WO2015070667A1 - Method for issuing route information, and method and apparatus for transmitting packet - Google Patents

Method for issuing route information, and method and apparatus for transmitting packet Download PDF

Info

Publication number
WO2015070667A1
WO2015070667A1 PCT/CN2014/086350 CN2014086350W WO2015070667A1 WO 2015070667 A1 WO2015070667 A1 WO 2015070667A1 CN 2014086350 W CN2014086350 W CN 2014086350W WO 2015070667 A1 WO2015070667 A1 WO 2015070667A1
Authority
WO
WIPO (PCT)
Prior art keywords
vpn
information
identifier
vpn identifier
route advertisement
Prior art date
Application number
PCT/CN2014/086350
Other languages
French (fr)
Chinese (zh)
Inventor
庄顺万
白涛
闫长江
胡杰晖
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2015070667A1 publication Critical patent/WO2015070667A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/02Topology update or discovery
    • H04L45/04Interdomain routing, e.g. hierarchical routing

Definitions

  • the present invention relates to the field of computer technologies, and in particular, to a method and device for issuing routing information and a method and device for transmitting a message.
  • VPN virtual private network
  • MPLS Multi-Protocol Protocol Switch
  • AS autonomous systems
  • the publishing end transmits the routing information of the publishing end to the router connected to the publishing end, and the router forwards the routing information to the next one connected to the router.
  • the router then forwards the routing information in sequence, and then completes the route advertisement.
  • the route advertisement in the prior art needs to be forwarded one by one, and when routing is performed between different ASs,
  • the domain technology implements route forwarding. As a result, the number of routes is forwarded more frequently when the route is forwarded.
  • the cross-domain technology is required to implement route forwarding. The time is long and the efficiency of routing is low.
  • the embodiment of the present application provides a method and an apparatus for distributing routing information, and a method and a device for transmitting a message, which are used to solve the technical problem that the route publishing time is long and the route publishing efficiency is low in the prior art.
  • a method for routing information comprising: a virtual private network VPN server receiving route advertisement information from a first service provider edge device PE, wherein the route issuance information
  • the VPN topology connection information corresponding to the first PE, the VPN topology connection information includes a VPN identifier of the source end, the VPN identifier of the source end is a first VPN identifier in the first PE, and the VPN server is selected as a second PE of the destination end; the VPN server selects, according to the first VPN identifier, a second VPN identifier that matches the first VPN identifier from the VPN identifiers of the second PE, and connects in the VPN topology Adding the second VPN identifier that is the VPN identifier of the destination end to the information, and obtaining the modified route advertisement information; and determining, by the VPN server, the first VPN identifier and the second VPN identifier.
  • the second PE Transmitting, by the second PE, the packet to the virtual extended local area network VXLAN tunnel encapsulation information of the first PE; the VPN server, the VPN server encapsulates the VXLAN tunnel encapsulation information and the modified route advertisement Transmitted to the second PE.
  • the route advertisement information further includes a protocol IP address interconnected by a network of a user network edge device CE connected to the first PE, where the VPN topology connection is Information and an IP address of the first PE, and the first VPN identifier corresponds to the CE.
  • the VPN server selects, according to the first VPN identifier, a second VPN identifier that matches the first VPN identifier, Specifically, the VPN server selects, according to the first VPN identifier, a match with the first VPN identifier from a TAG correspondence relationship in the VPN.
  • the second VPN identifier, the TAG correspondence includes a correspondence between a VPN identifier in the first PE and a VPN identifier in the second PE.
  • the VXLAN tunnel encapsulation information includes a VXLAN interface IP set in the first PE.
  • a method for transmitting a message comprising: receiving, by a first PE, a packet sent by a source CE, and determining, according to the packet sent by the source CE
  • the target PE of the packet transmission is the second PE; the first PE selects the corresponding destination CE from the received route advertisement information of the second PE according to the IP address of the destination CE in the packet.
  • the route issuance information, and the VXLAN tunnel encapsulation information corresponding to the destination CE is selected from the received VXLAN tunnel encapsulation information of the second PE, where the route advertisement information and the VXLAN tunnel encapsulation information of the second PE are Is sent by the VPN server to the first PE; the first PE determines, according to the route advertisement information and the VXLAN tunnel encapsulation information, that the first PE transmits the packet to the VXLAN of the second PE.
  • a tunnel the first PE transmits the packet to the second PE by using the VXLAN tunnel.
  • the first PE determines, according to the route advertisement information and the VXLAN tunnel encapsulation information, that the first PE transmits a packet to the second PE.
  • the VXLAN tunnel specifically includes:
  • an apparatus for routing information comprising:
  • a receiving unit configured to receive route advertisement information from the first PE, where the route advertisement information includes VPN topology connection information corresponding to the first PE, and the VPN topology connection information includes a VPN identifier of the source end, the source The VPN identifier of the end is the first VPN identifier in the first PE;
  • a selection unit configured to select a second PE as a destination
  • a route modification unit configured to receive the route advertisement information sent by the receiving unit, and receive the second PE sent by the selecting unit, according to the first VPN identifier, from a VPN identifier of the second PE And the second VPN identifier that matches the first VPN identifier is selected, and the second VPN identifier that is the VPN identifier of the destination end is added to the VPN topology connection information, and the modified route advertisement information is obtained.
  • a tunnel selection unit configured to receive the first VPN identifier and the second VPN identifier sent by the route modification unit, and determine, according to the first VPN identifier and the second VPN identifier, that the second PE Transmitting the message to the virtual extended local area network VXLAN tunnel encapsulation information of the first PE;
  • a sending unit configured to receive the modified route advertisement information sent by the route modification unit, and receive the VXLAN tunnel encapsulation information sent by the tunnel selection unit, and encapsulate the VXLAN tunnel encapsulation information and the modified The route advertisement information is sent to the second PE.
  • the route advertisement information further includes a protocol IP address interconnected by a network of a user network edge device CE connected to the first PE, where the VPN topology connection is Information and an IP address of the first PE, and the first VPN identifier corresponds to the CE.
  • the route modification unit includes a VPN identity determining unit, configured to use, according to the first VPN And identifying, by the TAG correspondence in the VPN, the second VPN identifier that matches the first VPN identifier, where the TAG correspondence includes the VPN identifier in the first PE and the second PE The correspondence between the VPN IDs.
  • the VXLAN tunnel encapsulation information includes a VXLAN interface IP set in the first PE.
  • a VPN server comprising:
  • a receiver configured to receive route advertisement information from the first PE, where the route advertisement information includes VPN topology connection information corresponding to the first PE, and the VPN topology connection information includes a VPN identifier of the source end, the source The VPN identifier of the end is the first VPN identifier in the first PE;
  • a processor configured to select a second PE that is the destination end, and select, according to the first VPN identifier, a second VPN identifier that matches the first VPN identifier from the VPN identifiers of the second PE, and Adding the second VPN identifier that is the VPN identifier of the destination end to the VPN topology connection information, and obtaining the modified route advertisement information; and determining the first according to the first VPN identifier and the second VPN identifier. Transmitting, by the second PE, the packet to the virtual extended local area network VXLAN tunnel encapsulation information of the first PE;
  • a transmitter configured to send the VXLAN tunnel encapsulation information and the modified route advertisement information to the second PE.
  • the route advertisement information further includes a protocol IP address interconnected by a network of a user network edge device CE connected to the first PE, where the VPN topology connection is Information and an IP address of the first PE, and the first VPN identifier corresponds to the CE.
  • the processor is specifically configured to use the TAG in the VPN according to the first VPN identifier. And selecting, by the correspondence, the second VPN identifier that matches the first VPN identifier, where the TAG correspondence includes a correspondence between the VPN identifier in the first PE and the VPN identifier in the second PE.
  • the VXLAN tunnel encapsulation information includes a VXLAN interface IP set in the first PE.
  • an apparatus for transmitting a message comprising:
  • a receiving unit configured to receive a packet sent by the source CE
  • a PE determining unit configured to receive a packet sent by the receiving unit, and determine, according to the packet, that the destination PE of the packet is a second PE;
  • a routing unit configured to receive a packet sent by the receiving unit, and select, according to the IP address of the destination CE in the packet, the received routing information corresponding to the destination CE from the received routing information of the second PE.
  • Route publishing information wherein the route publishing information of the second PE is sent by the VPN server to the routing unit;
  • a tunnel information acquiring unit configured to receive the second PE sent by the PE determining unit, and select VXLAN tunnel encapsulation information corresponding to the destination CE from the received VXLAN tunnel encapsulation information of the second PE, where The VXLAN tunnel encapsulation information of the second PE is sent by the VPN server to the tunnel selection unit;
  • a tunnel determining unit configured to receive route advertisement information corresponding to the destination CE and send the VXLAN tunnel encapsulation information sent by the tunnel information acquisition unit, according to a route corresponding to the destination CE Deriving the information and the VXLAN tunnel encapsulation information, and determining that the first PE transmits the packet to the VXLAN tunnel of the second PE;
  • a message transmission unit configured to receive the VXLAN tunnel sent by the tunnel determining unit, and transmit the packet to the second PE by using the VXLAN tunnel.
  • the tunnel determining unit The first PE is configured to transmit the packet to the first PE according to the first VPN identifier of the first PE and the second VPN identifier of the second PE in the route advertisement information corresponding to the destination CE. Determining, by the VPN routing and forwarding table of the second PE, the IP address of the first PE and the IP address of the second PE according to the VXLAN tunnel encapsulation information corresponding to the destination CE, and changing according to the VPN route And the IP address of the first PE and the IP address of the second PE are published, and the first PE is determined to transmit the packet to the VXLAN tunnel of the second PE.
  • the technical solution of the present application is that the VPN server receives the route advertisement information advertised by the first PE, and selects the VPN server to select the second PE that performs the packet transmission with the first PE, according to the And the first VPN identifier, the second VPN identifier that matches the first VPN identifier is selected, and the second VPN identifier that is the VPN identifier of the destination end is added to the VPN topology connection information, and the modified route is obtained.
  • the VPN server sends the VXLAN tunnel encapsulation information and the modified routing information to the second PE, so that the route publishing information of the first PE is only used by the VPN server.
  • the second PE is directly transmitted to the destination PE, so that the route advertisement of the first PE is implemented, thereby shortening the route publishing time and improving the efficiency of route advertisement.
  • FIG. 1 is a flowchart of a method for publishing routing information according to an embodiment of the present invention
  • FIG. 2 is a first structural diagram of a first PE performing route advertisement according to an embodiment of the present invention
  • FIG. 3 is a second structural diagram of a first PE being issued according to an embodiment of the present invention.
  • FIG. 4 is a flowchart of a route advertised by a first PE according to an embodiment of the present invention.
  • FIG. 5 is a flowchart of a method for transmitting a message according to an embodiment of the present invention.
  • FIG. 6 is a structural diagram of an apparatus for issuing routing information according to an embodiment of the present invention.
  • FIG. 7 is a structural diagram of a VPN server according to an embodiment of the present invention.
  • FIG. 8 is a structural diagram of an apparatus for transmitting a message according to an embodiment of the present invention.
  • the VPN server receives the route advertisement information advertised by the first PE and selects the existing route advertisement policy for the existing route advertisement policy.
  • the VPN server selects a second service provider edge device PE that performs packet transmission with the first PE, and then selects a second VPN identifier that matches the first VPN identifier according to the first VPN identifier, and Adding the second VPN identifier that is the VPN identifier of the destination end to the VPN topology connection information, and obtaining the modified route advertisement information, where the VPN server encapsulates the VXLAN tunnel encapsulation information and the modified route
  • the issuing information is sent to the second PE, so that the route publishing information of the first PE can be directly transmitted to the second PE as the destination PE through the VPN server, thereby implementing the first
  • the route of the PE is advertised, which shortens the route publishing time and improves the efficiency of route advertisement.
  • Embodiment 1 is a diagrammatic representation of Embodiment 1:
  • a method for publishing routing information is proposed in the first embodiment of the present invention. As shown in FIG. 1 , the specific processing procedure of the method is as follows:
  • Step 101 The virtual private network VPN server receives the route advertisement information advertised by the first service provider edge device PE, where the route advertisement information includes VPN topology connection information corresponding to the first PE, and the VPN topology connection information.
  • the VPN identifier of the source end is included, and the VPN identifier of the source end is the first VPN identifier in the first PE.
  • Step 102 The VPN server selects a second PE as a destination end
  • Step 103 The VPN server is from the second PE according to the first VPN identifier.
  • the second VPN identifier that matches the first VPN identifier is selected in the VPN identifier, and the second VPN identifier that is the VPN identifier of the destination end is added to the VPN topology connection information, and the modified route is obtained. information;
  • Step 104 Determine that the second PE transmits the packet to the virtual extended local area network VXLAN tunnel encapsulation information of the first PE.
  • Step 105 The VPN server sends the VXLAN tunnel encapsulation information and the modified route advertisement information to the second PE.
  • the virtual private network (VPN) server receives the route advertisement information advertised by the Provider Edge (PE), wherein the route advertisement information includes the The VPN topology connection information corresponding to the PE, the VPN topology connection information only includes the VPN identifier of the source end, and the VPN identifier of the source end is the first VPN identifier of the first PE.
  • PE Provider Edge
  • the VPN server is connected to multiple PEs, so that a route from one PE to another PE can be implemented through the VPN server, and a VPN identifier and a VPN routing forwarding table in the source end (VPN Routing) And the forwarding table corresponds to the VRF, and the source end is the first PE, that is, a VPN identifier is associated with one VRF in the first PE.
  • the first PE may have one or more VRFs, and one VPN identifier corresponds to one VRF, so that the corresponding VRF may be determined by using the VPN identifier, and the VPN topology connection information corresponding to the first PE is configured.
  • the VPN identifier field of the source end and the VPN identifier field of the destination end are included.
  • the VPN information received by the VPN server is the source VPN of the VPN topology connection information corresponding to the first PE.
  • the identifier field is the first VPN identifier, and the VPN identifier field of the destination end is empty, so that the VPN topology connection information corresponding to the first PE includes the first VPN identifier, but the destination is not included. End of the VPN ID.
  • the VPN topology connection information can be entered by using VPN_TOPO_CONNECTOR.
  • the line indicates that the VPN identifier of the source end can be represented by a Local VPN TAG (L-TAG), and the VPN identifier of the destination end can be represented by a Remote VPN TAG (R-TAG for short), for example, the VPN topology connection.
  • L-TAG Local VPN TAG
  • R-TAG Remote VPN TAG
  • VPN_TOPO_CONNECTOR Attribue
  • the Local VPN TAG and the Remote VPN TAG can be represented by 4 bytes or 8 bytes.
  • the PE is directly connected to the customer network edge device (CE), and the CE may be a router or a switch, or may be a host, when the PE receives the request of the CE.
  • the PE will perform route advertisement, so that when the VPN server receives the route advertisement information advertised by the first PE, the route advertisement information includes the user network edge device CE connected to the first PE.
  • the IP address, the VPN topology connection information, and the IP of the first PE corresponds to the CE.
  • the first PE is an example of PE1, and PE1 is directly connected to CE1, CE2, and CE3.
  • CE3 is a 163 server.
  • CE3 requests PE1 to perform route advertisement.
  • the VPN server receives the route advertisement information of the PE1, where the route advertisement information includes the IP address of the CE3, the VPN topology connection information corresponding to the PE1, and the IP address of the PE1.
  • PE1 has VRF1, VRF2, and VRF3, and the VPN identifier corresponding to VRF1 in PE1 is TAG1, the VPN identifier corresponding to VRF2 is TAG2, and the VPN identifier corresponding to VRF3 is TAG3, and each TAG corresponds to one or more CE.
  • TAG1 corresponds to CE3, TAG1 can also correspond to CE1 and CE2, and TAG1 can also correspond to CE1, CE2, and CE3.
  • TAG1 and CE3 correspond, if CE3 requests PE1 to perform route advertisement, it can determine PE1.
  • VPN topology connection information is The local VPN TAG is TAG1, and the remote VPN TAG is empty.
  • the IP address of the CE3 is the private IP address, for example, 192.168.1.102, and the IP address of the PE1 is the public IP address, for example, 4.4.4.4.
  • the route advertisement information of PE1 is:
  • VPN_TOPO_CONNECTOR
  • NLRI Network Layer Reachability Information
  • NHP Next Hop Prefix next hop public network address
  • Border Gateway Protocol (BGP) packet for distribution.
  • VPN_TOPO_CONNECTOR is specifically: Local VPN TAG: TAG1; Remote VPN TAG: NULL; can also be represented by VPNATR (L-TAG1, R-RULL).
  • VPNATR L-TAG2, R-RULL
  • step 102 is performed, in which the VPN server selects the second PE as the destination.
  • the VPN server is configured with another PE that performs VPN communication with the first PE, and configured with tunnel encapsulation information of the first PE and the other PEs, so that the VPN is configured.
  • the server selects the second PE as the destination end according to the IP address of the first PE in the route advertisement information, and may select the second VPN according to the first VPN identifier in the route advertisement information.
  • PE is the destination.
  • the PE server can communicate with the PE2 through the VPN.
  • the VPN server associates the PE2 with the PE1.
  • the VPN server receives the route advertisement information sent by the PE1, the VPN server posts the information according to the route.
  • the PE1 can also be transmitted through the VPN packet with the PE3.
  • the VPN server associates the PE2 and the PE1, and also associates the PE3 with the PE1, so that the VPN server receives the route sent by the PE1.
  • the second PE that performs packet transmission with the PE1 is determined to be PE2 or PE3 according to the IP address of the PE1 in the routing information.
  • PE2 has VRF4 and VRF5, the VPN identifier corresponding to VRF4 is TAG4, the VPN identifier corresponding to VRF5 is TAG5, and TAG4 corresponds to TAG1, and VRF of PE2 to PE1 can be determined through VRF4 and VRF1. And TAG5 corresponds to TAG2. VRF5 and VRF2 can also be used to determine the VRF of PE2 to PE1.
  • the VPN server associates PE1 with PE2, TAG5 corresponds to TAG2, and TAG4 corresponds to TAG1.
  • the VPN identifier in the message is TAG1. Since the TAG1 in the VPN server corresponds to the TAG4, and the TAG4 belongs to the PE2, the second PE may be determined to be the PE2.
  • step 103 in which the VPN server selects a second VPN identifier matching the first VPN identifier from the VPN identifiers of the second PE according to the first VPN identifier, and The second VPN identifier that is the VPN identifier of the destination end is added to the VPN topology connection information, and the modified route advertisement information is obtained.
  • the VPN server further configures a correspondence between the VPN identifier of the first PE and the VPN identifier of the other PEs in the process of configuring the first PE and the other PEs. And storing the TAG correspondence between the first PE and the other PEs, so that the VPN server can select, according to the first VPN identifier, the TAG correspondence relationship in the VPN.
  • the second VPN identifier matched by the VPN identifier, the TAG correspondence includes a correspondence between the VPN identifier in the first PE and the VPN identifier in the second PE.
  • PE2 has VRF4 and VRF5, and the VPN label corresponding to VRF4.
  • TAG4 the VPN identifier corresponding to VRF5 is TAG5, and TAG4 corresponds to TAG1.
  • VRF4 and VRF1 can be used to determine the VRF of PE2 to PE1, and TAG5 corresponds to TAG2.
  • PE2 to V1 can also be determined by VRF5 and VRF2.
  • VRF causes the VPN server to associate PE1 with PE2, TAG5 corresponds to TAG2, and TAG4 corresponds to TAG1, which can be expressed as: ⁇ vPE1: TAG1, vPE2: TAG4 ⁇ , ⁇ vPE1: TAG2, vPE2: TAG5 ⁇ .
  • PE3 has VRF6 and VRF7
  • the VPN identifier corresponding to VRF6 is TAG6
  • the VPN identifier corresponding to VRF7 is TAG7
  • TAG6 corresponds to TAG2.
  • VRF6 and VRF2 can determine the VRF of PE3 to PE1, and TAG7 and TAG3
  • the VRF of PE3 to PE1 can also be determined by VRF7 and VRF3.
  • PE1 is associated with PE3 in the VPN server
  • TAG6 corresponds to TAG2
  • TAG7 corresponds to TAG3, which can be expressed as: ⁇ vPE1:TAG2 , vPE3: TAG6 ⁇ , ⁇ vPE1: TAG3, vPE3: TAG7 ⁇ .
  • the route advertisement information of the PE1 is ⁇ NLRI: 192.168.1.102, VPNATR (L-TAG1, R-RULL), NHP: 4.4.4.4 ⁇ , which
  • the first TAG is TAG1
  • vPE2 TAG4 ⁇
  • vPE1 TAG2
  • vPE2 TAG5 ⁇
  • vPE3 TAG6 ⁇
  • ⁇ vPE1: TAG3 TAG7 ⁇
  • step 104 is performed, in which the VPN server determines, according to the first VPN identifier and the second VPN identifier, that the second PE transmits the packet to the virtual extended local area network of the first PE.
  • VXLAN tunnel encapsulation information is included in the VPN server.
  • the VPN server is configured with the tunnel encapsulation information of the first PE and the other PEs, and the second VPN identifier and the second VPN identifier are determined according to the first VPN identifier and the second VPN identifier.
  • the PE transmits the packet to the VXLAN tunnel of the first PE.
  • Package information is configured with the tunnel encapsulation information of the first PE and the other PEs, and the second VPN identifier and the second VPN identifier are determined according to the first VPN identifier and the second VPN identifier.
  • the VXLAN tunnel encapsulation information includes a VXLAN interface IP address set in the first PE and a VXLAN interface IP address set in the second PE, so that an entry of the packet points to the VXLAN in the second PE.
  • the IP address of the interface, the egress of the packet is directed to the IP address of the VXLAN interface in the first PE, and the packet is transmitted through the VXLAN tunnel between the first PE and the second PE.
  • the VPN server configures the tunnel encapsulation information of the first PE and the other PEs
  • the virtual network instance (virtual network instance is referred to as vni)
  • the tunnel can be determined according to the vni. Package information.
  • the VPN server is configured with ⁇ vPE1: TAG1, vPE2: TAG4 ⁇ and its corresponding vni is vni1, and vni1 includes a virtual extended local area network interface (vxlanif) corresponding to TAG1, and
  • vxlanif virtual extended local area network interface
  • the IP address corresponding to TAG1 in the Virtual Extensible Local Area Network (VXLAN), the vxlanif corresponding to TAG4, and the IP address corresponding to TAG4 in VXLAN can be expressed in the following manner:
  • vxlanif1 represents vxlanif corresponding to TAG1
  • vxlanif4 represents vxlanif corresponding to TAG4
  • uip is a shorthand for Underlying network IP
  • uip1 represents an IP address corresponding to TAG1 in VXLAN
  • uip4 represents a corresponding to TAG4 in VXLAN IP address.
  • the VPN server is configured with ⁇ vPE1: TAG2, vPE2: TAG5 ⁇ and its corresponding vni is vni2, which can be expressed in the following manner:
  • the second VPN identifier determined by the VPN server according to the request of the CE3 is TAG4, and according to the TAG1 and the TAG4, determining that the vni matching the TAG1 and the TAG4 is vni1, the tunnel encapsulation information of the VXLAN may be determined as:
  • step 105 is performed, in which the VPN server sends the VXLAN tunnel encapsulation information and the modified route advertisement information to the second PE.
  • the VXLAN tunnel encapsulation information and the modified route advertisement information are sent to the second PE, so that the second PE finds the R- according to the R-VPN identifier. And the VXLAN tunnel corresponding to the VPN identifier, and then generating a packet from the second PE to the VXLAN tunnel of the first PE according to the VXLAN tunnel encapsulation information, and then passing the packet received by the second PE to the VXLAN.
  • the tunnel is transmitted to the first PE.
  • the private network IP address of CE3 is 192.168.1.102, and PE1 is requested.
  • PE1 When the route is advertised, PE1 generates route advertisement information.
  • the route advertisement information is: ⁇ NLRI: 192.168.1.102, VPNATR: (L_TAG1, NULL), NHP: 4.4.4.4 ⁇ .
  • step 401 is executed, and PE1 is released.
  • the ⁇ NLRI: 192.168.1.102, VPNATR: (L_TAG1, NULL), NHP: 4.4.4.4 ⁇ is encapsulated into BGP message 1, the BGP message 1 is referred to as BGP1.
  • PE1 sends BGP1 to enable the VPN server to receive BGP1.
  • the VPN server receives the BGP1 advertised by the PE1, and obtains the modified route advertisement information and the VXLAN tunnel information according to the configuration in the VPN server: ⁇ NLRI: 192.168.1.102, VPN ATR: (L_TAG1, R_TAG4), VXLANATR: (vni1, uip1, uip4), NHP: 4.4.4.4 ⁇ , and ⁇ NLRI: 192.168.1.102, VPNATR: (L_TAG1, R_TAG4), VXLAN ATR: (vni1, uip1, uip4), NHP: 4.4.4.4 ⁇ encapsulated into BGP packet 2, which is referred to as BGP2.
  • BGP2 BGP2
  • step 404 the VPN server sends BGP2 to PE2, so that PE2 receives BGP2.
  • PE2 receives the BGP2 sent by the VPN server, matches the local VRF according to the R-TAG flag, finds vxlanif1 and vxlanif4 according to the carried uip4 address and uip1, and sets the packet vxlanif1 to the packet.
  • the egress exits the vxlanif4 and generates a vxlan tunnel table associated with the PEI and the PE2 to form a vxlan tunnel, so that the packet sent by the CE that is connected to the PE2 is transmitted to the PE1 through the vxlan tunnel.
  • the route advertisement information of PE1 is advertised to AS1 and AS3.
  • the AS1 sends the route advertisement information of PE1 to Router A1.
  • Router A1 then advertises the route of PE1. It is sent to the router A2, and the router A2 sends the route advertisement information of the PE1 to the AS2.
  • the AS2 advertises the route advertisement information of the PE1 to the PE2
  • the AS3 sends the route advertisement information of the PE1 to the router A3.
  • the route advertisement information of PE1 is sent to router A4, and router A4 routes PE1.
  • the information is sent to the AS4, and then the AS4 advertises the route advertisement information of the PE1 to the PE3.
  • the PE1 completes the route advertisement.
  • AS is short for Autonomous System
  • Chinese name is autonomous system.
  • the route advertisement information of the PE1 is directly transmitted to the VPN server, and the VPN server determines the destination PE as the PE2 according to the route advertisement information of the PE1, adds the TAG of the destination end, and obtains the modified route information of the PE1, and according to the PE1.
  • TAG matches the TAG of the PE2, determines the VXLAN tunnel encapsulation information, and sends the modified PE1 route advertisement information and the VXLAN tunnel encapsulation information to the PE2, thereby completing the route advertisement of the PE1, and the route advertisement in the prior art needs to be one by one.
  • the cross-domain technology is required to implement route forwarding.
  • the number of routes is forwarded more frequently in the prior art, and in different ASs.
  • the route forwarding is required to be implemented, and the route is advertised for a long time, and the efficiency of the route is also low.
  • this application allows the application to complete the route only through the VPN server. Publish, routing is completed only by one route forwarding, and there is no need to implement the road through cross-domain technology. By forwarding, the time of route advertisement can be shortened, and the efficiency of route advertisement is improved.
  • Embodiment 2 is a diagrammatic representation of Embodiment 1:
  • the second embodiment of the present invention provides a method for transmitting a message.
  • the specific processing procedure of the method is as follows:
  • Step 501 The first PE receives the packet sent by the source CE, and determines, according to the packet sent by the source CE, that the destination PE of the packet is the second PE.
  • Step 502 The first PE selects route advertisement information corresponding to the destination CE from the received route advertisement information of the second PE according to the IP address of the destination CE in the packet, and receives the route Selecting, by the VXLAN tunnel encapsulation information of the second PE, VXLAN tunnel encapsulation information corresponding to the destination CE, where the route of the second PE is The publishing information and the VXLAN tunnel encapsulation information are sent by the VPN server to the first PE;
  • Step 503 The first PE determines, according to the route advertisement information and the VXLAN tunnel encapsulation information corresponding to the destination CE, that the first PE transmits the packet to the VXLAN tunnel of the second PE.
  • Step 504 The first PE transmits the packet to the second PE by using the VXLAN tunnel.
  • the first PE receives the packet sent by the source CE, and determines, according to the packet sent by the source CE, that the destination PE of the packet is the second PE, where the The source CE is connected to the first PE.
  • the first PE receives the route advertisement information and the VXLAN tunnel encapsulation information sent by the VPN server, and when the first PE receives the packet sent by the source CE, The packet has the IP address of the destination CE, and the second PE directly connected to the destination CE may be determined according to the route advertisement information sent by the received VPN server according to the IP address of the destination CE.
  • the second PE is the target PE.
  • the PE2 firstly receives the route advertisement information and the tunnel encapsulation information of the PE1 sent by the VPN server, and the route advertisement information and the tunnel encapsulation information of the PE1 may include the CE1. And the route advertisement information corresponding to the CE2 and the CE3 and the corresponding tunnel encapsulation information, and then, when the PE2 receives the packet sent by the source CE, the IP address of the destination CE in the packet is obtained, if the destination is The IP address of the CE is the IP address of the CE3. According to the received route advertisement information of the PE1, the destination PE is determined to be PE1.
  • step 502 is performed, in which the first PE selects a destination corresponding to the destination CE from the received route advertisement information of the second PE according to the IP address of the destination CE in the packet.
  • the route issuance information, and the VXLAN tunnel encapsulation information corresponding to the destination CE is selected from the received VXLAN tunnel encapsulation information of the second PE, where the route advertisement information and the VXLAN tunnel encapsulation information of the second PE are Is sent by the VPN server to the first A PE.
  • the IP address of the CE that requests the second PE to perform the route advertisement is written into the route advertisement information of the second PE.
  • the first PE can select route advertisement information and VXLAN tunnel encapsulation information corresponding to the destination CE from the route advertisement information and the VXLAN tunnel encapsulation information of the second PE.
  • the PE2 receives the route advertisement information and the VXLAN tunnel information sent by the VPN server, including: ⁇ NLRI: 192.168.
  • VPN ATR (L_TAG1, R_TAG4), VXLAN ATR: (vni1, uip1, uip4), NHP: 4.4.4.4 ⁇
  • the routing information and VXLAN tunnel information sent by the PE2 to the VPN server include: ⁇ NLRI: 192.168.1.95, VPN ATR: (L_TAG2, R_TAG5), VXLAN ATR: (vni2, uip2, uip5), NHP: 4.4.4.4 ⁇ .
  • the second PE is determined to be PE1 and the destination CE is CE3, and then the packet is received from the source CE.
  • the PE2 receives the route advertisement information of the PE1 and the VXLAN tunnel information that is determined by the VPN server to determine the route advertisement information and the VXLAN tunnel information corresponding to the CE3.
  • ⁇ NLRI 192.168.1.102
  • VPN ATR (L_TAG1, R_TAG4)
  • VXLAN ATR ( Vni1, uip1, uip4)
  • NHP 4.4.4.4 ⁇ .
  • step 503 in which the first PE determines, according to the route advertisement information and the VXLAN tunnel encapsulation information corresponding to the destination CE, that the first PE transmits the packet to the second PE. VXLAN tunnel.
  • the first PE searches for the VRF corresponding to the R-VPN identifier according to the R-VPN identifier in the route advertisement information corresponding to the destination CE, and then encapsulates the information according to the VXLAN tunnel. Determining that the first PE transmits the packet to the second PE And transmitting, by the VXLAN tunnel, the packet received by the first PE to the second PE by using the VXLAN tunnel.
  • the first PE determines the first PE according to the first VPN identifier of the first PE and the second VPN identifier of the second PE in the route advertisement information corresponding to the destination CE. Transmitting the packet to the VPN routing forwarding table of the second PE; the first PE determines the IP address of the first PE and the second PE according to the VXLAN tunnel encapsulation information corresponding to the destination CE. The first PE determines that the first PE transmits the packet to the second PE according to the VPN routing forwarding table, the IP address of the first PE, and the IP address of the second PE. VXLAN tunnel.
  • PE2 receives the packet of the CE, and the IP address of the destination CE of the packet is 192.168.1.102, and the second PE is determined to be PE1 and the destination CE is CE3, and then the PE2 is obtained.
  • the route advertisement information and the VXLAN tunnel information corresponding to the CE3 determined by the route advertisement information and the VXLAN tunnel information of the PE1 sent by the VPN server are ⁇ NLRI: 192.168.1.102, VPN ATR: (L_TAG1, R_TAG4), VXLANATR: (vni1, Uip1, uip4), NHP: 4.4.4.4 ⁇ , according to R-TAG4, determine the VRF4 corresponding to TAG4 from the VRF in PE2, and according to VRF1 corresponding to TAG1, according to VRF4 and VRF1, the VRF of PE2 to PE1 can be determined.
  • vxlanif1 and vxlanif4 are found, and the entry vxlanif1 of the packet is directed to the vxlanif4, and then the VXLAN tunnel table of the associated PEI and PE2 is generated, thereby obtaining the VXLAN tunnel.
  • the packet sent by the source CE to the PE2 is transmitted to the PE1 through the VXLAN tunnel.
  • step 504 is performed, in which the first PE transmits the message to the second PE through the VXLAN tunnel.
  • the first PE transmits the received packet of the source CE to the second PE through the VXLAN tunnel, so that The second PE sends the packet according to the destination IP address in the packet. Transfer to the destination CE.
  • the PE2 receives the packet sent by the CE and transmits the packet to the PE1 through the VXLAN tunnel.
  • the PE1 removes the encapsulation information from the VXLAN tunnel and reads the destination IP address in the packet as 192.168.1.102. Then, PE1 finds that the CE corresponding to 192.168.1.102 is CE3 according to the destination IP address, and then the packet is transmitted to CE3.
  • the MPLS technology is generally used to construct the VPN, which is referred to as MPLS/VPN.
  • MPLS/VPN needs to deploy the Label Distribution Protocol (LDP) as a tunnel, and then deploy the BGP multi-protocol.
  • LDP Label Distribution Protocol
  • MP-BGP Multiprotocol Extensions for BGP propagates VPN routes and performs distributed configuration.
  • Each additional PE/VPN needs to adjust the configuration of other PEs.
  • MPLS/VPN passes through different ASs, it needs to be deployed.
  • a variety of inter-domain technologies, and the addition of VPN services in a new area also requires MPLS to be deployed on the network to ensure MPLS connectivity. As a result, the VPN service performance of the prior art is poor, and technical problems of cross-domain configuration are required.
  • the source PE can obtain the VXLAN tunnel according to the route advertisement information and the VXLAN tunnel information of the VPN server after receiving the route advertisement information and the VXLAN tunnel information of the VPN server. And transmitting the packet to the destination PE through the VXLAN tunnel, so that the cross-domain configuration is not required, and when the VPN service is added in a new area, only the newly added PE and other PEs need to be configured, instead of being deployed in the network.
  • MPLS improves the performance of VPN services and makes VPN services more convenient and maintainable.
  • Embodiment 3 is a diagrammatic representation of Embodiment 3
  • the third embodiment of the present invention provides a device for issuing routing information.
  • the device includes:
  • the receiving unit 601 is configured to receive the route advertisement information from the first PE, where the route advertisement information includes VPN topology connection information corresponding to the first PE, and the VPN topology connection information includes a VPN identifier of the source end, where The VPN ID of the source is the first PE.
  • the selecting unit 602 is configured to select a second PE as a destination end
  • the route modification unit 603 is configured to receive the route advertisement information sent by the receiving unit 601 and the second PE sent by the receiving and selecting unit 602, and select, according to the first VPN identifier, the VPN identifier of the second PE. Adding a second VPN identifier that matches the first VPN identifier, and adding the second VPN identifier that is the VPN identifier of the destination end to the VPN topology connection information, and obtaining the modified route advertisement information;
  • the tunnel selection unit 604 is configured to receive the first VPN identifier and the second VPN identifier sent by the route modification unit 603, and determine, according to the first VPN identifier and the second VPN identifier, that the second PE Transmitting the message to the virtual extended local area network VXLAN tunnel encapsulation information of the first PE;
  • the sending unit 605 is configured to receive the modified route advertisement information sent by the route modification unit 603 and receive the VXLAN tunnel encapsulation information sent by the tunnel selection unit, and encapsulate the VXLAN tunnel encapsulation information and the modified The route advertisement information is sent to the second PE.
  • the device for issuing the routing information is connected to multiple PEs, so that a route advertisement of one PE to another PE can be implemented by the device, and a VPN identifier corresponds to one VRF in the source end, and The source end is the first PE, that is, a VPN identifier is associated with one VRF in the first PE.
  • the first PE may have one or more VRFs, and one VPN identifier corresponds to one VRF, so that the corresponding VRF may be determined by using the VPN identifier, and the VPN topology connection information corresponding to the first PE is configured.
  • the VPN identifier field of the source end and the VPN identifier field of the destination end are included.
  • the VPN information received by the VPN server is the source VPN of the VPN topology connection information corresponding to the first PE.
  • the identifier field is the first VPN identifier, and the VPN identifier field of the destination end is empty, so that the VPN topology connection information corresponding to the first PE includes the first VPN label. Knowledge, but does not contain the VPN ID of the destination.
  • the route advertisement information further includes an IP address of the CE connected to the first PE, the VPN topology connection information and an IP address of the first PE, and the first VPN identifier and the CE correspond.
  • the first PE is an example of PE1, and PE1 is directly connected to CE1, CE2, and CE3.
  • CE3 is a 163 server.
  • CE3 requests PE1 to perform route advertisement.
  • the VPN server receives the route advertisement information of the PE1, wherein the route advertisement information includes the IP address of the CE3, and the VPN topology connection information corresponding to the PE1 and the IP address of the PE1 are, for example, 159.226.1.1.
  • the route modification unit 603 includes a VPN identity determining unit 606, configured to select, according to the first VPN identity, the second VPN that matches the first VPN identity from the TAG correspondence in the VPN.
  • the TAG correspondence includes a correspondence between the VPN identifier in the first PE and the VPN identifier in the second PE.
  • the device for issuing the routing information in the process of configuring the first PE and the other PE, further configuring a correspondence between the VPN identifier of the first PE and the VPN identifier of the other PE, thereby obtaining And storing the TAG correspondence between the first PE and the other PEs, so that the VPN server can select, according to the first VPN identifier, the TAG correspondence relationship in the VPN.
  • the TAG indicates the meaning of the identifier. .
  • PE2 has VRF4 and VRF5
  • the VPN identifier corresponding to VRF4 is TAG4
  • the VPN identifier corresponding to VRF5 is TAG5
  • TAG4 corresponds to TAG1
  • VRF of PE2 to PE1 can be determined through VRF4 and VRF1
  • TAG5 corresponds to TAG2.
  • the VRF of PE2 to PE1 can also be determined through VRF5 and VRF2.
  • the VPN server associates PE1 with PE2, TAG5 corresponds to TAG2, and TAG4 corresponds to TAG1, which can be expressed as: vPE1: TAG1, vPE2: TAG4 ⁇ , ⁇ vPE1: TAG2, vPE2: TAG5 ⁇ .
  • the device that is advertised by the routing information is configured with the tunnel encapsulation information of the first PE and the other PE, so that the tunnel selection unit 604 can be configured according to the first VPN identifier and the second VPN identifier. And determining, by the second PE, the message to be transmitted to the VXLAN tunnel encapsulation information of the first PE.
  • the VXLAN tunnel encapsulation information includes a VXLAN interface IP address set in the first PE and a VXLAN interface IP address set in the second PE.
  • the sending unit 605 sends the VXLAN tunnel encapsulation information and the modified route advertisement information to the second PE, so that the second PE finds the R according to the R-VPN identifier. a VRF corresponding to the VPN identifier, and then generating a packet from the second PE to the VXLAN tunnel of the first PE according to the VXLAN tunnel encapsulation information, and then passing the packet received by the second PE by using the VRFLAN tunnel encapsulation information
  • the VXLAN tunnel is transmitted to the first PE.
  • the route advertisement information of the PE1 is directly transmitted to the VPN server, and the VPN server determines the destination PE as the PE2 according to the route advertisement information of the PE1, adds the TAG of the destination end, and obtains the modified route information of the PE1, and according to the PE1.
  • TAG matches the TAG of the PE2, determines the VXLAN tunnel encapsulation information, and sends the modified PE1 route advertisement information and the VXLAN tunnel encapsulation information to the PE2, thereby completing the route advertisement of the PE1, and the route advertisement in the prior art needs to be one by one.
  • the cross-domain technology is required to implement route forwarding.
  • the number of routes is forwarded more frequently in the prior art, and in different ASs.
  • the route forwarding is required to be implemented, and the route is advertised for a long time, and the efficiency of the route is also low.
  • this application allows the application to complete the route only through the VPN server. Publish, routing is completed only by one route forwarding, and there is no need to implement the road through cross-domain technology. By forwarding, the time of route advertisement can be shortened, and the efficiency of route advertisement is improved.
  • Embodiment 4 is a diagrammatic representation of Embodiment 4:
  • a fourth embodiment of the present invention provides a VPN server.
  • the server includes:
  • the receiver 701 is configured to receive the route advertisement information from the first PE, where the route advertisement information includes VPN topology connection information corresponding to the first PE, and the VPN topology connection information includes a VPN identifier of the source end, where The VPN identifier of the source is the first VPN identifier in the first PE.
  • the processor 702 is configured to select a second PE that is the destination end, and select, according to the first VPN identifier, a second VPN identifier that matches the first VPN identifier from the VPN identifiers of the second PE, and Adding the second VPN identifier that is the VPN identifier of the destination end to the VPN topology connection information, and obtaining the modified route advertisement information; and determining, according to the first VPN identifier and the second VPN identifier, Transmitting, by the second PE, the packet to the virtual extended local area network VXLAN tunnel encapsulation information of the first PE;
  • the transmitter 703 is configured to send the VXLAN tunnel encapsulation information and the modified route advertisement information to the second PE.
  • the receiver 701 is, for example, an electronic device such as a wireless antenna or a wifi module.
  • the processor 702 is, for example, a separate processing chip or an electronic device such as a single chip microcomputer.
  • the transmitter 703 is, for example, an electronic device such as a wireless antenna.
  • the VPN server is connected to multiple PEs, so that a route advertisement from one PE to another PE can be implemented by using the VPN server, and a VPN identifier and a VPN routing forwarding table in the source end (VPN)
  • the routing and forwarding table (VRF) corresponds to the first PE, that is, the VPN identifier is associated with one VRF in the first PE.
  • the first PE may have one or more VRFs, and one VPN identifier corresponds to one VRF, so that the corresponding VRF can be determined by using the VPN identifier, and the VPN topology connection information corresponding to the first PE includes only The VPN identification field of the source end and the VPN identification field of the destination end, because the VPN server receives the route advertisement information of the first PE,
  • the VPN identifier field of the source end in the VPN topology connection information corresponding to the first PE is the first VPN identifier, and the VPN identifier field of the destination end is empty, so that the VPN topology corresponding to the first PE is obtained.
  • the connection information includes the first VPN identifier, and does not include the VPN identifier of the destination end.
  • the route advertisement information further includes an IP address of a CE connected to the first PE, the VPN topology connection information and an IP address of the first PE, and the first VPN identifier and the CE corresponds.
  • the first PE is an example of PE1, and PE1 is directly connected to CE1, CE2, and CE3.
  • CE3 is a 163 server.
  • CE3 requests PE1 to perform route advertisement.
  • the VPN server receives the route advertisement information of the PE1, wherein the route advertisement information includes the IP address of the CE3, and the VPN topology connection information corresponding to the PE1 and the IP address of the PE1 are, for example, 159.226.1.1.
  • the processor 702 is configured to select, according to the first VPN identifier, the second VPN identifier that matches the first VPN identifier from the TAG correspondence in the VPN, where the TAG corresponds to The relationship includes the correspondence between the VPN identifier in the first PE and the VPN identifier in the second PE.
  • the VPN server further configures a correspondence between the VPN identifier of the first PE and the VPN identifier of the other PE, thereby obtaining and saving the Determining the TAG correspondence between the first PE and the other PEs, so that the VPN server can select the first VPN identifier from the TAG correspondence relationship in the VPN according to the first VPN identifier.
  • the TAG correspondence includes a correspondence between the VPN identifier in the first PE and a VPN identifier in the second PE, where the TAG indicates the meaning of the identifier.
  • PE2 has VRF4 and VRF5
  • the VPN identifier corresponding to VRF4 is TAG4
  • the VPN identifier corresponding to VRF5 is TAG5
  • TAG4 corresponds to TAG1
  • VRF of PE2 to PE1 can be determined through VRF4 and VRF1
  • TAG5 and TAG2 corresponds to TAG2
  • the VRF of PE2 to PE1 can also be determined by VRF5 and VRF2.
  • the VPN server associates PE1 with PE2, TAG5 corresponds to TAG2, and TAG4 corresponds to TAG1, which can be expressed as: ⁇ vPE1:TAG1 , vPE2: TAG4 ⁇ , ⁇ vPE1: TAG2, vPE2: TAG5 ⁇ .
  • the device that is advertised by the routing information is configured with tunnel encapsulation information of the first PE and the other PE, so that the processor 702 can be configured according to the first VPN identifier and the second VPN identifier. Determining that the second PE transmits the message to the VXLAN tunnel encapsulation information of the first PE.
  • the VXLAN tunnel encapsulation information includes a VXLAN interface IP address set in the first PE and a VXLAN interface IP address set in the second PE.
  • the transmitter 703 is configured to send the VXLAN tunnel encapsulation information and the modified route advertisement information to the second PE, so that the second PE finds the R-VPN identifier according to the R-VPN identifier. And the VRF corresponding to the R-VPN identifier, according to the VXLAN tunnel encapsulation information, generating a packet from the second PE to the VXLAN tunnel of the first PE, and then receiving the report received by the second PE The text is transmitted to the first PE through the VXLAN tunnel.
  • the route advertisement information of the PE1 is directly transmitted to the VPN server, and the VPN server determines the destination PE as the PE2 according to the route advertisement information of the PE1, adds the TAG of the destination end, and obtains the modified route information of the PE1, and according to the PE1.
  • TAG matches the TAG of the PE2, determines the VXLAN tunnel encapsulation information, and sends the modified PE1 route advertisement information and the VXLAN tunnel encapsulation information to the PE2, thereby completing the route advertisement of the PE1, and the route advertisement in the prior art needs to be one by one.
  • the cross-domain technology is required to implement route forwarding.
  • the number of routes is forwarded more frequently in the prior art, and in different ASs.
  • the cross-domain technology is required to implement the routing and forwarding, so that the route is advertised for a long period of time, and the efficiency of the route is also low.
  • the present application only needs to pass the VPN server.
  • the route advertisement is completed only by one route forwarding, and the route forwarding is not required to be implemented by the cross-domain technology, thereby shortening the route advertisement time and improving the efficiency of route advertisement.
  • Embodiment 5 is a diagrammatic representation of Embodiment 5:
  • the fifth embodiment of the present invention provides an apparatus for transmitting a message.
  • the apparatus includes:
  • the receiving unit 801 is configured to receive a packet sent by the source CE,
  • the PE determining unit 802 is configured to receive the packet sent by the receiving unit 801, and determine, according to the packet, that the destination PE of the packet transmission is the second PE;
  • the routing unit 803 is configured to receive the packet sent by the receiving unit 801, and select, according to the IP address of the destination CE in the packet, the corresponding route CE from the received route advertisement information of the second PE. Route publishing information, wherein the route publishing information of the second PE is sent by the VPN server to the routing unit 803;
  • the tunnel information acquiring unit 804 is configured to receive the second PE sent by the PE determining unit 802, and select VXLAN tunnel encapsulation information corresponding to the destination CE from the received VXLAN tunnel encapsulation information of the second PE, where The VXLAN tunnel encapsulation information of the second PE is sent by the VPN server to the tunnel selection unit 804;
  • the tunnel determining unit 805 is configured to receive the route advertisement information corresponding to the destination CE and the VXLAN tunnel encapsulation information sent by the receiving tunnel information acquiring unit 804, which is sent by the routing unit 803, and is distributed according to the route corresponding to the destination CE. Determining, by the information, the VXLAN tunnel encapsulation information, that the first PE transmits the packet to the VXLAN tunnel of the second PE;
  • the message transmission unit 806 is configured to receive the VXLAN tunnel sent by the tunnel determining unit 805, and transmit the packet to the second PE by using the VXLAN tunnel.
  • the device that transmits the packet receives the route advertisement information and the VXLAN tunnel encapsulation information sent by the VPN server, and the receiving unit 801 in the device receives the packet sent by the source CE, because The packet has the IP address of the destination CE, so that the PE is indeed
  • the determining unit 802 may determine, according to the IP address of the destination CE, the second PE directly connected to the destination CE, and the second PE is the destination PE, from the route advertisement information sent by the received VPN server. .
  • the PE2 firstly receives the route advertisement information and the tunnel encapsulation information of the PE1 sent by the VPN server, and the route advertisement information and the tunnel encapsulation information of the PE1 may include the CE1. And the route advertisement information corresponding to the CE2 and the CE3 and the corresponding tunnel encapsulation information, and then, when the PE2 receives the packet sent by the source CE, the IP address of the destination CE in the packet is obtained, if the destination is The IP address of the CE is the IP address of the CE3. According to the received route advertisement information of the PE1, the destination PE is determined to be PE1.
  • the second PE is configured to write the IP address of the CE that requests the second PE to perform the route advertisement to the route advertisement information of the second PE, so that the PE determines
  • the tunnel information acquiring unit 804 can select the route advertisement information corresponding to the destination CE from the route advertisement information of the second PE, and the tunnel determining unit 805 can The VXLAN tunnel encapsulation information corresponding to the destination CE is selected in the VXLAN tunnel encapsulation information of the second PE.
  • the tunnel determining unit 805 is configured to determine, according to the first VPN identifier of the first PE and the second VPN identifier of the second PE in the route advertisement information corresponding to the destination CE, The first PE transmits the packet to the VPN routing forwarding table of the second PE, and determines the IP address of the first PE and the IP of the second PE according to the VXLAN tunnel encapsulation information corresponding to the destination CE. And determining, according to the VPN routing forwarding table, the IP address of the first PE, and the IP address of the second PE, that the first PE transmits the packet to the VXLAN tunnel of the second PE.
  • PE2 receives the packet of the CE, and the IP address of the destination CE of the packet is 192.168.1.102, and the second PE is determined to be PE1 and the destination CE is CE3, and then the PE2 is obtained.
  • VPN ATR (L_TAG1, R_TAG4), VXLAN ATR: (vni1, uip1, uip4), NHP: 4.4.4.4 ⁇
  • R-TAG4 determines the corresponding to TAG4 from the VRF in PE2
  • VRF1 corresponding to TAG1 According to VRF4 and VRF1, the VRF of PE2 to PE1 can be determined, and according to the uip4 address and uip1 carried in the VXLAN tunnel information, vxlanif1 and vxlanif4 are found, and the entry vxlanif1 of the packet will be The egress of the packet is directed to vxlanif4, and then the VXLAN tunnel table of the associated PEI and PE2 is generated, and the VXLAN tunnel is obtained, so that the packet sent by the source CE is transmitted to the PE1 through the VXLAN tunnel.
  • the message transmission unit 806 transmits the received message of the source CE to the second PE through the VXLAN tunnel, so that the second PE is based on the destination IP in the packet.
  • the address is transmitted to the destination CE.
  • the PE2 receives the packet sent by the CE and transmits the packet to the PE1 through the VXLAN tunnel.
  • the PE1 removes the encapsulation information from the VXLAN tunnel and reads the destination IP address in the packet as 192.168.1.102. Then, PE1 finds that the CE corresponding to 192.168.1.102 is CE3 according to the destination IP address, and then the packet is transmitted to CE3.
  • the MPLS technology is generally used to construct a VPN, which is referred to as MPLS/VPN.
  • MPLS/VPN needs to deploy LDP as a tunnel, deploy BGP to propagate VPN routes, and perform distributed configuration.
  • Each additional PE/VPN needs to adjust the configuration of each other PE.
  • MPLS/VPN needs to pass different ASs, it also needs to deploy various cross-domain technologies, and if VPN services are added in a new area, it needs to be deployed in the network.
  • MPLS ensures MPLS connectivity, which leads to poor performance of VPN services in the prior art and requires technical problems of cross-domain configuration.
  • the source PE can obtain the VXLAN tunnel according to the route advertisement information and the VXLAN tunnel information of the VPN server after receiving the route advertisement information and the VXLAN tunnel information of the VPN server. And transmitting the packet to the destination PE through the VXLAN tunnel, thereby eliminating the need for cross-domain configuration, and When the VPN service is added to the new area, the newly added PEs and other PEs need to be configured. Instead of deploying MPLS on the network, the VPN service expansion performance is improved, and the VPN service is opened and maintained more conveniently.
  • embodiments of the present invention can be provided as a method, apparatus (device), or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment, or a combination of software and hardware. Moreover, the invention can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) including computer usable program code.
  • a computer-usable storage media including but not limited to disk storage, CD-ROM, optical storage, etc.
  • the computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device.
  • the apparatus implements the functions specified in one or more blocks of a flow or a flow and/or block diagram of the flowchart.
  • These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device.
  • the instructions provide steps for implementing the functions specified in one or more of the flow or in a block or blocks of a flow diagram.

Abstract

Disclosed are a method for issuing route information, a method and an apparatus for transmitting a packet. The method for issuing route information comprises: a VPN server receiving route issuing information issued by a first PE; selecting the VPN server as a second PE of a destination end; the VPN server selecting, according to the first VPN identification, a second VPN identification matching a first VPN identification from VPN identifications of the second PE, adding the second VPN identification used as the VPN identification of the destination end into VPN topological connection information, and obtaining modified route issuing information; the VPN server determining, according to the first VPN identification and the second VPN identification, VXLAN tunnel encapsulation information through which a packet is transmitted to the first PE by the second PE; and the VPN server sending the VXLAN tunnel encapsulation information and the modified route issuing information to the second PE.

Description

路由信息发布的方法、传输报文的方法及装置Method for distributing routing information, method and device for transmitting message
本申请要求于2013年11月13日提交中国专利局、申请号为CN201310567457.6、发明名称为“路由信息发布的方法、传输报文的方法及装置”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of the Chinese Patent Application filed on November 13, 2013 by the Chinese Patent Office, the application number is CN201310567457.6, and the invention is entitled "Method of Routing Information Distribution, Method and Apparatus for Transmitting Messages". The content is incorporated herein by reference.
技术领域Technical field
本发明涉及计算机技术领域,具体涉及一种路由信息发布的方法及装置和一种传输报文的方法及装置。The present invention relates to the field of computer technologies, and in particular, to a method and device for issuing routing information and a method and device for transmitting a message.
背景技术Background technique
现有的虚拟专用网(Virtual Private Network简称VPN)通常需要使用多标签协议交换(Multi Protocol Label Switch简称MPLS)技术,而VPN属于远程访问技术,是利用公网链路架设私有网络,通常会通过不同的自治系统(Autonomous System简称AS),由于VPN实质上就是利用加密技术在公网上封装出一个数据通讯隧道,使得在通过VPN传输报文过程中安全性能得以提高。The existing virtual private network (VPN) usually needs to use the Multi-Protocol Protocol Switch (MPLS) technology, and the VPN is a remote access technology. It uses a public network link to set up a private network, usually through Different autonomous systems (AS), because VPN essentially encapsulates a data communication tunnel on the public network by using encryption technology, so that the security performance is improved during the transmission of packets through the VPN.
但是现有VPN在进行路由发布时,发布端会将所述发布端的路由信息传输给与所述发布端连接的路由器,所述路由器再将所述路由信息转发给与所述路由器连接的下一个路由器,然后再将所述路由信息进行依次转发,进而完成所述路由发布,导致现有技术中的路由发布需要逐一进行路由转发,而且在不同的AS之间进行路由转发时,还需要通过跨域技术来实现路由转发,导致现有技术在进行路由转发时,路由转发的次数较多,而且在不同的AS之间进行路由转发时,还需要通过跨域技术来实现路由转发,使得路由发布的时间长,路由发布的效率也低。 However, when the existing VPN performs routing, the publishing end transmits the routing information of the publishing end to the router connected to the publishing end, and the router forwards the routing information to the next one connected to the router. The router then forwards the routing information in sequence, and then completes the route advertisement. As a result, the route advertisement in the prior art needs to be forwarded one by one, and when routing is performed between different ASs, The domain technology implements route forwarding. As a result, the number of routes is forwarded more frequently when the route is forwarded. In the case of routing and forwarding between different ASs, the cross-domain technology is required to implement route forwarding. The time is long and the efficiency of routing is low.
发明内容Summary of the invention
本申请实施例通过提供一种路由信息发布的方法及装置和一种传输报文的方法及装置,用于解决现有技术中存在的路由发布的时间长,路由发布的效率低的技术问题。The embodiment of the present application provides a method and an apparatus for distributing routing information, and a method and a device for transmitting a message, which are used to solve the technical problem that the route publishing time is long and the route publishing efficiency is low in the prior art.
根据本发明的第一方面,提供了一种路由信息发布的方法,所述方法包括:虚拟专用网VPN服务器接收来自第一服务提供商边缘设备PE的路由发布信息,其中,所述路由发布信息包括所述第一PE对应的VPN拓扑连接信息,所述VPN拓扑连接信息包括源端的VPN标识,所述源端的VPN标识为所述第一PE中的第一VPN标识;所述VPN服务器选择作为目的端的第二PE;所述VPN服务器根据所述第一VPN标识,从所述第二PE的VPN标识中选择与所述第一VPN标识匹配的第二VPN标识,并在所述VPN拓扑连接信息中增加作为目的端的VPN标识的所述第二VPN标识,获得修改后的所述路由发布信息;以及所述VPN服务器根据所述第一VPN标识和所述第二VPN标识,确定所述第二PE将报文传输给所述第一PE的虚拟扩展局域网VXLAN隧道封装信息;所述VPN服务器将所述VXLAN隧道封装信息和修改后的所述路由发布信息发送给所述第二PE。According to a first aspect of the present invention, a method for routing information is provided, the method comprising: a virtual private network VPN server receiving route advertisement information from a first service provider edge device PE, wherein the route issuance information The VPN topology connection information corresponding to the first PE, the VPN topology connection information includes a VPN identifier of the source end, the VPN identifier of the source end is a first VPN identifier in the first PE, and the VPN server is selected as a second PE of the destination end; the VPN server selects, according to the first VPN identifier, a second VPN identifier that matches the first VPN identifier from the VPN identifiers of the second PE, and connects in the VPN topology Adding the second VPN identifier that is the VPN identifier of the destination end to the information, and obtaining the modified route advertisement information; and determining, by the VPN server, the first VPN identifier and the second VPN identifier. Transmitting, by the second PE, the packet to the virtual extended local area network VXLAN tunnel encapsulation information of the first PE; the VPN server, the VPN server encapsulates the VXLAN tunnel encapsulation information and the modified route advertisement Transmitted to the second PE.
结合第一方面,在第一种可能的实现方式中,所述路由发布信息还包括与所述第一PE连接的用户网络边缘设备CE的网络之间互联的协议IP地址,所述VPN拓扑连接信息和所述第一PE的IP地址,且所述第一VPN标识与所述CE对应。With reference to the first aspect, in a first possible implementation manner, the route advertisement information further includes a protocol IP address interconnected by a network of a user network edge device CE connected to the first PE, where the VPN topology connection is Information and an IP address of the first PE, and the first VPN identifier corresponds to the CE.
结合第一方面或第一种可能的实现方式,在第二种可能的实现方式中,所述VPN服务器根据所述第一VPN标识,选择与所述第一VPN标识匹配的第二VPN标识,具体包括:所述VPN服务器根据所述第一VPN标识,从所述VPN中的TAG对应关系中选择与所述第一VPN标识匹配 的所述第二VPN标识,所述TAG对应关系包括所述第一PE中的VPN标识与所述第二PE中的VPN标识的对应关系。With reference to the first aspect or the first possible implementation manner, in a second possible implementation manner, the VPN server selects, according to the first VPN identifier, a second VPN identifier that matches the first VPN identifier, Specifically, the VPN server selects, according to the first VPN identifier, a match with the first VPN identifier from a TAG correspondence relationship in the VPN. The second VPN identifier, the TAG correspondence includes a correspondence between a VPN identifier in the first PE and a VPN identifier in the second PE.
结合第一方面或第一种可能的实现方式或第二种可能的实现方式,在第三种可能的实现方式中,所述VXLAN隧道封装信息包括设置在所述第一PE中的VXLAN接口IP地址和设置在所述第二PE中的VXLAN接口IP地址。With reference to the first aspect, the first possible implementation, or the second possible implementation, in a third possible implementation, the VXLAN tunnel encapsulation information includes a VXLAN interface IP set in the first PE. An address and a VXLAN interface IP address set in the second PE.
根据本发明第二方面,提供了一种传输报文的方法,所述方法包括:第一PE接收来自源端CE发送的报文,并根据所述源端CE发送的报文,确定所述报文传输的目标PE为第二PE;所述第一PE根据所述报文中的目的CE的IP地址,从接收到的所述第二PE的路由发布信息中选择与所述目的CE对应的路由发布信息,以及从接收到的所述第二PE的VXLAN隧道封装信息中选择与所述目的CE对应的VXLAN隧道封装信息,其中,所述第二PE的路由发布信息和VXLAN隧道封装信息是由VPN服务器发送给所述第一PE的;所述第一PE根据所述路由发布信息和所述VXLAN隧道封装信息,确定所述第一PE将报文传输给所述第二PE的VXLAN隧道;所述第一PE将所述报文通过所述VXLAN隧道传输至所述第二PE。According to a second aspect of the present invention, a method for transmitting a message is provided, the method comprising: receiving, by a first PE, a packet sent by a source CE, and determining, according to the packet sent by the source CE The target PE of the packet transmission is the second PE; the first PE selects the corresponding destination CE from the received route advertisement information of the second PE according to the IP address of the destination CE in the packet. The route issuance information, and the VXLAN tunnel encapsulation information corresponding to the destination CE is selected from the received VXLAN tunnel encapsulation information of the second PE, where the route advertisement information and the VXLAN tunnel encapsulation information of the second PE are Is sent by the VPN server to the first PE; the first PE determines, according to the route advertisement information and the VXLAN tunnel encapsulation information, that the first PE transmits the packet to the VXLAN of the second PE. a tunnel: the first PE transmits the packet to the second PE by using the VXLAN tunnel.
结合第二方面,在第一种可能的实现方式中,所述第一PE根据所述路由发布信息和所述VXLAN隧道封装信息,确定所述第一PE将报文传输给所述第二PE的VXLAN隧道,具体包括:With reference to the second aspect, in a first possible implementation manner, the first PE determines, according to the route advertisement information and the VXLAN tunnel encapsulation information, that the first PE transmits a packet to the second PE. The VXLAN tunnel specifically includes:
所述第一PE根据与所述目的CE对应的路由发布信息中的所述第一PE的第一VPN标识和所述第二PE的第二VPN标识,确定所述第一PE将报文传输给所述第二PE的VPN路由转发表;Determining, by the first PE, that the first PE transmits the packet according to the first VPN identifier of the first PE and the second VPN identifier of the second PE in the route advertisement information corresponding to the destination CE. a VPN routing forwarding table for the second PE;
所述第一PE根据与所述目的CE对应的VXLAN隧道封装信息,确定所述第一PE的IP地址和所述第二PE的IP地址;Determining, by the first PE, the IP address of the first PE and the IP address of the second PE according to the VXLAN tunnel encapsulation information corresponding to the destination CE;
所述第一PE根据所述VPN路由转发表和所述第一PE的IP地址和所述第二PE的IP地址,确定所述第一PE将报文传输给所述第二PE的 VXLAN隧道。Determining, by the first PE, the first PE to transmit the packet to the second PE according to the VPN routing forwarding table, the IP address of the first PE, and the IP address of the second PE. VXLAN tunnel.
根据本发明第三方面,提供了一种路由信息发布的装置,所述装置包括:According to a third aspect of the present invention, an apparatus for routing information is provided, the apparatus comprising:
接收单元,用于接收来自第一PE的路由发布信息,其中,所述路由发布信息包括所述第一PE对应的VPN拓扑连接信息,所述VPN拓扑连接信息包括源端的VPN标识,所述源端的VPN标识为所述第一PE中的第一VPN标识;a receiving unit, configured to receive route advertisement information from the first PE, where the route advertisement information includes VPN topology connection information corresponding to the first PE, and the VPN topology connection information includes a VPN identifier of the source end, the source The VPN identifier of the end is the first VPN identifier in the first PE;
选择单元,用于选择作为目的端的第二PE;a selection unit, configured to select a second PE as a destination;
路由修改单元,用于接收所述接收单元发送的所述路由发布信息和接收所述选择单元发送的所述第二PE,根据所述第一VPN标识,从所述第二PE的VPN标识中选择与所述第一VPN标识匹配的第二VPN标识,并在所述VPN拓扑连接信息中增加作为目的端的VPN标识的所述第二VPN标识,获得修改后的所述路由发布信息;a route modification unit, configured to receive the route advertisement information sent by the receiving unit, and receive the second PE sent by the selecting unit, according to the first VPN identifier, from a VPN identifier of the second PE And the second VPN identifier that matches the first VPN identifier is selected, and the second VPN identifier that is the VPN identifier of the destination end is added to the VPN topology connection information, and the modified route advertisement information is obtained.
隧道选择单元,用于接收所述路由修改单元发送的所述第一VPN标识和所述第二VPN标识,根据所述第一VPN标识和所述第二VPN标识,确定所述第二PE将报文传输给所述第一PE的虚拟扩展局域网VXLAN隧道封装信息;a tunnel selection unit, configured to receive the first VPN identifier and the second VPN identifier sent by the route modification unit, and determine, according to the first VPN identifier and the second VPN identifier, that the second PE Transmitting the message to the virtual extended local area network VXLAN tunnel encapsulation information of the first PE;
发送单元,用于接收所述路由修改单元发送的修改后的所述路由发布信息和接收所述隧道选择单元发送的所述VXLAN隧道封装信息,将所述VXLAN隧道封装信息和修改后的所述路由发布信息发送给所述第二PE。a sending unit, configured to receive the modified route advertisement information sent by the route modification unit, and receive the VXLAN tunnel encapsulation information sent by the tunnel selection unit, and encapsulate the VXLAN tunnel encapsulation information and the modified The route advertisement information is sent to the second PE.
结合第三方面,在第一种可能的实现方式中,所述路由发布信息还包括与所述第一PE连接的用户网络边缘设备CE的网络之间互联的协议IP地址,所述VPN拓扑连接信息和所述第一PE的IP地址,且所述第一VPN标识与所述CE对应。With reference to the third aspect, in a first possible implementation manner, the route advertisement information further includes a protocol IP address interconnected by a network of a user network edge device CE connected to the first PE, where the VPN topology connection is Information and an IP address of the first PE, and the first VPN identifier corresponds to the CE.
结合第三方面或第一种可能的实现方式,在第二种可能的实现方式中,所述路由修改单元包括VPN标识确定单元,用于根据所述第一VPN 标识,从所述VPN中的TAG对应关系中选择与所述第一VPN标识匹配的所述第二VPN标识,所述TAG对应关系包括所述第一PE中的VPN标识与所述第二PE中的VPN标识的对应关系。With reference to the third aspect or the first possible implementation manner, in a second possible implementation manner, the route modification unit includes a VPN identity determining unit, configured to use, according to the first VPN And identifying, by the TAG correspondence in the VPN, the second VPN identifier that matches the first VPN identifier, where the TAG correspondence includes the VPN identifier in the first PE and the second PE The correspondence between the VPN IDs.
结合第三方面或第一种可能的实现方式或第二种可能的实现方式,在第三种可能的实现方式中,所述VXLAN隧道封装信息包括设置在所述第一PE中的VXLAN接口IP地址和设置在所述第二PE中的VXLAN接口IP地址。With reference to the third aspect, the first possible implementation manner, or the second possible implementation manner, in a third possible implementation manner, the VXLAN tunnel encapsulation information includes a VXLAN interface IP set in the first PE. An address and a VXLAN interface IP address set in the second PE.
根据本发明的第四方面,提供了一种VPN服务器,所述服务器包括:According to a fourth aspect of the present invention, a VPN server is provided, the server comprising:
接收器,用于接收来自第一PE的路由发布信息,其中,所述路由发布信息包括所述第一PE对应的VPN拓扑连接信息,所述VPN拓扑连接信息包括源端的VPN标识,所述源端的VPN标识为所述第一PE中的第一VPN标识;a receiver, configured to receive route advertisement information from the first PE, where the route advertisement information includes VPN topology connection information corresponding to the first PE, and the VPN topology connection information includes a VPN identifier of the source end, the source The VPN identifier of the end is the first VPN identifier in the first PE;
处理器,用于选择作为目的端的第二PE,并根据所述第一VPN标识,从所述第二PE的VPN标识中选择与所述第一VPN标识匹配的第二VPN标识,并在所述VPN拓扑连接信息中增加作为目的端的VPN标识的所述第二VPN标识,获得修改后的所述路由发布信息;以及根据所述第一VPN标识和所述第二VPN标识,确定所述第二PE将报文传输给所述第一PE的虚拟扩展局域网VXLAN隧道封装信息;a processor, configured to select a second PE that is the destination end, and select, according to the first VPN identifier, a second VPN identifier that matches the first VPN identifier from the VPN identifiers of the second PE, and Adding the second VPN identifier that is the VPN identifier of the destination end to the VPN topology connection information, and obtaining the modified route advertisement information; and determining the first according to the first VPN identifier and the second VPN identifier. Transmitting, by the second PE, the packet to the virtual extended local area network VXLAN tunnel encapsulation information of the first PE;
发送器,用于将所述VXLAN隧道封装信息和修改后的所述路由发布信息发送给所述第二PE。And a transmitter, configured to send the VXLAN tunnel encapsulation information and the modified route advertisement information to the second PE.
结合第四方面,在第一种可能的实现方式中,所述路由发布信息还包括与所述第一PE连接的用户网络边缘设备CE的网络之间互联的协议IP地址,所述VPN拓扑连接信息和所述第一PE的IP地址,且所述第一VPN标识与所述CE对应。With reference to the fourth aspect, in a first possible implementation manner, the route advertisement information further includes a protocol IP address interconnected by a network of a user network edge device CE connected to the first PE, where the VPN topology connection is Information and an IP address of the first PE, and the first VPN identifier corresponds to the CE.
结合第四方面或第一种可能的实现方式,在第二种可能的实现方式中,所述处理器,具体用于根据所述第一VPN标识,从所述VPN中的TAG 对应关系中选择与所述第一VPN标识匹配的所述第二VPN标识,所述TAG对应关系包括所述第一PE中的VPN标识与所述第二PE中的VPN标识的对应关系。With reference to the fourth aspect or the first possible implementation manner, in a second possible implementation manner, the processor is specifically configured to use the TAG in the VPN according to the first VPN identifier. And selecting, by the correspondence, the second VPN identifier that matches the first VPN identifier, where the TAG correspondence includes a correspondence between the VPN identifier in the first PE and the VPN identifier in the second PE.
结合第四方面或第一种可能的实现方式或第二种可能的实现方式,在第三种可能的实现方式中,所述VXLAN隧道封装信息包括设置在所述第一PE中的VXLAN接口IP地址和设置在所述第二PE中的VXLAN接口IP地址。With reference to the fourth aspect, the first possible implementation manner, or the second possible implementation manner, in a third possible implementation manner, the VXLAN tunnel encapsulation information includes a VXLAN interface IP set in the first PE. An address and a VXLAN interface IP address set in the second PE.
根据本发明第五方面,提供了一种传输报文的装置,所述装置包括:According to a fifth aspect of the present invention, an apparatus for transmitting a message is provided, the apparatus comprising:
接收单元,用于接收来自源端CE发送的报文,a receiving unit, configured to receive a packet sent by the source CE,
PE确定单元,用于接收所述接收单元发送的报文,根据所述报文,确定所述报文传输的目的PE为第二PE;a PE determining unit, configured to receive a packet sent by the receiving unit, and determine, according to the packet, that the destination PE of the packet is a second PE;
路由选择单元,用于接收所述接收单元发送的报文,根据所述报文中的目的CE的IP地址,从接收到的所述第二PE的路由发布信息中选择与所述目的CE对应的路由发布信息,其中,所述第二PE的路由发布信息是由VPN服务器发送给所述路由选择单元的;a routing unit, configured to receive a packet sent by the receiving unit, and select, according to the IP address of the destination CE in the packet, the received routing information corresponding to the destination CE from the received routing information of the second PE. Route publishing information, wherein the route publishing information of the second PE is sent by the VPN server to the routing unit;
隧道信息获取单元,用于接收所述PE确定单元发送的所述第二PE,从接收到的所述第二PE的VXLAN隧道封装信息中选择与所述目的CE对应的VXLAN隧道封装信息,其中,所述第二PE的VXLAN隧道封装信息是由VPN服务器发送给所述隧道选择单元的;a tunnel information acquiring unit, configured to receive the second PE sent by the PE determining unit, and select VXLAN tunnel encapsulation information corresponding to the destination CE from the received VXLAN tunnel encapsulation information of the second PE, where The VXLAN tunnel encapsulation information of the second PE is sent by the VPN server to the tunnel selection unit;
隧道确定单元,用于接收所述路由选择单元发送的与所述目的CE对应的路由发布信息和接收所述隧道信息获取单元发送的所述VXLAN隧道封装信息,根据与所述目的CE对应的路由发布信息和所述VXLAN隧道封装信息,确定所述第一PE将报文传输给所述第二PE的VXLAN隧道;a tunnel determining unit, configured to receive route advertisement information corresponding to the destination CE and send the VXLAN tunnel encapsulation information sent by the tunnel information acquisition unit, according to a route corresponding to the destination CE Deriving the information and the VXLAN tunnel encapsulation information, and determining that the first PE transmits the packet to the VXLAN tunnel of the second PE;
报文传输单元,用于接收所述隧道确定单元发送的所述VXLAN隧道,将所述报文通过所述VXLAN隧道传输至所述第二PE。And a message transmission unit, configured to receive the VXLAN tunnel sent by the tunnel determining unit, and transmit the packet to the second PE by using the VXLAN tunnel.
结合第五方面,在第一种可能的实现方式中,所述隧道确定单元,具 体用于根据与所述目的CE对应的路由发布信息中的所述第一PE的第一VPN标识和所述第二PE的第二VPN标识,确定所述第一PE将报文传输给所述第二PE的VPN路由转发表,再根据与所述目的CE对应的VXLAN隧道封装信息,确定所述第一PE的IP地址和所述第二PE的IP地址,以及根据所述VPN路由转发表和所述第一PE的IP地址和所述第二PE的IP地址,确定所述第一PE将报文传输给所述第二PE的VXLAN隧道。With reference to the fifth aspect, in a first possible implementation manner, the tunnel determining unit The first PE is configured to transmit the packet to the first PE according to the first VPN identifier of the first PE and the second VPN identifier of the second PE in the route advertisement information corresponding to the destination CE. Determining, by the VPN routing and forwarding table of the second PE, the IP address of the first PE and the IP address of the second PE according to the VXLAN tunnel encapsulation information corresponding to the destination CE, and changing according to the VPN route And the IP address of the first PE and the IP address of the second PE are published, and the first PE is determined to transmit the packet to the VXLAN tunnel of the second PE.
本发明有益效果如下:The beneficial effects of the present invention are as follows:
本发明实施例中,本申请技术方案是VPN服务器接收来自第一PE发布的路由发布信息,并选择所述VPN服务器选择与所述第一PE进行报文传输的第二PE,再根据所述第一VPN标识,选择与所述第一VPN标识匹配的第二VPN标识,并在所述VPN拓扑连接信息中增加作为目的端的VPN标识的所述第二VPN标识,获得修改后的所述路由发布信息,所述VPN服务器将所述VXLAN隧道封装信息和修改后的所述路由发布信息发送给所述第二PE,如此,使得所述第一PE的路由发布信息仅通过所述VPN服务器就可以直接传输到作为目的PE的所述第二PE,从而实现了所述第一PE的路由发布,进而使得缩短了路由发布时间,提高了路由发布的效率。In the embodiment of the present invention, the technical solution of the present application is that the VPN server receives the route advertisement information advertised by the first PE, and selects the VPN server to select the second PE that performs the packet transmission with the first PE, according to the And the first VPN identifier, the second VPN identifier that matches the first VPN identifier is selected, and the second VPN identifier that is the VPN identifier of the destination end is added to the VPN topology connection information, and the modified route is obtained. And the VPN server sends the VXLAN tunnel encapsulation information and the modified routing information to the second PE, so that the route publishing information of the first PE is only used by the VPN server. The second PE is directly transmitted to the destination PE, so that the route advertisement of the first PE is implemented, thereby shortening the route publishing time and improving the efficiency of route advertisement.
附图说明DRAWINGS
图1为本发明实施例中路由信息发布的方法流程图;1 is a flowchart of a method for publishing routing information according to an embodiment of the present invention;
图2为本发明实施例中第一PE进行路由发布的第一种结构图;2 is a first structural diagram of a first PE performing route advertisement according to an embodiment of the present invention;
图3为本发明实施例中第一PE进行由发布的第二种结构图;FIG. 3 is a second structural diagram of a first PE being issued according to an embodiment of the present invention; FIG.
图4为本发明实施例中第一PE进行路由发布的流程图;FIG. 4 is a flowchart of a route advertised by a first PE according to an embodiment of the present invention;
图5为本发明实施例中传输报文的方法流程图;FIG. 5 is a flowchart of a method for transmitting a message according to an embodiment of the present invention;
图6为本发明实施例中路由信息发布的装置的结构图;6 is a structural diagram of an apparatus for issuing routing information according to an embodiment of the present invention;
图7为本发明实施例中VPN服务器的结构图; FIG. 7 is a structural diagram of a VPN server according to an embodiment of the present invention; FIG.
图8为本发明实施例中传输报文的装置的结构图。FIG. 8 is a structural diagram of an apparatus for transmitting a message according to an embodiment of the present invention.
具体实施方式detailed description
针对现有路由发布策略,存在路由发布时间过长,路由发布的工作效果低的技术问题,本发明实施例提出的技术方案中,首先VPN服务器接收来自第一PE发布的路由发布信息,并选择所述VPN服务器选择与所述第一PE进行报文传输的第二服务提供商边缘设备PE,再根据所述第一VPN标识,选择与所述第一VPN标识匹配的第二VPN标识,并在所述VPN拓扑连接信息中增加作为目的端的VPN标识的所述第二VPN标识,获得修改后的所述路由发布信息,所述VPN服务器将所述VXLAN隧道封装信息和修改后的所述路由发布信息发送给所述第二PE,如此,使得所述第一PE的路由发布信息仅通过所述VPN服务器就可以直接传输到作为目的PE的所述第二PE,从而实现了所述第一PE的路由发布,进而使得缩短了路由发布时间,提高了路由发布的效率。In the technical solution proposed by the embodiment of the present invention, the VPN server receives the route advertisement information advertised by the first PE and selects the existing route advertisement policy for the existing route advertisement policy. The VPN server selects a second service provider edge device PE that performs packet transmission with the first PE, and then selects a second VPN identifier that matches the first VPN identifier according to the first VPN identifier, and Adding the second VPN identifier that is the VPN identifier of the destination end to the VPN topology connection information, and obtaining the modified route advertisement information, where the VPN server encapsulates the VXLAN tunnel encapsulation information and the modified route The issuing information is sent to the second PE, so that the route publishing information of the first PE can be directly transmitted to the second PE as the destination PE through the VPN server, thereby implementing the first The route of the PE is advertised, which shortens the route publishing time and improves the efficiency of route advertisement.
下面结合各个附图对本发明实施例技术方案的主要实现原理、具体实施方式及其对应能够达到的有益效果进行详细地阐述。The main implementation principles, specific implementation manners, and the corresponding beneficial effects that can be achieved by the technical solutions of the embodiments of the present invention are described in detail below with reference to the accompanying drawings.
实施例一:Embodiment 1:
本发明实施例一提出了一种路由信息发布的方法,如图1所示,该方法具体处理过程如下:A method for publishing routing information is proposed in the first embodiment of the present invention. As shown in FIG. 1 , the specific processing procedure of the method is as follows:
步骤101:虚拟专用网VPN服务器接收来自第一服务提供商边缘设备PE发布的路由发布信息,其中,所述路由发布信息包括所述第一PE对应的VPN拓扑连接信息,所述VPN拓扑连接信息仅包括源端的VPN标识,所述源端的VPN标识为所述第一PE中的第一VPN标识;Step 101: The virtual private network VPN server receives the route advertisement information advertised by the first service provider edge device PE, where the route advertisement information includes VPN topology connection information corresponding to the first PE, and the VPN topology connection information. The VPN identifier of the source end is included, and the VPN identifier of the source end is the first VPN identifier in the first PE.
步骤102:所述VPN服务器选择作为目的端的第二PE;Step 102: The VPN server selects a second PE as a destination end;
步骤103:所述VPN服务器根据所述第一VPN标识,从所述第二PE 的VPN标识中选择与所述第一VPN标识匹配的第二VPN标识,并在所述VPN拓扑连接信息中增加作为目的端的VPN标识的所述第二VPN标识,获得修改后的所述路由发布信息;Step 103: The VPN server is from the second PE according to the first VPN identifier. The second VPN identifier that matches the first VPN identifier is selected in the VPN identifier, and the second VPN identifier that is the VPN identifier of the destination end is added to the VPN topology connection information, and the modified route is obtained. information;
步骤104:确定所述第二PE将报文传输给所述第一PE的虚拟扩展局域网VXLAN隧道封装信息;Step 104: Determine that the second PE transmits the packet to the virtual extended local area network VXLAN tunnel encapsulation information of the first PE.
步骤105:所述VPN服务器将所述VXLAN隧道封装信息和修改后的所述路由发布信息发送给所述第二PE。Step 105: The VPN server sends the VXLAN tunnel encapsulation information and the modified route advertisement information to the second PE.
其中,在步骤101中,虚拟专用网(Virtual Private Network简称VPN)服务器接收来自第一服务提供商边缘设备(Provider Edge简称PE)发布的路由发布信息,其中,所述路由发布信息包括所述第一PE对应的VPN拓扑连接信息,所述VPN拓扑连接信息仅包括源端的VPN标识,所述源端的VPN标识为所述第一PE中的第一VPN标识。In the step 101, the virtual private network (VPN) server receives the route advertisement information advertised by the Provider Edge (PE), wherein the route advertisement information includes the The VPN topology connection information corresponding to the PE, the VPN topology connection information only includes the VPN identifier of the source end, and the VPN identifier of the source end is the first VPN identifier of the first PE.
其中,所述VPN服务器与多个PE相连,以使得通过所述VPN服务器可以实现一个PE到另一个PE的路由发布,且一个VPN标识与所述源端中的一个VPN路由转发表(VPN Routing and Forwarding table简称VRF)对应,且所述源端为所述第一PE,即表征一个VPN标识与所述第一PE中的一个VRF对应。The VPN server is connected to multiple PEs, so that a route from one PE to another PE can be implemented through the VPN server, and a VPN identifier and a VPN routing forwarding table in the source end (VPN Routing) And the forwarding table corresponds to the VRF, and the source end is the first PE, that is, a VPN identifier is associated with one VRF in the first PE.
在具体实施过程中,所述第一PE可以具有一个或多个VRF,且一个VPN标识对应一个VRF,以使得通过VPN标识就可以确定相应的VRF,所述第一PE对应的VPN拓扑连接信息仅包括源端的VPN标识字段和目的端的VPN标识字段,由于所述VPN服务器接收到的是所述第一PE的路由发布信息,导致所述第一PE对应的VPN拓扑连接信息中的源端的VPN标识字段为所述第一VPN标识,而所述目的端的VPN标识字段为空,如此,使得所述第一PE对应的VPN拓扑连接信息包含所述第一VPN标识,而未包含有所述目的端的VPN标识。In a specific implementation process, the first PE may have one or more VRFs, and one VPN identifier corresponds to one VRF, so that the corresponding VRF may be determined by using the VPN identifier, and the VPN topology connection information corresponding to the first PE is configured. The VPN identifier field of the source end and the VPN identifier field of the destination end are included. The VPN information received by the VPN server is the source VPN of the VPN topology connection information corresponding to the first PE. The identifier field is the first VPN identifier, and the VPN identifier field of the destination end is empty, so that the VPN topology connection information corresponding to the first PE includes the first VPN identifier, but the destination is not included. End of the VPN ID.
其中,所述VPN拓扑连接信息可以用VPN_TOPO_CONNECTOR进 行表示,所述源端的VPN标识可以用Local VPN TAG(简称L-TAG)进行表示,所述目的端的VPN标识可以用Remote VPN TAG(简称R-TAG)进行表示,例如,所述VPN拓扑连接信息具体可以用下述方式进行表示:The VPN topology connection information can be entered by using VPN_TOPO_CONNECTOR. The line indicates that the VPN identifier of the source end can be represented by a Local VPN TAG (L-TAG), and the VPN identifier of the destination end can be represented by a Remote VPN TAG (R-TAG for short), for example, the VPN topology connection. The information can be expressed in the following ways:
VPN_TOPO_CONNECTOR Attribue:VPN_TOPO_CONNECTOR Attribue:
Local VPN TAGLocal VPN TAG
Remote VPN TAG。Remote VPN TAG.
其中,Local VPN TAG和Remote VPN TAG可以用4字节进行表示,也可以用8字节进行表示。The Local VPN TAG and the Remote VPN TAG can be represented by 4 bytes or 8 bytes.
具体来讲,所述PE与用户网络边缘设备(Customer Edge简称CE)直接相连的,所述CE可以是路由器或交换机,也可以是一台主机,当所述PE接收到所述CE的请求时,所述PE才会进行路由发布,如此,使得所述VPN服务器接收来自所述第一PE发布的路由发布信息时,所述路由发布信息包括与所述第一PE连接的用户网络边缘设备CE的IP地址,所述VPN拓扑连接信息和所述第一PE的IP(Internet Protocol全称网络之间互连的协议)地址,且所述第一VPN标识与所述CE对应。Specifically, the PE is directly connected to the customer network edge device (CE), and the CE may be a router or a switch, or may be a host, when the PE receives the request of the CE. The PE will perform route advertisement, so that when the VPN server receives the route advertisement information advertised by the first PE, the route advertisement information includes the user network edge device CE connected to the first PE. The IP address, the VPN topology connection information, and the IP of the first PE (a protocol interconnected by the Internet Protocol), and the first VPN identifier corresponds to the CE.
例如,参见图2,以所述第一PE为PE1为例,PE1分别与CE1和CE2和CE3直接相连,假设CE3为163服务器,为了使得用户能够查找到163服务器,CE3会请求PE1进行路由发布,进而使得VPN服务器接收到PE1的路由发布信息,其中,所述路由发布信息中包含有CE3的IP地址,PE1对应的VPN拓扑连接信息和PE1的IP地址。For example, referring to FIG. 2, the first PE is an example of PE1, and PE1 is directly connected to CE1, CE2, and CE3. Assume that CE3 is a 163 server. In order to enable the user to find 163 servers, CE3 requests PE1 to perform route advertisement. And the VPN server receives the route advertisement information of the PE1, where the route advertisement information includes the IP address of the CE3, the VPN topology connection information corresponding to the PE1, and the IP address of the PE1.
其中,PE1具有VRF1、VRF2和VRF3,且PE1中与VRF1对应的VPN标识为TAG1,与VRF2对应的VPN标识为TAG2,以及与VRF3对应的VPN标识为TAG3,且每一个TAG对应一个或多个CE。PE1 has VRF1, VRF2, and VRF3, and the VPN identifier corresponding to VRF1 in PE1 is TAG1, the VPN identifier corresponding to VRF2 is TAG2, and the VPN identifier corresponding to VRF3 is TAG3, and each TAG corresponds to one or more CE.
例如TAG1与CE3对应,TAG1还可以与CE1和CE2对应,以及TAG1还可以与CE1、CE2和CE3都对应,例如,在TAG1与CE3对应时,若CE3请求PE1进行路由发布时,则可以确定PE1的VPN拓扑连接信息为 Local VPN TAG为TAG1,Remote VPN TAG为空用R-RULL表示,其中,CE3的IP地址为私网IP地址,例如为192.168.1.102,PE1的IP地址为公网IP地址,例如为4.4.4.4时,则PE1的路由发布信息为:For example, TAG1 corresponds to CE3, TAG1 can also correspond to CE1 and CE2, and TAG1 can also correspond to CE1, CE2, and CE3. For example, when TAG1 and CE3 correspond, if CE3 requests PE1 to perform route advertisement, it can determine PE1. VPN topology connection information is The local VPN TAG is TAG1, and the remote VPN TAG is empty. The IP address of the CE3 is the private IP address, for example, 192.168.1.102, and the IP address of the PE1 is the public IP address, for example, 4.4.4.4. The route advertisement information of PE1 is:
VPN_TOPO_CONNECTOR:VPN_TOPO_CONNECTOR:
Local VPN TAG:TAG1;Local VPN TAG: TAG1;
Remote VPN TAG:NULL;Remote VPN TAG: NULL;
NLRI(Network Layer Reachability Information网络层可达信息):192.168.1.102;NLRI (Network Layer Reachability Information): 192.168.1.102;
NHP(Next Hop Prefix下一跳公网地址):4.4.4.4;NHP (Next Hop Prefix next hop public network address): 4.4.4.4;
然后封装成边界网关协议(Border Gateway Protocol简称BGP)报文进行发布。Then, it is encapsulated into a Border Gateway Protocol (BGP) packet for distribution.
其中,VPN_TOPO_CONNECTOR具体为:Local VPN TAG:TAG1;Remote VPN TAG:NULL;还可以用VPNATR(L-TAG1,R-RULL)表示。Among them, VPN_TOPO_CONNECTOR is specifically: Local VPN TAG: TAG1; Remote VPN TAG: NULL; can also be represented by VPNATR (L-TAG1, R-RULL).
当然,在TAG2与CE3对应时,若CE3请求PE1进行路由发布时,则可以确定PE1的VPN拓扑连接信息为VPNATR(L-TAG2,R-RULL)。Certainly, when TAG2 and CE3 correspond, if CE3 requests PE1 to perform route advertisement, it can be determined that the VPN topology connection information of PE1 is VPNATR (L-TAG2, R-RULL).
接下来执行步骤102,在该步骤中,所述VPN服务器选择作为目的端的第二PE。Next, step 102 is performed, in which the VPN server selects the second PE as the destination.
在具体实施过程中,所述VPN服务器中配置有与所述第一PE进行VPN通信的其它PE,以及配置有所述第一PE与所述其它PE的隧道封装信息,如此,使得所述VPN服务器根据所述路由发布信息中的所述第一PE的IP地址,选择作为目的端的所述第二PE,也可以根据所述路由发布信息中的所述第一VPN标识,选择所述第二PE为目的端。In a specific implementation process, the VPN server is configured with another PE that performs VPN communication with the first PE, and configured with tunnel encapsulation information of the first PE and the other PEs, so that the VPN is configured. The server selects the second PE as the destination end according to the IP address of the first PE in the route advertisement information, and may select the second VPN according to the first VPN identifier in the route advertisement information. PE is the destination.
例如,参见图2,由于PE1与PE2之间可以通过VPN进行报文传输,VPN服务器会将PE2和PE1进行关联,使得VPN服务器接收到PE1发送的路由发布信息时,根据所述路由发布信息中的PE1的IP地址,选择PE2 为目的端。For example, as shown in Figure 2, the PE server can communicate with the PE2 through the VPN. The VPN server associates the PE2 with the PE1. When the VPN server receives the route advertisement information sent by the PE1, the VPN server posts the information according to the route. IP address of PE1, select PE2 For the purpose.
又例如,参见图3,PE1还可以与PE3之间通过VPN报文传输,VPN服务器在将PE2和PE1进行关联的同时,还会将PE3和PE1进行关联,使得VPN服务器接收到PE1发送的路由发布信息时,根据所述路由发布信息中的PE1的IP地址,可以确定与PE1进行报文传输的所述第二PE为PE2还是PE3。For example, as shown in FIG. 3, the PE1 can also be transmitted through the VPN packet with the PE3. The VPN server associates the PE2 and the PE1, and also associates the PE3 with the PE1, so that the VPN server receives the route sent by the PE1. When the information is published, the second PE that performs packet transmission with the PE1 is determined to be PE2 or PE3 according to the IP address of the PE1 in the routing information.
还例如,参见图2,PE2具有VRF4和VRF5,与VRF4对应的VPN标识为TAG4,与VRF5对应的VPN标识为TAG5,且TAG4与TAG1相对应,通过VRF4和VRF1可以确定PE2到PE1的VRF,以及TAG5与TAG2相对应,通过VRF5和VRF2也可以确定PE2到PE1的VRF,如此,导致VPN服务器将PE1与PE2进行关联,TAG5与TAG2相对应,以及TAG4与TAG1相对应,由于PE1的路由发布信息中的VPN标识为TAG1,由于VPN服务器中的TAG1与TAG4相对应,且TAG4属于PE2,则可以确定所述第二PE为PE2。For example, referring to FIG. 2, PE2 has VRF4 and VRF5, the VPN identifier corresponding to VRF4 is TAG4, the VPN identifier corresponding to VRF5 is TAG5, and TAG4 corresponds to TAG1, and VRF of PE2 to PE1 can be determined through VRF4 and VRF1. And TAG5 corresponds to TAG2. VRF5 and VRF2 can also be used to determine the VRF of PE2 to PE1. As a result, the VPN server associates PE1 with PE2, TAG5 corresponds to TAG2, and TAG4 corresponds to TAG1. The VPN identifier in the message is TAG1. Since the TAG1 in the VPN server corresponds to the TAG4, and the TAG4 belongs to the PE2, the second PE may be determined to be the PE2.
接下来执行步骤103,在该步骤中,所述VPN服务器根据所述第一VPN标识,从所述第二PE的VPN标识中选择与所述第一VPN标识匹配的第二VPN标识,并在所述VPN拓扑连接信息中增加作为目的端的VPN标识的所述第二VPN标识,获得修改后的所述路由发布信息。Next, step 103 is performed, in which the VPN server selects a second VPN identifier matching the first VPN identifier from the VPN identifiers of the second PE according to the first VPN identifier, and The second VPN identifier that is the VPN identifier of the destination end is added to the VPN topology connection information, and the modified route advertisement information is obtained.
在具体实施过程中,所述VPN服务器在配置所述第一PE和所述其它PE的过程中,还配置所述第一PE的VPN标识与所述其它PE的VPN标识的对应关系,从而获得并保存所述第一PE与所述其它PE之间的TAG对应关系,如此,使得所述VPN服务器能够根据所述第一VPN标识,从所述VPN中的TAG对应关系中选择与所述第一VPN标识匹配的所述第二VPN标识,所述TAG对应关系包括所述第一PE中的VPN标识与所述第二PE中的VPN标识的对应关系。In a specific implementation process, the VPN server further configures a correspondence between the VPN identifier of the first PE and the VPN identifier of the other PEs in the process of configuring the first PE and the other PEs. And storing the TAG correspondence between the first PE and the other PEs, so that the VPN server can select, according to the first VPN identifier, the TAG correspondence relationship in the VPN. The second VPN identifier matched by the VPN identifier, the TAG correspondence includes a correspondence between the VPN identifier in the first PE and the VPN identifier in the second PE.
例如,参见图3,PE2具有VRF4和VRF5,与VRF4对应的VPN标 识为TAG4,与VRF5对应的VPN标识为TAG5,且TAG4与TAG1相对应,通过VRF4和VRF1可以确定PE2到PE1的VRF,以及TAG5与TAG2相对应,通过VRF5和VRF2也可以确定PE2到PE1的VRF,如此,导致VPN服务器将PE1与PE2进行关联,TAG5与TAG2相对应,以及TAG4与TAG1相对应,具体可以表示为:{vPE1:TAG1,vPE2:TAG4},{vPE1:TAG2,vPE2:TAG5}。For example, referring to Figure 3, PE2 has VRF4 and VRF5, and the VPN label corresponding to VRF4. Known as TAG4, the VPN identifier corresponding to VRF5 is TAG5, and TAG4 corresponds to TAG1. VRF4 and VRF1 can be used to determine the VRF of PE2 to PE1, and TAG5 corresponds to TAG2. PE2 to V1 can also be determined by VRF5 and VRF2. VRF, in this way, causes the VPN server to associate PE1 with PE2, TAG5 corresponds to TAG2, and TAG4 corresponds to TAG1, which can be expressed as: {vPE1: TAG1, vPE2: TAG4}, {vPE1: TAG2, vPE2: TAG5 }.
其中,PE3具有VRF6和VRF7,与VRF6对应的VPN标识为TAG6,与VRF7对应的VPN标识为TAG7,且TAG6与TAG2相对应,通过VRF6和VRF2可以确定PE3到PE1的VRF,以及TAG7与TAG3相对应,通过VRF7和VRF3也可以确定PE3到PE1的VRF,如此,导致VPN服务器中将PE1与PE3进行关联,TAG6与TAG2相对应,以及TAG7与TAG3相对应,具体可以表示为:{vPE1:TAG2,vPE3:TAG6},{vPE1:TAG3,vPE3:TAG7}。PE3 has VRF6 and VRF7, the VPN identifier corresponding to VRF6 is TAG6, and the VPN identifier corresponding to VRF7 is TAG7, and TAG6 corresponds to TAG2. VRF6 and VRF2 can determine the VRF of PE3 to PE1, and TAG7 and TAG3 Correspondingly, the VRF of PE3 to PE1 can also be determined by VRF7 and VRF3. In this way, PE1 is associated with PE3 in the VPN server, TAG6 corresponds to TAG2, and TAG7 corresponds to TAG3, which can be expressed as: {vPE1:TAG2 , vPE3: TAG6}, {vPE1: TAG3, vPE3: TAG7}.
进一步的,由于CE3请求PE1进行路由发布时选择的VRF为VRF1,导致PE1的路由发布信息为{NLRI:192.168.1.102,VPNATR(L-TAG1,R-RULL),NHP:4.4.4.4},这时,由于所述第一TAG为TAG1,根据VPN服务器中的配置{vPE1:TAG1,vPE2:TAG4},{vPE1:TAG2,vPE2:TAG5},{vPE1:TAG2,vPE3:TAG6}和{vPE1:TAG3,vPE3:TAG7},则可以确定所述第二TAG为TAG4,则将VPNATR(L-TAG1,R-RULL)修改为VPNATR(L-TAG1,R-TAG4)。Further, since the VRF selected by the CE3 to request the PE1 to perform the route advertisement is VRF1, the route advertisement information of the PE1 is {NLRI: 192.168.1.102, VPNATR (L-TAG1, R-RULL), NHP: 4.4.4.4}, which When the first TAG is TAG1, according to the configuration in the VPN server {vPE1: TAG1, vPE2: TAG4}, {vPE1: TAG2, vPE2: TAG5}, {vPE1: TAG2, vPE3: TAG6}, and {vPE1: TAG3, vPE3: TAG7}, it can be determined that the second TAG is TAG4, and the VPNATR (L-TAG1, R-RULL) is modified to VPNATR (L-TAG1, R-TAG4).
接下来执行步骤104,在该步骤中,所述VPN服务器根据所述第一VPN标识和所述第二VPN标识,确定所述第二PE将报文传输给所述第一PE的虚拟扩展局域网VXLAN隧道封装信息。Next, step 104 is performed, in which the VPN server determines, according to the first VPN identifier and the second VPN identifier, that the second PE transmits the packet to the virtual extended local area network of the first PE. VXLAN tunnel encapsulation information.
在具体实施过程中,由于所述VPN服务器配置有所述第一PE与所述其它PE的隧道封装信息,进而能够根据所述第一VPN标识和所述第二VPN标识,确定所述第二PE将报文传输给所述第一PE的VXLAN隧道 封装信息。In a specific implementation process, the VPN server is configured with the tunnel encapsulation information of the first PE and the other PEs, and the second VPN identifier and the second VPN identifier are determined according to the first VPN identifier and the second VPN identifier. The PE transmits the packet to the VXLAN tunnel of the first PE. Package information.
其中,所述VXLAN隧道封装信息包括设置在所述第一PE中的VXLAN接口IP地址和设置在所述第二PE中VXLAN接口IP地址,以使得报文的入口指向所述第二PE中VXLAN接口IP地址,报文的出口指向所述第一PE中的VXLAN接口IP地址,进而使得报文通过所述第一PE和所述第二PE之间的VXLAN隧道进行传输。The VXLAN tunnel encapsulation information includes a VXLAN interface IP address set in the first PE and a VXLAN interface IP address set in the second PE, so that an entry of the packet points to the VXLAN in the second PE. The IP address of the interface, the egress of the packet is directed to the IP address of the VXLAN interface in the first PE, and the packet is transmitted through the VXLAN tunnel between the first PE and the second PE.
具体来讲,所述VPN服务器配置所述第一PE与所述其它PE的隧道封装信息时,可以配置为虚拟网络实例(Virtual Network Instance简称vni),根据所述vni,就可以确定所述隧道封装信息。Specifically, when the VPN server configures the tunnel encapsulation information of the first PE and the other PEs, the virtual network instance (virtual network instance is referred to as vni), and the tunnel can be determined according to the vni. Package information.
例如,参见图2,VPN服务器中配置有{vPE1:TAG1,vPE2:TAG4}及其对应的vni为vni1,vni1包括与TAG1对应的虚拟扩展局域网接口(Virtual Extensible Local Area Network interface简称vxlanif),以及虚拟扩展局域网(Virtual Extensible Local Area Network简称VXLAN)中的与TAG1对应的IP地址,以及与TAG4对应的vxlanif,以及VXLAN中的与TAG4对应的IP地址,具体可以用下述方式表示:For example, referring to FIG. 2, the VPN server is configured with {vPE1: TAG1, vPE2: TAG4} and its corresponding vni is vni1, and vni1 includes a virtual extended local area network interface (vxlanif) corresponding to TAG1, and The IP address corresponding to TAG1 in the Virtual Extensible Local Area Network (VXLAN), the vxlanif corresponding to TAG4, and the IP address corresponding to TAG4 in VXLAN can be expressed in the following manner:
Figure PCTCN2014086350-appb-000001
Figure PCTCN2014086350-appb-000001
其中,vxlanif1表示与TAG1对应的vxlanif,vxlanif4表示与TAG4对应的vxlanif,进一步的,uip是Underlying network IP的简写,uip1表示VXLAN中的与TAG1对应的IP地址,uip4表示VXLAN中的与TAG4对应的IP地址。 Where vxlanif1 represents vxlanif corresponding to TAG1, vxlanif4 represents vxlanif corresponding to TAG4, further, uip is a shorthand for Underlying network IP, uip1 represents an IP address corresponding to TAG1 in VXLAN, and uip4 represents a corresponding to TAG4 in VXLAN IP address.
同理,VPN服务器中配置有{vPE1:TAG2,vPE2:TAG5}及其对应的vni为vni2,具体可以用下述方式表示:Similarly, the VPN server is configured with {vPE1: TAG2, vPE2: TAG5} and its corresponding vni is vni2, which can be expressed in the following manner:
Figure PCTCN2014086350-appb-000002
Figure PCTCN2014086350-appb-000002
VPN服务器根据CE3的请求确定的所述第二VPN标识为TAG4,根据TAG1和TAG4,确定与TAG1和TAG4匹配的vni为vni1,则可以确定所述VXLAN的隧道封装信息为:The second VPN identifier determined by the VPN server according to the request of the CE3 is TAG4, and according to the TAG1 and the TAG4, determining that the vni matching the TAG1 and the TAG4 is vni1, the tunnel encapsulation information of the VXLAN may be determined as:
Figure PCTCN2014086350-appb-000003
Figure PCTCN2014086350-appb-000003
接下来执行步骤105,在该步骤中,所述VPN服务器将所述VXLAN隧道封装信息和修改后的所述路由发布信息发送给所述第二PE。Next, step 105 is performed, in which the VPN server sends the VXLAN tunnel encapsulation information and the modified route advertisement information to the second PE.
在具体实施过程中,将所述VXLAN隧道封装信息和修改后的所述路由发布信息发送给所述第二PE,以使得所述第二PE根据R-VPN标识,查找到与所述R-VPN标识对应的VRF,再根据所述VXLAN隧道封装信息,生成报文从所述第二PE到所述第一PE的VXLAN隧道,然后将所述第二PE接收到的报文通过所述VXLAN隧道传输至所述第一PE。In the specific implementation process, the VXLAN tunnel encapsulation information and the modified route advertisement information are sent to the second PE, so that the second PE finds the R- according to the R-VPN identifier. And the VXLAN tunnel corresponding to the VPN identifier, and then generating a packet from the second PE to the VXLAN tunnel of the first PE according to the VXLAN tunnel encapsulation information, and then passing the packet received by the second PE to the VXLAN. The tunnel is transmitted to the first PE.
例如,参见图4,在CE3的私网IP地址为192.168.1.102,且请求PE1 进行路由发布时,PE1生成了路由发布信息,所述路由发布信息为:{NLRI:192.168.1.102,VPNATR:(L_TAG1,NULL),NHP:4.4.4.4},这时,执行步骤401,PE1发布路由给VPN服务器,将{NLRI:192.168.1.102,VPNATR:(L_TAG1,NULL),NHP:4.4.4.4}封装成BGP报文1,所述BGP报文1简称BGP1。For example, referring to Figure 4, the private network IP address of CE3 is 192.168.1.102, and PE1 is requested. When the route is advertised, PE1 generates route advertisement information. The route advertisement information is: {NLRI: 192.168.1.102, VPNATR: (L_TAG1, NULL), NHP: 4.4.4.4}. At this time, step 401 is executed, and PE1 is released. Routed to the VPN server, the {NLRI: 192.168.1.102, VPNATR: (L_TAG1, NULL), NHP: 4.4.4.4} is encapsulated into BGP message 1, the BGP message 1 is referred to as BGP1.
接下来执行步骤402,PE1发送BGP1,以使得VPN服务器接收到BGP1。Next, in step 402, PE1 sends BGP1 to enable the VPN server to receive BGP1.
接下来执行步骤403,VPN服务器接收PE1发布的BGP1,根据VPN服务器中的配置,获得修改后的路由发布信息和VXLAN隧道信息为:{NLRI:192.168.1.102,VPN ATR:(L_TAG1,R_TAG4),VXLANATR:(vni1,uip1,uip4),NHP:4.4.4.4},并将{NLRI:192.168.1.102,VPNATR:(L_TAG1,R_TAG4),VXLAN ATR:(vni1,uip1,uip4),NHP:4.4.4.4}封装成BGP报文2,所述BGP报文2简称BGP2。Next, in step 403, the VPN server receives the BGP1 advertised by the PE1, and obtains the modified route advertisement information and the VXLAN tunnel information according to the configuration in the VPN server: {NLRI: 192.168.1.102, VPN ATR: (L_TAG1, R_TAG4), VXLANATR: (vni1, uip1, uip4), NHP: 4.4.4.4}, and {NLRI: 192.168.1.102, VPNATR: (L_TAG1, R_TAG4), VXLAN ATR: (vni1, uip1, uip4), NHP: 4.4.4.4 } encapsulated into BGP packet 2, which is referred to as BGP2.
接下来执行步骤404,VPN服务器发送BGP2给PE2,以使得PE2接收到BGP2。Next, in step 404, the VPN server sends BGP2 to PE2, so that PE2 receives BGP2.
接下来执行步骤405,PE2接收到VPN服务器发送的BGP2,根据R-TAG标记匹配本地对应的VRF,根据携带的uip4地址和uip1,查找到vxlanif1和vxlanif4,将报文的入口vxlanif1,将报文的出口指向vxlanif4,并生成关联PEI和PE2的vxlan隧道表,进而形成vxlan隧道,以使得PE2接收到与PE2连接的CE发送的报文通过所述vxlan隧道传输至PE1。Next, in step 405, PE2 receives the BGP2 sent by the VPN server, matches the local VRF according to the R-TAG flag, finds vxlanif1 and vxlanif4 according to the carried uip4 address and uip1, and sets the packet vxlanif1 to the packet. The egress exits the vxlanif4 and generates a vxlan tunnel table associated with the PEI and the PE2 to form a vxlan tunnel, so that the packet sent by the CE that is connected to the PE2 is transmitted to the PE1 through the vxlan tunnel.
参见图3,由于现有技术中PE1进行路由发布时,PE1的路由发布信息首先会发布给AS1和AS3,AS1将PE1的路由发布信息再发给路由器A1,路由器A1再将PE1的路由发布信息再发给路由器A2,路由器A2将PE1的路由发布信息再发给AS2,然后AS2将PE1的路由发布信息再发布给PE2,并且AS3将PE1的路由发布信息再发给路由器A3,路由器A3再将PE1的路由发布信息再发给路由器A4,路由器A4将PE1的路由 发布信息再发给AS4,然后AS4将PE1的路由发布信息再发布给PE3,当PE2和PE3均接收到PE1的路由发布信息时,使得PE1的完成了路由发布。As shown in Figure 3, the route advertisement information of PE1 is advertised to AS1 and AS3. The AS1 sends the route advertisement information of PE1 to Router A1. Router A1 then advertises the route of PE1. It is sent to the router A2, and the router A2 sends the route advertisement information of the PE1 to the AS2. Then, the AS2 advertises the route advertisement information of the PE1 to the PE2, and the AS3 sends the route advertisement information of the PE1 to the router A3. The route advertisement information of PE1 is sent to router A4, and router A4 routes PE1. The information is sent to the AS4, and then the AS4 advertises the route advertisement information of the PE1 to the PE3. When both the PE2 and the PE3 receive the route advertisement information of the PE1, the PE1 completes the route advertisement.
其中,AS为Autonomous System的简写,中文名称为自治系统。Among them, AS is short for Autonomous System, and Chinese name is autonomous system.
本申请实施例中PE1的路由发布信息直接传输给VPN服务器,VPN服务器根据PE1的路由发布信息,确定目的PE为PE2,添加目的端的TAG,获得修改后的PE1的路由发布信息,并根据与PE1的TAG匹配的PE2的TAG,确定VXLAN隧道封装信息,将修改后的PE1路由发布信息和所述VXLAN隧道封装信息发送给PE2,进而完成PE1的路由发布,而现有技术中的路由发布需要逐一进行路由转发,且在不同的AS之间进行路由转发时,还需要通过跨域技术来实现路由转发,导致现有技术在进行路由转发时,路由转发的次数较多,而且在不同的AS之间进行路由转发时,还需要通过跨域技术来实现路由转发,使得路由发布的时间较长,路由发布的效率也低的技术问题,而本申请使得本申请仅需通过VPN服务器就可以完成路由发布,仅需通过一次路由转发就完成了路由发布,且无需通过跨域技术来实现路由转发,进而能够缩短路由发布的时间,提高路由发布的效率。In the embodiment of the present application, the route advertisement information of the PE1 is directly transmitted to the VPN server, and the VPN server determines the destination PE as the PE2 according to the route advertisement information of the PE1, adds the TAG of the destination end, and obtains the modified route information of the PE1, and according to the PE1. TAG matches the TAG of the PE2, determines the VXLAN tunnel encapsulation information, and sends the modified PE1 route advertisement information and the VXLAN tunnel encapsulation information to the PE2, thereby completing the route advertisement of the PE1, and the route advertisement in the prior art needs to be one by one. When routing and forwarding are performed, and route forwarding is performed between different ASs, the cross-domain technology is required to implement route forwarding. As a result, the number of routes is forwarded more frequently in the prior art, and in different ASs. When the route is forwarded, the route forwarding is required to be implemented, and the route is advertised for a long time, and the efficiency of the route is also low. However, this application allows the application to complete the route only through the VPN server. Publish, routing is completed only by one route forwarding, and there is no need to implement the road through cross-domain technology. By forwarding, the time of route advertisement can be shortened, and the efficiency of route advertisement is improved.
实施例二:Embodiment 2:
基于与上述方法相同的技术构思,本发明实施例二提出了一种传输报文的方法,如图5所示,该方法具体处理过程如下:Based on the same technical concept as the above method, the second embodiment of the present invention provides a method for transmitting a message. As shown in FIG. 5, the specific processing procedure of the method is as follows:
步骤501:第一PE接收来自源端CE发送的报文,并根据所述源端CE发送的报文,确定所述报文传输的目的PE为第二PE;Step 501: The first PE receives the packet sent by the source CE, and determines, according to the packet sent by the source CE, that the destination PE of the packet is the second PE.
步骤502:所述第一PE根据所述报文中的目的CE的IP地址,从接收到的所述第二PE的路由发布信息中选择与所述目的CE对应的路由发布信息,以及从接收到的所述第二PE的VXLAN隧道封装信息中选择与所述目的CE对应的VXLAN隧道封装信息,其中,所述第二PE的路由 发布信息和VXLAN隧道封装信息是由VPN服务器发送给所述第一PE的;Step 502: The first PE selects route advertisement information corresponding to the destination CE from the received route advertisement information of the second PE according to the IP address of the destination CE in the packet, and receives the route Selecting, by the VXLAN tunnel encapsulation information of the second PE, VXLAN tunnel encapsulation information corresponding to the destination CE, where the route of the second PE is The publishing information and the VXLAN tunnel encapsulation information are sent by the VPN server to the first PE;
步骤503:所述第一PE根据与所述目的CE对应的路由发布信息和VXLAN隧道封装信息,确定所述第一PE将报文传输给所述第二PE的VXLAN隧道;Step 503: The first PE determines, according to the route advertisement information and the VXLAN tunnel encapsulation information corresponding to the destination CE, that the first PE transmits the packet to the VXLAN tunnel of the second PE.
步骤504:所述第一PE将所述报文通过所述VXLAN隧道传输至所述第二PE。Step 504: The first PE transmits the packet to the second PE by using the VXLAN tunnel.
其中,在步骤501中,第一PE接收来自源端CE发送的报文,并根据所述源端CE发送的报文,确定所述报文传输的目的PE为第二PE,其中,所述源端CE与所述第一PE相连。In the step 501, the first PE receives the packet sent by the source CE, and determines, according to the packet sent by the source CE, that the destination PE of the packet is the second PE, where the The source CE is connected to the first PE.
在具体实施过程中,首先所述第一PE会接收到VPN服务器发送的路由发布信息和VXLAN隧道封装信息,在所述第一PE接收到所述源端CE发送的报文时,由于所述报文中具有目的CE的IP地址,则可以根据所述目的CE的IP地址,可以从接收到的VPN服务器发送的路由发布信息确定与所述目的CE直接连接的所述第二PE,所述第二PE为所述目的PE。In a specific implementation process, the first PE receives the route advertisement information and the VXLAN tunnel encapsulation information sent by the VPN server, and when the first PE receives the packet sent by the source CE, The packet has the IP address of the destination CE, and the second PE directly connected to the destination CE may be determined according to the route advertisement information sent by the received VPN server according to the IP address of the destination CE. The second PE is the target PE.
例如,参见图2,以PE2为所述第一PE为例,PE2首先会接收到VPN服务器发送的PE1的路由发布信息和隧道封装信息,所述PE1的路由发布信息以及隧道封装信息可以包含CE1,CE2和CE3对应的路由发布信息及其对应隧道封装信息,然后在PE2接收到所述源端CE发送的报文时,能够获取所述报文中的目的CE的IP地址,若所述目的CE的IP为CE3的IP地址,根据接收到的PE1的路由发布信息,则可以确定所述目的PE为PE1。For example, referring to FIG. 2, taking PE2 as the first PE, the PE2 firstly receives the route advertisement information and the tunnel encapsulation information of the PE1 sent by the VPN server, and the route advertisement information and the tunnel encapsulation information of the PE1 may include the CE1. And the route advertisement information corresponding to the CE2 and the CE3 and the corresponding tunnel encapsulation information, and then, when the PE2 receives the packet sent by the source CE, the IP address of the destination CE in the packet is obtained, if the destination is The IP address of the CE is the IP address of the CE3. According to the received route advertisement information of the PE1, the destination PE is determined to be PE1.
接下来执行步骤502,在该步骤中,所述第一PE根据所述报文中的目的CE的IP地址,从接收到的所述第二PE的路由发布信息中选择与所述目的CE对应的路由发布信息,以及从接收到的所述第二PE的VXLAN隧道封装信息中选择与所述目的CE对应的VXLAN隧道封装信息,其中,所述第二PE的路由发布信息和VXLAN隧道封装信息是由VPN服务器发送给所述第 一PE的。Next, step 502 is performed, in which the first PE selects a destination corresponding to the destination CE from the received route advertisement information of the second PE according to the IP address of the destination CE in the packet. The route issuance information, and the VXLAN tunnel encapsulation information corresponding to the destination CE is selected from the received VXLAN tunnel encapsulation information of the second PE, where the route advertisement information and the VXLAN tunnel encapsulation information of the second PE are Is sent by the VPN server to the first A PE.
在具体实施过程中,由于所述第二PE在进行路由发布时,会将请求所述第二PE进行路由发布的CE的IP地址写入所述第二PE的路由发布信息中,从而使得所述第一PE在通过步骤501确定所述第二PE之后,能够从所述第二PE的路由发布信息和VXLAN隧道封装信息中选择与所述目的CE对应的路由发布信息和VXLAN隧道封装信息。In a specific implementation process, the IP address of the CE that requests the second PE to perform the route advertisement is written into the route advertisement information of the second PE, After determining the second PE in step 501, the first PE can select route advertisement information and VXLAN tunnel encapsulation information corresponding to the destination CE from the route advertisement information and the VXLAN tunnel encapsulation information of the second PE.
例如,参见图2,以PE2为所述第一PE为例,在CE3请求PE1进行的路由发布信息之后,使得PE2接收到VPN服务器发送的路由发布信息和VXLAN隧道信息包括:{NLRI:192.168.1.102,VPN ATR:(L_TAG1,R_TAG4),VXLAN ATR:(vni1,uip1,uip4),NHP:4.4.4.4},以及若CE2的IP地址为192.168.1.95,且请求了PE1进行的路由发布信息之后,使得PE2接收到VPN服务器发送的路由发布信息和VXLAN隧道信息包括:{NLRI:192.168.1.95,VPN ATR:(L_TAG2,R_TAG5),VXLAN ATR:(vni2,uip2,uip5),NHP:4.4.4.4}。For example, referring to FIG. 2, taking PE2 as the first PE, after the CE3 requests the route advertisement information of the PE1, the PE2 receives the route advertisement information and the VXLAN tunnel information sent by the VPN server, including: {NLRI: 192.168. 1.102, VPN ATR: (L_TAG1, R_TAG4), VXLAN ATR: (vni1, uip1, uip4), NHP: 4.4.4.4}, and if the IP address of CE2 is 192.168.1.95, and the routing information issued by PE1 is requested The routing information and VXLAN tunnel information sent by the PE2 to the VPN server include: {NLRI: 192.168.1.95, VPN ATR: (L_TAG2, R_TAG5), VXLAN ATR: (vni2, uip2, uip5), NHP: 4.4.4.4 }.
其中,在PE2接收到源端CE的报文时,若所述报文的目的CE的IP地址为192.168.1.102,则可以确定所述第二PE为PE1以及所述目的CE为CE3,然后从PE2接收到VPN服务器发送的PE1的路由发布信息和VXLAN隧道信息中确定与CE3对应的路由发布信息和VXLAN隧道信息为{NLRI:192.168.1.102,VPN ATR:(L_TAG1,R_TAG4),VXLAN ATR:(vni1,uip1,uip4),NHP:4.4.4.4}。If the IP address of the destination CE of the packet is 192.168.1.102, the second PE is determined to be PE1 and the destination CE is CE3, and then the packet is received from the source CE. The PE2 receives the route advertisement information of the PE1 and the VXLAN tunnel information that is determined by the VPN server to determine the route advertisement information and the VXLAN tunnel information corresponding to the CE3. {NLRI: 192.168.1.102, VPN ATR: (L_TAG1, R_TAG4), VXLAN ATR: ( Vni1, uip1, uip4), NHP: 4.4.4.4}.
接下来执行步骤503,在该步骤中,所述第一PE根据与所述目的CE对应的路由发布信息和VXLAN隧道封装信息,确定所述第一PE将报文传输给所述第二PE的VXLAN隧道。Next, step 503 is performed, in which the first PE determines, according to the route advertisement information and the VXLAN tunnel encapsulation information corresponding to the destination CE, that the first PE transmits the packet to the second PE. VXLAN tunnel.
在具体实施过程中,所述第一PE根据与所述目的CE对应的路由发布信息中的R-VPN标识,查找到与所述R-VPN标识对应的VRF,再根据所述VXLAN隧道封装信息,确定所述第一PE将报文传输给所述第二PE的 VXLAN隧道,然后将所述第一PE接收到的报文通过所述VXLAN隧道传输至所述第二PE。In a specific implementation process, the first PE searches for the VRF corresponding to the R-VPN identifier according to the R-VPN identifier in the route advertisement information corresponding to the destination CE, and then encapsulates the information according to the VXLAN tunnel. Determining that the first PE transmits the packet to the second PE And transmitting, by the VXLAN tunnel, the packet received by the first PE to the second PE by using the VXLAN tunnel.
具体来讲,所述第一PE根据与所述目的CE对应的路由发布信息中的所述第一PE的第一VPN标识和所述第二PE的第二VPN标识,确定所述第一PE将报文传输给所述第二PE的VPN路由转发表;所述第一PE根据与所述目的CE对应的VXLAN隧道封装信息,确定所述第一PE的IP地址和所述第二PE的IP地址;所述第一PE根据所述VPN路由转发表和所述第一PE的IP地址和所述第二PE的IP地址,确定所述第一PE将报文传输给所述第二PE的VXLAN隧道。Specifically, the first PE determines the first PE according to the first VPN identifier of the first PE and the second VPN identifier of the second PE in the route advertisement information corresponding to the destination CE. Transmitting the packet to the VPN routing forwarding table of the second PE; the first PE determines the IP address of the first PE and the second PE according to the VXLAN tunnel encapsulation information corresponding to the destination CE The first PE determines that the first PE transmits the packet to the second PE according to the VPN routing forwarding table, the IP address of the first PE, and the IP address of the second PE. VXLAN tunnel.
例如,参见图2,PE2接收到CE的报文,所述报文的目的CE的IP地址为192.168.1.102,则可以确定所述第二PE为PE1以及所述目的CE为CE3,然后从PE2接收到VPN服务器发送的PE1的路由发布信息和VXLAN隧道信息中确定与CE3对应的路由发布信息和VXLAN隧道信息为{NLRI:192.168.1.102,VPN ATR:(L_TAG1,R_TAG4),VXLANATR:(vni1,uip1,uip4),NHP:4.4.4.4},根据R-TAG4,从PE2中的VRF中确定与TAG4对应的VRF4,以及根据TAG1对应的VRF1,根据VRF4和VRF1,可以确定PE2到PE1的VRF,再根据VXLAN隧道信息中携带的uip4地址和uip1,查找到vxlanif1和vxlanif4,将报文的入口vxlanif1,将报文的出口指向vxlanif4,然后生成关联PEI和PE2的VXLAN隧道表,进而获得VXLAN隧道,以使得PE2接收到所述源端CE发送的报文通过所述VXLAN隧道传输至PE1。For example, referring to FIG. 2, PE2 receives the packet of the CE, and the IP address of the destination CE of the packet is 192.168.1.102, and the second PE is determined to be PE1 and the destination CE is CE3, and then the PE2 is obtained. The route advertisement information and the VXLAN tunnel information corresponding to the CE3 determined by the route advertisement information and the VXLAN tunnel information of the PE1 sent by the VPN server are {NLRI: 192.168.1.102, VPN ATR: (L_TAG1, R_TAG4), VXLANATR: (vni1, Uip1, uip4), NHP: 4.4.4.4}, according to R-TAG4, determine the VRF4 corresponding to TAG4 from the VRF in PE2, and according to VRF1 corresponding to TAG1, according to VRF4 and VRF1, the VRF of PE2 to PE1 can be determined. Then, according to the uip4 address and uip1 carried in the VXLAN tunnel information, vxlanif1 and vxlanif4 are found, and the entry vxlanif1 of the packet is directed to the vxlanif4, and then the VXLAN tunnel table of the associated PEI and PE2 is generated, thereby obtaining the VXLAN tunnel. The packet sent by the source CE to the PE2 is transmitted to the PE1 through the VXLAN tunnel.
接下来执行步骤504,在该步骤中,所述第一PE将所述报文通过所述VXLAN隧道传输至所述第二PE。Next, step 504 is performed, in which the first PE transmits the message to the second PE through the VXLAN tunnel.
在具体实施过程中,在通过步骤503获取到所述VXLAN隧道之后,所述第一PE将接收到的所述源端CE的报文通过所述VXLAN隧道传输至所述第二PE,以使得所述第二PE根据所述报文中的目的IP地址,将所述报文 传输给目的CE。In a specific implementation, after the VXLAN tunnel is obtained through the step 503, the first PE transmits the received packet of the source CE to the second PE through the VXLAN tunnel, so that The second PE sends the packet according to the destination IP address in the packet. Transfer to the destination CE.
例如,参见图2,PE2接收到CE发送的报文通过所述VXLAN隧道传输至PE1,PE1将去除与所述VXLAN隧道的封装信息,读取所述报文中的目的IP地址为192.168.1.102,则PE1根据所述目的IP地址,查找到与192.168.1.102对应的CE为CE3,则将所述报文传输至CE3。For example, referring to FIG. 2, the PE2 receives the packet sent by the CE and transmits the packet to the PE1 through the VXLAN tunnel. The PE1 removes the encapsulation information from the VXLAN tunnel and reads the destination IP address in the packet as 192.168.1.102. Then, PE1 finds that the CE corresponding to 192.168.1.102 is CE3 according to the destination IP address, and then the packet is transmitted to CE3.
由于现有技术中在构建VPN时通常是采用MPLS技术来实现的,简称为MPLS/VPN,但是现有的MPLS/VPN需要部署标签分发协议(LabelDistribution Protocol简称LDP)作为隧道,再部署BGP多协议扩展(Multiprotocol Extensions for BGP简称MP-BGP)传播VPN路由,以及进行分布式配置,每增加一个PE/VPN需要调整其他各个PE的配置,由于MPLS/VPN通过需要通过不同的AS,导致还需要部署各种跨域技术,而且在一个新地区增加VPN服务,则还需要在网络部署MPLS,保证MPLS连通性,导致现有技术的VPN业务拓展性能差,需要进行跨域配置的技术问题。In the prior art, the MPLS technology is generally used to construct the VPN, which is referred to as MPLS/VPN. However, the existing MPLS/VPN needs to deploy the Label Distribution Protocol (LDP) as a tunnel, and then deploy the BGP multi-protocol. Multiprotocol Extensions for BGP (MP-BGP) propagates VPN routes and performs distributed configuration. Each additional PE/VPN needs to adjust the configuration of other PEs. Because MPLS/VPN passes through different ASs, it needs to be deployed. A variety of inter-domain technologies, and the addition of VPN services in a new area, also requires MPLS to be deployed on the network to ensure MPLS connectivity. As a result, the VPN service performance of the prior art is poor, and technical problems of cross-domain configuration are required.
而本申请实施例在VPN服务器进行路由转发的基础上,源端PE在接收到VPN服务器的路由发布信息和VXLAN隧道信息之后,可以根据VPN服务器的路由发布信息和VXLAN隧道信息,获得VXLAN隧道,以及将报文通过VXLAN隧道传输至目的端PE,进而不需进行跨域配置,而且在一个新地区增加VPN服务时,仅需要将新增的PE与其它PE进行配置,而不用在在网络部署MPLS,提高了VPN业务的拓展性能,使得VPN业务的开通和维护也更加方便。On the basis of the routing and forwarding of the VPN server, the source PE can obtain the VXLAN tunnel according to the route advertisement information and the VXLAN tunnel information of the VPN server after receiving the route advertisement information and the VXLAN tunnel information of the VPN server. And transmitting the packet to the destination PE through the VXLAN tunnel, so that the cross-domain configuration is not required, and when the VPN service is added in a new area, only the newly added PE and other PEs need to be configured, instead of being deployed in the network. MPLS improves the performance of VPN services and makes VPN services more convenient and maintainable.
实施例三:Embodiment 3:
基于与上述方法相同的技术构思,本发明实施例三提出了一种路由信息发布的装置,参见图6,所述装置包括:Based on the same technical concept as the above method, the third embodiment of the present invention provides a device for issuing routing information. Referring to FIG. 6, the device includes:
接收单元601,用于接收来自第一PE的路由发布信息,其中,所述路由发布信息包括所述第一PE对应的VPN拓扑连接信息,所述VPN拓扑连接信息包括源端的VPN标识,所述源端的VPN标识为所述第一PE 中的第一VPN标识;The receiving unit 601 is configured to receive the route advertisement information from the first PE, where the route advertisement information includes VPN topology connection information corresponding to the first PE, and the VPN topology connection information includes a VPN identifier of the source end, where The VPN ID of the source is the first PE. The first VPN identifier in the middle;
选择单元602,用于选择作为目的端的第二PE;The selecting unit 602 is configured to select a second PE as a destination end;
路由修改单元603,用于接收接收单元601发送的所述路由发布信息和接收选择单元602发送的所述第二PE,根据所述第一VPN标识,从所述第二PE的VPN标识中选择与所述第一VPN标识匹配的第二VPN标识,并在所述VPN拓扑连接信息中增加作为目的端的VPN标识的所述第二VPN标识,获得修改后的所述路由发布信息;The route modification unit 603 is configured to receive the route advertisement information sent by the receiving unit 601 and the second PE sent by the receiving and selecting unit 602, and select, according to the first VPN identifier, the VPN identifier of the second PE. Adding a second VPN identifier that matches the first VPN identifier, and adding the second VPN identifier that is the VPN identifier of the destination end to the VPN topology connection information, and obtaining the modified route advertisement information;
隧道选择单元604,用于接收路由修改单元603发送的所述第一VPN标识和所述第二VPN标识,根据所述第一VPN标识和所述第二VPN标识,确定所述第二PE将报文传输给所述第一PE的虚拟扩展局域网VXLAN隧道封装信息;The tunnel selection unit 604 is configured to receive the first VPN identifier and the second VPN identifier sent by the route modification unit 603, and determine, according to the first VPN identifier and the second VPN identifier, that the second PE Transmitting the message to the virtual extended local area network VXLAN tunnel encapsulation information of the first PE;
发送单元605,用于接收路由修改单元603发送的修改后的所述路由发布信息和接收所述隧道选择单元发送的所述VXLAN隧道封装信息,将所述VXLAN隧道封装信息和修改后的所述路由发布信息发送给所述第二PE。The sending unit 605 is configured to receive the modified route advertisement information sent by the route modification unit 603 and receive the VXLAN tunnel encapsulation information sent by the tunnel selection unit, and encapsulate the VXLAN tunnel encapsulation information and the modified The route advertisement information is sent to the second PE.
其中,所述路由信息发布的装置与多个PE相连,以使得通过所述装置可以实现一个PE到另一个PE的路由发布,且一个VPN标识与所述源端中的一个VRF对应,且所述源端为所述第一PE,即表征一个VPN标识与所述第一PE中的一个VRF对应。The device for issuing the routing information is connected to multiple PEs, so that a route advertisement of one PE to another PE can be implemented by the device, and a VPN identifier corresponds to one VRF in the source end, and The source end is the first PE, that is, a VPN identifier is associated with one VRF in the first PE.
在具体实施过程中,所述第一PE可以具有一个或多个VRF,且一个VPN标识对应一个VRF,以使得通过VPN标识就可以确定相应的VRF,所述第一PE对应的VPN拓扑连接信息仅包括源端的VPN标识字段和目的端的VPN标识字段,由于所述VPN服务器接收到的是所述第一PE的路由发布信息,导致所述第一PE对应的VPN拓扑连接信息中的源端的VPN标识字段为所述第一VPN标识,而所述目的端的VPN标识字段为空,如此,使得所述第一PE对应的VPN拓扑连接信息包含所述第一VPN标 识,而未包含有所述目的端的VPN标识。In a specific implementation process, the first PE may have one or more VRFs, and one VPN identifier corresponds to one VRF, so that the corresponding VRF may be determined by using the VPN identifier, and the VPN topology connection information corresponding to the first PE is configured. The VPN identifier field of the source end and the VPN identifier field of the destination end are included. The VPN information received by the VPN server is the source VPN of the VPN topology connection information corresponding to the first PE. The identifier field is the first VPN identifier, and the VPN identifier field of the destination end is empty, so that the VPN topology connection information corresponding to the first PE includes the first VPN label. Knowledge, but does not contain the VPN ID of the destination.
具体的,所述路由发布信息还包括与所述第一PE连接的CE的IP地址,所述VPN拓扑连接信息和所述第一PE的IP地址,且所述第一VPN标识与所述CE对应。Specifically, the route advertisement information further includes an IP address of the CE connected to the first PE, the VPN topology connection information and an IP address of the first PE, and the first VPN identifier and the CE correspond.
例如,参见图2,以所述第一PE为PE1为例,PE1分别与CE1和CE2和CE3直接相连,假设CE3为163服务器,为了使得用户能够查找到163服务器,CE3会请求PE1进行路由发布,进而使得VPN服务器接收到PE1的路由发布信息,其中,所述路由发布信息中包含有CE3的IP地址,PE1对应的VPN拓扑连接信息和PE1的IP地址例如是159.226.1.1。For example, referring to FIG. 2, the first PE is an example of PE1, and PE1 is directly connected to CE1, CE2, and CE3. Assume that CE3 is a 163 server. In order to enable the user to find 163 servers, CE3 requests PE1 to perform route advertisement. And the VPN server receives the route advertisement information of the PE1, wherein the route advertisement information includes the IP address of the CE3, and the VPN topology connection information corresponding to the PE1 and the IP address of the PE1 are, for example, 159.226.1.1.
较佳的,路由修改单元603包括VPN标识确定单元606,用于根据所述第一VPN标识,从所述VPN中的TAG对应关系中选择与所述第一VPN标识匹配的所述第二VPN标识,所述TAG对应关系包括所述第一PE中的VPN标识与所述第二PE中的VPN标识的对应关系。Preferably, the route modification unit 603 includes a VPN identity determining unit 606, configured to select, according to the first VPN identity, the second VPN that matches the first VPN identity from the TAG correspondence in the VPN. And the TAG correspondence includes a correspondence between the VPN identifier in the first PE and the VPN identifier in the second PE.
具体的,所述路由信息发布的装置在配置所述第一PE和所述其它PE的过程中,还配置所述第一PE的VPN标识与所述其它PE的VPN标识的对应关系,从而获得并保存所述第一PE与所述其它PE之间的TAG对应关系,如此,使得所述VPN服务器能够根据所述第一VPN标识,从所述VPN中的TAG对应关系中选择与所述第一VPN标识匹配的所述第二VPN标识,所述TAG对应关系包括所述第一PE中的VPN标识与所述第二PE中的VPN标识的对应关系,其中,所述TAG表示标识的意思。Specifically, the device for issuing the routing information, in the process of configuring the first PE and the other PE, further configuring a correspondence between the VPN identifier of the first PE and the VPN identifier of the other PE, thereby obtaining And storing the TAG correspondence between the first PE and the other PEs, so that the VPN server can select, according to the first VPN identifier, the TAG correspondence relationship in the VPN. Corresponding relationship between the VPN identifier in the first PE and the VPN identifier in the second PE, where the TAG indicates the meaning of the identifier. .
例如,参见图3,PE2具有VRF4和VRF5,与VRF4对应的VPN标识为TAG4,与VRF5对应的VPN标识为TAG5,且TAG4与TAG1相对应,通过VRF4和VRF1可以确定PE2到PE1的VRF,以及TAG5与TAG2相对应,通过VRF5和VRF2也可以确定PE2到PE1的VRF,如此,导致VPN服务器将PE1与PE2进行关联,TAG5与TAG2相对应,以及TAG4与TAG1相对应,具体可以表示为:{vPE1:TAG1,vPE2:TAG4}, {vPE1:TAG2,vPE2:TAG5}。For example, referring to FIG. 3, PE2 has VRF4 and VRF5, the VPN identifier corresponding to VRF4 is TAG4, the VPN identifier corresponding to VRF5 is TAG5, and TAG4 corresponds to TAG1, and VRF of PE2 to PE1 can be determined through VRF4 and VRF1, and TAG5 corresponds to TAG2. The VRF of PE2 to PE1 can also be determined through VRF5 and VRF2. In this way, the VPN server associates PE1 with PE2, TAG5 corresponds to TAG2, and TAG4 corresponds to TAG1, which can be expressed as: vPE1: TAG1, vPE2: TAG4}, {vPE1: TAG2, vPE2: TAG5}.
具体的,由于所述路由信息发布的装置中配置有所述第一PE与所述其它PE的隧道封装信息,进而使得隧道选择单元604能够根据所述第一VPN标识和所述第二VPN标识,确定所述第二PE将报文传输给所述第一PE的VXLAN隧道封装信息。Specifically, the device that is advertised by the routing information is configured with the tunnel encapsulation information of the first PE and the other PE, so that the tunnel selection unit 604 can be configured according to the first VPN identifier and the second VPN identifier. And determining, by the second PE, the message to be transmitted to the VXLAN tunnel encapsulation information of the first PE.
较佳的,所述VXLAN隧道封装信息包括设置在所述第一PE中的VXLAN接口IP地址和设置在所述第二PE中的VXLAN接口IP地址。Preferably, the VXLAN tunnel encapsulation information includes a VXLAN interface IP address set in the first PE and a VXLAN interface IP address set in the second PE.
较佳的,发送单元605将所述VXLAN隧道封装信息和修改后的所述路由发布信息发送给所述第二PE,以使得所述第二PE根据R-VPN标识,查找到与所述R-VPN标识对应的VRF,再根据所述VXLAN隧道封装信息,生成报文从所述第二PE到所述第一PE的VXLAN隧道,然后将所述第二PE接收到的报文通过所述VXLAN隧道传输至所述第一PE。Preferably, the sending unit 605 sends the VXLAN tunnel encapsulation information and the modified route advertisement information to the second PE, so that the second PE finds the R according to the R-VPN identifier. a VRF corresponding to the VPN identifier, and then generating a packet from the second PE to the VXLAN tunnel of the first PE according to the VXLAN tunnel encapsulation information, and then passing the packet received by the second PE by using the VRFLAN tunnel encapsulation information The VXLAN tunnel is transmitted to the first PE.
本申请实施例中PE1的路由发布信息直接传输给VPN服务器,VPN服务器根据PE1的路由发布信息,确定目的PE为PE2,添加目的端的TAG,获得修改后的PE1的路由发布信息,并根据与PE1的TAG匹配的PE2的TAG,确定VXLAN隧道封装信息,将修改后的PE1路由发布信息和所述VXLAN隧道封装信息发送给PE2,进而完成PE1的路由发布,而现有技术中的路由发布需要逐一进行路由转发,且在不同的AS之间进行路由转发时,还需要通过跨域技术来实现路由转发,导致现有技术在进行路由转发时,路由转发的次数较多,而且在不同的AS之间进行路由转发时,还需要通过跨域技术来实现路由转发,使得路由发布的时间较长,路由发布的效率也低的技术问题,而本申请使得本申请仅需通过VPN服务器就可以完成路由发布,仅需通过一次路由转发就完成了路由发布,且无需通过跨域技术来实现路由转发,进而能够缩短路由发布的时间,提高路由发布的效率。In the embodiment of the present application, the route advertisement information of the PE1 is directly transmitted to the VPN server, and the VPN server determines the destination PE as the PE2 according to the route advertisement information of the PE1, adds the TAG of the destination end, and obtains the modified route information of the PE1, and according to the PE1. TAG matches the TAG of the PE2, determines the VXLAN tunnel encapsulation information, and sends the modified PE1 route advertisement information and the VXLAN tunnel encapsulation information to the PE2, thereby completing the route advertisement of the PE1, and the route advertisement in the prior art needs to be one by one. When routing and forwarding are performed, and route forwarding is performed between different ASs, the cross-domain technology is required to implement route forwarding. As a result, the number of routes is forwarded more frequently in the prior art, and in different ASs. When the route is forwarded, the route forwarding is required to be implemented, and the route is advertised for a long time, and the efficiency of the route is also low. However, this application allows the application to complete the route only through the VPN server. Publish, routing is completed only by one route forwarding, and there is no need to implement the road through cross-domain technology. By forwarding, the time of route advertisement can be shortened, and the efficiency of route advertisement is improved.
实施例四: Embodiment 4:
基于与上述方法相同的技术构思,本发明实施例四提出了一种VPN服务器,参见图7,所述服务器包括:Based on the same technical concept as the above method, a fourth embodiment of the present invention provides a VPN server. Referring to FIG. 7, the server includes:
接收器701,用于接收来自第一PE的路由发布信息,其中,所述路由发布信息包括所述第一PE对应的VPN拓扑连接信息,所述VPN拓扑连接信息包括源端的VPN标识,所述源端的VPN标识为所述第一PE中的第一VPN标识;The receiver 701 is configured to receive the route advertisement information from the first PE, where the route advertisement information includes VPN topology connection information corresponding to the first PE, and the VPN topology connection information includes a VPN identifier of the source end, where The VPN identifier of the source is the first VPN identifier in the first PE.
处理器702,用于选择作为目的端的第二PE,并根据所述第一VPN标识,从所述第二PE的VPN标识中选择与所述第一VPN标识匹配的第二VPN标识,并在所述VPN拓扑连接信息中增加作为目的端的VPN标识的所述第二VPN标识,获得修改后的所述路由发布信息;以及根据所述第一VPN标识和所述第二VPN标识,确定所述第二PE将报文传输给所述第一PE的虚拟扩展局域网VXLAN隧道封装信息;The processor 702 is configured to select a second PE that is the destination end, and select, according to the first VPN identifier, a second VPN identifier that matches the first VPN identifier from the VPN identifiers of the second PE, and Adding the second VPN identifier that is the VPN identifier of the destination end to the VPN topology connection information, and obtaining the modified route advertisement information; and determining, according to the first VPN identifier and the second VPN identifier, Transmitting, by the second PE, the packet to the virtual extended local area network VXLAN tunnel encapsulation information of the first PE;
发送器703,用于将所述VXLAN隧道封装信息和修改后的所述路由发布信息发送给所述第二PE。The transmitter 703 is configured to send the VXLAN tunnel encapsulation information and the modified route advertisement information to the second PE.
其中,接收器701例如是无线天线、wifi模块等电子设备,进一步的,处理器702例如是单独的处理芯片、单片机等电子设备,进一步的,发送器703例如是无线天线等电子设备。The receiver 701 is, for example, an electronic device such as a wireless antenna or a wifi module. Further, the processor 702 is, for example, a separate processing chip or an electronic device such as a single chip microcomputer. Further, the transmitter 703 is, for example, an electronic device such as a wireless antenna.
具体的,所述VPN服务器与多个PE相连,以使得通过所述VPN服务器可以实现一个PE到另一个PE的路由发布,且一个VPN标识与所述源端中的一个VPN路由转发表(VPN Routing and Forwarding table简称VRF)对应,且所述源端为所述第一PE,即表征一个VPN标识与所述第一PE中的一个VRF对应。Specifically, the VPN server is connected to multiple PEs, so that a route advertisement from one PE to another PE can be implemented by using the VPN server, and a VPN identifier and a VPN routing forwarding table in the source end (VPN) The routing and forwarding table (VRF) corresponds to the first PE, that is, the VPN identifier is associated with one VRF in the first PE.
较佳的,所述第一PE可以具有一个或多个VRF,且一个VPN标识对应一个VRF,以使得通过VPN标识就可以确定相应的VRF,所述第一PE对应的VPN拓扑连接信息仅包括源端的VPN标识字段和目的端的VPN标识字段,由于所述VPN服务器接收到的是所述第一PE的路由发布信息, 导致所述第一PE对应的VPN拓扑连接信息中的源端的VPN标识字段为所述第一VPN标识,而所述目的端的VPN标识字段为空,如此,使得所述第一PE对应的VPN拓扑连接信息包含所述第一VPN标识,而未包含有所述目的端的VPN标识。Preferably, the first PE may have one or more VRFs, and one VPN identifier corresponds to one VRF, so that the corresponding VRF can be determined by using the VPN identifier, and the VPN topology connection information corresponding to the first PE includes only The VPN identification field of the source end and the VPN identification field of the destination end, because the VPN server receives the route advertisement information of the first PE, The VPN identifier field of the source end in the VPN topology connection information corresponding to the first PE is the first VPN identifier, and the VPN identifier field of the destination end is empty, so that the VPN topology corresponding to the first PE is obtained. The connection information includes the first VPN identifier, and does not include the VPN identifier of the destination end.
较佳的,所述路由发布信息还包括与所述第一PE连接的CE的IP地址,所述VPN拓扑连接信息和所述第一PE的IP地址,且所述第一VPN标识与所述CE对应。Preferably, the route advertisement information further includes an IP address of a CE connected to the first PE, the VPN topology connection information and an IP address of the first PE, and the first VPN identifier and the CE corresponds.
例如,参见图2,以所述第一PE为PE1为例,PE1分别与CE1和CE2和CE3直接相连,假设CE3为163服务器,为了使得用户能够查找到163服务器,CE3会请求PE1进行路由发布,进而使得VPN服务器接收到PE1的路由发布信息,其中,所述路由发布信息中包含有CE3的IP地址,PE1对应的VPN拓扑连接信息和PE1的IP地址例如是159.226.1.1。For example, referring to FIG. 2, the first PE is an example of PE1, and PE1 is directly connected to CE1, CE2, and CE3. Assume that CE3 is a 163 server. In order to enable the user to find 163 servers, CE3 requests PE1 to perform route advertisement. And the VPN server receives the route advertisement information of the PE1, wherein the route advertisement information includes the IP address of the CE3, and the VPN topology connection information corresponding to the PE1 and the IP address of the PE1 are, for example, 159.226.1.1.
较佳的,处理器702,具体用于根据所述第一VPN标识,从所述VPN中的TAG对应关系中选择与所述第一VPN标识匹配的所述第二VPN标识,所述TAG对应关系包括所述第一PE中的VPN标识与所述第二PE中的VPN标识的对应关系。Preferably, the processor 702 is configured to select, according to the first VPN identifier, the second VPN identifier that matches the first VPN identifier from the TAG correspondence in the VPN, where the TAG corresponds to The relationship includes the correspondence between the VPN identifier in the first PE and the VPN identifier in the second PE.
具体的,所述VPN服务器在配置所述第一PE和所述其它PE的过程中,还配置所述第一PE的VPN标识与所述其它PE的VPN标识的对应关系,从而获得并保存所述第一PE与所述其它PE之间的TAG对应关系,如此,使得所述VPN服务器能够根据所述第一VPN标识,从所述VPN中的TAG对应关系中选择与所述第一VPN标识匹配的所述第二VPN标识,所述TAG对应关系包括所述第一PE中的VPN标识与所述第二PE中的VPN标识的对应关系,其中,所述TAG表示标识的意思。Specifically, in the process of configuring the first PE and the other PE, the VPN server further configures a correspondence between the VPN identifier of the first PE and the VPN identifier of the other PE, thereby obtaining and saving the Determining the TAG correspondence between the first PE and the other PEs, so that the VPN server can select the first VPN identifier from the TAG correspondence relationship in the VPN according to the first VPN identifier. Matching the second VPN identifier, the TAG correspondence includes a correspondence between the VPN identifier in the first PE and a VPN identifier in the second PE, where the TAG indicates the meaning of the identifier.
例如,参见图3,PE2具有VRF4和VRF5,与VRF4对应的VPN标识为TAG4,与VRF5对应的VPN标识为TAG5,且TAG4与TAG1相对应,通过VRF4和VRF1可以确定PE2到PE1的VRF,以及TAG5与TAG2 相对应,通过VRF5和VRF2也可以确定PE2到PE1的VRF,如此,导致VPN服务器将PE1与PE2进行关联,TAG5与TAG2相对应,以及TAG4与TAG1相对应,具体可以表示为:{vPE1:TAG1,vPE2:TAG4},{vPE1:TAG2,vPE2:TAG5}。For example, referring to FIG. 3, PE2 has VRF4 and VRF5, the VPN identifier corresponding to VRF4 is TAG4, the VPN identifier corresponding to VRF5 is TAG5, and TAG4 corresponds to TAG1, and VRF of PE2 to PE1 can be determined through VRF4 and VRF1, and TAG5 and TAG2 Correspondingly, the VRF of PE2 to PE1 can also be determined by VRF5 and VRF2. As a result, the VPN server associates PE1 with PE2, TAG5 corresponds to TAG2, and TAG4 corresponds to TAG1, which can be expressed as: {vPE1:TAG1 , vPE2: TAG4}, {vPE1: TAG2, vPE2: TAG5}.
具体的,由于所述路由信息发布的装置中配置有所述第一PE与所述其它PE的隧道封装信息,进而使得处理器702能够根据所述第一VPN标识和所述第二VPN标识,确定所述第二PE将报文传输给所述第一PE的VXLAN隧道封装信息。Specifically, the device that is advertised by the routing information is configured with tunnel encapsulation information of the first PE and the other PE, so that the processor 702 can be configured according to the first VPN identifier and the second VPN identifier. Determining that the second PE transmits the message to the VXLAN tunnel encapsulation information of the first PE.
较佳的,所述VXLAN隧道封装信息包括设置在所述第一PE中的VXLAN接口IP地址和设置在所述第二PE中的VXLAN接口IP地址。Preferably, the VXLAN tunnel encapsulation information includes a VXLAN interface IP address set in the first PE and a VXLAN interface IP address set in the second PE.
较佳的,发送器703,具体用于将所述VXLAN隧道封装信息和修改后的所述路由发布信息发送给所述第二PE,以使得所述第二PE根据R-VPN标识,查找到与所述R-VPN标识对应的VRF,再根据所述VXLAN隧道封装信息,生成报文从所述第二PE到所述第一PE的VXLAN隧道,然后将所述第二PE接收到的报文通过所述VXLAN隧道传输至所述第一PE。Preferably, the transmitter 703 is configured to send the VXLAN tunnel encapsulation information and the modified route advertisement information to the second PE, so that the second PE finds the R-VPN identifier according to the R-VPN identifier. And the VRF corresponding to the R-VPN identifier, according to the VXLAN tunnel encapsulation information, generating a packet from the second PE to the VXLAN tunnel of the first PE, and then receiving the report received by the second PE The text is transmitted to the first PE through the VXLAN tunnel.
本申请实施例中PE1的路由发布信息直接传输给VPN服务器,VPN服务器根据PE1的路由发布信息,确定目的PE为PE2,添加目的端的TAG,获得修改后的PE1的路由发布信息,并根据与PE1的TAG匹配的PE2的TAG,确定VXLAN隧道封装信息,将修改后的PE1路由发布信息和所述VXLAN隧道封装信息发送给PE2,进而完成PE1的路由发布,而现有技术中的路由发布需要逐一进行路由转发,且在不同的AS之间进行路由转发时,还需要通过跨域技术来实现路由转发,导致现有技术在进行路由转发时,路由转发的次数较多,而且在不同的AS之间进行路由转发时,还需要通过跨域技术来实现路由转发,使得路由发布的时间较长,路由发布的效率也低的技术问题,而本申请使得本申请仅需通过VPN服务器就可 以完成路由发布,仅需通过一次路由转发就完成了路由发布,且无需通过跨域技术来实现路由转发,进而能够缩短路由发布的时间,提高路由发布的效率。In the embodiment of the present application, the route advertisement information of the PE1 is directly transmitted to the VPN server, and the VPN server determines the destination PE as the PE2 according to the route advertisement information of the PE1, adds the TAG of the destination end, and obtains the modified route information of the PE1, and according to the PE1. TAG matches the TAG of the PE2, determines the VXLAN tunnel encapsulation information, and sends the modified PE1 route advertisement information and the VXLAN tunnel encapsulation information to the PE2, thereby completing the route advertisement of the PE1, and the route advertisement in the prior art needs to be one by one. When routing and forwarding are performed, and route forwarding is performed between different ASs, the cross-domain technology is required to implement route forwarding. As a result, the number of routes is forwarded more frequently in the prior art, and in different ASs. When routing and forwarding between the two, the cross-domain technology is required to implement the routing and forwarding, so that the route is advertised for a long period of time, and the efficiency of the route is also low. However, the present application only needs to pass the VPN server. In order to complete the route advertisement, the route advertisement is completed only by one route forwarding, and the route forwarding is not required to be implemented by the cross-domain technology, thereby shortening the route advertisement time and improving the efficiency of route advertisement.
实施例五:Embodiment 5:
基于与上述方法相同的技术构思,本发明实施例五提出了一种传输报文的装置,参见图8,所述装置包括:Based on the same technical concept as the above method, the fifth embodiment of the present invention provides an apparatus for transmitting a message. Referring to FIG. 8, the apparatus includes:
接收单元801,用于接收来自源端CE发送的报文,The receiving unit 801 is configured to receive a packet sent by the source CE,
PE确定单元802,用于接收接收单元801发送的报文,根据所述报文,确定所述报文传输的目的PE为第二PE;The PE determining unit 802 is configured to receive the packet sent by the receiving unit 801, and determine, according to the packet, that the destination PE of the packet transmission is the second PE;
路由选择单元803,用于接收接收单元801发送的报文,根据所述报文中的目的CE的IP地址,从接收到的所述第二PE的路由发布信息中选择与所述目的CE对应的路由发布信息,其中,所述第二PE的路由发布信息是由VPN服务器发送给路由选择单元803的;The routing unit 803 is configured to receive the packet sent by the receiving unit 801, and select, according to the IP address of the destination CE in the packet, the corresponding route CE from the received route advertisement information of the second PE. Route publishing information, wherein the route publishing information of the second PE is sent by the VPN server to the routing unit 803;
隧道信息获取单元804,用于接收PE确定单元802发送的所述第二PE,从接收到的所述第二PE的VXLAN隧道封装信息中选择与所述目的CE对应的VXLAN隧道封装信息,其中,所述第二PE的VXLAN隧道封装信息是由VPN服务器发送给隧道选择单元804的;The tunnel information acquiring unit 804 is configured to receive the second PE sent by the PE determining unit 802, and select VXLAN tunnel encapsulation information corresponding to the destination CE from the received VXLAN tunnel encapsulation information of the second PE, where The VXLAN tunnel encapsulation information of the second PE is sent by the VPN server to the tunnel selection unit 804;
隧道确定单元805,用于接收路由选择单元803发送的与所述目的CE对应的路由发布信息和接收隧道信息获取单元804发送的所述VXLAN隧道封装信息,根据与所述目的CE对应的路由发布信息和所述VXLAN隧道封装信息,确定所述第一PE将报文传输给所述第二PE的VXLAN隧道;The tunnel determining unit 805 is configured to receive the route advertisement information corresponding to the destination CE and the VXLAN tunnel encapsulation information sent by the receiving tunnel information acquiring unit 804, which is sent by the routing unit 803, and is distributed according to the route corresponding to the destination CE. Determining, by the information, the VXLAN tunnel encapsulation information, that the first PE transmits the packet to the VXLAN tunnel of the second PE;
报文传输单元806,用于接收隧道确定单元805发送的所述VXLAN隧道,将所述报文通过所述VXLAN隧道传输至所述第二PE。The message transmission unit 806 is configured to receive the VXLAN tunnel sent by the tunnel determining unit 805, and transmit the packet to the second PE by using the VXLAN tunnel.
具体的,首先所述传输报文的装置会接收到VPN服务器发送的路由发布信息和VXLAN隧道封装信息,在所述装置中的接收单元801接收到所述源端CE发送的报文时,由于所述报文中具有目的CE的IP地址,使得PE确 定单元802可以根据所述目的CE的IP地址,可以从接收到的VPN服务器发送的路由发布信息确定与所述目的CE直接连接的所述第二PE,所述第二PE为所述目的PE。Specifically, the device that transmits the packet receives the route advertisement information and the VXLAN tunnel encapsulation information sent by the VPN server, and the receiving unit 801 in the device receives the packet sent by the source CE, because The packet has the IP address of the destination CE, so that the PE is indeed The determining unit 802 may determine, according to the IP address of the destination CE, the second PE directly connected to the destination CE, and the second PE is the destination PE, from the route advertisement information sent by the received VPN server. .
例如,参见图2,以PE2为所述第一PE为例,PE2首先会接收到VPN服务器发送的PE1的路由发布信息和隧道封装信息,所述PE1的路由发布信息以及隧道封装信息可以包含CE1,CE2和CE3对应的路由发布信息及其对应隧道封装信息,然后在PE2接收到所述源端CE发送的报文时,能够获取所述报文中的目的CE的IP地址,若所述目的CE的IP为CE3的IP地址,根据接收到的PE1的路由发布信息,则可以确定所述目的PE为PE1。For example, referring to FIG. 2, taking PE2 as the first PE, the PE2 firstly receives the route advertisement information and the tunnel encapsulation information of the PE1 sent by the VPN server, and the route advertisement information and the tunnel encapsulation information of the PE1 may include the CE1. And the route advertisement information corresponding to the CE2 and the CE3 and the corresponding tunnel encapsulation information, and then, when the PE2 receives the packet sent by the source CE, the IP address of the destination CE in the packet is obtained, if the destination is The IP address of the CE is the IP address of the CE3. According to the received route advertisement information of the PE1, the destination PE is determined to be PE1.
具体的,由于所述第二PE在进行路由发布时,会将请求所述第二PE进行路由发布的CE的IP地址写入所述第二PE的路由发布信息中,从而使得所述PE确定单元802在确定所述第二PE之后,隧道信息获取单元804能够从所述第二PE的路由发布信息中选择与所述目的CE对应的路由发布信息,以及隧道确定单元805能够从所述第二PE的VXLAN隧道封装信息中选择与所述目的CE对应的VXLAN隧道封装信息。Specifically, the second PE is configured to write the IP address of the CE that requests the second PE to perform the route advertisement to the route advertisement information of the second PE, so that the PE determines After determining the second PE, the tunnel information acquiring unit 804 can select the route advertisement information corresponding to the destination CE from the route advertisement information of the second PE, and the tunnel determining unit 805 can The VXLAN tunnel encapsulation information corresponding to the destination CE is selected in the VXLAN tunnel encapsulation information of the second PE.
较佳的,隧道确定单元805,具体用于根据与所述目的CE对应的路由发布信息中的所述第一PE的第一VPN标识和所述第二PE的第二VPN标识,确定所述第一PE将报文传输给所述第二PE的VPN路由转发表,再根据与所述目的CE对应的VXLAN隧道封装信息,确定所述第一PE的IP地址和所述第二PE的IP地址,以及根据所述VPN路由转发表和所述第一PE的IP地址和所述第二PE的IP地址,确定所述第一PE将报文传输给所述第二PE的VXLAN隧道。Preferably, the tunnel determining unit 805 is configured to determine, according to the first VPN identifier of the first PE and the second VPN identifier of the second PE in the route advertisement information corresponding to the destination CE, The first PE transmits the packet to the VPN routing forwarding table of the second PE, and determines the IP address of the first PE and the IP of the second PE according to the VXLAN tunnel encapsulation information corresponding to the destination CE. And determining, according to the VPN routing forwarding table, the IP address of the first PE, and the IP address of the second PE, that the first PE transmits the packet to the VXLAN tunnel of the second PE.
例如,参见图2,PE2接收到CE的报文,所述报文的目的CE的IP地址为192.168.1.102,则可以确定所述第二PE为PE1以及所述目的CE为CE3,然后从PE2接收到VPN服务器发送的PE1的路由发布信息和VXLAN隧道信息中确定与CE3对应的路由发布信息和VXLAN隧道信息 为{NLRI:192.168.1.102,VPN ATR:(L_TAG1,R_TAG4),VXLAN ATR:(vni1,uip1,uip4),NHP:4.4.4.4},根据R-TAG4,从PE2中的VRF中确定与TAG4对应的VRF4,以及根据TAG1对应的VRF1,根据VRF4和VRF1,可以确定PE2到PE1的VRF,再根据VXLAN隧道信息中携带的uip4地址和uip1,查找到vxlanif1和vxlanif4,将报文的入口vxlanif1,将报文的出口指向vxlanif4,然后生成关联PEI和PE2的VXLAN隧道表,进而获得VXLAN隧道,以使得PE2接收到所述源端CE发送的报文通过所述VXLAN隧道传输至PE1。For example, referring to FIG. 2, PE2 receives the packet of the CE, and the IP address of the destination CE of the packet is 192.168.1.102, and the second PE is determined to be PE1 and the destination CE is CE3, and then the PE2 is obtained. Receive route advertisement information and VXLAN tunnel information corresponding to CE3 in the route advertisement information and VXLAN tunnel information of the PE1 sent by the VPN server. For {NLRI: 192.168.1.102, VPN ATR: (L_TAG1, R_TAG4), VXLAN ATR: (vni1, uip1, uip4), NHP: 4.4.4.4}, according to R-TAG4, determine the corresponding to TAG4 from the VRF in PE2 According to VRF1 corresponding to TAG1, according to VRF4 and VRF1, the VRF of PE2 to PE1 can be determined, and according to the uip4 address and uip1 carried in the VXLAN tunnel information, vxlanif1 and vxlanif4 are found, and the entry vxlanif1 of the packet will be The egress of the packet is directed to vxlanif4, and then the VXLAN tunnel table of the associated PEI and PE2 is generated, and the VXLAN tunnel is obtained, so that the packet sent by the source CE is transmitted to the PE1 through the VXLAN tunnel.
较佳的,报文传输单元806将接收到的所述源端CE的报文通过所述VXLAN隧道传输至所述第二PE之后,使得所述第二PE根据所述报文中的目的IP地址,将所述报文传输给目的CE。Preferably, the message transmission unit 806 transmits the received message of the source CE to the second PE through the VXLAN tunnel, so that the second PE is based on the destination IP in the packet. The address is transmitted to the destination CE.
例如,参见图2,PE2接收到CE发送的报文通过所述VXLAN隧道传输至PE1,PE1将去除与所述VXLAN隧道的封装信息,读取所述报文中的目的IP地址为192.168.1.102,则PE1根据所述目的IP地址,查找到与192.168.1.102对应的CE为CE3,则将所述报文传输至CE3。For example, referring to FIG. 2, the PE2 receives the packet sent by the CE and transmits the packet to the PE1 through the VXLAN tunnel. The PE1 removes the encapsulation information from the VXLAN tunnel and reads the destination IP address in the packet as 192.168.1.102. Then, PE1 finds that the CE corresponding to 192.168.1.102 is CE3 according to the destination IP address, and then the packet is transmitted to CE3.
由于现有技术中在构建VPN时通常是采用MPLS技术来实现的,简称为MPLS/VPN,但是现有的MPLS/VPN需要部署LDP作为隧道,再部署BGP传播VPN路由,以及进行分布式配置,每增加一个PE/VPN需要调整其他各个PE的配置,由于MPLS/VPN通过需要通过不同的AS,导致还需要部署各种跨域技术,而且在一个新地区增加VPN服务,则还需要在网络部署MPLS,保证MPLS连通性,导致现有技术的VPN业务拓展性能差,需要进行跨域配置的技术问题。In the prior art, the MPLS technology is generally used to construct a VPN, which is referred to as MPLS/VPN. However, the existing MPLS/VPN needs to deploy LDP as a tunnel, deploy BGP to propagate VPN routes, and perform distributed configuration. Each additional PE/VPN needs to adjust the configuration of each other PE. Since MPLS/VPN needs to pass different ASs, it also needs to deploy various cross-domain technologies, and if VPN services are added in a new area, it needs to be deployed in the network. MPLS ensures MPLS connectivity, which leads to poor performance of VPN services in the prior art and requires technical problems of cross-domain configuration.
而本申请实施例在VPN服务器进行路由转发的基础上,源端PE在接收到VPN服务器的路由发布信息和VXLAN隧道信息之后,可以根据VPN服务器的路由发布信息和VXLAN隧道信息,获得VXLAN隧道,以及将报文通过VXLAN隧道传输至目的端PE,进而不需进行跨域配置,而且在一个 新地区增加VPN服务时,仅需要将新增的PE与其它PE进行配置,而不用在在网络部署MPLS,提高了VPN业务的拓展性能,使得VPN业务的开通和维护也更加方便。On the basis of the routing and forwarding of the VPN server, the source PE can obtain the VXLAN tunnel according to the route advertisement information and the VXLAN tunnel information of the VPN server after receiving the route advertisement information and the VXLAN tunnel information of the VPN server. And transmitting the packet to the destination PE through the VXLAN tunnel, thereby eliminating the need for cross-domain configuration, and When the VPN service is added to the new area, the newly added PEs and other PEs need to be configured. Instead of deploying MPLS on the network, the VPN service expansion performance is improved, and the VPN service is opened and maintained more conveniently.
本领域的技术人员应明白,本发明的实施例可提供为方法、装置(设备)、或计算机程序产品。因此,本发明可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本发明可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art will appreciate that embodiments of the present invention can be provided as a method, apparatus (device), or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment, or a combination of software and hardware. Moreover, the invention can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) including computer usable program code.
本发明是参照根据本发明实施例的方法、装置(设备)和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present invention has been described with reference to flowchart illustrations and/or block diagrams of methods, apparatus, and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or FIG. These computer program instructions can be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing device to produce a machine for the execution of instructions for execution by a processor of a computer or other programmable data processing device. Means for implementing the functions specified in one or more of the flow or in a block or blocks of the flow chart.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。The computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device. The apparatus implements the functions specified in one or more blocks of a flow or a flow and/or block diagram of the flowchart.
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。 These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device. The instructions provide steps for implementing the functions specified in one or more of the flow or in a block or blocks of a flow diagram.
尽管已描述了本发明的优选实施例,但本领域内的技术人员一旦得知了基本创造性概念,则可对这些实施例作出另外的变更和修改。所以,所附权利要求意欲解释为包括优选实施例以及落入本发明范围的所有变更和修改。While the preferred embodiment of the invention has been described, it will be understood that Therefore, the appended claims are intended to be interpreted as including the preferred embodiments and the modifications and
显然,本领域的技术人员可以对本发明进行各种改动和变型而不脱离本发明的精神和范围。这样,倘若本发明的这些修改和变型属于本发明权利要求及其等同技术的范围之内,则本发明也意图包含这些改动和变型在内。 It is apparent that those skilled in the art can make various modifications and variations to the invention without departing from the spirit and scope of the invention. Thus, it is intended that the present invention cover the modifications and modifications of the invention

Claims (15)

  1. 一种路由信息发布的方法,其特征在于,所述方法包括:A method for publishing routing information, characterized in that the method comprises:
    虚拟专用网VPN服务器接收来自第一服务提供商边缘设备PE的路由发布信息,其中,所述路由发布信息包括所述第一PE对应的VPN拓扑连接信息,所述VPN拓扑连接信息包括源端的VPN标识,所述源端的VPN标识为所述第一PE中的第一VPN标识;The virtual private network VPN server receives the route advertisement information from the first service provider edge device PE, where the route advertisement information includes VPN topology connection information corresponding to the first PE, and the VPN topology connection information includes the source VPN. The identifier of the VPN at the source end is the first VPN identifier in the first PE;
    所述VPN服务器选择作为目的端的第二PE;The VPN server selects a second PE as a destination end;
    所述VPN服务器根据所述第一VPN标识,从所述第二PE的VPN标识中选择与所述第一VPN标识匹配的第二VPN标识,并在所述VPN拓扑连接信息中增加作为目的端的VPN标识的所述第二VPN标识,获得修改后的所述路由发布信息;以及The VPN server selects, according to the first VPN identifier, a second VPN identifier that matches the first VPN identifier from the VPN identifiers of the second PE, and adds the target as the destination end in the VPN topology connection information. The second VPN identifier of the VPN identifier obtains the modified route advertisement information;
    所述VPN服务器根据所述第一VPN标识和所述第二VPN标识,确定所述第二PE将报文传输给所述第一PE的虚拟扩展局域网VXLAN隧道封装信息;Determining, by the VPN server, the second PE to transmit the packet to the virtual extended local area network VXLAN tunnel encapsulation information of the first PE according to the first VPN identifier and the second VPN identifier;
    所述VPN服务器将所述VXLAN隧道封装信息和修改后的所述路由发布信息发送给所述第二PE。The VPN server sends the VXLAN tunnel encapsulation information and the modified route advertisement information to the second PE.
  2. 如权利要求1所述的方法,其特征在于,所述路由发布信息还包括与所述第一PE连接的用户网络边缘设备CE的网络之间互联的协议IP地址,所述VPN拓扑连接信息和所述第一PE的IP地址,且所述第一VPN标识与所述CE对应。The method according to claim 1, wherein the route advertisement information further comprises a protocol IP address interconnected by a network of a user network edge device CE connected to the first PE, the VPN topology connection information and An IP address of the first PE, and the first VPN identifier corresponds to the CE.
  3. 如权利要求1或2所述的方法,其特征在于,所述VPN服务器根据所述第一VPN标识,选择与所述第一VPN标识匹配的第二VPN标识,具体包括:The method of claim 1 or 2, wherein the VPN server selects a second VPN identifier that matches the first VPN identifier according to the first VPN identifier, and specifically includes:
    所述VPN服务器根据所述第一VPN标识,从所述VPN中的TAG对应关系中选择与所述第一VPN标识匹配的所述第二VPN标识,所述TAG 对应关系包括所述第一PE中的VPN标识与所述第二PE中的VPN标识的对应关系。The VPN server selects, according to the first VPN identifier, the second VPN identifier that matches the first VPN identifier from the TAG correspondence in the VPN, the TAG The correspondence includes the correspondence between the VPN identifier in the first PE and the VPN identifier in the second PE.
  4. 如权利要求1-3任一项所述的方法,其特征在于,所述VXLAN隧道封装信息包括设置在所述第一PE中的VXLAN接口IP地址和设置在所述第二PE中的VXLAN接口IP地址。The method according to any one of claims 1 to 3, wherein the VXLAN tunnel encapsulation information comprises a VXLAN interface IP address set in the first PE and a VXLAN interface disposed in the second PE. IP address.
  5. 一种传输报文的方法,其特征在于,所述方法包括:A method for transmitting a message, the method comprising:
    第一PE接收来自源端CE发送的报文,并根据所述源端CE发送的报文,确定所述报文传输的目的PE为第二PE;The first PE receives the packet sent by the source CE, and determines, according to the packet sent by the source CE, that the destination PE of the packet is the second PE;
    所述第一PE根据所述报文中的目的CE的IP地址,从接收到的所述第二PE的路由发布信息中选择与所述目的CE对应的路由发布信息,以及从接收到的所述第二PE的VXLAN隧道封装信息中选择与所述目的CE对应的VXLAN隧道封装信息,其中,所述第二PE的路由发布信息和VXLAN隧道封装信息是由VPN服务器发送给所述第一PE的;The first PE selects, according to the IP address of the destination CE in the packet, the route advertisement information corresponding to the destination CE from the received route advertisement information of the second PE, and the received route information. The VXLAN tunnel encapsulation information corresponding to the destination CE is selected in the VXLAN tunnel encapsulation information of the second PE, where the route advertisement information and the VXLAN tunnel encapsulation information of the second PE are sent by the VPN server to the first PE. of;
    所述第一PE根据与所述目的CE对应的路由发布信息和VXLAN隧道封装信息,确定所述第一PE将报文传输给所述第二PE的VXLAN隧道;Determining, by the first PE, the packet sent by the first PE to the VXLAN tunnel of the second PE according to the route advertisement information and the VXLAN tunnel encapsulation information corresponding to the destination CE;
    所述第一PE将所述报文通过所述VXLAN隧道传输至所述第二PE。The first PE transmits the packet to the second PE by using the VXLAN tunnel.
  6. 如权利要求5所述的方法,其特征在于,所述第一PE根据所述路由发布信息和所述VXLAN隧道封装信息,确定所述第一PE将报文传输给所述第二PE的VXLAN隧道,具体包括:The method according to claim 5, wherein the first PE determines, according to the route advertisement information and the VXLAN tunnel encapsulation information, that the first PE transmits a message to the VXLAN of the second PE. The tunnel specifically includes:
    所述第一PE根据与所述目的CE对应的路由发布信息中的所述第一PE的第一VPN标识和所述第二PE的第二VPN标识,确定所述第一PE将报文传输给所述第二PE的VPN路由转发表;Determining, by the first PE, that the first PE transmits the packet according to the first VPN identifier of the first PE and the second VPN identifier of the second PE in the route advertisement information corresponding to the destination CE. a VPN routing forwarding table for the second PE;
    所述第一PE根据与所述目的CE对应的VXLAN隧道封装信息,确定所述第一PE的IP地址和所述第二PE的IP地址;Determining, by the first PE, the IP address of the first PE and the IP address of the second PE according to the VXLAN tunnel encapsulation information corresponding to the destination CE;
    所述第一PE根据所述VPN路由转发表和所述第一PE的IP地址和所述第二PE的IP地址,确定所述第一PE将报文传输给所述第二PE的 VXLAN隧道。Determining, by the first PE, the first PE to transmit the packet to the second PE according to the VPN routing forwarding table, the IP address of the first PE, and the IP address of the second PE. VXLAN tunnel.
  7. 一种路由信息发布的装置,其特征在于,所述装置包括:An apparatus for issuing routing information, characterized in that the apparatus comprises:
    接收单元,用于接收来自第一PE的路由发布信息,其中,所述路由发布信息包括所述第一PE对应的VPN拓扑连接信息,所述VPN拓扑连接信息包括源端的VPN标识,所述源端的VPN标识为所述第一PE中的第一VPN标识;a receiving unit, configured to receive route advertisement information from the first PE, where the route advertisement information includes VPN topology connection information corresponding to the first PE, and the VPN topology connection information includes a VPN identifier of the source end, the source The VPN identifier of the end is the first VPN identifier in the first PE;
    选择单元,用于选择作为目的端的第二PE;a selection unit, configured to select a second PE as a destination;
    路由修改单元,用于接收所述接收单元发送的所述路由发布信息和接收所述选择单元发送的所述第二PE,根据所述第一VPN标识,从所述第二PE的VPN标识中选择与所述第一VPN标识匹配的第二VPN标识,并在所述VPN拓扑连接信息中增加作为目的端的VPN标识的所述第二VPN标识,获得修改后的所述路由发布信息;a route modification unit, configured to receive the route advertisement information sent by the receiving unit, and receive the second PE sent by the selecting unit, according to the first VPN identifier, from a VPN identifier of the second PE And the second VPN identifier that matches the first VPN identifier is selected, and the second VPN identifier that is the VPN identifier of the destination end is added to the VPN topology connection information, and the modified route advertisement information is obtained.
    隧道选择单元,用于接收所述路由修改单元发送的所述第一VPN标识和所述第二VPN标识,根据所述第一VPN标识和所述第二VPN标识,确定所述第二PE将报文传输给所述第一PE的虚拟扩展局域网VXLAN隧道封装信息;a tunnel selection unit, configured to receive the first VPN identifier and the second VPN identifier sent by the route modification unit, and determine, according to the first VPN identifier and the second VPN identifier, that the second PE Transmitting the message to the virtual extended local area network VXLAN tunnel encapsulation information of the first PE;
    发送单元,用于接收所述路由修改单元发送的修改后的所述路由发布信息和接收所述隧道选择单元发送的所述VXLAN隧道封装信息,将所述VXLAN隧道封装信息和修改后的所述路由发布信息发送给所述第二PE。a sending unit, configured to receive the modified route advertisement information sent by the route modification unit, and receive the VXLAN tunnel encapsulation information sent by the tunnel selection unit, and encapsulate the VXLAN tunnel encapsulation information and the modified The route advertisement information is sent to the second PE.
  8. 如权利要求7所述的装置,其特征在于,所述路由发布信息还包括与所述第一PE连接的用户网络边缘设备CE的网络之间互联的协议IP地址,所述VPN拓扑连接信息和所述第一PE的IP地址,且所述第一VPN标识与所述CE对应。The device according to claim 7, wherein the route advertisement information further comprises a protocol IP address interconnected by a network of a user network edge device CE connected to the first PE, the VPN topology connection information and An IP address of the first PE, and the first VPN identifier corresponds to the CE.
  9. 如权利要求7或8所述的装置,其特征在于,所述路由修改单元包括VPN标识确定单元,用于根据所述第一VPN标识,从所述VPN中的TAG对应关系中选择与所述第一VPN标识匹配的所述第二VPN标识, 所述TAG对应关系包括所述第一PE中的VPN标识与所述第二PE中的VPN标识的对应关系。The device according to claim 7 or 8, wherein the route modification unit comprises a VPN identity determining unit, configured to select from the TAG correspondence in the VPN according to the first VPN identity The second VPN identifier matched by the first VPN identifier, The TAG correspondence includes a correspondence between a VPN identifier in the first PE and a VPN identifier in the second PE.
  10. 如权利要求7-9任一项所述的装置,其特征在于,所述VXLAN隧道封装信息包括设置在所述第一PE中的VXLAN接口IP地址和设置在所述第二PE中的VXLAN接口IP地址。The apparatus according to any one of claims 7-9, wherein the VXLAN tunnel encapsulation information comprises a VXLAN interface IP address disposed in the first PE and a VXLAN interface disposed in the second PE IP address.
  11. 一种VPN服务器,其特征在于,所述服务器包括:A VPN server, characterized in that the server comprises:
    接收器,用于接收来自第一PE的路由发布信息,其中,所述路由发布信息包括所述第一PE对应的VPN拓扑连接信息,所述VPN拓扑连接信息包括源端的VPN标识,所述源端的VPN标识为所述第一PE中的第一VPN标识;a receiver, configured to receive route advertisement information from the first PE, where the route advertisement information includes VPN topology connection information corresponding to the first PE, and the VPN topology connection information includes a VPN identifier of the source end, the source The VPN identifier of the end is the first VPN identifier in the first PE;
    处理器,用于选择作为目的端的第二PE,并根据所述第一VPN标识,从所述第二PE的VPN标识中选择与所述第一VPN标识匹配的第二VPN标识,并在所述VPN拓扑连接信息中增加作为目的端的VPN标识的所述第二VPN标识,获得修改后的所述路由发布信息;以及根据所述第一VPN标识和所述第二VPN标识,确定所述第二PE将报文传输给所述第一PE的虚拟扩展局域网VXLAN隧道封装信息;a processor, configured to select a second PE that is the destination end, and select, according to the first VPN identifier, a second VPN identifier that matches the first VPN identifier from the VPN identifiers of the second PE, and Adding the second VPN identifier that is the VPN identifier of the destination end to the VPN topology connection information, and obtaining the modified route advertisement information; and determining the first according to the first VPN identifier and the second VPN identifier. Transmitting, by the second PE, the packet to the virtual extended local area network VXLAN tunnel encapsulation information of the first PE;
    发送器,用于将所述VXLAN隧道封装信息和修改后的所述路由发布信息发送给所述第二PE。And a transmitter, configured to send the VXLAN tunnel encapsulation information and the modified route advertisement information to the second PE.
  12. 如权利要求11所述的服务器,其特征在于,所述路由发布信息还包括与所述第一PE连接的用户网络边缘设备CE的网络之间互联的协议IP地址,所述VPN拓扑连接信息和所述第一PE的IP地址,且所述第一VPN标识与所述CE对应。The server according to claim 11, wherein the route advertisement information further comprises a protocol IP address interconnected by a network of a user network edge device CE connected to the first PE, the VPN topology connection information and An IP address of the first PE, and the first VPN identifier corresponds to the CE.
  13. 如权利要求11或12所述的服务器,其特征在于,所述处理器,具体用于根据所述第一VPN标识,从所述VPN中的TAG对应关系中选择与所述第一VPN标识匹配的所述第二VPN标识,所述TAG对应关系包括所述第一PE中的VPN标识与所述第二PE中的VPN标识的对应关系。 The server according to claim 11 or 12, wherein the processor is configured to select, according to the first VPN identifier, a match with the first VPN identifier from a TAG correspondence relationship in the VPN. The second VPN identifier, the TAG correspondence includes a correspondence between a VPN identifier in the first PE and a VPN identifier in the second PE.
  14. 一种传输报文的装置,其特征在于,所述装置包括:An apparatus for transmitting a message, the apparatus comprising:
    接收单元,用于接收来自源端CE发送的报文,a receiving unit, configured to receive a packet sent by the source CE,
    PE确定单元,用于接收所述接收单元发送的报文,根据所述报文,确定所述报文传输的目的PE为第二PE;a PE determining unit, configured to receive a packet sent by the receiving unit, and determine, according to the packet, that the destination PE of the packet is a second PE;
    路由选择单元,用于接收所述接收单元发送的报文,根据所述报文中的目的CE的IP地址,从接收到的所述第二PE的路由发布信息中选择与所述目的CE对应的路由发布信息,其中,所述第二PE的路由发布信息是由VPN服务器发送给所述路由选择单元的;a routing unit, configured to receive a packet sent by the receiving unit, and select, according to the IP address of the destination CE in the packet, the received routing information corresponding to the destination CE from the received routing information of the second PE. Route publishing information, wherein the route publishing information of the second PE is sent by the VPN server to the routing unit;
    隧道信息获取单元,用于接收所述PE确定单元发送的所述第二PE,从接收到的所述第二PE的VXLAN隧道封装信息中选择与所述目的CE对应的VXLAN隧道封装信息,其中,所述第二PE的VXLAN隧道封装信息是由VPN服务器发送给所述隧道选择单元的;a tunnel information acquiring unit, configured to receive the second PE sent by the PE determining unit, and select VXLAN tunnel encapsulation information corresponding to the destination CE from the received VXLAN tunnel encapsulation information of the second PE, where The VXLAN tunnel encapsulation information of the second PE is sent by the VPN server to the tunnel selection unit;
    隧道确定单元,用于接收所述路由选择单元发送的与所述目的CE对应的路由发布信息和接收所述隧道信息获取单元发送的所述VXLAN隧道封装信息,根据与所述目的CE对应的路由发布信息和所述VXLAN隧道封装信息,确定所述第一PE将报文传输给所述第二PE的VXLAN隧道;a tunnel determining unit, configured to receive route advertisement information corresponding to the destination CE and send the VXLAN tunnel encapsulation information sent by the tunnel information acquisition unit, according to a route corresponding to the destination CE Deriving the information and the VXLAN tunnel encapsulation information, and determining that the first PE transmits the packet to the VXLAN tunnel of the second PE;
    报文传输单元,用于接收所述隧道确定单元发送的所述VXLAN隧道,将所述报文通过所述VXLAN隧道传输至所述第二PE。And a message transmission unit, configured to receive the VXLAN tunnel sent by the tunnel determining unit, and transmit the packet to the second PE by using the VXLAN tunnel.
  15. 如权利要求14所述的装置,其特征在于,所述隧道确定单元,具体用于根据与所述目的CE对应的路由发布信息中的所述第一PE的第一VPN标识和所述第二PE的第二VPN标识,确定所述第一PE将报文传输给所述第二PE的VPN路由转发表,再根据与所述目的CE对应的VXLAN隧道封装信息,确定所述第一PE的IP地址和所述第二PE的IP地址,以及根据所述VPN路由转发表和所述第一PE的IP地址和所述第二PE的IP地址,确定所述第一PE将报文传输给所述第二PE的VXLAN隧道。 The device according to claim 14, wherein the tunnel determining unit is configured to: according to a route advertisement information corresponding to the destination CE, a first VPN identifier of the first PE and the second Determining, by the second VPN identifier of the PE, the first PE to transmit the packet to the VPN routing forwarding table of the second PE, and determining the first PE according to the VXLAN tunnel encapsulation information corresponding to the destination CE Determining, by the first PE, the packet to be transmitted to the IP address and the IP address of the second PE, and according to the VPN routing forwarding table and the IP address of the first PE and the IP address of the second PE The VXLAN tunnel of the second PE.
PCT/CN2014/086350 2013-11-13 2014-09-12 Method for issuing route information, and method and apparatus for transmitting packet WO2015070667A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201310567457.6 2013-11-13
CN201310567457.6A CN103634217B (en) 2013-11-13 2013-11-13 Method for issuing route information, method and device for transmitting massage

Publications (1)

Publication Number Publication Date
WO2015070667A1 true WO2015070667A1 (en) 2015-05-21

Family

ID=50214858

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/086350 WO2015070667A1 (en) 2013-11-13 2014-09-12 Method for issuing route information, and method and apparatus for transmitting packet

Country Status (2)

Country Link
CN (1) CN103634217B (en)
WO (1) WO2015070667A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113328937A (en) * 2021-04-08 2021-08-31 新华三技术有限公司 Method and device for realizing distributed aggregation
CN113542111A (en) * 2020-04-20 2021-10-22 华为技术有限公司 Message forwarding method and network equipment

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103634217B (en) * 2013-11-13 2017-02-08 华为技术有限公司 Method for issuing route information, method and device for transmitting massage
CN103957160B (en) * 2014-05-12 2017-04-19 华为技术有限公司 Message sending method and device
CN104363233A (en) * 2014-11-20 2015-02-18 成都卫士通信息安全技术有限公司 Safety cross-domain communication method for application servers in VPN gateways
CN106257876B (en) * 2015-06-16 2020-09-15 中兴通讯股份有限公司 Label processing method, routing information issuing method and device
CN105591872B (en) * 2015-10-23 2019-04-05 新华三技术有限公司 A kind of method and apparatus for realizing multiple data centers interconnection
CN106921573B (en) * 2015-12-28 2020-04-14 华为技术有限公司 NVo3 method and device for issuing tenant route in network
CN111355661B (en) * 2015-12-31 2021-12-10 华为技术有限公司 VPN processing method, PE equipment and system
CN107547333B (en) * 2016-06-29 2020-02-21 华为技术有限公司 Method and apparatus for implementing a combined virtual private network VPN
CN106330605B (en) * 2016-08-23 2020-01-03 新华三技术有限公司 Message processing method and device
CN108259356B (en) * 2017-04-25 2020-08-04 新华三技术有限公司 Routing control method and device
CN109672619B (en) 2017-10-17 2021-08-20 华为技术有限公司 Method, device and system for processing message
CN109756419B (en) * 2017-11-07 2021-09-14 中国电信股份有限公司 Routing information distribution method and device and RR
CN108259303B (en) * 2017-12-25 2020-12-04 新华三技术有限公司 Message forwarding method and device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6339595B1 (en) * 1997-12-23 2002-01-15 Cisco Technology, Inc. Peer-model support for virtual private networks with potentially overlapping addresses
CN1708031A (en) * 2004-06-11 2005-12-14 华为技术有限公司 Method for realizing virtual special network
CN101114973A (en) * 2007-09-06 2008-01-30 福建星网锐捷网络有限公司 Packet forwarding method, system and verge equipment in virtual private network
CN103634217A (en) * 2013-11-13 2014-03-12 华为技术有限公司 Method for issuing route information, method and device for transmitting massage

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101052207B (en) * 2006-04-05 2011-04-20 华为技术有限公司 Realizing method and system for movable virtual special net

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6339595B1 (en) * 1997-12-23 2002-01-15 Cisco Technology, Inc. Peer-model support for virtual private networks with potentially overlapping addresses
CN1708031A (en) * 2004-06-11 2005-12-14 华为技术有限公司 Method for realizing virtual special network
CN101114973A (en) * 2007-09-06 2008-01-30 福建星网锐捷网络有限公司 Packet forwarding method, system and verge equipment in virtual private network
CN103634217A (en) * 2013-11-13 2014-03-12 华为技术有限公司 Method for issuing route information, method and device for transmitting massage

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113542111A (en) * 2020-04-20 2021-10-22 华为技术有限公司 Message forwarding method and network equipment
CN113328937A (en) * 2021-04-08 2021-08-31 新华三技术有限公司 Method and device for realizing distributed aggregation

Also Published As

Publication number Publication date
CN103634217B (en) 2017-02-08
CN103634217A (en) 2014-03-12

Similar Documents

Publication Publication Date Title
WO2015070667A1 (en) Method for issuing route information, and method and apparatus for transmitting packet
US11888651B2 (en) Virtual private network VPN service optimization method and device
CN105939257B (en) Communication means and router
WO2017162095A1 (en) Communication method, device and system based on flow specification protocol
WO2021258754A1 (en) Message indication method and apparatus, and device and storage medium
WO2017193733A1 (en) Route propagation method, and node
WO2015165311A1 (en) Method for transmitting data packet and provider edge device
CN108574630A (en) EVPN message processing methods, equipment and system
US9344350B2 (en) Virtual service topologies in virtual private networks
WO2022048417A1 (en) Packet processing method, border device, and computer-readable storage medium
WO2015192501A1 (en) Address information publishing method and apparatus
CN103259724B (en) A kind of MPLS VPN implementation method, system and customer edge devices
WO2018006654A1 (en) Method, apparatus and system for processing flowspec message
US10374831B2 (en) Stitching multi-domain LSPs in hierarchical SDN architecture
JP2019505140A (en) Techniques for revealing maximum node and / or link segment identifier depth using OSPF
CN107070789A (en) The flow black hole of active active PBB EVPN redundancies is avoided and rapid fusion
WO2011035703A1 (en) Method and device for accessing internet protocol (ip)/layer-3 virtual private network (l3vpn) by layer-2 virtual private network (l2vpn)
WO2013182061A1 (en) Network label distribution method, device and system
CN105814944B (en) Topology Discovery based on explicit signaling
US11296973B2 (en) Path information transmission device, path information transmission method and path information transmission program
WO2013139270A1 (en) Method, device, and system for implementing layer3 virtual private network
WO2017114158A1 (en) Method and device for publishing tenant routing in nvo3 network
WO2023061061A1 (en) Message processing method, cable clip, device, and storage medium
CN112422398A (en) Message transmission method and communication device
WO2016150093A1 (en) Packet forward method, device, and pe apparatus

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14862640

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14862640

Country of ref document: EP

Kind code of ref document: A1