WO2019105462A1 - Procédé et appareil d'envoi de paquet, procédé et appareil de traitement de paquet, nœud pe et nœud - Google Patents

Procédé et appareil d'envoi de paquet, procédé et appareil de traitement de paquet, nœud pe et nœud Download PDF

Info

Publication number
WO2019105462A1
WO2019105462A1 PCT/CN2018/118580 CN2018118580W WO2019105462A1 WO 2019105462 A1 WO2019105462 A1 WO 2019105462A1 CN 2018118580 W CN2018118580 W CN 2018118580W WO 2019105462 A1 WO2019105462 A1 WO 2019105462A1
Authority
WO
WIPO (PCT)
Prior art keywords
packet
address
entropy value
node
entropy
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2018/118580
Other languages
English (en)
Chinese (zh)
Inventor
王玉保
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Publication of WO2019105462A1 publication Critical patent/WO2019105462A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming

Definitions

  • the present application relates to the field of communications, for example, to a method for transmitting and processing a message, a PE node, and a node.
  • network nodes are divided into service-aware nodes and non-service-aware nodes, which are Provider Edge (PE) nodes and scalable virtual local area networks.
  • PE Provider Edge
  • VTEP VXLAN Tunnel End Point
  • NVE Network Virtualization Edge
  • LAG Link Aggregation Group
  • ECMP Equal Cost Multi-Equal Cost Multi- Path
  • the LAG and the ECMP technology generally use the quintuple of the Internet Protocol (IP) packet, the source IP, the destination IP, the protocol type, the source port, and the destination port, as the feature field.
  • IP Internet Protocol
  • the hash is calculated and used as the entropy value of the IP packet, and the arithmetic remainder operation is performed according to the entropy value to select a forwarding path for the packet from the plurality of forwarding paths.
  • the information used to select the forwarding path for packets in load balancing is called entropy. Entropy works in the form of entropy values during load balancing routing.
  • the quintuple defaults only the entropy of the underlay network, and the load balancing algorithm does not consider the entropy in the overlay network.
  • VXLAN virtual eXtensible Local Area Network
  • RFC 7348 virtual eXtensible Local Area Network
  • the VXLAN service shown in FIG. 1 is taken as an example.
  • the same pair of ⁇ source PEs All VPN traffic flows between the destination PEs, whether they belong to different services or whether they are different flows in the same service, are selected by the load balancing algorithm of the LAG connected to the P2 node by the P1 node.
  • the degree of load balancing will be lower and the flow characteristics of the message cannot be reflected.
  • the embodiment of the present application provides a method for sending and processing a message, a PE node, and a node, so as to avoid at least the flow characteristics of the overlay message in the underlay packet transmission process in the related art.
  • An embodiment of the present application provides a method for sending a packet, where the method includes: receiving a first packet from an access circuit AC; processing the first packet to obtain at least one second packet; wherein, the second packet
  • the text includes: a first Internet Protocol IP address; the first IP address is an IP address obtained by modifying a second IP address using a predetermined entropy value; wherein the predetermined entropy value is used to identify the entropy of the first packet; Message.
  • An embodiment of the present application provides a method for processing a packet, where the method includes: receiving a third packet sent by a first service provider edge device PE, where the third packet is a first PE pair from the first PE.
  • the packet obtained by processing the fourth packet received by the access circuit AC, the third packet includes: a first Internet Protocol IP address; and the first IP address is an IP obtained by modifying the second IP address by using a predetermined entropy value.
  • the address, the predetermined entropy value is used to identify the entropy of the fourth packet; and the third packet is processed.
  • An embodiment of the present application provides a packet sending apparatus, where the apparatus includes: a receiving module, configured to receive a first packet from an access circuit AC; and a processing module configured to process the first packet to obtain at least one a second packet, where the second packet includes: a first Internet Protocol IP address; the first IP address is an IP address obtained by modifying the second IP address using a predetermined entropy value; wherein the predetermined entropy value is used to identify The entropy of the first packet; the sending module is configured to send the second packet.
  • An embodiment of the present application provides a packet processing apparatus, where the apparatus includes: a receiving module, configured to receive a third packet sent by a first service provider edge device PE, where the third packet is a first PE pair And receiving, by the fourth packet received by the access circuit AC of the first PE, the third packet includes: a first Internet Protocol IP address; the first IP address is a predetermined entropy value to the second IP address. The IP address obtained by the modification, the predetermined entropy value is used to identify the entropy of the fourth packet, and the processing module is configured to process the third packet.
  • the embodiment of the present application provides a provider edge PE node, including: a communication interface, configured to receive a first packet from an access circuit AC; and a processor configured to process the first packet to obtain at least one second a packet, where the second packet includes: a first Internet Protocol IP address; the first IP address is an IP address obtained by modifying the second IP address using a predetermined entropy value; wherein the predetermined entropy value is used to identify the first Entropy of the message; the communication interface is set to send the second message.
  • the embodiment of the present application provides a node, including: a communication interface, configured to receive a third packet sent by a first service provider edge device PE, where the third packet is a connection of the first PE pair from the first PE.
  • the packet obtained by processing the fourth packet received by the circuit AC, the third packet includes: a first Internet Protocol IP address; and the first IP address is an IP address obtained by modifying the second IP address by using a predetermined entropy value.
  • the predetermined entropy value is used to identify the entropy of the fourth message; the processor is configured to process the third message.
  • the embodiment of the present application provides a packet processing system, including: a first node and a second node, where the first node is configured to receive a first packet from the access circuit AC, and perform the first packet Processing the at least one second packet and sending the second packet to the second node; wherein the second packet includes: a first Internet Protocol IP address; the first IP address is used An IP address obtained by modifying a second IP address by a predetermined entropy value; wherein the predetermined entropy value is used to identify an entropy of the first packet; and the second node is configured to receive the second packet After the text, the second message is processed.
  • the embodiment of the present application provides a storage medium, where the storage medium includes a stored program, where the program is executed to perform the method described in any one of the above.
  • the embodiment of the present application provides a processor, where the processor is configured to run a program, where the program is executed to perform the method described in any of the above.
  • FIG. 1 is a topological diagram of a VXLAN service defined by RFC 7348 in the related art
  • FIG. 2 is a topological diagram of a VXLAN EVPN MAC-VRF service defined by a draft-ietf-bess-evpn-overlay ([EVPN Overlay]) in the related art;
  • FIG. 3 is a topological diagram of a VXLAN EVPN IP-VRF service defined by draft-ietf-bess-evpn-prefix-advertisement ([EVPN Prefix]) in the related art;
  • FIG. 4 is a topological diagram of an EVPN VPWS service defined by RFC 8214 in the related art
  • FIG. 5 is a schematic flowchart of a packet sending method according to an embodiment of the present application.
  • FIG. 6 is a schematic flowchart of a method for processing a packet in a packet sending process to a P1 node according to an embodiment of the present application
  • FIG. 7 is a schematic flowchart of a method for processing a packet in a process of sending a packet to a PE2 node according to an embodiment of the present application
  • FIG. 8 is a structural block diagram of a device for transmitting a message according to an embodiment of the present application.
  • FIG. 9 is a structural block diagram of a processing apparatus for a message according to an embodiment of the present application.
  • FIG. 10 is a schematic structural diagram of a PE node according to an embodiment of the present application.
  • FIG. 11 is a structural block diagram of a node according to an embodiment of the present application.
  • FIG. 12 is a schematic structural diagram of a PE node according to an exemplary embodiment of the present application.
  • FIG. 13 is a schematic structural diagram of a non-service aware node according to an exemplary embodiment of the present application.
  • FIG. 14 is a simplified diagram of a VXLAN package and an SRv6 package according to an exemplary embodiment of the present application.
  • FIG. 15 is a detailed detailed view of a VXLAN package and an SRv6 package according to an exemplary embodiment of the present application;
  • EH Entropy Routing Header
  • FIG. 17 is a comparison diagram of an SRH header format and an SRH header format of an SRv6 package according to an exemplary embodiment of the present application.
  • Ethernet Virtual Private Network (EVPN) service is an important VPN service.
  • RFC7432 defines its control plane framework, including Ethernet Auto-discovery Route and media access control.
  • Four routes such as the Medium Access Control/Internet Protocol Advertisement Route (MAC/IP Advertisement Route), the Inclusive Multicast Ethernet Tag Route, and the Ethernet Segment Route They are called RT-1, RT-2, RT-3, and RT-4 routes, respectively.
  • the draft-ietf-bess-evpn-prefix-advertisement defines the IP Prefix Route of the EVPN service, which is called RT-5 routing.
  • the factor used for load balancing in the message is called entropy
  • the method of carrying the label containing the entropy value in the message, the tag containing the entropy value includes the entropy of the overlay network, but the method depends on For Multi-Protocol Label Switching (MPLS) technology, the underlay network must support MPLS technology, that is, it depends on MPLS encapsulation. In an IPv4 network that does not support MPLS technology, the related technology does not carry entropy in the packet, so the load balancing is uneven.
  • MPLS Multi-Protocol Label Switching
  • the Flow-label field of the IPv6 header is designed to replace the function of the Type of Service (ToS) field of the IPv4 header, but since it is from RFC2460 In the decades between RFC3697 and RFC6437, the specific usage details of this field have not been clearly defined by the standard. Therefore, the field carrying entropy value in practice requires that all non-business-aware nodes in the underlay network support this field. Used for load balancing routing and not for other purposes, or pseudo-randomness of entropy values can interfere with the achievement of other purposes.
  • ToS Type of Service
  • the entropy value of the RFC6790 refers to the entropy value generated according to the feature field of the body of the message, so that the context information of the message is lacking, and the context information includes the interface that the packet enters the device, the service to which the message belongs, and the message.
  • the node to which the text belongs, etc. therefore, there is room for further improvement in the uniformity of load balancing.
  • An embodiment of the present application provides a method for sending a packet, which may be applied to the topology described in FIG. 1 , but is not limited thereto.
  • the method may also be applied to the topology shown in FIG. 2 and FIG. 3 .
  • FIG. 2 is an extensible virtual local area network virtual private network media access control virtual route forwarding defined by [EVPN Overlay] in the related art (Virtual Extensible Local Area Network Ethernet Virtual Private Network Medium Access Control-Virtual Routing Forwarding (VXLAN EVPN MAC-VRF) service topology;
  • Figure 3 is an Ethernet virtual private network prefix [EVPN Prefix] defined in the related art, scalable virtual local area network Ethernet virtual private network Internet protocol virtual Topology diagram of the virtual eXtensible Local Area Network Ethernet Virtual Private Network Internet Protocol (Virtual Routing Forwarding, VXLAN EVPN IP-VRF) service;
  • the execution body of the sending method may be a PE node, and the topology shown in FIG. 1 is taken as an example.
  • the execution body of the sending method may be a PE1 node, a PE2 node, or a PE3 node, as shown in FIG. 1, and is not limited thereto.
  • FIG. 5 is a schematic flowchart of a packet sending method according to an embodiment of the present application. As shown in FIG. 5, the method includes step S502, step S504, and step S506.
  • the PE1 node receives the first packet from the access circuit (AC) of the PE1 node; wherein the access circuit (AC) is an interface between the PE node and the customer edge (CE) node. And a sub-interface or a virtual circuit, wherein the PE node includes a VTEP node and an NVE node.
  • the PE1 node processes the first packet to obtain at least one second packet, where the second packet includes: a first Internet Protocol (IP) address; and the first IP address uses a predetermined entropy value.
  • IP Internet Protocol
  • step S506 the PE1 node sends a second message to the P1 node.
  • the entropy value E (such as the predetermined entropy value) identifies the entropy of the packet P (such as the first packet), and the entropy value E is the specified algorithm F pair and the packet P. Calculating a value obtained by the corresponding at least one specified information, and when any one of the specified information corresponding to the message P randomly changes, the entropy value E calculated by the algorithm F also has The probability of the reservation changes.
  • the predetermined probability is determined by the algorithm F, the total number of binary bits occupied by all the specified information, the total number of binary bits occupied by the specified information, and the total number of binary bits occupied by the entropy value E.
  • the first IP address included in the second packet to be sent is an IP address obtained by modifying the second IP address by using a predetermined entropy value, where the predetermined entropy value is used to identify the entropy of the first packet. That is, by carrying the entropy value information related to the entropy of the first packet in the first IP of the second packet, the node receiving the second packet can benefit from the predetermined entropy value to a certain extent Differentiate whether the first packet encapsulated in the received second packet belongs to a different data stream, for example, whether it belongs to a different service, whether it belongs to a different ⁇ source MAC, destination MAC> binary group, that is, in the second packet.
  • the flow characteristics of the first packet encapsulated in the transmission process can be reflected in the transmission process, thereby avoiding the situation that the flow characteristics of the overlay message cannot be reflected in the underlay packet transmission process in the related art, and the degree of load balancing is improved.
  • the first IP address may be located in at least one of the following locations of the second packet: source IP, destination IP, and Internet Protocol version 6 IPv6 option header.
  • source IP source IP
  • destination IP Internet Protocol version 6 IPv6 option header
  • the MPLS encapsulation of the packet is not required, that is, in the IPv4 or IPv6 network that does not support MPLS, the packet is implemented.
  • the method of carrying the entropy value further avoids the uneven load balancing in the IPv4 and IPv6 underlay networks without requiring the non-service-aware node upgrade in the underlay network and not relying on the MPLS technology.
  • the first IP address is in the IPv6 option header of the second packet, indicating whether the predetermined entropy value exists in the IPv6 option header by using one of the following manners:
  • the Next-header field in the IPv6 header of the second message indicates that it is indicated by a field in the IPv6 option header.
  • IPv6 header may be an IPv6 option header or an IPv6 mandatory header, which is not limited thereto.
  • the second IP address may be the source IP or the destination IP of the second packet obtained by processing the first packet when the function switch of the application is not opened, but not Limited to this.
  • the second IP address may be copied into an IPv6 option header, and the second IP address is modified with the predetermined entropy value in the IPv6 option. A copy of the head.
  • step S504 may be expressed as: encapsulation, modification, but is not limited thereto.
  • modifying the second IP address by using the predetermined entropy value includes at least one of replacing a value of a specified position in the second IP address with a predetermined entropy value, wherein the predetermined entropy value is One of: an eigen-entropy value, a context entropy value, and a comprehensive entropy value; replacing the result obtained by calculating the predetermined entropy value with a value of a specified position in the second IP address, replacing the second IP address a value of the specified location, wherein the predetermined entropy value is one of: an nienic entropy value, a context entropy value, and a comprehensive entropy value; and the value of the specified location in the second IP address is encrypted with the predetermined entropy value
  • the predetermined entropy value is an eigen-entropy value; wherein the eigen-entropy value is an entropy value obtained by hash calculation of at least one feature field in the first packet;
  • the entropy value of the FRC6790 refers to the entropy value generated according to the feature field of the text body, so that the context information of the packet is lacking, and the context information includes the interface of the packet entering the device and the packet to which the packet belongs.
  • the value or the integrated entropy value further improves the uniformity of load balancing.
  • the predetermined entropy value includes an eigen-entropy value
  • the value of the specified position in the second IP address is encrypted by using a predetermined entropy value, that is, the second eigen-entropy value of the first packet is used.
  • the IP address is encrypted.
  • the entropy of the first packet is added to the packet, and the IP address on the PE1 node is encrypted.
  • the non-service-aware node in the underlay network is not required to be upgraded and does not depend on MPLS technology. In this case, the load balancing unevenness in the IPv4 and IPv6 underlay networks is avoided, and the IP address is not exposed.
  • the foregoing feature field may include at least one of the following: a source IP, a destination IP, a protocol type, a source port, a destination port, a ToS field of IPv4, and a Flow-label field of the IPv6 of the first packet;
  • the source media access control (MAC) and the destination MAC address of the first packet the Ethernet type (ethertype) of the first packet, the virtual local area network identity (VLAN ID), and the 802.1p priority. level.
  • the 802.1p priority refers to a priority field defined by 802.1p, and includes a priority in a tag whose Tag Protocol Identifier (TPID) is 0x8100 or 0x88a8.
  • the feature configuration information corresponding to the AC may include at least one of the following: information obtained by the AC mapping; node-level configuration information obtained by the node where the AC is located; and information obtained by mapping the primary interface to which the AC belongs; Information obtained by hashing the Ethernet segment identifier (ESI) corresponding to the primary interface to which the AC belongs; the ESI itself corresponding to the primary interface to which the AC belongs; the primary interface to which the AC belongs ESI IP corresponding to the ESI, wherein the ESI IP is an IP address configured for the ESI, and the ESI IP corresponds to an ESI IP corresponding to an ESI other than the ESI on a node to which the ESI belongs Different from each other.
  • ESI Ethernet segment identifier
  • the foregoing comprehensive entropy value may be obtained according to at least one of the following methods, but is not limited thereto: performing a bitwise logical exclusive OR operation on the eigenenic entropy value and the context entropy value to obtain a Calculating a comprehensive entropy value; calculating the eigeng entropy value, the context entropy value, and any N constants to obtain the integrated entropy value; wherein N is an integer greater than or equal to 1.
  • the service type of the AC may include at least one of: a VPN forwarded based on a MAC header of the first packet in a virtual private network (VPN); VPN forwarded by the IP header of a message (how to refer to the VPN forwarded based on the IP header of the first packet in the VPN, see the exemplary embodiment 9); the VPN forwarded according to the configuration information on the AC in the VPN (See Example 11 for how to forward a VPN in accordance with the configuration information on the AC in the VPN).
  • VPN virtual private network
  • the foregoing step S504 may also be performed as at least one of the following, but is not limited thereto: the PE1 node performs an Extensible Virtual Local Area Network (VXLAN) encapsulation on the first packet;
  • the first packet is encapsulated in a VXLAN Generic Protocol Extensions (GPE);
  • the PE1 node performs Generic Network Virtualization Encapsulation (Geneve) on the first packet; and the PE1 node pairs the first packet.
  • the packet is subjected to Network Virtualization using Generic Routing Encapsulation (NVGRE).
  • the PE1 node encapsulates the first packet with the SRv6 (Segment Routing instantiated on the IPv6 data plane, SRv6).
  • SRv6 Segment Routing instantiated on the IPv6 data plane, SRv6
  • segment route SRv6 may be “implemented by IPv6 data plane” or "SRv6refers to Segment Routing instantiated on the IPv6 data plane".
  • PE1 as the execution subject, but the present invention is not limited to PE1 as the execution subject, and may be PE2, PE3, etc., and is not limited.
  • FIG. 6 is a schematic flowchart of a method for processing a packet in a packet sending process to a P1 node according to an embodiment of the present application. As shown in FIG. 6, the method includes steps S602 and S604.
  • the P1 node receives a third packet sent by the first service provider edge device (PE), where the third packet is an access circuit of the first PE pair from the first PE.
  • the received packet is processed by the fourth packet, where the third packet includes: a first Internet Protocol (IP) address; the first IP address is a predetermined entropy value to the second IP address. And performing the modified IP address, where the predetermined entropy value is used to identify the entropy of the fourth packet.
  • IP Internet Protocol
  • step S604 the P1 node processes the third message.
  • the foregoing first PE may be a PE1 node.
  • the third packet corresponds to the second packet in the embodiment shown in the method for transmitting the packet, and the fourth packet corresponds to the first packet in the method for transmitting the packet.
  • the first IP address included in the received third packet is an IP address obtained by modifying the second IP address by using a predetermined entropy value, where the predetermined entropy value is used to identify the fourth packet.
  • Entropy that is, by carrying the entropy value information related to the entropy of the fourth packet in the IP of the third packet, so that P1 can distinguish the encapsulated different second packet encapsulated by the predetermined entropy value to some extent.
  • the first packet belongs to a different data stream, for example, whether it belongs to a different service, whether it belongs to a different ⁇ source MAC, destination MAC> binary group, that is, the first packet encapsulated in the second packet transmission process
  • the flow characteristics of the packet can avoid the situation that the flow characteristics of the overlay message cannot be reflected in the underlay packet transmission process in the related art, and the degree of load balancing is improved.
  • the first IP address is located in at least one of the following locations of the third packet: source IP, destination IP, and Internet Protocol version 6 IPv6 option header.
  • the first IP address is located in an IPv6 option header of the second packet
  • whether the predetermined entropy value exists in the IPv6 option header is indicated by one of the following manners:
  • the Next-header field indication in the IPv6 header of the third message is indicated by a field in the IPv6 option header.
  • the destination IP address of the third packet is a remote IP address on the node that receives the third packet, that is, the execution entity of the processing method may be a P1 node, and the foregoing step S604 may be represented by at least one of the following
  • the P1 node selects the load balancing forwarding information according to the first IP address, and the P1 node forwards the third packet according to the load balancing forwarding information; the P1 node and the predetermined entropy carried in the first IP address
  • the binary bits corresponding to the values are respectively regarded as predetermined values, and the third packet is subjected to other processing than forwarding; the P1 node directly forwards the third packet.
  • the load balancing forwarding information may be information that the P1 node selects a forwarding path for the third packet in the load balancing process.
  • predetermined entropy value may be the same as the meaning or interpretation of the predetermined entropy value in the embodiment shown in FIG. 5 above, and details are not described herein again.
  • FIG. 7 is a schematic flowchart of a method for processing a packet in a packet sending process to a PE2 node according to an embodiment of the present application. As shown in FIG. 7, the method includes steps S702 and S704.
  • the PE2 node receives the third packet sent by the first service provider edge device PE, where the third packet is the access circuit of the first PE pair from the first PE (AC) a packet obtained by processing the received fourth packet, where the third packet includes: a first Internet Protocol (IP) address; the first IP address is a modification of the second IP address by using a predetermined entropy value The obtained IP address, the predetermined entropy value is used to identify the entropy of the fourth packet.
  • IP Internet Protocol
  • step S704 the PE2 node processes the third message.
  • the foregoing first PE may be a PE1 node.
  • the third packet corresponds to the second packet in the embodiment shown in the method for transmitting the packet, and the fourth packet corresponds to the first packet in the method for transmitting the packet.
  • the PE2 may directly receive the third packet sent by the PE1, or may receive the third packet sent by the PE1 by using the P1 or P2 forwarding manner, but is not limited thereto.
  • the first IP address is located in at least one of the following locations of the third packet: source IP, destination IP, and Internet Protocol version 6 IPv6 option header.
  • the first IP address is located in an IPv6 option header of the second packet
  • whether the predetermined entropy value exists in the IPv6 option header is indicated by one of the following manners:
  • the Next-header field in the IPv6 header of the three messages indicates the field in the header of the IPv6 option.
  • the foregoing step S704 may be performed as follows: The binary bit of the first IP address modified by the predetermined entropy value is set to a predetermined value; wherein the predetermined values set by different binary bits are the same or different; the predetermined entropy value is recalculated and recalculated The predetermined entropy value decrypts a portion of the first IP address in the third packet that is encrypted by the predetermined entropy value; wherein the predetermined entropy value is an intrinsic entropy value; The IPv6 option header stripping of the first IP address in the third packet is stripped; the third packet is directly processed.
  • predetermined entropy value the interpretation of the eigen-entropy value and the like can refer to the explanation of the predetermined entropy value and the eigen-entropy value in the embodiment shown in FIG. 5, and details are not described herein again, thank you.
  • the method according to the above embodiments can be implemented by means of software plus a necessary general hardware platform, and of course, by hardware.
  • the technical solution of the present application which is essential or contributes to the related art, may be embodied in the form of a software product stored in a storage medium such as a read only memory/random access memory. (Read Only Memory/Random Access Memory, ROM/RAM), a disk, and an optical disk, including instructions for causing a terminal device (which may be a mobile phone, a computer, a server, or a network device, etc.) to perform each implementation of the present application.
  • a terminal device which may be a mobile phone, a computer, a server, or a network device, etc.
  • a device for transmitting a message is provided, and the device is configured to implement the foregoing embodiments and example embodiments, and details are not described herein.
  • the term "module” is a combination of at least one of software and hardware that can perform a predetermined function.
  • the apparatus described in the following embodiments may be implemented in software, but hardware, or a combination of software and hardware, is also possible and conceivable.
  • the sending apparatus of the packet may be located on the PE node shown in any one of FIG. 1 to FIG. 4, such as the PE1 node, the PE2 node, or the PE3 node shown in FIG. Not limited to this.
  • FIG. 8 is a structural block diagram of a device for transmitting a message according to an embodiment of the present application. As shown in FIG. 8, the device includes a receiving module 82, a processing module 84, and a sending module 86.
  • the receiving module 82 is configured to receive the first message from the access circuit (AC).
  • the processing module 84 is connected to the receiving module 82, and configured to process the first packet to obtain at least one second packet.
  • the second packet includes: a first Internet Protocol (IP) address.
  • IP Internet Protocol
  • the first IP address is an IP address obtained by modifying a second IP address using a predetermined entropy value; wherein the predetermined entropy value is used to identify an entropy of the first packet.
  • the sending module 86 is connected to the processing module 84 and configured to send the second packet.
  • the first IP address included in the second packet to be sent is an IP address obtained by modifying the second IP address by using a predetermined entropy value, where the predetermined entropy value is used to identify the entropy of the first packet. That is, by carrying the entropy value information related to the entropy of the first packet in the first IP of the second packet, the node receiving the second packet can benefit from the predetermined entropy value to a certain extent Differentiate whether the first packet encapsulated in the received second packet belongs to a different data stream, for example, whether it belongs to a different service, whether it belongs to a different ⁇ source MAC, destination MAC> binary group, that is, in the second packet.
  • the flow characteristics of the first packet encapsulated in the transmission process can be reflected in the transmission process, thereby avoiding the situation that the flow characteristics of the overlay message cannot be reflected in the underlay packet transmission process in the related art, and the degree of load balancing is improved.
  • the access circuit (AC) is an interface, a sub-interface, or a virtual circuit between a PE node and a customer edge (CE) node, where the PE node includes a VTEP node and an NVE node; entropy
  • the value E (such as the above-mentioned predetermined entropy value) identifies the entropy of the packet P (such as the first packet), and the entropy value E is the at least one specified information corresponding to the packet P by the specified algorithm F.
  • the calculated value is performed, and when any one of the specified information corresponding to the message P is randomly changed, the entropy value E calculated by the algorithm F also has a predetermined probability to change.
  • the predetermined probability is determined by the algorithm F, the total number of binary bits occupied by all the specified information, the total number of binary bits occupied by the specified information, and the total number of binary bits occupied by the entropy value E.
  • the first IP address may be located in at least one of the following locations of the second packet: source IP, destination IP, and Internet Protocol version 6 IPv6 option header.
  • source IP source IP
  • destination IP Internet Protocol version 6 IPv6 option header
  • the MPLS encapsulation of the packet is not required, that is, in the IPv4 or IPv6 network that does not support MPLS, the packet is implemented.
  • the method of carrying the entropy value further avoids the uneven load balancing in the IPv4 and IPv6 underlay networks without requiring the non-service-aware node upgrade in the underlay network and not relying on the MPLS technology.
  • the first IP address is located in an IPv6 option header of the second packet
  • whether the predetermined entropy value exists in the IPv6 option header is indicated by one of the following manners:
  • the Next-header field in the IPv6 header of the second message indicates that it is indicated by a field in the IPv6 option header.
  • IPv6 header may be an IPv6 option header or an IPv6 mandatory header, which is not limited thereto.
  • the second IP address may be the source IP or the destination IP of the second packet obtained by processing the first packet when the function switch of the application is not opened, but not Limited to this.
  • the second IP address may be copied into an IPv6 option header, and the second IP address is modified with the predetermined entropy value in the IPv6 option. A copy of the head.
  • processing may be expressed as: encapsulation, modification, but not limited thereto.
  • modifying the second IP address by using the predetermined entropy value includes at least one of replacing a value of a specified position in the second IP address with a predetermined entropy value, wherein the predetermined entropy value is One of: an eigen-entropy value, a context entropy value, and a comprehensive entropy value; replacing the result obtained by calculating the predetermined entropy value with a value of a specified position in the second IP address, replacing the second IP address a value of the specified location, wherein the predetermined entropy value is one of: an nienic entropy value, a context entropy value, and a comprehensive entropy value; and the value of the specified location in the second IP address is encrypted with the predetermined entropy value
  • the predetermined entropy value is an eigen-entropy value; wherein the eigen-entropy value is an entropy value obtained by hash calculation of at least one feature field in the first packet;
  • the entropy value of the FRC6790 refers to the entropy value generated according to the feature field of the text body, so that the context information of the packet is lacking, and the context information includes the interface of the packet entering the device and the packet to which the packet belongs.
  • the value or the integrated entropy value further improves the uniformity of load balancing.
  • the predetermined entropy value includes an eigen-entropy value
  • the value of the specified position in the second IP address is encrypted by using a predetermined entropy value, that is, the second eigen-entropy value of the first packet is used.
  • the IP address is encrypted.
  • the entropy of the first packet is added to the packet and the IP address on the PE1 node is encrypted.
  • the non-service-aware node in the underlay network is not required to be upgraded and does not depend on MPLS technology. In this case, the load balancing in the IPv4 and IPv6 underlay networks is not uniform, and the IP address is not exposed.
  • the foregoing feature field may include at least one of the following: source IP, destination IP, protocol type, source port, destination port, IPv4 ToS field, and IPv6 flow label (Flow-1abel) of the first packet. a field; a source media access control (MAC) of the first packet, a destination MAC; an ethertype of the first packet, an inner and outer virtual local area network identifier (VLAN ID), and an 802.1p priority;
  • the 802.1p priority refers to a priority field defined by 802.1p, and includes a priority in a tag whose Tag Protocol Identifier (TPID) is 0x8100 or 0x88a8.
  • the feature configuration information corresponding to the AC may include at least one of the following: information obtained by the AC mapping; node-level configuration information obtained by the node where the AC is located; and information obtained by mapping the primary interface to which the AC belongs; Information obtained by hashing the Ethernet segment identifier (ESI) corresponding to the primary interface to which the AC belongs; the ESI itself corresponding to the primary interface to which the AC belongs; the ESI IP corresponding to the ESI corresponding to the primary interface to which the AC belongs,
  • the ESI IP is an IP address configured for the ESI, and the ESI IP is different from the ESI IP corresponding to other ESIs on the node to which the ESI belongs.
  • the processing module 84 may be further configured to obtain the foregoing comprehensive entropy value according to at least one of the following methods, but is not limited thereto: performing bitwise by the eigen entropy value and the context entropy value Performing a logical exclusive OR operation to obtain the integrated entropy value; calculating by the eigen-entropy value, the context entropy value, and any N constants to obtain the comprehensive entropy value; wherein N is an integer greater than or equal to . It should be noted that the above calculation may be hashed, but is not limited thereto.
  • the service type of the AC may include at least one of: a VPN forwarded based on a MAC header of the first packet in a virtual private network (VPN); A VPN forwarded by the IP header of a packet; a VPN forwarded in the VPN according to the configuration information on the AC.
  • VPN virtual private network
  • the processing module 84 may be configured as at least one of the following, but is not limited thereto: performing an Extensible Virtual Local Area Network (VXLAN) encapsulation on the first packet;
  • the packet is subjected to VXLAN General Protocol Extension (GPE) encapsulation;
  • the first packet is subjected to a general network virtualization encapsulation (Geneve); and the first packet is subjected to network virtualization for network virtualization (Gene Virtualization using Generic Routing) Encapsulation, NVGRE); extending the SRv6 encapsulation of the first packet.
  • VXLAN VXLAN General Protocol Extension
  • the embodiment of the present application further provides a processing device for a message that can be used in the topology shown in any of the above-mentioned FIG. 1 to FIG. 4, and it should be noted that the processing device for the topology message may be located in FIG. 1 to A PE node (such as PE1, PE2, and PE3 is not limited to this) or a non-service-aware node (P1 or P2), and FIG. 9 is a processing device of a packet according to an embodiment of the present application.
  • the block diagram, as shown in FIG. 9, includes a receiving module 92 and a processing module 94.
  • the receiving module 92 is configured to receive a third packet sent by the first service provider edge device PE, where the third packet is an access circuit (AC) of the first PE pair from the first PE
  • the received packet is processed by the received fourth packet, where the third packet includes: a first Internet Protocol (IP) address; the first IP address is modified by using a predetermined entropy value to obtain the second IP address.
  • IP Internet Protocol
  • the IP address, the predetermined entropy value is used to identify the entropy of the fourth packet.
  • the processing module 94 is connected to the receiving module 92 and configured to process the third packet.
  • the third message corresponds to the second message in the embodiment shown in FIG. 8
  • the fourth message corresponds to the first message in the embodiment shown in FIG. 8
  • the PE node where the device shown in FIG. 8 is located in the first PE is not limited thereto.
  • the first IP address included in the received third packet is an IP address obtained by modifying the second IP address by using a predetermined entropy value, where the predetermined entropy value is used to identify the fourth packet.
  • Entropy that is, by carrying the entropy value information related to the entropy of the fourth packet in the IP of the third packet, so that P1 can distinguish the encapsulated different second packet encapsulated by the predetermined entropy value to some extent.
  • the first packet belongs to a different data stream, for example, whether it belongs to a different service, whether it belongs to a different ⁇ source MAC, destination MAC> binary group, that is, the first packet encapsulated in the second packet transmission process
  • the flow characteristics of the packet can avoid the situation that the flow characteristics of the overlay message cannot be reflected in the underlay packet transmission process in the related art, and the degree of load balancing is improved.
  • the first IP address is located in at least one of the following locations of the third packet: source IP, destination IP, and Internet Protocol version 6 IPv6 option header.
  • the destination IP address of the third packet is the remote IP address of the node that receives the third packet, that is, the processing device is located in the P1 node, and the processing module 94 may be configured to be at least one of the following:
  • the first IP address selects the load balancing forwarding information, and the third packet is forwarded according to the load balancing forwarding information; and the binary bits corresponding to the predetermined entropy value carried in the first IP address are respectively regarded as a predetermined value, performing processing other than forwarding on the third packet; directly forwarding the third packet.
  • load balancing forwarding information may be information for selecting a forwarding path for the third packet in the load balancing process.
  • the processing module 94 may be configured to set at least one of the following: The binary bits in the first IP address modified by the predetermined entropy value are set to a predetermined value; wherein the predetermined values set by different binary bits are the same or different; the predetermined entropy value is recalculated, and Calculating, by the predetermined entropy value, a portion of the first IP address in the third packet that is encrypted by the predetermined entropy value; wherein the predetermined entropy value is an intrinsic entropy value; The IPv6 option header including the first IP address in the third packet is stripped; the third packet is directly processed.
  • predetermined entropy value may be the same as the meaning or interpretation of the predetermined entropy value in the embodiment shown in FIG. 8 above, and details are not described herein again.
  • the foregoing multiple modules may be implemented by software or hardware.
  • the foregoing may be implemented by, but not limited to, the foregoing modules are all located in the same processor; or, the multiple modules are The form of any combination is located in a different processor.
  • the embodiment of the present application further provides a PE node, which may be a PE node as shown in any one of FIG. 1 to FIG. 4, such as a PE1 node, a PE2 node, or a PE3 node shown in FIG.
  • the PE node includes a communication interface 1002 and a processor 1004.
  • the communication interface 1002 is configured to receive the first message from the access circuit (AC).
  • the processor 1004 is connected to the communication interface 1002, and is configured to process the first packet to obtain at least one second packet.
  • the second packet includes: a first Internet Protocol (IP) address; the first IP address.
  • IP Internet Protocol
  • the address is an IP address obtained by modifying the second IP address using a predetermined entropy value; wherein the predetermined entropy value is used to identify the entropy of the first packet.
  • the communication interface 1002 is further configured to send a second message.
  • the first IP address included in the second packet sent by the PE node is an IP address obtained by modifying the second IP address by using a predetermined entropy value, where the predetermined entropy value is used to identify the first packet.
  • Entropy that is, by carrying the entropy value information related to the entropy of the first packet in the first IP of the second packet, so that the node receiving the second packet can benefit from the predetermined entropy value to a certain extent Whether the first packet encapsulated in the received second packet belongs to a different data stream, for example, whether it belongs to a different service, whether it belongs to a different ⁇ source MAC, destination MAC> binary group, that is, in the second report.
  • the transmission process of the text can reflect the flow characteristics of the first packet encapsulated in the text, so that the flow characteristics of the overlay message cannot be reflected in the underlay packet transmission process in the related art, and the degree of load balancing is improved.
  • the access circuit (AC) is an interface, a sub-interface, or a virtual circuit between a PE node and a client edge CE node, where the PE node includes a VTEP node and an NVE node; and an entropy value E
  • the entropy of the packet P (such as the foregoing first packet) is determined by the entropy value E, and the at least one specified information corresponding to the packet P is calculated by the specified algorithm F.
  • the predetermined probability is determined by the algorithm F, the total number of binary bits occupied by all the specified information, the total number of binary bits occupied by the specified information, and the total number of binary bits occupied by the entropy value E.
  • the first IP address may be located in at least one of the following locations of the second packet: source IP, destination IP, and Internet Protocol version 6 IPv6 option header.
  • source IP source IP
  • destination IP Internet Protocol version 6 IPv6 option header
  • the MPLS encapsulation of the packet is not required, that is, in the IPv4 or IPv6 network that does not support MPLS, the packet is implemented.
  • the method of carrying the entropy value further avoids the uneven load balancing in the IPv4 and IPv6 underlay networks without requiring the non-service-aware node upgrade in the underlay network and not relying on the MPLS technology.
  • the first IP address is located in an IPv6 option header of the second packet
  • whether the predetermined entropy value exists in the IPv6 option header is indicated by one of the following manners:
  • the Next-header field in the IPv6 header of the second message indicates that it is indicated by a field in the IPv6 option header.
  • IPv6 header may be an IPv6 option header or an IPv6 mandatory header, which is not limited thereto.
  • the second IP address may be the source IP or the destination IP of the second packet obtained by processing the first packet when the function switch of the application is not opened, but not Limited to this.
  • the second IP address may be copied into an IPv6 option header, and the second IP address is modified with the predetermined entropy value in the IPv6 option. A copy of the head.
  • processing may be expressed as: encapsulation, modification, but not limited thereto.
  • modifying the second IP address by using the predetermined entropy value includes at least one of replacing a value of a specified position in the second IP address with a predetermined entropy value, wherein the predetermined entropy value is One of: an eigen-entropy value, a context entropy value, and a comprehensive entropy value; replacing the result obtained by calculating the predetermined entropy value with a value of a specified position in the second IP address, replacing the second IP address a value of the specified location, wherein the predetermined entropy value is one of: an nienic entropy value, a context entropy value, and a comprehensive entropy value; and the value of the specified location in the second IP address is encrypted with the predetermined entropy value
  • the predetermined entropy value is an eigen-entropy value; wherein the eigen-entropy value is an entropy value obtained by hash calculation of at least one feature field in the first packet;
  • the entropy value of the FRC6790 refers to the entropy value generated according to the feature field of the text body, so that the context information of the packet is lacking, and the context information includes the interface of the packet entering the device and the packet to which the packet belongs.
  • the value or the integrated entropy value further improves the uniformity of load balancing.
  • the predetermined entropy value includes an eigen-entropy value
  • the value of the specified position in the second IP address is encrypted by using a predetermined entropy value, that is, the second eigen-entropy value of the first packet is used.
  • the IP address is encrypted.
  • the entropy of the first packet is added to the packet, and the IP address on the PE1 node is encrypted.
  • the non-service-aware node in the underlay network is not required to be upgraded and does not depend on MPLS technology. In this case, the load balancing unevenness in the IPv4 and IPv6 underlay networks is avoided, and the IP address is not exposed.
  • the foregoing feature field may include at least one of the following: a source IP, a destination IP, a protocol type, a source port, a destination port, an IPv4 ToS field, and a Flow-1abel field of the IPv6.
  • a source media access control (MAC) and a destination MAC address of the first packet an ethertype of the first packet, an inner and outer virtual local area network identifier (VLAN ID), and an 802.1p priority
  • the 802.1p priority refers to the priority field defined by 802.1p, including the priority in the tag with the Tag Protocol Identifier (TPID) of 0x8100 or 0x88a8.
  • TPID Tag Protocol Identifier
  • the feature configuration information corresponding to the AC may include at least one of the following: information obtained by the AC mapping; node-level configuration information obtained by the node where the AC is located; and information obtained by mapping the primary interface to which the AC belongs; Information obtained by hashing the Ethernet segment identifier (ESI) corresponding to the primary interface to which the AC belongs; the ESI itself corresponding to the primary interface to which the AC belongs; the ESI IP corresponding to the ESI corresponding to the primary interface to which the AC belongs,
  • the ESI IP is an IP address configured for the ESI, and the ESI IP is different from the ESI IP corresponding to other ESIs on the node to which the ESI belongs.
  • the processor 1004 may be further configured to obtain the foregoing comprehensive entropy value according to at least one of the following methods, but is not limited thereto: performing bitwise by the eigen entropy value and the context entropy value Performing a logical exclusive OR operation to obtain the integrated entropy value; calculating by the eigen-entropy value, the context entropy value, and any N constants to obtain the comprehensive entropy value; wherein N is an integer greater than or equal to . It should be noted that the above calculation may be hashed, but is not limited thereto.
  • the service type of the AC may include at least one of: a VPN forwarded based on a MAC header of the first packet in a virtual private network (VPN); A VPN forwarded by the IP header of a packet; a VPN forwarded in the VPN according to the configuration information on the AC.
  • VPN virtual private network
  • the processor 1004 may be configured as at least one of the following, but is not limited thereto: performing an extensible virtual local area network (VXLAN) encapsulation on the first packet; The packet is subjected to VXLAN General Protocol Extension (GPE) encapsulation; the first packet is subjected to a general network virtualization encapsulation (Geneve); and the first packet is subjected to network virtualization for network virtualization (Gene Virtualization using Generic Routing) Encapsulation, NVGRE); extending the SRv6 encapsulation of the first packet.
  • VXLAN VXLAN General Protocol Extension
  • FIG. 11 is a structural block diagram of a node according to an embodiment of the present application. As shown in FIG. 11, the device includes a communication interface 1102 and a processor 1104.
  • a PE node such as PE1, PE2, PE3 is not limited to this
  • P1 or P2 non-service aware node
  • the communication interface 1102 is configured to receive a third packet sent by the first serving provider edge device PE, where the third packet is a fourth packet received by the first PE from the access circuit (AC) of the first PE. And processing the obtained packet, the third packet includes: a first Internet Protocol (IP) address; the first IP address is an IP address obtained by modifying the second IP address by using a predetermined entropy value, and the predetermined entropy value is used for identifying The entropy of the fourth message.
  • IP Internet Protocol
  • the processor 1104 is connected to the communication interface 1102 and configured to process the third message.
  • the first IP address included in the received third packet is an IP address obtained by modifying the second IP address by using a predetermined entropy value, where the predetermined entropy value is used to identify the fourth packet.
  • Entropy that is, by carrying the entropy value information related to the entropy of the fourth packet in the IP of the third packet, so that P1 can distinguish the encapsulated different second packet encapsulated by the predetermined entropy value to some extent.
  • the first packet belongs to a different data stream, for example, whether it belongs to a different service, whether it belongs to a different ⁇ source MAC, destination MAC> binary group, that is, the first packet encapsulated in the second packet transmission process
  • the flow characteristics of the packet can avoid the situation that the flow characteristics of the overlay message cannot be reflected in the underlay packet transmission process in the related art, and the degree of load balancing is improved.
  • the third message corresponds to the second message in the embodiment shown in FIG. 10
  • the fourth message corresponds to the first message in the embodiment shown in FIG.
  • the first PE described above is the PE node shown in FIG. 10, but is not limited thereto.
  • the first IP address is located in at least one of the following locations of the third packet: source IP, destination IP, and Internet Protocol version 6 IPv6 option header.
  • the destination IP address of the third packet is the remote IP address of the node that receives the third packet, that is, the node is a non-service aware node
  • the processor 1104 may be configured as at least one of the following Selecting the load balancing forwarding information according to the first IP address, and forwarding the third packet according to the load balancing forwarding information; respectively, the binary bits corresponding to the predetermined entropy value carried in the first IP address are respectively Considering a predetermined value, performing processing other than forwarding on the third packet; directly forwarding the third packet.
  • load balancing forwarding information may be information for selecting a forwarding path for the third packet in the load balancing process.
  • the processor 1104 may be configured to be at least one of the following: The binary bit of the first IP address modified by the predetermined entropy value is set to a predetermined value; wherein the predetermined values set by different binary bits are the same or different; the predetermined entropy value is recalculated and recalculated The predetermined entropy value decrypts a portion of the first IP address in the third packet that is encrypted by the predetermined entropy value; wherein the predetermined entropy value is an intrinsic entropy value; The IPv6 option header stripping of the first IP address in the third packet is stripped; the third packet is directly processed.
  • predetermined entropy value may be the same as the meaning or interpretation of the predetermined entropy value in the embodiment shown in FIG. 10 above, and details are not described herein again.
  • the embodiment of the present application further provides a packet processing system, including: a first node and a second node; wherein the first node is configured to receive a first packet from an access circuit (AC), where The first packet is processed to obtain at least one second packet, and the second packet is sent to the second node, where the second packet includes: a first Internet Protocol (IP) address;
  • IP Internet Protocol
  • the first IP address is an IP address obtained by modifying a second IP address using a predetermined entropy value; wherein the predetermined entropy value is used to identify an entropy of the first packet; and the second node is set to After receiving the second packet, processing the second packet.
  • IP Internet Protocol
  • the first node may be the PE node shown in FIG. 10 in the foregoing Embodiment 3
  • the second node may be the node shown in FIG. 11 in the foregoing Embodiment 3 (PE node or non-service sensing). node).
  • PE node or non-service sensing node
  • the embodiment of the present application further provides a storage medium including a stored program, wherein the program runs to perform the method described in any of the above.
  • the foregoing storage medium may include, but is not limited to, a USB flash drive, a read-only memory (ROM), a random access memory (RAM), a mobile hard disk, a magnetic disk, or an optical disk.
  • ROM read-only memory
  • RAM random access memory
  • mobile hard disk a magnetic disk
  • optical disk a variety of media that can store program code.
  • Embodiments of the present application also provide a processor configured to execute a program, wherein the program executes the steps of any of the above methods when executed.
  • the entropy IP transceiver node provided by the exemplary embodiment of the present application is used as a PE node, and the non-service-aware node of the relevant underlay network is not upgraded, and the underlay network is not required to support the MPLS technology, thereby avoiding non-service awareness of the related underlay network.
  • the load balancing on the node cannot reflect the flow characteristics of the overlay packet.
  • the entropy value can be carried in at least one of the source IP and the destination IP, it is possible to avoid load balancing unevenness and the need to upgrade the non-service-aware node of the relevant underlay network and the requirement that the underlay network support the MPLS technology.
  • the use of unified technology avoids uneven load balancing in IPv4 and IPv6 underlay networks. Since the context entropy value is identified, the degree of uniformity of the load balancing is further improved by further carrying the context entropy value. Further, by encrypting the source IP or the destination IP with the intrinsic entropy value of the Overlay packet, the entropy of the Overlay packet is added to the underlay IP header, and the IP address on the PE node is encrypted, which can be simultaneously improved. In the above case, the effect of the entropy value is achieved to achieve a comprehensive effect.
  • the system includes: a VPN infrastructure module, an entropy IP first plug-in module, and an entropy IP second plug-in module, where entropy IP is second.
  • the plug-in module is optional, that is, the PE node may include an entropy IP second plug-in module, or may not include an entropy IP second plug-in module, and specifically includes or does not include an entropy IP second plug-in module, and may be set as needed, and Not limited.
  • the VPN infrastructure module may be similar to the functions performed by the receiving module 82 and the sending module 86, and may complete some functions of the processing module 84, and may complete the functions of the communication interface 1002 and the portion of the processor 1004.
  • the function, or the functions performed by the communication interface 1102 described above and some functions of the processor 1104, may be completed, but are not limited thereto.
  • the entropy IP first plug-in module may perform some functions of the processing module 84 or the processor 1004, such as a function of modifying a second IP using a predetermined entropy value; the entropy IP second plug-in module may complete the processor 1104. Some features, but not limited to this.
  • FIG. 13 is a schematic structural diagram of a non-service-aware node according to an exemplary embodiment of the present application. As shown in FIG. 13, the method includes: an IP basic setting module and an entropy IP third plug-in module. It should be noted that the entropy IP third plug-in module is optional, that is, the non-service-aware node may include an entropy IP third plug-in module, or may not include an entropy IP third plug-in module, and specifically includes or does not include entropy IP.
  • the three plug-in modules can be set as needed, and are not limited.
  • IP basic setting module may complete some functions of the communication interface 1102 and the processor 1104.
  • the entropy IP third plug-in module may perform some functions of the processor 1104, but is not limited thereto.
  • the common VXLAN service is implemented according to RFC7348, and the control plane module of the obtained VXLAN service is the control plane and the human-machine interface part of the VPN infrastructure module.
  • the forwarding plane module of the obtained VXLAN service is the forwarding plane part of the VPN infrastructure module.
  • this module has the same human machine interface and processing flow as RFC7348 described above.
  • an EVPN control plane module obtained by the above method is used for the configuration of the VXLAN tunnel, the configuration of the EVPN instance, the binding configuration of the AC and the EVPN instance, and the VXLAN tunnel. Binding configuration of the EVPN instance.
  • the EVPN instance is identified by the VNI and the VNI is configured by the user.
  • the VXLAN tunnel uses the VPN Router ID of the node as the source IP and the VPN Router ID of the peer node as the destination IP.
  • the VPN Router ID is an IP address of a loopback interface. For the sake of simplicity, without loss of generality, this module sets a node with only one VPN Router ID.
  • the module needs to implement a plug-in mechanism, and when the module forwards the first packet according to the RFC7432 process, the IP packet is added to the first packet, and the X-th message is obtained. The packet does not encapsulate the link layer forwarding information (such as the Ethernet header). Then, the X-th entropy IP first plug-in module is used to modify the source IP address and the destination IP address in the IP encapsulation to obtain the Yth packet, and then obtain the Yth packet.
  • the link layer forwarding information such as the Ethernet header
  • the plugin mechanism can be a function call, a callback function, a polymorphic function, or a standalone plugin.
  • the forwarding plane of the module is the same as that of the forwarding plane of the RFC7348, including the BUM packet forwarding process, the MAC learning process, and the unicast forwarding and forwarding process.
  • the IP address of the VPN Router ID must be a loopback interface address
  • the loopback interface address can be configured with a subnet mask, and the value of each bit of the subnet mask is not required to be 1 . It is worth mentioning that when the low N bit value of the subnet mask is 0, the loopback interface will form a route prefix corresponding to the subnet mask in the IP routing table, and in the underlay network. The route prefix is advertised; and the node considers that the packet with the destination IP address matching the route prefix is the packet of the loopback interface and the packet whose destination IP address is the IP address of the loopback interface. The same processing.
  • the underlay network is set to be an IPv4 network. Therefore, the source IP address and the destination IP address of the VXLAN tunnel are both IPv4 addresses.
  • the destination IP of the received third packet (equivalent to the second packet or the third packet in the foregoing embodiment) matches the interface corresponding to the interface where the source IP address of the EVPN tunnel is located.
  • the third packet is matched to the tunnel, and the source IP of the third packet is matched to the destination IP address of the EVPN tunnel.
  • the module further calculates a 5-bit entropy value by using a hash operation based on the source MAC address of the first packet, and replaces the destination IP address of the IP packet input by the VPN infrastructure module with the obtained entropy value.
  • the basic IPv4 routing and the IPv4 forwarding function are implemented according to the related technologies.
  • the IPv4 forwarding function includes an MC-LAG-based load balancing function, and the load balancing uses the received IP packet (corresponding to the second packet in the foregoing embodiment). Or the IP quintuple of the third packet is used as an entropy factor to perform a hash calculation to obtain an entropy value of the IP packet.
  • the module does not sense whether the IP packet has the entropy of the inner packet. However, if the source IP or the destination IP of the IP packet already contains the entropy of the inner packet, the entropy factor automatically includes the entropy of the inner packet, and the new entropy value is obtained. Includes the entropy of the inner message.
  • This module also does not need to call the entropy IP third plugin.
  • the network and service deployment process includes the following six steps.
  • the PE node is selected as the PE1, PE2, and PE3 nodes, and the non-service aware node is selected as the P1 and P2 nodes, and the underlay network type is selected.
  • the network and service deployment process sections in each of the exemplary embodiments of the present application use the nodes defined in the exemplary embodiment as the PE1, PE2, PE3, P1, and P2 nodes, and details are not described herein again.
  • the underlay network type selected in this example embodiment is an IPv4 network.
  • the second step is to configure and publish the VPN Router ID of each PE node.
  • Configure a loopback interface for each PE node configure an IP address and a corresponding subnet mask for the loopback interface, and use the IP address of the loopback interface as the VPN router ID of the PE and use the VPN Router ID.
  • the route prefix generated by the corresponding subnet mask is reachable in the underlay network (can be pinged); the VPN router ID and corresponding route prefix of each PE are different.
  • the subnet mask of the loopback interface is a 27-bit subnet mask, and the value of the host identification part of the IP address of each loopback interface is 1.
  • a normal VXLAN network as shown in FIG. 1 is established and each VXLAN tunnel is configured.
  • the VXLAN tunnel is configured to use the VPN router ID of the target PE node as the destination IP address of the VXLAN tunnel, and the VPN router ID is used as the source IP address of the VXLAN tunnel.
  • the VXLAN tunnel configured in this way takes the VXLAN tunnel between PE1 and PE3 as an example.
  • the source IP address of the tunnel is the VPN Router ID of PE1
  • the destination IP address is the VPN Router ID of PE3.
  • the source IP address of the tunnel is the VPN Router ID of PE3, and the destination IP address is the VPN Router ID of PE1.
  • a VXLAN service is established as shown in FIG.
  • Each of the six interfaces, such as AC1, AC2, AC3, AC4, AC5, and AC6, is bound to the VXLAN service as an access circuit, and the VXLAN tunnels are bound to the VXLAN service.
  • the access side loop is eliminated.
  • the PEs receive the BUM packets received by the PE3 from the AC3 (equivalent to the first packet or the fourth packet in the foregoing embodiment). For example, PE3 will copy one copy of PE1 and PE2. When PE1 and PE2 send packets to CE1, one of the nodes can discard one of them. This is to deploy an MC-LAG on the physical interface to which AC1 and AC2 belong. The session is blocked by the physical interface of AC1 and AC2. After the MC-LAG is enabled, CE1 will not receive two BUM packets. The Layer 2 loop between CE1, PE1, and PE2 also disappears.
  • MC-LAG multi-chassis-link Aggregation Group
  • the VXLAN service is established, and the data packet can be used to verify the forwarding behavior and effect on the PE node and the non-service aware node defined in the exemplary embodiment.
  • the end-to-end packet forwarding process includes the following three steps.
  • the first step is when the PE1 node receives a Broadcast Unknown-unicast & Multicast (BUM) message B1 from the local AC1 (equivalent to the first packet or the fourth packet in the foregoing embodiment).
  • the PE node forwards the B1 message according to the forwarding process defined in RFC7348, and respectively copies two copies B1b of the B1 message (corresponding to the second message or the third message in the foregoing embodiment) and B1c (equivalent to The second packet or the third packet in the foregoing embodiment is sent to the PE2 and the PE3, and the B1b and the B1c packets are added with a VXLAN encapsulation, and the VXLAN encapsulation is external to the B1 packet.
  • the eigen-entropy value of the B1 message is included in the layer IP header, and the eigen-entropy value is an entropy value calculated by the feature field of the B1 text body.
  • the second step assumes that a non-service aware node P1 in the underlay network first receives the B1c message before the PE3 node receives the B1c message, because the P1 node does not To perceive the inner layer packet, it will still forward the B1c packet according to the destination IP address of the B1c packet, as in the case of forwarding the normal IP packet, without losing the generality.
  • the P1 node is configured to press the B1c packet.
  • the destination IP derived forwarding result is that the B1c message is forwarded from the link aggregation group (LAG) between the P1 node and the P2 node shown in FIG.
  • LAG link aggregation group
  • the P1 node calculates the load sharing entropy value according to the quintuple corresponding to the outermost IP header of the B1c packet, as in the case of forwarding the normal IP packet, but the outermost destination IP address of the B1c packet is The entropy of the B1 message has been included. Therefore, the entropy value of the B1c message calculated on the P1 node will automatically contain the entropy of the B1 message. In this way, the entropy value of the B1 message and the entropy value of the B1c message change when the feature field of the inner B1 packet takes a different value, so the load sharing process on the P1 node is given.
  • the egress forwarding information finally selected by the B1c packet will also change, that is, the load sharing on the P1 node is more uniform, because before the PE1 implements this application, no matter how the B1 packet changes, the P1 junction
  • the egress forwarding information obtained by clicking the B1c packet is the same.
  • the balance of the load sharing on the P1 node is improved by the entropy of the inner B1 message added by the PE1 to the outer IP header of the B1c message.
  • the VPN infrastructure module can perform performance statistics on the B1c packet, and the algorithm for performing performance statistics on the B1c packet is not included in the B1c packet.
  • the entropy values are different and different performance statistics counters are used, because for the PE3 nodes, the entropy values used in the present exemplary embodiment are pseudo-random, which is meaningless.
  • This module is the same as the module of the same name in the exemplary embodiment 1, except where explicitly stated.
  • the module sets the underlay network to be an IPv6 network. It is worth mentioning that this means that the source IP address and destination IP address of the VXLAN tunnel configured in this module are both IPv6 addresses.
  • the plug-in mechanism of the module is further processed after receiving the third packet and performing link layer error detection processing and IP layer error detection processing on the third packet.
  • the entropy IP second plug-in module is called to modify the source IP and the destination IP in the IP encapsulation, and then the modified packet continues to be processed according to the processing flow in RFC7348.
  • This module is the same as the module of the same name in the exemplary embodiment 1, except where explicitly stated.
  • the module uses the hash value of the interface name of the physical interface to which the ingress AC of the first packet belongs, as the 32-bit entropy value of the first packet.
  • the source IP address and the destination IP of the VXLAN package used in this module are both IPv6 addresses and conform to the format defined in RFC7348 Section 5 Figure 2.
  • the module uses the source IP field of the second packet as the entropy IP, and the entropy IP is the IP obtained by replacing the lower 32 bits of the source IP input by the VPN infrastructure module with the entropy value. address.
  • entropy IP refers to using the field as a carrier of the entropy of the first packet, by using the entropy value of the first packet to entropy.
  • the IP is modified such that the entropy of the first packet is carried in the entropy IP.
  • the module determines the position of the binary bit to be modified in the third message, and modifies the binary bit at the position.
  • the module is limited to the implementation of the entropy IP first plug-in module, and the module determines that the binary bit to be modified in the third packet is the lower 32 bits of the source IP address, and accordingly, the module further determines that each modification is needed.
  • the bit of the bit, specifically the modification of the bit, is to clear the bit.
  • This module is the same as the module of the same name in the exemplary embodiment 1, except where specifically stated.
  • the module is implemented as a software, and needs to implement a plug-in mechanism, which is set to call the entropy IP third plug-in module to obtain two IP address values, one of which is a source IP substitute value, and the other is a destination IP replacement. value.
  • the plugin mechanism can be a function call, a callback function, a polymorphic function, or a standalone plugin.
  • the module performs link layer error detection processing and IP layer error detection processing on the third packet, and performs source other than load balancing and the third packet.
  • the IP infrastructure is invoked to obtain the source IP substitute value and the destination IP substitute value of the third packet, and the source IP substitute value (or destination IP substitute value) is replaced by the source IP substitute value
  • the source IP value (or destination IP value) of the third packet participates in the processing related to the source IP (or destination IP) address.
  • the processing related to the source IP address of the third packet including the processing of the third text body, and the processing of other messages generated by the third packet triggering, for example, when the third newspaper
  • the node may respond to the source IP address of the third packet with an ICMP message.
  • the main function of this module is to return the source IP substitute value and the destination IP substitute value according to the source IP and destination IP of the IP packet input by the IP infrastructure module.
  • the algorithm for determining the source IP substitute value and the destination IP substitute value is as follows: if the source IP takes the entropy mask to 0, the source IP substitute value is the value of the source IP itself; if the destination IP takes the entropy mask If the value is 0, the destination IP substitute value is the value of the destination IP itself. If the source IP entropy mask is not 0, the source IP address and the source IP take the inverse of the entropy mask.
  • the entropy mask is taken with the destination IP address and the destination IP
  • the inverse of the code performs a bitwise logical AND operation, and the lowest binary position of the obtained result is 1 as the destination IP substitute value.
  • the source IP entropy mask and the destination IP entropy mask are both IPv6 address formats, and the source IP takes the entropy mask hexadecimal value as 0x0FFFFFFFF.
  • the value of the destination IP entropy mask is 0.
  • the module then returns the source IP substitute value and the destination IP substitute value to the IP infrastructure module.
  • this module does not change the messages entered by the IP infrastructure.
  • This step is the same as the corresponding step in the exemplary embodiment 1, except where specifically stated.
  • the underlay network is an IPv6 network
  • the loopback interface where each VPN router ID is located is configured with a 96-bit subnet mask
  • the source IP address and the destination IP address of the VXLAN tunnel are both IPv6 addresses.
  • This step is the same as the corresponding step in the exemplary embodiment 1.
  • the phenomenon that the load balancing effect of the P1 node is improved in the present application is: when the B1 packet enters the EVPN instance from different ACs of the PE1, the corresponding B1c packet is finally obtained at the P1 node.
  • the export forwarding information is also different. This phenomenon is completely because PE1 adds the context entropy of the B1 message to the outer IP of the B1c message, and the context entropy is obtained by hashing the interface name of the ingress AC of the B1 message.
  • This module is the same as the module of the same name in the exemplary embodiment 2 except where explicitly stated.
  • the underlay network technology adopted by this module is IPv6 technology.
  • the module encapsulates the first packet into the second packet, and the encapsulation format is a Geneve encapsulation format, which is defined in the draft-ietf-nvo3-geneve; It defines how to convert a message from a VXLAN package to a Geneve package without changing the basic business effects. This partial conversion is a related technology. Whether to superimpose the functions unique to the Geneve package (relative to RFC7348) is a combination application of the Geneve technology and the present embodiment, and has nothing to do with the present exemplary embodiment itself. For the sake of simplicity, the present exemplary embodiment only considers the common capabilities of the Geneve package and the VXLAN package. The situation within the scope.
  • This module is the same as the module of the same name in the exemplary embodiment 2 except where explicitly stated.
  • the module uses the result of the hash calculation of the destination MAC of the first packet as the 8-bit entropy value of the first packet.
  • the module uses the source IP field of the first packet as the entropy IP, and the entropy IP is a bitwise logical difference between the entropy value and the lower 8 bits of the source IP input by the VPN infrastructure module. Or operate the resulting IP address.
  • This module is the same as the exemplary embodiment 2 except where specifically stated.
  • the position of the binary bit to be modified in the third packet determined by the module is the lower 8 bits of the source IP.
  • the module determines the modification of the binary bit of the location to restore it to its value prior to being modified by the entropy IP first plugin.
  • the restoring method is: first, recalculating the entropy value of the fourth packet carried by the IP header inner layer of the third packet by using an algorithm in the entropy IP first plug-in module, and then using The entropy value is subjected to a bitwise logical exclusive OR operation with the binary bits of the position.
  • the RFC7348 is based on VXLAN data packets for learning the remote MAC entries. If the source IP is not subjected to entropy processing, the remote MAC Entries will frequently drift between different ciphertexts of the same source IP because the VPN infrastructure module does not know that these ciphertexts are the same IP address, it is treated as a different IP address; for the same reason, different source IP addresses are Encrypted ciphertexts may happen to be the same, and they are treated as the same IP address by the VPN infrastructure module, which can be problematic. In this embodiment, the source IP is restored, which is undoubtedly a decryption process, and is also used to remove the inner layer packet (corresponding to the first packet or the fourth packet in the foregoing embodiment) included in the source IP. Entropy.
  • This module is the same as the module of the same name in the exemplary embodiment 2 except where specifically stated.
  • the module adopts an IPv4 routing and forwarding technology, and forwards IPv4 packets.
  • This module is the same as the module of the same name in the exemplary embodiment 2 except where specifically stated.
  • the source IP entropy mask and the destination IP entropy mask are both IPv4 address formats, and the source IP takes an entropy mask, and its hexadecimal value is 0x0FF.
  • the destination IP takes an entropy mask and has a value of 0.
  • This step is the same as the corresponding step in the exemplary embodiment 1, except where specifically stated.
  • each VPN router ID is located is configured with a 24-bit subnet mask.
  • Geneve needs to be deployed in the network and applied to the EVPN instance.
  • This step is the same as the corresponding step in the exemplary embodiment 1.
  • This module is the same as the module of the same name in the exemplary embodiment 2 except where specifically stated.
  • the encapsulation format used by the module to encapsulate the first packet into the second packet is a VXLAN GPE encapsulation format, and the format is defined in draft-ietf-nvo3-vxlan-gpe.
  • the draft defines how to convert messages from VXLAN encapsulation to VXLAN GPE encapsulation without changing the basic business effects. This part of the conversion belongs to the related technology.
  • Whether the function unique to the VXLAN GPE package is superimposed is a combination of the VXLAN GPE technology and the present exemplary embodiment, and is independent of the present exemplary embodiment.
  • the present exemplary embodiment only considers the VXLAN GPE package and the RFC7348 package. The situation within the scope of public competence.
  • This module is the same as the module of the same name in the exemplary embodiment 2 except where specifically stated.
  • the module uses the quintuple ⁇ source IP, destination IP, protocol type, source port number, destination port number> and the flow of the IPv6 header.
  • the 1abel field jointly performs the hash calculation as the 20-bit entropy value of the first message.
  • the module uses the destination IP field of the second packet as the entropy IP, and the entropy IP is a bitwise logical difference between the entropy value and the lower 20 bits of the destination IP input by the VPN infrastructure module. Or operation, the result is stored in the lower 20 bits of the destination IP address.
  • bitwise logical XOR operation is actually a simple encryption algorithm.
  • This module is the same as the exemplary embodiment 2 except where specifically stated.
  • the position of the binary bit to be modified in the third packet determined by the module is the lower 20 bits of the destination IP.
  • the module determines the modification of the binary bit of the location to restore it to its value prior to being modified by the entropy IP first plugin.
  • the restoring method is: first, recalculating the entropy value of the fourth packet carried by the IP header inner layer of the third packet by using an algorithm in the entropy IP first plug-in module, and then using The entropy value is subjected to a bitwise logical exclusive OR operation with the binary bits of the position, and the result is stored in the lower 20 bits of the destination IP of the third message.
  • This module is the same as the module of the same name in the exemplary embodiment 2.
  • This module is the same as the module of the same name in the exemplary embodiment 2 except where specifically stated.
  • the source IP entropy mask and the destination IP entropy mask are both IPv6 address formats, and the source IP takes an entropy mask, and its hexadecimal value is 0.
  • the destination IP takes an entropy mask, and its hexadecimal value is 0x0FFFFF.
  • This step is the same as the corresponding step in the exemplary embodiment 1, except where specifically stated.
  • each VPN router ID is configured with a 108-bit subnet mask.
  • VXLAN GPE needs to be deployed in the network and applied to the EVPN instance.
  • This step is the same as the corresponding step in the exemplary embodiment 2.
  • the specific method of implementing the VPN infrastructure module is as follows.
  • This module is the same as the module of the same name in the exemplary embodiment 2 except where specifically stated.
  • the module generates an IP address, which is called a VNI IP address, by using the VPN router ID and the VNI configured on the EVPN instance, and the VNI IP address is 104 as the high 104 of the VPN Router ID.
  • the VNI is the lower 24 bits; wherein the VNI is not equal to the lower 24 bits of the VPN Router ID.
  • the template encapsulates the first packet into the second packet with the NVGRE (Network Virtualization Using Generic Routing Encapsulation) format, which is defined in RFC7637, draft-ietf -bess-evpn-overlay defines how to convert a message from a VXLAN package to an NVGRE package without changing the basic business effects. This part of the conversion belongs to the related technology. Whether the function of the NVGRE package is superimposed (relative to RFC7348) belongs to the combination of the NVGRE technology and the present exemplary embodiment, and is independent of the present exemplary embodiment. For the sake of simplicity, the present exemplary embodiment only considers the common capability of the NVGRE package and the RFC7348 package. The situation within the scope.
  • NVGRE Network Virtualization Using Generic Routing Encapsulation
  • This module is the same as the module of the same name in the exemplary embodiment 2 except where specifically stated.
  • the module replaces the outermost destination IP address of the packet input by the VPN infrastructure module with the VNI IP, so that the lower 24 bits of the final outermost destination IP address include the EVPN instance.
  • the VNI is the context entropy value of the first packet, which is carried by the second packet.
  • This module is the same as the exemplary embodiment 2 except where specifically stated.
  • the module returns the message input by the VPN infrastructure module to the VPN infrastructure module intact.
  • the lower 24 bits of the destination IP although containing the context entropy value of the inner message, do not need to be cleared because the value is indeed the VXLAN through which the third message passes.
  • the IP address of an interface (specifically, an EVPN instance interface) on the source node of the tunnel (that is, the first PE) corresponds to an IP address, and the destination IP address is indeed IP reachable.
  • the IP address of the entropy value does not meet this condition.
  • This module is the same as the module of the same name in the exemplary embodiment 1, except where specifically stated.
  • the module uses IPv6 routing and forwarding technology to process IPv6 packets.
  • this module is not required for this node.
  • This step is the same as the corresponding step in the exemplary embodiment 2 except where specifically stated.
  • only the 104-bit subnet mask is configured on the loopback interface where each VPN router ID is located.
  • This step is the same as the corresponding step in the exemplary embodiment 2.
  • the specific method of implementing the VPN infrastructure module is as follows.
  • This module is the same as the module of the same name in the exemplary embodiment 5 except where specifically stated.
  • the EVPN instance of the module also corresponds to a virtual interface of the same name, which is called an EVPN instance interface.
  • the EVPN instance interface has all the functions of the related loopback interface. It is worth mentioning that this means that the IP address of the EVPN instance interface is added to the routing table as a local host route, and the IP address mask configured on the EVPN instance interface is added to the route as a local direct route prefix. In the table, and from the local host route and the route entry corresponding to the local direct route prefix, it is known that it is a route generated according to which interface (must be an EVPN instance interface).
  • the VNI configured on the EVPN instance of the module is only regarded as a value identifying the EVPN instance, and does not have the role of the VNI in the RFC 7348. Instead, the method described in the exemplary embodiment 5 is directly adopted.
  • the VNI IP is configured on the EVPN instance interface as the IP address of the corresponding EVPN instance interface.
  • each VXLAN tunnel in the present exemplary embodiment is dedicated to one service, and each service deploys one VXLAN tunnel for each remote node in the service; specifically, each of the exemplary embodiments
  • the source IP address of the VXLAN tunnel is the IP address of the EVPN instance interface corresponding to the EVPN instance to which the VXLAN tunnel belongs.
  • the destination IP address is the IP address of the EVPN instance interface corresponding to the EVPN instance to which the VXLAN tunnel belongs.
  • the module used to encapsulate the first packet into the second packet has the same UDP header and VXLAN header as the VXLAN package used in the exemplary embodiment 5, and thus has the same function as the End.DX2 type Function in SRv6. Format; this encapsulation format is referred to herein as a Type A extended SRv6 package, as shown in Figure 14, format B in Figure 15, where Figure 15 is the expansion of Figure 14, including source IP to Ethernet layer payload data. A detailed comparison of the fields between the fields and related fields in the VXLAN package.
  • the third packet when the third packet is received by the module, if the destination IP address of the third packet is a local direct route, and the route is generated by an EVPN instance interface, the third packet is considered to be a type A extension.
  • the SRv6 is encapsulated, and the third packet is forwarded in the EVPN instance corresponding to the EVPN instance interface.
  • each field in the format B in Fig. 15 has the same effect as the field of the same name in the format A in Fig. 15 unless otherwise specified.
  • This module is the same as the module of the same name in the exemplary embodiment 5 except where specifically stated.
  • the module maps the sub-interface VLAN information on the ingress AC to the 24-bit entropy value of the fourth packet by: the upper 12 bits of the entropy value are taken outside the configuration on the ingress AC. Layer ID, the lower 12 bits take the inner VLAN ID configured on the ingress AC. When the inner VLAN ID does not exist, the lower 12 bits take 0x3FF, and the outer VLAN ID does not exist. When the high 12 bits take 0x3FF.
  • the module uses the source IP field of the second packet as the entropy IP, and the entropy IP is obtained by replacing the lower 24 bits of the source IP that will be obtained by the RFC7348 process by using the 24-bit entropy value. IP address.
  • the module does not modify the destination IP field of the packet input by the VPN infrastructure module.
  • the field itself already contains the EVPN service information to which the packet belongs.
  • the DIP is automatically compared with the example embodiment 5. Has more entropy.
  • the module does not modify the upper 104 bits of the source IP field of the second packet. Therefore, the upper 104 bits of the destination IP learned by the MAC learning process are not different from the related technologies. The upper 104 bits can match the second packet to the destination PE node to the associated EVPN instance.
  • This module is the same as the exemplary embodiment 5 except where it is specifically described.
  • the module returns the message input by the VPN infrastructure module to the VPN infrastructure module intact.
  • the source IP address of the packet input by the VPN infrastructure module includes the VLAN ID information corresponding to an AC at the remote end, the information is used for performance statistics, so that the packets from different remote ACs can be obtained.
  • the text is counted on different counters, making performance statistics more accurate.
  • This module is the same as the module of the same name in the exemplary embodiment 5.
  • This module is the same as the module of the same name in the exemplary embodiment 5.
  • This step is the same as the corresponding step in the exemplary embodiment 1, except where specifically stated.
  • each EVPN instance corresponds to an EVPN instance interface, and the interface is configured with an IPv6 address and a 104-bit IPv6 address mask, and a 104-bit IPv6 route prefix generated by any two EVPN instance interfaces. None of them match.
  • the source IP address and destination IP address of each VXLAN tunnel are the IP addresses of an EVPN instance interface.
  • the requirements of the exemplary embodiment 5 must be met.
  • each EVPN instance has only one corresponding EVPN instance interface, and each EVPN instance interface has only one corresponding EVPN instance.
  • This step is the same as the corresponding step in the exemplary embodiment 5.
  • the VXLAN EVPN service is implemented by draft-ietf-bess-evpn-overlay ([EVPN overlay]), and the control plane module of the obtained VXLAN EVPN service is the control plane part of the VPN infrastructure module.
  • the forwarding plane module of the obtained VXLAN EVPN service is the forwarding plane part of the VPN infrastructure module.
  • the EVPN control plane module obtained by the above method includes the MP-BGP protocol L2VPN EVPN address family configuration, the configuration of the EVPN instance, the binding configuration of the AC and the EVPN instance, and the ESI related configuration.
  • the EVPN instance is identified by the VNI and the VNI is configured by the user.
  • VXLAN tunnel and its binding relationship with the EVPN instance are dynamically generated by the MP-BGP session according to the [EVPN Overlay] protocol.
  • the configuration requirements and functional requirements of the IP address of the VPN Router ID and the loopback interface and their subnet masks are the same as those in the first embodiment.
  • the underlay network is set to be an IPv4 network. Therefore, the source IP address and the destination IP address of the VXLAN tunnel are both IPv4 addresses.
  • This module is the same as that of the exemplary embodiment 3 except where it is specifically described.
  • the module performs hash calculation based on the source MAC address, the VLAN ID, the 802.1p priority, and the ethertype corresponding to the payload, to obtain the 5-bit eigen-entropy of the first packet. Value, then, the module performs hash calculation based on the interface name of the primary interface to which the ingress AC of the first packet belongs, and obtains a 5-bit context entropy value, and performs a bitwise logical exclusive OR operation with the prime number 29 Performing a bitwise logical exclusive OR operation to obtain a 5-bit integrated entropy value, and then performing a bitwise logical difference between the lower 5 bits of the destination IP of the second packet input by the VPN infrastructure module and the integrated entropy value Or operation, the result is stored in the former.
  • This module is the same as that of the exemplary embodiment 3 except where it is specifically described.
  • the position of the binary bit that needs to be cleared before the processing related to the IP address in the third message determined by the module is the lower 5 bits of the destination IP.
  • This module is the same as the module of the same name in the exemplary embodiment 3.
  • This module is the same as the module of the same name in the exemplary embodiment 3 except where specifically stated.
  • the source IP entropy mask and the destination IP entropy mask are both IPv6 address formats, and the source IP takes an entropy mask, and the hexadecimal value thereof is 0.
  • the destination IP takes an entropy mask, and its hexadecimal value is 0x01F.
  • the network and service deployment process includes the following six steps.
  • the first step is the same as the corresponding step in the exemplary embodiment 1, except that the underlay network is IPv4.
  • the second step is the same as the corresponding step in the exemplary embodiment 1, except that the loopback interface where the VPN Router ID is located is configured with a 27-bit subnet mask.
  • the VXLAN EVPN network shown in Figure 1 is established.
  • the configuration of the Multi-Protocol Border Gateway Protocol (MP-BGP) session is configured between the PE1, the PE2, and the PE3, and the related configuration of the L2VPN EVPN address family is enabled.
  • MP-BGP Multi-Protocol Border Gateway Protocol
  • EVPN RT-3 routing can dynamically generate all VXLAN tunnels required by the service.
  • the VXLAN tunnel generated by the RT-3 route can be adjusted to meet the following rules by simply adjusting the BGP configuration: only one bidirectional VXLAN tunnel is generated between any two PE nodes; any bidirectional VXLAN tunnel Both ends of the tunnel use the VPN router ID of the node as the source IP address of the VXLAN tunnel, and the tunnel source IP address of one end of the same bidirectional VXLAN tunnel is exactly the tunnel destination IP address of the other end. The IP is exactly the tunnel source IP at the other end.
  • the RT-3 route can also generate all the binding relationships between all the VXLAN tunnels and the EVPN instance; these are all related technologies, and those skilled in the art should be able to understand the specific methods involved.
  • a VXLAN EVPN service is established as shown in Figure 1, and the same VNI is assigned to the VXLAN EVPN service at each PE node.
  • the six interfaces, such as AC1, AC2, AC3, AC4, AC5, and AC6, are bound to the VXLAN EVPN service as access circuits.
  • the MP-BGP session starts to exchange the RT-3 route according to the signaling process defined by [EVPN Overlay], so that the VXLAN tunnel between the nodes is established and bound to the VXLAN EVPN service.
  • the access side loop is eliminated.
  • the physical interface that CE1 accesses to PE1 and PE2 is mapped to the same ESI (referred to as ESI1) and ESI1 related configuration, thereby triggering the MP-BGP session to perform DF negotiation according to the RT-4 route described in [EVPN Overlay]. And RT-1 routing is released.
  • the physical interface that CE2 accesses to PE1 and PE2 is also mapped to the same ESI (denoted as ESI2) and the ESI2-related configuration.
  • the present example embodiment assumes that the result of the DF negotiation is that AC1 and AC5 are interfaces of the non-DF roles of ESI1 and ESI2, respectively, in the service. Since the PE node of the present exemplary embodiment implements the [EVPN Overlay] protocol, after configuring the ESI related configuration and completing the relevant signaling process, the two ESI related loops are also released.
  • the VXLAN EVPN service is established, and the data packet can be used to verify the forwarding behavior and effect on the PE node and the non-service aware node defined in the exemplary embodiment.
  • the EVPN topology shown in Figure 2 is used as an example.
  • the end-to-end packet forwarding process includes the following three steps.
  • the first step is the same as that of the exemplary embodiment 1, except that the forwarding plane flow is executed by [EVPN Overlay].
  • the second step is the same as that of the exemplary embodiment 1, except that the forwarding plane flow is executed by [EVPN Overlay].
  • the third step is the same as that of the exemplary embodiment 1, except that the forwarding plane flow is executed by [EVPN Overlay].
  • This module is the same as the exemplary embodiment 7, except where specifically stated.
  • the module sets the underlay network to be an IPv6 network.
  • the source IP address and destination IP address of the VXLAN tunnel dynamically generated by this module are IPv6 addresses.
  • This module is the same as the exemplary embodiment 4 except where specifically stated.
  • the module performs a hash calculation based on the ESI (10 bytes) corresponding to the primary interface to which the ingress AC of the first packet belongs, as the entropy value of the first packet.
  • the module uses the source IP field of the second packet as the entropy IP, and the lower 32 bits of the source IP perform a bitwise logical exclusive OR operation with the entropy value, and the obtained result is stored in the former.
  • This module is the same as the exemplary embodiment 4 except where specifically stated.
  • the position of the binary bit that needs to be cleared before the processing related to the IP address in the third message determined by the module is the lower 32 bits of the source IP.
  • This module is the same as the module of the same name in the exemplary embodiment 5.
  • This module is the same as the module of the same name in the exemplary embodiment 5.
  • the source IP of the third packet is the first PE.
  • the IP address of a loopback interface, and the loopback interface is configured with a 96-bit mask. Therefore, regardless of the value of the ciphertext part of the source IP, it is a reachable IP address, therefore, It cannot be de-entropy-processed, and it does not affect forwarding.
  • This step is the same as the corresponding step in the exemplary embodiment 7, except where specifically stated.
  • the underlay network of the example is an IPv6 network
  • the loopback interface of each VPN router ID is configured with a 96-bit subnet mask
  • the source IP address and the destination IP address of the VXLAN tunnel are both IPv6 addresses.
  • This step is the same as the corresponding step in the exemplary embodiment 7.
  • the VXLAN EVPN service is implemented by [EVPN overlay] and draft-ietf-bess-evpn-prefix-advertisement ([EVPN prefix]), and the control plane module of the obtained VXLAN EVPN service is the control plane part of the VPN infrastructure module.
  • the forwarding plane module of the obtained VXLAN EVPN service is the forwarding plane part of the VPN infrastructure module.
  • the EVPN control plane module obtained by the above method includes the configuration of the BGP L2VPN EVPN address family, the configuration of the IP-VRF instance, and the binding configuration of the AC and the IP-VRF instance.
  • the VRF instance is identified by the VNI and the VNI is from the user configuration.
  • the VXLAN tunnel uses the VPN Router ID of the node as the source IP at the source node and the VPN Router ID of the destination node as the destination IP address.
  • the VPN Router ID is an IP address of a loopback interface. For the sake of simplicity, without loss of generality, this module sets a node with only one VPN Router ID.
  • this module only needs to implement the function corresponding to the interface-less model of IP-VRF to IP-VRF, therefore, in this module
  • the AC interface of the IP-VRF is still a normal sub-interface, and does not include the IRB interface described in [EVPN prefix].
  • the control plane part of the module obtained by the above method does not need to statically configure the VXLAN tunnel, and the RT-5 route can dynamically generate all the required VXLAN tunnels.
  • the VXLAN tunnel generated by RT-5 routing can be adjusted by the following rules: Only one bidirectional VXLAN tunnel is generated between any two PE nodes; any bidirectional VXLAN tunnel Both ends of the tunnel use the VPN router ID of the node as the source IP address of the VXLAN tunnel, and the tunnel source IP address of one end of the same bidirectional VXLAN tunnel is exactly the tunnel destination IP address of the other end. The IP is exactly the tunnel source IP at the other end.
  • the RT-5 route can also generate all the binding relationships between all the VXLAN tunnels and the EVPN instance; these are all related technologies, and those skilled in the art should be able to understand the specific methods involved.
  • this module needs to implement a plug-in mechanism.
  • the module forwards according to the [EVPN prefix] process, the IP encapsulation from the first packet to the second packet is completed, and the plug-in is invoked in the IP encapsulation.
  • the source IP and destination IP are modified.
  • the plugin can be a function call, a callback function, a polymorphic function, or a standalone plugin.
  • this module has the same forwarding process as the forwarding module corresponding to [EVPN prefix].
  • the IP address of the VPN Router ID must be a loopback interface address, and the loopback interface address is configured with a 96-bit mask, so a 96-bit route is formed, and a 96-bit route prefix is issued in the underlay network;
  • the node receives a packet whose destination IP matches the 96-bit route, it considers that the packet is the same as the packet whose destination IP is the loopback interface.
  • the underlay network is set to be an IPv6 network. Therefore, the source IP address and the destination IP address of the VXLAN tunnel are both IPv6 addresses.
  • This module is the same as the exemplary embodiment 8 except where it is specifically described.
  • the module uses the hash value obtained by hashing based on the IP quintuple field of the first message and the ToS field in the Ipv4 header as the final 32-bit entropy value.
  • the module returns the message input by the VPN infrastructure module to the VPN infrastructure module intact.
  • This module is the same as the module of the same name in the exemplary embodiment 5.
  • This module is the same as the module of the same name in the exemplary embodiment 5.
  • the network and service deployment process includes the following six steps.
  • the first step is the same as that of the exemplary embodiment 7, except that the underlay network type selected in the present exemplary embodiment is an IPv6 network.
  • the second step is the same as the example embodiment 7, except that the subnet mask of the loopback interface where the VPN Router ID is located is a 96-bit subnet mask.
  • the third step is the same as in the exemplary embodiment 7, except that the route that generates the VXLAN tunnel and binds the generated VXLAN tunnel to the EVPN instance is an RT-5 route instead of an RT-3 route.
  • a VXLAN L3 EVPN service is established as shown in Figure 1, and the same VNI is assigned to the VXLAN L3 EVPN service at each PE node.
  • the three interfaces, AC1, AC2, and AC3, are bound to the VXLAN L3 EVPN service as access circuits.
  • the MP-BGP session starts to exchange the RT-5 route according to the signaling process defined by [EVPN Prefix], so that the VXLAN tunnel between the nodes is established and bound to the VXLAN L3 EVPN service.
  • Step 5 Configure the IP address of the AC interface. Configure an IP address for each AC. This IP address is in the same subnet as the IP address of the corresponding CE and is different from the IP address of the corresponding CE. For the sake of simplicity, the example embodiment sets each CE as an IPv4 host. Therefore, the EVPN prefix in the RT-5 route advertised by the MP-BGP session is an IPv4 prefix, but the source of the VXLAN tunnel generated by the RT-5 route. Both the IP and destination IP addresses are IPv6 addresses.
  • the VXLAN L3 EVPN service is established, and the data packet can be used to verify the forwarding behavior and effect on the PE node and the non-service aware node defined in the exemplary embodiment.
  • the EVPN topology shown in Figure 3 is used as an example.
  • the end-to-end packet forwarding process includes the following three steps.
  • the PE node In the first step, when the PE1 node receives an IPv4 packet B1 from the local AC1, the PE node forwards the B1 packet according to the forwarding process defined by the [EVPN prefix] without loss of generality, assuming that the packet is based on the B1 packet.
  • the destination IP address should be forwarded to PE3.
  • B1 is packaged as B1c and forwarded to PE3.
  • the second step is the same as the corresponding step in the exemplary embodiment 1, except that B1 is an IPv4 message and the feature field is an IPv4 quintuple of the B1 message.
  • the third step is the same as that of the exemplary embodiment 1, except that the forwarding plane flow is executed by [EVPN prefix].
  • This module is the same as the example embodiment 6 except where it is specifically described.
  • the encapsulation format used by the module is compared with the encapsulation format used by the module, and the SRH header is added.
  • the position of the SRH header is shown in the format C in FIG. 17, and the format B in the figure is used in the exemplary embodiment 6. format.
  • the SRH header is a segmentation routing header defined by the IETF in the draft-ietf-6man-segment-routing-header ([SRH]), and the format of the SRH header is defined in [SRH], including the Flags field and the Segment. List field.
  • This module is the same as the example embodiment 6 except where it is specifically described.
  • the module directly uses the ESI (10 bytes) corresponding to the primary interface to which the entry AC of the first packet belongs, as the lower 10 bytes of the 16-byte entropy value, and the first report.
  • the 6-byte hash value generated by the source MAC address, destination MAC address, Ehertype, and VLAN ID is the upper 6 bytes of the 16-byte entropy value.
  • the encapsulation format used by the module is compared with the encapsulation format used by the module, and the SRH header is added.
  • the position of the SRH header is shown in the format C in FIG. 17, and the format B in the figure is used in the exemplary embodiment 6. format.
  • the SRH header is a segmentation routing header defined by the IETF in the draft-ietf-6man-segment-routing-header ([SRH]), and the format of the SRH header is defined in [SRH], including flags (Flags). Field and Segment List fields.
  • the value of the Flags field in the SRH added by the module satisfies the following condition: the result of the bitwise logical AND operation with the predetermined constant TBD1 is not 0, where TBD1 is defined by the IETF, and the possible value of TBD1 is 1. 2, 4 and 128, etc.
  • the Segment List field is an IPv6 address array.
  • the array in the SRH header added by this module has only one element, that is, Segment List[0].
  • the value of the Segment List[0] in the SRH header added by this module is The entropy value.
  • the module reads the entropy value from the Segment List[0] field of the SRH header of the third message, and strips the SRH header, and copies the value of the next header field in the SRH header to In the IPv6 header, another packet is obtained and returned to the VPN infrastructure module for processing.
  • the lower 10 bytes of the entropy value is the entry AC of the fourth packet carried by the third packet.
  • the corresponding ESI can be used for packet statistics, and the statistics of the packets from different remote ESIs are recorded in different counters, thereby improving the accuracy of packet statistics.
  • the destination IP of the third packet is actually a local segment identifier (SID) on the PE node configuring the destination IP, and the local SID concept is draft-filsfils- The local SID concept described in section 4 of spring-srv6-network-programming-01([srv6-program]).
  • This module actually defines a new type of SRv6 Function corresponding to the local SID, which is the SRv6 Fucntion concept described in [srv6-program] Section 4.
  • the new SRv6 Function indicates that the Segment List[0] field in the SRH header is different from the destination IP, and the Segment List[0] field is an IP address that is not routable in the underlay network, and cannot be like other SRv6 Functions.
  • the destination IP field of the third packet is covered by a Segment List[0] field.
  • the present example may be used in conjunction with the SR-Policy function of the SRv6. In this case, according to the packet encapsulation specification of the SR-Policy, the destination IP of the third packet is not the destination PE node at the beginning (ie, the module).
  • the local SID on the execution entity, but the destination IP of the third packet is modified in the SRv6 forwarding process through each non-service aware node or destination PE node, and finally the destination PE node The point becomes the local SID, and the third message is processed according to the rules of the new SRv6 Fuction.
  • This module is the same as the module of the same name in the exemplary embodiment 2 except where specifically stated.
  • the module in the process of forwarding the IP packet whose destination IP is not the local interface IP, the module calls the SRH header if the IPv6 header is included in the load balancing path selection.
  • the entropy IP third plug-in module obtains the entropy value, and performs load balancing with source IP, destination IP, and the entropy value.
  • the IP quintuple is still used for load balancing.
  • the SRH header is considered to contain an entropy value, and the entropy value is from the SRH header. Read, no set to consider the entropy value is 0.
  • the method for reading the entropy value corresponding to the VPN infrastructure module in the exemplary embodiment is: reading a value of a Segment List[0] in the SRH header as the entropy value.
  • This step is the same as the corresponding step in the exemplary embodiment 6, except where specifically stated.
  • the subnet mask of the first EVPN instance interface configuration is 128 bits.
  • This step is the same as the corresponding step in the exemplary embodiment 6.
  • the VXLAN encapsulated EVPN VPWS service is implemented according to RFC8214 and [EVPN overlay], and the control plane module of the obtained EVPN VPWS service is the control plane part of the VPN infrastructure module.
  • the [EVPN overlay] mainly provides guidance for the format of the packet, and the service processing procedure complies with RFC8214.
  • VXLAN encapsulated EVPN VPWS service is implemented according to RFC8214 and [EVPN overlay], and the forwarding plane module of the obtained EVPN VPWS service is the forwarding surface part of the VPN infrastructure module.
  • the EVPN VPWS control plane module obtained by the above method includes the configuration of the BGP L2VPN EVPN address family, the configuration of the EVI instance corresponding to the EVPN VPWS, and the configuration of each VPWS service instance in the EVI instance.
  • the VPN Router ID is an IP address of a loopback interface. For the sake of simplicity, without loss of generality, this module sets a node with only one VPN Router ID.
  • the control plane part of the module obtained by the above method also establishes a forwarding entry of each VPWS service instance in each of the EVI instances with the participation of BGP routes.
  • the RT-1 route can dynamically generate all required VXLAN tunnels.
  • the VXLAN tunnel generated by RT-1 routing can be adjusted by the following rules: Only one bidirectional VXLAN tunnel is generated between any two PE nodes; any bidirectional VXLAN tunnel Both ends of the tunnel use the VPN router ID of the node as the source IP address of the VXLAN tunnel, and the tunnel source IP address of one end of the same bidirectional VXLAN tunnel is exactly the tunnel destination IP address of the other end. The IP is exactly the tunnel source IP at the other end.
  • the RT-1 route can also generate all the binding relationships between all the VXLAN tunnels and the EVI instance; these are all related technologies, and those skilled in the art should be able to understand the specific method.
  • the first packet is only used to determine the local AC that receives the packet, and after determining the local AC, the first packet The fields in the text are no longer applied to the selection of message forwarding information.
  • the module needs to implement a plug-in mechanism, and set the entropy IP first after the IP encapsulation of the first packet to the second packet is completed when the module forwards according to the EVPN VPWS service forwarding process.
  • the plug-in modifies the source IP and the destination IP in the IP encapsulation, and, when receiving the third packet and processing the third packet, invokes the entropy IP second plug-in to source IP and destination in the IP encapsulation IP is modified.
  • the plugin can be a function call, a callback function, a polymorphic function, or a standalone plugin.
  • this module has the same forwarding process as the corresponding forwarding module in RFC8214 and [EVPN overlay].
  • the IP address of the VPN Router ID must be a loopback interface address, and the loopback interface address is configured with a 96-bit mask, so a 96-bit route is formed, and a 96-bit route prefix is issued in the underlay network;
  • the node receives a packet whose destination IP matches the 96-bit route, it considers that the packet is the same as the packet whose destination IP is the loopback interface.
  • the underlay network is set to be an IPv6 network. Therefore, the source IP address and the destination IP address of the VXLAN tunnel are both IPv6 addresses.
  • This module is the same as the exemplary embodiment 10 except where specifically stated.
  • the module is based on the lower 16 bits of the Local Discriminator value field in the Type 4 or Category 5 ESI corresponding to the primary interface to which the entry AC of the first message belongs.
  • the lower 16 bits of the entropy value use the lower 16 bits of the source MAC of the first message as the upper 16 bits of the entropy value.
  • the module does not insert the SRH header at the position where the third message is inserted into the SRH header, but inserts a new IPv6 routing option header, which is called an entropy route header. , ERH) header, and, in order to quickly eliminate the case of the IPv6 option header without entropy, reduce the processing burden on the IPv6 option header of the non-service-aware node, define a predetermined constant TBD2, when the next header in the IPv6 header When the value of the field is the predetermined regular TBD2, it indicates that the next header is a routing header, and the routing header may contain an entropy value.
  • the value of the TBD2 is determined by the IETF.
  • the router type (Route-type) field of the ERH header takes a value of a predetermined constant TBD3, and the value of the TBD3 is determined by an IETF.
  • the Reserved2 field in the ERH header takes a value of 0xFF, Reserved3, Reserved4, and Reserved5 fields.
  • the value of the Next Header and the Header Extension Length (Hdr Ext Len) field is filled in according to the field definition of the routing header in RFC2460.
  • the access circuit (AC) of the EVPN VPWS service is not limited to the Ethernet type interface.
  • the access circuit (AC) is a Frame Relay (FR) data link connection identifier (Data)
  • the access circuit (AC) is an Asynchronous Transfer Mode (ATM)
  • ATM Asynchronous Transfer Mode
  • VPI Virtual Path Identifier
  • VCI Virtual Channel Identifier
  • the DLCI, VPI, or VCI may also be used to calculate an eigen-entropy value of the first packet when the access channel is identified by the Virtual Channel Identifier (VCI).
  • How to configure such an EVPN VPWS service is not an innovation of the present application. Therefore, it is not exemplified in this specification. It should be clear to those skilled in the art how to extend the use of entropy values to non-Ether types according to the present exemplary embodiment. EVPN VPWS business.
  • This module is the same as the module of the same name in the exemplary embodiment 2 except where specifically stated.
  • the module performs the load balancing path selection if the value of the next header field in the IPv6 header is Referring to TBD2, the first IPv6 option header is considered to be a routing header, and may include an entropy value, so the entropy IP third plugin is called to obtain the inner entropy value, if the value of the next header field in the IPv6 header is Instead of the TBD2, the Entropy IP third plug-in module is not called to obtain the entropy value.
  • the load balancing is performed by the source IP, the destination IP, and the entropy value in the module, and if the entropy value is not obtained according to the above method, Load balancing with IP quintuple.
  • the value of the Route-type field in the first routing header of the third packet is equal to the predetermined constant TBD3, it indicates that it is an ERH header, and the value of the Entropy Value field is the entropy value. If the value of the Route-type field in the first routing header of the third packet is not equal to the predetermined constant TBD3, the inner entropy value of the third packet is considered to be zero.
  • the network and service deployment process includes the following six steps.
  • the first step is the same as that of the exemplary embodiment 7, except that the underlay network type selected in the present exemplary embodiment is an IPv6 network.
  • the second step is the same as the example embodiment 7, except that the subnet mask of the loopback interface where the VPN router ID is located is a 128-bit subnet mask.
  • the third step is the same as in the exemplary embodiment 7, except that the route that generates the VXLAN tunnel and binds the generated VXLAN tunnel to the EVPN instance is an RT-1 route instead of an RT-3 route.
  • an EVPN VPWS service is established as shown in FIG. 4, and the same VNI is specified for the EVPN VPWS service at each PE node.
  • the three interfaces, AC1, AC2, and AC3, are bound to the EVPN VPWS service as access circuits.
  • the MP-BGP session starts to interact with the RT-1 route according to the signaling procedure defined in RFC8214, so that the VXLAN tunnel between the nodes is established and bound to the EVPN VPWS service.
  • the fifth step is to configure ESI.
  • the EVPN VPWS service is established, and the data packet can be used to verify the forwarding behavior and effect on the PE node and the non-service aware node defined in the exemplary embodiment.
  • the end-to-end packet forwarding process includes the following three steps.
  • the PE node In the first step, when the PE1 node receives an IPv4 packet B1 from the local AC1, the PE node forwards the B1 packet according to the forwarding procedure defined in RFC8214, without loss of generality, assuming that the packet is based on the B1 packet.
  • the EVPN instance should forward it to PE3.
  • PE1 then encapsulates B1 as B1c and forwards it to PE3.
  • the second step is the same as the corresponding step in the exemplary embodiment 1, except that B1 is an Ethernet message and the feature field is the source MAC of the B1 message.
  • the third step is the same as in the exemplary embodiment 1, except that the forwarding plane flow is performed in accordance with RFC 8124.
  • This module is the same as the exemplary embodiment 8 except where it is specifically described.
  • each ESI in the module has a corresponding interface with the same name, called an ESI interface, and the IP address of the interface has the full function of the loopback interface address.
  • This module is the same as the exemplary embodiment 8 except where it is specifically described.
  • the module directly adopts the whole ESI IP corresponding to the primary interface to which the ingress AC of the first packet belongs, as a 128-bit entropy value.
  • the ESI IP is an IP address configured on an ESI interface corresponding to the ESI corresponding to the primary interface to which the ingress AC belongs;
  • the module fills in the ESI IP as the entropy value using all 128 bits of the source IP.
  • the module directly returns the third message to the VPN infrastructure module for processing.
  • the entropy value of the source IP bearer of the third packet is a complete body of the ESI IP corresponding to the primary interface to which the local AC of the fourth packet belongs, and the ESI IP is in the underlay.
  • the network is reachable. Therefore, although it has the full effect of entropy, it also has the complete function of an IP address. Therefore, there is no need to regard ESI IP as zero here.
  • the general entropy value often has pseudo-randomness and does not have a complete IP address. Therefore, it is better for non-traffic-aware nodes to treat such pseudo-random entropy values as zero.
  • This module is the same as the module of the same name in the exemplary embodiment 5.
  • This module is the same as the module of the same name in the exemplary embodiment 5.
  • This step is the same as the corresponding step in the exemplary embodiment 8, except where specifically stated.
  • each VPN router ID in this example embodiment is configured with a 128-bit subnet mask.
  • This step is the same as the corresponding step in the exemplary embodiment 8.
  • modules or steps of the present application described above can be implemented in a general-purpose computing device that can be centralized on a single computing device or distributed across a network of multiple computing devices. They may be implemented in program code executable by a computing device, such that they may be stored in a storage device for execution by a computing device, and in some instances, illustrated or described in a different order than those illustrated herein.
  • the steps are either made into individual integrated circuit modules, or a plurality of modules or steps are made into a single integrated circuit module.
  • the application is not limited to any particular combination of hardware and software.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

La présente invention concerne un procédé et un appareil pour envoyer un paquet, un procédé et un appareil pour traiter un paquet, un nœud PE et un nœud. Le procédé d'envoi d'un paquet comprend les étapes consistant à : recevoir un premier paquet provenant d'un circuit d'accès (AC) ; traiter le premier paquet pour obtenir au moins un second paquet, le second paquet comprenant une première adresse de protocole Internet (IP), la première adresse IP étant une adresse IP obtenue après qu'une seconde adresse IP a été modifiée en utilisant une valeur d'entropie prédéfinie, la valeur d'entropie prédéfinie étant utilisée pour identifier l'entropie du premier paquet ; et envoyer le second paquet.
PCT/CN2018/118580 2017-11-30 2018-11-30 Procédé et appareil d'envoi de paquet, procédé et appareil de traitement de paquet, nœud pe et nœud Ceased WO2019105462A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201711243807.8A CN109861924B (zh) 2017-11-30 2017-11-30 报文的发送、处理方法及装置,pe节点,节点
CN201711243807.8 2017-11-30

Publications (1)

Publication Number Publication Date
WO2019105462A1 true WO2019105462A1 (fr) 2019-06-06

Family

ID=66665419

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/118580 Ceased WO2019105462A1 (fr) 2017-11-30 2018-11-30 Procédé et appareil d'envoi de paquet, procédé et appareil de traitement de paquet, nœud pe et nœud

Country Status (2)

Country Link
CN (1) CN109861924B (fr)
WO (1) WO2019105462A1 (fr)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112260949A (zh) * 2020-10-16 2021-01-22 盛科网络(苏州)有限公司 基于srv6协议的evpn本地优先转发方法和装置
CN113132202A (zh) * 2019-12-31 2021-07-16 华为技术有限公司 一种报文传输方法及相关设备
CN113472650A (zh) * 2020-03-31 2021-10-01 华为技术有限公司 报文处理方法、设备、系统及存储介质
CN113472647A (zh) * 2021-06-11 2021-10-01 新华三信息安全技术有限公司 一种报文转发方法及装置
US20210385163A1 (en) * 2019-02-27 2021-12-09 Huawei Technologies Co., Ltd. Packet processing method, packet forwarding apparatus, and packet processing apparatus
CN114374582A (zh) * 2021-12-22 2022-04-19 新华三技术有限公司合肥分公司 通信方法及装置
CN116233279A (zh) * 2020-06-05 2023-06-06 华为技术有限公司 一种报文处理方法、设备及系统
CN116366395A (zh) * 2021-12-28 2023-06-30 中国移动通信有限公司研究院 一种报文传输的方法及装置
CN117596049A (zh) * 2023-11-28 2024-02-23 肇庆学院 一种DDoS攻击检测方法及装置
CN117792709A (zh) * 2023-12-13 2024-03-29 天翼云科技有限公司 一种支持物理网络和虚拟网络互通的负载均衡方法和装置

Families Citing this family (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021021169A1 (fr) 2019-07-31 2021-02-04 Huawei Technologies Co., Ltd Transport d'un mtnc-id sur un plan de données activé par srv6 pour un transport 5g
EP3994848B1 (fr) * 2019-07-31 2026-01-28 Huawei Technologies Co., Ltd. Transport de mtnc-id sur un en-tête de srv6 pour le transport 5g
CN112350934A (zh) * 2019-08-07 2021-02-09 中国电信股份有限公司 数据传输方法、网络节点和数据传输系统
CN114844828A (zh) 2019-10-31 2022-08-02 华为技术有限公司 发送报文的方法、装置及系统
CN112787931B (zh) * 2019-11-06 2022-09-23 华为技术有限公司 报文传输方法、代理节点及存储介质
CN111683073A (zh) * 2020-05-29 2020-09-18 烽火通信科技股份有限公司 一种基于mac的三层应用的通信方法及系统
CN113839873B (zh) * 2020-06-24 2024-10-29 南京中兴新软件有限责任公司 信息处理方法、节点及存储介质
WO2022001287A1 (fr) * 2020-07-03 2022-01-06 华为技术有限公司 Procédé et dispositif de traitement de message
CN112153753B (zh) * 2020-09-24 2022-09-16 维沃移动通信有限公司 网络连接方法及装置
CN112235199B (zh) * 2020-10-14 2022-04-22 苏州盛科通信股份有限公司 基于srv6协议的evpn水平分割方法和装置
CN112019328B (zh) * 2020-10-31 2021-01-26 北京华云安信息技术有限公司 Ip地址的加密方法、装置、设备和存储介质
CN112422436B (zh) * 2020-11-18 2022-04-01 苏州盛科通信股份有限公司 基于mpls的evpn bum报文本地优先转发方法和系统
CN112769632A (zh) * 2020-11-30 2021-05-07 锐捷网络股份有限公司 一种数据中心网络故障检测的方法和系统
CN115842764A (zh) 2021-08-25 2023-03-24 中兴通讯股份有限公司 Rt-5g路由报文的发布方法、装置、存储介质和电子装置
CN120200961A (zh) * 2025-04-30 2025-06-24 新华三技术有限公司 数据传输方法、系统及电子设备

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110016309A1 (en) * 2009-07-17 2011-01-20 Hitachi, Ltd. Cryptographic communication system and gateway device
CN106027356A (zh) * 2016-07-04 2016-10-12 杭州迪普科技有限公司 一种隧道标识的转换方法及装置
CN106797335A (zh) * 2016-11-29 2017-05-31 深圳前海达闼云端智能科技有限公司 数据传输方法、数据传输装置、电子设备和计算机程序产品
CN106879073A (zh) * 2017-03-17 2017-06-20 北京邮电大学 一种面向业务实体网络的网络资源分配方法及装置
CN107210929A (zh) * 2015-01-21 2017-09-26 华为技术有限公司 互联网协议安全隧道的负载均衡

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7849146B2 (en) * 2008-02-21 2010-12-07 Yahoo! Inc. Identifying IP addresses for spammers
US8711703B2 (en) * 2010-10-29 2014-04-29 Telefonaktiebolaget L M Ericsson (Publ) Load balancing in shortest-path-bridging networks
CN106549871B (zh) * 2015-09-22 2020-09-08 华为技术有限公司 一种报文处理的方法、设备和系统

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110016309A1 (en) * 2009-07-17 2011-01-20 Hitachi, Ltd. Cryptographic communication system and gateway device
CN107210929A (zh) * 2015-01-21 2017-09-26 华为技术有限公司 互联网协议安全隧道的负载均衡
CN106027356A (zh) * 2016-07-04 2016-10-12 杭州迪普科技有限公司 一种隧道标识的转换方法及装置
CN106797335A (zh) * 2016-11-29 2017-05-31 深圳前海达闼云端智能科技有限公司 数据传输方法、数据传输装置、电子设备和计算机程序产品
CN106879073A (zh) * 2017-03-17 2017-06-20 北京邮电大学 一种面向业务实体网络的网络资源分配方法及装置

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11683272B2 (en) * 2019-02-27 2023-06-20 Huawei Technologies Co., Ltd. Packet processing method, packet forwarding apparatus, and packet processing apparatus
US20210385163A1 (en) * 2019-02-27 2021-12-09 Huawei Technologies Co., Ltd. Packet processing method, packet forwarding apparatus, and packet processing apparatus
CN113132202A (zh) * 2019-12-31 2021-07-16 华为技术有限公司 一种报文传输方法及相关设备
CN113132202B (zh) * 2019-12-31 2023-12-08 华为技术有限公司 一种报文传输方法及相关设备
CN113472650A (zh) * 2020-03-31 2021-10-01 华为技术有限公司 报文处理方法、设备、系统及存储介质
CN116233279A (zh) * 2020-06-05 2023-06-06 华为技术有限公司 一种报文处理方法、设备及系统
CN112260949A (zh) * 2020-10-16 2021-01-22 盛科网络(苏州)有限公司 基于srv6协议的evpn本地优先转发方法和装置
CN112260949B (zh) * 2020-10-16 2022-09-23 苏州盛科通信股份有限公司 基于srv6协议的evpn本地优先转发方法和装置
CN113472647A (zh) * 2021-06-11 2021-10-01 新华三信息安全技术有限公司 一种报文转发方法及装置
CN114374582A (zh) * 2021-12-22 2022-04-19 新华三技术有限公司合肥分公司 通信方法及装置
CN114374582B (zh) * 2021-12-22 2024-04-12 新华三技术有限公司合肥分公司 通信方法及装置
CN116366395A (zh) * 2021-12-28 2023-06-30 中国移动通信有限公司研究院 一种报文传输的方法及装置
CN117596049A (zh) * 2023-11-28 2024-02-23 肇庆学院 一种DDoS攻击检测方法及装置
CN117596049B (zh) * 2023-11-28 2024-04-12 肇庆学院 一种DDoS攻击检测方法及装置
CN117792709A (zh) * 2023-12-13 2024-03-29 天翼云科技有限公司 一种支持物理网络和虚拟网络互通的负载均衡方法和装置

Also Published As

Publication number Publication date
CN109861924A (zh) 2019-06-07
CN109861924B (zh) 2022-06-21

Similar Documents

Publication Publication Date Title
WO2019105462A1 (fr) Procédé et appareil d'envoi de paquet, procédé et appareil de traitement de paquet, nœud pe et nœud
US11888651B2 (en) Virtual private network VPN service optimization method and device
USRE50105E1 (en) Overlay management protocol for secure routing based on an overlay network
EP3720066B1 (fr) Procédé et appareil d'envoi et de traitement de paquets, noeud pe et noeud
US11159421B2 (en) Routing table selection in a policy based routing system
US9264361B2 (en) System and method for implementing multiple label distribution protocol (LDP) instances in a network node
EP3896923A1 (fr) Procédé et appareil d'envoi de paquets bier
CN109076018B (zh) 利用is-is协议实现分段路由网络中网元的方法和设备
RU2704714C1 (ru) Технологии для предоставления максимальной глубины идентификатора сегмента узла и/или линии связи, использующие ospf
CN109218178A (zh) 一种报文处理方法及网络设备
CN112468398B (zh) 一种vpn的处理方法和pe设备以及系统
CN114598635A (zh) 报文传输的方法和装置
WO2024016869A1 (fr) Procédé et appareil de configuration de multidiffusion
CN114205297B (zh) 流量转发处理方法及设备
WO2022053007A1 (fr) Procédé et appareil de vérification d'accessibilité de réseau, et support de stockage informatique
US12381718B2 (en) Secure EVPN with MKA over BGP
Li et al. Carrier Solution Design and Deployment: HoVPN
WO2025260800A1 (fr) Procédé de transmission de routage de multidiffusion, nœud de routage et dispositif de routage

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18884572

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 30/09/2020)

122 Ep: pct application non-entry in european phase

Ref document number: 18884572

Country of ref document: EP

Kind code of ref document: A1