CN117319343A - Policy routing implementation method, device and storage medium - Google Patents
Policy routing implementation method, device and storage medium Download PDFInfo
- Publication number
- CN117319343A CN117319343A CN202210713346.0A CN202210713346A CN117319343A CN 117319343 A CN117319343 A CN 117319343A CN 202210713346 A CN202210713346 A CN 202210713346A CN 117319343 A CN117319343 A CN 117319343A
- Authority
- CN
- China
- Prior art keywords
- rule
- route
- target
- acl
- forwarded
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 56
- 230000002776 aggregation Effects 0.000 claims abstract description 82
- 238000004220 aggregation Methods 0.000 claims abstract description 82
- 238000004891 communication Methods 0.000 claims abstract description 6
- 238000004590 computer program Methods 0.000 claims description 8
- 230000000694 effects Effects 0.000 description 7
- 230000006870 function Effects 0.000 description 7
- 230000009471 action Effects 0.000 description 6
- 230000008569 process Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 235000008694 Humulus lupulus Nutrition 0.000 description 2
- 230000006399 behavior Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 230000015572 biosynthetic process Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000007723 transport mechanism Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0893—Assignment of logical groups to network elements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/2557—Translation policies or rules
Abstract
The embodiment of the invention provides a policy routing implementation method, policy routing implementation equipment and a storage medium, and belongs to the technical field of network communication. The method comprises the following steps: determining a target route in a message to be forwarded in at least one subnet route based on a strategy routing table and a preset matching rule; acquiring an initial rule and a pre-allocated Access Control List (ACL) aggregation group in the target route, and determining a target rule in the message to be forwarded based on a target address in the message to be forwarded; and redirecting and forwarding the message to be forwarded based on the target path corresponding to the target rule. According to the technical scheme provided by the embodiment of the invention, the ACL aggregation group is pre-allocated to each subnet route, and the hit rule in the ACL aggregation group is used as the rule attribute of the subnet route, so that the policy route can be synchronously effective along with the execution of the target rule by the target route, and the technical problem of low application flexibility of the current policy route is solved.
Description
Technical Field
The present invention relates to the field of network communications technologies, and in particular, to a policy routing implementation method, device, and storage medium.
Background
The current policy routing operates by configuring a series of access control lists ACL (Access Control List), matching the rules and forwarding actions of the routing, and binding to ports or VLAN (Virtual Local Area Network) so that messages hitting this matching action can modify the forwarding path according to the forwarding actions of the policy routing. However, the application mode makes the policy routing only be effective when being bound on the port or the VLAN, so that the policy routing implementation method has lower flexibility.
Disclosure of Invention
The embodiment of the invention provides a policy route implementation method, policy route implementation equipment and a storage medium, and aims to solve the technical problem of low flexibility of the conventional policy route implementation method.
In a first aspect, an embodiment of the present invention provides a policy routing implementation method, including:
determining a target route in a message to be forwarded in at least one subnet route based on a strategy routing table and a preset matching rule;
acquiring an initial rule and a pre-allocated Access Control List (ACL) aggregation group in the target route, and determining a target rule in the message to be forwarded from hit rules in the initial rule and the ACL aggregation group based on a target address in the message to be forwarded;
and under the condition that the main path has link faults, redirecting and forwarding the message to be forwarded based on the target path corresponding to the target rule.
In a second aspect, an embodiment of the present invention further provides a policy route implementation device, where the policy route implementation device includes a processor, a memory, a computer program stored on the memory and executable by the processor, and a data bus for implementing connection communication between the processor and the memory, where the computer program, when executed by the processor, implements any of the policy route implementation methods as provided in the present specification.
In a third aspect, embodiments of the present invention further provide a storage medium for computer readable storage, where the storage medium stores one or more programs executable by one or more processors to implement any of the policy routing implementation methods provided in the present specification.
The embodiment of the invention provides a policy route implementation method, which comprises the steps of pre-distributing an ACL aggregation group into each subnet route, and enabling hit rules in the ACL aggregation group to be rule attributes of the subnet route so that the subnet route becomes the policy route; after determining a target route hit by a message to be forwarded through a strategy route table and a preset matching rule, inquiring and matching the corresponding target rule in the hit rule and the initial rule contained in the target route; and according to the target path corresponding to the target rule, the redirection forwarding operation of the message to be forwarded is executed, so that the policy route can be synchronously validated along with the execution of the target rule by the target route, and the problem that the policy route cannot be synchronously configured and validated when the routing configuration is changed is avoided. Therefore, the technical problem of low application flexibility of the conventional strategy routing is solved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings needed in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present application, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic flow chart of a first embodiment of a policy routing implementation method provided in the present invention in fig. 1;
fig. 2 is a flow chart of a second embodiment of a policy routing implementation method provided by the present invention;
fig. 3 is a flow chart of a third embodiment of a policy routing implementation method provided by the present invention;
fig. 4 is a flow chart of a fourth embodiment of a policy routing implementation method provided by the present invention;
fig. 5 is a schematic block diagram of a policy route implementation device according to an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The flow diagrams depicted in the figures are merely illustrative and not necessarily all of the elements and operations/steps are included or performed in the order described. For example, some operations/steps may be further divided, combined, or partially combined, so that the order of actual execution may be changed according to actual situations.
It is to be understood that the terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in this specification and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
The embodiment of the invention provides a policy routing implementation method, policy routing implementation equipment and a storage medium. The policy routing implementation method can be applied to mobile terminals, and the mobile terminals can be mobile phones, tablet computers, notebook computers, desktop computers, personal digital assistants, wearable devices and other electronic devices.
Some embodiments of the invention are described in detail below with reference to the accompanying drawings. The following embodiments and features of the embodiments may be combined with each other without conflict.
The policy route implementation method provided by the embodiment of the present invention will be described in detail below in conjunction with the scenario in fig. 1. It should be noted that, the scenario in fig. 1 is only used to explain the policy route implementation method provided by the embodiment of the present invention, but does not constitute a limitation on the application scenario of the policy route implementation method provided by the embodiment of the present invention.
Referring to fig. 1, fig. 1 is a flowchart of a first embodiment of a policy routing implementation method according to the present invention.
As shown in fig. 1, the policy route implementation method includes steps S101 to S103.
Step S101, determining a target route in which a message to be forwarded is hit in at least one subnet route based on a strategy route table and a preset matching rule.
In this embodiment, the policy routing table includes mask information of all subnet routes, and the message to be forwarded is a data unit exchanged and transmitted in the network, that is, a data block to be sent by the station at one time. The message contains the complete data information to be transmitted, as well as path information. When a message to be forwarded is received, a subnet route in the message to be forwarded is determined as a target route by inquiring and matching a path address in the message to be forwarded with a subnet mask in a strategy routing table.
It can be understood that the preset matching rule may take the IP address of the message to be forwarded as a matching basis, or may be a rule that ACL of any message, such as source destination MAC address, protocol field, etc., may be matched.
Step S102, an initial rule and a pre-allocated ACL aggregation group of the access control list in the target route are obtained, and a target rule of the message to be forwarded is determined from the initial rule and a hit rule in the ACL aggregation group based on the target address in the message to be forwarded.
In this embodiment, after receiving a message, the device matches ACL hit rules in the target route one by one. If not, the next bar is matched. Once a matching rule is found, the action defined in the rule is performed and does not continue to match with subsequent rules. If the matched rule cannot be found, the initial rule of the target route is used as the target rule, and the message is forwarded.
In an exemplary embodiment, when the ACL aggregation group is allocated to the subnet route, an initial rule of the ACL aggregation group and the subnet route may be used as a parallel rule, wherein the ACL aggregation group has a higher priority than the initial rule; alternatively, the initial rule may also be aggregated in the ACL aggregation group as one of the hit rules of the ACL aggregation group, and arranged at the lowest priority of the ACL aggregation group.
Step S103, under the condition that the main path has link faults, the message to be forwarded is redirected and forwarded based on the target path corresponding to the target rule.
In this embodiment, when a message to be forwarded hits multiple forwarding paths, the main path is taken as the highest priority path, and the hit rule of the policy route is taken as the standby path; when the main path has a link fault, switching to a target path in a strategy route hit by the message to be forwarded, and redirecting the forwarded message so as to improve the stability and reliability of message forwarding.
The embodiment provides a policy route implementation method, which is used for determining a target route in a message to be forwarded in at least one subnet route based on a policy route table and a preset matching rule; acquiring an initial rule and a pre-allocated Access Control List (ACL) aggregation group in the target route, and determining a target rule in the message to be forwarded from hit rules in the initial rule and the ACL aggregation group based on a target address in the message to be forwarded; and under the condition that the main path has link faults, redirecting and forwarding the message to be forwarded based on the target path corresponding to the target rule. In this way, in this embodiment, by pre-distributing the ACL aggregation group to each subnet route, the hit rule in the ACL aggregation group is made into the rule attribute of the subnet route, so that the subnet route is made into the policy route; after determining a target route hit by a message to be forwarded through a strategy route table and a preset matching rule, inquiring and matching the corresponding target rule in the hit rule and the initial rule contained in the target route; and according to the target path corresponding to the target rule, the redirection forwarding operation of the message to be forwarded is executed, so that the policy route can be synchronously validated along with the execution of the target rule by the target route, and the problem that the policy route cannot be synchronously configured and validated when the routing configuration is changed is avoided. Therefore, the technical problem of low application flexibility of the conventional strategy routing is solved.
Referring to fig. 2, fig. 2 is a flow chart of a second embodiment of a policy routing implementation method according to the present invention;
in this embodiment, based on the embodiment shown in fig. 1, before step S101, the method specifically further includes:
step S001, obtaining hit rules of policy routing, and grouping each hit rule based on a mask of each hit rule to obtain at least one ACL aggregation group;
step S002, based on the subnet mask of each subnet route and the mask of each ACL aggregation group in the preset routing table, the ACL aggregation group is distributed to the corresponding subnet route, and the policy rule of the subnet route is obtained;
step S003, the strategy routing table is obtained based on the strategy rule of each subnet route.
In this embodiment, after a user configures hit rules and redirection entries of all ACL policy routes, the device matches all ACL policy route rules with a preset routing table of the device, groups all ACL policy routes according to subnet masks of subnet routes in the preset routing table, and assigns corresponding ACL aggregation groups index, so that all ACL policy route hit rules are divided into a plurality of groups according to subnet masks of the preset routing table of the device.
In an exemplary embodiment, when configuring policy routes to ACL matching entries using the attributes of an ACL aggregation group, policy route hit rules belonging to the same subnet route mask are all aggregated according to the ACL aggregation group; and integrating the index of the ACL aggregation group as a next hop of the route with a preset routing table to obtain a strategy routing table, so that the index of the ACL aggregation group can be hit after the routing table is searched. Therefore, after the message is subjected to the table lookup of the routing table, the ACL aggregation group index related to the message is directly hit, and the message is redirected and forwarded according to the ACL matching entry in the index.
Further, the step S002 specifically includes:
distributing each ACL aggregation group to the corresponding subnet route based on the corresponding matching of the subnet mask of each subnet route and the mask of each ACL aggregation group in a preset routing table;
and acquiring an initial rule of the subnet route, and acquiring the strategy rule of the subnet route based on the initial rule and the hit rule in the ACL aggregation group.
In this embodiment, the hit rules of all the ACL policy routes are matched with the subnet masks of the subnet routes in the preset routing table, and the ACL aggregation groups corresponding to the same subnet mask are allocated to the corresponding subnet routes. The ACL aggregation group can exist as a single attribute of the route, and exists as a parallel route attribute with the original next hop of the route, and the forwarding logic of the route is hit at the moment, the ACL aggregation group is preferentially matched, and if the entry of the ACL aggregation group cannot be matched, the normal next hop forwarding logic of the route is re-walked.
In an exemplary embodiment, the initial rule of the atomic network route may be also used as a hit rule of the policy route, and the initial rule may be arranged in the last one of each group of ACL policy routing rules, and finally all ACL policy routes that can be matched to the local routing table of the device may be routed, so as to generate several groups of ACL aggregation groups that may correspond to the local subnet routing table. At this time, the index of the ACL aggregation group is replaced by the index of the original subnet route, and the policy routing processing of the original subnet route can be completed.
Further, based on the embodiment shown in fig. 2, the step S102 specifically includes:
inquiring the ACL aggregation group in the target route based on the target address of the message to be forwarded, and judging whether a hit rule pointing to the target address exists in the ACL aggregation group;
in the case that there is a hit rule pointing to the target address in the ACL aggregation group, the hit rule pointing to the target address is taken as the target rule.
Further, in the case where there is no hit rule pointing to the target address in the ACL aggregation group, the initial rule is taken as the target rule.
In this embodiment, because the ACL matching is performed from top to bottom, when the next hop of the subnet route becomes the ACL aggregation group index, the message of the subnet route can be hit, that is, the aggregation groups formed by the ACL policy route are sequentially performed next to each other.
In an exemplary embodiment, assume that switch a is configured with a policy route matching entry: 10.10.10.1 to 1.1.1.1;10.10.10.2 is redirected to 2.2.2.2. The routing table in switch a has a next hop of 3.3.3.3.3 for 10.10.0/24 routes. The policy routing entry is compared to the routing table in switch a and the 10.10.10.0/24 routing table can match two matching entries of 10.10.10.1/10.10.10.2. These two matching entries are placed in ACL aggregation group entry 1, with ACL aggregation group index1 existing as a separate attribute of route 10.10.10.0/24. The original next hop 3.3.3.3 for route 10.10.10.0/24 is unchanged at this time, but route 10.10.0/24 is in the routing table with one ACL aggregation group attribute and one normal next hop. At this time, if the switch a receives a message with a destination address of 10.10.10.1 and hits the routing entry 10.0.0.0/24, the ACL aggregation group attribute is preferentially matched, and if the ACL aggregation group attribute is matched with an entry with a redirection of 10.10.10.1 to a next hop address of 1.1.1.1, the ACL aggregation group attribute is forwarded to the next hop 1.1.1.1. Similarly, if a message with the destination address of 10.10.10.2 is received, the matching rule is redirected to 2.2.2.2. At this time, if the switch a receives the message with the destination address of 10.10.10.3, the forwarding rule of the original next hop of the route is continuously matched because the ACL aggregation group attribute cannot be matched, and the message is forwarded to the next hop address 3.3.3.3 of the original route 10.10.10.0/24.
Optionally, when the ACL aggregation group is allocated to the subnet route, the next hop of the atomic network route, that is, the initial rule, is also used as a hit rule of the policy route, and is arranged on the last one of each group of ACL policy route rules, and finally all ACL policy routes which can be matched to the local routing table of the device are routed, so as to generate a plurality of groups of ACL aggregation groups which can correspond to the local subnet routing table. At this time, the index of the ACL aggregation group is replaced by the index of the original subnet route, and the policy routing processing of the original subnet route can be completed.
In an exemplary embodiment, assume that switch a is configured with a policy route matching entry: 10.10.10.1 to 1.1.1.1;10.10.10.2 is redirected to 2.2.2.2. The routing table in switch a has a next hop of 3.3.3.3.3 for 10.10.0/24 routes. The policy routing entry is compared to the routing table in switch a and the 10.10.10.0/24 routing table can match two matching entries of 10.10.10.1/10.10.10.2. These two matching entries are placed in ACL aggregation group entry 1 and the original route matching entry 10.10.10.0/24 next hop is 3.3.3.3, as the third matching entry, is also placed in ACL aggregation group entry 1. The original exit of route 10.10.10.0/24 is replaced with ACL aggregation group index1, pointing to ACL aggregation group entry 1. I.e. the original routing table 10.10.10.0/24 next hop-exit is directed to 3.3.3.3, and after being replaced by ACL aggregation group entry 1, the next hop-exit of the routing table 10.10.10.0/24 is directed to ACL aggregation group 1. At this time, if the switch a receives a message with a destination address of 10.10.10.1 and hits in the routing entry 10.0.0.0/24, the message is forwarded to ACL aggregation group 1, and if the message is matched with the entry with the address of 1.1.1.1 for the next hop, the message is forwarded to 1.1.1.1 for the next hop. Similarly, if a message with the destination address of 10.10.10.2 is received, the matching rule is redirected to 2.2.2.2. At this time, if the switch a receives the destination address of the message is 10.10.10.3, the forwarding rule of the third original next hop is matched, and the message is forwarded to the next hop address 3.3.3.3 of the original route 10.10.10.0/24. The action of replacing the next hop of the original route by the whole policy route is finished, and additionally, the definition of the policy route can be more refined, for example, besides matching the IP address of a message, the field information of any message can be matched, for example, the source destination MAC address, the protocol field and other ACLs can be matched, so that the forwarding of one route can be enabled to have very rich refined matching actions by adopting the matching mode.
In this embodiment, if a packet that can be redirected by the ACL policy routing hit is matched, the packet is redirected, and all packets that cannot be hit are forwarded according to the original forwarding path because the last ACL policy routing rule is the forwarding path of the original next hop.
Referring to fig. 3, fig. 3 is a flow chart of a third embodiment of a policy routing implementation method according to the present invention;
as shown in fig. 3, based on the embodiment shown in fig. 1, before redirecting and forwarding the to-be-forwarded packet, the method further includes:
step S201, generating a main path based on fast reroute FRR, and judging whether the main path has a link obstacle or not;
step S202, forwarding the message to be forwarded through the main path under the condition that the main path has no link fault.
Generally, in the general technology, the policy routing ACL is at the forefront of the forwarding logic, so as long as all messages enter from a certain port or a certain vlan according to the ACL binding policy, the ACL policy of the policy routing is directly matched and hit, and therefore, the following routing flow cannot be carried out, so that although the function name policy routing is adopted, the policy routing ACL is not in any relation with the routing.
In this embodiment, since the policy route becomes a route next-hop attribute, it can follow the route to take effect, and thus various behaviors of the route can be effectively responded to. When the routing FRR is configured, the ACL aggregation group of the policy routing can be directly taken as the next hop to take effect, so that the function of superposing and taking effect of the routing FRR and the policy routing can be realized, and further the expansion of the FRR function similar to the routing is completed.
The FRR (Fast Reroute) aims to provide backup protection for a link or a node in a network after the link or the node fails, so as to realize Fast Reroute, reduce the influence on traffic when the link or the node fails, and enable the traffic to recover quickly.
In an exemplary embodiment, after configuration of the policy route is completed, a policy route next hop for route 10.10.10.0/24 is formed. Assume that switch a is configured with a policy route matching entry: 10.10.10.1 to 1.1.1.1;10.10.10.2 is redirected to 2.2.2.2. The routing table in switch a has a next hop of 3.3.3.3.3 for 10.10.0/24 routes. At this time, the routes 10.10.10.0/24 form an FRR path, the main path is the next hop IP address 4.4.4.4, and the standby path is the policy route next hop. Before the FRR triggers the handover, all messages hitting this route 10.10.10.0/24 are forwarded according to the main path 4.4.4.4. If FRR triggers switching, the message hitting the route 10.10.10.0/24 is forwarded according to the mode of the next hop of the policy route, namely the forwarding mode of the refined hit policy route ACL aggregation group. Therefore, the formation of the FRR is completed, and the FRR is a next hop attribute of the route, so that the mode of switching the master and slave of the FRR from the common route to the policy route is very simple and convenient, and the mutual switching effect of the two groups of policy routes can be formed.
Referring to fig. 4, fig. 4 is a flow chart of a fourth embodiment of the policy routing implementation method provided by the present invention;
as shown in fig. 4, based on the embodiment shown in fig. 1, the redirecting forwarding the to-be-forwarded packet based on the target path corresponding to the target rule further includes:
step S301, generating an equivalent path based on an equivalent multipath route ECMP;
step S302, based on the target path and the equivalent path, the message to be forwarded is shunted and forwarded.
In this embodiment, since the policy route becomes a route next-hop attribute, it can follow the route to take effect, and thus various behaviors of the route can be effectively responded to. When the ECMP is configured, the ACL aggregation group of the policy route can be directly taken as the next hop to take effect, so that the function of superposing and taking effect of the ECMP and the policy route can be realized, and further the ECMP function similar to the route can be expanded.
The EMCP (Equal Cost Multi-path) can use multiple links simultaneously in the network environment, which not only increases transmission bandwidth, but also can backup data transmission of a failed link without delay and packet loss.
Further, the step S302 specifically includes:
determining a target path corresponding to the target rule and the load flow of the equivalent path based on a load balancing principle and the data size of the message to be forwarded;
and controlling the target path and the equivalent path to shunt and forward the message to be forwarded based on the load flow.
In an exemplary embodiment, after configuration of the policy route is completed, a policy route next hop for route 10.10.10.0/24 is formed. Assume that switch a is configured with a policy route matching entry: 10.10.10.1 to 1.1.1.1;10.10.10.2 is redirected to 2.2.2.2. The routing table in switch a has a next hop of 3.3.3.3.3 for 10.10.0/24 routes. At this point, the routes 10.10.10.0/24 form ECMP paths, forming two equivalent next hops, one of which is the policy route next hop described above, with the next hop address of 4.4.4.4. All messages hitting the route 10.10.10.0/24 are forwarded in a load balancing manner according to two next hops, namely, one part of traffic walks 4.4.4.4, and the other part of traffic walks the strategy to route the next hop outlet. Thus, the formation of the policy routing ECMP is completed. Since policy routing is the next hop attribute of the route, the load sharing manner of ECMP will be more diversified.
Referring to fig. 5, fig. 5 is a schematic block diagram of a policy route implementation device according to an embodiment of the present invention.
As shown in fig. 5, the policy route enforcement device 300 includes a processor 301 and a memory 302, the processor 301 and the memory 302 being connected by a bus 303, such as an I2C (Inter-integrated Circuit) bus.
In particular, the processor 301 is configured to provide computing and control capabilities that support the operation of the overall policy route enforcement device. The processor 301 may be a central processing unit (Central Processing Unit, CPU), the processor 301 may also be other general purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), field-programmable gate arrays (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. Wherein the general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
Specifically, the Memory 302 may be a Flash chip, a Read-Only Memory (ROM) disk, an optical disk, a U-disk, a removable hard disk, or the like.
It will be appreciated by those skilled in the art that the structure shown in fig. 5 is merely a block diagram of a portion of the structure associated with an embodiment of the present invention and is not limiting of the policy route implementation device to which an embodiment of the present invention is applied, and that a particular policy route implementation device may include more or fewer components than shown in the drawings, or may combine certain components, or have a different arrangement of components.
The processor 301 is configured to execute a computer program stored in the memory 302, and implement any one of the policy routing implementation methods provided by the embodiments of the present invention when the computer program is executed.
In an embodiment, the processor 301 is configured to execute a computer program stored in a memory, and when executing the computer program, implement the following steps:
in one embodiment, the processor 301, when implemented, is configured to implement:
determining a target route in a message to be forwarded in at least one subnet route based on a strategy routing table and a preset matching rule;
acquiring an initial rule and a pre-allocated Access Control List (ACL) aggregation group in the target route, and determining a target rule in the message to be forwarded from hit rules in the initial rule and the ACL aggregation group based on a target address in the message to be forwarded;
and under the condition that the main path has link faults, redirecting and forwarding the message to be forwarded based on the target path corresponding to the target rule.
It should be noted that, for convenience and brevity of description, specific working processes of the policy route implementation device described above may refer to corresponding processes in the foregoing policy route implementation method embodiment, and are not described herein again.
The embodiment of the invention also provides a storage medium for computer readable storage, wherein the storage medium stores one or more programs, and the one or more programs can be executed by one or more processors to implement any policy routing implementation method provided by the specification of the embodiment of the invention.
The storage medium may be an internal storage unit of the policy routing implementation device according to the foregoing embodiment, for example, a hard disk or a memory of the policy routing implementation device. The storage medium may also be an external storage device of the policy route implementation device, for example, a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card) or the like, which are provided on the policy route implementation device.
Those of ordinary skill in the art will appreciate that all or some of the steps, systems, functional modules/units in the apparatus, and methods disclosed above may be implemented as software, firmware, hardware, and suitable combinations thereof. In a hardware embodiment, the division between the functional modules/units mentioned in the above description does not necessarily correspond to the division of physical components; for example, one physical component may have multiple functions, or one function or step may be performed cooperatively by several physical components. Some or all of the physical components may be implemented as software executed by a processor, such as a central processing unit, digital signal processor, or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). The term computer storage media includes both volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data, as known to those skilled in the art. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by a computer. Furthermore, as is well known to those of ordinary skill in the art, communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media.
It should be understood that the term "and/or" as used in the present specification and the appended claims refers to any and all possible combinations of one or more of the associated listed items, and includes such combinations. It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The foregoing embodiment numbers of the present invention are merely for the purpose of description, and do not represent the advantages or disadvantages of the embodiments. While the invention has been described with reference to certain preferred embodiments, it will be understood by those skilled in the art that various changes and substitutions may be made therein without departing from the spirit and scope of the invention as defined by the appended claims. Therefore, the protection scope of the invention is subject to the protection scope of the claims.
Claims (10)
1. A policy routing implementation method, the method comprising:
determining a target route in a message to be forwarded in at least one subnet route based on a strategy routing table and a preset matching rule;
acquiring an initial rule and a pre-allocated Access Control List (ACL) aggregation group in the target route, and determining a target rule in the message to be forwarded from hit rules in the initial rule and the ACL aggregation group based on a target address in the message to be forwarded;
and under the condition that the main path has link faults, redirecting and forwarding the message to be forwarded based on the target path corresponding to the target rule.
2. The method for implementing a policy route according to claim 1, wherein before the step of determining the target route of the packet to be forwarded in the at least one subnet route based on the policy routing table and the preset matching rule, the method further comprises:
acquiring hit rules of policy routing, and grouping each hit rule based on masks of each hit rule to obtain at least one ACL aggregation group;
based on a subnet mask of each subnet route and a mask of each ACL aggregation group in a preset routing table, distributing the ACL aggregation groups to the corresponding subnet routes, and obtaining policy rules of the subnet routes;
and obtaining the strategy routing table based on the strategy rules of the subnet routes.
3. The method according to claim 2, wherein the allocating the ACL aggregation group to the corresponding subnet route based on a subnet mask of each subnet route and a mask of each ACL aggregation group in a preset routing table to obtain the policy rule of the subnet route includes:
distributing each ACL aggregation group to the corresponding subnet route based on the corresponding matching of the subnet mask of each subnet route and the mask of each ACL aggregation group in a preset routing table;
and acquiring an initial rule of the subnet route, and acquiring the strategy rule of the subnet route based on the initial rule and the hit rule in the ACL aggregation group.
4. The method according to claim 1, wherein determining the target rule for the hit of the message to be forwarded based on the target address in the message to be forwarded in the initial rule and the hit rule in the ACL aggregation group includes:
inquiring the ACL aggregation group in the target route based on the target address of the message to be forwarded, and judging whether a hit rule pointing to the target address exists in the ACL aggregation group;
in the case that there is a hit rule pointing to the target address in the ACL aggregation group, the hit rule pointing to the target address is taken as the target rule.
5. The method for implementing policy routing according to claim 4, wherein after the step of querying the ACL aggregation group in the target route based on the target address of the to-be-forwarded packet and determining whether there is a hit rule pointing to the target address in the ACL aggregation group, the method further comprises:
in the case where there is no hit rule pointing to the target address in the ACL aggregation group, the initial rule is taken as the target rule.
6. The method for implementing policy routing according to claim 1, wherein said step of redirecting and forwarding the packet to be forwarded based on the target path corresponding to the target rule further comprises:
generating an equivalent path based on the equivalent multipath route ECMP;
and shunting and forwarding the message to be forwarded based on the target path and the equivalent path.
7. The method according to claim 6, wherein the step of forwarding the packet to be forwarded in a split manner based on the target path and the equivalent path further comprises:
determining a target path corresponding to the target rule and the load flow of the equivalent path based on a load balancing principle and the data size of the message to be forwarded;
and controlling the target path and the equivalent path to shunt and forward the message to be forwarded based on the load flow.
8. The method for implementing policy routing according to any one of claims 1-7, wherein before the step of redirecting and forwarding the packet to be forwarded based on the target path corresponding to the target rule, the method further comprises:
generating a main path based on fast reroute (FRR), and judging whether the main path has a link obstacle or not;
and forwarding the message to be forwarded through the main path under the condition that the main path has no link fault.
9. A policy route implementing device, characterized in that it comprises a processor, a memory, a computer program stored on the memory and executable by the processor, and a data bus for implementing a connection communication between the processor and the memory, wherein the computer program, when executed by the processor, implements the steps of the policy route implementing method according to any of claims 1 to 8.
10. A storage medium for computer readable storage, wherein the storage medium stores one or more programs executable by one or more processors to implement the steps of the policy routing implementation method of any of claims 1 to 8.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210713346.0A CN117319343A (en) | 2022-06-22 | 2022-06-22 | Policy routing implementation method, device and storage medium |
| PCT/CN2023/079008 WO2023246161A1 (en) | 2022-06-22 | 2023-03-01 | Policy routing implementation method and device, and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210713346.0A CN117319343A (en) | 2022-06-22 | 2022-06-22 | Policy routing implementation method, device and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117319343A true CN117319343A (en) | 2023-12-29 |
Family
ID=89283616
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210713346.0A Pending CN117319343A (en) | 2022-06-22 | 2022-06-22 | Policy routing implementation method, device and storage medium |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN117319343A (en) |
| WO (1) | WO2023246161A1 (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117499293A (en) * | 2024-01-02 | 2024-02-02 | 中移(苏州)软件技术有限公司 | Routing table maintenance method, path selection method, device, system and storage medium |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1897564B (en) * | 2005-07-11 | 2010-04-14 | 中兴通讯股份有限公司 | Strategic routing matching method based on recursive-flow category algorithm |
| CN104579940B (en) * | 2013-10-10 | 2017-08-11 | 新华三技术有限公司 | Search the method and device of accesses control list |
| CN107786497B (en) * | 2016-08-25 | 2020-04-14 | 华为技术有限公司 | Method and device for generating ACL table |
| CN111431798B (en) * | 2020-03-31 | 2022-07-12 | 新华三信息安全技术有限公司 | Route switching method and device |
-
2022
- 2022-06-22 CN CN202210713346.0A patent/CN117319343A/en active Pending
-
2023
- 2023-03-01 WO PCT/CN2023/079008 patent/WO2023246161A1/en unknown
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117499293A (en) * | 2024-01-02 | 2024-02-02 | 中移(苏州)软件技术有限公司 | Routing table maintenance method, path selection method, device, system and storage medium |
| CN117499293B (en) * | 2024-01-02 | 2024-04-09 | 中移(苏州)软件技术有限公司 | Routing table maintenance method, path selection method, device, system and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2023246161A1 (en) | 2023-12-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11972306B2 (en) | Routing optimizations in a network computing environment | |
| CN107819663B (en) | Method and device for realizing virtual network function service chain | |
| US8576721B1 (en) | Local forwarding bias in a multi-chassis router | |
| CN102771094B (en) | Distributed routing framework | |
| CN115426306A (en) | Method, network node and system for determining message forwarding path | |
| US10110397B2 (en) | Method and device for switching tunnels and switch | |
| US9678840B2 (en) | Fast failover for application performance based WAN path optimization with multiple border routers | |
| US7936668B2 (en) | Methods and apparatus for distributing label information | |
| US9590890B2 (en) | Transfer apparatus, server, and route changing method | |
| US20220124033A1 (en) | Method for Controlling Traffic Forwarding, Device, and System | |
| Mohan et al. | Fault tolerance in TCAM-limited software defined networks | |
| CN114844818A (en) | Method, device and system for establishing cross-domain forwarding path | |
| CN113726915A (en) | Network system, message transmission method therein and related device | |
| WO2016095142A1 (en) | Data forwarding method, device and system in software-defined networking (sdn) | |
| CN117319343A (en) | Policy routing implementation method, device and storage medium | |
| EP3192221B1 (en) | Method and network node for scalable computer network partitioning | |
| EP3461079B1 (en) | Path establishment method and device, and network node | |
| CN111464443B (en) | Message forwarding method, device, equipment and storage medium based on service function chain | |
| US20230344751A1 (en) | Route Processing Method, Related Apparatus, and Network System | |
| CN106209634B (en) | Learning method and device of address mapping relation | |
| CN108632125A (en) | A kind of multicast list management method, device, equipment and machine readable storage medium | |
| CN114401222A (en) | Data forwarding method and device based on policy routing and storage medium | |
| CN103370910A (en) | Methods, systems, and computer readable media for next hop scaling with link aggregation | |
| CN113595915A (en) | Method for forwarding message and related equipment | |
| CN113364683A (en) | Route sending method and equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication |