CN111988439B - ARP request suppression system, method, equipment and storage medium - Google Patents
ARP request suppression system, method, equipment and storage medium Download PDFInfo
- Publication number
- CN111988439B CN111988439B CN201910425783.0A CN201910425783A CN111988439B CN 111988439 B CN111988439 B CN 111988439B CN 201910425783 A CN201910425783 A CN 201910425783A CN 111988439 B CN111988439 B CN 111988439B
- Authority
- CN
- China
- Prior art keywords
- arp
- virtual machine
- virtual
- configuration information
- data center
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 230000001629 suppression Effects 0.000 title claims abstract description 37
- 238000000034 method Methods 0.000 title claims abstract description 28
- 230000004044 response Effects 0.000 claims abstract description 51
- 238000013507 mapping Methods 0.000 claims abstract description 28
- 239000003112 inhibitor Substances 0.000 claims description 46
- 238000004590 computer program Methods 0.000 claims description 9
- 230000001360 synchronised effect Effects 0.000 claims description 4
- 230000005764 inhibitory process Effects 0.000 abstract description 2
- 238000004891 communication Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 3
- 101100059544 Arabidopsis thaliana CDC5 gene Proteins 0.000 description 2
- 101100244969 Arabidopsis thaliana PRL1 gene Proteins 0.000 description 2
- 102100039558 Galectin-3 Human genes 0.000 description 2
- 101100454448 Homo sapiens LGALS3 gene Proteins 0.000 description 2
- 101150115300 MAC1 gene Proteins 0.000 description 2
- 101150051246 MAC2 gene Proteins 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 2
- 238000005538 encapsulation Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000004883 computer application Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
- 239000002699 waste material Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/10—Mapping addresses of different types
- H04L61/103—Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2101/00—Indexing scheme associated with group H04L61/00
- H04L2101/60—Types of network addresses
- H04L2101/618—Details of network addresses
- H04L2101/622—Layer-2 addresses, e.g. medium access control [MAC] addresses
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses an ARP request suppression system, in the system, an ARP suppressor is deployed in a forwarding plane of a data center, an SDN controller is deployed in a control plane of the data center, the SDN controller obtains a virtual machine configuration information table and then sends the virtual machine configuration information table to the ARP suppressor, when the ARP suppressor receives an ARP request message sent by a virtual switch, the ARP suppressor determines a second virtual machine to be accessed by a first virtual machine, a mapping table item of the second virtual machine is queried in the virtual machine configuration information table, an ARP response message is generated, and the ARP response message is returned to the first virtual machine through the virtual switch, so that the first virtual machine obtains the MAC address of the second virtual machine. By applying the technical scheme provided by the embodiment of the invention, ARP request inhibition can be effectively performed, congestion of a forwarding plane and a control plane channel is avoided, and response speed can be improved. The invention also discloses an ARP request suppression method, ARP request suppression equipment and a storage medium, which have corresponding technical effects.
Description
Technical Field
The present invention relates to the field of computer application technologies, and in particular, to an ARP request suppression system, method, device, and storage medium.
Background
With the rapid development of computer technology, the application range of virtualized networks is becoming wider and wider. In a virtualized network environment, when one virtual machine is to communicate with another virtual machine, if there is no MAC (Media Access Control ) address of the counterpart, it is necessary to acquire the MAC address of the counterpart through broadcasting of an ARP (Address Resolution Protocol ) request. Because of the larger network size of VXLAN (Virtual eXtensible LAN), scalable virtual local area networks (vlan's), a large number of broadcasts will produce more traffic and waste more bandwidth. So that the problem of how to suppress ARP requests is getting more and more attention.
Currently, ARP request suppression of VXLAN is implemented based on SDN (Network Defined Software, soft-defined network) framework. When a certain virtual machine has an ARP request, the ARP request of the forwarding plane is reported to the SDN controller of the control plane, and the SDN controller automatically answers the ARP request to the virtual machine of the forwarding plane according to the collected whole network topology information without ARP broadcasting.
The method has a certain disadvantage that all ARP requests are sent to the control plane by the forwarding plane, ARP responses are sent to the forwarding plane by the control plane, and when the number of ARP requests is large, the channel congestion of the forwarding plane and the control plane is easy to cause, so that the response speed is too slow, and the normal operation of the VXLAN network is influenced.
Disclosure of Invention
The invention aims to provide an ARP request suppression system, an ARP request suppression method, ARP request suppression equipment and a storage medium, so that ARP request suppression is effectively performed, and response speed is improved.
In order to solve the technical problems, the invention provides the following technical scheme:
an ARP request suppression system comprises an ARP suppressor and a plurality of virtual switches which are deployed in a forwarding plane of a first data center, and an SDN controller which is deployed in a control plane of the first data center, wherein each virtual switch corresponds to one or more virtual machines respectively; wherein,,
the SDN controller is configured to send a virtual machine configuration information table to the ARP suppressor after obtaining the virtual machine configuration information table;
a first virtual switch of the plurality of virtual switches is configured to generate an ARP request message according to a received ARP request message of the first virtual machine; sending the ARP request message to the ARP suppressor; when an ARP response message returned by the ARP inhibitor is received, forwarding the ARP response message to the first virtual machine;
the ARP inhibitor is used for determining a second virtual machine to be accessed by the first virtual machine according to the received ARP request message; inquiring a mapping table item of the second virtual machine in the virtual machine configuration information table, and generating the ARP response message; and sending the ARP response message to the first virtual switch.
In one embodiment of the present invention,
and the first virtual switch is further used for updating a first configuration information table of the first virtual switch according to the ARP response message when receiving the ARP response message returned by the ARP inhibitor.
In one embodiment of the present invention,
and the first virtual switch is further configured to query whether a mapping table entry of the second virtual machine exists in the first configuration information table when receiving an ARP request message of the first virtual machine, and if not, execute the step of generating the ARP request message.
In one embodiment of the present invention,
the first virtual switch is further configured to generate an ARP reply message when it is determined that a mapping table entry of the second virtual machine exists in the first configuration information table, and return the ARP reply message to the first virtual machine.
In one embodiment of the present invention, at least one backup suppressor of the ARP suppressors is further included, the ARP suppressor being synchronized with information in each of the backup suppressors;
the SDN controller is further configured to select one of the backup suppressors, take over the operation of the ARP suppressor and notify all virtual switches of the first data center when it is detected that the ARP suppressor fails.
In a specific embodiment of the present invention, the system further includes a virtual special device disposed in a control plane of the first data center, where the first data center is connected to at least one second data center through the virtual special device, and the first data center and each second data center have the same structure;
the SDN controller is further configured to obtain, by using the virtual dedicated device, virtual machine configuration information of each second data center, update the virtual machine configuration information table based on the obtained virtual machine configuration information, and send the updated virtual machine configuration information table to the ARP suppressor.
An ARP request suppression method is applied to an ARP suppressor deployed in a forwarding plane of a first data center, wherein a plurality of virtual switches are also deployed in the forwarding plane of the first data center, each virtual switch corresponds to one or more virtual machines respectively, and the ARP suppressor obtains a virtual machine configuration information table sent by an SDN controller deployed in a control plane of the first data center in advance; the method comprises the following steps:
receiving an ARP request message sent by a first virtual switch, wherein the ARP request message is generated by the first virtual switch according to the received ARP request message of a first virtual machine;
determining a second virtual machine to be accessed by the first virtual machine according to the ARP request message;
inquiring a mapping table item of the second virtual machine in the virtual machine configuration information table, and generating an ARP response message;
and sending the ARP response message to the first virtual switch so as to simulate the second virtual machine through the first virtual switch to forward the ARP response message to the first virtual machine.
In one embodiment of the present invention, the method further comprises:
and receiving virtual machine configuration information of other data centers sent by the SDN controller, and updating the virtual machine configuration information table stored by the SDN controller.
An ARP request suppression device is applied to an ARP suppressor deployed in a forwarding plane of a first data center, wherein a plurality of virtual switches are also deployed in the forwarding plane of the first data center, each virtual switch corresponds to one or more virtual machines respectively, and the ARP suppressor obtains a virtual machine configuration information table sent by an SDN controller deployed in a control plane of the first data center in advance; comprising the following steps:
a memory for storing a computer program;
and the processor is used for realizing the steps of the ARP request suppression method when executing the computer program.
A computer readable storage medium having stored thereon a computer program which when executed by a processor implements the steps of the ARP request suppression method described above.
By applying the technical scheme provided by the embodiment of the invention, the ARP inhibitor is deployed in the forwarding plane of the data center, the SDN controller is deployed in the control plane of the data center, the SDN controller obtains the virtual machine configuration information table and then sends the virtual machine configuration information table to the ARP inhibitor, when the ARP inhibitor receives an ARP request message sent by any virtual switch, the ARP inhibitor determines a second virtual machine to be accessed by a first virtual machine corresponding to the ARP request message, the mapping table item of the second virtual machine is queried in the virtual machine configuration information table, an ARP response message is generated, and the ARP response message is returned to the first virtual machine through the virtual switch, so that the first virtual machine obtains the MAC address of the second virtual machine and sends a message to the second virtual machine based on the MAC address. ARP request message and ARP response message are all completed on the forwarding plane of the data center, ARP request suppression can be effectively carried out, the message transmission does not need to pass through the channels of the forwarding plane and the control plane, congestion of the forwarding plane and the control plane channels can be avoided, response speed can be improved, and normal work of the VXLAN network is prevented from being influenced.
Drawings
In order to more clearly illustrate the embodiments of the invention or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic diagram of an ARP request suppression system according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of a cross-cluster configuration of an ARP request suppression system according to an embodiment of the present invention;
FIG. 3 is a flowchart illustrating an ARP request suppression method according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of an ARP request suppression device according to an embodiment of the invention.
Detailed Description
In order to better understand the aspects of the present invention, the present invention will be described in further detail with reference to the accompanying drawings and detailed description. It will be apparent that the described embodiments are only some, but not all, embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Referring to fig. 1, a schematic structural diagram of an ARP request suppression system according to an embodiment of the present invention is provided, where the system includes an ARP suppressor 110 disposed in a forwarding plane of a first data center, a plurality of virtual switches, and an SDN controller 120 disposed in a control plane of the first data center, where each virtual switch corresponds to one or more virtual machines. As in fig. 1, virtual switch 1 corresponds to virtual machine 1, and virtual switch 2 corresponds to virtual machine 2 and virtual machine 3.
Wherein, the SDN controller 120 is configured to send the virtual machine configuration information table to the ARP suppressor 110 after obtaining the virtual machine configuration information table;
a first virtual switch of the plurality of virtual switches is configured to generate an ARP request message according to the received ARP request message of the first virtual machine; sending an ARP request message to ARP suppressor 110; when receiving the ARP response message returned by the ARP inhibitor 110, forwarding the ARP response message to the first virtual machine;
an ARP suppressor 110 for determining a second virtual machine to be accessed by the first virtual machine according to the received ARP request message; inquiring a mapping table item of the second virtual machine in the virtual machine configuration information table, and generating an ARP response message; and sending the ARP response message to the first virtual switch.
In the embodiment of the present invention, the first data center may refer to any data center to be subjected to ARP request suppression. A data center may include a forwarding plane, i.e., a data plane, and a control plane. The ARP inhibitor is deployed in a forwarding plane of the data center, the SDN controller is deployed in a control plane of the data center, and the SDN controller and the ARP inhibitor can communicate by using a set communication protocol. The virtual switches of the data center are located in the forwarding plane, and one data center can be deployed with a plurality of virtual switches, each virtual switch corresponding to one or more virtual machines. The virtual switches of the data center may specifically be distributed virtual switches (dvswitches). The communication protocol used between the SDN controller and the ARP suppressor may be netcon f (Network Configuration Protocol ), OVSDB (OpenvSwitch Database, open virtual switch database), or OpenFlow protocol, etc., which may support different protocols depending on the device.
In practical application, relevant information of a virtual machine can be statically configured through a REST API (REST style network interface, REST describes an interactive form of client side and server in a network), a virtual machine configuration information table is obtained, namely an FDB (Forwarding database ) table, and the virtual machine configuration information table is issued to an SDN controller. The virtual machine configuration information table contains mapping table entries of each virtual machine of the data center, as shown in table 1:
| VTEP1 | VXLAN1 | VLAN1 | IP1 | MAC1 |
| VTEP2 | VXLAN1 | VLAN1 | IP2 | MAC2 |
| VTEP2 | VXLAN1 | VLAN1 | IP3 | MAC3 |
TABLE 1
The first row is a mapping table item of a virtual machine with IP address of IP1 and MAC address of MAC1, and the virtual machine corresponds to a VXLAN1 and a VTEP1 endpoint of a VLAN1 network;
the second row is a mapping table entry for a virtual machine with IP address IP2 and MAC address MAC2, which corresponds to the VTEP2 endpoint of VXLAN2, VLAN2 network.
VLAN (Virtual Local Area Network ) is a group of logical devices and users, which are not limited by physical location, and may be organized according to functions, departments, applications, etc. as if they were communicating with each other in the same network segment, and is therefore called a virtual local area network. VXLAN is a network virtualization technology, which is a two-layer VPN technology based on an IP network and adopting a "MAC in UDP" encapsulation form, and is an extension to VLAN. VTEP (VXLAN Tunnel End Point ) is encapsulated in NVE (Network Visible Entities, network visual entity) for encapsulation and decapsulation of VXLAN messages.
After the SDN controller obtains the virtual machine configuration information table, the virtual machine configuration information table may be sent to the ARP suppressor using a set communication protocol. In this way, all virtual machine configuration information of the first data center is saved in the ARP suppressor.
When any one virtual machine in the data center has communication requirements for other virtual machines, an ARP request message can be sent. The first virtual machine is any virtual machine of the first data center, and when the first virtual machine has a communication requirement with the second virtual machine, the first virtual machine can send an ARP request message. The ARP request message arrives at a first virtual switch corresponding to the first virtual machine.
After the first virtual switch receives the ARP request message of the first virtual machine, the first virtual switch may generate an ARP request message according to the ARP request message. The ARP request message carries IP address information of the second virtual machine to be accessed by the first virtual machine. The first virtual switch receives the ARP request of the first virtual machine, can know the IP address of the second virtual machine to be accessed by the first virtual machine, and can generate an ARP request message in combination with information such as VXLAN, VLAN, VTEP corresponding to the first virtual machine. The ARP request message includes VXLAN, VLAN, VETP corresponding to the first virtual machine and IP address information of the second virtual machine to be accessed by the first virtual machine.
The first virtual switch further sends the generated ARP request message to the ARP suppressor.
After receiving the ARP request message sent by the first virtual machine, the ARP suppressor may determine, according to the ARP request message, a second virtual machine to be accessed by the first virtual machine, and obtain an IP address of the second virtual machine. According to the IP address of the second virtual machine, the mapping table item of the second virtual machine can be queried in the virtual machine configuration information table, and an ARP response message is generated based on the queried mapping table item of the second virtual machine. The ARP reply message may include VXLAN, VLAN, VTEP, MAC address corresponding to the second virtual machine, that is, information about the first virtual machine.
After the ARP suppressor generates the ARP reply message, the ARP reply message may be sent to the first virtual switch.
After receiving the ARP reply message returned by the ARP suppressor, the first virtual switch may forward the ARP reply message to the first virtual machine. Specifically, the first virtual switch may simulate the second virtual machine to return the ARP reply message to the first virtual machine, and inform the first virtual machine of the MAC address corresponding to the IP address of the second virtual machine to be accessed by the first virtual machine.
By applying the system provided by the embodiment of the invention, the ARP inhibitor is deployed in the forwarding plane of the data center, the SDN controller is deployed in the control plane of the data center, the SDN controller obtains the virtual machine configuration information table and then sends the virtual machine configuration information table to the ARP inhibitor, when the ARP inhibitor receives an ARP request message sent by any virtual switch, the ARP inhibitor determines a second virtual machine to be accessed by a first virtual machine corresponding to the ARP request message, the mapping table item of the second virtual machine is queried in the virtual machine configuration information table, an ARP response message is generated, and the ARP response message is returned to the first virtual machine through the virtual switch, so that the first virtual machine obtains the MAC address of the second virtual machine and sends a message to the second virtual machine based on the MAC address. ARP request message and ARP response message are all completed on the forwarding plane of the data center, ARP request suppression can be effectively carried out, the message transmission does not need to pass through the channels of the forwarding plane and the control plane, congestion of the forwarding plane and the control plane channels can be avoided, response speed can be improved, and normal work of the VXLAN network is prevented from being influenced.
In one embodiment of the present invention, the first virtual switch is further configured to update its own first configuration information table according to the ARP reply message when receiving the ARP reply message returned by the ARP suppressor.
In the embodiment of the invention, each virtual switch of the data center can obtain the configuration information table corresponding to the virtual switch through communication with the ARP inhibitor. The configuration information table in the first virtual switch is a first configuration information table, and the first configuration information table contains mapping table items of each virtual machine corresponding to the first virtual switch.
When the first virtual switch receives the ARP request message of the first virtual machine, it may first query in the first configuration information table whether there is a mapping table entry of the second virtual machine. If yes, the ARP response message can be directly generated and returned to the first virtual machine, so that the first virtual machine obtains the MAC address of the second virtual machine. If not, an ARP request message may be generated and sent to the ARP suppressor to obtain an ARP reply message returned by the ARP suppressor.
When the first virtual switch receives the ARP response message returned by the ARP inhibitor, the mapping table item of the second virtual machine can be extracted from the ARP response message according to the ARP response message, and the mapping table item of the second virtual machine is added into the first configuration information table to update the first configuration information table of the first virtual switch. That is, the first configuration information table includes both the mapping table entry of each virtual machine corresponding to the first virtual switch and the mapping table entry of the virtual machine extracted from the ARP reply message.
If the mapping table item of the virtual machine requested by the ARP request message exists in the first configuration information table, the ARP response message can be directly generated and returned to the sender of the ARP request message, the interaction between the virtual switch and the ARP inhibitor is not needed, and the response speed can be improved.
In one embodiment of the invention, the system may further comprise at least one backup suppressor of ARP suppressors, the ARP suppressors being synchronized with the information in each backup suppressor;
and the SDN controller is also used for selecting a standby inhibitor to take over the work of the ARP inhibitor and notifying all switches of the first data center when the ARP inhibitor is monitored to be faulty.
In the embodiment of the invention, one or more standby suppressors can be configured for the ARP suppressor, and when the SDN controller issues the virtual machine configuration information table to the ARP suppressor, the virtual machine configuration information table is issued to each standby suppressor at the same time, so that the ARP suppressor is synchronous with the information in each standby suppressor. When a new backup inhibitor is added, information synchronization may be performed by communicating with other backup inhibitors, ARP inhibitors, or SDN controllers.
Initially, the SDN controller may designate an ARP inhibitor as a primary inhibitor, and when it is monitored that the ARP inhibitor fails, a standby inhibitor may be selected to take over the operation of the ARP inhibitor, where the selected standby inhibitor continues to operate as the primary inhibitor. Specifically, the selection may be performed randomly or according to a preset priority. Meanwhile, the SDN controller needs to notify all virtual switches in the first data center, and notify each virtual switch that the current master inhibitor changes. So that each virtual switch sends an ARP request message to the current master inhibitor.
By configuring the ARP suppressor with a standby suppressor, the high availability of the system can be improved.
In one embodiment of the present invention, the system may further include a virtual private device disposed in a control plane of the first data center, the first data center being connected to at least one second data center through the virtual private device, the first data center and each of the second data centers being identical in structure;
the SDN controller is further configured to obtain virtual machine configuration information of each second data center through the virtual special device, update a virtual machine configuration information table based on the obtained virtual machine configuration information, and send the updated virtual machine configuration information table to the ARP suppressor.
In the embodiment of the invention, the control surface of the data center can be provided with virtual special equipment. The various data centers may be interconnected by virtual private devices. Specifically, the first data center may be connected to at least one second data center through a virtual private device, and the first data center and each second data center have the same structure.
After obtaining the configuration information of the virtual machine of the first data center where the SDN controller is located, the configuration information of the virtual machine of the first data center can be sent to other second data centers through the virtual special equipment. Virtual machine configuration information for each second data center may also be obtained through virtual private devices. The SDN controller may update a virtual machine configuration information table based on the obtained virtual machine configuration information, and send the updated virtual machine configuration information table to the ARP suppressor. In practical applications, only the update information may be transmitted. In this way, the ARP suppressor may obtain the virtual machine configuration information of the first data center where the ARP suppressor is located, and may also obtain the virtual machine configuration information of other second data centers connected to the first data center.
It should be noted that the second data center may be a plurality of different data centers. The virtual private device may be an EVPN (Ethernet Virtual Private Network ) device, as shown in fig. 2. I.e. using EVPN devices as VXLAN control planes across clusters, learning all virtual machine configuration information in the clusters.
In the embodiment of the invention, the ARP inhibitor is deployed on the forwarding surface to realize ARP request inhibition and prevent ARP flooding. The ARP inhibitor and the EVPN equipment are communicated through the SDN controller, the SDN controller is a point for issuing configuration information of all virtual machines, decoupling of the ARP inhibitor and the EVPN equipment is achieved, and flexibility is brought to other functions of the network.
Taking fig. 2 as an example, a multi-cluster ARP suppression procedure will be described. In fig. 2, the data center 1 and the data center 2 have the same structure, the mapping table of each virtual machine of the data center 1 is shown in table 1, and the mapping table of each virtual machine of the data center 2 is shown in table 2:
| VTEP3 | VXLAN2 | VLAN2 | IP4 | MAC4 |
| VTEP3 | VXLAN2 | VLAN2 | IP5 | MAC5 |
| VTEP4 | VXLAN2 | VLAN2 | IP6 | MAC6 |
TABLE 2
The SDN controller 1 in the data center 1 issues table 1 information to the EVPN1 device, the EVPN1 device sends corresponding information to the EVPN2 device of the data center 2, the EVPN2 device learns virtual machine configuration information sent by the opposite-end EVPN1 device and announces the virtual machine configuration information to the SDN controller 2, the SDN controller 2 stores virtual machine configuration information sent by the local-end EVPN2 device and issues the virtual machine configuration information to the ARP suppressor 2, and meanwhile, the SDN controller 2 also issues virtual machine configuration information of the data center 2 to the ARP suppressor 2, so that the ARP suppressor 2 stores local-end virtual machine configuration information and opposite-end virtual machine configuration information. Also, the ARP suppressor 1 in the data center 1 can obtain the home-end virtual machine configuration information and the opposite-end virtual machine configuration information. For any one ARP inhibitor, when the ARP inhibitor receives the ARP request message, the ARP inhibitor can inquire corresponding information based on a virtual machine configuration information table stored by the ARP inhibitor, and further returns an ARP response message.
Corresponding to the above system embodiment, the embodiment of the present invention further provides an ARP request suppression method, which is applied to an ARP suppressor disposed in a forwarding plane of a first data center, where a plurality of virtual switches are disposed in the forwarding plane of the first data center, each virtual switch corresponds to one or more virtual machines, and the ARP suppressor obtains in advance a virtual machine configuration information table sent by an SDN controller disposed in a control plane of the first data center, where an ARP request suppression method described below and an ARP request suppression system described above may be referred to in correspondence with each other.
Referring to fig. 3, the method may include the steps of:
s310: receiving an ARP request message sent by a first virtual switch, wherein the ARP request message is generated by the first virtual switch according to the received ARP request message of the first virtual machine;
s320: determining a second virtual machine to be accessed by the first virtual machine according to the ARP request message;
s330: inquiring a mapping table item of the second virtual machine in the virtual machine configuration information table, and generating an ARP response message;
s340: the ARP response message is sent to the first virtual switch to simulate the second virtual machine through the first virtual switch to forward the ARP response message to the first virtual machine.
By applying the method provided by the embodiment of the invention, the ARP inhibitor is deployed in the forwarding plane of the data center, the SDN controller is deployed in the control plane of the data center, the SDN controller obtains the virtual machine configuration information table and then sends the virtual machine configuration information table to the ARP inhibitor, when the ARP inhibitor receives an ARP request message sent by any virtual switch, the ARP inhibitor determines a second virtual machine to be accessed by a first virtual machine corresponding to the ARP request message, the mapping table item of the second virtual machine is queried in the virtual machine configuration information table, an ARP response message is generated, and the ARP response message is returned to the first virtual machine through the virtual switch, so that the first virtual machine obtains the MAC address of the second virtual machine and sends a message to the second virtual machine based on the MAC address. ARP request message and ARP response message are all completed on the forwarding plane of the data center, ARP request suppression can be effectively carried out, the message transmission does not need to pass through the channels of the forwarding plane and the control plane, congestion of the forwarding plane and the control plane channels can be avoided, response speed can be improved, and normal work of the VXLAN network is prevented from being influenced.
In one embodiment of the present invention, the method may further comprise the steps of:
and receiving virtual machine configuration information of other data centers sent by the SDN controller, and updating a virtual machine configuration information table stored by the SDN controller.
Corresponding to the above method embodiment, the embodiment of the present invention further provides an ARP request suppression device, which is applied to an ARP suppressor deployed in a forwarding plane of a first data center, where a plurality of virtual switches are further deployed in the forwarding plane of the first data center, each virtual switch corresponds to one or more virtual machines, and the ARP suppressor obtains in advance an SDN controller deployed in a control plane of the first data center; as shown in fig. 4, the apparatus includes:
a memory 410 for storing a computer program;
a processor 420 for implementing the steps of the ARP request suppression method described above when executing a computer program.
Corresponding to the above method embodiments, the present invention further provides a computer readable storage medium, on which a computer program is stored, which when executed by a processor implements the steps of the ARP request suppression method described above.
In this specification, each embodiment is described in a progressive manner, and each embodiment is mainly described in a different point from other embodiments, so that the same or similar parts between the embodiments are referred to each other.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative elements and steps are described above generally in terms of functionality in order to clearly illustrate the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. The software modules may be disposed in Random Access Memory (RAM), memory, read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The principles and embodiments of the present invention have been described herein with reference to specific examples, but the description of the examples above is only for aiding in understanding the technical solution of the present invention and its core ideas. It should be noted that it will be apparent to those skilled in the art that various modifications and adaptations of the invention can be made without departing from the principles of the invention and these modifications and adaptations are intended to be within the scope of the invention as defined in the following claims.
Claims (10)
1. An ARP request suppression system is characterized by comprising an ARP suppressor and a plurality of virtual switches, wherein the ARP suppressor is deployed in a forwarding plane of a first data center, and an SDN controller is deployed in a control plane of the first data center, and each virtual switch corresponds to one or more virtual machines respectively; wherein,,
the SDN controller is configured to send a virtual machine configuration information table to the ARP suppressor after obtaining the virtual machine configuration information table;
a first virtual switch of the plurality of virtual switches is configured to generate an ARP request message according to a received ARP request message of the first virtual machine; sending the ARP request message to the ARP suppressor; when an ARP response message returned by the ARP inhibitor is received, forwarding the ARP response message to the first virtual machine;
the ARP inhibitor is used for determining a second virtual machine to be accessed by the first virtual machine according to the received ARP request message; inquiring a mapping table item of the second virtual machine in the virtual machine configuration information table, and generating the ARP response message; and sending the ARP response message to the first virtual switch.
2. The system of claim 1, wherein the system further comprises a controller configured to control the controller,
and the first virtual switch is further used for updating a first configuration information table of the first virtual switch according to the ARP response message when receiving the ARP response message returned by the ARP inhibitor.
3. The system of claim 2, wherein the system further comprises a controller configured to control the controller,
and the first virtual switch is further configured to query whether a mapping table entry of the second virtual machine exists in the first configuration information table when receiving an ARP request message of the first virtual machine, and if not, execute the step of generating the ARP request message.
4. The system of claim 3, wherein the system further comprises a controller configured to control the controller,
the first virtual switch is further configured to generate an ARP reply message when it is determined that a mapping table entry of the second virtual machine exists in the first configuration information table, and return the ARP reply message to the first virtual machine.
5. The system of claim 1, further comprising at least one backup suppressor of the ARP suppressors, the ARP suppressor being synchronized with information in each of the backup suppressors;
the SDN controller is further configured to select one of the backup suppressors, take over the operation of the ARP suppressor and notify all virtual switches of the first data center when it is detected that the ARP suppressor fails.
6. The system of any one of claims 1 to 5, further comprising a virtual private device disposed in a control plane of the first data center, the first data center being connected to at least one second data center by the virtual private device, the first data center and each of the second data centers being identical in structure;
the SDN controller is further configured to obtain, by using the virtual dedicated device, virtual machine configuration information of each second data center, update the virtual machine configuration information table based on the obtained virtual machine configuration information, and send the updated virtual machine configuration information table to the ARP suppressor.
7. The ARP request suppression method is characterized by being applied to an ARP suppressor deployed in a forwarding plane of a first data center, wherein a plurality of virtual switches are also deployed in the forwarding plane of the first data center, each virtual switch corresponds to one or more virtual machines respectively, and the ARP suppressor obtains a virtual machine configuration information table sent by an SDN controller deployed in a control plane of the first data center in advance; the method comprises the following steps:
receiving an ARP request message sent by a first virtual switch, wherein the ARP request message is generated by the first virtual switch according to the received ARP request message of a first virtual machine;
determining a second virtual machine to be accessed by the first virtual machine according to the ARP request message;
inquiring a mapping table item of the second virtual machine in the virtual machine configuration information table, and generating an ARP response message;
and sending the ARP response message to the first virtual switch so as to simulate the second virtual machine through the first virtual switch to forward the ARP response message to the first virtual machine.
8. The method as recited in claim 7, further comprising:
and receiving virtual machine configuration information of other data centers sent by the SDN controller, and updating the virtual machine configuration information table stored by the SDN controller.
9. The ARP request suppression device is characterized by being applied to an ARP suppressor deployed in a forwarding plane of a first data center, wherein a plurality of virtual switches are also deployed in the forwarding plane of the first data center, each virtual switch corresponds to one or more virtual machines respectively, and the ARP suppressor obtains a virtual machine configuration information table sent by an SDN controller deployed in a control plane of the first data center in advance; comprising the following steps:
a memory for storing a computer program;
processor for implementing the steps of the ARP request suppression method according to any of claims 7 to 8 when executing said computer program.
10. A computer readable storage medium, characterized in that the computer readable storage medium has stored thereon a computer program which, when executed by a processor, implements the steps of the ARP request suppression method according to any of claims 7 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910425783.0A CN111988439B (en) | 2019-05-21 | 2019-05-21 | ARP request suppression system, method, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910425783.0A CN111988439B (en) | 2019-05-21 | 2019-05-21 | ARP request suppression system, method, equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111988439A CN111988439A (en) | 2020-11-24 |
| CN111988439B true CN111988439B (en) | 2023-07-14 |
Family
ID=73436229
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910425783.0A Active CN111988439B (en) | 2019-05-21 | 2019-05-21 | ARP request suppression system, method, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111988439B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113489812B (en) * | 2021-09-08 | 2021-11-12 | 军事科学院***工程研究院网络信息研究所 | IP address similarity-based address resolution protocol flooding range suppression method and device |
| CN114172762B (en) * | 2021-10-31 | 2024-04-26 | 广东浪潮智慧计算技术有限公司 | Communication method, device, system and readable storage medium |
| CN115632982A (en) * | 2022-10-21 | 2023-01-20 | 杭州云合智网技术有限公司 | Optimization method for controlling EVPN and DRNI environment resources based on SDN |
| CN116055398A (en) * | 2022-12-29 | 2023-05-02 | 天翼云科技有限公司 | Forwarding method and system node of VXLAN cluster system |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104022953A (en) * | 2013-02-28 | 2014-09-03 | 杭州华三通信技术有限公司 | Message forwarding method and device based on Open Flow |
| CN104541481A (en) * | 2013-08-20 | 2015-04-22 | 华为技术有限公司 | Method for processing user message and forwarding plane device |
| CN105635138A (en) * | 2015-12-28 | 2016-06-01 | 华为技术有限公司 | Method and apparatus for preventing ARP attacks |
| CN106789640A (en) * | 2016-11-10 | 2017-05-31 | 上海斐讯数据通信技术有限公司 | A kind of priority classification methods, devices and systems based on SDN |
| CN107800628A (en) * | 2016-09-07 | 2018-03-13 | 华为技术有限公司 | Data forwarding device and data forwarding method in software defined network |
| CN109257265A (en) * | 2018-08-10 | 2019-01-22 | 锐捷网络股份有限公司 | One kind floods suppressing method, VXLAN bridge, gateway and system |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2949093A4 (en) * | 2013-01-24 | 2016-08-10 | Hewlett Packard Entpr Dev Lp | Address resolution in software-defined networks |
| KR20150030099A (en) * | 2013-09-11 | 2015-03-19 | 한국전자통신연구원 | System and method for address resolution |
| US9876712B2 (en) * | 2014-09-05 | 2018-01-23 | Kt Corporation | Method and device for processing address resolution protocol in software-defined networking environment |
| CN107181681B (en) * | 2016-03-10 | 2022-02-25 | 中兴通讯股份有限公司 | SDN two-layer forwarding method and system |
| CN109039790A (en) * | 2018-10-24 | 2018-12-18 | 深信服科技股份有限公司 | A kind of inter-cluster communication method and relevant apparatus |
-
2019
- 2019-05-21 CN CN201910425783.0A patent/CN111988439B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104022953A (en) * | 2013-02-28 | 2014-09-03 | 杭州华三通信技术有限公司 | Message forwarding method and device based on Open Flow |
| CN104541481A (en) * | 2013-08-20 | 2015-04-22 | 华为技术有限公司 | Method for processing user message and forwarding plane device |
| CN105635138A (en) * | 2015-12-28 | 2016-06-01 | 华为技术有限公司 | Method and apparatus for preventing ARP attacks |
| CN107800628A (en) * | 2016-09-07 | 2018-03-13 | 华为技术有限公司 | Data forwarding device and data forwarding method in software defined network |
| CN106789640A (en) * | 2016-11-10 | 2017-05-31 | 上海斐讯数据通信技术有限公司 | A kind of priority classification methods, devices and systems based on SDN |
| CN109257265A (en) * | 2018-08-10 | 2019-01-22 | 锐捷网络股份有限公司 | One kind floods suppressing method, VXLAN bridge, gateway and system |
Non-Patent Citations (2)
| Title |
|---|
| 一种基于SDN的分布式ARP代理方法;魏亚清;王慧斌;田玮;田小燕;;光通信研究(06);全文 * |
| 基于VXLAN和SDN的云数据中心解决方案;李翔;;电子科学技术(05);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111988439A (en) | 2020-11-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111988439B (en) | ARP request suppression system, method, equipment and storage medium | |
| US10516590B2 (en) | External health checking of virtual private cloud network environments | |
| US11398921B2 (en) | SDN facilitated multicast in data center | |
| CN107070691B (en) | Cross-host communication method and system of Docker container | |
| KR101177203B1 (en) | Mapless global traffic load balancing via anycast | |
| CN109561033B (en) | Method and device for multicast replication in Overlay network | |
| US20170331641A1 (en) | Deployment Of Virtual Extensible Local Area Network | |
| US12015519B2 (en) | Data processing method and apparatus, and computer storage medium | |
| US20070165632A1 (en) | Method of providing a rendezvous point | |
| EP3069471B1 (en) | Optimized multicast routing in a clos-like network | |
| CN108964940B (en) | Message sending method and device and storage medium | |
| CN103814554A (en) | Communication method, device and system of virtual extensible local area network | |
| US11153269B2 (en) | On-node DHCP implementation for virtual machines | |
| CN103036702B (en) | A kind of N+1 backup method of cross-network segment and device | |
| US20220311705A1 (en) | Leveraging Multicast Listener Discovery for Discovering Hosts | |
| CN104301238A (en) | Message processing method, device and system | |
| CN101483571B (en) | RRPP configuring method, system and device | |
| JP5949035B2 (en) | Network device setting device, setting system, setting method and setting program | |
| CN106716870B (en) | Local packet switching at satellite device | |
| CN104160667A (en) | Method, Device, and System for Dual-Uplink Tangent Ring Convergence | |
| CN101404594B (en) | Hot backup performance test method and apparatus, communication equipment | |
| US10484281B1 (en) | Router operating methods and apparatus using virtual VPN instances for hosts of remote extranet VPNs | |
| CN110995483A (en) | Network topology discovery method and device | |
| Shpiner et al. | SAL: Scaling data centers using smart address learning | |
| CN107733677B (en) | Alarm generation method and device for overlay network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |