WO2015090087A1 - Routing diffusion method and device - Google Patents

Routing diffusion method and device Download PDF

Info

Publication number
WO2015090087A1
WO2015090087A1 PCT/CN2014/086336 CN2014086336W WO2015090087A1 WO 2015090087 A1 WO2015090087 A1 WO 2015090087A1 CN 2014086336 W CN2014086336 W CN 2014086336W WO 2015090087 A1 WO2015090087 A1 WO 2015090087A1
Authority
WO
WIPO (PCT)
Prior art keywords
vpn
route
configuration
bgp
nlri
Prior art date
Application number
PCT/CN2014/086336
Other languages
French (fr)
Chinese (zh)
Inventor
杨继尚
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2015090087A1 publication Critical patent/WO2015090087A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/02Topology update or discovery
    • H04L45/04Interdomain routing, e.g. hierarchical routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2212/00Encapsulation of packets

Definitions

  • the present invention relates to the field of communications technologies, and in particular, to a method and an apparatus for route spreading.
  • Layer 3 VPNs Virtual Private Networks
  • Layer 3 VPNs are generally implemented using technologies such as MPLS (Multiprotocol Label Switch) VPN.
  • MPLS VPNs mainly involve CE (Customer Edge), PE (Provider Edge, Carrier Edge Device), and P (Provider Router, Core Router) devices.
  • MPLS VPNs are generally not deployed inside public cloud data centers.
  • the public cloud data center egress router can be used as a PE device or even as a CE device.
  • a CE device that supports multiple VPNs is called a Multi-VPN-Instance Customer Edge (MCE).
  • MCE Multi-VPN-Instance Customer Edge
  • NVO3 Network Virtualization Over Layer 3
  • the centralized NVO3 gateway that is forwarded by NVO3 after Layer 3 termination is a typical MCE.
  • the routing protocol is used to implement the VPN route.
  • the method of the prior art is to configure different interfaces on the MCE and the PE to bind different VPNs, and then each VPN uses a different IGP (Interior Gateway Protocol) process or BGP (Border Gateway Protocol). Gateway Protocol) Sessions are routed.
  • IGP Interior Gateway Protocol
  • BGP Border Gateway Protocol
  • the MCE and the PE support a very large number of VPNs.
  • the number of VPN instances that the centralized NVO3 gateway needs to support is much larger than that of the general MCE, and may reach several thousand and tens of thousands. Even a million.
  • the existing route diffusion method between the MCE and the PE consumes a large number of CPUs (Central Processing Units) and memory resources, which is difficult to support.
  • CPUs Central Processing Units
  • Embodiments of the present invention provide a method and apparatus for route diffusion, which can solve between MCEs or MCEs and When routing routes between PEs consumes a large amount of CPU and memory resources, the device is difficult to support.
  • an embodiment of the present invention provides a method for route diffusion, including:
  • the encapsulated VPN route is sent through the Border Gateway Protocol BGP.
  • the encapsulating the virtual private network VPN route according to the format of the NLRI includes:
  • the accompanying address family identifier SAFI in the VPN route is set to a preset value.
  • the method before the encapsulating the virtual private network VPN route according to the format of the NLRI, the method further includes:
  • the performing the VPN configuration includes:
  • the performing the BGP configuration includes:
  • an embodiment of the present invention provides a device for route spreading, including:
  • a setting unit configured to set a format of network layer reachability information NLRI
  • An encapsulating unit configured to encapsulate a virtual private network VPN route according to the format of the NLRI;
  • a sending unit configured to send the encapsulated VPN route by using a border gateway protocol BGP.
  • the encapsulating unit includes:
  • a setting subunit configured to set an accompanying address family identifier SAFI in the VPN route to a preset value.
  • the device further includes:
  • the configuration unit is also used to perform BGP configuration.
  • the configuring unit includes:
  • a configuration sub-unit configured to configure a VPN instance, where the VPN instance has a one-to-one correspondence with the VPN;
  • the configuration subunit is further configured to configure a routing identifier RD and a routing target RT for the VPN instance;
  • the configuration subunit is further configured to configure an address family of the VPN to be IPv4.
  • the configuring unit includes:
  • the diffusion of multiple VPN routes is performed between the MCEs or between the MCEs and the PEs through multiple IGP processes or multiple BGP sessions.
  • the method and device for routing the route provided by the embodiment of the present invention.
  • the format of the network layer reachability information NLRI is set in the MCE; when the virtual private network VPN route is spread, the VPN route is encapsulated into the set NLRI format; The encapsulated VPN route is sent through the Border Gateway Protocol BGP. Because the VPN route is encapsulated in the set NLRI format, the routing of multiple VPNs can be spread through a BGP session between the MCEs or the PEs, reducing CPU and memory resource consumption and greatly reducing MCE and PE. CPU load.
  • FIG. 1 is a flowchart of a method according to an embodiment of the present invention
  • FIG. 2 is a network architecture diagram according to another embodiment of the present invention.
  • FIG. 3 is a flowchart of a method according to another embodiment of the present invention.
  • FIG. 4 is a schematic diagram of a network layer reachability information format according to another embodiment of the present invention.
  • FIG. 5 is a schematic diagram of a package format according to another embodiment of the present invention.
  • FIG. 6 is a schematic diagram of an address according to another embodiment of the present invention.
  • FIG. 7 and FIG. 8 are schematic structural diagrams of a device according to another embodiment of the present invention.
  • FIG. 9 is a schematic structural diagram of a device according to another embodiment of the present invention.
  • An embodiment of the present invention provides a route diffusion method, which is used for the VPN route between the MCE and the PE or between the multiple MCEs.
  • the MCE extends the VPN route to the PE as an example. As shown in FIG. 1 , the method includes :
  • the MCE sets the format of the network layer reachability information NLRI.
  • the NLRI Network Layer Reachability Information
  • the NLRI is a format used for route encapsulation.
  • the MCE encapsulates the VPN route according to the format of the NLRI.
  • the encapsulated address family identifier SAFI in the VPN route is set to a preset value when the VPN route is encapsulated.
  • the MCE sends the encapsulated VPN route through the border gateway protocol BGP.
  • the MCE also needs to perform VPN configuration and BGP configuration before encapsulating the VPN route.
  • the configuration of the VPN includes configuring the VPN instance.
  • the VPN instance is in one-to-one correspondence with the VPN.
  • BGP configuration includes specifying a VPN that needs to send routes through BGP.
  • the diffusion of multiple VPN routes is performed between the MCEs or between the MCEs and the PEs through multiple IGP processes or multiple BGP sessions.
  • the network layer reachability information NLRI format is set in the MCE; when the VPN route is spread, the VPN route is encapsulated into the set NLRI format; and the encapsulated VPN route is sent through the border gateway protocol BGP. Because the VPN route is encapsulated in the set NLRI format, the routing of multiple VPNs can be spread through a BGP session between the MCEs or the PEs, reducing CPU and memory resource consumption and greatly reducing MCE and PE. CPU load.
  • a further embodiment of the present invention provides a method for route diffusion.
  • a tenant accesses a server of a different VPN in a cloud data center through a wide area network, and a wide area network PE is connected to a cloud data center egress router, and the gateway passes through a three-layer network and an egress router.
  • the egress router and the gateway diffuse the VPN route to the gateway, and the egress router and the gateway are equivalent to the MCE device.
  • the method includes:
  • the egress router performs VPN instance configuration.
  • the VPN instance is also called a VPN Routing and Forwarding table (VRF).
  • VRF VPN Routing and Forwarding table
  • One or more VPN instances exist on the egress router. Each VPN instance has its own independent routing table, forwarding table, and corresponding interface.
  • the egress router configures RD and RT for the VPN instance.
  • the RD can implement the address space of the VPN independently.
  • the RD is configured based on the VPN instance and is carried in the routing protocol packet and is placed together with the VPN address.
  • the RT is divided into the import route import import RT and the export route target export RT.
  • the route of the VPN is introduced.
  • a router floods a VPN route through BGP the export RT attribute is placed in the protocol packet.
  • the router that receives the protocol packet is imported into the VPN instance whose import RT is equal to the export RT.
  • the address family of the VPN configured by the egress router is IPv4.
  • the VPN address is an IPv4 address
  • the IPv4 routing information is diffused through the BGP protocol, and the VPN address family is configured as IPv4 on the egress router.
  • the egress router performs BGP configuration.
  • BGP needs to be configured on the egress router.
  • the egress router specifies a VPN that sends a route through the BGP session.
  • the egress router sets the format of the NLRI.
  • FIG. 4 it is an NLRI format in the embodiment of the present invention.
  • a new SAFI Subsequent Address Family Identifier
  • SAFI Subsequent Address Family Identifier
  • the prefix includes multiple IPv4 address prefixes, which can improve the efficiency of route spreading compared with only one IPV4 address prefix in the prior art.
  • the egress router establishes a BGP session with the gateway.
  • the session between the BGP neighboring routers is established on the TCP (Transmission Control Protocol) protocol.
  • TCP Transmission Control Protocol
  • the TCP protocol provides a reliable transport mechanism that supports two types of sessions: external BGP and internal BGP.
  • External BGP is a session between routers belonging to two different autonomous systems that are contiguous and share the same medium and subnet.
  • Internal BGP is a session between routers within an autonomous system that is used to coordinate and synchronize the process of finding routes within the autonomous system.
  • the egress router and the gateway are in the same autonomous system, and an internal BGP session is established between the egress router and the gateway. After the BGP session is established, the egress router and the gateway can mutually distribute the routing information.
  • the embodiment of the present invention takes an egress router and a gateway diffusion route as an example.
  • the egress router encapsulates the VPN route to be spread.
  • the VPN routing encapsulation is implemented by the MP_REACH_NLRI (Multiprotocol Reachable NLRI) option in the BGP packet encapsulation.
  • MP_REACH_NLRI Multiprotocol Reachable NLRI
  • the MP_REACH_NLRI option format is used.
  • the AFI (Address Family Identifier) in the MP_REACH_NLRI option indicates whether the address family uses IPv4 address or IPv6, and is identified by 1 or 0 respectively.
  • SAFI indicates the meaning of each data in NLRI. For example, if SAFI is 128, it indicates NLRI.
  • the first row of data is the length, and the second row of data is the label.
  • the SAFI is 127, it means that the first row of data in NLRI is the length, the second row of data is the address prefix Prefix; NANH (Network Address of Next Hop, next The hop address) and the Prefix in the NLRI form the address of the VPN, as shown in Figure 6, which is the format of the address.
  • the AFI value is 1; and when the NLRI is not labeled, the SAFI is 127.
  • the SAFI is 127, it indicates that the first row of data in the NLRI is the length, and the second row of data is the address prefix Prefix, which is defined for convenience in the description of the embodiment. Standard organization application.
  • the egress router sends the encapsulated VPN route.
  • the VPN router encapsulates the VPN route to be sent in BGP and sends it to the gateway.
  • the gateway is configured through VPN and BGP, and learns when receiving the VPN route sent by the egress router. After learning the VPN route, the gateway obtains the address of the VPN in the VPN route, adds it to the corresponding VRF, and then spreads the received route to other devices. When the gateway receives the packet to be forwarded, it matches the VRF with the destination address of the packet. If the destination address of the packet is the same as the VPN prefix in the VPN route sent by the egress router, the packet indicates the packet. The egress router can forward the packet to the egress router.
  • the egress router and the gateway need to perform mutual route divergence.
  • the egress router performs route diversion to the gateway. If the gateway performs route diversion to the egress router, the gateway needs to perform steps 201 to 209. Operation process.
  • a public cloud data center gateway is connected to a wide area network PE, a gateway and a PE.
  • the multi-VPN route is spread through multiple IGP processes or multiple BGP sessions.
  • the VPN and BGP are configured on the egress router, and the network layer reachability information NLRI format is set; when the VPN route is spread, the VPN route is encapsulated into the set. NLRI format; sends encapsulated VPN routes through Border Gateway Protocol BGP. Because the VPN route is encapsulated in the set NLRI format, a VPN session can be spread between the egress router and the gateway through a BGP session, reducing CPU and memory resource consumption, greatly reducing the CPU load of the MCE and the PE. .
  • a further embodiment of the present invention provides a device 30 for route diffusion. As shown in FIG. 7, the device 30 includes:
  • the setting unit 31 is configured to set a format of the network layer reachability information NLRI;
  • the encapsulating unit 32 is configured to encapsulate the virtual private network VPN route according to the format of the NLRI;
  • the sending unit 33 is configured to send the encapsulated VPN route by using a border gateway protocol BGP.
  • the package unit 32 includes:
  • the setting subunit 321 is configured to set the accompanying address family identifier SAFI in the VPN route to a preset value.
  • the device 30 further includes:
  • the configuration unit 34 is configured to perform VPN configuration.
  • the configuration unit 34 is also used to perform BGP configuration.
  • the configuration unit 34 includes:
  • a configuration sub-unit 341, configured to configure a VPN instance, where the VPN instance has a one-to-one correspondence with the VPN;
  • the configuration subunit 341 is further configured to configure a routing identifier RD and a routing target RT for the VPN instance;
  • the configuration sub-unit 341 is further configured to configure an address family of the VPN to be IPv4.
  • the configuration unit 34 includes:
  • the specifying sub-unit 342 is configured to specify a VPN that needs to send a route through the BGP.
  • the diffusion of multiple VPN routes is performed between the MCEs or between the MCEs and the PEs through multiple IGP processes or multiple BGP sessions.
  • the network layer reachability information NLRI format is set in the device 30.
  • the VPN route is spread, the VPN route is encapsulated into the set NLRI format; and the encapsulated VPN route is sent through the border gateway protocol BGP. Because the VPN route is encapsulated in the set NLRI format, the routing of multiple VPNs can be spread through a BGP session between the MCEs or the PEs, reducing CPU and memory resource consumption and greatly reducing MCE and PE. CPU load.
  • a further embodiment of the present invention provides a device 40 for route diffusion. As shown in FIG. 9, the device 40 includes:
  • the processor 41 is configured to set a format of the network layer reachability information NLRI; and, configured to encapsulate the virtual private network VPN route according to the format of the NLRI;
  • the transmitter 42 is configured to send the encapsulated VPN route by using a border gateway protocol BGP.
  • the processor 41 is further configured to set an accompanying address family identifier SAFI in the VPN route as a preset. value.
  • processor 41 is further configured to perform VPN configuration; and is configured to perform BGP configuration.
  • the processor 41 is further configured to configure a VPN instance, where the VPN instance has a one-to-one correspondence with the VPN; and, configured to configure a routing identifier RD and a routing target RT for the VPN instance; and configured to configure The address family of the VPN is IPv4.
  • the processor 41 is further configured to specify a VPN that needs to send a route through the BGP.
  • the diffusion of multiple VPN routes is performed between the MCEs or between the MCEs and the PEs through multiple IGP processes or multiple BGP sessions.
  • the network layer reachability information NLRI format is set in the device 40.
  • the VPN route is spread, the VPN route is encapsulated into the set NLRI format; and the encapsulated VPN route is sent through the border gateway protocol BGP. Because the VPN route is encapsulated in the set NLRI format, the routing of multiple VPNs can be spread through a BGP session between the MCEs or the PEs, reducing CPU and memory resource consumption and greatly reducing MCE and PE. CPU load.
  • the device for the route-distribution provided by the embodiment of the present invention may implement the foregoing method embodiment.
  • the method and apparatus for route spreading provided by the embodiments of the present invention may be applicable to route diffusion between an MCE and a PE or between MCEs, but is not limited thereto.
  • the storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM), or a random access memory (RAM).

Abstract

Disclosed are a routing diffusion method and device, which relate to the technical field of communications and can solve the problem that when routing diffusion is conducted between MCEs or between an MCE and a PE, a large amount of CPU and memory resources are consumed, so that it is difficult for a device to support the consumption. The method of the present invention comprises: setting a format of network layer reachability information (NLRI); according to the format of the NLRI, encapsulating a virtual private network (VPN) router; and sending the encapsulated VPN router via a border gateway protocol (BGP). The present invention is applicable to the routing diffusion between an MCE and a PE or between MCEs.

Description

路由扩散的方法及装置Route diffusion method and device
本申请要求于2013年12月18日提交中国专利局、申请号为201310697935.5、发明名称为“路由扩散的方法及装置”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。The present application claims priority to Chinese Patent Application No. 2013-069793, filed on Dec.
技术领域Technical field
本发明涉及通信技术领域,尤其涉及一种路由扩散的方法及装置。The present invention relates to the field of communications technologies, and in particular, to a method and an apparatus for route spreading.
背景技术Background technique
云计算技术的发展,推动了公有云业务的发展。公有云数据中心是公有云业务提供的最重要的基础设施,它需要支持大量租户的访问。出于安全和租户间存在IP(Internet Protocol,网络协议)地址重叠等原因,不同租户需要使用不同的三层VPN(Virtual Private Network,虚拟专用网络)。三层VPN一般会采用MPLS(Multiprotocol Label Switch,多协议标签交换)VPN等技术实现。MPLS VPN主要涉及CE(Customer Edge,用户边界设备)、PE(Provider Edge,运营商边界设备)和P(Provider Router,核心路由器)设备。公有云数据中心内部一般不部署MPLS VPN。公有云数据中心出口路由器可以作为PE设备,甚至作为CE设备,公有云数据中心内部的其它路由器则只能作为CE设备。这种支持多个VPN的CE设备,称之为MCE(Multi-VPN-Instance Customer Edge,多VPN实例的用户边界设备)。在公有云数据中心,如果采用NVO3(Network Virtualization Over Layer 3,三层网络虚拟化)技术,则NVO3终结后三层转发的集中式NVO3网关就是一个典型的MCE。MCE和PE以及MCE之间都是通过路由协议来实现VPN路由的扩散。现有技术的方法为:在MCE和PE上分别配置不同的接口绑定不同的VPN,然后每个VPN分别使用不同的IGP(Interior Gateway Protocol,内部网关协议)进程或者BGP(Border Gateway Protocol,边界网关协议)会话进行路由扩散。The development of cloud computing technology has promoted the development of public cloud business. The public cloud data center is the most important infrastructure provided by public cloud services, and it needs to support access by a large number of tenants. Different tenants need to use different Layer 3 VPNs (Virtual Private Networks) for security reasons and overlapping IP addresses (Internet Protocols). Layer 3 VPNs are generally implemented using technologies such as MPLS (Multiprotocol Label Switch) VPN. MPLS VPNs mainly involve CE (Customer Edge), PE (Provider Edge, Carrier Edge Device), and P (Provider Router, Core Router) devices. MPLS VPNs are generally not deployed inside public cloud data centers. The public cloud data center egress router can be used as a PE device or even as a CE device. Other routers in the public cloud data center can only function as CE devices. A CE device that supports multiple VPNs is called a Multi-VPN-Instance Customer Edge (MCE). In the public cloud data center, if NVO3 (Network Virtualization Over Layer 3) technology is adopted, the centralized NVO3 gateway that is forwarded by NVO3 after Layer 3 termination is a typical MCE. Between the MCE and the PE and the MCE, the routing protocol is used to implement the VPN route. The method of the prior art is to configure different interfaces on the MCE and the PE to bind different VPNs, and then each VPN uses a different IGP (Interior Gateway Protocol) process or BGP (Border Gateway Protocol). Gateway Protocol) Sessions are routed.
现有技术中至少存在如下问题:一些情况下,需要MCE和PE支持数量非常多的VPN,例如,集中式NVO3网关需要支持的VPN实例数量远远大于一般的MCE,会达到几千、几万甚至百万级。在这种情况下,采用现有的MCE和PE间的路由扩散方式,将消耗大量的CPU(Central Processing Unit,中央处理器)和内存资源,设备难以支持。At least the following problems exist in the prior art: in some cases, the MCE and the PE support a very large number of VPNs. For example, the number of VPN instances that the centralized NVO3 gateway needs to support is much larger than that of the general MCE, and may reach several thousand and tens of thousands. Even a million. In this case, the existing route diffusion method between the MCE and the PE consumes a large number of CPUs (Central Processing Units) and memory resources, which is difficult to support.
发明内容Summary of the invention
本发明的实施例提供一种路由扩散的方法及装置,能够解决MCE之间或者MCE和 PE之间进行路由扩散时,消耗大量的CPU和内存资源,设备难以支持的问题。Embodiments of the present invention provide a method and apparatus for route diffusion, which can solve between MCEs or MCEs and When routing routes between PEs consumes a large amount of CPU and memory resources, the device is difficult to support.
为达到上述目的,本发明的实施例采用如下技术方案:In order to achieve the above object, embodiments of the present invention adopt the following technical solutions:
第一方面,本发明的实施例提供一种路由扩散的方法,包括:In a first aspect, an embodiment of the present invention provides a method for route diffusion, including:
设置网络层可达信息NLRI的格式;Set the format of the network layer reachability information NLRI;
根据所述NLRI的格式封装虚拟专用网络VPN路由;Encapsulating a virtual private network VPN route according to the format of the NLRI;
通过边界网关协议BGP发送封装的所述VPN路由。The encapsulated VPN route is sent through the Border Gateway Protocol BGP.
结合第一方面,在第一方面的第一种可能的实现方式中,所述根据所述NLRI的格式封装虚拟专用网络VPN路由包括:With reference to the first aspect, in a first possible implementation manner of the first aspect, the encapsulating the virtual private network VPN route according to the format of the NLRI includes:
将所述VPN路由中的附随地址族标识SAFI设为预设值。The accompanying address family identifier SAFI in the VPN route is set to a preset value.
结合第一方面,在第一方面的第二种可能的实现方式中,在所述根据所述NLRI的格式封装虚拟专用网络VPN路由之前,所述方法还包括:With reference to the first aspect, in a second possible implementation manner of the first aspect, before the encapsulating the virtual private network VPN route according to the format of the NLRI, the method further includes:
进行VPN配置;Perform VPN configuration;
进行BGP配置。Perform BGP configuration.
结合第一方面的第二种可能的实现方式,在第一方面的第三种可能的实现方式中,所述进行VPN配置包括:In conjunction with the second possible implementation of the first aspect, in a third possible implementation manner of the first aspect, the performing the VPN configuration includes:
配置VPN实例,所述VPN实例与所述VPN一一对应;Configuring a VPN instance, where the VPN instance has a one-to-one correspondence with the VPN;
为所述VPN实例配置路由标识RD和路由目标RT;Configuring a route identifier RD and a route target RT for the VPN instance;
配置所述VPN的地址族为IPv4。Configure the address family of the VPN as IPv4.
结合第一方面的第二种可能的实现方式,在第一方面的第四种可能的实现方式中,所述进行BGP配置包括:With reference to the second possible implementation of the first aspect, in the fourth possible implementation manner of the foregoing aspect, the performing the BGP configuration includes:
指定需要通过所述BGP发送路由的VPN。Specifies the VPN that needs to send routes through the BGP.
第二方面,本发明的实施例提供一种路由扩散的装置,包括:In a second aspect, an embodiment of the present invention provides a device for route spreading, including:
设置单元,用于设置网络层可达信息NLRI的格式;a setting unit, configured to set a format of network layer reachability information NLRI;
封装单元,用于根据所述NLRI的格式封装虚拟专用网络VPN路由;An encapsulating unit, configured to encapsulate a virtual private network VPN route according to the format of the NLRI;
发送单元,用于通过边界网关协议BGP发送封装的所述VPN路由。And a sending unit, configured to send the encapsulated VPN route by using a border gateway protocol BGP.
结合第二方面,在第二方面的第一种可能的实现方式中,所述封装单元包括:With reference to the second aspect, in a first possible implementation manner of the second aspect, the encapsulating unit includes:
设置子单元,用于将所述VPN路由中的附随地址族标识SAFI设为预设值。And a setting subunit, configured to set an accompanying address family identifier SAFI in the VPN route to a preset value.
结合第二方面,在第二方面的第二种可能的实现方式中,所述装置还包括:In conjunction with the second aspect, in a second possible implementation of the second aspect, the device further includes:
配置单元,用于进行VPN配置; Configuration unit for performing VPN configuration;
所述配置单元还用于进行BGP配置。The configuration unit is also used to perform BGP configuration.
结合第二方面的第二种可能的实现方式,在第二方面的第三种可能的实现方式中,所述配置单元包括:With reference to the second possible implementation of the second aspect, in a third possible implementation manner of the second aspect, the configuring unit includes:
配置子单元,用于配置VPN实例,所述VPN实例与所述VPN一一对应;a configuration sub-unit, configured to configure a VPN instance, where the VPN instance has a one-to-one correspondence with the VPN;
所述配置子单元还用于为所述VPN实例配置路由标识RD和路由目标RT;The configuration subunit is further configured to configure a routing identifier RD and a routing target RT for the VPN instance;
所述配置子单元还用于配置所述VPN的地址族为IPv4。The configuration subunit is further configured to configure an address family of the VPN to be IPv4.
结合第二方面的第二种可能的实现方式,在第二方面的第四种可能的实现方式中,所述配置单元包括:With reference to the second possible implementation of the second aspect, in a fourth possible implementation manner of the second aspect, the configuring unit includes:
指定子单元,用于指定需要通过所述BGP发送路由的VPN。Specifies a subunit that specifies the VPN that needs to send routes through the BGP.
现有技术中,MCE之间或者MCE和PE之间是通过多个IGP进程或者多个BGP会话来进行多VPN路由的扩散。本发明实施例提供的路由扩散的方法及装置,本发明中在MCE中设置网络层可达信息NLRI的格式;在进行虚拟专用网络VPN路由扩散时,将VPN路由封装为设置的NLRI的格式;通过边界网关协议BGP发送封装的VPN路由。因为采用设置的NLRI格式对VPN路由进行封装,在MCE之间或者MCE和PE之间,通过一个BGP会话可以扩散多个VPN的路由,减少CPU和内存资源的消耗,极大地减轻了MCE和PE的CPU负担。In the prior art, the diffusion of multiple VPN routes is performed between the MCEs or between the MCEs and the PEs through multiple IGP processes or multiple BGP sessions. The method and device for routing the route provided by the embodiment of the present invention. In the present invention, the format of the network layer reachability information NLRI is set in the MCE; when the virtual private network VPN route is spread, the VPN route is encapsulated into the set NLRI format; The encapsulated VPN route is sent through the Border Gateway Protocol BGP. Because the VPN route is encapsulated in the set NLRI format, the routing of multiple VPNs can be spread through a BGP session between the MCEs or the PEs, reducing CPU and memory resource consumption and greatly reducing MCE and PE. CPU load.
附图说明DRAWINGS
为了更清楚地说明本发明实施例中的技术方案,下面将对实施例中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其它的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings to be used in the embodiments will be briefly described below. It is obvious that the drawings in the following description are only some embodiments of the present invention. Those skilled in the art can also obtain other drawings based on these drawings without any creative work.
图1为本发明一实施例提供的方法流程图;FIG. 1 is a flowchart of a method according to an embodiment of the present invention;
图2为本发明又一实施例提供的网络架构图;2 is a network architecture diagram according to another embodiment of the present invention;
图3为本发明又一实施例提供的方法流程图;3 is a flowchart of a method according to another embodiment of the present invention;
图4为本发明又一实施例提供的网络层可达信息格式示意图;FIG. 4 is a schematic diagram of a network layer reachability information format according to another embodiment of the present invention; FIG.
图5为本发明又一实施例提供的封装格式示意图;FIG. 5 is a schematic diagram of a package format according to another embodiment of the present invention; FIG.
图6为本发明又一实施例提供的地址示意图;FIG. 6 is a schematic diagram of an address according to another embodiment of the present invention; FIG.
图7、图8为本发明又一实施例提供的装置结构示意图;7 and FIG. 8 are schematic structural diagrams of a device according to another embodiment of the present invention;
图9为本发明又一实施例提供的装置结构示意图。 FIG. 9 is a schematic structural diagram of a device according to another embodiment of the present invention.
具体实施方式detailed description
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其它实施例,都属于本发明保护的范围。The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is obvious that the described embodiments are only a part of the embodiments of the present invention, but not all embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.
本发明一实施例提供一种路由扩散的方法,用于MCE和PE之间或多个MCE之间的VPN路由扩散,以MCE向PE扩散VPN路由为例,如图1所示,所述方法包括:An embodiment of the present invention provides a route diffusion method, which is used for the VPN route between the MCE and the PE or between the multiple MCEs. The MCE extends the VPN route to the PE as an example. As shown in FIG. 1 , the method includes :
101、MCE设置网络层可达信息NLRI的格式。101. The MCE sets the format of the network layer reachability information NLRI.
其中,NLRI(Network Layer Reachability Information,网络层可达信息)为路由封装采用的格式。The NLRI (Network Layer Reachability Information) is a format used for route encapsulation.
102、MCE根据NLRI的格式封装VPN路由。102. The MCE encapsulates the VPN route according to the format of the NLRI.
其中,在封装VPN路由时,将VPN路由中的附随地址族标识SAFI设为预设值。The encapsulated address family identifier SAFI in the VPN route is set to a preset value when the VPN route is encapsulated.
103、MCE通过边界网关协议BGP发送封装的VPN路由。103. The MCE sends the encapsulated VPN route through the border gateway protocol BGP.
其中,在封装VPN路由之前,MCE还需要进行VPN配置和BGP配置。VPN配置包括配置VPN实例,VPN实例与VPN一一对应;为VPN实例配置RD(Route Distinguisher,路由标识符)和RT(Route Target,路由目标);配置VPN的地址族为IPv4(Internet Protocol version 4,互联网协议版本4)。BGP配置包括指定需要通过BGP发送路由的VPN。The MCE also needs to perform VPN configuration and BGP configuration before encapsulating the VPN route. The configuration of the VPN includes configuring the VPN instance. The VPN instance is in one-to-one correspondence with the VPN. Configure the RD (Route Distinguisher, Route Identifier) and RT (Route Target) for the VPN instance. Configure the address family of the VPN as IPv4 (Internet Protocol version 4). , Internet Protocol version 4). BGP configuration includes specifying a VPN that needs to send routes through BGP.
现有技术中,MCE之间或者MCE和PE之间是通过多个IGP进程或者多个BGP会话来进行多VPN路由的扩散。本发明实施例中在MCE中设置网络层可达信息NLRI的格式;在进行VPN路由扩散时,将VPN路由封装为设置的NLRI的格式;通过边界网关协议BGP发送封装的VPN路由。因为采用设置的NLRI格式对VPN路由进行封装,在MCE之间或者MCE和PE之间,通过一个BGP会话可以扩散多个VPN的路由,减少CPU和内存资源的消耗,极大地减轻了MCE和PE的CPU负担。In the prior art, the diffusion of multiple VPN routes is performed between the MCEs or between the MCEs and the PEs through multiple IGP processes or multiple BGP sessions. In the embodiment of the present invention, the network layer reachability information NLRI format is set in the MCE; when the VPN route is spread, the VPN route is encapsulated into the set NLRI format; and the encapsulated VPN route is sent through the border gateway protocol BGP. Because the VPN route is encapsulated in the set NLRI format, the routing of multiple VPNs can be spread through a BGP session between the MCEs or the PEs, reducing CPU and memory resource consumption and greatly reducing MCE and PE. CPU load.
本发明又一实施例提供一种路由扩散的方法,如图2所示,租户通过广域网访问云数据中心不同VPN的服务器,广域网PE与云数据中心出口路由器相连,网关通过三层网络与出口路由器连接,本发明实施例以出口路由器向网关扩散VPN路由为例,出口路由器和网关都相当于MCE设备。如图3所示,所述方法包括:A further embodiment of the present invention provides a method for route diffusion. As shown in FIG. 2, a tenant accesses a server of a different VPN in a cloud data center through a wide area network, and a wide area network PE is connected to a cloud data center egress router, and the gateway passes through a three-layer network and an egress router. For example, in the embodiment of the present invention, the egress router and the gateway diffuse the VPN route to the gateway, and the egress router and the gateway are equivalent to the MCE device. As shown in FIG. 3, the method includes:
201、出口路由器进行VPN实例配置。201. The egress router performs VPN instance configuration.
其中,VPN实例也称为VRF(VPN Routing and Forwarding table,VPN路由转发表), 与出口路由器上连接的VPN一一对应。出口路由器上存在一个或多个VPN实例,每个VPN实例有自己独立的路由表、转发表和相应的接口。The VPN instance is also called a VPN Routing and Forwarding table (VRF). One-to-one correspondence with the VPN connected to the egress router. One or more VPN instances exist on the egress router. Each VPN instance has its own independent routing table, forwarding table, and corresponding interface.
202、出口路由器为VPN实例配置RD和RT。202. The egress router configures RD and RT for the VPN instance.
其中,RD可以实现VPN的地址空间独立,RD基于VPN实例配置,承载在路由协议报文中,和VPN地址放在一起;RT分为引入路由目标import RT和导出路由目标export RT,用于控制VPN的路由引入。路由器通过BGP扩散VPN路由时,会将export RT属性放在协议报文中,接收到该协议报文的路由器,会将该路由引入到import RT等于export RT的VPN实例中。The RD can implement the address space of the VPN independently. The RD is configured based on the VPN instance and is carried in the routing protocol packet and is placed together with the VPN address. The RT is divided into the import route import import RT and the export route target export RT. The route of the VPN is introduced. When a router floods a VPN route through BGP, the export RT attribute is placed in the protocol packet. The router that receives the protocol packet is imported into the VPN instance whose import RT is equal to the export RT.
203、出口路由器配置VPN的地址族为IPv4。203. The address family of the VPN configured by the egress router is IPv4.
其中,本发明实施例中,VPN地址采用的为IPv4地址,通过BGP协议扩散的为IPv4的路由信息,则在出口路由器上将VPN的地址族配置为IPv4。In the embodiment of the present invention, the VPN address is an IPv4 address, and the IPv4 routing information is diffused through the BGP protocol, and the VPN address family is configured as IPv4 on the egress router.
204、出口路由器进行BGP配置。204. The egress router performs BGP configuration.
需要说明的是,在出口路由器与网关之间通过BGP传输VPN路由,以保证VPN路由的正确扩散,则需要在出口路由器配置BGP。It should be noted that, when the VPN route is transmitted between the egress router and the gateway through BGP to ensure the correct diffusion of the VPN route, BGP needs to be configured on the egress router.
205、出口路由器指定通过本次BGP会话发送路由的VPN。205. The egress router specifies a VPN that sends a route through the BGP session.
206、出口路由器设置NLRI的格式。206. The egress router sets the format of the NLRI.
其中,如图4所示,为本发明实施例中NLRI格式。同时定义一个新的SAFI(Subsequent Address Family Identifier,附随地址族标识),表示VPN路由封装采用的NLRI格式。As shown in FIG. 4, it is an NLRI format in the embodiment of the present invention. A new SAFI (Subsequent Address Family Identifier) is also defined to indicate the NLRI format used for VPN routing encapsulation.
需要说明的是,本发明实施例中,Prefix中包含多个IPv4地址前缀,与现有技术中仅有一个IPV4地址前缀相比,可以提高路由扩散的效率。It should be noted that, in the embodiment of the present invention, the prefix includes multiple IPv4 address prefixes, which can improve the efficiency of route spreading compared with only one IPV4 address prefix in the prior art.
207、出口路由器与网关建立BGP会话。207. The egress router establishes a BGP session with the gateway.
需要说明的是,BGP相邻路由器之间的会话是建立在TCP(Transmission Control Protocol,传输控制协议)协议之上的。TCP协议提供一种可靠的传输机制,支持两种类型的会话:外部BGP和内部BGP。外部BGP是在属于两个不同的自治***的路由器之间的会话,这些路由器是毗邻的,共享相同的介质和子网。内部BGP是在一个自治***内部的路由器之间的会话,它被用来在自治***内部协调和同步寻找路由的进程。It should be noted that the session between the BGP neighboring routers is established on the TCP (Transmission Control Protocol) protocol. The TCP protocol provides a reliable transport mechanism that supports two types of sessions: external BGP and internal BGP. External BGP is a session between routers belonging to two different autonomous systems that are contiguous and share the same medium and subnet. Internal BGP is a session between routers within an autonomous system that is used to coordinate and synchronize the process of finding routes within the autonomous system.
其中,本发明实施例中出口路由器和网关处于相同的自治***,出口路由器和网关之间建立内部BGP的会话。BGP会话建立后,出口路由器和网关就可以相互扩散路由信息。本发明实施例以出口路由器和网关扩散路由为例。In the embodiment of the present invention, the egress router and the gateway are in the same autonomous system, and an internal BGP session is established between the egress router and the gateway. After the BGP session is established, the egress router and the gateway can mutually distribute the routing information. The embodiment of the present invention takes an egress router and a gateway diffusion route as an example.
208、出口路由器封装要扩散的VPN路由。 208. The egress router encapsulates the VPN route to be spread.
其中,BGP扩散路由时,通过在BGP报文封装中MP_REACH_NLRI(Multiprotocol Reachable NLRI,多协议可达NLRI)选项来实现VPN路由的封装,如图5所示,为MP_REACH_NLRI选项格式。MP_REACH_NLRI选项中AFI(Address Family Identifier,地址族标识)表示地址族采用IPv4地址还是IPv6,分别用1或0标识;SAFI表示了NLRI中各项数据的涵义,例如,如果SAFI为128时,表示NLRI中第一行数据为长度、第二行数据为标签,如果SAFI为127时,表示NLRI中第一行数据为长度、第二行数据为地址前缀Prefix;NANH(Network Address of Next Hop,下一跳地址)和NLRI中的Prefix构成VPN的地址,如图6所示,为地址的格式。The VPN routing encapsulation is implemented by the MP_REACH_NLRI (Multiprotocol Reachable NLRI) option in the BGP packet encapsulation. As shown in Figure 5, the MP_REACH_NLRI option format is used. The AFI (Address Family Identifier) in the MP_REACH_NLRI option indicates whether the address family uses IPv4 address or IPv6, and is identified by 1 or 0 respectively. SAFI indicates the meaning of each data in NLRI. For example, if SAFI is 128, it indicates NLRI. The first row of data is the length, and the second row of data is the label. If the SAFI is 127, it means that the first row of data in NLRI is the length, the second row of data is the address prefix Prefix; NANH (Network Address of Next Hop, next The hop address) and the Prefix in the NLRI form the address of the VPN, as shown in Figure 6, which is the format of the address.
本发明实施例中,VPN采用IPv4地址,则AFI的值为1;采用不带标签的NLRI,则SAFI为127。In the embodiment of the present invention, if the VPN adopts an IPv4 address, the AFI value is 1; and when the NLRI is not labeled, the SAFI is 127.
需要说明的是,当SAFI的为127时,表示NLRI中第一行数据为长度、第二行数据为地址前缀Prefix,是为了方便本实施例进行说明而定义的,如果要实际应用,需向标准组织申请。It should be noted that when the SAFI is 127, it indicates that the first row of data in the NLRI is the length, and the second row of data is the address prefix Prefix, which is defined for convenience in the description of the embodiment. Standard organization application.
209、出口路由器发送封装的VPN路由。209. The egress router sends the encapsulated VPN route.
其中,出口路由器将要发送的VPN路由封装在BGP内,将其发送到网关。The VPN router encapsulates the VPN route to be sent in BGP and sends it to the gateway.
进一步的,网关经过VPN和BGP配置,在接收到出口路由器发送的VPN路由时,对其进行学习。网关对VPN路由学习后,得出VPN路由中的VPN的地址,并将其添加到相应的VRF中,然后将接收到的路由扩散到其他设备。当网关接收到要转发的报文时,根据报文的目的地址与VRF进行高位匹配,如果报文的目的地址和接收到出口路由器发送的VPN路由中的VPN的地址前缀相同,表示此报文可以通过出口路由器转发到相应的目的地址,则网关将报文转发给出口路由器。Further, the gateway is configured through VPN and BGP, and learns when receiving the VPN route sent by the egress router. After learning the VPN route, the gateway obtains the address of the VPN in the VPN route, adds it to the corresponding VRF, and then spreads the received route to other devices. When the gateway receives the packet to be forwarded, it matches the VRF with the destination address of the packet. If the destination address of the packet is the same as the VPN prefix in the VPN route sent by the egress router, the packet indicates the packet. The egress router can forward the packet to the egress router.
需要说明的是,出口路由器和网关需要进行相互的路由扩散,本发明实施例中,以出口路由器向网关进行路由扩散为例,如果网关向出口路由器进行路由扩散,需要网关执行步骤201至步骤209的操作过程。It should be noted that the egress router and the gateway need to perform mutual route divergence. In the embodiment of the present invention, the egress router performs route diversion to the gateway. If the gateway performs route diversion to the egress router, the gateway needs to perform steps 201 to 209. Operation process.
需要说明的是,本发明不仅用于出口路由器和网关之间路由扩散,还可以用于其他MCE与PE、MCE之间的路由扩散,例如,公有云数据中心网关与广域网PE相连,网关与PE之间VPN路由的扩散。It should be noted that the present invention is not only used for route diffusion between an egress router and a gateway, but also for route diffusion between other MCEs and PEs and MCEs. For example, a public cloud data center gateway is connected to a wide area network PE, a gateway and a PE. The spread of VPN routes between.
现有技术中,出口路由器向网关进行路由扩散时,通过多个IGP进程或者多个BGP会话来进行多VPN路由的扩散。本发明实施例中在出口路由器进行VPN和BGP配置,并设置网络层可达信息NLRI的格式;在进行VPN路由扩散时,将VPN路由封装为设置的 NLRI的格式;通过边界网关协议BGP发送封装的VPN路由。因为采用设置的NLRI格式对VPN路由进行封装,在出口路由器和网关之间,通过一个BGP会话可以扩散多个VPN的路由,减少CPU和内存资源的消耗,极大地减轻了MCE和PE的CPU负担。In the prior art, when the egress router routes the gateway to the gateway, the multi-VPN route is spread through multiple IGP processes or multiple BGP sessions. In the embodiment of the present invention, the VPN and BGP are configured on the egress router, and the network layer reachability information NLRI format is set; when the VPN route is spread, the VPN route is encapsulated into the set. NLRI format; sends encapsulated VPN routes through Border Gateway Protocol BGP. Because the VPN route is encapsulated in the set NLRI format, a VPN session can be spread between the egress router and the gateway through a BGP session, reducing CPU and memory resource consumption, greatly reducing the CPU load of the MCE and the PE. .
本发明又一实施例提供一种路由扩散的装置30,如图7所示,所述装置30包括:A further embodiment of the present invention provides a device 30 for route diffusion. As shown in FIG. 7, the device 30 includes:
设置单元31,用于设置网络层可达信息NLRI的格式;The setting unit 31 is configured to set a format of the network layer reachability information NLRI;
封装单元32,用于根据所述NLRI的格式封装虚拟专用网络VPN路由;The encapsulating unit 32 is configured to encapsulate the virtual private network VPN route according to the format of the NLRI;
发送单元33,用于通过边界网关协议BGP发送封装的所述VPN路由。The sending unit 33 is configured to send the encapsulated VPN route by using a border gateway protocol BGP.
进一步的,如图8所示,所述封装单元32包括:Further, as shown in FIG. 8, the package unit 32 includes:
设置子单元321,用于将所述VPN路由中的附随地址族标识SAFI设为预设值。The setting subunit 321 is configured to set the accompanying address family identifier SAFI in the VPN route to a preset value.
进一步的,如图8所示,所述装置30还包括:Further, as shown in FIG. 8, the device 30 further includes:
配置单元34,用于进行VPN配置;The configuration unit 34 is configured to perform VPN configuration.
所述配置单元34还用于进行BGP配置。The configuration unit 34 is also used to perform BGP configuration.
进一步的,如图8所示,所述配置单元34包括:Further, as shown in FIG. 8, the configuration unit 34 includes:
配置子单元341,用于配置VPN实例,所述VPN实例与所述VPN一一对应;a configuration sub-unit 341, configured to configure a VPN instance, where the VPN instance has a one-to-one correspondence with the VPN;
所述配置子单元341还用于为所述VPN实例配置路由标识RD和路由目标RT;The configuration subunit 341 is further configured to configure a routing identifier RD and a routing target RT for the VPN instance;
所述配置子单元341还用于配置所述VPN的地址族为IPv4。The configuration sub-unit 341 is further configured to configure an address family of the VPN to be IPv4.
进一步的,如图8所示,所述配置单元34包括:Further, as shown in FIG. 8, the configuration unit 34 includes:
指定子单元342,用于指定需要通过所述BGP发送路由的VPN。The specifying sub-unit 342 is configured to specify a VPN that needs to send a route through the BGP.
现有技术中,MCE之间或者MCE和PE之间是通过多个IGP进程或者多个BGP会话来进行多VPN路由的扩散。本发明实施例中在装置30中设置网络层可达信息NLRI的格式;在进行VPN路由扩散时,将VPN路由封装为设置的NLRI的格式;通过边界网关协议BGP发送封装的VPN路由。因为采用设置的NLRI格式对VPN路由进行封装,在MCE之间或者MCE和PE之间,通过一个BGP会话可以扩散多个VPN的路由,减少CPU和内存资源的消耗,极大地减轻了MCE和PE的CPU负担。In the prior art, the diffusion of multiple VPN routes is performed between the MCEs or between the MCEs and the PEs through multiple IGP processes or multiple BGP sessions. In the embodiment of the present invention, the network layer reachability information NLRI format is set in the device 30. When the VPN route is spread, the VPN route is encapsulated into the set NLRI format; and the encapsulated VPN route is sent through the border gateway protocol BGP. Because the VPN route is encapsulated in the set NLRI format, the routing of multiple VPNs can be spread through a BGP session between the MCEs or the PEs, reducing CPU and memory resource consumption and greatly reducing MCE and PE. CPU load.
本发明又一实施例提供一种路由扩散的装置40,如图9所示,所述装置40包括:A further embodiment of the present invention provides a device 40 for route diffusion. As shown in FIG. 9, the device 40 includes:
处理器41,用于设置网络层可达信息NLRI的格式;以及,用于根据所述NLRI的格式封装虚拟专用网络VPN路由;The processor 41 is configured to set a format of the network layer reachability information NLRI; and, configured to encapsulate the virtual private network VPN route according to the format of the NLRI;
发送器42,用于通过边界网关协议BGP发送封装的所述VPN路由。The transmitter 42 is configured to send the encapsulated VPN route by using a border gateway protocol BGP.
进一步的,所述处理器41还用于将所述VPN路由中的附随地址族标识SAFI设为预设 值。Further, the processor 41 is further configured to set an accompanying address family identifier SAFI in the VPN route as a preset. value.
进一步的,所述处理器41还用于进行VPN配置;以及,用于进行BGP配置。Further, the processor 41 is further configured to perform VPN configuration; and is configured to perform BGP configuration.
进一步的,所述处理器41还用于配置VPN实例,所述VPN实例与所述VPN一一对应;以及,用于为所述VPN实例配置路由标识RD和路由目标RT;以及,用于配置所述VPN的地址族为IPv4。Further, the processor 41 is further configured to configure a VPN instance, where the VPN instance has a one-to-one correspondence with the VPN; and, configured to configure a routing identifier RD and a routing target RT for the VPN instance; and configured to configure The address family of the VPN is IPv4.
进一步的,所述处理器41还用于指定需要通过所述BGP发送路由的VPN。Further, the processor 41 is further configured to specify a VPN that needs to send a route through the BGP.
现有技术中,MCE之间或者MCE和PE之间是通过多个IGP进程或者多个BGP会话来进行多VPN路由的扩散。本发明实施例中在装置40中设置网络层可达信息NLRI的格式;在进行VPN路由扩散时,将VPN路由封装为设置的NLRI的格式;通过边界网关协议BGP发送封装的VPN路由。因为采用设置的NLRI格式对VPN路由进行封装,在MCE之间或者MCE和PE之间,通过一个BGP会话可以扩散多个VPN的路由,减少CPU和内存资源的消耗,极大地减轻了MCE和PE的CPU负担。In the prior art, the diffusion of multiple VPN routes is performed between the MCEs or between the MCEs and the PEs through multiple IGP processes or multiple BGP sessions. In the embodiment of the present invention, the network layer reachability information NLRI format is set in the device 40. When the VPN route is spread, the VPN route is encapsulated into the set NLRI format; and the encapsulated VPN route is sent through the border gateway protocol BGP. Because the VPN route is encapsulated in the set NLRI format, the routing of multiple VPNs can be spread through a BGP session between the MCEs or the PEs, reducing CPU and memory resource consumption and greatly reducing MCE and PE. CPU load.
本发明实施例提供的路由扩散的装置可以实现上述提供的方法实施例,具体功能实现请参见方法实施例中的说明,在此不再赘述。本发明实施例提供的路由扩散的方法及装置可以适用于MCE和PE之间或MCE之间的路由扩散,但不仅限于此。The device for the route-distribution provided by the embodiment of the present invention may implement the foregoing method embodiment. For the specific function implementation, refer to the description in the method embodiment, and details are not described herein again. The method and apparatus for route spreading provided by the embodiments of the present invention may be applicable to route diffusion between an MCE and a PE or between MCEs, but is not limited thereto.
本说明书中的各个实施例均采用递进的方式描述,各个实施例之间相同相似的部分互相参见即可,每个实施例重点说明的都是与其他实施例的不同之处。尤其,对于设备实施例而言,由于其基本相似于方法实施例,所以描述得比较简单,相关之处参见方法实施例的部分说明即可。The various embodiments in the specification are described in a progressive manner, and the same or similar parts between the various embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the device embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and the relevant parts can be referred to the description of the method embodiment.
本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,是可以通过计算机程序来指令相关的硬件来完成,所述的程序可存储于一计算机可读取存储介质中,该程序在执行时,可包括如上述各方法的实施例的流程。其中,所述的存储介质可为磁碟、光盘、只读存储记忆体(Read-Only Memory,ROM)或随机存储记忆体(Random Access Memory,RAM)等。One of ordinary skill in the art can understand that all or part of the process of implementing the foregoing embodiments can be completed by a computer program to instruct related hardware, and the program can be stored in a computer readable storage medium. When executed, the flow of an embodiment of the methods as described above may be included. The storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM), or a random access memory (RAM).
以上所述,仅为本发明的具体实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的技术范围内,可轻易想到的变化或替换,都应涵盖在本发明的保护范围之内。因此,本发明的保护范围应该以权利要求的保护范围为准。 The above is only a specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily think of changes or substitutions within the technical scope of the present invention. All should be covered by the scope of the present invention. Therefore, the scope of protection of the present invention should be determined by the scope of the claims.

Claims (10)

  1. 一种路由扩散的方法,其特征在于,包括:A method for route diffusion, comprising:
    设置网络层可达信息NLRI的格式;Set the format of the network layer reachability information NLRI;
    根据所述NLRI的格式封装虚拟专用网络VPN路由;Encapsulating a virtual private network VPN route according to the format of the NLRI;
    通过边界网关协议BGP发送封装的所述VPN路由。The encapsulated VPN route is sent through the Border Gateway Protocol BGP.
  2. 根据权利要求1所述的方法,其特征在于,所述根据所述NLRI的格式封装虚拟专用网络VPN路由包括:The method according to claim 1, wherein the encapsulating the virtual private network VPN route according to the format of the NLRI comprises:
    将所述VPN路由中的附随地址族标识SAFI设为预设值。The accompanying address family identifier SAFI in the VPN route is set to a preset value.
  3. 根据权利要求1所述的方法,其特征在于,在所述根据所述NLRI的格式封装虚拟专用网络VPN路由之前,所述方法还包括:The method according to claim 1, wherein before the encapsulating the virtual private network VPN route according to the format of the NLRI, the method further includes:
    进行VPN配置;Perform VPN configuration;
    进行BGP配置。Perform BGP configuration.
  4. 根据权利要求3所述的方法,其特征在于,所述进行VPN配置包括:The method of claim 3, wherein the performing the VPN configuration comprises:
    配置VPN实例,所述VPN实例与所述VPN一一对应;Configuring a VPN instance, where the VPN instance has a one-to-one correspondence with the VPN;
    为所述VPN实例配置路由标识RD和路由目标RT;Configuring a route identifier RD and a route target RT for the VPN instance;
    配置所述VPN的地址族为IPv4。Configure the address family of the VPN as IPv4.
  5. 根据权利要求3所述的方法,其特征在于,所述进行BGP配置包括:The method according to claim 3, wherein the performing the BGP configuration comprises:
    指定需要通过所述BGP发送路由的VPN。Specifies the VPN that needs to send routes through the BGP.
  6. 一种路由扩散的装置,其特征在于,包括:A device for route spreading, comprising:
    设置单元,用于设置网络层可达信息NLRI的格式;a setting unit, configured to set a format of network layer reachability information NLRI;
    封装单元,用于根据所述NLRI的格式封装虚拟专用网络VPN路由;An encapsulating unit, configured to encapsulate a virtual private network VPN route according to the format of the NLRI;
    发送单元,用于通过边界网关协议BGP发送封装的所述VPN路由。And a sending unit, configured to send the encapsulated VPN route by using a border gateway protocol BGP.
  7. 根据权利要求6所述的装置,其特征在于,所述封装单元包括:The device according to claim 6, wherein the package unit comprises:
    设置子单元,用于将所述VPN路由中的附随地址族标识SAFI设为预设值。And a setting subunit, configured to set an accompanying address family identifier SAFI in the VPN route to a preset value.
  8. 根据权利要求6所述的装置,其特征在于,所述装置还包括:The device according to claim 6, wherein the device further comprises:
    配置单元,用于进行VPN配置;Configuration unit for performing VPN configuration;
    所述配置单元还用于进行BGP配置。The configuration unit is also used to perform BGP configuration.
  9. 根据权利要求8所述的装置,其特征在于,所述配置单元包括:The device according to claim 8, wherein the configuration unit comprises:
    配置子单元,用于配置VPN实例,所述VPN实例与VPN一一对应;The configuration sub-unit is configured to configure a VPN instance, where the VPN instance has a one-to-one correspondence with the VPN;
    所述配置子单元还用于为所述VPN实例配置路由标识RD和路由目标RT; 所述配置子单元还用于配置所述VPN的地址族为IPv4。The configuration subunit is further configured to configure a routing identifier RD and a routing target RT for the VPN instance; The configuration subunit is further configured to configure an address family of the VPN to be IPv4.
  10. 根据权利要求8所述的装置,其特征在于,所述配置单元包括:指定子单元,用于指定需要通过所述BGP发送路由的VPN。 The apparatus according to claim 8, wherein the configuration unit comprises: a specifying subunit, configured to specify a VPN that needs to send a route through the BGP.
PCT/CN2014/086336 2013-12-18 2014-09-12 Routing diffusion method and device WO2015090087A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201310697935.5A CN104734929B (en) 2013-12-18 2013-12-18 The method and device of routing diffusion
CN201310697935.5 2013-12-18

Publications (1)

Publication Number Publication Date
WO2015090087A1 true WO2015090087A1 (en) 2015-06-25

Family

ID=53402071

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/086336 WO2015090087A1 (en) 2013-12-18 2014-09-12 Routing diffusion method and device

Country Status (2)

Country Link
CN (1) CN104734929B (en)
WO (1) WO2015090087A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106572021B (en) * 2015-10-09 2021-07-06 中兴通讯股份有限公司 Method for realizing network virtualization superposition and network virtualization edge node
CN106411735B (en) * 2016-10-18 2019-10-11 新华三技术有限公司 A kind of method for configuring route and device
CN113660161A (en) 2018-08-30 2021-11-16 华为技术有限公司 Communication method and communication device
CN114650248B (en) * 2020-12-02 2023-07-18 中国电信股份有限公司 Processing method and system of routing information and autonomous system boundary router

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101299707A (en) * 2007-09-20 2008-11-05 上海寰创通信科技有限公司 Method for diffusing route
CN101340372A (en) * 2008-08-21 2009-01-07 ***通信集团公司 Number automatic routing method, updating method, eliminating method, router and equipment
CN102724118A (en) * 2012-06-06 2012-10-10 华为技术有限公司 Label distribution method and device
WO2013168054A1 (en) * 2012-05-10 2013-11-14 Telefonaktiebolaget L M Ericsson (Publ) 802.1aq support over ietf evpn

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100450065C (en) * 2005-09-09 2009-01-07 华为技术有限公司 Method for providing communication between virtual special network stations
CN101617305B (en) * 2007-01-17 2013-05-01 北方电讯网络有限公司 Border gateway protocol procedures for MPLS and layer-2 VPN using ethernet-based tunnels

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101299707A (en) * 2007-09-20 2008-11-05 上海寰创通信科技有限公司 Method for diffusing route
CN101340372A (en) * 2008-08-21 2009-01-07 ***通信集团公司 Number automatic routing method, updating method, eliminating method, router and equipment
WO2013168054A1 (en) * 2012-05-10 2013-11-14 Telefonaktiebolaget L M Ericsson (Publ) 802.1aq support over ietf evpn
CN102724118A (en) * 2012-06-06 2012-10-10 华为技术有限公司 Label distribution method and device

Also Published As

Publication number Publication date
CN104734929A (en) 2015-06-24
CN104734929B (en) 2019-03-01

Similar Documents

Publication Publication Date Title
US10116559B2 (en) Operations, administration and management (OAM) in overlay data center environments
EP2856706B1 (en) Routing vlan tagged packets to far end addresses of virtual forwarding instances using separate administrations
US9130859B1 (en) Methods and apparatus for inter-virtual local area network multicast services
US20200344089A1 (en) Enabling access to dedicated resources in a virtual network using top of rack switches
CN106878253B (en) MAC (L2) layer authentication, security and policy control
WO2015117385A1 (en) Network virtualization processing method, device and system
US11265104B2 (en) Mechanism for inline packet response generation in software defined networks
WO2014194711A1 (en) Packet processing method, device label processing method, and device
EP3151477B1 (en) Fast path content delivery over metro access networks
WO2019184653A1 (en) Link configuration method and controller
WO2017157206A1 (en) Method of interconnecting cloud data centers, and device
WO2022021818A1 (en) Method and device for processing data message, storage medium, and electronic device
WO2014180199A1 (en) Network establishment method and control device
WO2015090087A1 (en) Routing diffusion method and device
US11165746B2 (en) Multicast traffic in virtual private networks
WO2018077304A1 (en) Service information processing method, apparatus and system
WO2013120418A1 (en) Policy-based customized routing method and device
WO2017036384A1 (en) Provider edge device and data forwarding method
US20220247598A1 (en) Packet Detection Method, Connectivity Negotiation Relationship Establishment Method, and Related Device
CN108471374A (en) The retransmission method and device of data message
US11876881B2 (en) Mechanism to enable third party services and applications discovery in distributed edge computing environment
US11669256B2 (en) Storage resource controller in a 5G network system
WO2018158615A1 (en) Method and apparatus for enabling the creation of a point-to-multipoint label switched path multicast distribution tree for a given ip multicast stream
WO2022053007A1 (en) Network reachability verification method and apparatus, and computer storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14871502

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14871502

Country of ref document: EP

Kind code of ref document: A1