CN106878288B - message forwarding method and device - Google Patents

message forwarding method and device Download PDF

Info

Publication number
CN106878288B
CN106878288B CN201710042734.XA CN201710042734A CN106878288B CN 106878288 B CN106878288 B CN 106878288B CN 201710042734 A CN201710042734 A CN 201710042734A CN 106878288 B CN106878288 B CN 106878288B
Authority
CN
China
Prior art keywords
forwarding table
table entry
target
entry
locally
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710042734.XA
Other languages
Chinese (zh)
Other versions
CN106878288A (en
Inventor
黄李伟
王伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
New H3C Technologies Co Ltd
Original Assignee
New H3C Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by New H3C Technologies Co Ltd filed Critical New H3C Technologies Co Ltd
Priority to CN201710042734.XA priority Critical patent/CN106878288B/en
Publication of CN106878288A publication Critical patent/CN106878288A/en
Application granted granted Critical
Publication of CN106878288B publication Critical patent/CN106878288B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/10Mapping addresses of different types
    • H04L61/103Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

the application provides a method and a device for updating a forwarding table entry, wherein the method comprises the following steps: when receiving a target forwarding table item synchronized by remote VTEP equipment, inquiring a forwarding table item stored locally according to the target forwarding table item; and if a forwarding table item matched with the target forwarding table item locally exists, the target forwarding table item is not provided with a preset mark, and a forwarding table item locally stored and matched with the target forwarding table item is provided with the preset mark, refusing to update the forwarding table item according to the target forwarding table item. By applying the embodiment of the application, repeated switching of the forwarding table entry caused by ARP attack and the like can be avoided, and the normal operation of the corresponding service is ensured.

Description

message forwarding method and device
Technical Field
The present application relates to the field of network communication technologies, and in particular, to a method and an apparatus for forwarding a packet.
background
VXLAN (Virtual Extensible Local Area Network) is a two-layer VPN (Virtual Private Network) technology based on an IP (Internet Protocol) Network and adopting a "MAC (Media Access Control) in UDP (User Datagram Protocol)" encapsulation form. VXLAN can provide two-layer interconnection for dispersed physical sites based on existing service provider or enterprise IP networks and can provide service isolation for different tenants.
An EVPN (Ethernet Virtual Private Network) is a two-layer VPN technology, where a control plane uses MP-BGP (multi Protocol Border Gateway Protocol) to announce EVPN routing information, and a data plane uses VXLAN encapsulation to forward a packet.
Disclosure of Invention
the application provides a method and a device for updating a forwarding table entry, which are used for solving the problem that in the prior art, the forwarding table entry is repeatedly switched due to ARP attack and the like, so that the service cannot normally run.
According to a first aspect of the embodiments of the present application, a forwarding table update method is provided, where the forwarding table update method is applied to a target virtual extensible local area network tunnel endpoint VTEP device in an ethernet virtual private network EVPN networking, and the method includes:
When receiving a target forwarding table item synchronized by remote VTEP equipment, inquiring a forwarding table item stored locally according to the target forwarding table item;
If a forwarding table entry matched with the target forwarding table entry exists locally, a preset mark is not set in the target forwarding table entry, and a forwarding table entry matched with the target forwarding table entry and stored locally is set with the preset mark, the updating of the forwarding table entry according to the target forwarding table entry is refused; wherein, the priority of the forwarding table entry with the preset mark is higher than that of the forwarding table entry without the preset mark.
according to a second aspect of the embodiments of the present application, there is provided a forwarding table update apparatus, which is applied to a target virtual extensible local area network tunnel endpoint VTEP device in an ethernet virtual private network EVPN networking, where the apparatus includes:
A receiving unit, configured to receive a target forwarding table entry synchronized by a remote VTEP device;
The query unit is used for querying a forwarding table item stored locally according to a target forwarding table item when the receiving unit receives the target forwarding table item synchronized by the remote VTEP device;
An updating unit, configured to refuse to update a forwarding table entry according to the target forwarding table entry if a forwarding table entry matching the target forwarding table entry locally exists, and the target forwarding table entry is not provided with a preset flag, and a forwarding table entry matching the target forwarding table entry locally stored is provided with the preset flag; wherein, the priority of the forwarding table entry with the preset mark is higher than that of the forwarding table entry without the preset mark.
By applying the embodiment of the application, when a target forwarding table item synchronized by remote VTEP equipment is received, a forwarding table item stored locally is inquired according to the target forwarding table item; if a forwarding table entry matched with the target forwarding table entry exists locally, the target forwarding table entry is not provided with the preset mark, and a forwarding table entry locally stored and matched with the target forwarding table entry is provided with the preset mark, the forwarding table entry is rejected from being updated according to the target forwarding table entry, so that repeated switching of the forwarding table entry caused by ARP attack and the like is avoided, and the normal operation of the corresponding service is ensured.
Drawings
Fig. 1 is a schematic diagram of an EVPN networking architecture;
fig. 2 is a flowchart illustrating a method for updating a forwarding entry according to an embodiment of the present application;
Fig. 3 is a schematic structural diagram of a forwarding table entry updating apparatus according to an embodiment of the present application;
Fig. 4 is a schematic structural diagram of another forwarding entry updating apparatus according to an embodiment of the present application;
Fig. 5 is a schematic structural diagram of another forwarding entry updating apparatus according to an embodiment of the present application.
Detailed Description
In order to make the technical solutions in the embodiments of the present application better understood and make the above objects, features and advantages of the embodiments of the present application more comprehensible, the technical solutions in the embodiments of the present application are described in further detail below with reference to the accompanying drawings.
currently, an EVPN network synchronizes forwarding entries through a BGP Protocol, including Media Access Control (MAC) and Address Resolution Protocol (ARP) entries, so as to avoid too many flooding messages in an IP (Internet Protocol) core network.
taking the EVPN networking shown in fig. 1 as an example, after VM (Virtual Machine) 1 is online at VTEP (VXLAN Tunneling End Point, VXLAN tunnel End Point) 1, VTEP1 synchronizes the ARP entry and MAC entry of VM1 to VTEP 2; similarly, after VM2 goes online at VTEP2, VTEP2 synchronizes ARP entry and MAC entry of VM2 to VTEP1, and further, when VM2 and VM1 need to communicate, corresponding forwarding entries may be directly queried on VTEP2 and VTEP1 without flooding broadcast packet to public network side.
In the EVPN networking shown in fig. 1, when VM1 migrates from VTEP1 to below VTEP3, VTPE3 synchronizes ARP and MAC entries of VM1 to VTEP2, and VTEP2 receives ARP and MAC entries of VM1 synchronized with VTEP3, switches the next hop of the forwarding entry locally corresponding to VM1 from VXLAN tunnel 1 to VXLAN tunnel 3, and completes migration of VM 1.
However, in the conventional EVPN networking network, ARP and other types of attacks may exist, which may cause repeated switching of forwarding entries in the EVPN networking network, and may cause service failure.
referring to fig. 2, a flow diagram of a forwarding entry updating method provided in the embodiment of the present application is shown, where the forwarding entry updating method may be applied to a target VTEP device in an EVPN networking, and as shown in fig. 2, the forwarding entry updating method may include the following steps:
Step 201, when receiving a target forwarding table item synchronized by a remote VTEP device, querying a forwarding table item stored locally according to the target forwarding table item.
In this embodiment of the present application, the target VTEP device does not refer to a certain fixed VTEP device, but may refer to any VTEP device in the EVPN networking, and the following description of this embodiment of the present application is not repeated.
in this embodiment of the application, when a local VM (virtual Machine) of a target VTEP device is online, the target VTEP device needs to locally generate a forwarding entry (including an ARP entry, a MAC entry, and the like) of the VM, and synchronize the forwarding entry to a remote VTEP device. Similarly, the target VTEP apparatus also receives the forwarding table synchronized by the remote VTEP apparatus.
in this embodiment of the present application, when the target VTEP apparatus receives a forwarding table (referred to as a target forwarding table) synchronized by the remote VTEP apparatus, the target VTEP apparatus may query a forwarding table stored locally according to the target forwarding table, so as to determine whether a forwarding table matching the target forwarding table exists locally.
In this embodiment of the present application, the matching of the forwarding table entries may include that the MAC addresses are the same, that is, when a forwarding table entry which is the same as the MAC address in the target forwarding table entry exists in the forwarding table entry stored locally, it is determined that a forwarding table entry which is matched with the target forwarding table entry exists locally.
Step 202, if a forwarding table entry matching the target forwarding table entry exists locally, and the target forwarding table entry does not set the preset flag, and the forwarding table entry matching the target forwarding table entry stored locally is set with the preset flag, rejecting updating the forwarding table entry according to the target forwarding table entry.
In the embodiment of the present application, in order to avoid frequent switching of forwarding entries of VTEP devices due to ARP attack and the like, a preset flag may be set for a forwarding entry corresponding to a specific service (which may be referred to as a key service herein), where a priority of the forwarding entry provided with the preset flag is higher than a priority of the forwarding entry not provided with the preset flag, and the forwarding entry not provided with the preset flag cannot trigger updating of the forwarding entry provided with the preset flag.
For convenience of description and understanding, the following description will take an example that the preset flag is a static flag, a forwarding entry provided with the preset flag is a static entry, and a forwarding entry not provided with the preset flag is a non-static entry.
accordingly, in this embodiment of the present application, when the target VTEP apparatus receives the target forwarding table synchronized by the remote VTEP apparatus and determines that a forwarding table matching the target forwarding table exists locally, the target VTEP apparatus needs to further determine whether the target forwarding table synchronized by the remote VTEP apparatus is a static table and whether a forwarding table matching the target forwarding table stored locally is a static table.
when the target VTEP device determines that the target forwarding table entry is a non-static table entry and the locally stored forwarding table entry matching the target forwarding table entry is a static table entry, the target VTEP device may refuse to update the forwarding table entry according to the target forwarding table entry.
Further, in this embodiment of the present application, when the target VTEP apparatus determines that the target forwarding table entry is a non-static table entry, and the locally stored forwarding table entry matching the target forwarding table entry is also a non-static table entry, that is, the target forwarding table entry and the locally stored forwarding table entry matching the target forwarding table entry are both non-static table entries, the target VTEP apparatus may update the forwarding table entry according to the target forwarding table entry, for example, update a next hop in the locally stored forwarding table entry matching the target forwarding table entry to the VXLAN tunnel receiving the target forwarding table entry.
When the target VTEP device determines that the target forwarding table entry is a static table entry, and the locally stored forwarding table entry matching the target forwarding table entry is also a static table entry, that is, the target forwarding table entry and the locally stored forwarding table entry matching the target forwarding table entry are both static table entries, the target VTEP device may update the forwarding table entry according to the target forwarding table entry.
When the target VTEP device determines that the target forwarding table entry is a static table entry and the locally stored forwarding table entry matching the target forwarding table entry is a non-static table entry, the target VTEP device may update the forwarding table entry according to the target forwarding table entry. In this case, the target VTEP device may set the locally stored forwarding table entry as a static table entry, in addition to updating the next hop of the locally stored forwarding table entry matching the target forwarding table entry.
Further, in this embodiment of the present application, when there is no forwarding entry matching with the target forwarding entry in the target VTEP device and the target forwarding entry is a static entry, the target VTEP device may locally store the target forwarding entry as the static entry.
In this embodiment of the present application, when the target VTEP apparatus receives a target forwarding entry synchronized by the remote VTEP apparatus and does not query a forwarding entry matching the target forwarding entry in a locally stored forwarding entry, the target VTEP apparatus may further determine whether the forwarding entry is a static entry, and if the forwarding entry is a static entry, the target VTEP apparatus may locally store the forwarding entry as a static entry.
it should be noted that, in this embodiment of the present application, if the target VTEP device does not query the forwarding table entry matching the target forwarding table entry in the locally stored forwarding table entry, and when the forwarding table entry is a non-static table, the target VTEP device may process according to a processing manner in an existing related flow, which is not described herein again in this embodiment of the present application.
In the embodiment of the present application, the key service may be configured manually by a user (e.g., an administrator), or may be determined according to a forwarding requirement of the service traffic.
for example, for an example that the key service is manually configured by the user, assuming that the IP address of the key service configured by the user on the VTEP1 is IP1 and the MAC address is MAC1, when the VTEP1 detects that a VM with the IP address of IP1 and the MAC address of MAC1 is online, the locally generated forwarding table entry of the VM may be set as a static table entry and synchronized to the remote VTEP device.
For another example, taking the determination of the key service according to the forwarding requirement of the service traffic as an example, assuming that the forwarding requirement of the service traffic exceeds the preset threshold in the specified time period, the VTEP device may set the service as the key service in the specified time period, and accordingly, the forwarding table entry corresponding to the key service may be set as the static table entry.
In the embodiment of the present application, the following steps may also be included:
11) When the virtual machine is detected to be online, locally generating a forwarding table entry corresponding to the virtual machine;
12) And when the virtual machine meets a preset condition, setting the preset mark for the forwarding table entry, and synchronizing the forwarding table entry provided with the preset mark to the remote VTEP equipment.
Specifically, in this embodiment of the present application, when a target VTEP device detects that a VM is online, a forwarding table entry corresponding to the VM needs to be locally generated.
After the target VTEP device generates the forwarding table entry corresponding to the VM, it needs to determine whether the VM meets a preset condition, for example, whether the IP address and the MAC address of the VM belong to the IP address and the MAC address of the preconfigured key service, or whether the VM belongs to the preconfigured VM that needs to be protected against ARP attack (which may be determined according to the IP address and the MAC address of the VM), if the target VTEP device determines that the VM meets the preset condition, for example, the IP address and the MAC address of the VM belong to the IP address and the MAC address of the preconfigured key service, or the VM belongs to the preconfigured VM that needs to be protected against ARP attack, etc., the target VTEP device may determine that the forwarding table entry of the VM is a static table entry (i.e., the forwarding table entry is set with the preset flag), and synchronize the static table entry (i.e., the forwarding table entry set with the preset flag) to the remote VTEP device, and indicating the forwarding table entry of the VM of the remote VTEP equipment as a static table entry.
When receiving the forwarding table of the VM synchronized by the target VTEP device, the remote VTEP device may issue the forwarding table as a static table.
It should be noted that, in this embodiment, when the target VTEP device determines that the forwarding entry corresponding to the VM is a non-static forwarding entry, the target VTEP device may perform processing according to a related flow in the existing scheme, which is not described herein again in this embodiment of the present application.
Further, in this embodiment of the present application, for any static entry locally stored by the target VTEP device, when there is no traffic corresponding to the static entry within a preset time, the static entry is converted into a non-static entry, that is, the preset flag corresponding to the forwarded entry is deleted.
specifically, in this embodiment of the present application, for a static entry, a corresponding aging time (or referred to as a curing time) may be preset, and for any static entry, the target VTEP device may monitor whether a corresponding flow rate exists within the aging time of the static entry, and if so, reset the aging time of the static entry; if the traffic corresponding to the static table entry does not exist within the aging time corresponding to the static table entry, the target VTEP device may convert the static table entry into a non-static table entry.
it can be seen that, in the method flow shown in fig. 2, by setting the forwarding table entry corresponding to the specific service as the static table entry, and the non-static table entry cannot trigger the static table entry, repeated switching of the forwarding table entry corresponding to the specific service due to ARP attack and the like can be avoided, and normal operation of the specific service is ensured.
In order to enable those skilled in the art to better understand the technical solutions provided in the embodiments of the present application, the technical solutions provided in the embodiments of the present application are described below with reference to specific application scenarios.
Taking the EVPN networking shown in fig. 1 as an example, assume that the IP address of VM1 is 10.1.1.2, the MAC address is 1-1-1, the IP address of the key service configured on VTEP1 is 10.1.1.2, and the MAC address is 1-1-1.
Based on the application scenario, the forwarding table entry updating scheme provided by the embodiment of the present application is implemented as follows:
1. when VM1 goes online, VTEP1 locally generates a forwarding entry for VM1, and the next hop points to VM 1.
2. The VTEP1 determines that a forwarding table entry corresponding to the VM1 is a static table entry according to the locally configured IP address and MAC address of the key service, so that the VTEP1 sets the locally generated ARP table entry and MAC table entry corresponding to the VM1 as static table entries, and synchronizes the ARP table entry and MAC table entry to the VTEP2 through an EVPN 2-type route, where the EVPN 2-type route carries static markers for the ARP table entry and MAC table entry, and the static markers are used to identify the ARP table entry and MAC table entry as static table entries;
In addition, the EVPN 2-type route may also carry a curing time corresponding to the static entry, and the curing time may be set according to actual requirements, which is, for example, 600 seconds in this embodiment.
3. When receiving the synchronization message sent by VTEP1, VTEP2 finds that the synchronization message carries a static tag, so VTEP2 may issue a forwarding entry corresponding to VM1 as a static entry, where the next hop of the forwarding entry is VXLAN tunnel 1, establish a static tag table of ARP and MAC corresponding to VM1, parse the curing time from the message, and issue the static tag table shown below:
Service IP Service MAC Static marking curing time
10.1.1.2 1-1-1 1 600S
wherein, the static flag is 1, which indicates that the corresponding forwarding entry is a static entry.
4. when VTEP2 receives an ARP entry and a MAC entry synchronized by other remote VTEP devices, such as VTEP3, and a matching forwarding entry exists locally, if the ARP entry and the MAC entry synchronized by VTEP3 are non-static entries and a corresponding forwarding entry on VTEP2 is a static entry, VTEP2 directly ignores the synchronization message.
if the forwarding table entry corresponding to VTEP2 is a non-static table entry, or the ARP table entry and the MAC table entry synchronized in VTEP3 are static table entries, VTEP2 performs VM migration, and switches the next hop of the forwarding table entry corresponding to VM1 to VXLAN tunnel 3.
5. When VTEP2 does not receive the traffic flow to 10.1.1.2\1-1-1 all the time in the curing time corresponding to the static entry, VTEP2 may convert the forwarding entry corresponding to 10.1.1.2/1-1-1 into the non-static entry.
as can be seen from the above description, in the technical solution provided in the embodiment of the present application, when a target forwarding table entry synchronized by a remote VTEP device is received, a forwarding table entry stored locally is queried according to the target forwarding table entry; if a forwarding table entry matched with the target forwarding table entry exists locally, the target forwarding table entry is not provided with the preset mark, and a forwarding table entry locally stored and matched with the target forwarding table entry is provided with the preset mark, the forwarding table entry is rejected from being updated according to the target forwarding table entry, so that repeated switching of the forwarding table entry caused by ARP attack and the like is avoided, and the normal operation of the corresponding service is ensured.
referring to fig. 3, a schematic structural diagram of a forwarding table entry updating apparatus provided in the embodiment of the present application is shown, where the forwarding table entry updating apparatus may be applied to a target VTEP device in the foregoing method embodiment, and as shown in fig. 3, the forwarding table entry updating apparatus may include:
a receiving unit 310, configured to receive a target forwarding table entry synchronized by a remote VTEP device;
an inquiring unit 320, configured to, when the receiving unit 310 receives a target forwarding entry synchronized by a remote VTEP device, inquire a forwarding entry stored locally according to the target forwarding entry;
An updating unit 330, configured to refuse to update a forwarding entry according to the target forwarding entry if a forwarding entry matching the target forwarding entry locally exists, and the target forwarding entry is not provided with a preset flag, and a forwarding entry matching the target forwarding entry locally stored is provided with the preset flag; wherein, the priority of the forwarding table entry with the preset mark is higher than that of the forwarding table entry without the preset mark.
In an optional embodiment, the updating unit 330 is further configured to update the forwarding table entry according to the target forwarding table entry if a forwarding table entry matching the target forwarding table entry locally exists, and the target forwarding table entry and a forwarding table entry locally stored and matching the target forwarding table entry are both provided with the preset flag, or the target forwarding table entry and a forwarding table entry locally stored and matching the target forwarding table entry are not provided with the preset flag, or the target forwarding table entry is provided with the preset flag, but a forwarding table entry locally stored and matching the target forwarding table entry is not provided with the preset flag.
Referring to fig. 4 together, a schematic structural diagram of another forwarding entry updating apparatus according to the embodiment of the present application is shown in fig. 4, where on the basis of the forwarding entry updating apparatus shown in fig. 3, the forwarding entry updating apparatus shown in fig. 4 further includes:
The saving unit 340 is configured to, if there is no forwarding table item matching the target forwarding table item locally and the target forwarding table item is provided with the preset flag, locally save the target forwarding table item and set the preset flag.
referring to fig. 5 together, a schematic structural diagram of another forwarding entry updating apparatus according to the embodiment of the present application is shown in fig. 5, where on the basis of the forwarding entry updating apparatus shown in fig. 3, the forwarding entry updating apparatus shown in fig. 5 further includes:
A generating unit 350, configured to locally generate a forwarding table entry corresponding to a virtual machine when it is detected that the virtual machine is online;
A setting unit 360, configured to set the preset flag for the forwarding entry when the virtual machine meets a preset condition;
A sending unit 370, configured to synchronize the forwarding table entry with the preset flag to the remote VTEP apparatus.
In an optional embodiment, the updating unit 330 is further configured to, for any forwarding table entry that is locally stored and provided with the preset flag, delete the preset flag corresponding to the forwarding table entry when there is no traffic corresponding to the forwarding table entry within a preset duration.
The implementation process of the functions and actions of each unit in the above device is specifically described in the implementation process of the corresponding step in the above method, and is not described herein again.
for the device embodiments, since they substantially correspond to the method embodiments, reference may be made to the partial description of the method embodiments for relevant points. The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules can be selected according to actual needs to achieve the purpose of the scheme of the application. One of ordinary skill in the art can understand and implement it without inventive effort.
It can be seen from the above embodiments that, when receiving a target forwarding table entry synchronized by a remote VTEP device, a forwarding table entry stored locally is queried according to the target forwarding table entry; if a forwarding table entry matched with the target forwarding table entry exists locally, the target forwarding table entry is not provided with the preset mark, and a forwarding table entry locally stored and matched with the target forwarding table entry is provided with the preset mark, the forwarding table entry is rejected from being updated according to the target forwarding table entry, so that repeated switching of the forwarding table entry caused by ARP attack and the like is avoided, and the normal operation of the corresponding service is ensured.
other embodiments of the present application will be apparent to those skilled in the art from consideration of the specification and practice of the application disclosed herein. This application is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the application and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the application being indicated by the following claims.
it will be understood that the present application is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the application is limited only by the appended claims.

Claims (10)

1. a forwarding table item updating method is applied to a target virtual extensible local area network (VTEP) device in Ethernet Virtual Private Network (EVPN) networking, and is characterized by comprising the following steps:
When receiving a target forwarding table item synchronized by remote VTEP equipment, inquiring a forwarding table item stored locally according to the target forwarding table item;
If a forwarding table entry matched with the target forwarding table entry exists locally, a preset mark is not set in the target forwarding table entry, and a forwarding table entry matched with the target forwarding table entry and stored locally is set with the preset mark, the updating of the forwarding table entry according to the target forwarding table entry is refused; the priority of the forwarding table entry provided with the preset mark is higher than that of the forwarding table entry not provided with the preset mark;
If a forwarding table entry matched with the target forwarding table entry exists locally and the target forwarding table entry and a forwarding table entry locally stored and matched with the target forwarding table entry are both provided with the preset marks, updating the forwarding table entry according to the target forwarding table entry.
2. the method of claim 1, further comprising:
If the preset mark is not set in the target forwarding table entry and the forwarding table entry matched with the target forwarding table entry stored locally, or the preset mark is set in the target forwarding table entry but the preset mark is not set in the forwarding table entry matched with the target forwarding table entry stored locally, updating the forwarding table entry according to the target forwarding table entry.
3. the method of claim 1, further comprising:
If no forwarding table item matched with the target forwarding table item exists locally and the target forwarding table item is provided with the preset mark, locally saving the target forwarding table item and setting the preset mark.
4. The method of claim 1, further comprising:
When the virtual machine is detected to be online, locally generating a forwarding table entry corresponding to the virtual machine;
And when the virtual machine meets a preset condition, setting the preset mark for the forwarding table entry, and synchronizing the forwarding table entry provided with the preset mark to the remote VTEP equipment.
5. The method of claim 1, further comprising:
And for any forwarding table entry which is locally stored and provided with the preset mark, deleting the preset mark corresponding to the forwarding table entry when the flow corresponding to the forwarding table entry does not exist in a preset duration.
6. A forwarding table item updating device is applied to a target virtual extensible local area network tunnel endpoint (VTEP) device in Ethernet Virtual Private Network (EVPN) networking, and is characterized by comprising the following steps:
A receiving unit, configured to receive a target forwarding table entry synchronized by a remote VTEP device;
the query unit is used for querying a forwarding table item stored locally according to a target forwarding table item when the receiving unit receives the target forwarding table item synchronized by the remote VTEP device;
an updating unit, configured to refuse to update a forwarding table entry according to the target forwarding table entry if a forwarding table entry matching the target forwarding table entry locally exists, and the target forwarding table entry is not provided with a preset flag, and a forwarding table entry matching the target forwarding table entry locally stored is provided with the preset flag; the priority of the forwarding table entry provided with the preset mark is higher than that of the forwarding table entry not provided with the preset mark;
The updating unit is further configured to update the forwarding table according to the target forwarding table if a forwarding table matched with the target forwarding table locally exists and the target forwarding table and the locally stored forwarding table matched with the target forwarding table are both provided with the preset flag.
7. The apparatus of claim 6,
The updating unit is further configured to update the forwarding table entry according to the target forwarding table entry if neither the target forwarding table entry nor a locally stored forwarding table entry matching the target forwarding table entry has the preset flag, or if the target forwarding table entry has the preset flag but the locally stored forwarding table entry matching the target forwarding table entry has no preset flag.
8. The apparatus of claim 6, further comprising:
and the storage unit is used for locally storing the target forwarding table entry and setting the preset mark if the forwarding table entry matched with the target forwarding table entry does not exist locally and the preset mark is set in the target forwarding table entry.
9. The apparatus of claim 6, further comprising:
The generating unit is used for locally generating a forwarding table entry corresponding to the virtual machine when the virtual machine is detected to be online;
A setting unit, configured to set the preset flag for the forwarding table entry when the virtual machine meets a preset condition;
And the sending unit is used for synchronizing the forwarding table entry provided with the preset mark to the remote VTEP equipment.
10. the apparatus of claim 6,
the updating unit is further configured to delete the preset mark corresponding to the forwarding table entry when there is no traffic corresponding to the forwarding table entry for any forwarding table entry that is locally stored and provided with the preset mark within a preset duration.
CN201710042734.XA 2017-01-20 2017-01-20 message forwarding method and device Active CN106878288B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710042734.XA CN106878288B (en) 2017-01-20 2017-01-20 message forwarding method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710042734.XA CN106878288B (en) 2017-01-20 2017-01-20 message forwarding method and device

Publications (2)

Publication Number Publication Date
CN106878288A CN106878288A (en) 2017-06-20
CN106878288B true CN106878288B (en) 2019-12-06

Family

ID=59158528

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710042734.XA Active CN106878288B (en) 2017-01-20 2017-01-20 message forwarding method and device

Country Status (1)

Country Link
CN (1) CN106878288B (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107733793B (en) * 2017-11-28 2020-03-06 新华三技术有限公司 Forwarding table item maintenance method and device
CN108418740B (en) * 2018-02-28 2020-09-08 新华三技术有限公司 Message processing method and device
CN108512949B (en) * 2018-03-23 2021-05-07 烽火通信科技股份有限公司 MAC address synchronization method and system
CN108881024B (en) * 2018-05-31 2021-03-23 新华三技术有限公司 Multicast traffic forwarding method and device
CN109412925B (en) * 2018-09-30 2021-06-18 锐捷网络股份有限公司 Forwarding table item updating method based on VTEP and VTEP
CN109547317B (en) * 2018-12-29 2020-12-08 新华三技术有限公司 Method and device for establishing connection tunnel
CN109617817B (en) * 2019-01-22 2021-06-04 新华三技术有限公司 Method and device for generating forwarding table entry of MLAG networking
CN114374637B (en) * 2021-12-23 2023-12-26 新华三技术有限公司合肥分公司 Routing processing method and device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1581818A (en) * 2003-07-31 2005-02-16 华为技术有限公司 Method for supporting multi-port virtual LAN by multi-protocol label swtich
CN101175080A (en) * 2007-07-26 2008-05-07 杭州华三通信技术有限公司 Method and system for preventing ARP message attack
CN105763440A (en) * 2016-01-29 2016-07-13 杭州华三通信技术有限公司 Message forwarding method and device
CN105791457A (en) * 2016-02-26 2016-07-20 杭州华三通信技术有限公司 Data processing method and apparatus

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1581818A (en) * 2003-07-31 2005-02-16 华为技术有限公司 Method for supporting multi-port virtual LAN by multi-protocol label swtich
CN101175080A (en) * 2007-07-26 2008-05-07 杭州华三通信技术有限公司 Method and system for preventing ARP message attack
CN105763440A (en) * 2016-01-29 2016-07-13 杭州华三通信技术有限公司 Message forwarding method and device
CN105791457A (en) * 2016-02-26 2016-07-20 杭州华三通信技术有限公司 Data processing method and apparatus

Also Published As

Publication number Publication date
CN106878288A (en) 2017-06-20

Similar Documents

Publication Publication Date Title
CN106878288B (en) message forwarding method and device
US20200280514A1 (en) Packet forwarding method, apparatus, and system
US10666561B2 (en) Virtual machine migration
US8750288B2 (en) Physical path determination for virtual network packet flows
US11086653B2 (en) Forwarding policy configuration
US9621508B2 (en) System and method for sharing VXLAN table information with a network controller
US10263808B2 (en) Deployment of virtual extensible local area network
US8755377B2 (en) Facilitating operation of one or more virtual networks
CN107733793B (en) Forwarding table item maintenance method and device
US7706371B1 (en) Domain based routing for managing devices operating behind a network address translator
US9641417B2 (en) Proactive detection of host status in a communications network
EP3420687B1 (en) Addressing for customer premises lan expansion
JP6633775B2 (en) Packet transmission
CN103905251B (en) Network topology obtaining method and device
US20210351956A1 (en) Customer premises lan expansion
EP3598705B1 (en) Routing control
US20190215191A1 (en) Deployment Of Virtual Extensible Local Area Network
EP3627775B1 (en) Route synchronization
CN106911549B (en) Data message processing method and device
US7769007B2 (en) Method of providing multicast services in virtual private LAN
CN110620715B (en) Virtual extended local area network communication method, tunnel endpoint and controller
CN108768845B (en) Multi-homing host routing synchronization method and device
US10291435B2 (en) Router device, packet control method based on prefix management, and program
CN106452992B (en) Method and device for realizing remote multi-homing networking

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant