CN111786883A - Cross-VRF communication method and device - Google Patents

Cross-VRF communication method and device Download PDF

Info

Publication number
CN111786883A
CN111786883A CN202010550634.XA CN202010550634A CN111786883A CN 111786883 A CN111786883 A CN 111786883A CN 202010550634 A CN202010550634 A CN 202010550634A CN 111786883 A CN111786883 A CN 111786883A
Authority
CN
China
Prior art keywords
message
forwarding
packet
determining
vrf
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010550634.XA
Other languages
Chinese (zh)
Inventor
刘世贞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou DPTech Technologies Co Ltd
Original Assignee
Hangzhou DPTech Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou DPTech Technologies Co Ltd filed Critical Hangzhou DPTech Technologies Co Ltd
Priority to CN202010550634.XA priority Critical patent/CN111786883A/en
Publication of CN111786883A publication Critical patent/CN111786883A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/58Association of routers
    • H04L45/586Association of routers of virtual routers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/54Organization of routing tables

Abstract

The application provides a method and a device for cross-VRF communication. The cross-VRF communication method provided by the application is applied to any virtual routing forwarding instance (VRF) on a security device, wherein a public VRF and a private VRF on the security device are interconnected through a virtual interface pair, and the method comprises the following steps: when a message is received, determining forwarding information of the message; and if the output interface of the forwarding information is a virtual interface, forwarding the message to a target VRF connected with the virtual interface so that the message is processed by the target VRF. The cross-VRF communication method and device can achieve VRF mutual access.

Description

Cross-VRF communication method and device
Technical Field
The present application relates to the field of communications, and in particular, to a method and an apparatus for cross-VRF communication.
Background
In order to solve the problem of local Routing conflict in a Virtual Private Network (VPN) technology, a Virtual Routing forwarding instance (vrf) technology is applied. Specifically, the principle of the VRF technology is to create multiple VRFs on a security device, each VRF has an independent routing table/forwarding table and a physical interface belonging to the VRF, so that the multiple VRFs are isolated from each other, and the problem of local routing conflict is solved.
A plurality of VRFs on the safety equipment are mutually independent, and can isolate the flow passing through the safety equipment, so that the problem of local routing conflict is solved. However, multiple VRFs do not communicate with each other, but in some application scenarios, it is often desirable to enable communication between the VRFs. Therefore, how to implement cross-VRF communication becomes a current urgent problem to be solved.
Disclosure of Invention
In view of this, the present application provides a method and an apparatus for cross-VRF communication, so as to implement cross-VRF communication.
A first aspect of the present application provides a method of communicating across VRFs, the method being applied to any virtual route forwarding instance, VRF, on a security device, wherein a public VRF and a private VRF on the security device are interconnected through a virtual interface pair, the method comprising:
when a message is received, determining forwarding information of the message;
and if the output interface of the forwarding information is a virtual interface, forwarding the message to a target VRF connected with the virtual interface so that the message is processed by the target VRF.
A second aspect of the present application provides an apparatus for communicating across VRFs, the apparatus being applied to any virtual route forwarding instance, VRF, on a secure device, wherein a public VRF and a private VRF on the secure device are interconnected by a virtual interface pair, the apparatus comprising a determining module and a processing module, wherein,
the determining module is used for determining the forwarding information of the message when the message is received;
and the processing module is used for forwarding the message to a target VRF connected with the virtual interface when the output interface of the forwarding information is the virtual interface, so that the message is processed by the target VRF.
According to the cross-VRF communication method and device, when a message is received, the forwarding information of the message is determined, and then when the output interface of the forwarding information is a virtual interface, the message is forwarded to a target VRF connected with the virtual interface, so that the message is processed by the target VRF. In this way, VRF inter-access may be achieved.
Drawings
Fig. 1 is a schematic view of an application scenario of a method and apparatus for cross-VRF communication according to an exemplary embodiment of the present application;
FIG. 2 is a flowchart of a first embodiment of a method for cross-VRF communication provided herein;
FIG. 3 is a flowchart of a second embodiment of a method for communicating across VRFs as provided herein;
FIG. 4 is a flowchart of a third embodiment of a method for cross-VRF communication provided herein;
fig. 5 is a schematic structural diagram of a first apparatus for communicating across VRFs according to the present application.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present application, as detailed in the appended claims.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this application and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It is to be understood that although the terms first, second, third, etc. may be used herein to describe various information, such information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present application. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
A method and apparatus for communicating across VRFs is provided to enable mutually isolated VRFs on a security device to access each other.
The method and the device for cross-VRF communication provided by the embodiment can be applied to any virtual route forwarding instance VRF on the security equipment. Fig. 1 is a schematic application scenario diagram of a method and an apparatus for cross-VRF communication according to an exemplary embodiment of the present application. Referring to fig. 1, in the example shown in fig. 1, the security device includes VRF0, VRF1, and VRF2, where VRF0 is a public VRF, VRF1 and VRF2 are private VRFs, and the public VRF and the private VRFs are interconnected by a virtual interface pair. The method and apparatus provided in this embodiment may be applied to any VRF on the security device shown in fig. 1, and will be described below by taking application to VRF0 as an example.
It should be noted that the private VRF refers to a VRF that the device creates on its own initiative. Public VRFs refer to VRFs to which other physical interfaces of the device belong, in addition to the physical interfaces already assigned to private VRFs (note that, when a VRF is created, the security device assigns a physical interface to the VRF).
Specifically, when creating a private VRF, a virtual interface pair communicating with a public VRF may be created for the private VRF, for example, in connection with the example shown in fig. 1, when creating a private VRF1, a virtual interface pair Vritualf1-1 to Vritualf1-0 communicating with a public VRF0 is created for the private VRF1, where Vritualf1-1 is a virtual interface on the private VRF1, and Vritualf1-0 is a virtual interface on the public VRF, and these two virtual interfaces constitute a virtual interface pair Vritualf1-0 to Vritualf1-1 communicating between them.
In addition, when private VRF2 is created, a virtual interface pair Vritualf 2-1-Vritualf 2-0 which communicates with public VRF0 is created for private VRF2, wherein Vritualf2-1 is a virtual interface on private VRF2, Vritualf2-0 is a virtual interface on public VRF0, and the two virtual interfaces form a virtual interface pair Vritualf 2-0-Vritualf 2-1 which communicates between the two virtual interfaces
Further, after creating the virtual interface pair and interconnecting the public VRFs and the private VRFs, the static routing of the interface as the virtual interface needs to be configured in the routing table of each VRF. For example, for VRF0, a static route with an outbound interface of Vrtualf 1-0 and a static route with an outbound interface of Vrtualf 2-0 need to be configured in its routing table.
Several specific embodiments are given below to describe the technical solutions of the present application in detail, and these specific embodiments may be combined with each other, and details of the same or similar concepts or processes may not be repeated in some embodiments.
Fig. 2 is a flowchart of a first embodiment of a method for communicating across VRFs according to the present application. The method provided by the embodiment can be applied to any virtual route forwarding instance VRF on the security equipment. The following description will be given by taking an example of application to VRF 0. Referring to fig. 2, the method provided in this embodiment may include:
s201, when a message is received, determining forwarding information of the message.
Specifically, in this embodiment, when VRF0 receives a packet, forwarding information of the packet may be determined based on the routing table.
S202, if the output interface of the forwarding information is a virtual interface, forwarding the message to a target VRF connected with the virtual interface, so that the message is processed by the target VRF.
Specifically, for example, in an embodiment, an outgoing interface for forwarding information is Vritualf2-0, the outgoing interface is a virtual interface, and a target VRF connected to the virtual interface is VRF2, at this time, a packet is forwarded to VRF2 to be processed by VRF2, so that even if the packet arrives at VRF2 from VRF0, cross-VRF communication is implemented.
In a specific implementation, when the outgoing interface of the forwarding information is a virtual interface, the packet may be redirected to another virtual interface of the virtual interface pair where the virtual interface is located, so as to forward the packet to a target VRF where another interface is located.
It should be noted that, when the output interface of the forwarding device is a real physical interface, the message is forwarded from the security device through the real physical interface.
In the method provided by this embodiment, when a packet is received, by determining forwarding information of the packet and when an output interface of the forwarding information is a virtual interface, the packet is forwarded to a target VRF connected to the virtual interface, so that the target VRF processes the packet. Thus, the message can reach another VRF from one VRF, and the cross-VRF communication is realized.
Fig. 3 is a flowchart of a second embodiment of a method for communicating across VRFs according to the present application. The embodiment relates to a process for determining forwarding information of a message. Referring to fig. 3, on the basis of the foregoing embodiment, the method provided in this embodiment of determining forwarding information of a packet may include:
s301, judging whether a session matched with the message exists in a session record table.
Specifically, the session record table is used for performing link tracking, where each session corresponds to one data quantity, and each session records each forwarding information of one data traffic. Each piece of forwarding information may include a session feature (the session feature may be quintuple information), an access interface, a MAC address, NAT information, and the like.
When a message is received, the message can be analyzed, the quintuple information of the message is extracted, and the extracted quintuple information is matched with the session record table so as to judge whether a session matched with the message exists in the session record table.
S302, if the message exists, searching a fast forwarding table item matched with the message in a fast forwarding table.
Specifically, the fast forwarding table records session characteristics, service information, forwarding information, and the like, where the forwarding information may include source information (which may include an IP address and a MAC address), destination information, an ingress interface, an egress interface, and the like.
In this step, a fast forwarding table entry matched with the message can be searched in the fast forwarding table based on the session characteristics of the message.
It can be understood that a forward packet and a reverse packet of a flow may correspond to two entries in a fast forwarding table, and when a first forward packet or a first reverse packet of a flow reaches a VRF, a fast forwarding table entry matching the packet does not exist in the fast forwarding table of the VRF, at this time, forwarding information of the packet cannot be determined according to the fast forwarding table, and forwarding information of the packet can only be determined based on a slow forwarding flow (e.g., determining forwarding information based on a routing table).
And S303, if the message is found, determining the quick forwarding table entry as the forwarding information of the message.
S304, if the session matched with the message does not exist in the session record table or the quick forwarding information matched with the message is not found in the quick forwarding table, judging whether the message is a forward message.
Specifically, whether the message is a forward message may be determined based on a specific field in the message. For example, when the message includes the invite field, the message is determined to be a forward message. For another example, when the packet is a VXLAN packet, whether the packet is a forward packet may be determined based on the service chain field of the packet. Specifically, when the direction flag D in the service chain field is 0, the packet is a forward packet, and when the direction flag D is 1, the packet is a reverse packet.
S305, when the message is a forward message, inquiring a routing table item matched with the message in a routing table, and determining the routing table item as forwarding information of the message.
S306, when the message is a reverse message, if the reverse message needs path maintenance, determining forwarding information of the message according to the path maintenance information recorded in the session matched with the message, otherwise, inquiring a routing table item matched with the message in the routing table, and determining the routing table item as the forwarding information of the message.
Specifically, when there is no session matching with the reverse packet in the session record table, the reverse packet is the first packet of a data flow, and at this time, it is determined that the reverse packet does not need path maintenance, a routing table entry matching with the packet is queried in the routing table, and the routing table entry is determined as forwarding information of the packet.
Further, when there is a session matching the reverse packet in the session record table, it indicates that the reverse packet is not the first packet of a data flow (a packet that has received the data flow before). However, referring to the foregoing description, since there is no fast forwarding table entry matching the packet in the fast forwarding table, it is known that the packet is the first reverse packet (the previously received packets are all forward packets), at this time, when it is determined that the reverse packet needs path maintenance, the forwarding information of the packet is determined according to the path maintenance information recorded in the session matching the packet, otherwise, the routing table entry matching the packet is queried in the routing table, and the routing table entry is determined as the forwarding information of the packet.
It should be noted that, whether the packet needs path maintenance may be determined based on whether path maintenance information is recorded in the session matched with the packet. Specifically, when the path maintenance information is recorded, it is determined that the path maintenance is required, otherwise it is determined that the path maintenance is not required.
Specifically, the security device may record path maintaining information in a session corresponding to the forward packet to implement path maintaining of the reverse packet. The path maintaining information is used for guiding the device to determine forwarding information of the reverse message based on the path maintaining information when receiving the reverse message matched with the forward message, so as to realize path maintaining of the reverse message. It should be noted that the path maintaining information may include an ingress interface, a VLAN TAG, a source MAC, and the like when the packet enters the VRF, so that after the reverse packet enters the VRF, the ingress interface is used as an egress interface to forward the reverse packet, thereby implementing path maintaining of the reverse packet.
The method provided by the embodiment can realize cross-VRF communication under fast forwarding and can also realize cross-VRF communication under path maintenance.
Optionally, when there is no session matching with the packet in the session record, the method further includes:
and establishing a target session matched with the message in a session record.
Specifically, the information of the packet may be extracted, and a new session may be created based on the extracted information. The detailed implementation principle of the new session can be referred to the description in the related art, and is not described herein again.
Optionally, after determining the routing table entry as the forwarding information of the packet or after determining the forwarding information of the packet according to the path maintaining information, the method further includes:
updating the fast forwarding table based on the forwarding information.
Specifically, the forwarding information may be added to a fast forwarding table.
Optionally, when the packet is a forward packet, the method further includes:
determining whether the forward message needs path maintenance;
if yes, recording path keeping information and a path keeping mark in the session matched with the message.
Specifically, the specific implementation principle of how to determine whether the forward packet needs to be maintained on the path may be described in the related art, and details thereof are not described herein again.
Specifically, referring to the foregoing description, the path maintenance information may include an ingress interface, and the like. For example, in an embodiment, the ingress interface of the forward packet is Vritualf2-0, and if it is determined that the forward packet requires path maintenance, path maintenance information may be recorded in a session matching the forward packet, for example, the path maintenance information may be: the input interface is Vritualf 2-0. Further, when determining the forwarding information of the reverse packet based on the path maintenance information, it is known that the outgoing interface of the reverse packet is Vritualf 2-0.
It should be noted that, in this embodiment, it may be determined that the reverse packet needs path maintenance based on whether a session matched with the reverse packet includes a path maintenance flag.
A more specific example is given below for a detailed description of the method of communicating across VRFs provided by the present application:
fig. 4 is a flowchart of a second embodiment of a method for communicating across VRFs provided by the present application. Referring to fig. 4, on the basis of the foregoing embodiment, the method for cross-VRF communication provided in this embodiment may include:
s401, when a message is received, judging whether a target session matched with the message exists in a session record table, if not, executing a step S402, and if so, executing a step S407.
S402, creating a target session matched with the message in the session record table.
Specifically, the information of the first packet may be extracted, and a new session may be created based on the extracted information. The detailed implementation principle of the new session can be referred to the description in the related art, and is not described herein again.
And S403, judging whether the message is a forward message or not, if not, executing a step S404, and if so, executing a step S405.
S404, a routing table item matched with the message is inquired in a routing table, and the routing table item is determined as the forwarding information of the message.
S405, inquiring a routing table item matched with the message in a routing table, determining the routing table item as forwarding information of the message, and adding path keeping information and a path keeping mark in the target session when determining that the forward message needs path keeping.
S406, updating the fast forwarding table based on the forwarding information.
S407, searching a fast forwarding table item matched with the message in the fast forwarding table, if the fast forwarding table item is found, executing the step S408, and if the fast forwarding table item is not found, executing the step S409.
S408, determining the fast forwarding table as the forwarding information of the message
And S409, judging whether the message is a forward message, if so, executing a step S405, and if not, executing a step S410.
S410, when the target session contains the path keeping mark, determining the forwarding information of the message according to the path keeping information recorded in the target session, otherwise, inquiring a routing table item matched with the message in the routing table, and determining the routing table item as the forwarding information of the message.
S411, if the output interface of the forwarding information is a virtual interface, forwarding the message to a target VRF connected with the virtual interface, so that the message is processed by the target VRF.
A specific example is given below to illustrate the method of cross-VRF communication provided in this embodiment in detail:
for example, after receiving a first packet (which may be a forward packet or a reverse packet) of a flow, in step S401, the VRF0 determines that there is no target session matching the packet in the session record table, determines forwarding information according to the routing table, creates a new target session matching the packet in the session record table, and adds the determined forwarding information in the fast forwarding table, so that when an nth packet of the flow is received, the forwarding information of the nth packet can be determined based on the fast forwarding table.
Further, if the first packet is a forward packet, when it is determined that the forward packet needs path maintenance, path maintenance information and a path maintenance flag may be recorded in a session matched with the packet. In this way, when the nth message is received and the nth message is the first reverse message (the first n-1 messages are all forward messages), the forwarding information of the nth message can be determined based on the path keeping information.
The first message is taken as a forward message as an example for explanation. In this example, after passing through steps S404 and S406, the session matching the packet has the path holding information and the path holding flag recorded therein, and the fast forwarding table has the fast forwarding table entry matching the forward packet recorded therein.
In connection with the above example, for example, when VRF0 receives the 2 nd packet of the traffic (for example, the 2 nd packet is a forward packet), in step S401, it is determined that the target session matching the packet exists in the session record table, in this case, step S407 is executed, and further, in step S407, a fast forwarding table entry matching the packet is searched in the fast forwarding table. Since the 2 nd packet is a forward packet and is not the first forward packet (see the foregoing description, a fast forwarding table entry matching the forward packet already exists in the fast forwarding table), at this time, the fast forwarding table entry matching the packet can be found in the fast forwarding table, and therefore, in this example, the found fast forwarding table entry is determined as forwarding information of the 2 nd packet.
For another example, in another possible implementation manner, if the VRF0 receives the 3 rd packet of the traffic (for example, the 3 rd packet is a reverse packet), at this time, in step S401, it is determined that the target session matched with the packet exists in the session record table, at this time, step S407 is executed, and further, in step S407, the fast forwarding table entry matched with the packet is searched in the fast forwarding table. Since the 3 rd packet is a reverse packet and is the first reverse packet (all received packets are forward packets, see the above description, at this time, only the fast forwarding table entry matching the forward packet exists in the fast forwarding table, and no fast forwarding table entry matching the reverse packet exists in the fast forwarding table), at this time, the fast forwarding table entry matching the 3 rd packet is not found in the fast forwarding table, at this time, step S410 is executed, in step S410, it is determined that the target session includes the path maintenance flag, and at this time, the forwarding information of the packet is determined according to the path maintenance information recorded in the target session.
The method provided by the application not only can realize cross-VRF communication during slow forwarding, but also can realize cross-VRF communication under fast forwarding and path maintenance. In this way, for a multilink scenario, based on the cross-VRF communication under path maintenance provided by the present embodiment, the back packet path may be consistent with the request packet path.
Corresponding to the foregoing embodiments of the method of communicating across VRFs, the present application also provides embodiments of an apparatus for communicating across VRFs.
Fig. 5 is a schematic structural diagram of a first apparatus for communicating across VRFs according to the present application. Referring to fig. 5, the apparatus provided in this embodiment is applied to any virtual routing forwarding instance VRF on a security device, where a public VRF and a private VRF on the security device are interconnected through a virtual interface pair, and the apparatus includes a determining module 510 and a processing module 520, where,
the determining module 510 is configured to determine forwarding information of a packet when the packet is received;
the processing module 520 is configured to forward the packet to a target VRF connected to the virtual interface when the outgoing interface of the forwarding information is a virtual interface, so that the target VRF processes the packet.
The apparatus of this embodiment may be used to implement the technical solution of the method embodiment shown in fig. 2, and the implementation principle and the technical effect are similar, which are not described herein again.
Further, the determining module 510 is specifically configured to:
judging whether a session matched with the message exists in a session record table or not;
if the forwarding table exists, searching a fast forwarding table item matched with the message in a fast forwarding table;
and if the message is found, determining the quick forwarding table entry as the forwarding information of the message.
Further, if there is no session matching the packet in the session record table or the fast forwarding information matching the packet is not found in the fast forwarding table, the determining module 410 is further specifically configured to:
when the message is a forward message, inquiring a routing table item matched with the message in a routing table, and determining the routing table item as forwarding information of the message;
and when the message is a reverse message, if the reverse message needs path maintenance, determining forwarding information of the message according to the path maintenance information recorded in the session matched with the message, otherwise, inquiring a routing table item matched with the message in the routing table, and determining the routing table item as the forwarding information of the message.
Further, the processing module 520 is further configured to update the fast forwarding table based on the forwarding information after determining the routing table entry as the forwarding information of the packet or after determining the forwarding information of the packet according to the path maintaining information.
Further, the determining module 510 is further configured to determine whether the forward packet needs path maintenance when the packet is a forward packet;
the processing module 520 is further configured to record path maintaining information in a session matched with the packet when the determining module 510 determines that the forward packet needs path maintaining.
Further, the processing module 520 is further configured to add a path maintenance mark in a session matched with the packet after the determining module 510 determines that the forward packet requires path maintenance;
the determining that the reverse packet requires path maintenance includes:
and when a session matched with the reverse message exists in the session record and the session contains a path maintenance mark, determining that the reverse message needs path maintenance.
The above description is only exemplary of the present application and should not be taken as limiting the present application, as any modification, equivalent replacement, or improvement made within the spirit and principle of the present application should be included in the scope of protection of the present application.

Claims (10)

1. A method of communicating across VRFs, the method being applied to any virtual route forwarding instance, VRF, on a secure device, wherein a public VRF and a private VRF on the secure device are interconnected by a virtual interface pair, the method comprising:
when a message is received, determining forwarding information of the message;
and if the output interface of the forwarding information is a virtual interface, forwarding the message to a target VRF connected with the virtual interface so that the message is processed by the target VRF.
2. The method of claim 1, wherein the determining forwarding information of the packet comprises:
judging whether a session matched with the message exists in a session record table or not;
if the forwarding table exists, searching a fast forwarding table item matched with the message in a fast forwarding table;
and if the message is found, determining the quick forwarding table entry as the forwarding information of the message.
3. The method of claim 2, wherein if there is no session matching the packet in the session record table or no fast forwarding table entry matching the packet is found in the fast forwarding table, the method further comprises:
when the message is a forward message, inquiring a routing table item matched with the message in a routing table, and determining the routing table item as forwarding information of the message;
and when the message is a reverse message, if the reverse message needs path maintenance, determining forwarding information of the message according to the path maintenance information recorded in the session matched with the message, otherwise, inquiring a routing table item matched with the message in the routing table, and determining the routing table item as the forwarding information of the message.
4. The method of claim 3, wherein after determining the routing table entry as forwarding information for the packet or after determining forwarding information for the packet according to path maintenance information, the method further comprises:
updating the fast forwarding table based on the forwarding information.
5. The method of claim 3, wherein when the packet is a forward packet, the method further comprises:
determining whether the forward message needs path maintenance;
and if so, recording path keeping information in the session matched with the message.
6. The method of claim 5, wherein after determining that the forward packet requires path maintenance, the method further comprises:
adding a path keeping mark in the session matched with the message;
the determining that the reverse packet requires path maintenance includes:
and when a session matched with the reverse message exists in the session record and the session contains a path maintenance mark, determining that the reverse message needs path maintenance.
7. An apparatus for communicating across VRFs, the apparatus being applied to any virtual route forwarding instance VRF on a secure device, wherein a public VRF and a private VRF on the secure device are interconnected by a virtual interface pair, the apparatus comprising a determining module and a processing module, wherein,
the determining module is used for determining the forwarding information of the message when the message is received;
and the processing module is used for forwarding the message to a target VRF connected with the virtual interface when the output interface of the forwarding information is the virtual interface, so that the message is processed by the target VRF.
8. The apparatus of claim 7, wherein the determining module is specifically configured to:
judging whether a session matched with the message exists in a session record table or not;
if the forwarding table exists, searching a fast forwarding table item matched with the message in a fast forwarding table;
and if the message is found, determining the quick forwarding table entry as the forwarding information of the message.
9. The apparatus of claim 8, wherein if there is no session matching the packet in a session record table or no fast forwarding table entry matching the packet is found in the fast forwarding table, the determining module is further configured to:
when the message is a forward message, inquiring a routing table item matched with the message in a routing table, and determining the routing table item as forwarding information of the message;
and when the message is a reverse message, if the reverse message needs path maintenance, determining forwarding information of the message according to the path maintenance information recorded in the session matched with the message, otherwise, inquiring a routing table item matched with the message in the routing table, and determining the routing table item as the forwarding information of the message.
10. The apparatus of claim 9, wherein the processing module is further configured to update the fast forwarding table based on the forwarding information after determining the routing table entry as the forwarding information of the packet or after determining the forwarding information of the packet according to path maintenance information.
CN202010550634.XA 2020-06-16 2020-06-16 Cross-VRF communication method and device Pending CN111786883A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010550634.XA CN111786883A (en) 2020-06-16 2020-06-16 Cross-VRF communication method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010550634.XA CN111786883A (en) 2020-06-16 2020-06-16 Cross-VRF communication method and device

Publications (1)

Publication Number Publication Date
CN111786883A true CN111786883A (en) 2020-10-16

Family

ID=72755961

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010550634.XA Pending CN111786883A (en) 2020-06-16 2020-06-16 Cross-VRF communication method and device

Country Status (1)

Country Link
CN (1) CN111786883A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112511439A (en) * 2020-11-25 2021-03-16 杭州迪普科技股份有限公司 Data forwarding method, device, equipment and computer readable storage medium

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101369934A (en) * 2008-10-17 2009-02-18 北京星网锐捷网络技术有限公司 Network analogue method and system
CN102804693A (en) * 2009-06-26 2012-11-28 阿瓦雅公司 Method and apparatus for implementing L2 VPNs on an ip network
US9019962B1 (en) * 2009-12-03 2015-04-28 Juniper Networks, Inc. Tunneling from a provider edge routing device to a remote customer edge network device
CN106973016A (en) * 2017-03-15 2017-07-21 杭州迪普科技股份有限公司 Access control method, device and equipment
CN107948076A (en) * 2017-12-29 2018-04-20 杭州迪普科技股份有限公司 A kind of method and device to E-Packet
CN108738073A (en) * 2017-04-24 2018-11-02 波音公司 System and method for joint network business processing
US20190116119A1 (en) * 2017-10-17 2019-04-18 Huawei Technologies Co., Ltd. Inter-vrf routing using normal network operation model
CN110785965A (en) * 2017-06-19 2020-02-11 思科技术公司 Layer 3 authentication using virtual route forwarding containers in a network
CN110808909A (en) * 2019-10-08 2020-02-18 杭州迪普科技股份有限公司 Message processing method and device across virtual systems

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101369934A (en) * 2008-10-17 2009-02-18 北京星网锐捷网络技术有限公司 Network analogue method and system
CN102804693A (en) * 2009-06-26 2012-11-28 阿瓦雅公司 Method and apparatus for implementing L2 VPNs on an ip network
US9019962B1 (en) * 2009-12-03 2015-04-28 Juniper Networks, Inc. Tunneling from a provider edge routing device to a remote customer edge network device
CN106973016A (en) * 2017-03-15 2017-07-21 杭州迪普科技股份有限公司 Access control method, device and equipment
CN108738073A (en) * 2017-04-24 2018-11-02 波音公司 System and method for joint network business processing
CN110785965A (en) * 2017-06-19 2020-02-11 思科技术公司 Layer 3 authentication using virtual route forwarding containers in a network
US20190116119A1 (en) * 2017-10-17 2019-04-18 Huawei Technologies Co., Ltd. Inter-vrf routing using normal network operation model
CN107948076A (en) * 2017-12-29 2018-04-20 杭州迪普科技股份有限公司 A kind of method and device to E-Packet
CN110808909A (en) * 2019-10-08 2020-02-18 杭州迪普科技股份有限公司 Message processing method and device across virtual systems

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112511439A (en) * 2020-11-25 2021-03-16 杭州迪普科技股份有限公司 Data forwarding method, device, equipment and computer readable storage medium
CN112511439B (en) * 2020-11-25 2023-03-14 杭州迪普科技股份有限公司 Data forwarding method, device, equipment and computer readable storage medium

Similar Documents

Publication Publication Date Title
CN108702331B (en) Integration of SR application segments with Service Function Chaining (SFC) header metadata
US8488466B2 (en) Systems, methods, and apparatus for detecting a pattern within a data packet and detecting data packets related to a data packet including a detected pattern
EP1715630B1 (en) Method and system for implementing a high availability VLAN
US8081633B2 (en) Network node unit and method for forwarding data packets
EP3278513B1 (en) Transforming a service packet from a first domain to a second domain
CN105959254B (en) The method and apparatus for handling message
US8127349B2 (en) Point-to-multi-point/non-broadcasting multi-access VPN tunnels
CN108259303B (en) Message forwarding method and device
US9565277B2 (en) Dual-homed external network access in a distributed internet protocol (IP) router
EP2993836A1 (en) Method and device for routing data message
CN106470158B (en) Message forwarding method and device
US20130223287A1 (en) Layer two extensions
EP3322135A1 (en) Packet transmission method and device
CN107547399B (en) Multicast forwarding table item processing method and PE equipment
CN109474507B (en) Message forwarding method and device
CN111801911B (en) Traffic function chain congestion tracking
US20210234812A1 (en) Traffic broker for routing data packets through sequences of in-line tools
CN107872389A (en) Business load balance between symmetrical subnet in the networks for returning connection more
US9979698B2 (en) Local internet with quality of service (QoS) egress queuing
CN113726653B (en) Message processing method and device
CN104780090A (en) VPN multicast transmission method and device PE equipment
CN111786883A (en) Cross-VRF communication method and device
CN111711555B (en) Message processing method and device
EP3166273B1 (en) Method and system for processing service node ability
CN111010344B (en) Message forwarding method and device, electronic equipment and machine-readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20201016

RJ01 Rejection of invention patent application after publication