CN114070790B - Information forwarding method, PE, system, equipment and medium in VPLS equipment - Google Patents
Information forwarding method, PE, system, equipment and medium in VPLS equipment Download PDFInfo
- Publication number
- CN114070790B CN114070790B CN202111347960.1A CN202111347960A CN114070790B CN 114070790 B CN114070790 B CN 114070790B CN 202111347960 A CN202111347960 A CN 202111347960A CN 114070790 B CN114070790 B CN 114070790B
- Authority
- CN
- China
- Prior art keywords
- arp
- information
- address
- vpls
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
- H04L45/745—Address table lookup; Address filtering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/10—Mapping addresses of different types
- H04L61/103—Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Abstract
The disclosure provides a forwarding method, a PE, a system, an electronic device, and a computer readable storage medium for information in a VPLS device, so as to solve the technical problems of loss caused by excessive ARP flooding messages on a network bandwidth and risk brought to the network, where the method includes: after receiving the ARP information, the PE analyzes the ARP information; if the analysis result is that the ARP information is an ARP request sent by a downlink PC, searching whether a table entry corresponding to a target IP address of the ARP request exists in an ARP information database of a local VPLS; if yes, directly replacing the destination end corresponding to the ARP request to reply the ARP request; and unicast-transmitting the ARP request information to corresponding destination terminal equipment. According to the technical scheme, ARP flooding conditions in the network can be greatly reduced, so that the flexibility of network forwarding is improved, the waste of bandwidth is reduced, and the network security is improved.
Description
Technical Field
The disclosure relates to the technical field of communication, and in particular relates to a forwarding method of information in a VPLS device, a PE, a forwarding system of information in the VPLS device, an electronic device and a computer readable storage medium.
Background
VPLS (Virtual Private LAN Service) is a virtual private local area network technology, which is a point-to-multipoint L2VPN (L2 Virtual Private Network, two-layer virtual private network) technology, so that different subscriber sites can be interconnected by VPLS, and the different subscriber sites can look similar to being connected through a switch. And establishing a Pseudo Wire (PW) of a full mesh (full mesh) between different user sites of the VPLS instance among the network edge devices, and enabling the network edge devices to establish a Media Access Control (MAC) address forwarding table through a dynamic MAC address (Media Access Control Address) learning function by user messages, and simultaneously associating a destination MAC address with the PW.
The forwarding principle of the VPLS device is that the edge device connected with the client binds the learned client MAC information with the PW or AC (Attachment Circuit, access circuit) interface, thus macroscopically forming a MAC address forwarding table, and after the client data packet arrives at the VPLS device, the destination MAC address of the client data packet is queried, so that the corresponding interface is sent according to the learned MAC address forwarding table. However, for some situations, as shown in fig. 1, in general, PC1 (Personal Computer, personal computer, i.e. client side terminal device)/PC 4/PC5 under PE1 needs to perform a mutual access with PC3 under PE3, and three complete ARP (Address Resolution Protocol ) messages need to be sent to obtain the MAC address of PC3, which will cause a certain loss of network bandwidth in this scenario, because PE1 device needs to flood ARP messages to all VPLS egress devices three times. Further, if an attack device exists on the AC side of PE1, a risk may be brought to the network by mass-manufacturing fake ARP request messages.
Disclosure of Invention
In order to at least solve the technical problems of excessive ARP flooding messages in the prior art that the loss is caused to the network bandwidth and the risk is brought to the network, the disclosure provides a forwarding method of information in VPLS equipment, a PE, a forwarding system of information in VPLS equipment, an electronic device and a computer readable storage medium, which can greatly reduce ARP flooding conditions in the network, thereby improving the flexibility of network forwarding, reducing the waste of bandwidth and improving the network security.
In a first aspect, the present disclosure provides a method for forwarding information in a VPLS device, applied to a network side edge device PE, where the method includes:
after receiving address resolution protocol ARP information, resolving the ARP information;
if the analysis result is that the ARP information is an ARP request sent by a downlink client side terminal device PC, searching whether a table entry corresponding to a target IP address of the ARP request exists in an ARP information database of a local VPLS;
if yes, directly replacing the destination end corresponding to the ARP request to reply the ARP request; the method comprises the steps of,
and unicast-transmitting the ARP request information to corresponding destination terminal equipment.
Further, the method further comprises:
if the analysis result is that the ARP information is ARP response, searching whether an ARP table entry corresponding to a source address of the ARP response exists in an ARP information database of the local VPLS;
if not, recording the ARP information of the source end of the ARP response in an ARP information database, and normally carrying out the ARP response;
if so, discarding the ARP response message.
Further, the method further comprises:
if the search result is that the table entry corresponding to the destination IP address of the ARP request does not exist in the ARP information database of the local VPLS, the network flooding ARP request information is normally carried out.
Further, after the table entry corresponding to the destination IP address of the ARP request exists in the ARP information database of the local VPLS according to the search result, the method further includes:
further searching whether a table entry corresponding to a source address of the ARP request exists in an ARP information database of the local VPLS;
if not, recording the ARP information of the source end corresponding to the ARP request in an ARP information database.
Further, the reply ARP request directly replacing the destination terminal corresponding to the ARP request includes:
filling a source media access control address (MAC) address of replying ARP request information as an MAC address of a destination end corresponding to the ARP request, filling a source IP address as an IP address of the destination end corresponding to the ARP request, filling a destination MAC address as an MAC address of the source end of the ARP request, and filling a destination IP address as an IP address of the source end of the ARP request.
In a second aspect, the present disclosure provides a network side edge device PE, including:
the analyzing module is used for analyzing the ARP information after receiving the ARP information;
the searching module is configured to search whether a table entry corresponding to a destination IP address of the ARP request exists in an ARP information database of the local VPLS if the ARP information is the ARP request sent by the downstream client device as a result of resolution by the resolving module;
the reply module is configured to directly replace a destination terminal corresponding to the ARP request to reply the ARP request if the search result of the search module is that a table entry corresponding to the destination IP address of the ARP request exists in an ARP information database of a local VPLS;
and the sending module is used for unicast sending the ARP request information to the corresponding destination terminal equipment.
Further, the PE further comprises a recording module;
the searching module is further configured to search whether an ARP entry corresponding to a source address of the ARP reply exists in an ARP information database of the local VPLS if the resolution result of the resolving module is that the ARP information is the ARP reply;
the recording module is configured to record the source end ARP information in the ARP information database if the searching result of the searching module is that there is no ARP entry corresponding to the source address of the ARP reply in the ARP information database of the local VPLS, and enable the PE to normally perform ARP reply;
the sending module is further configured to discard the ARP reply message if the searching result of the searching module is that an ARP table entry corresponding to the source address of the ARP reply exists in the ARP information database of the local VPLS.
In a third aspect, the present disclosure provides a forwarding system for information in a VPLS device, including: a client side terminal device PC, a client side switch CE, and a network side edge device PE as described in any of the above.
In a fourth aspect, the present disclosure provides an electronic device comprising a memory and a processor, the memory having stored therein a computer program, which when executed by the processor performs a method of forwarding information in a VPLS device according to any one of the first aspects.
In a fifth aspect, the present disclosure provides a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements a method for forwarding information in a VPLS device according to any one of the first aspects.
The beneficial effects are that:
the method for forwarding information in the VPLS equipment, the PE, the system for forwarding information in the VPLS equipment, the electronic equipment and the computer readable storage medium provided by the disclosure, and after the PE receives ARP information, the ARP information is judged; if the ARP information is an ARP request sent by a downlink client side terminal device PC, searching whether a table entry corresponding to a destination IP address of the ARP request exists in an ARP information database of a local VPLS; if yes, directly replacing the destination end corresponding to the ARP request to reply the ARP request; and unicast-transmitting the ARP request message to the corresponding destination equipment. According to the technical scheme, the subsequent ARP inquiry message can be replaced and replied according to the ARP table items stored and recorded on the VPLS equipment. For the problem that a large number of client devices possibly exist in the network to request the same server MAC address and the problem that attack devices possibly exist carry out network attack by sending a large number of ARP requests, the network forwarding flexibility is improved, so that ARP bandwidth consumption on an operator network is avoided, bandwidth waste is reduced, and network security is improved.
Drawings
Fig. 1 is a diagram of an example of MAC learning of a VPLS provided by the present disclosure;
fig. 2 is a flow chart of a method for forwarding information in VPLS device according to a first embodiment of the present disclosure;
fig. 3 is a flow chart of a method for forwarding information in VPLS device according to a second embodiment of the present disclosure;
fig. 4 is a schematic logic topology diagram of each component in an information method in a VPLS device according to a third embodiment of the present disclosure;
fig. 5 is a schematic diagram of a PE according to a fourth embodiment of the present disclosure;
fig. 6 is a architecture diagram of a forwarding system for information in VPLS devices provided in a fifth embodiment of the present disclosure;
fig. 7 is a schematic diagram of an electronic device according to a sixth embodiment of the disclosure.
Detailed Description
In order that those skilled in the art will better understand the technical solutions of the present disclosure, the present disclosure will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments and figures described herein are merely illustrative of the invention, and are not limiting of the invention.
It should be noted that the terms "first," "second," and the like in the description and claims of the present disclosure and the above-described figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order; moreover, embodiments of the present disclosure and features of embodiments may be arbitrarily combined with each other without conflict.
Wherein the terminology used in the embodiments of the disclosure is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. As used in this disclosure and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
In the following description, suffixes such as "module", "component", or "unit" for representing elements are used only for facilitating the description of the present disclosure, and are not of specific significance per se. Thus, "module," "component," or "unit" may be used in combination.
In the forwarding process of the VPLS device, the edge device connected with the client macroscopically forms a MAC address forwarding table by learning the MAC address, and sends corresponding interfaces according to the learned MAC address forwarding table.
Taking fig. 1 as an example, the MAC address learning process is as follows:
1) PE1 receives ARP broadcast message from PC1 from port AC1 of CE (Customer Edge equipment) 1, PE1 adds MAC address of PC1 into own MAC table item;
2) PE1 broadcasts the ARP message to other ports (PW 1 and PW2 can be considered ports at this time);
3) PE2 receives the ARP message of PC1 from PW1, adds the MAC address of PC1 into own MAC list item;
4) PE2 only forwards the ARP message to the port connected with CE2, but not to PW, so the ARP is only sent to PC2; (VPLS horizontal division)
5) The PC2 receives the ARP message of the PC1 forwarded by the PE2, and sends an ARP Reply message to the PC1 when finding that the destination address is the destination address;
6) PE2 receives ARP response message from Port2 Port from PC2 to PC1, PE2 adds MAC address of PC2 to own MAC list item; the destination MAC of the ARP Reply message is PC1 (MAC A), PE2 inquires the own MAC table and then sends the ARP Reply message to PW 1;
7) PE1 receives the ARP Reply message of PC2 from PE2, adds the MAC address of PC2 to the own list item, searches the MAC list, and forwards the ARP Reply message to PC1;
8) The PC1 receives the ARP Reply message of the PC2 and finishes the learning of the MAC address;
9) PE1 broadcasts the ARP message to PW1, PE1 also sends the ARP message to PE3 through PW2, PE3 receives the ARP broadcast message from PE1, adds the MAC address of PC1 to its own MAC list item, PE3 only sends the ARP message to PC3 according to the characteristic of horizontal division, because PC3 is not the destination address of the ARP, PC3 does not respond to ARP Reply message.
In fig. 1, if PC1/PC4/PC5 needs to perform a mutual access with PC3, three ARP messages need to be sent to obtain the MAC address of PC3, which causes a certain loss of network bandwidth, because the PE1 device needs to flood all VPLS egress devices with three ARP messages. Further, if an attack device exists on the AC side of the PE1, a risk may be brought to the network by mass-manufacturing fake ARP request messages.
The following describes the technical solutions of the present disclosure and how the technical solutions of the present disclosure solve the above-mentioned problems in detail with specific embodiments. The following embodiments may be combined with each other, and the same or similar concepts or processes may not be described in detail in some embodiments.
Fig. 1 is a flow chart of a method for forwarding information in VPLS device provided in a first embodiment of the present disclosure, which is applied to a network side edge device PE, as shown in fig. 1, and the method includes:
step S101: after receiving address resolution protocol ARP information, resolving the ARP information;
step S102: if the analysis result is that the ARP information is an ARP request sent by a downlink client side terminal device PC, searching whether a table entry corresponding to a target IP address of the ARP request exists in an ARP information database of a local VPLS;
step S103: if yes, directly replacing the destination end corresponding to the ARP request to reply the ARP request; the method comprises the steps of,
step S104: and unicast-transmitting the ARP request information to corresponding destination terminal equipment.
In this embodiment, by designing an ARP information database corresponding to a VPLS instance, the database structure is shown in table 1 below, and is composed of an instance number, an IP address, an aging time, an MAC address, and an interface name.
Table 1: ARP information database examples of VPLS instances
| Example number | IP address | Aging time | MAC address | Interface name |
| 0001 | 1.2.0.1 | 298 | CA00.38D0.001C | Gi 1/0 |
| 0001 | 1.2.0.2 | 299 | CA01.38D0.001C | PW2 |
| 0002 | 1.2.0.1 | 140 | CA29.3320.11C0 | PW1 |
The instance number indicates to which instance the ARP entry belongs, and because there may be a problem that the IP address and the MAC address are repeated between different instances, whether the table lookup process or the recording process should be guaranteed to be performed under the corresponding instance. The IP address represents 32-bit IP address information. The aging time indicates how long the entry remains from the record to the time it was cleared. The MAC address represents 48-bit MAC address information. The interface name indicates from which interface the ARP table entry is learned, and the interface type may be a hardware interface or a PW interface.
After receiving the ARP information, the PE determines the type of the ARP packet, and determines whether it is an ARP request (ARP REQ) or an ARP reply (ARP REP). If the ARP request data packet is judged and the ARP request is sent by the downlink client side terminal equipment PC, searching is carried out according to the destination address of the ARP request, and searching is carried out in the VPLS instance corresponding to the ARP request according to the destination IP address of the ARP request. If the address information database of the local VPLS has a corresponding table entry, the address information of the destination is returned to the request end A by directly replacing the reply ARP request of the destination end corresponding to the ARP request (taking the ARP request end as A and the destination end as B for example) instead of the reply ARP request of the B, namely: completely impersonating B replies and B does not have to know that the intermediate VPLS device has been substituted for the reply. The ARP request message is unicast-sent to the corresponding destination equipment, such as the opposite end PE equipment, the opposite end PE equipment sends the ARP request to the destination end PC, the destination end PC records ARP information, and an ARP response is returned.
According to the embodiment, the ARP flooding condition in the network is greatly reduced by setting the ARP information database corresponding to the VPLS instance and the processing process aiming at the ARP data packet in the equipment, so that the flexibility of network forwarding is greatly improved, the waste of bandwidth is reduced, and the network security is improved.
Further, the method further comprises:
if the analysis result is that the ARP information is ARP response, searching whether an ARP table entry corresponding to a source address of the ARP response exists in an ARP information database of the local VPLS;
if not, recording the ARP information of the source end of the ARP response in an ARP information database, and normally carrying out the ARP response;
if so, discarding the ARP response message.
If the PE judges that the ARP response data packet exists in the corresponding instance of the ARP response, further inquiring whether the ARP table entry corresponding to the source address of the ARP response exists in the corresponding instance of the local ARP information database, if no corresponding table entry exists in the ARP information database of the local VPLS, recording the ARP information of the source end in the ARP information database, transmitting the ARP response data packet to the opposite-end PE by the PE, discarding the ARP response data packet if the opposite-end PE replaces the response, and normally transmitting the ARP response data packet to the PC end initiating the ARP request if the opposite-end does not replace the response.
If the ARP information database of the local VPLS has a corresponding table entry, the ARP response message is replaced by the device before the ARP response message (the ARP REP is directly sent to the opposite end PE for replying after receiving the ARP REQ sent by the opposite end PE in a unicast way), and the opposite end PE is discarded after receiving the ARP REP), and the received response message is discarded.
Further, the method further comprises:
if the search result is that the table entry corresponding to the destination IP address of the ARP request does not exist in the ARP information database of the local VPLS, the network flooding ARP request information is normally carried out.
If the corresponding table entry of the destination IP address does not exist, the table entry indicates that the MAC address learning is not performed or is expired, and the MAC address learning is required to be performed according to the normal flow.
Further, after the table entry corresponding to the destination IP address of the ARP request exists in the ARP information database of the local VPLS according to the search result, the method further includes:
further searching whether a table entry corresponding to a source address of the ARP request exists in an ARP information database of the local VPLS;
if not, recording the ARP information of the source end corresponding to the ARP request in an ARP information database.
When a plurality of PC ends are arranged under the PE and the opposite end PCs of the same other PE are required to be accessed, if one PC end has sent an ARP request and is responded, a table entry corresponding to the destination IP address of the ARP request exists in an ARP information database of the local VPLS of the PE, and when other PC ends send the ARP request, the PE can directly replace the opposite end PCs of other PE to respond and store the ARP information of other PC ends in the ARP information database. Naturally, if the ARP information database of the local VPLS does not have an entry corresponding to the destination IP address of the ARP request, the PE will normally record the source ARP information corresponding to the ARP request in the ARP information database.
Further, the reply ARP request directly replacing the destination terminal corresponding to the ARP request includes:
filling a source media access control address (MAC) address of replying ARP request information as an MAC address of a destination end corresponding to the ARP request, filling a source IP address as an IP address of the destination end corresponding to the ARP request, filling a destination MAC address as an MAC address of the source end of the ARP request, and filling a destination IP address as an IP address of the source end of the ARP request.
Taking an ARP request end as A and a destination end as B as an example, the contents of the ARP response data packet which replaces the response are filled in as follows: the source MAC address of the data packet fills in the B-MAC, the destination MAC address fills in the A-MAC, namely, sender MAC fills in the B-MAC, sender IP fills in the B-IP, target MAC fills in the A-MAC, and Target IP fills in the A-IP.
After receiving the data packet, the embodiment judges whether the data packet is an ARP data packet (including ARP request and ARP response) or not according to the data packet received by the receiving module, if the data packet is the ARP data packet, the data packet is subjected to subsequent ARP processing, otherwise, the data packet enters a normal forwarding flow. The ARP processing mainly comprises the following steps: when an ARP request is received, inquiring whether an ARP data information database corresponding to the local VPLS instance has an ARP table item required by the ARP request, if so, unicasting the ARP request to a corresponding destination end, directly replying an ARP response message to inform an MAC address corresponding to the IP address of an ARP source end, otherwise, normally carrying out online flooding on the ARP request, and simultaneously, recording the mapping relation between the IP address and the MAC address of the ARP source end in the ARP data information database corresponding to the VPLS instance; when receiving ARP response packet, inquiring whether the local ARP data information database corresponding to the VPLS instance has source address information list item contained in the ARP response, if so, losing the response packet, otherwise, synchronizing the ARP list item in the ARP data information database corresponding to the VPLS instance for recording.
The embodiment of the disclosure can replace and reply the subsequent ARP inquiry message according to the ARP table items stored and recorded on the VPLS equipment. For the problem that a large number of client devices possibly exist in the network to request the same server MAC address and the problem that attack devices possibly exist carry out network attack by sending a large number of ARP requests, the network forwarding flexibility is improved, so that ARP bandwidth consumption on an operator network is avoided, bandwidth waste is reduced, and network security is improved.
In order to more clearly describe the technical solution of the present disclosure, as shown in fig. 3, a flow diagram of a method for forwarding information in VPLS devices is provided in the second embodiment. The processing method of the device when receiving the VPLS message and judging as an ARP data packet is described, and the processing method comprises the following steps:
step 1: the flow starts;
step 2: judging the ARP data packet to judge whether the ARP data packet is an ARP request (ARP REQ) or an ARP response (ARP REP);
step 3: if the ARP request data packet is judged, searching a destination address of the ARP request, and searching according to the IP address in a VPLS instance corresponding to the ARP request;
step 4: if no corresponding table entry exists in the ARP information database of the local VPLS, the network flooding ARP request information is normally carried out;
step 5: if the Address Resolution Protocol (ARP) information database of the local VPLS has a corresponding table entry, the Address Resolution Protocol (ARP) request is directly replaced by a destination end corresponding to the ARP request, and the content of the ARP response data packet is filled in the following manner (the ARP request end is taken as A, and the destination end is taken as B for example): the source MAC address of the data packet fills in the B-MAC, the destination MAC address fills in the A-MAC, the Sender MAC fills in the B-MAC, the Sender IP fills in the B-IP, the Target MAC fills in the A-MAC, and the Target IP fills in the A-IP. Namely: completely impersonating B replies and B does not have to know that the intermediate VPLS device has been substituted for the reply; and performing step 8;
step 6: further judging whether the source address of the ARP request has a corresponding table entry in the corresponding VPLS instance;
step 7: if no corresponding table entry exists in the ARP information database of the local VPLS, recording the source ARP information in the ARP information database;
step 8: unicast transmitting the ARP request message or ARP response message to the corresponding destination equipment;
step 9: if the ARP response data packet is judged, further inquiring whether an ARP table entry corresponding to the source address exists in a corresponding instance in the local ARP information database;
step 10: if no corresponding table entry exists in the ARP information database of the local VPLS, recording the source ARP information in the ARP information database; and performing step 8;
step 11: if the ARP information database of the local VPLS has a corresponding table entry, the ARP response message is indicated to be replied by the equipment before, and the received response message is discarded;
step 12: the flow ends.
In order to more specifically explain the technical solution of the present disclosure, as shown in fig. 4, a third embodiment of the present disclosure provides a method for forwarding information in a VPLS device, where it is assumed that a logical topology shown in fig. 4 is formed by three routers PE1, PE2, and PE3 supporting VPLS, CE1 to CE5 are client switches, and PC1 to PC5 are client host devices; the network side equipment PE 1-PE 3 establishes 2 VPLS examples (shown in table 1) for providing a data path between the client sides PC 1-PC 5; example 0001 guarantees the data path between PC1/PC4/PC5/PC3, and example 0002 guarantees the data path between PC2 and other hosts.
The PC1 is to send a data packet to the PC3, inquires that no corresponding MAC address exists, and acquires the MAC of the PC3 by sending an ARP REQ; the PE1 receives the ARP REQ, records that the MAC and the IP of the PC1 enter an ARP information database, and floods the ARP REQ; the PE2/PE3 receives the ARP REQ and then floods the ARP REQ, and records ARP information of the PC1; after receiving the ARP REQ, the PC3 records an ARP table entry and performs ARP REP; after receiving the ARP REP, PE3 records ARP information of PC3 and sends the ARP REP to PE1 through PW 2; after receiving the ARP REP, the PE1 records ARP information of the PC3 and sends the ARP REP to the PC1, and the PC1 records the ARP information and starts data transmission;
the PC4 is to send a data packet to the PC3, inquires that no corresponding MAC address exists, and acquires the MAC of the PC3 by sending an ARP REQ; PE1 receives the ARP REQ, inquires that the corresponding MAC address of PC3 is available, directly replies ARP REP to PC4, records ARP information of PC4, and sends the ARP REQ in a unicast mode at PW 2; PE3 receives the ARP REQ, sends ARP REP to PE1 (PE 1 discards after receiving), records ARP information of PC4, and sends ARP REQ to PC3; the PC3 records ARP information of the PC4 and replies ARP REP; PE3 receives ARP REP sent by PC3 and discards it.
The PC3 is used for sending a data packet to the PC5, inquiring that no corresponding MAC address exists, and acquiring the MAC of the PC5 by sending an ARP REQ; PE3 receives the ARP REQ, inquires that no MAC address corresponding to PC5 exists, and floods; PE2 receives backward AC port flooding; PE1 receives backward AC port flooding; the PC5 receives the ARP REQ, records ARP information of the PC3 and replies ARP REP; after receiving the ARP REP, PE1 records the MAC of PC5 and unicast to PE3; PE3 records the MAC of PC5 after receiving, and sends the ARP REP to PC3; the PC3 records the ARP of the PC5 and starts data transmission.
Fig. 5 is a schematic diagram of a network side edge device PE according to a fourth embodiment of the present disclosure, including:
a parsing module 11 configured to parse ARP information after receiving the ARP information;
the searching module 12 is configured to search whether a table entry corresponding to a destination IP address of the ARP request exists in an ARP information database of the local VPLS if the ARP information is the ARP request sent by the downstream client device as a result of resolution by the resolving module;
a reply module 13, configured to reply to an ARP request directly instead of a destination terminal corresponding to the ARP request if the result of the search by the search module is that a table entry corresponding to the destination IP address of the ARP request exists in an ARP information database of a local VPLS;
and the sending module 14 is configured to unicast and send the ARP request information to a corresponding destination terminal device.
Further, the PE further includes a recording module 15;
the searching module 12 is further configured to search whether an ARP entry corresponding to a source address of the ARP reply exists in an ARP information database of the local VPLS if the resolution result of the resolving module 11 is that the ARP information is the ARP reply;
the recording module 15 is configured to record the source ARP information in the ARP information database if the searching result of the searching module 12 is that there is no ARP entry corresponding to the source address of the ARP reply in the ARP information database of the local VPLS, and enable the PE to perform ARP reply normally;
the sending module 14 is further configured to discard the ARP reply message if the lookup result of the lookup module 12 is that an ARP entry corresponding to the source address of the ARP reply exists in the ARP information database of the local VPLS.
Further, the reply module is further configured to perform the network flooding ARP request message normally if the result of the search by the search module 12 is that no entry corresponding to the destination IP address of the ARP request exists in the ARP information database of the local VPLS.
Further, the searching module 12 is further configured to further search whether an entry corresponding to the source address of the ARP request is already in the ARP information database of the local VPLS after the searching result is that the entry corresponding to the destination IP address of the ARP request is in the ARP information database of the local VPLS;
the recording module 15 is further configured to record the ARP information of the source end corresponding to the ARP request in the ARP information database if the lookup module 12 finds that the ARP information database corresponding to the VPLS does not have a corresponding entry.
Further, the reply module 13 is specifically configured to:
filling in a source MAC address of reply ARP request information as an MAC address of a destination end of the ARP request, filling in a source IP address as an IP address of the destination end corresponding to the ARP request, filling in a destination MAC address as an MAC address of the source end corresponding to the ARP request, and filling in a destination IP address as an IP address of the source end of the ARP request.
Fig. 6 is a schematic diagram of an information forwarding system in a VPLS device according to a fifth embodiment of the present disclosure, where the system includes: a client side terminal device PC3, a client side switch CE2, and a network side edge device PE1 as described in any of the above.
The forwarding system of information in a PE and a VPLS device in the embodiments of the present disclosure is used to implement the forwarding method of information in a VPLS device in the first embodiment to the third embodiment of the method, so that the description is simpler, and specific reference may be made to the related description in the first embodiment to the third embodiment of the foregoing method, which is not repeated here.
In addition, as shown in fig. 7, a sixth embodiment of the present disclosure further provides an electronic device, including a memory 10 and a processor 20, where the memory 10 stores a computer program, and when the processor 20 runs the computer program stored in the memory 10, the processor 20 executes the above possible methods.
The memory 10 is connected to the processor 20, the memory 10 may be a flash memory, a read-only memory, or other memories, and the processor 20 may be a central processing unit or a single chip microcomputer.
Furthermore, embodiments of the present disclosure also provide a computer-readable storage medium having stored thereon a computer program that is executed by a processor to perform the various possible methods described above.
Computer-readable storage media include volatile or nonvolatile, removable or non-removable media implemented in any method or technology for storage of information such as computer-readable instructions, data structures, computer program modules or other data. Computer-readable storage media includes, but is not limited to, RAM (Random Access Memory ), ROM (Read-Only Memory), EEPROM (Electrically Erasable Programmable Read Only Memory, charged erasable programmable Read-Only Memory), flash Memory or other Memory technology, CD-ROM (Compact Disc Read-Only Memory), digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by a computer.
It is to be understood that the above embodiments are merely exemplary embodiments employed to illustrate the principles of the present disclosure, however, the present disclosure is not limited thereto. Various modifications and improvements may be made by those skilled in the art without departing from the spirit and substance of the disclosure, and are also considered to be within the scope of the disclosure.
Claims (8)
1. The method for forwarding information in a virtual private local area network (VPLS) device is characterized by being applied to a local network side edge device (PE), and comprises the following steps:
after receiving address resolution protocol ARP information, resolving the ARP information;
if the analysis result is that the ARP information is an ARP request sent by a downlink client side terminal device PC, searching whether a table entry corresponding to a target IP address of the ARP request exists in an ARP information database of a local VPLS;
if yes, directly replacing the destination end corresponding to the ARP request to reply the ARP request; the method comprises the steps of,
unicast sending the ARP request information to corresponding destination terminal equipment through the opposite terminal PE, so that the destination terminal equipment records the ARP request and returns an ARP response to the local terminal PE through the opposite terminal PE;
receiving an ARP response sent by an opposite terminal PE, and searching whether an ARP table entry corresponding to a source address of the ARP response exists in an ARP information database of a local VPLS;
if not, recording the ARP information of the source end of the ARP response in an ARP information database, normally carrying out ARP response, and sending an ARP response data packet to the source end equipment initiating the ARP request;
if yes, the ARP response message is discarded, which indicates that the ARP response has been replaced by the local PE.
2. The method according to claim 1, wherein the method further comprises:
if the search result is that the table entry corresponding to the destination IP address of the ARP request does not exist in the ARP information database of the local VPLS, the network flooding ARP request information is normally carried out.
3. The method of claim 1, further comprising, after the table entry corresponding to the destination IP address of the ARP request is present in the ARP information database of the local VPLS as a result of the lookup:
further searching whether a table entry corresponding to a source address of the ARP request exists in an ARP information database of the local VPLS;
if not, recording the ARP information of the source end corresponding to the ARP request in an ARP information database.
4. A method according to claim 1 or 3, wherein replying to an ARP request directly in place of the destination corresponding to the ARP request comprises:
filling a source media access control address (MAC) address of replying ARP request information as an MAC address of a destination end corresponding to the ARP request, filling a source IP address as an IP address of the destination end corresponding to the ARP request, filling a destination MAC address as an MAC address of the source end of the ARP request, and filling a destination IP address as an IP address of the source end of the ARP request.
5. A network side edge device PE, comprising:
the analyzing module is used for analyzing the ARP information after receiving the ARP information;
the searching module is configured to search whether a table entry corresponding to a destination IP address of the ARP request exists in an ARP information database of the local VPLS if the ARP information is the ARP request sent by the downstream client device as a result of resolution by the resolving module;
the reply module is configured to directly replace a destination terminal corresponding to the ARP request to reply the ARP request if the search result of the search module is that a table entry corresponding to the destination IP address of the ARP request exists in an ARP information database of a local VPLS;
the sending module is arranged to unicast the ARP request information to corresponding destination terminal equipment through the opposite terminal PE, so that the destination terminal equipment records the ARP request and returns an ARP response to the local terminal PE through the opposite terminal PE;
the searching module is also arranged to receive an ARP response sent by the opposite end PE and search whether an ARP table entry corresponding to a source address of the ARP response exists in an ARP information database of the local VPLS;
the recording module is configured to record source end ARP information in an ARP information database if the searching result of the searching module is that an ARP table item corresponding to a source address of the ARP response does not exist in the ARP information database of the local VPLS, enable PE to normally perform ARP response, and send an ARP response data packet to source end equipment initiating an ARP request;
the sending module is further configured to, if the search result of the search module is that an ARP table entry corresponding to the source address of the ARP reply exists in the ARP information database of the local VPLS, indicate that the ARP reply has been replaced by the local-end PE before, and discard the ARP reply message.
6. A system for forwarding information in a VPLS device, comprising: client side terminal device PC, client side switch CE, network side edge device PE as claimed in claim 5.
7. An electronic device comprising a memory and a processor, wherein the memory has stored therein a computer program, which when executed by the processor performs the method of forwarding information in a VPLS device according to any one of claims 1-4.
8. A computer readable storage medium, characterized in that the computer readable storage medium has stored thereon a computer program which, when executed by a processor, implements a method of forwarding information in a VPLS device according to any one of claims 1-4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111347960.1A CN114070790B (en) | 2021-11-15 | 2021-11-15 | Information forwarding method, PE, system, equipment and medium in VPLS equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111347960.1A CN114070790B (en) | 2021-11-15 | 2021-11-15 | Information forwarding method, PE, system, equipment and medium in VPLS equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114070790A CN114070790A (en) | 2022-02-18 |
| CN114070790B true CN114070790B (en) | 2023-09-26 |
Family
ID=80272485
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111347960.1A Active CN114070790B (en) | 2021-11-15 | 2021-11-15 | Information forwarding method, PE, system, equipment and medium in VPLS equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114070790B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2007062592A1 (en) * | 2005-12-01 | 2007-06-07 | Huawei Technologies Co., Ltd. | A system, a method, and a router device of layer 2 virtual private network for interconnecting point/multi-points and multi-points |
| CN101521631A (en) * | 2009-04-14 | 2009-09-02 | 华为技术有限公司 | Treatment method, equipment and system for VPLS network messages |
| CN102857435A (en) * | 2012-09-27 | 2013-01-02 | 杭州华三通信技术有限公司 | Method and device for forwarding three-layer data flow in data center site |
| CN105791457A (en) * | 2016-02-26 | 2016-07-20 | 杭州华三通信技术有限公司 | Data processing method and apparatus |
| CN106231002A (en) * | 2016-07-22 | 2016-12-14 | 杭州华三通信技术有限公司 | A kind of method and device safeguarding ARP table |
| CN108234522A (en) * | 2018-03-01 | 2018-06-29 | 深圳市共进电子股份有限公司 | Prevent Address Resolution Protocol ARP attack method, device, computer equipment and storage medium |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7948993B2 (en) * | 2009-04-24 | 2011-05-24 | Telefonaktiebolaget L M Ericsson (Publ) | Address resolution optimization procedure to effect a gradual cutover from a provider bridge network to a VPLS or provider backbone bridging network |
| CN103227757B (en) * | 2012-08-31 | 2016-12-28 | 杭州华三通信技术有限公司 | A kind of message forwarding method and equipment |
| US10659283B2 (en) * | 2016-07-08 | 2020-05-19 | Cisco Technology, Inc. | Reducing ARP/ND flooding in cloud environment |
-
2021
- 2021-11-15 CN CN202111347960.1A patent/CN114070790B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2007062592A1 (en) * | 2005-12-01 | 2007-06-07 | Huawei Technologies Co., Ltd. | A system, a method, and a router device of layer 2 virtual private network for interconnecting point/multi-points and multi-points |
| CN101521631A (en) * | 2009-04-14 | 2009-09-02 | 华为技术有限公司 | Treatment method, equipment and system for VPLS network messages |
| CN102857435A (en) * | 2012-09-27 | 2013-01-02 | 杭州华三通信技术有限公司 | Method and device for forwarding three-layer data flow in data center site |
| CN105791457A (en) * | 2016-02-26 | 2016-07-20 | 杭州华三通信技术有限公司 | Data processing method and apparatus |
| CN106231002A (en) * | 2016-07-22 | 2016-12-14 | 杭州华三通信技术有限公司 | A kind of method and device safeguarding ARP table |
| CN108234522A (en) * | 2018-03-01 | 2018-06-29 | 深圳市共进电子股份有限公司 | Prevent Address Resolution Protocol ARP attack method, device, computer equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114070790A (en) | 2022-02-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8589582B2 (en) | Broadband network access | |
| US6853639B1 (en) | Information relay device and method with multicast protocol conversion function and information network system using the same | |
| US6532217B1 (en) | System for automatically determining a network address | |
| US5600644A (en) | Method and apparatus for interconnecting LANs | |
| US7496685B2 (en) | Method and system for managing a device within a private network using a management device external to the private network | |
| US8189580B2 (en) | Method for blocking host in IPv6 network | |
| US20020052972A1 (en) | Communication method among a plurality of virtual LANs in an IP subnet | |
| KR100811890B1 (en) | Anycast routing method and apparatus for supporting service flow in internet system | |
| CN107317752B (en) | Method and device for forwarding data message | |
| CN107094110B (en) | DHCP message forwarding method and device | |
| US8478891B1 (en) | Employing socket ranges to ascertain layer 2 addresses | |
| US20110078331A1 (en) | Mechanism for enabling layer two host addresses to be shielded from the switches in a network | |
| CN107547346B (en) | Message transmission method and device | |
| EP2451125A1 (en) | Method and system for realizing network topology discovery | |
| CN110417655B (en) | Method and device for forwarding data message | |
| CN103581022A (en) | MAC address finding and transmitting method and device | |
| WO2011107052A2 (en) | Method and access node for preventing address conflict | |
| US9992159B2 (en) | Communication information detecting device and communication information detecting method | |
| CN108023971B (en) | DHCP message forwarding method and device | |
| Fernandes et al. | An efficient filter-based addressing protocol for autoconfiguration of mobile ad hoc networks | |
| EP3503484B1 (en) | Message transmission methods and devices | |
| CN114070790B (en) | Information forwarding method, PE, system, equipment and medium in VPLS equipment | |
| CN111988228B (en) | Method and apparatus for processing forwarding table entry | |
| CN109842692A (en) | VxLAN switch, system and method for obtaining host information in physical network | |
| JP2002525975A (en) | Hierarchical multicasting |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |