CN108616439A - Gateway device based on linux kernel and communication means - Google Patents

Gateway device based on linux kernel and communication means Download PDF

Info

Publication number
CN108616439A
CN108616439A CN201810414937.1A CN201810414937A CN108616439A CN 108616439 A CN108616439 A CN 108616439A CN 201810414937 A CN201810414937 A CN 201810414937A CN 108616439 A CN108616439 A CN 108616439A
Authority
CN
China
Prior art keywords
port
data packet
virtual
sent
lan port
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810414937.1A
Other languages
Chinese (zh)
Other versions
CN108616439B (en
Inventor
孙戈宇
董浩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Gongjin Electronics Co Ltd
Original Assignee
Shenzhen Gongjin Electronics Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Gongjin Electronics Co Ltd filed Critical Shenzhen Gongjin Electronics Co Ltd
Priority to CN201810414937.1A priority Critical patent/CN108616439B/en
Publication of CN108616439A publication Critical patent/CN108616439A/en
Application granted granted Critical
Publication of CN108616439B publication Critical patent/CN108616439B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/66Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/16Multipoint routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/54Organization of routing tables
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • H04L45/745Address table lookup; Address filtering
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services

Abstract

The present invention relates to a kind of gateway devices based on linux kernel, including:First device port, it is connect at least one lan port, for fictionalizing at least one virtual LAN port, it is additionally operable to receive the data packet that at least one lan port is sent, and data packet is sent to corresponding virtual LAN port by treated, it is additionally operable to receive the data packet that at least one virtual LAN port is sent, and data packet is sent to corresponding lan port by treated;Second device port, it is connect with WAN port, for fictionalizing at least one virtual MAN port, it is additionally operable to receive the data packet that WAN port is sent, and data packet is sent to corresponding virtual MAN port by treated, it is additionally operable to receive the data packet that virtual MAN port is sent, and data packet is sent to the WAN port by treated;In at least one virtual LAN port each with and only with a virtual MAN port it is corresponding binding.

Description

Gateway device based on linux kernel and communication means
Technical field
The present invention relates to network communication technology fields, more particularly to a kind of gateway device based on linux kernel and lead to Letter method.
Background technology
Multicasting technology is a kind of point-to-multipoint network technology, and the purpose is to mitigate the negative of network load and media server Load.It is said from agreement angle, the agreement used in IP multicasts consists of two parts:It operates between host and multicast router It multicast management protocol IGMP (Internet Group Management Protocol, multicast member association protocol) and operates in Multicast routing protocol between each multicast router.Meanwhile it in order to inhibit diffusion of the multicast packet in double layer network, introducing IGMP snoop functions in order to allow IGMP agreements to penetrate three-layer network introduce IGMP Proxy functions.But current family Front yard gateway generally only supports the multicast agent service between one group of virtual LAN port and WAN port.
Invention content
Based on this, it is necessary to only support the multicast between one group of virtual LAN port and WAN port for home gateway The problem of agency service, provides a kind of gateway device and communication means based on linux kernel.
A kind of gateway device based on linux kernel, the equipment include:
First device port is connect at least one lan port, for fictionalizing at least one virtual LAN end Mouthful, it is additionally operable to receive the data packet that at least one lan port is sent, and data packet is sent to correspondence by treated Virtual LAN port, be additionally operable to receive the data packet that at least one virtual LAN port is sent, and will be after processing Data packet be sent to corresponding lan port;
Second device port, connect with WAN port, for fictionalizing at least one virtual MAN port, is additionally operable to The data packet that the WAN port is sent is received, and data packet is sent to corresponding virtual MAN port by treated, It is additionally operable to receive the data packet that the virtual MAN port is sent, and data packet is sent to the wan side by treated Mouthful;
In at least one virtual LAN port each with and only corresponding with a virtual MAN port tie up It is fixed.
The equipment further includes at least one bridge module in one of the embodiments,;At least one bridge joint mould Bridges forward table is established between block and at least one virtual LAN port, at least one virtual MAN port Between establishment strategy routing table;At least one bridge module is used to, according to the bridges forward table, receive corresponding described The data packet is forwarded to pair by the data packet that at least one virtual LAN port is sent, and according to the policybased routing table The virtual MAN port answered;It is additionally operable to, according to the policybased routing table, receive described corresponding described at least one virtual wide The data packet that port is sent is netted in domain, and according to the bridges forward table, the data packet is forwarded to corresponding virtual LAN Port.
At least one virtual LAN port is that first device port is based in one of the embodiments, The Vlan functions and vconfig tools of linux kernel fictionalize next.
In one of the embodiments, at least one bridge module be soft bridge function based on linux kernel and What brctl tools were established, it is additionally operable to carry out between at least one virtual LAN port reception or the data packet sent Two layers of isolation.
First device port is sent for receiving at least one lan port in one of the embodiments, Tape identification data packet, and record the virtual LAN port for the data packet for receiving the tape identification, then the number to the tape identification Remove mark according to packet, obtains the data packet of not tape identification, and the data packet is sent to recorded virtual LAN port;Institute It states the first device port to be additionally operable to receive the data packet for the not tape identification that at least one virtual LAN port is sent, by this The data packet of tape identification obtains the data packet of tape identification plus mark, and the data packet of the tape identification is sent to corresponding Lan port;Wherein, the mark includes lan port information.
The policybased routing table includes the IP of at least one virtual MAN port in one of the embodiments, Location;According to the IP address, established between at least one bridge module and at least one virtual MAN port One-to-one relationship.
In one of the embodiments, the bridges forward table be used at least one bridge module with it is described at least Correspondence is established between one virtual LAN port.
A kind of communication means, including:
Establish the first device port and the second device port;First device port is connect with lan port, described Second device port is connect with WAN port;
First device port fictionalizes at least one virtual LAN port, second device port fictionalize to A few WAN port;
Establish the binding between at least one virtual LAN port and at least one virtual MAN port Relation table;Wherein, the binding relationship table make at least one lan port each with and only with one it is virtual wide It nets port and corresponds to binding in domain;
According to the binding relationship table, communicated between lan port and WAN port.
At least one bridge module is established in one of the embodiments,;
Establish the bridges forward table between at least one bridge module and at least one virtual LAN port And policybased routing table of at least one bridge module also between at least one virtual MAN port;
According to the bridges forward table and the policybased routing table, at least one virtual LAN port and institute are established State the communication between at least one virtual MAN port.
At least one virtual LAN port is that first device port is based in one of the embodiments, The Vlan functions and vconfig tools of linux kernel fictionalize next.
The above-mentioned gateway device based on linux kernel, the first device port fictionalize at least one virtual LAN port, Second device port fictionalizes at least one virtual MAN port, then by virtual LAN port each with and only with One virtual MAN port corresponds to binding, to realize different unicast packets according to different routings in WAN port It is directly transmitted between lan port, needs normal IGMP proxy functions.It is safeguarded by IGMP proxy daemon Multicast management protocol between different WAN ports and LAN port set, and Multicast Routing is got through, to realize from difference The multicast packet that WAN port comes can be forwarded to the lan port of binding.
Description of the drawings
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technology description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with The attached drawing of other embodiment is obtained according to these attached drawings.
Fig. 1 is the structure diagram for the gateway device based on linux kernel that an embodiment provides;
Fig. 2 is the first device port and the second equipment of the gateway device based on linux kernel of Fig. 1 illustrated embodiments The structure diagram of one of port embodiment;
Fig. 3 is the first device port and the second equipment end of the gateway device based on linux kernel of embodiment illustrated in fig. 2 The structure diagram of one of mouth embodiment;
Fig. 4 is that one of bridge module of gateway device based on linux kernel of Fig. 1 illustrated embodiments is implemented The structure diagram of example;
Fig. 5 is bridge module 1, bridge module 2 and the bridge of the gateway device based on linux kernel of embodiment illustrated in fig. 4 The structure diagram of one of connection module 3 embodiment;
Fig. 6 be embodiment illustrated in fig. 5 the gateway device based on linux kernel bridge module br1, br2 and br3 its The structure diagram of middle one embodiment;
Fig. 7 is wherein the one of the data packet tag and Untag of the gateway device based on linux kernel of embodiment illustrated in fig. 2 The flow diagram of a embodiment;
Fig. 8 is the flow diagram for the communication means that an embodiment provides;
Fig. 9 is the flow diagram of one of the step S130 in Fig. 8 illustrated embodiments embodiments.
Specific implementation mode
To facilitate the understanding of the present invention, below with reference to relevant drawings to invention is more fully described.In attached drawing Give presently preferred embodiments of the present invention.But the present invention can realize in many different forms, however it is not limited to this paper institutes The embodiment of description.Keep the understanding to the disclosure more thorough on the contrary, purpose of providing these embodiments is Comprehensively.
Unless otherwise defined, the skill of all of technologies and scientific terms used here by the article and the technical field for belonging to invention The normally understood meaning of art personnel is identical.Description to be intended merely in the term used in the description of invention specific herein The purpose of embodiment, it is not intended that the limitation present invention.Term as used herein "and/or" includes one or more relevant institutes Any and all combinations of list of items.
Referring to FIG. 1, an embodiment provides a kind of gateway device based on linux kernel.The gateway device 100 has There are multiple lan ports 130 and a WAN port 140.Wherein, lan port 130 is indicated with LAN, WAN port 140 are indicated with WAN.In the present embodiment, four lan ports 130 and WAN port 140 are respectively divided different In Vlan groups.Four lan ports 130 be ACCESS mouthful and PVID be respectively configured as 1,2,3,4, LAN1 expression LANs end 1, LAN2 of mouth indicates that lan port 2, LAN3 indicate that lan port 3, LAN4 indicate lan port 4, lan port 140 It is TRUNCK mouthfuls.Referring to FIG. 2, lan port 130 is connect with multiple terminal devices, WAN port 140 connects with server It connects.Terminal device can be the network equipments such as VOIP, IPTV, Internet.Server can be media server, network service The network equipments such as device, voice server.Referring to FIG. 3, LAN1 is connect with terminal device VOIP, LAN2 connects with terminal device IP TV It connects, LAN3, LAN4 and terminal device Internet connections.I.e. corresponding data packet between LAN1 and terminal device VOIP, It is transmitted between LAN2 and terminal device IP TV, between LAN3, LAN4 and terminal device Internet.Herein with terminal device To be illustrated for VOIP, other-end equipment is similar.
Referring to FIG. 2, the gateway device 100 includes the first device port 110, connect at least one lan port 130 It connects.In the present embodiment, the first device port 110 is connect with LAN1, LAN2, LAN3, LAN4 respectively.Wherein, the first equipment end Mouth 110 can be indicated with eth2.First device port 110 is for fictionalizing at least one virtual LAN port 112.In this implementation In example, the first device port 110 fictionalizes four virtual LAN ports 112, i.e. virtual LAN port 1, virtual LAN Port 2, virtual LAN port 3, virtual LAN port 4.Wherein, referring to FIG. 3, eth2.1 indicates virtual LAN port 1, eth2.2 indicates that virtual LAN port 2, eth2.3 indicate that virtual LAN port 3, eth2.4 indicate virtual LAN end Mouth 4.
First device port 110 is additionally operable to receive the data packet of the transmission of at least one lan port 130, and will be after processing Data packet be sent to corresponding virtual LAN port 112.Specifically, with continued reference to FIG. 3, the first device port 110eth2 receives the data packet of LAN1, LAN2, LAN3, LAN4 transmission respectively, and carries out corresponding position to received data packet Reason, then data packet is sent to corresponding eth2.1, eth2.2, eth2.3, eth2.4 by treated.Receive the data of LAN1 Packet, eth2.1 is sent to after processing by the data packet, correspondingly, receiving the data packet of LAN2, is sent the data packet after processing To eth2.2, the data packet of LAN3 is received, the data packet is sent to eth2.3 after processing, receives the data packet of LAN4, is handled The data packet is sent to eth2.4 afterwards.
First device port 110 is additionally operable to receive the data packet that at least one virtual LAN port 112 is sent, and will place Data packet after reason is sent to corresponding lan port 130.Specifically, with continued reference to FIG. 3, the first device port 110 divides Not Jie Shou the data packet that sends of eth2.1, eth2.2, eth2.3, eth2.4, and carry out respective handling, then will treated data Packet is sent to corresponding LAN1, LAN2, LAN3, LAN4.The data packet, is sent to by the data packet for receiving eth2.1 after processing The data packet is sent to LAN2 after processing, receives the data packet of eth2.3 by LAN1 correspondingly, receiving the data packet of eth2.2, The data packet is sent to LAN3 after processing, receives the data packet of eth2.4, the data packet is sent to LAN4 after processing.
With continued reference to FIG. 2, the second device port 120, connect with WAN port 140.Specifically, the gateway device 100 include the second device port 120, and the second device port 120 is connect with WAN, i.e., data packet is in 120 He of the second device port It is transmitted between WAN.Wherein, the second device port 120 can be indicated with eth3.Second device port 120 for fictionalize to A few virtual MAN port.In the present embodiment, please continue to refer to Fig. 2 and Fig. 3, the second device port 120 fictionalizes three A virtual MAN port, i.e. virtual MAN port 1, virtual MAN port 2, virtual MAN port 3.Wherein, Eth3.100 indicates that virtual MAN port 1, eth3.200 indicate that virtual MAN port 2, eth3.300 indicate virtual wide area Net port 3.
Second device port 120 is additionally operable to receive the data packet of the transmission of the WAN port 140, and will treated number It is sent to corresponding virtual MAN port 122 according to packet.Specifically, please continue to refer to Fig. 2 and Fig. 3, the second device port receives The data packet that WAN is sent, and respective handling is carried out to received data packet, then data packet is sent to accordingly by treated eth3.100、eth3.200、eth3.300.That is eth3 receives the data packet that WAN is sent, and is sent to the data packet after processing The data packet is sent to eth3.200, eth3 connects by eth3.100 correspondingly, eth3 receives the data packet that WAN is sent after processing The data packet that WAN is sent is received, the data packet is sent to eth3.300 after processing.
Second device port is additionally operable to receive the data packet that virtual MAN port 122 is sent, and will treated data Packet is sent to WAN port 140.Specifically, please continue to refer to Fig. 2 and Fig. 3, the second device port receive eth3.100, The data packet that eth3.200, eth3.300 are sent, and respective handling is carried out, then data packet is sent to WAN by treated.At this In embodiment, received data packet is sent to eth3 by eth3.100, eth3.200, eth3.300 respectively, after eth3 processing The data packet is sent to WAN again.
In at least one virtual LAN port 112 each with and only with a virtual MAN port 122 it is corresponding Binding.Specifically, each virtual LAN port 112 carries out corresponding binding, Ke Yili with a virtual MAN port 122 Solution, the binding corresponding with a virtual MAN port 122 of each virtual LAN port 112, can also be virtual Several bindings corresponding with a virtual MAN port 122 in lan port 112, remaining virtual LAN port 112 Binding corresponding with other WAN ports 140 respectively, as long as ensuring a virtual LAN port 112 to corresponding one virtually WAN port 122.In the present embodiment, with continued reference to FIG. 3, eth2.1 bindings corresponding with eth3.100, eth2.2 Binding corresponding with eth3.200, eth2.3, eth2.4 binding corresponding with eth3.300.That is, eth2.1 is by the number of reception It is sent to eth3.100 according to packet, the data packet of reception is sent to eth2.1 by eth3.100;Eth2.2 sends out the data packet of reception It send to eth3.200, eth3.200 and the data packet of reception is sent to eth2.2;Eth2.3, eth2.4 send out the data packet of reception It send to eth3.300, eth3.300 and the data packet of reception is sent to eth2.3, eth2.4.
The above-mentioned gateway device 100 based on linux kernel, the first device port 110 fictionalize at least one virtual local area Port 112 is netted, the second device port fictionalizes at least one virtual MAN port 122, then will be in virtual LAN port 112 Each with and only with a virtual MAN port 122 it is corresponding binding, to realize different data packets according to different Routing is directly transmitted between WAN port 140 and lan port 130, needs normal IGMP proxy functions.It is logical It crosses IGMP proxy daemon and safeguards multicast management protocol between different WAN ports and LAN port set, and get through Multicast Routing, to realize that the multicast packet to come from different WAN ports can be forwarded to the lan port of binding.
In one embodiment, referring to FIG. 4, the gateway device 100 further includes at least one bridge module 150.Wherein, bridge Connection module 150 can be indicated with br.In the present embodiment, referring to FIG. 5, bridge module 150 includes bridge module 1, bridge module 2, bridge module 3, i.e. br1 indicate that bridge module 1, br2 indicate that bridge module 2, br3 indicate bridge module 3.
Bridges forward table is established between at least one bridge module 150 and at least one virtual LAN port 112, and extremely Establishment strategy routing table between a few virtual MAN port 122.Specifically, referring to FIG. 5, bridge module 150 with One virtual LAN port 112 or several virtual LAN ports 112 establish bridges forward table there are correspondence, simultaneously One bridge module 150 and a virtual MAN port 122 the establishment strategy routing table there are correspondence.In the present embodiment In, referring to FIG. 6, between eth2.1 and br1, between eth2.2 and br2, between eth2.3 and eth2.4 and br3 establish bridge joint Forwarding table.Between br1 and eth3.100, between br1 and eth3.100, establishment strategy routing table between br1 and eth3.100.
At least one bridge module 150 is used to, according to bridges forward table, receive corresponding at least one virtual LAN end The data packets that mouth 112 is sent, and according to policybased routing table, forward the packet to corresponding virtual MAN port 122.Also use According to policybased routing table, the data packet that corresponding at least one virtual MAN port 122 is sent is received, and according to bridge Switch through and deliver, forwards the packet to corresponding virtual LAN port 112.
In the present embodiment, with continued reference to FIG. 6, br1 receives eth2.1 and send according to the correspondence of bridges forward table Data packet, and according to policybased routing table, which is forwarded to eth3.100;Br2 is closed according to the corresponding of bridges forward table System receives the data packet that eth2.2 is sent, and according to policybased routing table, which is forwarded to eth3.200;Br3 is according to bridge Switch through the correspondence delivered, the data packet that eth2.3 and eth2.4 is sent is received, and according to policybased routing table, by the data packet It is forwarded to eth3.300.Similarly br1 receives the data packet that eth3.100 is sent, and root according to the correspondence of policybased routing table According to bridges forward table, which is sent to eth2.1;Br2 receives eth3.200 according to the correspondence of policybased routing table The data packet of transmission, and according to bridges forward table, which is sent to eth2.2;Br3 is according to the correspondence of policybased routing table Relationship receives the data packet that eth3.300 is sent, and according to bridges forward table, by the data packet be sent to eth2.3 and eth2.4。
In one embodiment, at least one virtual LAN port 112 is that the first device port 110 is based on linux kernel Vlan functions and vconfig tools fictionalize come.Specifically, Vlan functions based on linux kernel 3.0 itself and Vconfig tools fictionalize corresponding 4 vlan device ports on the port eth2 of device drives:eth2.1、eth2.2、 eth2.3、eth2.4.Specific implementation is vconfig add eth2.1;vconfig add eth2.2;vconfig add eth2.3。
In one embodiment, at least one virtual MAN port 122 is the second device port based on linux kernel Vlan functions and vconfig tools fictionalize next.Specifically, Vlan functions based on linux kernel 3.0 itself and Vconfig tools fictionalize corresponding 3 vlan device ports on the port eth3 of device drives:eth3.100、 eth3.200、eth3.300.In the present embodiment, specific implementation is vconfig add eth3.100;vconfig add eth3.200;vconfig add eth3.300.
In one embodiment, at least one bridge module 150 is soft bridge function and brctl tools based on linux kernel It establishes, is additionally operable to carry out two layers of isolation between the data packet that at least one virtual LAN port 112 is received or sent.Tool Body, the soft bridge function based on linux kernel itself and brctl tools, eth2.1, eth2.2, eth2.3, eth2.4 bridge Connection module 150 carries out mutually two layers of isolation, so that the data packet that a virtual LAN port 112 receives or sends will not reach Other virtual LAN ports 112.
In the present embodiment, br1 is corresponding with eth2.1, br2 and eth2.2 are corresponding, br3 and eth2.3 and eth2.4 Corresponding, i.e. the data packet that eth2.1 is received or sent passes through br1, and the data packet that eth2.2 is received or sent passes through br2, The data packet that eth2.3 and eth2.4 is received or sent is avoided by br3 to realize two layers between data packet isolation Data packet is mutually mixed between different virtual LAN port 112.Specific implementation is as follows, for br1:brctl addbr br1;brctl addif br1eth2.1;For br2:brctl addbr br2;brctl addif br2eth2.2;For br3:brctl addbr br3;brctl addif br3eth2.3eth2.4.After success configures:It is soft It is logic isolation that the data packet of bridge br1 transmitting-receivings, which is all without tag, and with br2, br3,.Data packet is in br1 and WAN side It is transmitted mutually between eth3.100, relies primarily on the policybased routing table configuration subsequently introduced and forwarded mutually.
In one embodiment, component omcproxy is increased income to realize multicast agent function using Linux, need corresponding Be carried out at the same time agency on the soft bridge of br1, br2, br3, bind respectively WAN side Vlan equipment eth3.100, eth3.200, eth3.300.Implementing to be:Omcproxy eth3.300, br3, scope=realm eth3.200, br2, scope =realm eth3.100, br1, scope=realm.Wherein, Omcproxy is the application layer of an IGMP proxy daemon.As described above, multicast agent daemon needs to specify a up going port, it is exactly that eth3.300 this equipment connects here Mouthful.Multicast agent daemon needs one specified/multiple down going port, is exactly this downstream interface of br3 here.Scope= Realm, the minimum multicast thresholding of agency are exactly the specified multicast address range that can be acted on behalf of;Similar A classes, Class B IP address it is general It reads.After success configures:The multicast on demand service of VOIP terminal devices, can only receive the data packet from WAN side VLAN100, IPTV terminal equipment is similar can only to receive the data packet from VLAN 200.
In one embodiment, the first device port 110 is used to receive the tape identification of the transmission of at least one lan port 130 Data packet, and record the virtual LAN port 112 for the data packet for receiving the tape identification, then the data packet of the tape identification gone Fall mark, obtains the data packet of not tape identification, and the data packet is sent to recorded virtual LAN port 112.At this In embodiment, referring to FIG. 7, by taking eth2 as an example, data packet of the LAN1 transmissions with Vlan1tag to eth2, eth2 receives the number After packet, record receive the data packet equipment interface be eth2.1, while the data packet eth2 receiver function _ _ Untag is carried out inside netif_receive_skb, to obtain the data packet without Vlan1tag, then because eth2.1 is Inside br1, so data packet can be further continued for away the data packet forwarding process of the soft bridges of linux, arrived if it is routing forwarding is needed The data packet of WAN side, br1 can select suitably to route is routed to WAN side Vlan equipment eth3.100 again.
First device port 110 is additionally operable to receive the number for the not tape identification that at least one virtual MAN port 122 is sent According to packet, by the data packet of the not tape identification plus mark, the data packet of tape identification is obtained, and the data packet of the tape identification is sent To corresponding lan port 130.Wherein, the mark includes lan port information.In the present embodiment, referring to FIG. 7, By taking eth2 as an example, when being routed through the data packet arrival br1 for the not tape identification come from WAN side eth3.100, br1 can turn according to bridge joint It delivers and data is forwarded a packet to eth2.1, the dev_hard_start_xmit functions of eth2.1 can do data packet the mark for beating tag Know, and the data packet is sent to eth2, eth2 is sent can carry out tag operations inside function according to mark, obtain band The data packet is finally sent to Vlan1 by the data packet of Vlan1tag.Second device port has with the first device port 110 Similar situation, specifically please refers to Fig. 7.
In one embodiment, policybased routing table includes the IP address of at least one virtual MAN port 122.According to IP One-to-one relationship is established in location between at least one bridge module 150 and at least one virtual MAN port 122.Specifically Ground, policybased routing table are stored with the IP address of virtual MAN port 122, according to the IP address, to by bridge module 150 with Virtual MAN port 122 corresponds.That is, according to the IP address, data have been surrounded by the routed path determined, to Realize the binding of routing.
In the present embodiment, it is only illustrated between br1 and eth3.100 here, other are similar.Assuming that The IP address of eth3.100 is:192.168.10.100/255.255.255.0.
Policybased routing is implemented as:
ip-4route add 192.168.10.0/255.255.255.0dev eth3.100table 100
ip-4route add default dev eth3.100via 192.168.10.100table 100
ip rule add iif br1table 100
ip rule add from all oif eth3.100lookup 100。
The data packet for being sent to the address 192.168.10.0/24 network segments all passes through eth3.100, is sought using No. 100 routing tables Look for routing;It is acquiescence network interface card that eth3.100 is arranged under Ipv4, and addition routing is in No. 100 routing tables 192.168.10.100;Newly-increased routing policy, the data packet come in from br1 are route using No. 100 routing table lookups;It is all from The data packet gone out in eth3.100 inquires No. 100 routing tables and finds routing.After success configures:Br1 and eth3.100 is more Policybased routing table 100, the route table items of the packet priority that br1 is route away match query inside No. 100 routing tables.And It is routed back to the data packet come from eth3.100 and looks into default router table 255.The binding of routing is thereby realized, ensures terminal device VOIP send data packet can only routing forwarding stamp the tag of vlan 100 to WAN side eth3.100, and then in eth3.100, Then it is sent from WAN mouthfuls.
In one embodiment, in such a way that Linux increases income the more case process of component dnsmasq, each dnsmasq is responsible for The DNS request of each soft bridge of agency, and DNS request is forwarded to by above-mentioned policybased routing by corresponding WAN side Vlan equipment In.Specific implementation can be that the part for the VOIP that illustrates is as follows:/usr/sbin/dnsmasq–C/var/etc/dnsmasq_ voip.conf
The key configuration parameters of dnsmasq_voip.conf are:
Interface=br1 (DNS request for acting on behalf of all users of the soft bridge br1 of LAN side)
[email protected] (are forwarded to the server of WAN side Vlan 100 by policybased routing 172.24.11.10)
In one embodiment, bridges forward table is used at least one bridge module 150 and at least one virtual LAN Correspondence is established between port 112.Specifically, bridges forward table by each bridge module 150 and virtual LAN port 112 it Between establish correspondence, i.e. a virtual LAN port 112 can only correspond to a bridge module 150.In the present embodiment, Eth2.1 corresponds to br1, and eth2.2 corresponds to br2, eth2.3 and eth2.4 and corresponds to br3.
Referring to FIG. 8, an embodiment provides a kind of communication means.The communication means includes:
Step S110 establishes the first device port 110 and the second device port, the first device port 110 and LAN end Mouth 130 connects, and the second device port is connect with WAN port 140.Wherein, lan port 130 is indicated with LAN, wide area network Port 140 is indicated with WAN.In the present embodiment, LAN1 indicates that lan port 1, LAN2 indicate lan port 2, LAN3 tables Show that lan port 3, LAN4 indicate lan port 4.First device port 110 can be indicated with eth2.Second device port can It is indicated with eth3.Eth2 is separately connected LAN1, LAN2, LAN3, LAN4.Eth3 connections WAN.
Step S120, the first device port fictionalize at least one virtual LAN port 112, and the second device port is virtual Go out at least one WAN port 140.In the present embodiment, the first device port 110 fictionalizes four virtual LAN ports 112, i.e. virtual LAN port 1, virtual LAN port 2, virtual LAN port 3, virtual LAN port 4.Wherein, Eth2.1 indicates that virtual LAN port 1, eth2.2 indicate that virtual LAN port 2, eth2.3 indicate virtual LAN port 3, eth2.4 indicate virtual LAN port 4.Second device port fictionalizes three virtual MAN ports 122, i.e., virtual wide Net port 1, virtual MAN port 2, virtual MAN port 3 in domain.Wherein, eth3.100 indicates virtual MAN port 1, Eth3.200 indicates that virtual MAN port 2, eth3.300 indicate virtual MAN port 3.
Step S130 is established between at least one virtual LAN port 112 and at least one virtual MAN port 122 Binding relationship table.Wherein, binding relationship table make at least one virtual LAN port 112 each with and only with one A virtual MAN port 122 corresponds to binding.Specifically, by each virtual LAN port 112 and each virtual MAN port 122 Corresponding binding, establishes binding relationship table, while a virtual LAN port 112 can only be with a virtual MAN port 122 Corresponding binding.In the present embodiment, eth2.1 bindings corresponding with eth3.100, eth2.2 bindings corresponding with eth3.200, Eth2.3, eth2.4 binding corresponding with eth3.300.That is, the data packet of reception is sent to eth3.100 by eth2.1, The data packet of reception is sent to eth2.1 by eth3.100;The data packet of reception is sent to eth3.200 by eth2.2, The data packet of reception is sent to eth2.2 by eth3.200;The data packet of reception is sent to eth3.300 by eth2.3, eth2.4, The data packet of reception is sent to eth2.3, eth2.4 by eth3.300.
Step S140 is communicated according to binding relationship table between lan port 130 and WAN port 140.Specifically Ground, which establishes the connection between virtual LAN port 112 and virtual MAN port 122, to realize Communication between lan port 130 and WAN port 140.
In one embodiment, referring to FIG. 9, step S130 includes:
Step S131 establishes at least one bridge module 150.Wherein, bridge module 150 can be indicated with br.In this implementation In example, bridge module 150 includes bridge module 1, bridge module 2, bridge module 3, i.e. br1 indicates that bridge module 1, br2 indicate Bridge module 2, br3 indicate bridge module 3.
Step S132 establishes the bridge joint between at least one bridge module 150 and at least one virtual LAN port 112 The policybased routing table of forwarding table and at least one bridge module 150 also between at least one virtual MAN port 122.Specifically There are correspondences for ground, a bridge module 150 and a virtual LAN port 112 or several virtual LAN ports 112 And bridges forward table is established, while a bridge module 150 is established with a virtual MAN port 122 there are correspondence Policybased routing table.In the present embodiment, between eth2.1 and br1, between eth2.2 and br2, eth2.3 and eth2.4 and br3 it Between establish bridges forward table.Plan is established between br1 and eth3.100, between br1 and eth3.100, between br1 and eth3.100 Slightly routing table.
Step S133, according to bridges forward table and policybased routing table, establish at least one virtual LAN port 112 with extremely Communication between a few virtual MAN port 122.In the present embodiment, br1 connects according to the correspondence of bridges forward table The data packet that eth2.1 is sent is received, and according to policybased routing table, which is forwarded to eth3.100;Br2 turns according to bridge joint The correspondence delivered receives the data packet that eth2.2 is sent, and according to policybased routing table, which is forwarded to eth3.200;Br3 receives the data packet that eth2.3 and eth2.4 is sent, and according to plan according to the correspondence of bridges forward table Slightly routing table, eth3.300 is forwarded to by the data packet.Similarly br1 is received according to the correspondence of policybased routing table The data packet that eth3.100 is sent, and according to bridges forward table, which is sent to eth2.1;Br2 is according to policybased routing The correspondence of table receives the data packet that eth3.200 is sent, and according to bridges forward table, which is sent to eth2.2;Br3 receives the data packet that eth3.300 is sent according to the correspondence of policybased routing table, and according to bridges forward table, The data packet is sent to eth2.3 and eth2.4, to realize virtual LAN port 112 and virtual MAN port 122 it Between communication.
In one embodiment, at least one virtual LAN port 112 is that the first device port 110 is based on linux kernel Vlan functions and vconfig tools fictionalize come.Specifically, Vlan functions based on linux kernel 3.0 itself and Vconfig tools fictionalize corresponding 4 vlan device ports on the port eth2 of device drives:eth2.1、eth2.2、 eth2.3、eth2.4.Specific implementation is vconfig add eth2.1;vconfig add eth2.2;vconfig add eth2.3。
In one embodiment, at least one virtual MAN port 122 is the second device port based on linux kernel Vlan functions and vconfig tools fictionalize next.Specifically, Vlan functions based on linux kernel 3.0 itself and Vconfig tools fictionalize corresponding 3 vlan device ports on the port eth3 of device drives:eth3.100、 eth3.200、eth3.300.In the present embodiment, specific implementation is vconfig add eth3.100;vconfig add eth3.200;vconfig add eth3.300.
Each technical characteristic of embodiment described above can be combined arbitrarily, to keep description succinct, not to above-mentioned reality It applies all possible combination of each technical characteristic in example to be all described, as long as however, the combination of these technical characteristics is not deposited In contradiction, it is all considered to be the range of this specification record.
Several embodiments of the invention above described embodiment only expresses, the description thereof is more specific and detailed, but simultaneously It cannot therefore be construed as limiting the scope of the patent.It should be pointed out that coming for those of ordinary skill in the art It says, without departing from the inventive concept of the premise, various modifications and improvements can be made, these belong to the protection of the present invention Range.Therefore, the protection domain of patent of the present invention should be determined by the appended claims.

Claims (10)

1. a kind of gateway device based on linux kernel, which is characterized in that the equipment includes:
First device port is connect at least one lan port, for fictionalizing at least one virtual LAN port, also The data packet sent for receiving at least one lan port, and will treated that data packet is sent to is corresponding virtual Lan port, is additionally operable to receive the data packet that at least one virtual LAN port is sent, and will treated data Packet is sent to corresponding lan port;
Second device port, connect with WAN port, for fictionalizing at least one virtual MAN port, is additionally operable to receive The data packet that the WAN port is sent, and by treated, data packet is sent to corresponding virtual MAN port, also uses In the data packet for receiving the virtual MAN port transmission, and data packet is sent to the WAN port by treated;
In at least one virtual LAN port each with and only with a virtual MAN port it is corresponding binding.
2. gateway device according to claim 1, which is characterized in that the equipment further includes at least one bridge module; Establish bridges forward table between at least one bridge module and at least one virtual LAN port, with it is described at least Establishment strategy routing table between one virtual MAN port;At least one bridge module is used for according to the bridges forward Table receives the data packet that corresponding at least one virtual LAN port is sent, and according to the policybased routing table, by institute It states data packet and is forwarded to corresponding virtual MAN port;It is additionally operable to, according to the policybased routing table, receive the corresponding institute The data packet that at least one virtual MAN port is sent is stated, and according to the bridges forward table, the data packet is forwarded to Corresponding virtual LAN port.
3. gateway device according to claim 1, which is characterized in that at least one virtual LAN port is described Vlan function and vconfig tool of first device port based on linux kernel fictionalize come.
4. gateway device according to claim 2, which is characterized in that at least one bridge module is to be based on Linux What the soft bridge function and brctl tools of kernel were established, it is additionally operable to that at least one virtual LAN port is received or sent Data packet between carry out two layers isolation.
5. gateway device according to claim 1, which is characterized in that first device port for receive it is described at least The data packet for the tape identification that one lan port is sent, and record the virtual LAN end for the data packet for receiving the tape identification Mouthful, then mark is removed to the data packet of the tape identification, the data packet of not tape identification is obtained, and the data packet is sent to and is recorded Virtual LAN port;First device port is additionally operable to receive at least one virtual LAN port transmission not The data packet of tape identification obtains the data packet of tape identification by the data packet of the not tape identification plus mark, and by the tape identification Data packet is sent to corresponding lan port;Wherein, the mark includes lan port information.
6. gateway device according to claim 2, which is characterized in that the policybased routing table includes at least one void The IP address of quasi- WAN port;According to the IP address, at least one bridge module with it is described at least one virtual One-to-one relationship is established between WAN port.
7. gateway device according to claim 2, which is characterized in that the bridges forward table is used for described at least one Correspondence is established between bridge module and at least one virtual LAN port.
8. a kind of communication means, which is characterized in that including:
Establish the first device port and the second device port;First device port is connect with lan port, and described second Device port is connect with WAN port;
First device port fictionalizes at least one virtual LAN port, and second device port fictionalizes at least one A WAN port;
Establish the binding relationship between at least one virtual LAN port and at least one virtual MAN port Table;Wherein, the binding relationship table make at least one lan port each with and only with a virtual MAN Port corresponds to binding;
According to the binding relationship table, communicated between lan port and WAN port.
9. communication means according to claim 8, which is characterized in that described to establish at least one virtual LAN end Mouthful and at least one virtual MAN port binding relationship table the step of include:
Establish at least one bridge module;
Establish the bridges forward table between at least one bridge module and at least one virtual LAN port and institute State policybased routing table of at least one bridge module also between at least one virtual MAN port;
According to the bridges forward table and the policybased routing table, establish at least one virtual LAN port with it is described extremely Communication between a few virtual MAN port.
10. communication means according to claim 8, which is characterized in that at least one virtual LAN port is institute State Vlan function and vconfig tool of first device port based on linux kernel fictionalize come.
CN201810414937.1A 2018-05-03 2018-05-03 Gateway equipment based on Linux kernel and communication method Active CN108616439B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810414937.1A CN108616439B (en) 2018-05-03 2018-05-03 Gateway equipment based on Linux kernel and communication method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810414937.1A CN108616439B (en) 2018-05-03 2018-05-03 Gateway equipment based on Linux kernel and communication method

Publications (2)

Publication Number Publication Date
CN108616439A true CN108616439A (en) 2018-10-02
CN108616439B CN108616439B (en) 2020-12-01

Family

ID=63661939

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810414937.1A Active CN108616439B (en) 2018-05-03 2018-05-03 Gateway equipment based on Linux kernel and communication method

Country Status (1)

Country Link
CN (1) CN108616439B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110086707A (en) * 2019-03-18 2019-08-02 普联技术有限公司 A kind of gateway system based on dual stack

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101150480A (en) * 2007-10-19 2008-03-26 中兴通讯股份有限公司 A method and device for improving data forwarding performance of WAN bridge
EP2424179A1 (en) * 2004-07-14 2012-02-29 Nippon Telegraph And Telephone Corporation Packet transmission method and packet transmission device
CN103078779A (en) * 2012-12-28 2013-05-01 太仓市同维电子有限公司 Method for realizing different internet businesses based on vlan (virtual local area network) at same interface
CN103812746A (en) * 2012-11-14 2014-05-21 深圳市共进电子股份有限公司 Bridging device based on linux operation system and communication method thereof
CN107623712A (en) * 2016-07-15 2018-01-23 Kt株式会社 Virtual client device service in network function virtualized environment provides system and the network function virtual cloud for it

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2424179A1 (en) * 2004-07-14 2012-02-29 Nippon Telegraph And Telephone Corporation Packet transmission method and packet transmission device
CN101150480A (en) * 2007-10-19 2008-03-26 中兴通讯股份有限公司 A method and device for improving data forwarding performance of WAN bridge
CN103812746A (en) * 2012-11-14 2014-05-21 深圳市共进电子股份有限公司 Bridging device based on linux operation system and communication method thereof
CN103078779A (en) * 2012-12-28 2013-05-01 太仓市同维电子有限公司 Method for realizing different internet businesses based on vlan (virtual local area network) at same interface
CN107623712A (en) * 2016-07-15 2018-01-23 Kt株式会社 Virtual client device service in network function virtualized environment provides system and the network function virtual cloud for it

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110086707A (en) * 2019-03-18 2019-08-02 普联技术有限公司 A kind of gateway system based on dual stack
CN110086707B (en) * 2019-03-18 2021-08-06 普联技术有限公司 Gateway system based on dual protocol stacks

Also Published As

Publication number Publication date
CN108616439B (en) 2020-12-01

Similar Documents

Publication Publication Date Title
US9166807B2 (en) Transmission of layer two (L2) multicast traffic over multi-protocol label switching networks
US8098656B2 (en) Method and apparatus for implementing L2 VPNs on an IP network
Kompella et al. Virtual private LAN service (VPLS) using BGP for auto-discovery and signaling
US6553028B1 (en) Method and apparatus for multicast switching using a centralized switching engine
EP2875615B1 (en) Device for creating software defined ordered service patterns in a communications network
US6839348B2 (en) System and method for distributing multicasts in virtual local area networks
US8050273B2 (en) Lawful interception in IP networks
US7889748B1 (en) Mapping a port on a packet switch appliance
US7826481B2 (en) Network for supporting advance features on legacy components
US7843917B2 (en) Half-duplex multicast distribution tree construction
US20100329252A1 (en) Method and Apparatus for Enabling Multicast Route Leaking Between VRFs in Different VPNs
US9219698B2 (en) Providing a layer-3 interface
CN100442770C (en) Method for realizing muti-casting in BGP/MPLS VPN
US20050180440A1 (en) Method of transporting a multipoint stream in a local area network and device for connection implementing the method
US9548917B2 (en) Efficient multicast delivery to dually connected (VPC) hosts in overlay networks
US7944938B2 (en) Service-specific logical interfaces for providing VPN customers access to external multicast content
WO2007108083A1 (en) Relay device, communication system, communication method, and computer program
CN107181812A (en) One kind accelerates agent equipment, accelerates Proxy Method and a kind of Content Management System
US20080186967A1 (en) Method for supporting source-specific multicast forwarding over ethernet and device thereof
US20190222537A1 (en) Modifications of headend forwarding rules to join wide area network branch hosts to multicast groups
Kashyap IP over InfiniBand (IPoIB) architecture
CN107623636A (en) A kind of user isolation method and interchanger
CN108616439A (en) Gateway device based on linux kernel and communication means
US7715391B1 (en) System and method for optimal delivery of multicast content
Geng et al. Deterministic networking (DetNet) YANG model

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant