Detailed Description
The invention will be described in detail hereinafter with reference to the accompanying drawings in conjunction with embodiments. It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order.
In this embodiment, a unicast tunnel establishment method is provided, and fig. 2 is a flowchart of a unicast tunnel establishment method according to an embodiment of the present invention, where as shown in fig. 2, the flowchart includes the following steps:
step S202, the first network equipment receives a VxLAN message sent by the second network equipment;
step S204, the first network equipment analyzes identification information carried in the VxLAN message;
step S206, the first network device establishes a VxLAN unicast tunnel with the destination address as the second network device according to the identification information.
Through the steps, the first network device establishes the VxLAN unicast tunnel with the destination address as the second network device according to the identification information of the VxLAN message sent by the second network device, and the VxLAN unicast tunnel between the network devices is not established through private protocol message interaction by means of establishing a protocol stack between the network devices. Therefore, by adopting the steps, the problem of low efficiency of building the VxLAN unicast tunnel through private protocol message interaction in the related technology is solved, the VxLAN unicast tunnel is built quickly, and the efficiency of building the VxLAN unicast tunnel is improved.
Optionally, in step S204, the first network device first determines whether a VxLAN unicast tunnel with a destination address as the second network device is already established, and if it is determined that the VxLAN unicast tunnel with the destination address as the second network device is not established, the first network device parses the identification information of the VxLAN packet. Through the steps, the first network equipment can selectively establish the VxLAN unicast tunnel, so that the purpose of saving resources is achieved, and reasonable utilization of the resources is realized. For the condition that the VxLAN unicast tunnel with the destination address being the second network device is already established, the first network device may directly perform conventional forwarding on the received VxLAN message without analyzing the information for establishing the unicast tunnel.
Optionally, after step S202, the first network device may decapsulate the VxLAN packet, and send the inner packet in the VxLAN packet obtained by decapsulation to the first client in communication with the network side through the first network device, so that the first network device may obtain the identification information from the VxLAN packet used for communication with the first client, and complete forwarding of the inner packet in the VxLAN packet to the first client. Therefore, through the steps, the first network device can realize the quick establishment of the VxLAN unicast tunnel in the interaction process of the inner layer messages between the clients, and the efficiency of establishing the VxLAN unicast tunnel is improved.
Optionally, the VxLAN packet may be obtained by encapsulating, by a second network device, an inner layer packet according to a VxLAN service specification standard, and in order to determine a location of the second network device, and thereby establish a VxLAN unicast tunnel with a destination address of the second network device, the identification information includes: the IP address of the second network equipment and the source MAC address of the inner layer message encapsulated in the VxLAN message; or the presentation information may include: the IP address of the second network device and the source IP address of the inner layer message encapsulated in the VxLAN message.
The VxLAN message is obtained by encapsulating the second network device, so that the IP address of the second network device is the source IP address in the outer layer label of the VxLAN message.
Optionally, in step S206, the first network device may determine whether the VxLAN packet is terminated locally on the first network device; and if so, acquiring identification information such as an IP address of the second network device in the VxLAN message and a source MAC address of the inner layer message, and the like, and realizing the establishment of the VxLAN unicast tunnel with the destination address of the second network device, wherein the VxLAN unicast tunnel is established through the MAC address in the inner layer message, so that the VxLAN unicast tunnel is an L2VxLAN unicast tunnel.
Optionally, in step S206, the first network device may determine whether the VxLAN packet is terminated locally on the first network device; and if so, acquiring identification information such as the IP address of the second network device in the VxLAN message and the source IP address of the inner layer message, and the like, and realizing the establishment of the VxLAN unicast tunnel with the destination address of the second network device, wherein the VxLAN unicast tunnel is established through the IP address in the inner layer message, so that the VxLAN unicast tunnel is an L3VxLAN unicast tunnel.
Optionally, the identification information may further include at least one of: VLAN information carried in an outer layer label of the VxLAN message, VNI information carried in the outer layer label of the VxLAN message, and Next HOP Next HOP information inquired according to the IP address of the second network device.
Optionally, in step S204, the first network device may analyze the IP address of the second network device carried in the VxLAN message, and establish a VxLAN unicast tunnel with a destination address as the second network device according to the IP address of the second network device, and perform conventional forwarding on other messages encapsulated in the VxLAN message. Therefore, through the steps, the first network device only needs to establish the VxLAN unicast tunnel with the destination address as the second network device according to the IP address of the second network device carried in the VxLAN message, and the VxLAN unicast tunnel is established quickly.
Optionally, before step S202, the second network device may receive an inner layer packet sent by a second client communicating with the network side through the second network device to a first client communicating with the network side through the first network device, encapsulate the inner layer packet into a VxLAN packet according to a VxLAN service specification standard, and send the VxLAN packet to the first network device. Through the steps, the VxLAN message carries the identification information, so that the first network equipment can quickly establish the VxLAN unicast tunnel with the destination address as the second network equipment according to the identification information carried in the VxLAN message, and the efficiency of establishing the VxLAN unicast tunnel is improved.
Optionally, when the second network device encapsulates the inner layer message into a VxLAN message according to a VxLAN service specification standard, it may be determined whether a VxLAN unicast tunnel with a destination address as the first network device is already established, and if it is determined that the VxLAN unicast tunnel with the destination address as the first network device is not established, the second network device encapsulates the inner layer message into a VxLAN multicast message according to the VxLAN service specification standard, and sends the VxLAN multicast message through the VxLAN multicast tunnel, so that the VxLAN multicast message is received by the first network device. Therefore, through the steps, the second network device can selectively send VxLAN messages through the multicast tunnel under the condition that the VxLAN unicast tunnel with the destination address as the first network device is not established, so that the first network device can receive the VxLAN messages, and the VxLAN unicast tunnel with the destination address as the second network device is established quickly according to the VxLAN messages.
Optionally, the second network device may further encapsulate the inner layer packet into a VxLAN unicast packet according to a VxLAN service specification standard under the condition that it is determined that the VxLAN unicast tunnel with the destination address as the first network device is already established, and then send the VxLAN unicast packet to the first network device through the VxLAN unicast tunnel with the destination address as the first network device. As can be seen, through the above steps, the second network device may selectively send a VxLAN unicast message through a unicast tunnel in the case that the VxLAN unicast tunnel with the destination address as the first network device has been established, so that the first network device can receive the VxLAN unicast message, and quickly establish the VxLAN unicast tunnel with the destination address as the second network device according to the VxLAN unicast message.
Optionally, in order to implement monitoring of the VxLAN tunnel established by the first network device, thereby completing management of the VxLAN tunnel, after step S206, the first network device may count a usage rate of the VxLAN tunnel established by the first network device within a preset time period, and delete the VxLAN tunnel established by the first network device whose usage rate is lower than a preset value according to a comparison between a statistical result and the preset value, where the VxLAN tunnel established by the first network device includes: a VxLAN unicast tunnel and/or a VxLAN multicast tunnel.
Through the above description of the embodiments, those skilled in the art can clearly understand that the method according to the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but the former is a better implementation mode in many cases. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, or a network device) to execute the method according to the embodiments of the present invention.
In this embodiment, a unicast tunnel establishing apparatus is further provided, which is applied to a first network device, and is used to implement the foregoing embodiments and preferred embodiments, and details of which have been already described are omitted. As used below, the term "module" may be a combination of software and/or hardware that implements a predetermined function. Although the means described in the embodiments below are preferably implemented in software, an implementation in hardware, or a combination of software and hardware is also possible and contemplated.
Fig. 3 is a block diagram of a unicast tunnel establishment apparatus according to an embodiment of the present invention, and as shown in fig. 3, the apparatus includes: the device comprises a first receiving module 32, an analyzing module 34 and an establishing module 36, wherein the first receiving module 32 is used for receiving a VxLAN message sent by second network equipment; the analysis module 34 is coupled to the first receiving module 32 and used for analyzing the identification information of the VxLAN message; and the establishing module 36 is coupled to the parsing module 34 and configured to establish a VxLAN unicast tunnel with a destination address of the second network device according to the identification information.
Fig. 4 is a first optional structure block diagram of the unicast tunnel establishment apparatus according to the embodiment of the present invention, as shown in fig. 4, optionally, the parsing module 34 includes: a judging unit 42 and an analyzing unit 44, wherein the judging unit 42 is configured to judge whether a VxLAN unicast tunnel with a destination address of the second network device is established; and the analyzing unit 44 is coupled to the judging unit 42 and is used for analyzing the identification information of the VxLAN message by the first network device under the condition that the VxLAN unicast tunnel with the destination address being the second network device is not established.
Fig. 5 is a block diagram of an optional structure of a unicast tunnel establishment apparatus according to an embodiment of the present invention, as shown in fig. 5, optionally, the apparatus further includes: a decapsulation module 52 and a first sending module 54, where the decapsulation module 52 is coupled to the first receiving module 32, and is configured to decapsulate the VxLAN packet to obtain an encapsulated inner layer packet in the VxLAN packet, if a destination address of the encapsulated inner layer packet in the VxLAN packet is a first client; and a first sending module 54, coupled to the decapsulating module 52, configured to send the inner layer packet to a first client, where the first client is a client that communicates with the network side through a first network device.
Optionally, the VxLAN packet may be obtained by encapsulating, by a second network device, an inner layer packet according to a VxLAN service specification standard, where the identification information in the analysis module 34 includes: the IP address of the second network device and the source MAC address of the inner layer message encapsulated in the VxLAN message.
Fig. 6 is a block diagram of an optional structure of a unicast tunnel establishment apparatus according to an embodiment of the present invention, as shown in fig. 6, optionally, the establishment module 36 includes: a first judging unit 62 and a first establishing unit 64, where the first judging unit 62 is configured to judge whether the VxLAN message is terminated locally on the first network device; and a first establishing unit 64, coupled to the first judging unit 62, configured to, if the judgment result is yes, establish a VxLAN unicast tunnel with a destination address of the second network device according to identification information including the IP address of the second network device and the source MAC address of the inner layer packet, where the VxLAN unicast tunnel is an L2VxLAN unicast tunnel.
Optionally, the identification information further includes at least one of: VLAN information carried in an outer layer label of the VxLAN message, VNI information carried in the outer layer label of the VxLAN message and Next HOP information inquired according to the IP address of the second network device.
Optionally, in a case where the inner layer packet is an ARP request packet, the identification information may include: the IP address of the second network device and the source IP address of the ARP request message.
Fig. 7 is a block diagram of an optional structure of a unicast tunnel establishment apparatus according to an embodiment of the present invention, as shown in fig. 7, optionally, the establishment module 36 further includes: a second judging unit 72 and a second establishing unit 74, where the second judging unit 72 is configured to judge whether the VxLAN packet is terminated locally on the first network device; and a second establishing unit 74, coupled to the second determining unit 72, configured to establish, when the determination result is yes, a VxLAN unicast tunnel with a destination address of the second network device according to the identification information including the IP address of the second network device and the source IP address of the ARP request packet, where the VxLAN unicast tunnel is an L3VxLAN unicast tunnel.
Optionally, the identification information further includes at least one of: VLAN information carried in an outer layer label of the VxLAN message, VNI information carried in the outer layer label of the VxLAN message, and Next HOP information inquired according to an IP address of second network equipment (namely a source IP address of the VxLAN message).
Fig. 8 is a block diagram of an optional structure of a unicast tunnel establishment apparatus according to an embodiment of the present invention, as shown in fig. 8, optionally, the apparatus further includes: statistics module 82, second judgement module 84 and deletion module 86, wherein, statistics module 82, coupled to establishment module 36, is used for counting the usage of the VxLAN tunnel established by the first network device within a preset time period, and wherein the VxLAN tunnel established by the first network device includes: a VxLAN unicast tunnel and/or a VxLAN multicast tunnel; a second judging module 84, coupled to the counting module 82, configured to judge, according to a counting result, whether a usage rate of the VxLAN tunnel established by the first network device is lower than a preset value; and a deleting module 86, coupled to the second judging module 84, configured to delete a VxLAN tunnel with a usage rate lower than a preset value from the VxLAN tunnels established by the first network device.
In this embodiment, a unicast tunnel establishment system is further provided, and fig. 9 is a block diagram of a structure of a unicast tunnel establishment system according to an embodiment of the present invention, as shown in fig. 9, the system includes: a first network device 92 and a second network device 94, wherein the first network device 92 comprises any of the unicast tunnel establishment means described above; second network device 94, coupled to first network device 92, is configured to send a VxLAN message to the first network device.
Fig. 10 is a block diagram of an alternative structure of the unicast tunnel establishment system according to the embodiment of the present invention, as shown in fig. 10, optionally, the second network device 94 includes: the second receiving module 102 is configured to receive an inner layer packet sent by a second client to a first client, where the second client is a client that communicates with a network side through a second network device, and the first client is a client that communicates with the network side through a first network device; the encapsulating module 104 is coupled to the second receiving module 102 and is used for encapsulating the inner layer message into a VxLAN message according to a VxLAN service specification standard; and a second sending module 106, coupled to the encapsulating module 104, configured to send the VxLAN message to the first network device.
Fig. 11 is a block diagram of an optional structure of a unicast tunnel establishment system according to an embodiment of the present invention, as shown in fig. 11, optionally, the encapsulation module 104 includes: a third judging unit 112 and a first encapsulating unit 114, where the third judging unit 112 is configured to judge whether a VxLAN unicast tunnel whose destination address is the first network device is established; the first encapsulating unit 114, coupled to the third determining unit 112, configured to, when it is determined that a VxLAN unicast tunnel with a destination address of the first network device is not established, encapsulate, by the second network device, the inner layer packet into a VxLAN packet according to a VxLAN service specification standard, where the VxLAN packet is a VxLAN multicast packet; and the second sending module of the second network equipment is used for sending the VxLAN message through the VxLAN multicast tunnel so as to be received by the first network equipment.
Fig. 12 is a block diagram of an optional structure of a unicast tunnel establishment system according to an embodiment of the present invention, and as shown in fig. 12, optionally, the encapsulation module 104 further includes: the second encapsulating unit 122 is coupled to the third judging unit 112, and is configured to encapsulate the inner layer packet into a VxLAN packet according to a VxLAN service specification standard under the condition that the VxLAN unicast tunnel with the established destination address of the first network device is judged, where the VxLAN packet is a VxLAN unicast packet; and the second sending module of the second network device is used for sending the VxLAN message to the first network device through the VxLAN unicast tunnel with the destination address as the first network device.
It should be noted that, the above modules may be implemented by software or hardware, and for the latter, the following may be implemented, but not limited to: the modules are all positioned in the same processor; alternatively, the modules are respectively located in a plurality of processors.
The embodiment of the present invention also provides software for executing the technical solutions described in the above embodiments and preferred embodiments.
The embodiment of the invention also provides a storage medium. In the present embodiment, the storage medium described above may be configured to store program code for performing the steps of:
step S202, the first network equipment receives a VxLAN message sent by the second network equipment;
step S204, the first network equipment analyzes the identification information of the VxLAN message;
step S206, the first network device establishes a VxLAN unicast tunnel with the destination address as the second network device according to the identification information.
Optionally, in this embodiment, the storage medium may include, but is not limited to: various media capable of storing program codes, such as a usb disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic disk, or an optical disk.
In order to make the description of the embodiments of the present invention clearer, the following description and illustrations are made with reference to alternative embodiments.
An optional embodiment of the present invention provides a method and an apparatus for quickly establishing a VxLAN unicast tunnel, which may save components for respectively establishing protocol stacks on network devices at two ends, save private protocol packet interaction between the network devices, and save transmission time consumed in the packet interaction process.
The method for establishing a unicast tunnel provided by the alternative embodiment of the invention comprises the following steps: the source end (equivalent to the second network device) sends the VxLAN message, the message is transmitted to the opposite end (equivalent to the first network device) through the VxLAN multicast tunnel (or unicast tunnel), the VxLAN unicast tunnel is established after the opposite end receives the VxLAN message, and the interaction of the unidirectional VxLAN message can save service deployment requirements and hardware resources for respectively establishing a protocol stack on the network devices at the two ends, can save transmission time consumed by message interaction of the private protocol between the network devices at the two ends through a cloud network, and achieves the effect of quickly establishing the VxLAN unicast tunnel.
The apparatus for establishing a unicast tunnel according to an alternative embodiment of the present invention includes:
and the sending and receiving unit is used for realizing data exchange between the network equipment and the host/client and data exchange between the network equipment through a cloud network.
The VxLAN coding unit is used for realizing the encapsulation operation of the inner layer message which is received by the sending and receiving unit of the network equipment and sent from the host/client and conforms to the VxLAN service specification standard; and moreover, counting the utilization rate information of the VxLAN multicast tunnel or the VxLAN unicast tunnel used by the inner layer message coding is realized.
The VxLAN decoding unit is used for realizing the operation of de-encapsulation of the VxLAN service message transmitted from the cloud network and received by the sending and receiving unit of the network equipment, and the operation conforms to the VxLAN service specification standard; and the operation of analyzing the IP address information of the far-end network equipment carried by the VxLAN service message, the VLAN and VNI of the VxLAN message, the source IP address or source MAC address of the inner layer message, and the Next HOP (Next HOP) and other identification information inquired according to the source IP address of the VxLAN message, and then transmitting the identification information to the data management unit and the tunnel configuration unit is also realized.
The VxLAN unicast tunnel establishing device comprises a data management unit, a network device and a network device, wherein the data management unit is used for storing IP address information of a far-end network device needing to establish a VxLAN unicast tunnel, VLAN and VNI of a VxLAN message, a source IP address or a source MAC address of an inner-layer message, and identification information such as Next HOP inquired according to the source IP address of the VxLAN message (namely the IP address of the far-end network device); and IP address information of local network equipment, VLAN and VNI of the VxLAN message, a source IP address or a source MAC address of an inner layer message, and identification information such as Next HOP inquired according to the source IP address of the VxLAN message are also stored. A generic database interface is also provided.
The tunnel configuration unit is used for realizing the operation of establishing the VTEP at the local network equipment; the operation of establishing a VxLAN multicast tunnel according to the VTEP and VxLAN multicast information is also realized; in addition, the operation of establishing a VxLAN unicast tunnel according to IP address information of the VTEP and the remote network equipment, VLAN and VNI of the VxLAN message, a source IP address or a source MAC address of the inner layer message, and identification information such as Next HOP inquired according to the source IP address of the VxLAN message is also realized; and, the operation of deleting the VxLAN tunnel is also executed according to the utilization rates of the VxLAN multicast tunnel and the VxLAN unicast tunnel which are already established; and moreover, the operations of accessing and modifying the records of the data management unit through a general database interface provided by the data management unit are realized.
The method for establishing a unicast tunnel according to the alternative embodiment of the present invention may include the following steps:
step 11, firstly, establishing a fully-connected VxLAN multicast tunnel between network devices;
step 12, transmitting the inner layer message of the unicast tunnel without VxLAN through the VxLAN multicast tunnel;
step 13, after the VxLAN multicast message is received by the far-end network equipment, a VxLAN unicast tunnel with a destination address as the local-end network equipment is established on the far-end network equipment by utilizing the IP address information of the local-end network equipment, the VLAN and VNI of the VxLAN message, the source IP address or the source MAC address of the inner-layer message and the identification information such as Next HOP inquired according to the source IP address of the VxLAN message;
step 14, the far-end network device can send a VxLAN unicast message to the home-end network device through the VxLAN unicast tunnel, and after the home-end network device receives the VxLAN unicast message, the VxLAN unicast tunnel with the destination address as the far-end network device is established on the home-end network device by using the IP address information of the far-end network device carried by the home-end network device, the VLAN and the VNI of the VxLAN message, the source IP address or the source MAC address of the inner layer message, and the identification information such as Next HOP inquired according to the source IP address of the VxLAN message;
step 15, when the network device encapsulates and sends the inner layer message, the VxLAN tunnel of different service types can be flexibly selected:
if the network equipment establishes a VxLAN unicast tunnel which takes the destination address of the inner layer message as the remote network equipment, the inner layer message can be packaged into the VxLAN unicast message and sent through the VxLAN unicast tunnel;
if a VxLAN unicast tunnel with the destination address of the inner layer message as the remote network equipment is not established, the inner layer message can be packaged into a VxLAN multicast message and sent through the VxLAN multicast tunnel;
step 16, the network device counts the usage rate of the VxLAN multicast tunnel and the VxLAN unicast tunnel which are already established, and the VxLAN multicast tunnel and the VxLAN unicast tunnel with the usage rate of 0 can be deleted within a certain time limit.
The method for establishing a unicast tunnel according to the alternative embodiment of the present invention may further include the following steps:
step 21, configuring VTEP on the network equipment, for identifying VxLAN multicast message, and for identifying VxLAN unicast message with destination address as home terminal network equipment;
step 22, configuring a tunnel configuration unit on the network equipment, and establishing a VxLAN multicast tunnel according to the VTEP and VxLAN multicast information;
step 23, configuring a tunnel configuration unit on the network device, for establishing a VxLAN unicast tunnel according to the IP address information of the VTEP and the remote network device, the VLAN and VNI of the VxLAN packet, the source IP address or source MAC address of the inner layer packet, and the identification information such as Next HOP and the like inquired according to the source IP address of the VxLAN packet;
step 24, configuring a data management unit on the network device, for storing the IP address information of the local network device, the IP address information of the remote network device needing to establish the VxLAN unicast tunnel, the VLAN and VNI of the VxLAN message, the source IP address or source MAC address of the inner layer message, and the identification information such as Next HOP inquired according to the source IP address of the VxLAN message;
and step 25, configuring a data management unit on the network equipment, wherein the data management unit is used for storing the utilization rates of the VxLAN multicast tunnel and the VxLAN unicast tunnel established by the local network equipment and counted by the VxLAN coding unit.
An alternative embodiment of the present invention will now be described with reference to the accompanying drawings.
The technical scheme of the invention is further elaborated in the following by combining the attached drawings.
Fig. 13 is a block diagram of a structure of an apparatus for quickly establishing a VxLAN unicast tunnel according to an alternative embodiment of the present invention, as shown in fig. 13, the apparatus includes:
a sending and receiving unit 1302, configured to transmit a VxLAN service packet according to an ethernet three-layer (network layer) protocol packet;
the VxLAN coding unit 1304 is used for receiving the inner layer message sent by the host/client, following the VxLAN service specification standard and carrying out VxLAN service encapsulation on the inner layer message;
the VxLAN decoding unit 1306 is used for receiving VxLAN service messages from the cloud network, decapsulating the VxLAN service messages according to a VxLAN service specification standard, and then sending the inner layer messages to the host/client. The VxLAN decoding unit also analyzes IP address information of the remote network equipment carried by the VxLAN service message, a VLAN (virtual local area network) and a VNI (virtual network interface) of the VxLAN message, a source IP address or a source MAC (media access control) address of the inner layer message, and identification information such as Next HOP (Next HOP) inquired according to the source IP address of the VxLAN message, and transmits the identification information to the data management unit and informs the tunnel configuration unit;
and a data management unit 1308 for storing the IP address information of the remote network device that needs to establish the VxLAN unicast tunnel, the VLAN and VNI of the VxLAN packet, the source IP address or source MAC address of the inner layer packet, and identification information such as Next HOP queried according to the source IP address of the VxLAN packet. The data management unit also stores the IP address information of the local network equipment, the VLAN and VNI of the VxLAN message, the source IP address or source MAC address of the inner layer message, and the identification information such as Next HOP inquired according to the source IP address of the VxLAN message;
a tunnel configuration unit 1310, configured to establish a VTEP in the local network device, and establish a VxLAN multicast tunnel according to the VTEP and the VxLAN multicast information; wherein,
the tunnel configuration unit 1310 is further configured to establish a VxLAN unicast tunnel according to the IP address information of the VTEP and the remote network device, the VLAN and VNI of the VxLAN packet, the source IP address or the source MAC address of the inner layer packet, and identification information such as Next HOP queried according to the source IP address of the VxLAN packet;
a tunnel configuration unit 1310, further configured to delete redundant tunnels according to the VxLAN tunnel usage;
the tunnel configuration unit 1310 is further configured to access the record of the data management unit, and may also identify and modify the record of the data management unit.
Fig. 14 is a block diagram of a structure of a VxLAN unicast tunnel system for fast establishment according to an alternative embodiment of the present invention, as shown in fig. 14, the system includes: a network device C; the network equipment D is coupled to the network equipment C through a cloud network; the host/client A is coupled to the network equipment C to realize network side communication; the host/client B realizes network side communication by being coupled to the network equipment D; wherein,
the network device C includes: a transmitting and receiving unit C101, a VxLAN encoding unit C102, a VxLAN decoding unit C103, a data management unit C104, a timer C105, and a tunnel configuration unit C106;
the network device D includes: a transmitting and receiving unit D201, a VxLAN encoding unit D202, a VxLAN decoding unit D203, a data management unit D204, a timer D205, and a tunnel configuration unit D206.
In the case of establishing an L2VxLAN unicast tunnel (host/client a and host/client B belong in the same VLAN), the system may implement the following steps:
step 1, a tunnel configuration unit C106 configures VTEP at the network equipment C according to the local equipment information of the network equipment C and the VxLAN multicast service public information, and establishes a VxLAN multicast tunnel according to the VTEP and the VxLAN multicast information;
step 2, a tunnel configuration unit D206 configures VTEP in the network equipment D according to the local equipment information of the network equipment D and the VxLAN multicast service public information, and establishes a VxLAN multicast tunnel according to the VTEP and the VxLAN multicast information;
step 3, when the host/client a sends an inner layer message to the network device C, the VxLAN encoding unit C102 judges according to the MAC: if the inner layer message is unknown unicast, transmitting the message through a VxLAN multicast tunnel; and if the inner layer message is a unicast service message, attempting to package the inner layer message into a VxLAN unicast message, and transmitting the VxLAN unicast message through a VxLAN unicast tunnel. Since the network device C has not established the VxLAN unicast tunnel required by the destination address of the unicast service packet (i.e., the host/client B), it can only process the unicast packet according to the unknown processing mode. The VxLAN coding unit C102 packages the inner layer message into a VxLAN multicast message and transmits the VxLAN multicast message through a VxLAN multicast tunnel;
step 4, VxLAN multicast tunnel transmission messages are packaged and sent from the VTEP of the network equipment C, penetrate through a cloud network, reach VTEPs of all network equipment in the network, and complete tunnel transmission;
and step 5, the network device D receives the VxLAN service message from the cloud network, the VxLAN decoding unit D203 unpacks the VxLAN service message according to the VxLAN service specification standard, and the inner layer message is sent to the host/client B. Meanwhile, the network device D may analyze the IP address information of the remote device (network device C) carried in the VxLAN multicast packet, the VLAN and VNI of the VxLAN packet, the source MAC address of the inner layer packet, and identification information such as Next HOP queried according to the source IP address of the VxLAN packet, and transmit the information to the data management unit D204 and notify the tunnel configuration unit D206;
step 6, the data management unit D204 records all received IP address information of the remote device, VLAN and VNI of the VxLAN packet, and source MAC address of the inner layer packet, and provides a general database interface (including addition, deletion, modification, and query records) according to identification information such as Next HOP queried by the source IP address of the VxLAN packet;
step 7, after receiving the notification of the VTEP, the tunnel configuration unit D206 establishes a VxLAN unicast tunnel according to the IP address information of the VTEP of the home device and the remote network device, the VLAN and VNI of the VxLAN packet, the source MAC address of the inner layer packet, and the identification information such as Next HOP and the like queried according to the source IP address of the VxLAN packet. When the message with the target IP as the far-end network equipment is received again, the message is directly unpacked and the configuration unit is notified;
step 8, when the host/client B sends the inner layer message to the network device D, the VxLAN encoding unit D202 determines: if the inner layer message is an unknown unicast service message, packaging the message into a VxLAN multicast message, and transmitting the VxLAN multicast message through a VxLAN multicast tunnel; and if the inner layer message is a unicast service message, attempting to package the inner layer message into a VxLAN unicast message, and transmitting the VxLAN unicast message through a VxLAN unicast tunnel. Since the network device D has already established the VxLAN unicast tunnel required by the destination address of this unicast service packet (i.e., host/client a), the processing manner of the unicast packet may be known. The VxLAN encoding unit D202 encapsulates the inner layer message into a VxLAN unicast message, and transmits the VxLAN unicast message through a VxLAN unicast tunnel;
step 9, VxLAN unicast tunnel transmission messages are packaged and sent from the VTEP of the network equipment D, penetrate through a cloud network and reach the VTEP of the network equipment C, and tunnel transmission is completed;
step 10, the network device C receives VxLAN service messages from the cloud network, the VxLAN decoding unit C103 unpacks the VxLAN service messages according to the VxLAN service specification standard, and the inner layer messages are sent to the host/client A. Meanwhile, the network device C can analyze IP address information of a remote device (network device D) carried by the VxLAN message, a VLAN (virtual local area network) and a VNI (virtual network interface) of the VxLAN message, a source MAC (media access control) address of an inner layer message, and identification information such as Next HOP (Next HOP) inquired according to the source IP address of the VxLAN message;
step 11, the network device C receives a VxLAN service message from the cloud network, and establishes a VxLAN unicast tunnel at the network device C end according to the VTEP of the local device and the IP address information of the remote network device, the VLAN and VNI of the VxLAN message, the source MAC address of the inner layer message, and the identification information such as Next HOP queried according to the source IP address of the VxLAN message, in a similar manner as in steps 5 to 7;
and step 12, counting the utilization rate of the VxLAN unicast tunnel, and deleting the VxLAN tunnel with the utilization rate of 0.
In the case of establishing an L3VxLAN unicast tunnel (host/client a and host/client B belong to different VLANs), the gateway will be described and illustrated as being configured on network device D in a centralized gateway manner. The system may also implement the steps of:
step 1, a tunnel configuration unit C106 configures VTEP at the network equipment C according to the local equipment information of the network equipment C and the VxLAN multicast service public information, and establishes a VxLAN multicast tunnel according to the VTEP and the VxLAN multicast information;
step 2, a tunnel configuration unit D206 configures VTEP in the network equipment D according to the local equipment information of the network equipment D and the VxLAN multicast service public information, and establishes a VxLAN multicast tunnel according to the VTEP and the VxLAN multicast information;
and step 3, when a VxLAN unicast tunnel with the destination address of the network equipment C is established, the inner layer message is an ARP request message. The host/client A sends an ARP request message to the network equipment D to request the MAC of the gateway (namely the network equipment D), and the VxLAN coding unit C102 judges that: if the ARP request message is unknown unicast, transmitting the ARP request message through a VxLAN multicast tunnel; and if the ARP request message is a unicast service message, attempting to encapsulate the ARP request message into a VxLAN unicast message, and transmitting the VxLAN unicast message through a VxLAN unicast tunnel. Since the network device C has not established the VxLAN unicast tunnel required by the destination address of the unicast service packet (i.e., the network device D), it is only able to process the unicast packet according to an unknown processing method. The VxLAN coding unit C102 packages the ARP request message into a VxLAN multicast message, and transmits the VxLAN multicast message through a VxLAN multicast tunnel;
step 4, VxLAN multicast tunnel transmission messages are packaged and sent from the VTEP of the network equipment C, penetrate through a cloud network, reach VTEPs of all network equipment in the network, and complete tunnel transmission;
step 5, the network device D receives the ARP request message encapsulated by the VxLAN from the cloud as a gateway, and the network device D can analyze the IP address information of the remote device (network device C) carried in the VxLAN multicast message, the VLAN and VNI of the VxLAN message, the source IP address of the ARP request message, and information such as Next HOP queried according to the source IP address of the VxLAN message, and transmit the information to the data management unit D204 and notify the tunnel configuration unit D206;
step 6, the data management unit D204 records all received IP address information of the remote device, the VLAN and VNI of the VXLAN message, the source IP address of the ARP request message, and identification information such as Next HOP queried according to the source IP address of the VXLAN message, and provides a general database interface (including addition, deletion, modification, and query records);
step 7, after receiving the notification of the VTEP, the tunnel configuration unit D206 establishes an L3VxLAN unicast tunnel according to the IP address information of the VTEP of the local device and the remote network device, the VLAN and VNI of the VxLAN packet, the source IP address of the ARP request packet, and the identification information of Next HOP and the like queried according to the source IP address of the VxLAN packet. When the message with the target IP as the far-end network equipment is received again, the message is directly unpacked and the configuration unit is notified;
and 8, when a VxLAN unicast tunnel with the destination address of the network equipment D is established, the inner layer message is a REPLY message. The network device D replies an MAC (media access control) of an ARP (address resolution protocol) REPLY message notification gateway, the message is sent to the network device C in a VxLAN unicast mode by using a newly established unicast tunnel, and the network device C can analyze IP (Internet protocol) address information of remote equipment (network device D) carried by the VxLAN message, a VLAN (virtual local area network) and a VNI (virtual network interface) of the VxLAN message, a source MAC (media access control) address of the REPLY message, and identification information such as Next HOP (Next HOP) inquired according to the source IP address of the VxLAN message;
step 9, the network device C receives the VxLAN service message from the cloud network, and establishes an L2VxLAN unicast tunnel at the network device C end according to the VTEP of the local device and the IP address information of the remote network device, the VLAN and VNI of the VxLAN message, the source MAC address of the REPLY message, and the identification information such as Next HOP queried according to the source IP address of the VxLAN message, in a similar manner as in the foregoing steps 5 to 7;
step 10, when the host/client B wants to communicate with a, it sends the message with the destination IP as the host/client B and the destination MAC as the network device D to the network device D. Since the network device D has already established the VxLAN unicast tunnel required by the destination address of this unicast service packet (i.e., host/client a), the VxLAN encoding unit D202 may process the packet sent by the host/client B according to the known unicast packet processing manner. The VxLAN encoding unit D202 encapsulates the inner layer message into a VxLAN unicast message, and transmits the VxLAN unicast message through a VxLAN unicast tunnel;
step 11, VxLAN unicast tunnel transmission messages are packaged and sent from the VTEP of the network equipment D, penetrate through a cloud network and reach the VTEP of the network equipment C, and tunnel transmission is completed;
step 12, the network equipment C receives VxLAN service messages from a cloud network, the VxLAN decoding unit C103 unpacks the VxLAN service messages according to the VxLAN service specification standard, and transmits the inner layer messages to the host/client A in a two-layer mode;
step 13, when the host/client A needs to communicate with the host B, the message with the target MAC as the network device D and the target IP as the host/client B is sent to the network device C, the network device C forwards the message to the network device D through the public network according to the just established L3VXLAN tunnel, and the network device D decapsulates the VXLAN message and forwards the message to the host/client B after checking the route.
In the above embodiment, the L2VxLAN differs from the L3VxLAN in that: in the aspect of decapsulation, after the L2VxLAN is decapsulated, the MAC table is searched according to the source MAC address of the inner layer message for message forwarding, and after the L3VxLAN service is decapsulated, the routing table is searched according to the source IP address of the inner layer message for message forwarding; in the aspect of encapsulation, the L2VxLAN checks the MAC table to obtain encapsulation information, and the L3VxLAN checks the routing table to obtain the encapsulation information.
In summary, according to the embodiments and optional embodiments of the present invention, a unicast tunnel establishment mode is newly added, which can save service deployment and hardware resources thereof for respectively establishing protocol stacks on network devices at two ends, and save transmission time consumed for performing packet interaction of the private protocol between the network devices at two ends through a cloud network, thereby achieving an effect of quickly establishing a VxLAN unicast tunnel.
It will be apparent to those skilled in the art that the modules or steps of the present invention described above may be implemented by a general purpose computing device, they may be centralized on a single computing device or distributed across a network of multiple computing devices, and alternatively, they may be implemented by program code executable by a computing device, such that they may be stored in a storage device and executed by a computing device, and in some cases, the steps shown or described may be performed in an order different than that described herein, or they may be separately fabricated into individual integrated circuit modules, or multiple ones of them may be fabricated into a single integrated circuit module. Thus, the present invention is not limited to any specific combination of hardware and software.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.