Detailed Description
The following description of the embodiments of the present application will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
It should be noted that, in the embodiments of the present application, words such as "exemplary" or "such as" are used to mean serving as an example, instance, or illustration. Any embodiment or design described herein as "exemplary" or "for example" is not necessarily to be construed as preferred or advantageous over other embodiments or designs. Rather, the use of words such as "exemplary" or "such as" is intended to present related concepts in a concrete fashion.
In order to clearly describe the technical solution of the embodiments of the present application, in the embodiments of the present application, the terms "first", "second", etc. are used to distinguish the same item or similar items having substantially the same function and effect, and those skilled in the art will understand that the terms "first", "second", etc. are not limited in number and execution order.
SD-WAN is used as a service for applying SDN technology to a wide area network scene, wide area network connection can be managed through a software defined mode, and a plurality of connection modes such as Internet, 4G/5G and the like are supported.
In the current SD-WAN solution of a multi-tenant POP (simultaneously providing services for multiple tenants on one POP), a vendor gateway needs to be built to build an SD-WAN transmission backbone network, the POP point mainly consists of the vendor gateway, vendor terminal equipment on the enterprise side and the vendor gateway build an internet encryption tunnel, the vendor gateway unpacks data and then forwards the data to a gateway connected with a destination site, and the gateway forwards the data to the vendor terminal equipment on the enterprise side of the destination site, thereby realizing end-to-end network interview.
If an SD-WAN backbone transmission network is built based on an Internet line, encryption tunnels are required to be built for data transmission between gateways, but manufacturer gateways of different manufacturers have differences, and interconnection and intercommunication among manufacturers cannot be realized.
Based on this, the embodiment of the application provides a configuration method, a device, equipment and a program product of a multi-manufacturer hybrid virtual private network, which can realize collaborative arrangement of multi-manufacturer SDN controllers by using an SD-WAN application platform and realize interconnection and interworking in multi-manufacturer domains or across domains.
The following description is made with reference to the accompanying drawings.
Fig. 1 is a schematic diagram of a configuration system of a multi-vendor hybrid virtual private network according to an embodiment of the present application. As shown in fig. 1, the system includes an SD-WAN application platform 100, a vendor SDN controller 200, a backbone SDN system 300, a first POP 400, a second POP 500, and a vendor terminal device 600.
The SD-WAN application platform 100 may be deployed on an electronic device with a computing processing function, such as a server or a computer.
The server may be a single server or may be a server cluster formed by a plurality of servers. In some implementations, the server cluster may also be a distributed cluster. Optionally, the server may also be implemented on a cloud platform, which may include, for example, a private cloud, public cloud, hybrid cloud, community cloud (community cloud), distributed cloud, inter-cloud (inter-cloud), multi-cloud (multi-cloud), and the like, or any combination thereof. The embodiments of the present application are not limited in this regard.
The SD-WAN application platform 100 may be used to cooperatively arrange the vendor SDN controller 200 and the backbone SDN system 300, etc., support end-to-end automatic provisioning of the virtual private network service between the first POP 400, the second POP 500, and the vendor terminal device 600, and specific processes may be described with reference to the configuration method of the multi-vendor hybrid virtual private network provided in the following embodiments, which is not described herein again.
The vendor SDN controller 200 may include vendor SDN controllers of a plurality of different vendors (illustrated in fig. 1 as vendor SDN controllers of four vendors in total, an a vendor SDN controller, a B vendor SDN controller, a C vendor SDN controller, and a D vendor SDN controller). The vendor SDN controller of each vendor is connected to the vendor gateway of the vendor (illustrated in fig. 1 as a vendor a SDN controller connected to a vendor a gateway in the first POP 400, a vendor B SDN controller connected to a vendor B gateway in the first POP 400, a vendor C SDN controller connected to a vendor C gateway in the second POP 500, and a vendor D SDN controller connected to a vendor D gateway in the second POP 500).
In some embodiments, the vendor SDN controller 200 may also be connected to vendor terminal devices of multiple vendors in the vendor terminal device 600 (illustrated in fig. 1 as a vendor SDN controller connected to an a vendor terminal device in the vendor terminal device 600, a vendor SDN controller connected to a B vendor terminal device in the vendor terminal device 600, a vendor SDN controller connected to a C vendor terminal device in the vendor terminal device 600, and a vendor SDN controller connected to a D vendor terminal device in the vendor terminal device 600).
The vendor SDN controller 200 may be configured to send connection information or service configuration information to a correspondingly connected vendor gateway and a vendor terminal device, and may specifically be described with reference to a configuration method of a multi-vendor hybrid virtual private network provided in the following embodiment, which is not described herein again.
The backbone SDN system 300 may be used to create VPNs. Specific procedures may be described in the related art, and are not described herein.
In some embodiments, the backbone SDN system 300 may also be connected to PE devices in the POP, for sending connection information or service configuration information to the PE devices, etc. The embodiments of the present application are not limited in this regard.
The first POP 400 may specifically be a three-tier architecture POP. The first layer may include vendor gateways of different vendors (illustrated in fig. 1 as vendor gateways of both a vendor gateway and B vendor gateway). The second layer may include an aggregation gateway. The third layer may include a Provider Edge (PE) device. The manufacturer terminal equipment at the enterprise side can establish an encryption transmission tunnel with the manufacturer gateway of the first layer, the manufacturer terminal equipment can transmit the packaged service data to the manufacturer gateway through the encryption transmission tunnel, and the manufacturer gateway can transmit the unpackaged service data to the convergence gateway.
Under the condition of inter-vendor interview within a domain (or within a network topology range covered by the first POP 400), the convergence gateway can forward the service data transmitted by the a vendor gateway to the B vendor gateway, and the B vendor gateway can forward the service data to the B vendor terminal device, thereby realizing inter-vendor interview within the domain.
In the case of cross-domain (or out of the network topology covered by the first POP 400) access, the convergence gateway may converge traffic data of multiple vendor gateways for transmission to the PE device, and the backbone side may pass the customer route and the traffic data through the MPLS VPN backbone.
For example, the a vendor terminal device may transmit the service data to the a vendor gateway and then to the convergence gateway, where the convergence gateway transmits the service data to the PE device, and the PE device may transmit the service data to the PE device in the second POP 500 through the MPLS VPN backbone network and transmit the service data to the D vendor terminal device through the D vendor gateway.
In some embodiments, in order to improve reliability of the POP, the vendor gateway of the first layer, the aggregation gateway of the second layer, and the PE device of the third layer in the first POP 400 may all perform primary-backup redundancy deployment. Fig. 2 is an exemplary primary-backup redundancy deployment schematic diagram of a first POP 400 according to an embodiment of the present application. As shown in fig. 2, the first tier of the first POP 400 may specifically include a plurality of vendor gateways for each vendor (illustrated in fig. 2 as a vendor a gateway 1 and a vendor a gateway 2 for a vendor and a vendor B gateway 1 and a vendor B gateway 2 for B vendor). The second tier of the first POP 400 may specifically include a plurality of convergence gateways (illustrated in fig. 2 as two convergence gateways of the convergence gateway 1 and the convergence gateway 2), where each convergence gateway may be respectively connected to all vendor gateways in the first POP 400. The third layer of the first POP 400 may specifically include a plurality of PE devices (in fig. 2, two PE devices of the PE device 1 and the PE device 2 are shown as examples), where each PE device is correspondingly connected to one convergence gateway (in fig. 2, the PE device 1 is connected to the convergence gateway 1, and the PE device 2 is shown as examples connected to the convergence gateway 2).
In some possible embodiments, as shown in fig. 1, the configuration system of the multi-vendor hybrid virtual private network may further include an convergence gateway SDN controller 700. The converged gateway SDN controller 700 may be connected with a converged gateway in a POP (e.g., the first POP 400 described above). The convergence gateway SDN controller 700 may be configured to send connection information or service configuration information to a connected convergence gateway, and may be specifically described with reference to a configuration method of a multi-vendor hybrid virtual private network provided in the following embodiments, which is not described herein.
The second POP 500 may specifically be a two-tier architecture POP. The first layer may include vendor gateways of different vendors (illustrated in fig. 1 as vendor gateways of both the C vendor gateway and the D vendor gateway). The second layer may include a PE device. The manufacturer terminal equipment at the enterprise side can establish an encryption transmission tunnel with the manufacturer gateway of the first layer, the manufacturer terminal equipment can transmit the packaged service data to the manufacturer gateway through the encryption transmission tunnel, and the manufacturer gateway can transmit the unpackaged service data to the PE equipment.
In the case of inter-vendor interview within a domain (or within a network topology range covered by the second POP 500), the PE device may forward the service data transmitted by the C vendor gateway to the D vendor gateway, and the D vendor gateway may forward the service data to the D vendor terminal device, thereby implementing inter-vendor interview within the domain.
In the case of cross-domain (or out of the network topology covered by the second POP 500) access, after traffic data is transmitted to the PE device, customer routing and traffic data may be transported by the backbone side through the MPLS VPN backbone.
For example, the D vendor terminal device may transmit the service data to the D vendor gateway and then to the PE device, where the PE device may transmit the service data to the PE device in the first POP 400 through the MPLS VPN backbone network, and sequentially transmit the service data to the a vendor terminal device through the convergence gateway and the a vendor gateway.
In some embodiments, to improve reliability of the POP, the vendor gateway of the first layer in the second POP 500 may perform primary-backup redundancy deployment. Fig. 3 is an exemplary schematic diagram of a primary-standby redundancy deployment of a second POP 500 according to an embodiment of the present application. As shown in fig. 3, the first tier of the second POP 500 may specifically include a plurality of vendor gateways for each vendor (illustrated in fig. 3 as a vendor a gateway 1 and a vendor a gateway 2 for a vendor and a vendor B gateway 1 and a vendor B gateway 2 for B vendor). The PE devices of the second layer of the second POP 500 may be connected to all vendor gateways in the first layer of the second POP 500, respectively.
It should be noted that, when the number of brands of multiple vendors increases, the port requirement on the PE device is too large, which may result in the resource usage of the PE device being strained, so in the dual-layer POP redundancy deployment scheme, different vendor gateways of the same vendor may be connected to one port of one PE device (in fig. 3, one port of the PE device is connected by the a vendor gateway 1 and the a vendor gateway 2 of the a vendor, and another interface of the B vendor gateway 1 and the B vendor gateway 2 of the B vendor is shown as an example).
It should be noted that, in fig. 1, the configuration system of the multi-vendor hybrid virtual private network provided in the embodiment of the present application is described by taking two POPs with different structures, i.e., the first POP 400 and the second POP 500, as an example, the system may include more or fewer POPs, and these POPs may adopt a three-layer structure shown in the first POP 400 or a two-layer structure shown in the second POP 500. The embodiments of the present application are not limited in this regard.
Alternatively, the POP in the configuration system of the multi-vendor hybrid virtual private network may be deployed in the MPLS VPN backbone machine room.
The implementation main body of the configuration method of the multi-vendor hybrid virtual private network provided by the embodiment of the application is an SD-WAN application platform (for example, the SD-WAN application platform 100 described above). Optionally, the execution body of the configuration method of the multi-vendor hybrid virtual private network may be an electronic device with the SD-WAN application platform deployed, or may also be a processor (e.g., a central processing unit (central processing unit, CPU)) in the electronic device, or may also be a functional module for executing the configuration method of the multi-vendor hybrid virtual private network in the electronic device. The embodiments of the present application are not limited in this regard.
For simplicity of description, the following description will be given by taking an execution body of the configuration method of the multi-vendor hybrid virtual private network provided by the embodiment of the present application as an example of an SD-WAN application platform.
Fig. 4 is a flow chart of a configuration method of a multi-manufacturer hybrid virtual private network according to an embodiment of the present application. As shown in fig. 4, the method comprises the following steps:
s101, responding to service request information of a service to be distributed, determining a target point-in-point POP corresponding to the service to be distributed, and calling a backbone network SDN system to newly establish a virtual private network VPN of the service to be distributed.
The target POP comprises forwarding control equipment and manufacturer gateways of a plurality of manufacturers connected with the forwarding control equipment. The forwarding control device may be understood as an aggregation gateway in the first POP 400 of the above-described three-tier architecture or a PE device in the second POP 500 of the above-described two-tier architecture.
The forwarding control device may be configured to forward, through the VPN, service data of a service to be allocated to a device outside the network topology area covered by the target POP (i.e., service data forwarding in the case of the above-mentioned cross-domain access), or forward, through a vendor gateway in the target POP, service data of a service to be allocated to a device within the network topology area covered by the target POP (i.e., service data forwarding in the case of the above-mentioned inter-domain access).
For example, the forwarding control device may examine the destination internet protocol (i nternet protoco l, IP) address of the traffic data and determine to forward outside the domain or directly inside the domain through the VPN based on the IP address range of the network topology area covered by the preset target POP.
In one possible implementation manner, the POP required to be used by the service to be allocated may be directly specified in the service request information, and the SD-WAN application platform may directly use the POP indicated in the service request information as the target POP.
In another possible implementation manner, the service request information may include requirement information (for example, the requirement information may include a geographical location range specifically) of the service to be allocated, and the SD-WAN application platform may determine the target POP according to the requirement information and capability information of a plurality of POPs (for example, select POPs whose geographical locations are within the geographical location range required by the requirement information).
In some possible embodiments, before S101, the SD-WAN application platform may further obtain service request information of the service to be allocated.
For example, the SD-WAN application platform may also be connected to a service orchestration system, where the service orchestration system may obtain and aggregate service request information of different services from the user device, and send the service request information of the service to be allocated to the SD-WAN application platform.
For another example, the SD-WAN application platform may also be connected to the user equipment, and the SD-WAN application platform may receive service request information of a service to be allocated sent by the user equipment.
In some embodiments, after determining the target POP point, the SD-WAN application platform may also allocate required virtual private network resources for the traffic to be allocated.
S102, transmitting the connection information of the gateway of the target manufacturer to forwarding control equipment in the target POP.
The target manufacturer gateway is a manufacturer gateway called by the service to be distributed. The connection information of the target vendor gateway may include port information of the target vendor gateway and a communication protocol type for communicating with the target vendor gateway.
For example, the SD-WAN application platform may first determine the target vendor gateway based on the service request information.
Optionally, the vendor gateway may be directly specified in the service request information, and the SD-WAN application platform may use the vendor gateway specified by the service request information as the target vendor gateway.
Optionally, the service request information may include requirement information of the service to be allocated for the vendor gateway (for example, the requirement information of the vendor gateway may include a geographic location range of the vendor and the vendor gateway, etc.), and the SD-WAN application platform may determine the target vendor gateway according to the requirement information of the vendor gateway and attribute information of a plurality of preset vendor gateways (for example, the requirement information indicates that all vendor gateways of the vendor select a vendor gateway that accords with the geographic location range).
As an example, when the forwarding control device is an aggregation gateway, the communication protocol by which the forwarding control device communicates with the target vendor gateway may specifically be an internal border gateway protocol (internal border gateway protocol, IBGP).
As another example, when the forwarding control device is a PE device, the communication protocol by which the forwarding control device communicates with the target vendor gateway may specifically be an external border gateway protocol (external border gateway protocol, EBGP).
S103, calling a manufacturer SDN controller of a manufacturer corresponding to the target manufacturer gateway to send connection information of the forwarding control device to the target manufacturer gateway so that the forwarding control device and the target manufacturer gateway establish a neighbor relation.
The connection information of the forwarding control device may include port information of the forwarding control device and a communication protocol type for communicating with the forwarding control device.
As an example, as described above, when the forwarding control device is an aggregation gateway, the communication protocol by which the forwarding control device communicates with the target vendor gateway may specifically be IBGP. In this case, the forwarding control device may specifically establish an IBGP neighbor relationship with the target vendor gateway.
As another example, as described above, when the forwarding control device is a PE device, the communication protocol by which the forwarding control device communicates with the target vendor gateway may specifically be EBGP. In this case, the forwarding control device may specifically establish an EBGP neighbor relationship with the target vendor gateway.
Optionally, the SD-WAN application platform may further call a vendor SDN controller of a vendor corresponding to the target vendor gateway to send service configuration information of the service to be allocated to the target vendor gateway.
The service configuration information may include a port for transmitting service data of the service to be allocated, a bandwidth allocated for the service to be allocated, an identity of a VPN of the service to be allocated, an identity of an autonomous system (autonomous system, AS) to which the convergence gateway in the target POP belongs, and an identity of a virtual local area network allocated for the service to be allocated.
In the configuration method of the multi-manufacturer hybrid virtual private network provided by the embodiment of the application, the SD-WAN application platform can respond to the service request information of the service to be allocated, determine the target POP corresponding to the service to be allocated, send the connection information of the target manufacturer gateway called by the service to be allocated to the forwarding control device in the target POP, and call the manufacturer SDN controller of the corresponding manufacturer of the target manufacturer gateway to send the connection information of the forwarding control device to the target generation gateway, thereby establishing the neighbor relation between the forwarding control device and the target manufacturer gateway, thus completing the automatic setting of the forwarding control device and the target manufacturer gateway in the target POP, forwarding the service data of the service to be allocated by the target manufacturer gateway and the forwarding control device in the target POP point, namely forwarding the service data of the service to be allocated by the target POP point, thereby completing the end-to-end automatic opening of the virtual private network service. Compared with the method that different manufacturers independently set service access and VPN establishment modes in the related art, the SD-WAN application platform can provide unified configuration flows for manufacturer gateways of different manufacturers, so that the service access and VPN establishment processes are standardized, the differentiation of the manufacturer gateway configuration processes of different manufacturers is eliminated, and interconnection and intercommunication across manufacturers are realized.
In addition, the forwarding control device in the application can forward the service data of the service to be distributed to the device outside the network topology area covered by the target POP through the VPN, or forward the service data of the service to be distributed to the device inside the network topology area covered by the target POP through the manufacturer gateway in the target POP, so that the interconnection and intercommunication between the domains of multiple manufacturers can be realized.
The process of establishing the VPN for the service to be allocated in S101 described above is described below.
In some possible embodiments, the step S101 may specifically include the following steps:
and step 1a, based on the service request information indication, requesting to establish the VPN which is in communication connection with the stock multiprotocol label switching (MPLS) VPN, and acquiring networking parameters of the stock MPLS VPN.
Alternatively, the networking parameters of the stock MPLS VPN may specifically include network address parameters (e.g., a public network IP address of an interface where the PE device connects to the public network), VPN instance parameters (e.g., VPN instance name), routing protocol parameters (e.g., IGP protocol parameters or BGP protocol parameters), and so on. The embodiment of the application does not limit the specific content of the networking parameters.
As an example, the SD-WAN application platform may obtain, through a Network Management System (NMS) MANAGEMENT SYSTEM, the networking parameters of the stock MPLS VPN, or may also query, through a connected network device (e.g., a PE device) associated with the MPLS VPN, the networking parameters of the stock MPLS VPN, or may also obtain, through a manual input, the networking parameters of the MPLS VPN. The embodiments of the present application are not limited in this regard.
And 2a, sending networking request parameters comprising the stock MPLS VPN networking parameters to a backbone network SDN system, so that the backbone network SDN system establishes a VPN in communication connection with the stock MPLS VPN of the service to be distributed.
In the configuration method of the multi-manufacturer hybrid virtual private network provided by the embodiment of the application, the SD-WAN application platform can also send networking request parameters comprising the stock MPLS VPN networking parameters to the backbone network SDN system, and the backbone network SDN system can newly establish a VPN in communication connection with the stock MPLS VPN for the service to be distributed, so that the interconnection and intercommunication of the newly established VPN service and the stock MPLS VPN service can be realized, and the requirement of multi-type hybrid networking is met.
The specific procedure of S102 is described below.
In some possible embodiments, as shown in the first POP 400, the target POP may specifically be a three-tier architecture shown in the first POP 400. The forwarding control device may specifically include an aggregation gateway in the target POP, where the aggregation gateway is physically pre-connected to vendor gateways of multiple vendors, and the aggregation gateway is physically pre-connected to PE devices in the target POP. In this case, the step S102 may specifically include the following steps:
And step 1b, calling the convergence gateway SDN controller to send the connection information of the target manufacturer gateway to the convergence gateway in the target POP.
In other possible embodiments, as shown in the second POP 500, the target POP may specifically be a two-tier architecture shown in the second POP 500. The forwarding control device may specifically include a PE device in the target POP, where the PE device is physically pre-connected to vendor gateways of multiple vendors, where the multiple vendor gateways include the target vendor gateway. In this case, the step S102 may specifically include the following steps:
and step 1c, calling a backbone network SDN system to send the connection information of the gateway of the target manufacturer to PE equipment in the target POP.
It should be appreciated that as manufacturer brands increase, the port requirements for the PE device become excessive, resulting in a shortage of resources for the PE device. In the configuration method of the multi-manufacturer hybrid virtual private network provided by the embodiment of the application, the POP can also adopt a three-layer architecture, the convergence gateway is added between the manufacturer gateway and the PE equipment, the convergence gateway is physically pre-connected with the manufacturer gateways of a plurality of manufacturers, the PE equipment only needs to be physically pre-connected with the convergence gateway independently, and the port resource of the PE equipment is saved.
In addition, the embodiment of the application provides a POP deployment architecture of a two-layer architecture and a three-layer architecture, which can realize the intercommunication of virtual private networks crossing manufacturers, support the on-demand construction combining construction budget and network requirements, and realize the maximum investment benefit ratio. And the two POP deployment architectures are compatible and intercommunicated, and support the flexible expansion of the subsequent combined service requirements.
In some embodiments, the SD-WAN application platform may also establish a neighbor relation between the convergence gateway and the PE device. In this case, the method may further comprise the steps of:
and step 1d, calling a backbone network SDN system to send the connection information of the convergence gateway in the target POP to the PE equipment in the target POP.
The connection information may be specifically described with reference to S102 or S103, which are not described herein.
And 2d, calling the convergence gateway SDN controller to send the connection information of the PE equipment in the target POP to the convergence gateway in the target POP so that the convergence gateway in the target POP and the PE equipment in the target POP establish a neighbor relation.
In some embodiments, to meet the isolation requirements of different services, the SD-WAN application platform may further configure service configuration information of the service to be allocated for the convergence gateway. In this case, the method may further include the steps of:
and step 1e, calling an aggregation gateway SDN controller to send service configuration information of the service to be distributed to the aggregation gateway in the target POP.
The service configuration information may include a port for transmitting service data of the service to be allocated, a bandwidth allocated for the service to be allocated, an identity of a VPN of the service to be allocated, an identity of an autonomous system to which the convergence gateway in the target POP belongs, and an identity of a virtual local area network allocated for the service to be allocated.
In some possible embodiments, the service to be allocated may be performed specifically by a vendor terminal device, and the SD-WAN application platform may further configure the vendor terminal device. In this case, the method may further include the steps of:
Step 1f, calling a manufacturer SDN controller of a manufacturer corresponding to the target manufacturer gateway to send connection information of the target manufacturer gateway and service configuration information of a service to be distributed to the target manufacturer terminal equipment, so that the target manufacturer terminal equipment and the target manufacturer gateway establish an encrypted transmission tunnel.
Optionally, the SD-WAN application platform may also send configuration information of the WAN port, configuration information of the LAN port, and the like to the vendor terminal apparatus.
Alternatively, the target vendor gateway may include a plurality of vendor gateways of one vendor, in which case the target vendor terminal device may establish encrypted primary and secondary transport tunnels for the plurality of vendor gateways of the vendor, respectively.
The foregoing description of the solution provided by the embodiments of the present application has been mainly presented in terms of a method. To achieve the above functions, the SD-WAN platform or the electronic device deploying the SD-WAN platform includes corresponding hardware structures and/or software modules for performing the respective functions. Those of skill in the art will readily appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as hardware or combinations of hardware and computer software. Whether a function is implemented as hardware or computer software driven hardware depends upon the particular application and design constraints imposed on the solution. The technical aim may be to use different methods to implement the described functions for each particular application, but such implementation should not be considered beyond the scope of the present application.
In an exemplary embodiment, the embodiment of the application further provides a configuration device of the multi-manufacturer hybrid virtual private network, and the device can be applied to the SD-WAN application platform. Fig. 5 is a schematic diagram of a configuration device of a multi-vendor hybrid virtual private network according to an embodiment of the present application. As shown in fig. 5, the apparatus includes a processing module 501.
The processing module 501 is configured to determine a target point-of-presence POP corresponding to a service to be allocated, and call a backbone network SDN system to create a virtual private network VPN of the service to be allocated, where the target POP includes a forwarding control device and vendor gateways of multiple vendors connected to the forwarding control device, where the forwarding control device is configured to forward service data of the service to be allocated to a device outside a network topology area covered by the target POP through the VPN, or forward service data of the service to be allocated to a device within the network topology area covered by the target POP through the vendor gateways in the target POP, send connection information of the target vendor gateway to the forwarding control device in the target POP, where the connection information of the target vendor gateway is used to represent address information of the target vendor gateway and a communication protocol class for communication with the target vendor gateway, and call a vendor SDN controller of the vendor corresponding to the target vendor gateway to enable the forwarding control device to establish a relationship between the forwarding control device and the target vendor gateway, and where the connection information of the forwarding control device is configured to represent address information of the forwarding control device and a communication protocol class for the forwarding control device.
In some possible embodiments, the forwarding control device comprises a provider edge PE device in the target POP, the PE device is physically pre-connected to vendor gateways of multiple vendors, the vendor gateways of the multiple vendors comprising the target vendor gateway.
In other possible embodiments, the backbone network SDN system is connected to a PE device in multiple POPs, where the multiple POPs include a target POP, and the processing module 501 is specifically configured to invoke the backbone network SDN system to send connection information of the target vendor gateway to the PE device in the target POP.
In still other possible embodiments, the forwarding control device includes an aggregation gateway in the target POP, the aggregation gateway is physically pre-connected to vendor gateways of multiple vendors, and the aggregation gateway is physically pre-connected to PE devices in the target POP.
In still other possible embodiments, the SD-WAN application platform is further connected to an aggregation gateway SDN controller, the aggregation gateway SDN controller is connected to a plurality of aggregation gateways, the plurality of aggregation gateways include aggregation gateways in a target POP, and the processing module 501 is specifically configured to invoke the aggregation gateway SDN controller to send connection information of the target vendor gateway to the aggregation gateway in the target POP.
In still other possible embodiments, the backbone network SDN system is connected to PE devices in a plurality of POPs, the POPs include a target POP, the processing module 501 is further configured to call the backbone network SDN system to send connection information of a convergence gateway in the target POP to the PE devices in the target POP, and call the convergence gateway SDN controller to send connection information of the PE devices in the target POP to the convergence gateway in the target POP, so that the convergence gateway in the target POP and the PE devices in the target POP establish a neighbor relationship.
In still other possible embodiments, the processing module 501 is further configured to invoke the convergence gateway SDN controller to send service configuration information of the service to be allocated to the convergence gateway in the target POP, where the service configuration information includes a port for transmitting service data of the service to be allocated, a bandwidth allocated for the service to be allocated, an identity of a VPN of the service to be allocated, an identity of an autonomous system to which the convergence gateway in the target POP belongs, and an identity of a virtual local area network allocated for the service to be allocated.
In still other possible embodiments, the vendor SDN controller of each vendor is connected to the vendor terminal device of the vendor, and the processing module 501 is further configured to invoke the vendor SDN controller of the vendor corresponding to the target vendor gateway to send the connection information of the target vendor gateway and the service configuration information of the service to be allocated to the target vendor terminal device, so that the target vendor terminal device and the target vendor gateway establish an encrypted transmission tunnel.
In still other possible embodiments, the processing module 501 is specifically configured to instruct to request to establish a VPN in communication connection with the stock multiprotocol label switching MPLS VPN based on the service request information, obtain networking parameters of the stock MPLS VPN, and send the networking request parameters including the networking parameters of the stock MPLS VPN to the backbone SDN system, so that the backbone SDN system creates a VPN in communication connection with the stock MPLS VPN for the service to be allocated.
It should be noted that the division of the modules in fig. 5 is illustrative, and is merely a logic function division, and other division manners may be actually implemented. For example, two or more functions may also be integrated in one processing module. The integrated modules may be implemented in hardware or in software functional modules.
In an exemplary embodiment, as described above, the SD-WAN application platform may be deployed on an electronic device with computing processing functions, such as a computer or a server. In this case, the embodiment of the application further provides an electronic device, and fig. 6 is a schematic diagram of the composition of the electronic device provided by the embodiment of the application. As shown in fig. 6, the electronic device includes a processor 10, a memory 20, a communication line 30, and a communication interface 40, and an input-output interface 50.
The processor 10, the memory 20, the communication interface 40, and the input/output interface 50 may be connected by a communication line 30.
The processor 10 is configured to execute the instructions stored in the memory 20 to implement the configuration method of the multi-vendor hybrid virtual private network according to the above embodiment of the present application. The processor 10 may be a CPU, general purpose processor network processor (network processor, NP), digital signal processor (DIGITAL SIGNAL processing, DSP), microprocessor, microcontroller (micro control unit, MCU)/single-chip microcomputer, programmable logic device (programmable logic device, PLD), or any combination thereof. The processor 10 may also be any other device having processing functions, such as a circuit, a device, or a software module, as embodiments of the application are not limited in this respect. In one example, processor 10 may include one or more CPUs, such as CPU0 and CPU1 in fig. 6. As an alternative implementation, the electronic device may include multiple processors, for example, and may include a processor 60 (illustrated in phantom in fig. 6) in addition to the processor 10.
Memory 20 for storing instructions. For example, the instructions may be a computer program. Alternatively, memory 20 may be a read-only memory (ROM) or other type of static storage device that may store static information and/or instructions, an access memory (random access memory, RAM) or other type of dynamic storage device that may store information and/or instructions, an electrically erasable programmable read-only memory (ELECTRICALLY ERASABLE PROGRAMMABLE READ-only memory, EEPROM), a compact disc read-only memory (compact disc read-only memory, CD-ROM) or other optical storage, optical storage (including compact disc, laser disc, optical disc, digital versatile disc, blu-ray disc, etc.), magnetic disk storage media, or other magnetic storage devices, etc., as embodiments of the application are not limited in this respect.
It should be noted that, the memory 20 may exist separately from the processor 10 or may be integrated with the processor 10. The memory 20 may be located within the electronic device or may be located external to the electronic device, as embodiments of the application are not limited in this respect.
A communication line 30 for communicating information between the components comprised by the electronic device.
A communication interface 40 for communicating with other devices or other communication networks. The other communication network may be an ethernet, a radio access network (radio access network, RAN), a wireless local area network (wireless local area networks, WLAN), etc. The communication interface 40 may be a module, a circuit, a transceiver, or any device capable of enabling communication.
And an input-output interface 50 for implementing man-machine interaction between the user and the electronic device. Such as enabling action interactions or information interactions between a user and an electronic device.
The input/output interface 50 may be a mouse, a keyboard, a display screen, or a touch display screen, for example. The action interaction or information interaction between the user and the electronic equipment can be realized through a mouse, a keyboard, a display screen, a touch display screen or the like.
It should be noted that the structure shown in fig. 6 does not constitute a limitation of the electronic device, and the electronic device may include more or less components than those shown in fig. 6, or a combination of some components, or a different arrangement of components.
In an exemplary embodiment, the application also provides a computer program product comprising computer instructions which, when run in an electronic device, cause the electronic device to implement the method of the preceding method embodiments.
In an exemplary embodiment, the present application also provides a readable storage medium including software instructions that, when executed in an electronic device, cause the electronic device to implement the method of the foregoing method embodiment. The computer readable storage medium may be a non-transitory computer readable storage medium, which may be, for example, ROM, random Access Memory (RAM), CD-ROM, magnetic tape, floppy disk, optical data storage device, etc.
In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented using a software program, it may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer-executable instructions. When the computer-executable instructions are loaded and executed on a computer, the processes or functions in accordance with embodiments of the present application are fully or partially produced. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer-executable instructions may be stored in or transmitted from one computer-readable storage medium to another, for example, from one website, computer, server, or data center by wired (e.g., coaxial cable, fiber optic, digital subscriber line (digital subscriber line, DSL)) or wireless (e.g., infrared, wireless, microwave, etc.).
Although the application is described herein in connection with various embodiments, other variations to the disclosed embodiments can be understood and effected by those skilled in the art in practicing the claimed application, from a study of the drawings, the disclosure, and the appended claims. In the claims, the term "comprising" (Comprising) does not exclude other elements or steps, and "a" or "an" does not exclude a plurality. A single processor or other unit may fulfill the functions of several items recited in the claims. The mere fact that certain measures are recited in mutually different dependent claims does not indicate that a combination of these measures cannot be used to advantage.
Although the application has been described in connection with specific features and embodiments thereof, it will be apparent that various modifications and combinations can be made without departing from the spirit and scope of the application. Accordingly, the specification and drawings are merely exemplary illustrations of the present application as defined in the appended claims and are considered to cover any and all modifications, variations, combinations, or equivalents that fall within the scope of the application. It will be apparent to those skilled in the art that various modifications and variations can be made to the present application without departing from the spirit or scope of the application. Thus, it is intended that the present application also include such modifications and alterations insofar as they come within the scope of the appended claims or the equivalents thereof.
The foregoing is merely illustrative of specific embodiments of the present application, and the scope of the present application is not limited thereto, but any changes or substitutions within the technical scope of the present application should be covered by the scope of the present application. Therefore, the protection scope of the present application should be subject to the protection scope of the claims.