CN108616439A - Gateway device based on linux kernel and communication means - Google Patents
Gateway device based on linux kernel and communication means Download PDFInfo
- Publication number
- CN108616439A CN108616439A CN201810414937.1A CN201810414937A CN108616439A CN 108616439 A CN108616439 A CN 108616439A CN 201810414937 A CN201810414937 A CN 201810414937A CN 108616439 A CN108616439 A CN 108616439A
- Authority
- CN
- China
- Prior art keywords
- port
- data packet
- virtual
- sent
- lan port
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/66—Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/16—Multipoint routing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/54—Organization of routing tables
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
- H04L45/745—Address table lookup; Address filtering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
Abstract
The present invention relates to a kind of gateway devices based on linux kernel, including:First device port, it is connect at least one lan port, for fictionalizing at least one virtual LAN port, it is additionally operable to receive the data packet that at least one lan port is sent, and data packet is sent to corresponding virtual LAN port by treated, it is additionally operable to receive the data packet that at least one virtual LAN port is sent, and data packet is sent to corresponding lan port by treated;Second device port, it is connect with WAN port, for fictionalizing at least one virtual MAN port, it is additionally operable to receive the data packet that WAN port is sent, and data packet is sent to corresponding virtual MAN port by treated, it is additionally operable to receive the data packet that virtual MAN port is sent, and data packet is sent to the WAN port by treated;In at least one virtual LAN port each with and only with a virtual MAN port it is corresponding binding.
Description
Technical field
The present invention relates to network communication technology fields, more particularly to a kind of gateway device based on linux kernel and lead to
Letter method.
Background technology
Multicasting technology is a kind of point-to-multipoint network technology, and the purpose is to mitigate the negative of network load and media server
Load.It is said from agreement angle, the agreement used in IP multicasts consists of two parts:It operates between host and multicast router
It multicast management protocol IGMP (Internet Group Management Protocol, multicast member association protocol) and operates in
Multicast routing protocol between each multicast router.Meanwhile it in order to inhibit diffusion of the multicast packet in double layer network, introducing
IGMP snoop functions in order to allow IGMP agreements to penetrate three-layer network introduce IGMP Proxy functions.But current family
Front yard gateway generally only supports the multicast agent service between one group of virtual LAN port and WAN port.
Invention content
Based on this, it is necessary to only support the multicast between one group of virtual LAN port and WAN port for home gateway
The problem of agency service, provides a kind of gateway device and communication means based on linux kernel.
A kind of gateway device based on linux kernel, the equipment include:
First device port is connect at least one lan port, for fictionalizing at least one virtual LAN end
Mouthful, it is additionally operable to receive the data packet that at least one lan port is sent, and data packet is sent to correspondence by treated
Virtual LAN port, be additionally operable to receive the data packet that at least one virtual LAN port is sent, and will be after processing
Data packet be sent to corresponding lan port;
Second device port, connect with WAN port, for fictionalizing at least one virtual MAN port, is additionally operable to
The data packet that the WAN port is sent is received, and data packet is sent to corresponding virtual MAN port by treated,
It is additionally operable to receive the data packet that the virtual MAN port is sent, and data packet is sent to the wan side by treated
Mouthful;
In at least one virtual LAN port each with and only corresponding with a virtual MAN port tie up
It is fixed.
The equipment further includes at least one bridge module in one of the embodiments,;At least one bridge joint mould
Bridges forward table is established between block and at least one virtual LAN port, at least one virtual MAN port
Between establishment strategy routing table;At least one bridge module is used to, according to the bridges forward table, receive corresponding described
The data packet is forwarded to pair by the data packet that at least one virtual LAN port is sent, and according to the policybased routing table
The virtual MAN port answered;It is additionally operable to, according to the policybased routing table, receive described corresponding described at least one virtual wide
The data packet that port is sent is netted in domain, and according to the bridges forward table, the data packet is forwarded to corresponding virtual LAN
Port.
At least one virtual LAN port is that first device port is based in one of the embodiments,
The Vlan functions and vconfig tools of linux kernel fictionalize next.
In one of the embodiments, at least one bridge module be soft bridge function based on linux kernel and
What brctl tools were established, it is additionally operable to carry out between at least one virtual LAN port reception or the data packet sent
Two layers of isolation.
First device port is sent for receiving at least one lan port in one of the embodiments,
Tape identification data packet, and record the virtual LAN port for the data packet for receiving the tape identification, then the number to the tape identification
Remove mark according to packet, obtains the data packet of not tape identification, and the data packet is sent to recorded virtual LAN port;Institute
It states the first device port to be additionally operable to receive the data packet for the not tape identification that at least one virtual LAN port is sent, by this
The data packet of tape identification obtains the data packet of tape identification plus mark, and the data packet of the tape identification is sent to corresponding
Lan port;Wherein, the mark includes lan port information.
The policybased routing table includes the IP of at least one virtual MAN port in one of the embodiments,
Location;According to the IP address, established between at least one bridge module and at least one virtual MAN port
One-to-one relationship.
In one of the embodiments, the bridges forward table be used at least one bridge module with it is described at least
Correspondence is established between one virtual LAN port.
A kind of communication means, including:
Establish the first device port and the second device port;First device port is connect with lan port, described
Second device port is connect with WAN port;
First device port fictionalizes at least one virtual LAN port, second device port fictionalize to
A few WAN port;
Establish the binding between at least one virtual LAN port and at least one virtual MAN port
Relation table;Wherein, the binding relationship table make at least one lan port each with and only with one it is virtual wide
It nets port and corresponds to binding in domain;
According to the binding relationship table, communicated between lan port and WAN port.
At least one bridge module is established in one of the embodiments,;
Establish the bridges forward table between at least one bridge module and at least one virtual LAN port
And policybased routing table of at least one bridge module also between at least one virtual MAN port;
According to the bridges forward table and the policybased routing table, at least one virtual LAN port and institute are established
State the communication between at least one virtual MAN port.
At least one virtual LAN port is that first device port is based in one of the embodiments,
The Vlan functions and vconfig tools of linux kernel fictionalize next.
The above-mentioned gateway device based on linux kernel, the first device port fictionalize at least one virtual LAN port,
Second device port fictionalizes at least one virtual MAN port, then by virtual LAN port each with and only with
One virtual MAN port corresponds to binding, to realize different unicast packets according to different routings in WAN port
It is directly transmitted between lan port, needs normal IGMP proxy functions.It is safeguarded by IGMP proxy daemon
Multicast management protocol between different WAN ports and LAN port set, and Multicast Routing is got through, to realize from difference
The multicast packet that WAN port comes can be forwarded to the lan port of binding.
Description of the drawings
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technology description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with
The attached drawing of other embodiment is obtained according to these attached drawings.
Fig. 1 is the structure diagram for the gateway device based on linux kernel that an embodiment provides;
Fig. 2 is the first device port and the second equipment of the gateway device based on linux kernel of Fig. 1 illustrated embodiments
The structure diagram of one of port embodiment;
Fig. 3 is the first device port and the second equipment end of the gateway device based on linux kernel of embodiment illustrated in fig. 2
The structure diagram of one of mouth embodiment;
Fig. 4 is that one of bridge module of gateway device based on linux kernel of Fig. 1 illustrated embodiments is implemented
The structure diagram of example;
Fig. 5 is bridge module 1, bridge module 2 and the bridge of the gateway device based on linux kernel of embodiment illustrated in fig. 4
The structure diagram of one of connection module 3 embodiment;
Fig. 6 be embodiment illustrated in fig. 5 the gateway device based on linux kernel bridge module br1, br2 and br3 its
The structure diagram of middle one embodiment;
Fig. 7 is wherein the one of the data packet tag and Untag of the gateway device based on linux kernel of embodiment illustrated in fig. 2
The flow diagram of a embodiment;
Fig. 8 is the flow diagram for the communication means that an embodiment provides;
Fig. 9 is the flow diagram of one of the step S130 in Fig. 8 illustrated embodiments embodiments.
Specific implementation mode
To facilitate the understanding of the present invention, below with reference to relevant drawings to invention is more fully described.In attached drawing
Give presently preferred embodiments of the present invention.But the present invention can realize in many different forms, however it is not limited to this paper institutes
The embodiment of description.Keep the understanding to the disclosure more thorough on the contrary, purpose of providing these embodiments is
Comprehensively.
Unless otherwise defined, the skill of all of technologies and scientific terms used here by the article and the technical field for belonging to invention
The normally understood meaning of art personnel is identical.Description to be intended merely in the term used in the description of invention specific herein
The purpose of embodiment, it is not intended that the limitation present invention.Term as used herein "and/or" includes one or more relevant institutes
Any and all combinations of list of items.
Referring to FIG. 1, an embodiment provides a kind of gateway device based on linux kernel.The gateway device 100 has
There are multiple lan ports 130 and a WAN port 140.Wherein, lan port 130 is indicated with LAN, WAN port
140 are indicated with WAN.In the present embodiment, four lan ports 130 and WAN port 140 are respectively divided different
In Vlan groups.Four lan ports 130 be ACCESS mouthful and PVID be respectively configured as 1,2,3,4, LAN1 expression LANs end
1, LAN2 of mouth indicates that lan port 2, LAN3 indicate that lan port 3, LAN4 indicate lan port 4, lan port 140
It is TRUNCK mouthfuls.Referring to FIG. 2, lan port 130 is connect with multiple terminal devices, WAN port 140 connects with server
It connects.Terminal device can be the network equipments such as VOIP, IPTV, Internet.Server can be media server, network service
The network equipments such as device, voice server.Referring to FIG. 3, LAN1 is connect with terminal device VOIP, LAN2 connects with terminal device IP TV
It connects, LAN3, LAN4 and terminal device Internet connections.I.e. corresponding data packet between LAN1 and terminal device VOIP,
It is transmitted between LAN2 and terminal device IP TV, between LAN3, LAN4 and terminal device Internet.Herein with terminal device
To be illustrated for VOIP, other-end equipment is similar.
Referring to FIG. 2, the gateway device 100 includes the first device port 110, connect at least one lan port 130
It connects.In the present embodiment, the first device port 110 is connect with LAN1, LAN2, LAN3, LAN4 respectively.Wherein, the first equipment end
Mouth 110 can be indicated with eth2.First device port 110 is for fictionalizing at least one virtual LAN port 112.In this implementation
In example, the first device port 110 fictionalizes four virtual LAN ports 112, i.e. virtual LAN port 1, virtual LAN
Port 2, virtual LAN port 3, virtual LAN port 4.Wherein, referring to FIG. 3, eth2.1 indicates virtual LAN port
1, eth2.2 indicates that virtual LAN port 2, eth2.3 indicate that virtual LAN port 3, eth2.4 indicate virtual LAN end
Mouth 4.
First device port 110 is additionally operable to receive the data packet of the transmission of at least one lan port 130, and will be after processing
Data packet be sent to corresponding virtual LAN port 112.Specifically, with continued reference to FIG. 3, the first device port
110eth2 receives the data packet of LAN1, LAN2, LAN3, LAN4 transmission respectively, and carries out corresponding position to received data packet
Reason, then data packet is sent to corresponding eth2.1, eth2.2, eth2.3, eth2.4 by treated.Receive the data of LAN1
Packet, eth2.1 is sent to after processing by the data packet, correspondingly, receiving the data packet of LAN2, is sent the data packet after processing
To eth2.2, the data packet of LAN3 is received, the data packet is sent to eth2.3 after processing, receives the data packet of LAN4, is handled
The data packet is sent to eth2.4 afterwards.
First device port 110 is additionally operable to receive the data packet that at least one virtual LAN port 112 is sent, and will place
Data packet after reason is sent to corresponding lan port 130.Specifically, with continued reference to FIG. 3, the first device port 110 divides
Not Jie Shou the data packet that sends of eth2.1, eth2.2, eth2.3, eth2.4, and carry out respective handling, then will treated data
Packet is sent to corresponding LAN1, LAN2, LAN3, LAN4.The data packet, is sent to by the data packet for receiving eth2.1 after processing
The data packet is sent to LAN2 after processing, receives the data packet of eth2.3 by LAN1 correspondingly, receiving the data packet of eth2.2,
The data packet is sent to LAN3 after processing, receives the data packet of eth2.4, the data packet is sent to LAN4 after processing.
With continued reference to FIG. 2, the second device port 120, connect with WAN port 140.Specifically, the gateway device
100 include the second device port 120, and the second device port 120 is connect with WAN, i.e., data packet is in 120 He of the second device port
It is transmitted between WAN.Wherein, the second device port 120 can be indicated with eth3.Second device port 120 for fictionalize to
A few virtual MAN port.In the present embodiment, please continue to refer to Fig. 2 and Fig. 3, the second device port 120 fictionalizes three
A virtual MAN port, i.e. virtual MAN port 1, virtual MAN port 2, virtual MAN port 3.Wherein,
Eth3.100 indicates that virtual MAN port 1, eth3.200 indicate that virtual MAN port 2, eth3.300 indicate virtual wide area
Net port 3.
Second device port 120 is additionally operable to receive the data packet of the transmission of the WAN port 140, and will treated number
It is sent to corresponding virtual MAN port 122 according to packet.Specifically, please continue to refer to Fig. 2 and Fig. 3, the second device port receives
The data packet that WAN is sent, and respective handling is carried out to received data packet, then data packet is sent to accordingly by treated
eth3.100、eth3.200、eth3.300.That is eth3 receives the data packet that WAN is sent, and is sent to the data packet after processing
The data packet is sent to eth3.200, eth3 connects by eth3.100 correspondingly, eth3 receives the data packet that WAN is sent after processing
The data packet that WAN is sent is received, the data packet is sent to eth3.300 after processing.
Second device port is additionally operable to receive the data packet that virtual MAN port 122 is sent, and will treated data
Packet is sent to WAN port 140.Specifically, please continue to refer to Fig. 2 and Fig. 3, the second device port receive eth3.100,
The data packet that eth3.200, eth3.300 are sent, and respective handling is carried out, then data packet is sent to WAN by treated.At this
In embodiment, received data packet is sent to eth3 by eth3.100, eth3.200, eth3.300 respectively, after eth3 processing
The data packet is sent to WAN again.
In at least one virtual LAN port 112 each with and only with a virtual MAN port 122 it is corresponding
Binding.Specifically, each virtual LAN port 112 carries out corresponding binding, Ke Yili with a virtual MAN port 122
Solution, the binding corresponding with a virtual MAN port 122 of each virtual LAN port 112, can also be virtual
Several bindings corresponding with a virtual MAN port 122 in lan port 112, remaining virtual LAN port 112
Binding corresponding with other WAN ports 140 respectively, as long as ensuring a virtual LAN port 112 to corresponding one virtually
WAN port 122.In the present embodiment, with continued reference to FIG. 3, eth2.1 bindings corresponding with eth3.100, eth2.2
Binding corresponding with eth3.200, eth2.3, eth2.4 binding corresponding with eth3.300.That is, eth2.1 is by the number of reception
It is sent to eth3.100 according to packet, the data packet of reception is sent to eth2.1 by eth3.100;Eth2.2 sends out the data packet of reception
It send to eth3.200, eth3.200 and the data packet of reception is sent to eth2.2;Eth2.3, eth2.4 send out the data packet of reception
It send to eth3.300, eth3.300 and the data packet of reception is sent to eth2.3, eth2.4.
The above-mentioned gateway device 100 based on linux kernel, the first device port 110 fictionalize at least one virtual local area
Port 112 is netted, the second device port fictionalizes at least one virtual MAN port 122, then will be in virtual LAN port 112
Each with and only with a virtual MAN port 122 it is corresponding binding, to realize different data packets according to different
Routing is directly transmitted between WAN port 140 and lan port 130, needs normal IGMP proxy functions.It is logical
It crosses IGMP proxy daemon and safeguards multicast management protocol between different WAN ports and LAN port set, and get through
Multicast Routing, to realize that the multicast packet to come from different WAN ports can be forwarded to the lan port of binding.
In one embodiment, referring to FIG. 4, the gateway device 100 further includes at least one bridge module 150.Wherein, bridge
Connection module 150 can be indicated with br.In the present embodiment, referring to FIG. 5, bridge module 150 includes bridge module 1, bridge module
2, bridge module 3, i.e. br1 indicate that bridge module 1, br2 indicate that bridge module 2, br3 indicate bridge module 3.
Bridges forward table is established between at least one bridge module 150 and at least one virtual LAN port 112, and extremely
Establishment strategy routing table between a few virtual MAN port 122.Specifically, referring to FIG. 5, bridge module 150 with
One virtual LAN port 112 or several virtual LAN ports 112 establish bridges forward table there are correspondence, simultaneously
One bridge module 150 and a virtual MAN port 122 the establishment strategy routing table there are correspondence.In the present embodiment
In, referring to FIG. 6, between eth2.1 and br1, between eth2.2 and br2, between eth2.3 and eth2.4 and br3 establish bridge joint
Forwarding table.Between br1 and eth3.100, between br1 and eth3.100, establishment strategy routing table between br1 and eth3.100.
At least one bridge module 150 is used to, according to bridges forward table, receive corresponding at least one virtual LAN end
The data packets that mouth 112 is sent, and according to policybased routing table, forward the packet to corresponding virtual MAN port 122.Also use
According to policybased routing table, the data packet that corresponding at least one virtual MAN port 122 is sent is received, and according to bridge
Switch through and deliver, forwards the packet to corresponding virtual LAN port 112.
In the present embodiment, with continued reference to FIG. 6, br1 receives eth2.1 and send according to the correspondence of bridges forward table
Data packet, and according to policybased routing table, which is forwarded to eth3.100;Br2 is closed according to the corresponding of bridges forward table
System receives the data packet that eth2.2 is sent, and according to policybased routing table, which is forwarded to eth3.200;Br3 is according to bridge
Switch through the correspondence delivered, the data packet that eth2.3 and eth2.4 is sent is received, and according to policybased routing table, by the data packet
It is forwarded to eth3.300.Similarly br1 receives the data packet that eth3.100 is sent, and root according to the correspondence of policybased routing table
According to bridges forward table, which is sent to eth2.1;Br2 receives eth3.200 according to the correspondence of policybased routing table
The data packet of transmission, and according to bridges forward table, which is sent to eth2.2;Br3 is according to the correspondence of policybased routing table
Relationship receives the data packet that eth3.300 is sent, and according to bridges forward table, by the data packet be sent to eth2.3 and
eth2.4。
In one embodiment, at least one virtual LAN port 112 is that the first device port 110 is based on linux kernel
Vlan functions and vconfig tools fictionalize come.Specifically, Vlan functions based on linux kernel 3.0 itself and
Vconfig tools fictionalize corresponding 4 vlan device ports on the port eth2 of device drives:eth2.1、eth2.2、
eth2.3、eth2.4.Specific implementation is vconfig add eth2.1;vconfig add eth2.2;vconfig add
eth2.3。
In one embodiment, at least one virtual MAN port 122 is the second device port based on linux kernel
Vlan functions and vconfig tools fictionalize next.Specifically, Vlan functions based on linux kernel 3.0 itself and
Vconfig tools fictionalize corresponding 3 vlan device ports on the port eth3 of device drives:eth3.100、
eth3.200、eth3.300.In the present embodiment, specific implementation is vconfig add eth3.100;vconfig add
eth3.200;vconfig add eth3.300.
In one embodiment, at least one bridge module 150 is soft bridge function and brctl tools based on linux kernel
It establishes, is additionally operable to carry out two layers of isolation between the data packet that at least one virtual LAN port 112 is received or sent.Tool
Body, the soft bridge function based on linux kernel itself and brctl tools, eth2.1, eth2.2, eth2.3, eth2.4 bridge
Connection module 150 carries out mutually two layers of isolation, so that the data packet that a virtual LAN port 112 receives or sends will not reach
Other virtual LAN ports 112.
In the present embodiment, br1 is corresponding with eth2.1, br2 and eth2.2 are corresponding, br3 and eth2.3 and eth2.4
Corresponding, i.e. the data packet that eth2.1 is received or sent passes through br1, and the data packet that eth2.2 is received or sent passes through br2,
The data packet that eth2.3 and eth2.4 is received or sent is avoided by br3 to realize two layers between data packet isolation
Data packet is mutually mixed between different virtual LAN port 112.Specific implementation is as follows, for br1:brctl
addbr br1;brctl addif br1eth2.1;For br2:brctl addbr br2;brctl addif
br2eth2.2;For br3:brctl addbr br3;brctl addif br3eth2.3eth2.4.After success configures:It is soft
It is logic isolation that the data packet of bridge br1 transmitting-receivings, which is all without tag, and with br2, br3,.Data packet is in br1 and WAN side
It is transmitted mutually between eth3.100, relies primarily on the policybased routing table configuration subsequently introduced and forwarded mutually.
In one embodiment, component omcproxy is increased income to realize multicast agent function using Linux, need corresponding
Be carried out at the same time agency on the soft bridge of br1, br2, br3, bind respectively WAN side Vlan equipment eth3.100, eth3.200,
eth3.300.Implementing to be:Omcproxy eth3.300, br3, scope=realm eth3.200, br2, scope
=realm eth3.100, br1, scope=realm.Wherein, Omcproxy is the application layer of an IGMP proxy
daemon.As described above, multicast agent daemon needs to specify a up going port, it is exactly that eth3.300 this equipment connects here
Mouthful.Multicast agent daemon needs one specified/multiple down going port, is exactly this downstream interface of br3 here.Scope=
Realm, the minimum multicast thresholding of agency are exactly the specified multicast address range that can be acted on behalf of;Similar A classes, Class B IP address it is general
It reads.After success configures:The multicast on demand service of VOIP terminal devices, can only receive the data packet from WAN side VLAN100,
IPTV terminal equipment is similar can only to receive the data packet from VLAN 200.
In one embodiment, the first device port 110 is used to receive the tape identification of the transmission of at least one lan port 130
Data packet, and record the virtual LAN port 112 for the data packet for receiving the tape identification, then the data packet of the tape identification gone
Fall mark, obtains the data packet of not tape identification, and the data packet is sent to recorded virtual LAN port 112.At this
In embodiment, referring to FIG. 7, by taking eth2 as an example, data packet of the LAN1 transmissions with Vlan1tag to eth2, eth2 receives the number
After packet, record receive the data packet equipment interface be eth2.1, while the data packet eth2 receiver function _ _
Untag is carried out inside netif_receive_skb, to obtain the data packet without Vlan1tag, then because eth2.1 is
Inside br1, so data packet can be further continued for away the data packet forwarding process of the soft bridges of linux, arrived if it is routing forwarding is needed
The data packet of WAN side, br1 can select suitably to route is routed to WAN side Vlan equipment eth3.100 again.
First device port 110 is additionally operable to receive the number for the not tape identification that at least one virtual MAN port 122 is sent
According to packet, by the data packet of the not tape identification plus mark, the data packet of tape identification is obtained, and the data packet of the tape identification is sent
To corresponding lan port 130.Wherein, the mark includes lan port information.In the present embodiment, referring to FIG. 7,
By taking eth2 as an example, when being routed through the data packet arrival br1 for the not tape identification come from WAN side eth3.100, br1 can turn according to bridge joint
It delivers and data is forwarded a packet to eth2.1, the dev_hard_start_xmit functions of eth2.1 can do data packet the mark for beating tag
Know, and the data packet is sent to eth2, eth2 is sent can carry out tag operations inside function according to mark, obtain band
The data packet is finally sent to Vlan1 by the data packet of Vlan1tag.Second device port has with the first device port 110
Similar situation, specifically please refers to Fig. 7.
In one embodiment, policybased routing table includes the IP address of at least one virtual MAN port 122.According to IP
One-to-one relationship is established in location between at least one bridge module 150 and at least one virtual MAN port 122.Specifically
Ground, policybased routing table are stored with the IP address of virtual MAN port 122, according to the IP address, to by bridge module 150 with
Virtual MAN port 122 corresponds.That is, according to the IP address, data have been surrounded by the routed path determined, to
Realize the binding of routing.
In the present embodiment, it is only illustrated between br1 and eth3.100 here, other are similar.Assuming that
The IP address of eth3.100 is:192.168.10.100/255.255.255.0.
Policybased routing is implemented as:
ip-4route add 192.168.10.0/255.255.255.0dev eth3.100table 100
ip-4route add default dev eth3.100via 192.168.10.100table 100
ip rule add iif br1table 100
ip rule add from all oif eth3.100lookup 100。
The data packet for being sent to the address 192.168.10.0/24 network segments all passes through eth3.100, is sought using No. 100 routing tables
Look for routing;It is acquiescence network interface card that eth3.100 is arranged under Ipv4, and addition routing is in No. 100 routing tables
192.168.10.100;Newly-increased routing policy, the data packet come in from br1 are route using No. 100 routing table lookups;It is all from
The data packet gone out in eth3.100 inquires No. 100 routing tables and finds routing.After success configures:Br1 and eth3.100 is more
Policybased routing table 100, the route table items of the packet priority that br1 is route away match query inside No. 100 routing tables.And
It is routed back to the data packet come from eth3.100 and looks into default router table 255.The binding of routing is thereby realized, ensures terminal device
VOIP send data packet can only routing forwarding stamp the tag of vlan 100 to WAN side eth3.100, and then in eth3.100,
Then it is sent from WAN mouthfuls.
In one embodiment, in such a way that Linux increases income the more case process of component dnsmasq, each dnsmasq is responsible for
The DNS request of each soft bridge of agency, and DNS request is forwarded to by above-mentioned policybased routing by corresponding WAN side Vlan equipment
In.Specific implementation can be that the part for the VOIP that illustrates is as follows:/usr/sbin/dnsmasq–C/var/etc/dnsmasq_
voip.conf
The key configuration parameters of dnsmasq_voip.conf are:
Interface=br1 (DNS request for acting on behalf of all users of the soft bridge br1 of LAN side)
[email protected] (are forwarded to the server of WAN side Vlan 100 by policybased routing
172.24.11.10)
In one embodiment, bridges forward table is used at least one bridge module 150 and at least one virtual LAN
Correspondence is established between port 112.Specifically, bridges forward table by each bridge module 150 and virtual LAN port 112 it
Between establish correspondence, i.e. a virtual LAN port 112 can only correspond to a bridge module 150.In the present embodiment,
Eth2.1 corresponds to br1, and eth2.2 corresponds to br2, eth2.3 and eth2.4 and corresponds to br3.
Referring to FIG. 8, an embodiment provides a kind of communication means.The communication means includes:
Step S110 establishes the first device port 110 and the second device port, the first device port 110 and LAN end
Mouth 130 connects, and the second device port is connect with WAN port 140.Wherein, lan port 130 is indicated with LAN, wide area network
Port 140 is indicated with WAN.In the present embodiment, LAN1 indicates that lan port 1, LAN2 indicate lan port 2, LAN3 tables
Show that lan port 3, LAN4 indicate lan port 4.First device port 110 can be indicated with eth2.Second device port can
It is indicated with eth3.Eth2 is separately connected LAN1, LAN2, LAN3, LAN4.Eth3 connections WAN.
Step S120, the first device port fictionalize at least one virtual LAN port 112, and the second device port is virtual
Go out at least one WAN port 140.In the present embodiment, the first device port 110 fictionalizes four virtual LAN ports
112, i.e. virtual LAN port 1, virtual LAN port 2, virtual LAN port 3, virtual LAN port 4.Wherein,
Eth2.1 indicates that virtual LAN port 1, eth2.2 indicate that virtual LAN port 2, eth2.3 indicate virtual LAN port
3, eth2.4 indicate virtual LAN port 4.Second device port fictionalizes three virtual MAN ports 122, i.e., virtual wide
Net port 1, virtual MAN port 2, virtual MAN port 3 in domain.Wherein, eth3.100 indicates virtual MAN port 1,
Eth3.200 indicates that virtual MAN port 2, eth3.300 indicate virtual MAN port 3.
Step S130 is established between at least one virtual LAN port 112 and at least one virtual MAN port 122
Binding relationship table.Wherein, binding relationship table make at least one virtual LAN port 112 each with and only with one
A virtual MAN port 122 corresponds to binding.Specifically, by each virtual LAN port 112 and each virtual MAN port 122
Corresponding binding, establishes binding relationship table, while a virtual LAN port 112 can only be with a virtual MAN port 122
Corresponding binding.In the present embodiment, eth2.1 bindings corresponding with eth3.100, eth2.2 bindings corresponding with eth3.200,
Eth2.3, eth2.4 binding corresponding with eth3.300.That is, the data packet of reception is sent to eth3.100 by eth2.1,
The data packet of reception is sent to eth2.1 by eth3.100;The data packet of reception is sent to eth3.200 by eth2.2,
The data packet of reception is sent to eth2.2 by eth3.200;The data packet of reception is sent to eth3.300 by eth2.3, eth2.4,
The data packet of reception is sent to eth2.3, eth2.4 by eth3.300.
Step S140 is communicated according to binding relationship table between lan port 130 and WAN port 140.Specifically
Ground, which establishes the connection between virtual LAN port 112 and virtual MAN port 122, to realize
Communication between lan port 130 and WAN port 140.
In one embodiment, referring to FIG. 9, step S130 includes:
Step S131 establishes at least one bridge module 150.Wherein, bridge module 150 can be indicated with br.In this implementation
In example, bridge module 150 includes bridge module 1, bridge module 2, bridge module 3, i.e. br1 indicates that bridge module 1, br2 indicate
Bridge module 2, br3 indicate bridge module 3.
Step S132 establishes the bridge joint between at least one bridge module 150 and at least one virtual LAN port 112
The policybased routing table of forwarding table and at least one bridge module 150 also between at least one virtual MAN port 122.Specifically
There are correspondences for ground, a bridge module 150 and a virtual LAN port 112 or several virtual LAN ports 112
And bridges forward table is established, while a bridge module 150 is established with a virtual MAN port 122 there are correspondence
Policybased routing table.In the present embodiment, between eth2.1 and br1, between eth2.2 and br2, eth2.3 and eth2.4 and br3 it
Between establish bridges forward table.Plan is established between br1 and eth3.100, between br1 and eth3.100, between br1 and eth3.100
Slightly routing table.
Step S133, according to bridges forward table and policybased routing table, establish at least one virtual LAN port 112 with extremely
Communication between a few virtual MAN port 122.In the present embodiment, br1 connects according to the correspondence of bridges forward table
The data packet that eth2.1 is sent is received, and according to policybased routing table, which is forwarded to eth3.100;Br2 turns according to bridge joint
The correspondence delivered receives the data packet that eth2.2 is sent, and according to policybased routing table, which is forwarded to
eth3.200;Br3 receives the data packet that eth2.3 and eth2.4 is sent, and according to plan according to the correspondence of bridges forward table
Slightly routing table, eth3.300 is forwarded to by the data packet.Similarly br1 is received according to the correspondence of policybased routing table
The data packet that eth3.100 is sent, and according to bridges forward table, which is sent to eth2.1;Br2 is according to policybased routing
The correspondence of table receives the data packet that eth3.200 is sent, and according to bridges forward table, which is sent to
eth2.2;Br3 receives the data packet that eth3.300 is sent according to the correspondence of policybased routing table, and according to bridges forward table,
The data packet is sent to eth2.3 and eth2.4, to realize virtual LAN port 112 and virtual MAN port 122 it
Between communication.
In one embodiment, at least one virtual LAN port 112 is that the first device port 110 is based on linux kernel
Vlan functions and vconfig tools fictionalize come.Specifically, Vlan functions based on linux kernel 3.0 itself and
Vconfig tools fictionalize corresponding 4 vlan device ports on the port eth2 of device drives:eth2.1、eth2.2、
eth2.3、eth2.4.Specific implementation is vconfig add eth2.1;vconfig add eth2.2;vconfig add
eth2.3。
In one embodiment, at least one virtual MAN port 122 is the second device port based on linux kernel
Vlan functions and vconfig tools fictionalize next.Specifically, Vlan functions based on linux kernel 3.0 itself and
Vconfig tools fictionalize corresponding 3 vlan device ports on the port eth3 of device drives:eth3.100、
eth3.200、eth3.300.In the present embodiment, specific implementation is vconfig add eth3.100;vconfig add
eth3.200;vconfig add eth3.300.
Each technical characteristic of embodiment described above can be combined arbitrarily, to keep description succinct, not to above-mentioned reality
It applies all possible combination of each technical characteristic in example to be all described, as long as however, the combination of these technical characteristics is not deposited
In contradiction, it is all considered to be the range of this specification record.
Several embodiments of the invention above described embodiment only expresses, the description thereof is more specific and detailed, but simultaneously
It cannot therefore be construed as limiting the scope of the patent.It should be pointed out that coming for those of ordinary skill in the art
It says, without departing from the inventive concept of the premise, various modifications and improvements can be made, these belong to the protection of the present invention
Range.Therefore, the protection domain of patent of the present invention should be determined by the appended claims.
Claims (10)
1. a kind of gateway device based on linux kernel, which is characterized in that the equipment includes:
First device port is connect at least one lan port, for fictionalizing at least one virtual LAN port, also
The data packet sent for receiving at least one lan port, and will treated that data packet is sent to is corresponding virtual
Lan port, is additionally operable to receive the data packet that at least one virtual LAN port is sent, and will treated data
Packet is sent to corresponding lan port;
Second device port, connect with WAN port, for fictionalizing at least one virtual MAN port, is additionally operable to receive
The data packet that the WAN port is sent, and by treated, data packet is sent to corresponding virtual MAN port, also uses
In the data packet for receiving the virtual MAN port transmission, and data packet is sent to the WAN port by treated;
In at least one virtual LAN port each with and only with a virtual MAN port it is corresponding binding.
2. gateway device according to claim 1, which is characterized in that the equipment further includes at least one bridge module;
Establish bridges forward table between at least one bridge module and at least one virtual LAN port, with it is described at least
Establishment strategy routing table between one virtual MAN port;At least one bridge module is used for according to the bridges forward
Table receives the data packet that corresponding at least one virtual LAN port is sent, and according to the policybased routing table, by institute
It states data packet and is forwarded to corresponding virtual MAN port;It is additionally operable to, according to the policybased routing table, receive the corresponding institute
The data packet that at least one virtual MAN port is sent is stated, and according to the bridges forward table, the data packet is forwarded to
Corresponding virtual LAN port.
3. gateway device according to claim 1, which is characterized in that at least one virtual LAN port is described
Vlan function and vconfig tool of first device port based on linux kernel fictionalize come.
4. gateway device according to claim 2, which is characterized in that at least one bridge module is to be based on Linux
What the soft bridge function and brctl tools of kernel were established, it is additionally operable to that at least one virtual LAN port is received or sent
Data packet between carry out two layers isolation.
5. gateway device according to claim 1, which is characterized in that first device port for receive it is described at least
The data packet for the tape identification that one lan port is sent, and record the virtual LAN end for the data packet for receiving the tape identification
Mouthful, then mark is removed to the data packet of the tape identification, the data packet of not tape identification is obtained, and the data packet is sent to and is recorded
Virtual LAN port;First device port is additionally operable to receive at least one virtual LAN port transmission not
The data packet of tape identification obtains the data packet of tape identification by the data packet of the not tape identification plus mark, and by the tape identification
Data packet is sent to corresponding lan port;Wherein, the mark includes lan port information.
6. gateway device according to claim 2, which is characterized in that the policybased routing table includes at least one void
The IP address of quasi- WAN port;According to the IP address, at least one bridge module with it is described at least one virtual
One-to-one relationship is established between WAN port.
7. gateway device according to claim 2, which is characterized in that the bridges forward table is used for described at least one
Correspondence is established between bridge module and at least one virtual LAN port.
8. a kind of communication means, which is characterized in that including:
Establish the first device port and the second device port;First device port is connect with lan port, and described second
Device port is connect with WAN port;
First device port fictionalizes at least one virtual LAN port, and second device port fictionalizes at least one
A WAN port;
Establish the binding relationship between at least one virtual LAN port and at least one virtual MAN port
Table;Wherein, the binding relationship table make at least one lan port each with and only with a virtual MAN
Port corresponds to binding;
According to the binding relationship table, communicated between lan port and WAN port.
9. communication means according to claim 8, which is characterized in that described to establish at least one virtual LAN end
Mouthful and at least one virtual MAN port binding relationship table the step of include:
Establish at least one bridge module;
Establish the bridges forward table between at least one bridge module and at least one virtual LAN port and institute
State policybased routing table of at least one bridge module also between at least one virtual MAN port;
According to the bridges forward table and the policybased routing table, establish at least one virtual LAN port with it is described extremely
Communication between a few virtual MAN port.
10. communication means according to claim 8, which is characterized in that at least one virtual LAN port is institute
State Vlan function and vconfig tool of first device port based on linux kernel fictionalize come.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810414937.1A CN108616439B (en) | 2018-05-03 | 2018-05-03 | Gateway equipment based on Linux kernel and communication method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810414937.1A CN108616439B (en) | 2018-05-03 | 2018-05-03 | Gateway equipment based on Linux kernel and communication method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108616439A true CN108616439A (en) | 2018-10-02 |
CN108616439B CN108616439B (en) | 2020-12-01 |
Family
ID=63661939
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810414937.1A Active CN108616439B (en) | 2018-05-03 | 2018-05-03 | Gateway equipment based on Linux kernel and communication method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108616439B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110086707A (en) * | 2019-03-18 | 2019-08-02 | 普联技术有限公司 | A kind of gateway system based on dual stack |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101150480A (en) * | 2007-10-19 | 2008-03-26 | 中兴通讯股份有限公司 | A method and device for improving data forwarding performance of WAN bridge |
EP2424179A1 (en) * | 2004-07-14 | 2012-02-29 | Nippon Telegraph And Telephone Corporation | Packet transmission method and packet transmission device |
CN103078779A (en) * | 2012-12-28 | 2013-05-01 | 太仓市同维电子有限公司 | Method for realizing different internet businesses based on vlan (virtual local area network) at same interface |
CN103812746A (en) * | 2012-11-14 | 2014-05-21 | 深圳市共进电子股份有限公司 | Bridging device based on linux operation system and communication method thereof |
CN107623712A (en) * | 2016-07-15 | 2018-01-23 | Kt株式会社 | Virtual client device service in network function virtualized environment provides system and the network function virtual cloud for it |
-
2018
- 2018-05-03 CN CN201810414937.1A patent/CN108616439B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2424179A1 (en) * | 2004-07-14 | 2012-02-29 | Nippon Telegraph And Telephone Corporation | Packet transmission method and packet transmission device |
CN101150480A (en) * | 2007-10-19 | 2008-03-26 | 中兴通讯股份有限公司 | A method and device for improving data forwarding performance of WAN bridge |
CN103812746A (en) * | 2012-11-14 | 2014-05-21 | 深圳市共进电子股份有限公司 | Bridging device based on linux operation system and communication method thereof |
CN103078779A (en) * | 2012-12-28 | 2013-05-01 | 太仓市同维电子有限公司 | Method for realizing different internet businesses based on vlan (virtual local area network) at same interface |
CN107623712A (en) * | 2016-07-15 | 2018-01-23 | Kt株式会社 | Virtual client device service in network function virtualized environment provides system and the network function virtual cloud for it |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110086707A (en) * | 2019-03-18 | 2019-08-02 | 普联技术有限公司 | A kind of gateway system based on dual stack |
CN110086707B (en) * | 2019-03-18 | 2021-08-06 | 普联技术有限公司 | Gateway system based on dual protocol stacks |
Also Published As
Publication number | Publication date |
---|---|
CN108616439B (en) | 2020-12-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9166807B2 (en) | Transmission of layer two (L2) multicast traffic over multi-protocol label switching networks | |
US8098656B2 (en) | Method and apparatus for implementing L2 VPNs on an IP network | |
Kompella et al. | Virtual private LAN service (VPLS) using BGP for auto-discovery and signaling | |
US6553028B1 (en) | Method and apparatus for multicast switching using a centralized switching engine | |
EP2875615B1 (en) | Device for creating software defined ordered service patterns in a communications network | |
US6839348B2 (en) | System and method for distributing multicasts in virtual local area networks | |
US8050273B2 (en) | Lawful interception in IP networks | |
US7889748B1 (en) | Mapping a port on a packet switch appliance | |
US7826481B2 (en) | Network for supporting advance features on legacy components | |
US7843917B2 (en) | Half-duplex multicast distribution tree construction | |
US20100329252A1 (en) | Method and Apparatus for Enabling Multicast Route Leaking Between VRFs in Different VPNs | |
US9219698B2 (en) | Providing a layer-3 interface | |
CN100442770C (en) | Method for realizing muti-casting in BGP/MPLS VPN | |
US20050180440A1 (en) | Method of transporting a multipoint stream in a local area network and device for connection implementing the method | |
US9548917B2 (en) | Efficient multicast delivery to dually connected (VPC) hosts in overlay networks | |
US7944938B2 (en) | Service-specific logical interfaces for providing VPN customers access to external multicast content | |
WO2007108083A1 (en) | Relay device, communication system, communication method, and computer program | |
CN107181812A (en) | One kind accelerates agent equipment, accelerates Proxy Method and a kind of Content Management System | |
US20080186967A1 (en) | Method for supporting source-specific multicast forwarding over ethernet and device thereof | |
US20190222537A1 (en) | Modifications of headend forwarding rules to join wide area network branch hosts to multicast groups | |
Kashyap | IP over InfiniBand (IPoIB) architecture | |
CN107623636A (en) | A kind of user isolation method and interchanger | |
CN108616439A (en) | Gateway device based on linux kernel and communication means | |
US7715391B1 (en) | System and method for optimal delivery of multicast content | |
Geng et al. | Deterministic networking (DetNet) YANG model |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |