CN106878199B - Configuration method and device of access information - Google Patents
Configuration method and device of access information Download PDFInfo
- Publication number
- CN106878199B CN106878199B CN201611185070.4A CN201611185070A CN106878199B CN 106878199 B CN106878199 B CN 106878199B CN 201611185070 A CN201611185070 A CN 201611185070A CN 106878199 B CN106878199 B CN 106878199B
- Authority
- CN
- China
- Prior art keywords
- host
- authentication
- message
- vxlan
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/70—Admission control; Resource allocation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
Abstract
The application provides a configuration method and a device of access information, wherein the method comprises the following steps: receiving an authentication synchronization message from opposite-end equipment, wherein the authentication synchronization message is sent by the opposite-end equipment after the host authentication is determined to be successful; analyzing information of an aggregation port and authentication information from the authentication synchronous message; and configuring access information for the physical port belonging to the aggregation port by using the authentication information. According to the technical scheme, the data message can be sent based on the access information under the VXLAN networking of distributed aggregation, so that the problems of service interruption, message loss and the like are avoided.
Description
Technical Field
The present application relates to the field of communications technologies, and in particular, to a method and an apparatus for configuring access information.
Background
VXLAN (Virtual eXtensible Local Area Network) is a two-layer VPN (Virtual Private Network) technology based on IP Network and adopting a "MAC (Media Access Control) in UDP (User datagram protocol)" encapsulation form. VXLAN can provide two-layer interconnection for decentralized sites based on existing service provider or enterprise IP networks and can provide service isolation for different tenants.
In order to improve reliability, a VXLAN networking mode of distributed aggregation may be adopted, as shown in fig. 1, which is a networking schematic diagram of distributed aggregation. Physical port 1 and physical port 2 of host a join aggregation port a, and physical port 3 of VTEP device B and physical port 4 of VTEP device C also join aggregation port a through a distributed aggregation protocol between VTEP (VXLAN Tunnel EndPoint) device B and VTEP device C. Thus, for the message sent by the host a to the host E, the host a may send through the physical port 1 or the physical port 2, and the VTEP device B or the VTEP device C may forward the message after receiving the message. Moreover, when the VTEP device B or the VTEP device C fails, the host a can still send a message to the host E, thereby improving reliability.
In the application scenario, assuming that the host a sends a packet through the physical port 1, the VTEP device B may forward the packet to the VTEP device D, and the VTEP device D sends the packet to the host E. For the packet returned by the host E to the host a, assuming that the VTEP device D sends the packet to the VTEP device C, the following situation may occur: the VTEP device C does not know that the packet needs to be forwarded through the physical port 4 in the aggregation port a, so that the packet cannot be transmitted to the host a, which causes service interruption and packet loss.
Disclosure of Invention
The application provides a configuration method of access information, which is applied to local terminal equipment of a distributed aggregation system, the distributed aggregation system further comprises opposite terminal equipment and a host connected with the local terminal equipment and the opposite terminal equipment, and the method comprises the following steps:
receiving an authentication synchronization message from the opposite-end equipment, wherein the authentication synchronization message is sent by the opposite-end equipment after the host authentication is determined to be successful;
analyzing information of an aggregation port and authentication information from the authentication synchronous message;
and configuring access information for the physical port belonging to the aggregation port by using the authentication information.
The application provides a configuration method of access information, which is applied to opposite-end equipment of a distributed aggregation system, wherein the distributed aggregation system further comprises local-end equipment and a host connected with the local-end equipment and the opposite-end equipment, and the method comprises the following steps:
after receiving the data message from the host, authenticating the host;
if the host authentication is successful, generating an authentication synchronization message, wherein the authentication synchronization message comprises information of an aggregation port corresponding to the host and authentication information corresponding to the host;
and sending the authentication synchronization message to the local terminal equipment so that the local terminal equipment configures access information for the physical port belonging to the aggregation port by using the authentication information.
The application provides a configuration device of access information, is applied to distributed aggregation system's home terminal equipment, distributed aggregation system still include the opposite terminal equipment and with the host computer that home terminal equipment and opposite terminal equipment are connected, the device includes:
a receiving module, configured to receive an authentication synchronization packet from the peer device, where the authentication synchronization packet is sent by the peer device after it is determined that the host authentication is successful;
the analysis module is used for analyzing the information of the aggregation port and the authentication information from the authentication synchronous message;
and the configuration module is used for configuring access information for the physical port belonging to the aggregation port by utilizing the authentication information.
The application provides a configuration device of access information, is applied to distributed aggregation system's opposite terminal equipment, distributed aggregation system still include this end equipment and with the host computer that this end equipment and opposite terminal equipment are connected, the device includes:
the authentication module is used for authenticating the host after receiving the data message from the host;
a generating module, configured to generate an authentication synchronization packet when the host succeeds in authentication, where the authentication synchronization packet includes information of an aggregation port corresponding to the host and authentication information corresponding to the host;
and the sending module is used for sending the authentication synchronization message to the home terminal equipment so that the home terminal equipment configures access information for the physical port belonging to the aggregation port by using the authentication information.
Based on the above technical solution, in this embodiment of the application, in a VXLAN networking of distributed aggregation, if an aggregation port is formed by the physical port 1 of the local device and the physical port 2 of the peer device, when the host succeeds in authentication of the peer device and the peer device configures access information for the physical port 2, the peer device may trigger the local device to configure access information for the physical port 1. In this way, the physical port 1 of the local terminal device and the physical port 2 of the opposite terminal device are both configured with the access information, and the configuration process can be dynamic configuration, so that the operation of a user is avoided, and the workload of the user is saved. The configuration process can be completed according to the user requirement (namely, the configuration is carried out after the data message is received), and the access information with the same configuration of the physical port 1 and the physical port 2 is ensured. Because the physical port 1 and the physical port 2 are both configured with the access information, no matter the local terminal device receives the data message or the opposite terminal device receives the data message, the data message can be sent based on the access information, thereby avoiding the problems of service interruption, message loss and the like.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments of the present application or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments described in the present application, and other drawings can be obtained by those skilled in the art according to the drawings of the embodiments of the present application.
FIG. 1 is a networking schematic of a distributed aggregation;
fig. 2 is a flowchart of a configuration method of access information in an embodiment of the present application;
fig. 3 is a flowchart of a configuration method of access information in another embodiment of the present application;
FIG. 4 is a schematic diagram of an application scenario in an embodiment of the present application;
fig. 5 is a hardware configuration diagram of a local device in an embodiment of the present application;
fig. 6 is a block diagram of an apparatus for configuring access information according to an embodiment of the present application;
fig. 7 is a hardware structure diagram of a peer device in an embodiment of the present application;
fig. 8 is a block diagram of an access information allocation apparatus according to an embodiment of the present application.
Detailed Description
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this application and the claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein is meant to encompass any and all possible combinations of one or more of the associated listed items.
It is to be understood that although the terms first, second, third, etc. may be used herein to describe various information, such information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present application. Depending on the context, moreover, the word "if" may be used is interpreted as "at … …," or "at … …," or "in response to a determination.
The embodiment of the application provides a configuration method of access information, which can be applied to local terminal equipment of a distributed aggregation system, the distributed aggregation system further comprises opposite terminal equipment and a host connected with the local terminal equipment and the opposite terminal equipment, and for the host, an aggregation port associated with the host is formed by a physical port of the local terminal equipment and a physical port of the opposite terminal equipment. Referring to fig. 2, a flowchart of a configuration method for the access information may include the following steps:
In one example, when the host associated with the aggregation port is not authenticated, a data packet sent by the host may be sent to the local device, and the data packet may also be sent to the peer device.
If the data packet is sent to the peer device, after the peer device receives the data packet from the host through the aggregation port, the host is not authenticated, and therefore the peer device sends an authentication packet to the authentication server, so that the authentication server authenticates the host by using the authentication packet. If the opposite terminal device receives the authentication success message returned by the authentication server, the opposite terminal device can determine that the host authentication is successful, and send the authentication synchronization message carrying the information of the aggregation port and the authentication information to the local terminal device. And the opposite terminal device can configure access information for the physical port belonging to the aggregation port in the opposite terminal device by using the authentication success message.
If the data message is sent to the local device, after the local device receives the data message from the host through the aggregation port, the local device sends an authentication message to the authentication server because the host is not authenticated, so that the authentication server authenticates the host by using the authentication message. If the local terminal device receives the authentication success message returned by the authentication server, the local terminal device can determine that the host authentication is successful, and send an authentication synchronization message carrying the information of the aggregation port and the authentication information to the opposite terminal device. And the local terminal equipment can configure access information for the physical port belonging to the aggregation port in the local terminal equipment by using the successful authentication message.
In one example, for an authentication message sent by the home device/peer device to the authentication server, the authentication message may carry an address of the host (obtained from the data message) and a tag of the host (obtained from the data message), and the authentication server authenticates the host using the address of the host and the tag of the host. And after the authentication is successful, the authentication server can query the mapping relation of the pre-configured label, address and VXLAN identification through the address of the host and the label of the host, so as to obtain the VXLAN identification, and the authentication success message returned to the local terminal device/the opposite terminal device by the authentication server can carry the VXLAN identification. The address of the host may be a MAC address of the host, the tag of the host may be a VLAN of the host, and the VXLAN identifier may be a VXLAN ID. The mapping relationship among the tag, the address, and the VXLAN identifier maintained by the authentication server may be a mapping relationship among a MAC address, a VLAN, and a VXLAN identifier.
In an example, for a process that the home device/the peer device configures access information for a physical port belonging to the aggregation port by using the authentication success packet, the home device/the peer device may parse a VXLAN identifier from the authentication success packet, and configure a relationship between a tag of the host and the VXLAN identifier for the physical port.
For simplifying the description, it is described that the local device performs subsequent processing by sending the authentication synchronization packet to the local device by the peer device, and the processing procedure of the peer device is similar to that of the local device, and the subsequent process is not repeated.
In one example, since the authentication synchronization packet carries information of the aggregation port and the authentication information, the home terminal device may analyze the information of the aggregation port and the authentication information from the authentication synchronization packet. The information of the aggregation port may be an identification of the aggregation port. The authentication information can comprise a label of the host and a VXLAN identifier distributed to the host by the authentication server; alternatively, the authentication information may include a tag of the host, an address of the host.
In an example, the authentication synchronization message may be a protocol message generated by the peer device, where the protocol message is used to carry information of the aggregation port, a tag of the host, and a VXLAN identifier assigned by the authentication server to the host; or, the protocol message is used to carry information of the aggregation port, a label of the host, and an address of the host. And the authentication synchronization message is a new message type, and is generated by the opposite terminal equipment and sent to the local terminal equipment.
In another example, the authentication synchronization packet may also be a data packet received by the peer device, that is, a data packet from the host received by the peer device through the aggregation port. Since the data packet already carries information such as the tag of the host, the address of the host, and the like, the peer device can send the data packet to the home device as long as adding information of the aggregation port in the data packet. Moreover, the local device can analyze the information of the aggregation port, the label of the host, the address of the host and the like from the data message. In practical application, when the data packet is carried by the authentication synchronization packet, the authentication synchronization packet does not need to carry all contents of the data packet, and only needs to carry information of the aggregation port, the tag of the host, and the address of the host, for example, only contains a packet header, and the packet header carries information of the aggregation port, the tag of the host, and the address of the host.
In an example, after obtaining the information of the aggregation port, the home device may determine a physical port belonging to the aggregation port, where the physical port is a physical port of the home device and is not a physical port of an opposite device, because a corresponding relationship between the aggregation port and a physical port included in the aggregation port is locally configured.
In an example, the access information may include a mapping relationship between a tag (of the host) and a VXLAN identifier (VXLAN identifier assigned by the authentication server for the host), and based on this, the procedure for "configuring access information for a physical port belonging to the aggregation port by using the authentication information" may include, but is not limited to, the following ways: if the authentication information includes a tag of the host and a VXLAN identifier assigned by the authentication server for the host, the home device may directly configure a relationship between the tag and the VXLAN identifier for the physical port belonging to the aggregation port. Or, if the authentication information includes the tag of the host and the address of the host, the home terminal device may send an authentication message carrying the tag of the host and the address of the host to the authentication server, so that the authentication server authenticates the host by using the tag of the host and the address of the host. If the local terminal equipment receives an authentication success message returned by the authentication server, the VXLAN identification distributed by the authentication server for the host is analyzed from the authentication success message, and the relation between the label of the host and the VXLAN identification is configured for the physical port belonging to the aggregation port. The VXLAN identification carried in the successful authentication message is obtained by the authentication server through the mapping relation of the label of the host, the address inquiry label of the host, the address and the VXLAN identification.
In an example, after configuring a mapping relationship between a tag of a host and a VXLAN identifier allocated to the host by an authentication server for a physical port, if the local device receives a data packet carrying the tag (i.e., a data packet sent by the host associated with an aggregation port), the local device may obtain the VXLAN identifier corresponding to the tag carried by the data packet by querying the mapping relationship between the tag and the VXLAN identifier, and send the data packet by using the VXLAN identifier. And/or after the local terminal device configures the mapping relationship between the label of the host and the VXLAN identifier allocated to the host by the authentication server for the physical port, if the local terminal device receives the data message carrying the VXLAN identifier (that is, the data message destined to the host associated with the aggregation port), the local terminal device may obtain the label corresponding to the VXLAN identifier carried in the data message by querying the mapping relationship between the label and the VXLAN identifier, and send the data message by using the label.
In one example, after configuring the mapping relationship between the tag of the host and the VXLAN identifier assigned by the authentication server for the host for the physical port, the home device may further set an aging timer for the mapping relationship. Before the aging timer is overtime, if a data message matched with the mapping relation is received, the home terminal equipment updates the aging time of the aging timer. After the aging timer is overtime, the local terminal equipment sends a deletion message to the opposite terminal equipment. After receiving the deletion message, the opposite end device queries whether a local data message matching the mapping relationship (the opposite end device also maintains the mapping relationship between the label and the VXLAN identifier, and the mapping relationship maintained by the opposite end device is the same as the mapping relationship maintained by the local end device) still exists. If so, the opposite terminal equipment sends a deletion failure message to the local terminal equipment; if not, the opposite terminal equipment sends a deletion success message to the local terminal equipment. If the local terminal device receives the deletion success message returned by the opposite terminal device, the local terminal device may delete the mapping relationship. If the local terminal device receives the deletion failure message returned by the opposite terminal device, the local terminal device can keep the mapping relation and update the aging time of the aging timer.
Based on the above technical solution, in this embodiment of the application, in a VXLAN networking of distributed aggregation, if an aggregation port is formed by the physical port 1 of the local device and the physical port 2 of the peer device, when the host succeeds in authentication of the peer device and the peer device configures access information for the physical port 2, the peer device may trigger the local device to configure access information for the physical port 1. In this way, the physical port 1 of the local terminal device and the physical port 2 of the opposite terminal device are both configured with the access information, and the configuration process can be dynamic configuration, so that the operation of a user is avoided, and the workload of the user is saved. The configuration process can be completed according to the user requirement (namely, the configuration is carried out after the data message is received), and the access information with the same configuration of the physical port 1 and the physical port 2 is ensured. Because the physical port 1 and the physical port 2 are both configured with the access information, no matter the local terminal device receives the data message or the opposite terminal device receives the data message, the data message can be sent based on the access information, thereby avoiding the problems of service interruption, message loss and the like.
Referring to fig. 3, a flowchart of a configuration method for access information provided in the present application is shown, where the method is applied to an opposite-end device of a distributed aggregation system, and the distributed aggregation system further includes a local-end device and a host connected to the local-end device and the opposite-end device, and for the host, an aggregation port associated with the host is formed by a physical port of the local-end device and a physical port of the opposite-end device.
Further, the authentication information may include a tag of the host, and a VXLAN identifier assigned by the authentication server to the host; alternatively, the authentication information may include a tag of the host, an address of the host.
In one example, the process for "authenticating a host" may include: and sending an authentication message carrying the label of the host and the address of the host to the authentication server so that the authentication server authenticates the host by using the authentication message, and the specific authentication process is not repeated. If an authentication success message returned by the authentication server is received, the host authentication success can be determined, and the VXLAN identifier distributed to the host by the authentication server is analyzed from the authentication success message; the VXLAN identification is obtained by inquiring the mapping relation of the label of the host, the address of the host and the VXLAN identification through the authentication server.
Further, after the host is authenticated, if the host authentication is successful, the relationship between the tag of the host and the VXLAN identifier may be configured for the physical port corresponding to the host.
The above-described scheme of the embodiment of the present application is described below with reference to the application scenario shown in fig. 4. In a networking scenario of distributed aggregation, a physical port 1 and a physical port 2 of a host 3 are added to an aggregation port a, and a physical port 3 of a VTEP device 1 and a physical port 4 of the VTEP device 2 are also added to the aggregation port a through a distributed aggregation protocol between the VTEP device 1 and the VTEP device 2, which is not described again for the configuration process of the aggregation port a. The VTEP device 1 configures a correspondence relationship between the aggregation port a and the physical ports 3 and 4, and the VTEP device 2 configures a correspondence relationship between the aggregation port a and the physical ports 3 and 4.
In the application scenario, for the data packet transmission process between the host 3 and the host 4, the configuration method of the access information provided in the embodiment of the present application may include, but is not limited to, the following steps:
step 1, the host 3 sends a data message 1 through the physical port 1 or the physical port 2, where a source MAC address of the data message 1 is the MAC address 0000 0001 of the host 3, a source IP address is the IP address of the host 3, a destination MAC address is the MAC address of the host 4, and a destination IP address is the IP address of the host 4. The data packet 1 may also carry a tag (tag) of the host 3, where the tag may be a Virtual Local Area Network (VLAN) such as VLAN100, and the tag 100 is taken as an example in the following.
For convenience of description, the host 3 sends the data packet 1 through the physical port 1 as an example.
And step 2, the VTEP equipment 1 receives the data message 1 sent by the host 3 through the physical port 3.
And step 3, the VTEP equipment 1 determines that the host 3 is not authenticated at present, analyzes the address and the label of the host 3 from the data message 1, and sends an authentication message carrying the address and the label to an authentication server.
In an example, the address of the host 3 may be a source MAC address and/or a source IP address of the data packet 1, for convenience of description, the source MAC address 0000-. Moreover, since the data packet 1 carries the tag 100 of the host 3, the tag 100 of the host 3 can be analyzed from the data packet 1. In summary, the authentication packet may carry the MAC address 0000-.
In one example, a VXLAN tunnel may be configured between the VTEP device 1 and the authentication server, and the VTEP device 1 may send the authentication message to the authentication server through the VXLAN tunnel.
And 4, after receiving the authentication message, the authentication server authenticates the host 3 by using the authentication message.
In one example, the authentication server may configure a mapping relationship between the MAC address and the tag of the host that is allowed to access the network, and details of this configuration process are not described herein. Based on the mapping relationship, after receiving the authentication message, the authentication server can analyze the MAC address 0000 + 0001 and the tag 100 from the authentication message, and query the mapping relationship through the MAC address 0000 + 0001 and the tag 100. If the mapping relationship includes the MAC address 0000-.
And step 5, if the host 3 is successfully authenticated, the authentication server determines the VXLAN identifier corresponding to the label 100 and sends an authentication success message carrying the label 100 and the VXLAN identifier to the VTEP device 1.
In one example, when the authentication server configures the mapping relationship between the MAC address of the host and the tag, the mapping relationship may further include VXLAN identification. Therefore, after the mapping relationship is queried through the MAC address 0000 + 0001 and the tag 100, the VXLAN identifier corresponding to the tag 100, such as 10000, can be obtained, and therefore, the authentication success message can carry the tag 100 and the VXLAN identifier 10000.
Step 6, after receiving the successful authentication message, the VTEP device 1 determines that the host 3 is successfully authenticated, and configures access information for the physical port 3 belonging to the aggregation port a by using the successful authentication message, that is, the VTEP device 1 configures a mapping relationship between the label 100 and the VXLAN identifier 10000 for the physical port 3.
After configuring the mapping relationship between the tag 100 and the VXLAN identifier 10000 for the physical port 3, if the VTEP device 1 receives a data message sent by the host 3 to the host 4 through the physical port 3, the VTEP device 1 parses the tag 100 from the data message, queries the mapping relationship between the tag and the VXLAN identifier through the tag 100 to obtain the VXLAN identifier 10000 corresponding to the tag 100, and sends the data message by using the VXLAN identifier 10000, that is, maps the data message of the tag 100 to the VXLAN identifier 10000 for sending, and for this, the process of sending the data message by using the VXLAN identifier 10000 is not described herein again.
Furthermore, after configuring the mapping relationship between the tag 100 and the VXLAN identifier 10000 for the physical port 3, if the VTEP device 1 receives a data packet (i.e., a data packet from the VTEP device 3) sent by the host 4 to the host 3, the VTEP device 1 parses the VXLAN identifier 10000 from the data packet, queries the mapping relationship between the tag and the VXLAN identifier through the VXLAN identifier 1000 to obtain the tag 100 corresponding to the VXLAN identifier 10000, and sends the data packet (at this time, the data packet is sent through the physical port 3) by using the tag 100, i.e., maps the data packet of the VXLAN identifier 10000 to the tag 100 for sending, which is not described herein again.
However, if the host 3 sends the data packet to the VTEP device 2 through the physical port 2 or the VTEP device 2 receives the data packet sent to the host 3 by the host 4, the VTEP device 2 does not configure the mapping relationship between the tag 100 and the VXLAN identifier 10000, which causes service interruption and loss of the packet.
In order to solve the above problem, after the VTEP apparatus 1 determines that the authentication of the host 3 is successful, the method further includes the following steps:
and 7, the VTEP equipment 1 sends an authentication synchronous message to the VTEP equipment 2. The authentication synchronization packet may carry information of the aggregation port (e.g., an identifier of the aggregation port a) and authentication information.
In one example, VTEP device 1 may send the authentication sync message to VTEP device 2 over an internal forwarding link between VTEP device 1 and VTEP device 2. Certainly, the VTEP device 1 may also send the authentication sync message to the VTEP device 2 by other manners, which is not limited to this.
The authentication synchronization message is a protocol message generated by the VTEP equipment 1, and the protocol message may be a new type of message, which is used to carry information of an aggregation port and authentication information; the authentication synchronization message can also multiplex the existing message, as long as the message carries the information of the aggregation port and the authentication information.
In one example, the authentication information may include, but is not limited to: the tag 100 of the host 3, the VXLAN identifier 10000 assigned to the host 3 by the authentication server, and the like. Of course, the authentication information may also include other contents, such as the MAC address 0000-.
For convenience of description, the following description will take as an example that the authentication synchronization packet includes the following contents: message type: for example, the MLAG (Multi-Chassis Link Aggregation) indicates that the current packet is an authentication synchronization packet, and the VTEP device needs to configure access information for a physical port based on the authentication synchronization packet; MAC address: such as MAC address 0000-; VXLAN identification: such as VXLAN identification 10000; labeling: such as label 100; identification of the polymerization mouth: such as polymerization port a.
In the second mode, the authentication synchronization packet is a data packet received by the VTEP device 1, that is, the data packet 1 received in the step 2, where the data packet 1 already carries the contents of the tag 100 of the host 3, the MAC address 0000 + 0001 of the host 3, and the like, and therefore, the VTEP device 1 may add the identifier of the aggregation port a to the data packet 1, and use the modified data packet 1 as the authentication synchronization packet.
Step 8, after receiving the authentication synchronization message from the VTEP device 1, the VTEP device 2 analyzes the information of the aggregation port (such as the aggregation port a) and the authentication information from the authentication synchronization message.
Step 9, the VTEP apparatus 2 determines the physical port 4 belonging to the aggregation port a.
Step 10, the VTEP device 2 configures access information for the physical port 4 by using the authentication information.
In one example, the access information configured for physical port 4 may include: the tag 100 of the host 3 is mapped to the VXLAN identity 10000 assigned by the authentication server to the host 3. The procedure for configuring the access information for the physical port 4 by the VTEP device 2 using the authentication information may include, but is not limited to:
in the first mode, in order to resolve the tag 100 of the host 3 and the VXLAN identifier 10000 allocated to the host 3 by the authentication server for the VTEP device 2 (for example, the authentication sync message is a protocol message carrying the tag 100 of the host 3 and the VXLAN identifier 10000 allocated to the host 3 by the authentication server), the VTEP device 2 may directly configure the mapping relationship between the tag 100 of the host 3 and the VXLAN identifier 10000 for the physical port 4.
In this way, the VTEP device 2 does not need to interact with the authentication server, so that the time for configuring the mapping relationship between the tag 100 and the VXLAN identifier 10000 for the physical port 4 can be shortened.
In the second way, in order to solve the situation that the VTEP device 2 has analyzed the tag 100 of the host 3 and the MAC address 0000-. Furthermore, since a VXLAN tunnel may be configured between the VTEP device 2 and the authentication server, the VTEP device 2 may transmit the authentication message to the authentication server through the VXLAN tunnel.
After receiving the authentication message, the authentication server authenticates the host 3 by using the authentication message. Specifically, the authentication server may configure a mapping relationship between the MAC address of the host that allows access to the network and the tag, and based on the mapping relationship, after receiving the authentication packet, the authentication server may analyze the MAC address 0000 0001 and the tag 100 from the authentication packet, and query the mapping relationship through the MAC address 0000 0001 and the tag 100. If the mapping relationship includes the MAC address 0000-.
If the host 3 is authenticated successfully, the authentication server may determine the VXLAN identifier 10000 corresponding to the tag 100, and send an authentication success message carrying the tag 100 and the VXLAN identifier 10000 to the VTEP device 2. Specifically, when the authentication server configures the mapping relationship between the MAC address of the host and the tag, the mapping relationship may further include a VXLAN identifier. Therefore, after the mapping relationship is queried through the MAC address 0000 + 0001 and the tag 100, the VXLAN identifier 10000 corresponding to the tag 100 can be obtained, and thus the authentication success message can carry the tag 100 and the VXLAN identifier 10000.
After receiving the authentication success message, the VTEP device 2 determines that the host 3 is successfully authenticated, and configures a mapping relationship between the tag 100 and the VXLAN identifier 10000 for the physical port 4 by using the authentication success message.
For the first and second modes, after configuring the mapping relationship between the tag 100 and the VXLAN identifier 10000 for the physical port 4, if the VTEP device 2 receives the data packet sent to the host 4 by the host 3 through the physical port 4, the VTEP device 2 parses the tag 100 from the data packet, queries the mapping relationship between the tag and the VXLAN identifier through the tag 100 to obtain the VXLAN identifier 10000 corresponding to the tag 100, and sends the data packet by using the VXLAN identifier 10000, that is, maps the data packet of the tag 100 to the VXLAN identifier 10000 for sending. Furthermore, if the VTEP device 2 receives the data packet sent by the host 4 to the host 3, the VXLAN identifier 10000 is parsed from the data packet, the mapping relationship between the tag and the VXLAN identifier is queried through the VXLAN identifier 1000, the tag 100 corresponding to the VXLAN identifier 10000 is obtained, and the data packet is sent by using the tag 100 (the data packet is sent through the physical port 4), that is, the data packet of the VXLAN identifier 10000 is mapped to the tag 100 for sending.
Through the above process, the same access information, i.e. the mapping relationship between the tag 100 and the VXLAN identifier 10000, is configured for the physical port 3 of the VTEP device 1 and the physical port 4 of the VTEP device 2.
In one example, after configuring the mapping relationship between the tag 100 and the VXLAN identifier 10000 for the physical port 3/physical port 4, the VTEP device 1/VTEP device 2 may further set an aging timer for the mapping relationship, and the aging time of the aging timer may be configured according to actual experience. Before the aging timer is overtime, if VTEP device 1/VTEP device 2 receives the data message matching with the mapping relation, then the aging time of the aging timer is updated, and after the aging timer is overtime, then a delete message is sent.
For convenience of description, the aging timer of the VTEP apparatus 1 will be described as an example.
VTEP device 1 sends a delete message to VTEP device 2, where the delete message may carry information of aggregation port a, tag 100, and VXLAN identifier 10000. In an example, the content carried by the delete message may be similar to the authentication sync message, except that the message type is different from the message type of the authentication sync message, where the message type of the delete message indicates that the mapping relationship between the tag 100 and the VXLAN identifier 10000 needs to be deleted.
After receiving the deletion message, the VTEP device 2 queries whether a data packet matching the "mapping relationship between the tag 100 and the VXLAN identifier 10000" still exists locally. If so, the VTEP device 2 sends a deletion failure message to the VTEP device 1; if not, a deletion success message is sent to the VTEP device 1.
Specifically, after receiving the deletion message, before the aging timer set by the VTEP device 2 for the mapping relationship expires, if a data packet matching the mapping relationship is received, it indicates that the data packet matching the mapping relationship still exists locally, and the VTEP device 2 may update the aging time of the aging timer and send a deletion failure message to the VTEP device 1. After receiving the deletion message, after the aging timer set by the VTEP device 2 for the mapping relationship is overtime, if the data packet matching the mapping relationship is not received, it indicates that there is no data packet matching the mapping relationship locally, and the VTEP device 2 may delete the mapping relationship and the aging timer, and send a deletion success message to the VTEP device 1.
Further, if the VTEP device 1 receives the deletion success message returned by the VTEP device 2, the mapping relationship and the aging timer are deleted. If VTEP device 1 receives the deletion failure message returned by VTEP device 2, the mapping relationship may be retained, and the aging time of the aging timer may be updated.
Based on the same application concept as the method, an embodiment of the present application further provides an access information configuration device, where the access information configuration device is applied to the local device. The configuration device of the access information can be realized by software, and also can be realized by hardware or a combination of hardware and software. Taking a software implementation as an example, as a logical means, the device is formed by reading a corresponding computer program instruction in the nonvolatile memory through a processor of the local device where the device is located. In terms of hardware, as shown in fig. 5, for a hardware structure diagram of the local device where the configuration apparatus of the access information is located, in addition to the processor and the nonvolatile memory shown in fig. 5, the local device may further include other hardware, such as a forwarding chip, a network interface, and a memory, which are responsible for processing a packet; in terms of hardware structure, the local device may also be a distributed device, and may include multiple interface cards, so as to perform extension of message processing on a hardware level.
As shown in fig. 6, a structure diagram of a configuration apparatus for access information provided in the present application is applied to a local device of a distributed aggregation system, where the distributed aggregation system further includes an opposite device and a host connected to the local device and the opposite device, and the apparatus includes:
a receiving module 11, configured to receive an authentication synchronization packet from the peer device, where the authentication synchronization packet is sent by the peer device after it is determined that the host authentication is successful; the analysis module 12 is configured to analyze information of the aggregation port and authentication information from the authentication synchronization packet; a configuration module 13, configured to configure access information for the physical port belonging to the aggregation port by using the authentication information.
In one example, the authentication information may include a tag of the host, and an extensible virtual local area network VXLAN identifier assigned by the authentication server to the host; based on this, the configuring module 13 is specifically configured to configure the relationship between the tag and the VXLAN identifier for the physical port belonging to the aggregation port in the process of configuring the access information for the physical port belonging to the aggregation port by using the authentication information.
In one example, the authentication information includes a tag of the host, an address of the host; the configuration module 13 is specifically configured to send an authentication packet carrying a tag of the host and an address of the host to an authentication server in a process of configuring access information for a physical port belonging to the aggregation port by using the authentication information, so that the authentication server authenticates the host by using the tag of the host and the address of the host; if an authentication success message returned by the authentication server is received, analyzing a VXLAN identifier distributed by the authentication server for the host from the authentication success message; the VXLAN identification is obtained by the authentication server through inquiring the mapping relation of a label, an address and the VXLAN identification; and configuring the relationship between the label and the VXLAN identification for the physical port belonging to the aggregation port.
In an example, the access information configured by the configuration module 13 for the physical port includes a mapping relationship between a tag of the host and a VXLAN identifier assigned by an authentication server for the host;
the device further comprises (not represented in the figures): a sending module;
the sending module is used for obtaining a VXLAN identifier corresponding to the label by inquiring the mapping relation after receiving the data message carrying the label, and sending the data message by using the VXLAN identifier; and/or after receiving the data message carrying the VXLAN identification, obtaining a label corresponding to the VXLAN identification by inquiring the mapping relation, and sending the data message by using the label.
In an example, the access information configured by the configuration module 13 for the physical port includes a mapping relationship between a tag of the host and a VXLAN identifier assigned by an authentication server for the host;
the device further comprises (not represented in the figures): a maintenance module;
the maintenance module is used for setting an aging timer for the mapping relation; before the aging timer is overtime, if a data message matched with the mapping relation is received, updating the aging time of the aging timer; after the aging timer is overtime, sending a deletion message to the opposite terminal equipment; if a deletion success message returned by the opposite terminal equipment is received, deleting the mapping relation; if a deletion failure message returned by the opposite terminal equipment is received, the mapping relation is reserved, and the aging time of the aging timer is updated; the deletion success message is sent when the opposite terminal equipment inquires that no data message matched with the mapping relation exists locally, and the deletion failure message is sent when the opposite terminal equipment inquires that a data message matched with the mapping relation exists locally.
Based on the same application concept as the method, an embodiment of the present application further provides an access information configuration device, where the access information configuration device is applied to an opposite-end device. The configuration device of the access information can be realized by software, and also can be realized by hardware or a combination of hardware and software. Taking a software implementation as an example, as a device in a logical sense, the device is formed by reading a corresponding computer program instruction in a nonvolatile memory through a processor of a peer device where the device is located. In terms of hardware, as shown in fig. 7, for a hardware structure diagram of the peer device where the configuration apparatus of the access information is located, in addition to the processor and the nonvolatile memory shown in fig. 7, the peer device may further include other hardware, such as a forwarding chip, a network interface, and a memory, which are responsible for processing a packet; in terms of hardware structure, the peer device may also be a distributed device, and may include multiple interface cards, so as to perform packet processing extension at a hardware level.
As shown in fig. 8, a structure diagram of a configuration apparatus for access information provided in the present application is applied to an opposite device of a distributed aggregation system, where the distributed aggregation system further includes a local device and a host connected to the local device and the opposite device, and the apparatus includes:
the authentication module 21 is configured to authenticate the host after receiving the data packet from the host; a generating module 22, configured to generate an authentication synchronization packet when the host succeeds in authentication, where the authentication synchronization packet includes information of an aggregation port corresponding to the host and authentication information corresponding to the host; a sending module 23, configured to send the authentication synchronization packet to the home device, so that the home device configures access information for a physical port belonging to the aggregation port by using the authentication information.
The authentication information comprises a label of the host and a VXLAN identifier distributed to the host by an authentication server; or the authentication information comprises a label of the host and an address of the host;
the authentication module 21 is specifically configured to send an authentication packet carrying a tag of the host and an address of the host to an authentication server in a process of authenticating the host, so that the authentication server authenticates the host by using the authentication packet; if an authentication success message returned by the authentication server is received, the host authentication is determined to be successful, and VXLAN identification distributed to the host by the authentication server is analyzed from the authentication success message; the VXLAN identification is obtained by the authentication server through inquiring the mapping relation among the label of the host, the address of the host and the VXLAN identification;
the device further comprises: a configuration module, configured to configure, when the host authentication is successful, a relationship between the tag of the host and the VXLAN identifier for a physical port corresponding to the host.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. A typical implementation device is a computer, which may take the form of a personal computer, laptop computer, cellular telephone, camera phone, smart phone, personal digital assistant, media player, navigation device, email messaging device, game console, tablet computer, wearable device, or a combination of any of these devices.
For convenience of description, the above devices are described as being divided into various units by function, and are described separately. Of course, the functionality of the units may be implemented in one or more software and/or hardware when implementing the present application.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Furthermore, these computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (which may include, but is not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The above description is only an example of the present application and is not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.
Claims (14)
1. A configuration method of access information is applied to a local terminal device of a distributed aggregation system, the distributed aggregation system further comprises an opposite terminal device and a host connected with the local terminal device and the opposite terminal device, and the method is characterized by comprising the following steps:
receiving an authentication synchronization message from the opposite-end equipment, wherein the authentication synchronization message is sent by the opposite-end equipment after the host authentication is determined to be successful;
analyzing information of an aggregation port and authentication information from the authentication synchronous message;
and configuring access information for the physical port belonging to the aggregation port by using the authentication information.
2. The method according to claim 1, wherein the authentication information comprises a tag of the host, an extensible virtual local area network VXLAN identification assigned to the host by the authentication server; the process of configuring access information for the physical port belonging to the aggregation port by using the authentication information specifically includes:
and configuring the relationship between the label and the VXLAN identification for the physical port belonging to the aggregation port.
3. The method of claim 1,
the authentication information includes a tag of the host and an address of the host, and the process of configuring the access information for the physical port belonging to the aggregation port by using the authentication information specifically includes:
sending an authentication message carrying the label of the host and the address of the host to an authentication server so that the authentication server authenticates the host by using the label of the host and the address of the host;
if an authentication success message returned by the authentication server is received, analyzing a VXLAN identifier distributed by the authentication server for the host from the authentication success message; the VXLAN identification is obtained by the authentication server through inquiring the mapping relation of a label, an address and the VXLAN identification;
and configuring the relationship between the label and the VXLAN identification for the physical port belonging to the aggregation port.
4. The method according to claim 1, wherein the access information includes a mapping relationship between a tag of the host and a VXLAN identifier assigned to the host by an authentication server, and wherein configuring access information for a physical port belonging to the aggregation port by using the authentication information further comprises:
after receiving a data message carrying a label, obtaining a VXLAN identifier corresponding to the label by inquiring the mapping relation, and sending the data message by using the VXLAN identifier; and/or the presence of a gas in the gas,
and after receiving the data message carrying the VXLAN identification, obtaining a label corresponding to the VXLAN identification by inquiring the mapping relation, and sending the data message by using the label.
5. The method according to claim 1, wherein the access information includes a mapping relationship between a tag of the host and a VXLAN identifier assigned to the host by an authentication server, and wherein configuring access information for a physical port belonging to the aggregation port by using the authentication information further comprises:
setting an aging timer for the mapping relation; before the aging timer is overtime, if a data message matched with the mapping relation is received, updating the aging time of the aging timer;
after the aging timer is overtime, sending a deletion message to the opposite terminal equipment; after receiving the deletion message, the opposite terminal equipment inquires whether a data message matched with the mapping relation exists locally;
if a deletion success message returned by the opposite terminal equipment is received, deleting the mapping relation; if a deletion failure message returned by the opposite terminal equipment is received, the mapping relation is reserved, and the aging time of the aging timer is updated; the deletion success message is sent when the opposite terminal equipment inquires that no data message matched with the mapping relation exists locally, and the deletion failure message is sent when the opposite terminal equipment inquires that a data message matched with the mapping relation exists locally.
6. A configuration method of access information is applied to opposite terminal equipment of a distributed aggregation system, the distributed aggregation system further comprises local terminal equipment and a host connected with the local terminal equipment and the opposite terminal equipment, and the method is characterized by comprising the following steps:
after receiving the data message from the host, authenticating the host;
if the host authentication is successful, generating an authentication synchronization message, wherein the authentication synchronization message comprises information of an aggregation port corresponding to the host and authentication information corresponding to the host;
and sending the authentication synchronization message to the local terminal equipment so that the local terminal equipment configures access information for the physical port belonging to the aggregation port by using the authentication information.
7. The method according to claim 6, wherein the authentication information comprises a tag of the host, an extensible virtual local area network (VXLAN) identifier assigned to the host by an authentication server; or the authentication information comprises a label of the host and an address of the host;
the process of authenticating the host specifically includes: sending an authentication message carrying the label of the host and the address of the host to an authentication server so that the authentication server authenticates the host by using the authentication message; if an authentication success message returned by the authentication server is received, the host authentication is determined to be successful, and VXLAN identification distributed to the host by the authentication server is analyzed from the authentication success message; the VXLAN identification is obtained by the authentication server through inquiring the mapping relation among the label of the host, the address of the host and the VXLAN identification;
after authenticating the host, the method further comprises: and if the host authentication is successful, configuring the relationship between the label of the host and the VXLAN identifier for the physical port corresponding to the host.
8. A configuration device of access information is applied to local terminal equipment of a distributed aggregation system, the distributed aggregation system further comprises opposite terminal equipment and a host connected with the local terminal equipment and the opposite terminal equipment, and the configuration device is characterized by comprising:
a receiving module, configured to receive an authentication synchronization packet from the peer device, where the authentication synchronization packet is sent by the peer device after it is determined that the host authentication is successful;
the analysis module is used for analyzing the information of the aggregation port and the authentication information from the authentication synchronous message;
and the configuration module is used for configuring access information for the physical port belonging to the aggregation port by utilizing the authentication information.
9. The apparatus according to claim 8, wherein the authentication information comprises a tag of the host, an extensible virtual local area network VXLAN identifier assigned to the host by the authentication server;
the configuration module is specifically configured to configure, in a process of configuring access information for a physical port belonging to the aggregation port by using the authentication information, a relationship between the tag and the VXLAN identifier for the physical port belonging to the aggregation port.
10. The apparatus of claim 8,
the authentication information comprises a label of the host and an address of the host; the configuration module is specifically configured to send an authentication packet carrying a tag of the host and an address of the host to an authentication server in a process of configuring access information for a physical port belonging to the aggregation port by using the authentication information, so that the authentication server authenticates the host by using the tag of the host and the address of the host;
if an authentication success message returned by the authentication server is received, analyzing a VXLAN identifier distributed by the authentication server for the host from the authentication success message; the VXLAN identification is obtained by the authentication server through inquiring the mapping relation of a label, an address and the VXLAN identification;
and configuring the relationship between the label and the VXLAN identification for the physical port belonging to the aggregation port.
11. The apparatus according to claim 8, wherein the access information configured for the physical port by the configuration module comprises a mapping relationship between a tag of the host and a VXLAN identifier assigned to the host by an authentication server; the device further comprises: a sending module;
the sending module is used for obtaining a VXLAN identifier corresponding to the label by inquiring the mapping relation after receiving the data message carrying the label, and sending the data message by using the VXLAN identifier; and/or after receiving the data message carrying the VXLAN identification, obtaining a label corresponding to the VXLAN identification by inquiring the mapping relation, and sending the data message by using the label.
12. The apparatus according to claim 8, wherein the access information configured for the physical port by the configuration module comprises a mapping relationship between a tag of the host and a VXLAN identifier assigned to the host by an authentication server; the device further comprises: a maintenance module;
the maintenance module is used for setting an aging timer for the mapping relation; before the aging timer is overtime, if a data message matched with the mapping relation is received, updating the aging time of the aging timer; after the aging timer is overtime, sending a deletion message to the opposite terminal equipment; after receiving the deletion message, the opposite terminal equipment inquires whether a data message matched with the mapping relation exists locally;
if a deletion success message returned by the opposite terminal equipment is received, deleting the mapping relation; if a deletion failure message returned by the opposite terminal equipment is received, the mapping relation is reserved, and the aging time of the aging timer is updated; the deletion success message is sent when the opposite terminal equipment inquires that no data message matched with the mapping relation exists locally, and the deletion failure message is sent when the opposite terminal equipment inquires that a data message matched with the mapping relation exists locally.
13. A configuration device of access information is applied to opposite terminal equipment of a distributed aggregation system, the distributed aggregation system further comprises a local terminal equipment and a host connected with the local terminal equipment and the opposite terminal equipment, and the configuration device is characterized by comprising:
the authentication module is used for authenticating the host after receiving the data message from the host;
a generating module, configured to generate an authentication synchronization packet when the host succeeds in authentication, where the authentication synchronization packet includes information of an aggregation port corresponding to the host and authentication information corresponding to the host;
and the sending module is used for sending the authentication synchronization message to the home terminal equipment so that the home terminal equipment configures access information for the physical port belonging to the aggregation port by using the authentication information.
14. The apparatus according to claim 13, wherein the authentication information comprises a tag of the host, an extensible virtual local area network VXLAN identifier assigned to the host by an authentication server; or the authentication information comprises a label of the host and an address of the host;
the authentication module is specifically configured to send an authentication packet carrying a tag of the host and an address of the host to an authentication server in a process of authenticating the host, so that the authentication server authenticates the host by using the authentication packet; if an authentication success message returned by the authentication server is received, the host authentication is determined to be successful, and VXLAN identification distributed to the host by the authentication server is analyzed from the authentication success message; the VXLAN identification is obtained by the authentication server through inquiring the mapping relation among the label of the host, the address of the host and the VXLAN identification;
the device further comprises: a configuration module, configured to configure, when the host authentication is successful, a relationship between the tag of the host and the VXLAN identifier for a physical port corresponding to the host.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611185070.4A CN106878199B (en) | 2016-12-20 | 2016-12-20 | Configuration method and device of access information |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611185070.4A CN106878199B (en) | 2016-12-20 | 2016-12-20 | Configuration method and device of access information |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106878199A CN106878199A (en) | 2017-06-20 |
| CN106878199B true CN106878199B (en) | 2020-02-11 |
Family
ID=59164871
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201611185070.4A Active CN106878199B (en) | 2016-12-20 | 2016-12-20 | Configuration method and device of access information |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106878199B (en) |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107547341B (en) * | 2017-06-23 | 2020-07-07 | 新华三技术有限公司 | Access method and device of virtual extensible local area network VXLAN |
| CN107547402B (en) * | 2017-07-19 | 2020-04-03 | 新华三技术有限公司 | Forwarding table generation method and device |
| CN107645433B (en) * | 2017-08-31 | 2021-03-30 | 新华三技术有限公司 | Message forwarding method and device |
| CN107995110B (en) * | 2017-11-16 | 2020-12-01 | 新华三技术有限公司 | Traffic forwarding method and device |
| CN109495368B (en) * | 2018-12-19 | 2021-07-16 | 锐捷网络股份有限公司 | Updating method of MAC address forwarding table and network equipment |
| CN110545240B (en) * | 2019-08-02 | 2022-06-07 | 新华三大数据技术有限公司 | Method for establishing label forwarding table and forwarding message based on distributed aggregation system |
| CN111786882B (en) * | 2020-06-30 | 2022-04-22 | 中国联合网络通信集团有限公司 | Route processing method and device |
| CN114024756B (en) * | 2021-11-09 | 2024-04-09 | 迈普通信技术股份有限公司 | Access authentication method, device, electronic equipment and computer readable storage medium |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101102188A (en) * | 2006-07-07 | 2008-01-09 | 华为技术有限公司 | A method and system for mobile access to VLAN |
| CN102223347A (en) * | 2010-04-13 | 2011-10-19 | 中兴通讯股份有限公司 | Multi-access authentication method and system in next generation network |
| CN103905283A (en) * | 2012-12-25 | 2014-07-02 | 华为技术有限公司 | Communication method and apparatus based on expandable virtual local area network |
| CN104052753A (en) * | 2014-06-26 | 2014-09-17 | 杭州华三通信技术有限公司 | Authentication method and device |
| CN104468394A (en) * | 2014-12-04 | 2015-03-25 | 杭州华三通信技术有限公司 | Method and device for forwarding messages in VXLAN network |
| CN105207873A (en) * | 2015-08-31 | 2015-12-30 | 华为技术有限公司 | Message processing method and apparatus |
| CN105592062A (en) * | 2015-10-28 | 2016-05-18 | 杭州华三通信技术有限公司 | Method and device for remaining IP address unchanged |
| US9465668B1 (en) * | 2012-04-30 | 2016-10-11 | Google Inc. | Adaptive ownership and cloud-based configuration and control of network devices |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080127333A1 (en) * | 2006-08-04 | 2008-05-29 | Gabriel Raffi T | Verification Authentication System and Method |
| US9559896B2 (en) * | 2013-07-08 | 2017-01-31 | Cisco Technology, Inc. | Network-assisted configuration and programming of gateways in a network environment |
| US10171559B2 (en) * | 2014-11-21 | 2019-01-01 | Cisco Technology, Inc. | VxLAN security implemented using VxLAN membership information at VTEPs |
| US9979711B2 (en) * | 2015-06-26 | 2018-05-22 | Cisco Technology, Inc. | Authentication for VLAN tunnel endpoint (VTEP) |
-
2016
- 2016-12-20 CN CN201611185070.4A patent/CN106878199B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101102188A (en) * | 2006-07-07 | 2008-01-09 | 华为技术有限公司 | A method and system for mobile access to VLAN |
| CN102223347A (en) * | 2010-04-13 | 2011-10-19 | 中兴通讯股份有限公司 | Multi-access authentication method and system in next generation network |
| US9465668B1 (en) * | 2012-04-30 | 2016-10-11 | Google Inc. | Adaptive ownership and cloud-based configuration and control of network devices |
| CN103905283A (en) * | 2012-12-25 | 2014-07-02 | 华为技术有限公司 | Communication method and apparatus based on expandable virtual local area network |
| CN104052753A (en) * | 2014-06-26 | 2014-09-17 | 杭州华三通信技术有限公司 | Authentication method and device |
| CN104468394A (en) * | 2014-12-04 | 2015-03-25 | 杭州华三通信技术有限公司 | Method and device for forwarding messages in VXLAN network |
| CN105207873A (en) * | 2015-08-31 | 2015-12-30 | 华为技术有限公司 | Message processing method and apparatus |
| CN105592062A (en) * | 2015-10-28 | 2016-05-18 | 杭州华三通信技术有限公司 | Method and device for remaining IP address unchanged |
Non-Patent Citations (1)
| Title |
|---|
| VXLAN网络技术研究;缪仕福;《科技资讯》;20150203;15-16 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106878199A (en) | 2017-06-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106878199B (en) | Configuration method and device of access information | |
| US10057167B2 (en) | Identifying end-stations on private networks | |
| US20220070095A1 (en) | Data transmission method and apparatus, network adapter, and storage medium | |
| CN103580980B (en) | The method and device thereof that virtual network finds and automatically configures automatically | |
| US8650326B2 (en) | Smart client routing | |
| EP3461072B1 (en) | Access control in a vxlan | |
| CN108259299B (en) | Forwarding table item generating method and device and machine-readable storage medium | |
| CN106878194B (en) | Message processing method and device | |
| CN112217771B (en) | Data forwarding method and data forwarding device based on tenant information | |
| CN106921578B (en) | Method and device for generating forwarding table item | |
| CN108600109B (en) | Message forwarding method and device | |
| CN109495594B (en) | Data transmission method, PNF SDN controller, VNF SDN controller and system | |
| CN106506515B (en) | Authentication method and device | |
| CN111786867B (en) | Data transmission method and server | |
| CN104993993B (en) | A kind of message processing method, equipment and system | |
| CN111786869B (en) | Data transmission method between servers and server | |
| CN108462683B (en) | Authentication method and device | |
| CN113162779B (en) | Multi-cloud interconnection method and equipment | |
| CN107070719B (en) | Equipment management method and device | |
| CN106878052B (en) | User migration method and device | |
| CN108183858B (en) | Route introducing method and device | |
| EP3503484B1 (en) | Message transmission methods and devices | |
| US10104018B2 (en) | Method, apparatus, and system for controlling forwarding of service data in virtual network | |
| CN110830477B (en) | Service identification method, device, gateway, system and storage medium | |
| CN113709016B (en) | Communication system, communication method, communication apparatus, communication device, and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |