1.1. The entry for 1.1 is forwarded to the next hop 1.1.1.1. Similarly, if a packet with the destination address 10.10.10.2 is received, the rule will be matched and redirected to 2.2.2.2. At this time, if switch A receives the message with the destination address 10.10.10.3, since it cannot match the ACL aggregation group attribute, it continues to match the forwarding rule of the original next hop of the route and forwards it to the next hop of the original route 10.10.10.0/24. One hop address 3.3.3.3.
在一示例性的实施方式中,在将ACL聚合组分配至子网路由中时,可以将原子网路由的下一跳,即初始规则,也作为此策略路由的一个命中规则,排布在每一组ACL策略路由规则的最后一条,最终将所有能匹配到设备本机路由表的所有ACL策略路由,生成若干组可以与本机子网路由表对应的ACL聚合组。此时,将ACL聚合组的index去替代原有子网路由的index,即可完成对原有子网路由的策略路由处理。In an exemplary implementation, when allocating the ACL aggregation group to the subnet route, the next hop of the atomic network route, that is, the initial rule, can also be used as a hit rule of this policy route and arranged in each The last one of a set of ACL policy routing rules will eventually combine all the ACL policy routes that can match the device's local routing table to generate several groups of ACL aggregation groups that can correspond to the local subnet routing table. At this time, replace the index of the original subnet route with the index of the ACL aggregation group to complete the policy routing processing of the original subnet route.
在一示例性的实施方式中,假定交换机A配置了策略路由匹配条目:10.10.10.1重定向到1.1.1.1;10.10.10.2重定向到2.2.2.2。交换机A中路由表存在10.10.10.0/24路由下一跳为3.3.3.3。策略路由条目与交换机A中路由表进行比较,10.10.10.0/24路由表可以匹配10.10.10.1/10.10.10.2两条匹配条目。将此两条匹配条目放在ACL聚合组条目1中,并将原路由匹配条目10.10.10.0/24下一跳为3.3.3.3,作为第三条匹配条目,也放在ACL聚合组条目1中。将路由10.10.10.0/24的原出口替换为ACL聚合组index1,指向ACL聚合组条目1。即原路由表10.10.10.0/24下一跳出口是指向3.3.3.3的,而被ACL聚合组条目1替代后,路由表10.10.10.0/24的下一跳出口指向了ACL聚合组1。此时,若交换机A收到报文目的地址为10.10.10.1,命中路由条目10.0.0.0/24,则转发至ACL聚合组1,匹配到其中10.10.10.1重定向到下一跳地址为1.1.1.1的条目,则转发至下一跳1.1.1.1。同理,若收到报文目的地址为10.10.10.2的报文,则匹配规则并重定向转发至2.2.2.2。此时,若交换机A收到报文目的地址为10.10.10.3,则匹配第三条原下一跳的转发规则,转发至原始路由10.10.10.0/24的下一跳地址3.3.3.3。以上即完成了整个策略路由替换原始路由下一跳的动作,额外地,策略路由的定义可以更加精细化,比如除了匹配报文的IP地址,还可以匹配任意报文的字段信息,比如源目的MAC地址,协议字段等ACL可以匹配的行为,因此,这样的匹配方式,可以使得一条路由的转发出现非常丰富的精细化匹配行为。In an exemplary implementation, it is assumed that switch A is configured with policy routing matching entries: 10.10.10.1 is redirected to 1.1.1.1; 10.10.10.2 is redirected to 2.2.2.2. There is a route 10.10.10.0/24 in the routing table of switch A. The next hop is 3.3.3.3. The policy routing entries are compared with the routing table in switch A. The 10.10.10.0/24 routing table can match two matching entries 10.10.10.1/10.10.10.2. Place these two matching entries in ACL aggregation group entry 1, and set the next hop of the original route matching entry 10.10.10.0/24 to 3.3.3.3 as the third matching entry, also place it in ACL aggregation group entry 1 . Replace the original exit of route 10.10.10.0/24 with ACL aggregation group index1, pointing to ACL aggregation group entry 1. That is, the next hop exit of the original routing table 10.10.10.0/24 points to 3.3.3.3, but after being replaced by ACL aggregation group entry 1, the next hop exit of routing table 10.10.10.0/24 points to ACL aggregation group 1. At this time, if switch A receives the message with the destination address 10.10.10.1 and hits the routing entry 10.0.0.0/24, it will forward it to ACL aggregation group 1, and the matched 10.10.10.1 will be redirected to the next hop address 1.1. The entry for 1.1 is forwarded to the next hop 1.1.1.1. Similarly, if a packet with the destination address 10.10.10.2 is received, the rule will be matched and redirected to 2.2.2.2. At this time, if switch A receives the packet with the destination address 10.10.10.3, it will match the forwarding rule of the third original next hop and forward it to the next hop address 3.3.3.3 of the original route 10.10.10.0/24. The above completes the entire policy routing action of replacing the next hop of the original route. In addition, the definition of policy routing can be more refined. For example, in addition to matching the IP address of the message, it can also match the field information of any message, such as source and destination. MAC addresses, protocol fields and other behaviors that ACL can match. Therefore, such a matching method can make the forwarding of a route have a very rich and refined matching behavior.
本实施例中,如果匹配到可以被ACL策略路由命中的重定向的报文,则被重定向,而最后所有无法命中的报文,由于最后一条ACL策略路由规则就是原下一跳的转发路径,因此,所有无法命中策略路由的报文,则按照其原有转发路径转发。 In this embodiment, if a redirected packet that can be hit by ACL policy routing is matched, it will be redirected. In the end, all packets that cannot be hit will be redirected because the last ACL policy routing rule is the forwarding path of the original next hop. , therefore, all packets that cannot hit the policy route are forwarded according to their original forwarding path.
请参照图3,图3为本公开提供的策略路由实现方法的第三实施例流程示意图;Please refer to Figure 3, which is a schematic flow chart of a third embodiment of the policy routing implementation method provided by the present disclosure;
如图3所示,基于上述图1所示实施例,基于目标规则对应的目标路径,重定向转发待转发报文之前,还包括:步骤S201至步骤S202。As shown in Figure 3, based on the above embodiment shown in Figure 1, based on the target path corresponding to the target rule, before redirecting and forwarding the message to be forwarded, steps S201 to S202 are also included.
步骤S201,基于快速重路由FRR,生成主路径,并判断主路径是否存在链路障碍。步骤S202,在主路径不存在链路故障的情况下,通过主路径转发待转发报文。Step S201: Generate a main path based on fast rerouting FRR, and determine whether there is a link obstacle on the main path. Step S202: If there is no link failure on the main path, forward the packet to be forwarded through the main path.
一般地,一般技术中策略路由ACL在转发逻辑的最前端,因此所有的报文只要按照ACL绑定策略从某个端口或者某个vlan进来,直接就会去匹配和命中策略路由的ACL策略,因此,无法走到后面的路由流程,导致虽然此功能名叫策略路由,但是其策略路由ACL并没有和路由有任何的联系。Generally speaking, in general technology, policy routing ACL is at the forefront of forwarding logic. Therefore, as long as all packets come in from a certain port or a certain VLAN according to the ACL binding policy, they will directly match and hit the ACL policy of policy routing. Therefore, it is impossible to proceed to the subsequent routing process. As a result, although this function is called policy routing, its policy routing ACL does not have any connection with routing.
本实施例中,因为策略路由成为路由下一跳属性,可以跟随路由进行生效,因此可以对路由的各种行为进行有效的响应。在配置路由FRR的时候,可以将策略路由的ACL聚合组直接作为其下一跳生效,即可实现路由FRR与策略路由叠加生效的功能,进而完成类似于路由的FRR功能的扩展。In this embodiment, because the policy route becomes the next hop attribute of the route and can take effect following the route, it can effectively respond to various behaviors of the route. When configuring routing FRR, the ACL aggregation group of policy routing can be directly used as its next hop to take effect, which can realize the function of routing FRR and policy routing superimposed to take effect, thus completing the expansion of FRR functions similar to routing.
其中,FRR(Fast Reroute,快速重路由)旨在当网络中链路或者节点失效后,为该节点或链路提供备份保护,实现快速重路由,减少链路或节点失效时对流量的影响,使流量实现快速恢复。Among them, FRR (Fast Reroute) aims to provide backup protection for the node or link when a link or node fails in the network, achieve fast rerouting, and reduce the impact on traffic when the link or node fails. Enable traffic to recover quickly.
在一示例性的实施方式中,在完成策略路由的配置后,形成路由10.10.10.0/24的策略路由下一跳。假定交换机A配置了策略路由匹配条目:10.10.10.1重定向到1.1.1.1;10.10.10.2重定向到2.2.2.2。交换机A中路由表存在10.10.10.0/24路由下一跳为3.3.3.3。此时,路由10.10.10.0/24形成了FRR路径,主路径为下一跳IP地址4.4.4.4,备用路径为上述策略路由下一跳。在FRR触发切换之前,命中此路由10.10.10.0/24的所有报文,按照主路径4.4.4.4进行转发。若FRR触发切换,则命中此路由10.10.10.0/24的报文按照策略路由下一跳的方式进行转发,即精细化命中策略路由ACL聚合组的转发方式进行转发。由此,即完成了策略路由FRR的形成,由于策略路由成为路由的下一跳属性,因此FRR的主备切换从普通路由转到策略路由的方式将会非常简单方便,并且可以形成两组策略路由互相切换的效果。In an exemplary implementation, after completing the configuration of policy routing, the policy routing next hop of route 10.10.10.0/24 is formed. Assume that switch A is configured with policy routing matching entries: 10.10.10.1 redirects to 1.1.1.1; 10.10.10.2 redirects to 2.2.2.2. There is a route 10.10.10.0/24 in the routing table of switch A. The next hop is 3.3.3.3. At this time, route 10.10.10.0/24 forms an FRR path, the main path is the next hop IP address 4.4.4.4, and the backup path is the next hop of the above policy routing. Before FRR triggers switchover, all packets hitting this route 10.10.10.0/24 are forwarded along the main path 4.4.4.4. If FRR triggers a switch, the packets that hit this route 10.10.10.0/24 are forwarded according to the next hop of policy routing, that is, the packets that hit the policy routing ACL aggregation group are forwarded in a refined manner. As a result, the formation of policy routing FRR is completed. Since policy routing becomes the next hop attribute of the route, the active and backup switching of FRR from ordinary routing to policy routing will be very simple and convenient, and two sets of policies can be formed. The effect of routing switching between each other.
请参照图4,图4为本公开提供的策略路由实现方法的第四实施例流程示意图。Please refer to FIG. 4 , which is a schematic flowchart of a fourth embodiment of the policy routing implementation method provided by the present disclosure.
如图4所示,基于上述图1所示实施例,基于目标规则对应的目标路径,重定向转发待转发报文,还包括:步骤S301至步骤S302。As shown in Figure 4, based on the above embodiment shown in Figure 1, redirecting and forwarding messages to be forwarded based on the target path corresponding to the target rule also includes: steps S301 to step S302.
步骤S301,基于等价多路径路由ECMP,生成等价路径。步骤S302,基于目标路径和等 价路径,分流转发待转发报文。Step S301: Generate equal-cost paths based on equal-cost multi-path routing ECMP. Step S302, based on the target path and so on price path, diverting and forwarding the packets to be forwarded.
本实施例中,因为策略路由成为路由下一跳属性,可以跟随路由进行生效,因此可以对路由的各种行为进行有效的响应。在配置路由ECMP的时候,可以将策略路由的ACL聚合组直接作为其下一跳生效,即可实现路由ECMP与策略路由叠加生效的功能,进而完成类似于路由的ECMP功能的扩展。In this embodiment, because the policy route becomes the next hop attribute of the route and can take effect following the route, it can effectively respond to various behaviors of the route. When configuring routing ECMP, you can directly use the ACL aggregation group of policy routing as its next hop to take effect, which can realize the function of superimposing routing ECMP and policy routing to take effect, thereby completing the expansion of ECMP functions similar to routing.
其中,EMCP(Equal Cost Multi-path,等价路由)可以在该网络环境下同时使用多条链路,不仅增加了传输带宽,并且可以无时延无丢包地备份失效链路的数据传输。Among them, EMCP (Equal Cost Multi-path, equal cost routing) can use multiple links at the same time in this network environment, which not only increases the transmission bandwidth, but also can back up the data transmission of failed links without delay and packet loss.
在一示例性的实施方式中,步骤S302具体包括:基于负载均衡原则和待转发报文的数据大小,确定目标规则对应的目标路径和等价路径的负载流量;基于负载流量,控制目标路径和等价路径分流转发待转发报文。In an exemplary implementation, step S302 specifically includes: based on the load balancing principle and the data size of the packet to be forwarded, determining the load flow of the target path and the equal-cost path corresponding to the target rule; based on the load flow, controlling the target path and Equal-cost paths forward packets to be forwarded.
在一示例性的实施方式中,在完成策略路由的配置后,形成路由10.10.10.0/24的策略路由下一跳。假定交换机A配置了策略路由匹配条目:10.10.10.1重定向到1.1.1.1;10.10.10.2重定向到2.2.2.2。交换机A中路由表存在10.10.10.0/24路由下一跳为3.3.3.3。此时,路由10.10.10.0/24形成了ECMP路径,形成两个等价下一跳,其中一个路径下一跳地址4.4.4.4,另外一个路径为上述策略路由下一跳。命中此路由10.10.10.0/24的所有报文,按照两个下一跳进行负载均衡转发,即一部分流量走4.4.4.4,另外一部分流量走策略路由下一跳出口。由此,即完成了策略路由ECMP的形成。由于策略路由成为路由的下一跳属性,因此ECMP的负载分担方式将会更加的多样化。In an exemplary implementation, after completing the configuration of policy routing, the policy routing next hop of route 10.10.10.0/24 is formed. Assume that switch A is configured with policy routing matching entries: 10.10.10.1 redirects to 1.1.1.1; 10.10.10.2 redirects to 2.2.2.2. There is a route 10.10.10.0/24 in the routing table of switch A. The next hop is 3.3.3.3. At this time, the route 10.10.10.0/24 forms an ECMP path and forms two equal-cost next hops. One of the paths has a next hop address of 4.4.4.4, and the other path is the next hop of the above-mentioned policy routing. All packets that hit this route 10.10.10.0/24 are forwarded load-balanced according to the two next hops, that is, part of the traffic goes through 4.4.4.4, and the other part of the traffic goes through the policy route next hop exit. Thus, the formation of policy routing ECMP is completed. Since policy routing becomes the next hop attribute of the route, the ECMP load sharing method will be more diverse.
请参阅图5,图5为本公开提供的一种策略路由实现设备的结构示意性框图。Please refer to FIG. 5 , which is a schematic structural block diagram of a policy routing implementation device provided by the present disclosure.
如图5所示,策略路由实现设备300包括处理器301和存储器302,处理器301和存储器302通过总线303连接,该总线比如为I2C(Inter-integrated Circuit)总线。As shown in Figure 5, the policy routing implementation device 300 includes a processor 301 and a memory 302. The processor 301 and the memory 302 are connected through a bus 303, which is, for example, an I2C (Inter-integrated Circuit) bus.
在一示例性的实施方式中,处理器301用于提供计算和控制能力,支撑整个策略路由实现设备的运行。处理器301可以是中央处理单元(Central Processing Unit,CPU),该处理器301还可以是其他通用处理器、数字信号处理器(Digital Signal Processor,DSP)、专用集成电路(Application Specific Integrated Circuit,ASIC)、现场可编程门阵列(Field-Programmable Gate Array,FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等。其中,通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。In an exemplary implementation, the processor 301 is used to provide computing and control capabilities to support the operation of the entire policy routing implementation device. The processor 301 can be a central processing unit (Central Processing Unit, CPU). The processor 301 can also be other general-purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC). ), Field-Programmable Gate Array (FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. The general processor may be a microprocessor or the processor may be any conventional processor.
在一示例性的实施方式中,存储器302可以是Flash芯片、只读存储器(ROM,Read-Only Memory)磁盘、光盘、U盘或移动硬盘等。 In an exemplary implementation, the memory 302 may be a Flash chip, a read-only memory (ROM, Read-Only Memory) disk, an optical disk, a USB disk, a mobile hard disk, or the like.
本领域技术人员可以理解,图5中示出的结构,仅仅是与本公开方案相关的部分结构的框图,并不构成对本公开方案所应用于其上的策略路由实现设备的限定,具体的策略路由实现设备可以包括比图中所示更多或更少的部件,或者组合某些部件,或者具有不同的部件布置。Those skilled in the art can understand that the structure shown in Figure 5 is only a block diagram of a partial structure related to the disclosed solution, and does not constitute a limitation on the policy routing implementation equipment to which the disclosed solution is applied. Specific policies A routing implementation device may include more or fewer components than shown in the figures, or combine certain components, or have a different arrangement of components.
其中,处理器301用于运行存储在存储器302中的计算机程序,并在执行计算机程序时实现本公开提供的任意一种所述的策略路由实现方法。The processor 301 is used to run a computer program stored in the memory 302, and implement any of the policy routing implementation methods provided by this disclosure when executing the computer program.
在一实施例中,处理器301用于运行存储在存储器中的计算机程序,并在执行计算机程序时实现如下步骤:在一实施例中,处理器301在实现时,用于实现:基于策略路由表和预设匹配规则,在至少一个子网路由中确定待转发报文命中的目标路由;获取目标路由中的初始规则和预分配的访问控制列表ACL聚合组,并基于待转发报文中的目标地址,在初始规则和ACL聚合组中的命中规则中,确定待转发报文命中的目标规则;在主路径存在链路故障的情况下,基于目标规则对应的目标路径,重定向转发待转发报文。In one embodiment, the processor 301 is used to run a computer program stored in the memory, and implement the following steps when executing the computer program: In one embodiment, when implemented, the processor 301 is used to implement: policy-based routing table and preset matching rules, determine the target route that the packet to be forwarded hits in at least one subnet route; obtain the initial rules in the target route and the pre-assigned access control list ACL aggregation group, and based on the packet to be forwarded The target address determines the target rule that the packet to be forwarded hits among the initial rules and the hit rules in the ACL aggregation group; in the case of a link failure on the main path, based on the target path corresponding to the target rule, redirection forwarding is performed. message.
需要说明的是,所属领域的技术人员可以清楚地了解到,为了描述的方便和简洁,上述描述的策略路由实现设备的具体工作过程,可以参考前述策略路由实现方法实施例中的对应过程,在此不再赘述。It should be noted that those skilled in the art can clearly understand that for the convenience and simplicity of description, the specific working process of the policy routing implementation device described above can be referred to the corresponding process in the foregoing policy routing implementation method embodiment. This will not be described again.
本公开还提供一种存储介质,用于计算机可读存储,存储介质存储有一个或者多个程序,一个或者多个程序可被一个或者多个处理器执行,以实现如本公开说明书提供的任一项策略路由实现方法。The present disclosure also provides a storage medium for computer-readable storage. The storage medium stores one or more programs. The one or more programs can be executed by one or more processors to implement any of the tasks provided by the present disclosure. A policy routing implementation method.
其中,存储介质可以是前述实施例所述的策略路由实现设备的内部存储单元,例如策略路由实现设备的硬盘或内存。存储介质也可以是策略路由实现设备的外部存储设备,例如策略路由实现设备上配备的插接式硬盘,智能存储卡(Smart Media Card,SMC),安全数字(Secure Digital,SD)卡,闪存卡(Flash Card)等。The storage medium may be an internal storage unit of the policy routing implementation device described in the previous embodiment, such as a hard disk or memory of the policy routing implementation device. The storage medium can also be an external storage device of the policy routing implementation device, such as a plug-in hard disk, smart memory card (Smart Media Card, SMC), secure digital (SD) card, flash memory card equipped on the policy routing implementation device (Flash Card) etc.
本公开提供一种策略路由实现方法,本公开通过将ACL聚合组预分配到各子网路由中,将ACL聚合组中的命中规则成为子网路由的规则属性,使得子网路由成为策略路由;通过策略路由表和预设匹配规则,确定待转发报文命中的目标路由后,可以在目标路由包含的命中规则和初始规则中,查询匹配对应的目标规则;并根据目标规则对应的目标路径,执行对待转发报文的重定向转发操作,使得策略路由可以跟随目标路由对目标规则的执行而同步生效,从而避免了在路由配置发生改变时,策略路由不能同步配置和生效的问题。由此,解决了现有策略路由的应用灵活性低的技术问题。本公开的技术方案通过将ACL聚合组预分配到各子网路由中,将ACL聚合组中的命中规则成为子网路由的规则属性,使得策略路由可以跟随目 标路由对目标规则的执行而同步生效,解决了目前策略路由的应用灵活性低的技术问题。The present disclosure provides a method for implementing policy routing. This disclosure pre-distributes ACL aggregation groups to each subnet route, and converts the hit rules in the ACL aggregation group into rule attributes of the subnet routing, so that the subnet routing becomes a policy routing; After determining the target route that the packet to be forwarded hits through the policy routing table and preset matching rules, you can query the matching target rule in the hit rules and initial rules contained in the target route; and based on the target path corresponding to the target rule, Perform the redirection forwarding operation of the packets to be forwarded so that policy routing can follow the target route's execution of the target rules and take effect simultaneously, thus avoiding the problem that policy routing cannot be configured and take effect simultaneously when the routing configuration changes. This solves the technical problem of low application flexibility of existing policy routing. The technical solution of the present disclosure pre-distributes ACL aggregation groups to each subnet route, and turns the hit rules in the ACL aggregation group into rule attributes of the subnet route, so that policy routing can follow the target Target routing takes effect simultaneously with the execution of target rules, which solves the technical problem of low flexibility in the application of current policy routing.
本领域普通技术人员可以理解,上文中所公开方法中的全部或某些步骤、系统、装置中的功能模块/单元可以被实施为软件、固件、硬件及其适当的组合。在硬件实施例中,在以上描述中提及的功能模块/单元之间的划分不一定对应于物理组件的划分;例如,一个物理组件可以具有多个功能,或者一个功能或步骤可以由若干物理组件合作执行。某些物理组件或所有物理组件可以被实施为由处理器,如中央处理器、数字信号处理器或微处理器执行的软件,或者被实施为硬件,或者被实施为集成电路,如专用集成电路。这样的软件可以分布在计算机可读介质上,计算机可读介质可以包括计算机存储介质(或非暂时性介质)和通信介质(或暂时性介质)。如本领域普通技术人员公知的,术语计算机存储介质包括在用于存储信息(诸如计算机可读指令、数据结构、程序模块或其他数据)的任何方法或技术中实施的易失性和非易失性、可移除和不可移除介质。计算机存储介质包括但不限于RAM、ROM、EEPROM、闪存或其他存储器技术、CD-ROM、数字多功能盘(DVD)或其他光盘存储、磁盒、磁带、磁盘存储或其他磁存储装置、或者可以用于存储期望的信息并且可以被计算机访问的任何其他的介质。此外,本领域普通技术人员公知的是,通信介质通常包含计算机可读指令、数据结构、程序模块或者诸如载波或其他传输机制之类的调制数据信号中的其他数据,并且可包括任何信息递送介质。Those of ordinary skill in the art can understand that all or some steps, systems, and functional modules/units in the devices disclosed above can be implemented as software, firmware, hardware, and appropriate combinations thereof. In hardware embodiments, the division between functional modules/units mentioned in the above description does not necessarily correspond to the division of physical components; for example, one physical component may have multiple functions, or one function or step may be composed of several physical components. Components execute cooperatively. Some or all of the physical components may be implemented as software executed by a processor, such as a central processing unit, a digital signal processor, or a microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit . Such software may be distributed on computer-readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). As is known to those of ordinary skill in the art, the term computer storage media includes volatile and nonvolatile media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data. removable, removable and non-removable media. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, Digital Versatile Disk (DVD) or other optical disk storage, magnetic cassettes, tapes, disk storage or other magnetic storage devices, or may Any other medium used to store the desired information and that can be accessed by a computer. Additionally, it is known to those of ordinary skill in the art that communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism, and may include any information delivery media .
应当理解,在本公开说明书和所附权利要求书中使用的术语“和/或”是指相关联列出的项中的一个或多个的任何组合以及所有可能组合,并且包括这些组合。需要说明的是,在本文中,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者系统不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者系统所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括该要素的过程、方法、物品或者系统中还存在另外的相同要素。It will be understood that the term "and/or" as used in this disclosure and the appended claims refers to and includes any and all possible combinations of one or more of the associated listed items. It should be noted that, as used herein, the terms "include", "comprising" or any other variation thereof are intended to cover a non-exclusive inclusion, such that a process, method, article or system that includes a list of elements not only includes those elements, but It also includes other elements not expressly listed or that are inherent to the process, method, article or system. Without further limitation, an element defined by the statement "comprises a..." does not exclude the presence of other identical elements in the process, method, article, or system that includes that element.
上述本公开序号仅仅为了描述,不代表实施例的优劣。以上所述,仅为本公开的具体实施例,但本公开的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本公开揭露的技术范围内,可轻易想到各种等效的修改或替换,这些修改或替换都应涵盖在本公开的保护范围之内。因此,本公开的保护范围应以权利要求的保护范围为准。 The above serial numbers of the present disclosure are only for description and do not represent the advantages and disadvantages of the embodiments. The above are only specific embodiments of the present disclosure, but the protection scope of the present disclosure is not limited thereto. Any person familiar with the technical field can easily think of various equivalent methods within the technical scope disclosed in the present disclosure. Modifications or substitutions, these modifications or substitutions should be covered by the protection scope of this disclosure. Therefore, the protection scope of the present disclosure should be subject to the protection scope of the claims.

Claims (10)

  1. 一种策略路由实现方法,包括:A policy routing implementation method, including:
    基于策略路由表和预设匹配规则,在至少一个子网路由中确定待转发报文命中的目标路由;Based on the policy routing table and preset matching rules, determine the target route that the packet to be forwarded hits in at least one subnet route;
    获取所述目标路由中的初始规则和预分配的访问控制列表ACL聚合组,并基于所述待转发报文中的目标地址,在所述初始规则和所述ACL聚合组中的命中规则中,确定所述待转发报文命中的目标规则;Obtain the initial rule in the target route and the pre-assigned access control list ACL aggregation group, and based on the target address in the message to be forwarded, among the initial rule and the hit rule in the ACL aggregation group, Determine the target rule hit by the message to be forwarded;
    在主路径存在链路故障的情况下,基于所述目标规则对应的目标路径,重定向转发所述待转发报文。When there is a link failure on the main path, the packet to be forwarded is redirected and forwarded based on the target path corresponding to the target rule.
  2. 根据权利要求1所述的策略路由实现方法,其中,所述基于策略路由表和预设匹配规则,在至少一个子网路由中确定待转发报文命中的目标路由的步骤之前,还包括:The policy routing implementation method according to claim 1, wherein the step of determining the target route hit by the packet to be forwarded in at least one subnet route based on the policy routing table and preset matching rules also includes:
    获取策略路由的命中规则,并基于各所述命中规则的掩码,对各所述命中规则进行分组,获得至少一个ACL聚合组;Obtain the hit rules of the policy routing, group the hit rules based on the mask of each hit rule, and obtain at least one ACL aggregation group;
    基于预设路由表中各子网路由的子网掩码和各所述ACL聚合组的掩码,将所述ACL聚合组分配至对应的所述子网路由中,获得所述子网路由的策略规则;Based on the subnet mask of each subnet route in the preset routing table and the mask of each ACL aggregation group, the ACL aggregation group is assigned to the corresponding subnet route, and the subnet route is obtained. policy rules;
    基于所述各子网路由的所述策略规则,获得所述策略路由表。The policy routing table is obtained based on the policy rules of each subnet route.
  3. 根据权利要求2所述的策略路由实现方法,其中,所述基于预设路由表中各子网路由的子网掩码和各所述ACL聚合组的掩码,将所述ACL聚合组分配至对应的所述子网路由中,获得所述子网路由的策略规则,包括:The policy routing implementation method according to claim 2, wherein the ACL aggregation group is assigned to In the corresponding subnet route, obtain the policy rules of the subnet route, including:
    基于预设路由表中各子网路由的子网掩码和各所述ACL聚合组的掩码的对应匹配,将各ACL聚合组分配至对应的所述子网路由中;Based on the corresponding matching between the subnet mask of each subnet route in the preset routing table and the mask of each ACL aggregation group, allocate each ACL aggregation group to the corresponding subnet route;
    获取所述子网路由的初始规则,并基于所述初始规则和所述ACL聚合组中的所述命中规则,获得所述子网路由的所述策略规则。Obtain the initial rule of the subnet route, and obtain the policy rule of the subnet route based on the initial rule and the hit rule in the ACL aggregation group.
  4. 根据权利要求1所述的策略路由实现方法,其中,所述基于所述待转发报文中的目标地址,在所述初始规则和所述ACL聚合组中的命中规则中,确定所述待转发报文命中的目标规则,包括:The policy routing implementation method according to claim 1, wherein based on the target address in the message to be forwarded, the initial rule and the hit rule in the ACL aggregation group determine that the message to be forwarded is The target rules that the packet hits include:
    基于所述待转发报文的目标地址,查询所述目标路由中的所述ACL聚合组,判断所述ACL聚合组中是否存在指向所述目标地址的命中规则; Based on the target address of the message to be forwarded, query the ACL aggregation group in the target route and determine whether there is a hit rule pointing to the target address in the ACL aggregation group;
    在所述ACL聚合组中存在指向所述目标地址的命中规则的情况下,将指向所述目标地址的命中规则作为所述目标规则。If there is a hit rule pointing to the target address in the ACL aggregation group, the hit rule pointing to the target address is used as the target rule.
  5. 根据权利要求4所述的策略路由实现方法,其中,所述基于所述待转发报文的目标地址,查询所述目标路由中的所述ACL聚合组,判断所述ACL聚合组中是否存在指向所述目标地址的命中规则的步骤之后,还包括:The policy routing implementation method according to claim 4, wherein based on the target address of the message to be forwarded, query the ACL aggregation group in the target route, and determine whether there is a link in the ACL aggregation group. After the step of matching the target address rule, it also includes:
    在所述ACL聚合组中不存在指向所述目标地址的命中规则的情况下,将所述初始规则作为所述目标规则。If there is no matching rule pointing to the target address in the ACL aggregation group, the initial rule is used as the target rule.
  6. 根据权利要求1所述的策略路由实现方法,其中,所述基于所述目标规则对应的目标路径,重定向转发所述待转发报文的步骤,还包括:The policy routing implementation method according to claim 1, wherein the step of redirecting and forwarding the message to be forwarded based on the target path corresponding to the target rule further includes:
    基于等价多路径路由ECMP,生成等价路径;Based on equal-cost multi-path routing ECMP, equal-cost paths are generated;
    基于所述目标路径和所述等价路径,分流转发所述待转发报文。Based on the target path and the equal-cost path, the packet to be forwarded is forwarded in a split-stream manner.
  7. 根据权利要求6所述的策略路由实现方法,其中,所述基于所述目标路径和所述等价路径,分流转发所述待转发报文的步骤,还包括:The method for implementing policy routing according to claim 6, wherein the step of offloading and forwarding the message to be forwarded based on the target path and the equal-cost path further includes:
    基于负载均衡原则和所述待转发报文的数据大小,确定所述目标规则对应的目标路径和所述等价路径的负载流量;Based on the load balancing principle and the data size of the packet to be forwarded, determine the target path corresponding to the target rule and the load flow of the equal-cost path;
    基于所述负载流量,控制所述目标路径和所述等价路径分流转发所述待转发报文。Based on the load flow, the target path and the equal-cost path are controlled to split and forward the packet to be forwarded.
  8. 根据权利要求1-7任一项所述的策略路由实现方法,其中,所述基于所述目标规则对应的目标路径,重定向转发所述待转发报文的步骤之前,还包括:The policy routing implementation method according to any one of claims 1 to 7, wherein before the step of redirecting and forwarding the message to be forwarded based on the target path corresponding to the target rule, the method further includes:
    基于快速重路由FRR,生成主路径,并判断所述主路径是否存在链路障碍;Based on fast rerouting FRR, generate a main path and determine whether there is a link obstacle on the main path;
    在所述主路径不存在链路故障的情况下,通过所述主路径转发所述待转发报文。If there is no link failure on the main path, the packet to be forwarded is forwarded through the main path.
  9. 一种策略路由实现设备,包括处理器、存储器、存储在所述存储器上并可被所述处理器执行的计算机程序以及用于实现所述处理器和所述存储器之间的连接通信的数据总线,其中所述计算机程序被所述处理器执行时,实现如权利要求1至8中任一项所述的策略路由实现方法的步骤。A policy routing implementation device, including a processor, a memory, a computer program stored on the memory and executable by the processor, and a data bus used to implement connection communication between the processor and the memory , wherein when the computer program is executed by the processor, the steps of the policy routing implementation method according to any one of claims 1 to 8 are implemented.
  10. 一种存储介质,用于计算机可读存储,所述存储介质存储有一个或者多个程序,所述一个或者多个程序可被一个或者多个处理器执行,以实现权利要求1至8中任一项所述的策略路由实现的方法的步骤。 A storage medium for computer-readable storage. The storage medium stores one or more programs. The one or more programs can be executed by one or more processors to implement any of claims 1 to 8. One step of the method for implementing policy routing.
PCT/CN2023/079008 2022-06-22 2023-03-01 Policy routing implementation method and device, and storage medium WO2023246161A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202210713346.0 2022-06-22
CN202210713346.0A CN117319343A (en) 2022-06-22 2022-06-22 Policy routing implementation method, device and storage medium

Publications (1)

Publication Number Publication Date
WO2023246161A1 true WO2023246161A1 (en) 2023-12-28

Family

ID=89283616

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2023/079008 WO2023246161A1 (en) 2022-06-22 2023-03-01 Policy routing implementation method and device, and storage medium

Country Status (2)

Country Link
CN (1) CN117319343A (en)
WO (1) WO2023246161A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117499293B (en) * 2024-01-02 2024-04-09 中移(苏州)软件技术有限公司 Routing table maintenance method, path selection method, device, system and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1897564A (en) * 2005-07-11 2007-01-17 中兴通讯股份有限公司 Strategic routing matching method based on recursive-flow category algorithm
CN104579940A (en) * 2013-10-10 2015-04-29 杭州华三通信技术有限公司 Method and apparatus for searching ACL
US20190190828A1 (en) * 2016-08-25 2019-06-20 Huawei Technologies Co., Ltd. Method and apparatus for generating acl table
CN111431798A (en) * 2020-03-31 2020-07-17 新华三信息安全技术有限公司 Route switching method and device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1897564A (en) * 2005-07-11 2007-01-17 中兴通讯股份有限公司 Strategic routing matching method based on recursive-flow category algorithm
CN104579940A (en) * 2013-10-10 2015-04-29 杭州华三通信技术有限公司 Method and apparatus for searching ACL
US20190190828A1 (en) * 2016-08-25 2019-06-20 Huawei Technologies Co., Ltd. Method and apparatus for generating acl table
CN111431798A (en) * 2020-03-31 2020-07-17 新华三信息安全技术有限公司 Route switching method and device

Also Published As

Publication number Publication date
CN117319343A (en) 2023-12-29

Similar Documents

Publication Publication Date Title
JP7327876B2 (en) Method and system for determining packet forwarding paths and network nodes
US11539626B2 (en) Method, apparatus, and system for load balancing of service chain
JP2021535695A (en) Routing optimization in a network computing environment
US11509584B2 (en) Routing method, related device, and system
US11336577B2 (en) Method and apparatus for implementing load sharing
WO2021169258A1 (en) Message forwarding method, routing information publishing method, apparatus and system
EP4102786A1 (en) Sr policy issuing method and apparatus and sr policy receiving method and apparatus
US9929937B2 (en) Layer 3 routing loop prevention system
US11018990B2 (en) Route priority configuration method, device, and controller
WO2023246161A1 (en) Policy routing implementation method and device, and storage medium
WO2021082812A1 (en) Message sending method and first network device
US11824765B2 (en) Fast redirect of traffic when pods fail
WO2020135339A1 (en) Network path convergence method and related device
US20190372883A1 (en) Method for scalable computer network partitioning
WO2016123904A1 (en) Routing convergence method, device and virtual private network system
CN106921576B (en) Virtualization system-based data network and management network flow separation method and device
CN106209634B (en) Learning method and device of address mapping relation
CN107181678B (en) Method and device for route convergence
CN110838978A (en) Message forwarding method and device
US9544225B2 (en) Method for end point identification in computer networks
CN114531396A (en) Fault back-switching method and device in Ethernet virtual private network
US20240031271A1 (en) Equal-cost multi-path (ecmp) routing with resiliency and consistent ordering
US11212221B1 (en) Methods to improve ECMP for BGP services and BGP for provider edges with hybrid label distribution
WO2024001315A1 (en) Network element switching method and apparatus, multi-chassis link aggregation group, and storage medium
CN113141265B (en) Cross-equipment link aggregation method and equipment

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 23825819

Country of ref document: EP

Kind code of ref document: A1