WO2021238746A1

WO2021238746A1 - Network system and packet transmission method therein, and related apparatus

Info

Publication number: WO2021238746A1
Application number: PCT/CN2021/094675
Authority: WO
Inventors: 谢莹; 林艺宏
Original assignee: 华为技术有限公司
Priority date: 2020-05-25
Filing date: 2021-05-19
Publication date: 2021-12-02
Also published as: CN113726915A

Abstract

The present application relates to the technical field of communications, and provides a network system and a packet transmission method therein, and a related apparatus. The network system comprises a first forwarding device, a second forwarding device, and a transparent value-added service device. The first forwarding device and the second forwarding device belong to a same layer 3 virtual private network. The first forwarding device is communicatingly connected to the transparent value-added service device by means of a first interface, and the second forwarding device is communicatingly connected to the transparent value-added service device by means of a second interface. A first address resolution protocol table entry is stored on the first forwarding device, a protocol address in the first address resolution protocol table entry is a free address of a network segment where the first interface is located, and a physical address in the first address resolution protocol table entry is the physical address of the second interface. In this way, the transparent value-added service device can process a data packet exchanged between a user side and a server, so as to provide a corresponding value-added service for the user side.

Description

网络***及其中的报文传输方法和相关装置Network system and its message transmission method and related device

“本申请要求于2020年5月25日提交国家知识产权局、申请号为202010451015.5、发明名称为“网络***及其中的报文传输方法和相关装置”的中国专利申请的优先权，其全部内容通过引用结合在本申请中”。"This application claims the priority of a Chinese patent application filed with the State Intellectual Property Office on May 25, 2020, the application number is 202010451015.5, and the invention title is "Network System and Its Message Transmission Method and Related Devices", and its entire contents Incorporated in this application by reference".

技术领域Technical field

本申请涉及通信技术领域，尤其涉及网络***及其中的报文传输方法和相关装置。This application relates to the field of communication technology, and in particular to a network system and its message transmission method and related devices.

背景技术Background technique

三层网络可以使得不同网段的设备通信。一个三层网络包括至少一个三层转发设备。在为用户端提供增值服务(value-added service，VAS)，例如，病毒过滤、页面适配、视频优化等服务时，该三层网络还包括VAS设备。VAS设备处理用户端与服务器之间交互的数据报文，以为用户端提供相应的增值服务。The three-layer network allows devices on different network segments to communicate. A three-layer network includes at least one three-layer forwarding device. When providing value-added services (VAS) for the user end, for example, virus filtering, page adaptation, video optimization and other services, the three-layer network also includes VAS devices. The VAS device processes the data messages interacted between the client and the server to provide corresponding value-added services for the client.

目前，一些VAS设备工作在透明模式(即对其他设备不可见)。工作在透明模式的VAS设备根据转发数据报文的方式分为：一层透明VAS设备和二层透明VAS设备。一层透明VAS设备和二层透明VAS设备都没有接口互联网协议(Internet Protocol，IP)地址和设备业务IP地址。另外，一层透明VAS设备不学习媒体访问控制(media access control，MAC)地址，也不会根据MAC地址转发数据报文。二层透明VAS设备会学习MAC地址，并根据MAC地址对数据报文进行二层转发。即，一层透明VAS设备和二层透明VAS设备要么不学习MAC地址，要么只能进行二层转发，因此，如何在三层网络中应用透明VAS设备进行三层转发成了目前亟需解决的问题。Currently, some VAS devices work in transparent mode (that is, they are not visible to other devices). VAS devices working in transparent mode are classified into one-layer transparent VAS devices and two-layer transparent VAS devices according to the way of forwarding data packets. Neither the first-layer transparent VAS device nor the second-layer transparent VAS device has an interface Internet Protocol (IP) address and device service IP address. In addition, the transparent VAS device on the first layer does not learn media access control (MAC) addresses, and does not forward data packets based on MAC addresses. The Layer 2 transparent VAS device will learn the MAC address and forward the data message at Layer 2 based on the MAC address. That is, one-layer transparent VAS devices and two-layer transparent VAS devices either do not learn MAC addresses or can only perform layer two forwarding. Therefore, how to apply transparent VAS devices to perform layer three forwarding in a three-layer network has become an urgent need to solve at present problem.

发明内容Summary of the invention

本申请提供了一种网络***及其中的报文传输方法和相关装置，可以在三层网络中应用透明VAS设备进行三层转发。This application provides a network system and its message transmission method and related devices, which can apply transparent VAS equipment to perform three-layer forwarding in a three-layer network.

第一方面，本申请提供一种网络***，该网络***包括：第一转发设备、第二转发设备和透明VAS设备，该第一转发设备和该第二转发设备属于同一个三层虚拟专用网；该第一转发设备通过第一接口与该透明VAS设备通信连接；该第二转发设备通过第二接口与该透明VAS设备通信连接；该第一转发设备上存储有第一地址解析协议(address resolution protocol，ARP)表项，该第一ARP表项中的协议地址为该第一接口所在网段的空闲地址，该第一ARP表项中的物理地址为该第二接口的物理地址。In the first aspect, the present application provides a network system including: a first forwarding device, a second forwarding device, and a transparent VAS device, the first forwarding device and the second forwarding device belong to the same three-layer virtual private network The first forwarding device communicates with the transparent VAS device through a first interface; the second forwarding device communicates with the transparent VAS device through a second interface; the first forwarding device stores a first address resolution protocol (address resolution protocol, ARP) entry, the protocol address in the first ARP entry is an idle address of the network segment where the first interface is located, and the physical address in the first ARP entry is the physical address of the second interface.

上述第一方面提供的网络***中，当需要经过透明VAS设备的数据报文到达第一转发设备时，第一转发设备可以根据第一ARP表项将该数据报文通过第一接口发送给透明VAS设备，使得透明VAS设备处理用户端与服务器之间交互的数据报文，为用户端提供相应的增值服务。可见，本申请不需要透明VAS设备配置IP地址或MAC地址即可将数据发送给透明VAS设备，引流方式灵活。In the network system provided by the above first aspect, when a data message that needs to pass through the transparent VAS device reaches the first forwarding device, the first forwarding device can send the data message to the transparent VAS through the first interface according to the first ARP entry. The VAS device enables the transparent VAS device to process the data messages interacted between the client and the server, and provide corresponding value-added services for the client. It can be seen that this application does not need to configure an IP address or MAC address for the transparent VAS device to send data to the transparent VAS device, and the drainage method is flexible.

可选地，该第一转发设备上还存储有第一策略路由(policy-based routing，PBR)，该第一策略路由的下一跳为该第一ARP表项中的协议地址。基于上述网络***，当数据报文在该网络***中通过集成的路由和桥接(integrated routing and bridge，IRB)对称(symmetric)模式转发时，还可以在第一转发设备上配置第一策略路由，第一策略路由的下一跳为第一ARP表项中的协议地址。如此，当需要经过透明VAS设备的数据到达第一转发设备时，第一转发设备可以根据第一策略路由获取第一ARP表项，根据第一ARP表项将数据通过第一接口发送给透明VAS设备，使得透明VAS设备处理用户端与服务器之间交互的数据报文，为用户端提供相应的增值服务。Optionally, a first policy-based routing (PBR) is also stored on the first forwarding device, and the next hop of the first policy-based routing is the protocol address in the first ARP entry. Based on the above network system, when data packets are forwarded in the symmetric mode of integrated routing and bridge (integrated routing and bridge, IRB) in the network system, the first policy routing can also be configured on the first forwarding device, The next hop of the first policy routing is the protocol address in the first ARP entry. In this way, when the data that needs to pass through the transparent VAS device reaches the first forwarding device, the first forwarding device can obtain the first ARP entry according to the first policy routing, and send the data to the transparent VAS through the first interface according to the first ARP entry. The device enables the transparent VAS device to process the data messages interacted between the client and the server, and provide corresponding value-added services for the client.

可选地，该第二转发设备上存储有第二ARP表项，该第二ARP表项中的协议地址为该第二接口所在网段的空闲地址，该第二ARP表项中的物理地址为该第一接口的物理地址。基于上述网络***，当服务器有发送给用户端的数据时，第二转发设备可以根据第二ARP表项将该数据通过第二接口发送给透明VAS设备，使得透明VAS设备处理用户端与服务器之间交互的数据报文。Optionally, a second ARP entry is stored on the second forwarding device, the protocol address in the second ARP entry is an idle address of the network segment where the second interface is located, and the physical address in the second ARP entry Is the physical address of the first interface. Based on the above network system, when the server has data to send to the client, the second forwarding device can send the data to the transparent VAS device through the second interface according to the second ARP entry, so that the transparent VAS device handles the communication between the client and the server Interactive data message.

可选地，该第二转发设备上还存储有第二策略路由，该第二策略路由的下一跳为该第二ARP表项中的协议地址。基于上述网络***，当服务器有发送给用户端的数据，并且该数据在该网络***中通过IRB对称模式转发时，还可以在第二转发设备上配置第二策略路由，第二策略路由的下一跳为第二ARP表项中的协议地址。如此，当需要经过透明VAS设备的数据到达第二转发设备时，第二转发设备可以根据第二策略路由获取第二ARP表项，根据第二ARP表项将数据通过第二接口发送给透明VAS设备，使得透明VAS设备处理用户端与服务器之间交互的数据报文。Optionally, a second policy route is also stored on the second forwarding device, and the next hop of the second policy route is the protocol address in the second ARP entry. Based on the above-mentioned network system, when the server has data sent to the user and the data is forwarded in the network system through the IRB symmetric mode, the second policy routing can also be configured on the second forwarding device. Jump to the protocol address in the second ARP entry. In this way, when the data that needs to pass through the transparent VAS device reaches the second forwarding device, the second forwarding device can obtain the second ARP entry according to the second policy routing, and send the data to the transparent VAS through the second interface according to the second ARP entry. The device enables the transparent VAS device to process the data packets interacted between the client and the server.

可选地，该网络***还包括控制器，该控制器用于生成该第一ARP表项，以及，向该第一转发设备发送该第一ARP表项。通过本实施方式可以实现自动化的业务编排。Optionally, the network system further includes a controller configured to generate the first ARP entry and send the first ARP entry to the first forwarding device. Through this embodiment, automated business orchestration can be realized.

第二方面，本申请提供一种报文传输方法，该方法包括：第一转发设备获取包括第一数据的第一数据报文；该第一转发设备通过第一接口与透明增值服务VAS设备的一个接口通信连接，该透明VAS设备的另一个接口与第二转发设备的第二接口通信连接；该第一转发设备和该第二转发设备属于同一个三层虚拟专用网；该第一转发设备获取该第一数据报文对应的第一ARP表项；该第一ARP表项中的协议地址为该第一接口所在网段的空闲地址，该第一ARP表项中的物理地址为该第二接口的物理地址；该第一转发设备通过该第一接口向该透明VAS设备发送该第一数据；该第二接口的物理地址对应该第一接口。In a second aspect, the present application provides a message transmission method. The method includes: a first forwarding device obtains a first data message including first data; the first forwarding device communicates with a transparent value-added service VAS device through a first interface. One interface communication connection, and the other interface of the transparent VAS device is in communication connection with the second interface of the second forwarding device; the first forwarding device and the second forwarding device belong to the same three-layer virtual private network; the first forwarding device Obtain the first ARP entry corresponding to the first data packet; the protocol address in the first ARP entry is the idle address of the network segment where the first interface is located, and the physical address in the first ARP entry is the first ARP entry The physical address of the second interface; the first forwarding device sends the first data to the transparent VAS device through the first interface; the physical address of the second interface corresponds to the first interface.

上述第二方面提供的方法，第一转发设备可以获取第一数据报文，根据第一数据报文获取第一数据报文对应的第一ARP表项，并通过第一接口向透明VAS设备发送第一数据。如此，通过在第一转发设备上配置包括协议地址和物理地址的第一ARP表项，使得透明VAS设备处理用户端与服务器之间交互的数据报文，为用户端提供相应的增值服务。其中，对于配置了策略路由和第一ARP表项的设备，可以根据本申请提供的方法传输报文，对于不需要经过透明VAS设备的数据报文，还是按照查找路由表或者查找MAC地址表的方法转发。另外，本申请提供的报文传输方法不消耗额外的虚拟路由转发(virtual routing forwarding，VRF)和转发信息库(forwarding information base，FIB)资源，编排简单。In the method provided by the above second aspect, the first forwarding device can obtain the first data packet, obtain the first ARP entry corresponding to the first data packet according to the first data packet, and send it to the transparent VAS device through the first interface The first data. In this way, by configuring the first ARP entry including the protocol address and the physical address on the first forwarding device, the transparent VAS device can process the data packets interacted between the user end and the server, and provide corresponding value-added services for the user end. Among them, for devices configured with policy routing and the first ARP entry, packets can be transmitted according to the method provided in this application. For data packets that do not need to pass through a transparent VAS device, it is still based on looking up the routing table or looking up the MAC address table. Method forwarding. In addition, the message transmission method provided in the present application does not consume additional virtual routing forwarding (VRF) and forwarding information base (FIB) resources, and the layout is simple.

可选地，该第一数据报文包括第一源协议地址，该第一转发设备获取该第一数据报文对应的第一地址解析协议ARP表项包括：该第一转发设备获取该第一源协议地址对应的第一策略路由，该第一策略路由的下一跳为该第一ARP表项中的该协议地址；该第一转发设备根据该第一策略路由获取该第一ARP表项。基于上述方法，当第一数据在网络中通过IRB对称模式转发时，第一转发设备可以根据第一数据报文中的第一源协议地址获取第一策略路由，根据第一策略路由获取第一ARP表项，从而可以使得透明VAS设备处理用户端与服务器之间交互的数据报文，为用户端提供相应的增值服务。Optionally, the first data message includes a first source protocol address, and acquiring, by the first forwarding device, the first address resolution protocol ARP table entry corresponding to the first data message includes: the first forwarding device acquiring the first source protocol address The first policy route corresponding to the source protocol address, the next hop of the first policy route is the protocol address in the first ARP entry; the first forwarding device obtains the first ARP entry according to the first policy route . Based on the above method, when the first data is forwarded in the IRB symmetric mode in the network, the first forwarding device can obtain the first policy route according to the first source protocol address in the first data message, and obtain the first policy route according to the first policy route. The ARP table entry enables the transparent VAS device to process the data messages interacted between the client and the server, and provide corresponding value-added services for the client.

可选地，该第一数据报文包括第一目的物理地址，该第一转发设备获取该第一数据报文对应的第一地址解析协议ARP表项包括：该第一转发设备根据该第一目的物理地址查找ARP表，得到该第一ARP表项。基于上述方法，当第一数据在网络中通过IRB非对称模式转发时，第一转发设备可以根据第一数据报文中的第一目的物理地址查找ARP表，得到第一ARP表项，从而可以使得透明VAS设备处理用户端与服务器之间交互的数据报文，为用户端提供相应的增值服务。Optionally, the first data packet includes a first destination physical address, and the first forwarding device acquiring the first address resolution protocol ARP entry corresponding to the first data packet includes: the first forwarding device according to the first The destination physical address searches the ARP table to obtain the first ARP table entry. Based on the above method, when the first data is forwarded in the IRB asymmetric mode in the network, the first forwarding device can look up the ARP table according to the first destination physical address in the first data packet to obtain the first ARP entry, so that This enables the transparent VAS device to process the data messages interacted between the client and the server, and provide corresponding value-added services for the client.

可选地，该第一转发设备通过该第一接口向该透明VAS设备发送该第一数据之前，该方法还包括：该第一转发设备根据该第一ARP表项中的该第二接口的物理地址查找物理映射表，确定需要通过该第一接口发送该第一数据；或，该第一转发设备根据该第一ARP表项中的出接口确定需要通过该第一接口发送该第一数据。基于上述方法，第一转发设备可以通过查找物理映射表确定要发送第一数据的接口为第一接口，或者第一转发设备可以根据第一ARP表项中的出接口确定要发送第一数据的接口为第一接口。Optionally, before the first forwarding device sends the first data to the transparent VAS device through the first interface, the method further includes: the first forwarding device according to the second interface in the first ARP entry The physical address looks up the physical mapping table and determines that the first data needs to be sent through the first interface; or, the first forwarding device determines that the first data needs to be sent through the first interface according to the outgoing interface in the first ARP entry . Based on the above method, the first forwarding device can determine that the interface to send the first data is the first interface by looking up the physical mapping table, or the first forwarding device can determine the interface to send the first data according to the outgoing interface in the first ARP entry. The interface is the first interface.

可选地，该第一转发设备与该第二转发设备相同或不同，该第一接口与该第二接口不同。基于上述方法，透明VAS设备可以连接在同一个转发设备的同一个VRF的不同接口上，也可以连接在两个属于同一个三层虚拟专用网的不同的转发设备上，连接方式灵活。Optionally, the first forwarding device and the second forwarding device are the same or different, and the first interface is different from the second interface. Based on the above method, the transparent VAS device can be connected to different interfaces of the same VRF of the same forwarding device, or can be connected to two different forwarding devices belonging to the same three-layer virtual private network, with flexible connection methods.

第三方面，本申请提供一种通信装置，可以实现上述第二方面、或第二方面任一种可能的实施方式中的方法。该装置包括用于执行上述方法的相应的单元或部件。该装置包括的单元可以通过软件和/或硬件方式实现。该装置例如可以为网络设备(例如交换机、路由器等)、或者为可支持网络设备实现上述方法的芯片、芯片***、或处理器等。In a third aspect, this application provides a communication device that can implement the foregoing second aspect or any one of the possible implementation methods of the second aspect. The device includes corresponding units or components for performing the above-mentioned methods. The units included in the device can be implemented in software and/or hardware. The device may be, for example, a network device (for example, a switch, a router, etc.), or a chip, a chip system, or a processor that can support the network device to implement the foregoing method.

第四方面，本申请提供一种通信装置，包括：处理器，所述处理器与存储器耦合，所述存储器用于存储程序或指令，当所述程序或指令被所述处理器执行时，使得该装置实现上述第二方面、或第二方面任一种可能的实施方式中所述的方法。In a fourth aspect, the present application provides a communication device, including: a processor, the processor is coupled with a memory, the memory is used to store a program or instruction, when the program or instruction is executed by the processor, The device implements the foregoing second aspect or the method described in any possible implementation manner of the second aspect.

第五方面，本申请提供一种计算机可读介质，其上存储有计算机程序或指令，所述计算机程序或指令被执行时使得计算机执行上述第二方面、或第二方面任一种可能的实施方式中所述的方法。In a fifth aspect, the present application provides a computer-readable medium on which a computer program or instruction is stored. When the computer program or instruction is executed, the computer executes the above-mentioned second aspect or any possible implementation of the second aspect The method described in the method.

第六方面，本申请提供一种计算机程序产品，其包括计算机程序代码，所述计算机程序代码在计算机上运行时，使得计算机执行上述第二方面、或第二方面任一种可能的实施方式中所述的方法。In a sixth aspect, the present application provides a computer program product, which includes computer program code, when the computer program code runs on a computer, the computer executes the above-mentioned second aspect or any one of the possible implementation manners of the second aspect The method described.

第七方面，本申请提供一种芯片，该芯片能够实现上述第二方面、或第二方面任一种可能的实施方式中所述的方法。In a seventh aspect, the present application provides a chip that can implement the above-mentioned second aspect or the method described in any possible implementation manner of the second aspect.

上述提供的任一种通信装置、芯片、计算机可读介质、计算机程序产品或通信***等均用于执行上文所提供的对应的方法，因此，其所能达到的有益效果可参考对应的方法中的有益效果，此处不再赘述。Any communication device, chip, computer readable medium, computer program product, or communication system provided above are all used to execute the corresponding method provided above. Therefore, the beneficial effects that can be achieved can refer to the corresponding method The beneficial effects in the process will not be repeated here.

附图说明Description of the drawings

图1为本申请实施例提供的网络***架构示意图；Figure 1 is a schematic diagram of a network system architecture provided by an embodiment of the application;

图2为本申请实施例提供的通信装置的硬件结构示意图；2 is a schematic diagram of the hardware structure of a communication device provided by an embodiment of the application;

图3为本申请实施例提供的报文传输方法的流程示意图一；FIG. 3 is a first schematic flowchart of a message transmission method provided by an embodiment of this application;

图4为本申请实施例提供的报文传输方法的流程示意图二；FIG. 4 is a second schematic flowchart of a message transmission method provided by an embodiment of this application;

图5a为本申请实施例采用IRB对称模式转发数据报文的过程示意图；FIG. 5a is a schematic diagram of a process of forwarding data packets in an IRB symmetric mode according to an embodiment of the application;

图5b为本申请实施例采用IRB非对称模式转发数据报文的过程示意图；FIG. 5b is a schematic diagram of a process of forwarding data packets in an IRB asymmetric mode according to an embodiment of the application;

图6为本申请实施例提供的报文传输方法的流程示意图三；FIG. 6 is a third schematic flowchart of a message transmission method provided by an embodiment of this application;

图7为本申请实施例提供的通信装置的结构示意图；FIG. 7 is a schematic structural diagram of a communication device provided by an embodiment of this application;

图8为本申请实施例提供的芯片的结构示意图。FIG. 8 is a schematic diagram of the structure of a chip provided by an embodiment of the application.

具体实施方式Detailed ways

下面结合附图对本申请实施例的实施方式进行详细描述。The implementation manners of the embodiments of the present application will be described in detail below in conjunction with the accompanying drawings.

本申请实施例提供的报文传输方法可以用于任一三层网络。例如，传统的三层虚拟专用网络(virtual private network，VPN)，或以太虚拟专用网(ethernet virtual private network，EVPN)等。其中，EVPN中报文的处理方式与传统的三层VPN不同。在EVPN中，当报文到达虚拟可扩展局域网(virtual extensible local area network，VXLAN)的隧道端点(VXLAN tunnel end point，VTEP)后，会被封装上VXLAN包头，得到新的报文。VTEP为网络中可以封装和解封装VXLAN报文的设备。新的报文相比于封装前的报文，多了VTEP的信息。VTEP的信息会指示该新的报文要发送到的目标VTEP。后续，新的报文会被发送到目标VTEP，目标VTEP接收到该新的报文后，会将VXLAN包头解封装，并获取封装前的报文。The message transmission method provided in the embodiment of the present application can be used in any three-layer network. For example, the traditional three-layer virtual private network (virtual private network, VPN), or the ethernet virtual private network (ethernet virtual private network, EVPN), etc. Among them, the message processing method in EVPN is different from the traditional three-layer VPN. In EVPN, when a message reaches a tunnel endpoint (VXLAN tunnel end point, VTEP) of a virtual extensible local area network (VXLAN), it will be encapsulated with a VXLAN header to obtain a new message. VTEP is a device that can encapsulate and decapsulate VXLAN packets in the network. The new message has more VTEP information than the message before encapsulation. The VTEP information will indicate the target VTEP to which the new message will be sent. Subsequently, the new message will be sent to the target VTEP. After the target VTEP receives the new message, it will decapsulate the VXLAN header and obtain the message before encapsulation.

下面仅以图1所示网络***10为例，对本申请实施例进行描述。In the following, only the network system 10 shown in FIG. 1 is taken as an example to describe the embodiments of the present application.

如图1所示，为本申请实施例提供的网络***10的架构示意图。图1中，网络***10包括转发设备101-转发设备106，透明VAS设备107，用户端108以及服务器109。其中，转发设备105和转发设备106可以称为脊(spine)转发设备。转发设备101-转发设备104可以成为叶(leaf)转发设备。转发设备105与转发设备101-转发设备104通信连接，转发设备106与转发设备101-转发设备104通信连接。转发设备101与用户端108通信连接，转发设备104与服务器109通信连接。透明VAS设备107分别与转发设备102和转发设备103通信连接。As shown in FIG. 1, it is a schematic diagram of the architecture of a network system 10 provided by an embodiment of this application. In FIG. 1, the network system 10 includes a forwarding device 101-a forwarding device 106, a transparent VAS device 107, a client 108, and a server 109. Among them, the forwarding device 105 and the forwarding device 106 may be referred to as spine forwarding devices. Forwarding device 101-forwarding device 104 may become a leaf forwarding device. The forwarding device 105 is communicatively connected with the forwarding device 101-the forwarding device 104, and the forwarding device 106 is communicatively connected with the forwarding device 101-the forwarding device 104. The forwarding device 101 is in communication connection with the client 108, and the forwarding device 104 is in communication connection with the server 109. The transparent VAS device 107 is in communication connection with the forwarding device 102 and the forwarding device 103, respectively.

上述转发设备101-转发设备106能够将多台设备连接到计算机网络中。图1中的任一转发设备为交换机或路由器。图1中的不同转发设备所在网段不同。图1中的任一转发设备可以有多个物理端口。一个物理端口可以对应一个或多个逻辑接口；或者，物理端口也可以没有逻辑接口。The aforementioned forwarding device 101-forwarding device 106 can connect multiple devices to a computer network. Any forwarding device in Figure 1 is a switch or router. Different forwarding devices in Figure 1 are located in different network segments. Any forwarding device in Figure 1 can have multiple physical ports. A physical port may correspond to one or more logical interfaces; or, a physical port may not have logical interfaces.

进一步的，若一个物理端口对应一个或多个逻辑接口，每个逻辑接口对应一个协议地址。同一个物理端口的不同逻辑接口对应的协议地址可以相同也可以不同。若物理端口没有逻辑接口，该物理端口对应一个协议地址。若物理端口对应有一个或多个逻辑接口，每个逻辑接口对应一个物理地址。同一个物理端口的不同逻辑接口对应的物理地址可以相同也可以不同。若物理端口没有逻辑接口，该物理端口对应一个物理地址。Further, if one physical port corresponds to one or more logical interfaces, each logical interface corresponds to a protocol address. The protocol addresses corresponding to different logical interfaces of the same physical port can be the same or different. If the physical port does not have a logical interface, the physical port corresponds to a protocol address. If the physical port corresponds to one or more logical interfaces, each logical interface corresponds to a physical address. The physical addresses corresponding to different logical interfaces of the same physical port may be the same or different. If the physical port does not have a logical interface, the physical port corresponds to a physical address.

本申请实施例中的协议地址可以是IP地址或其他形式的协议地址，不予限制。本申请实施例中的物理地址可以是MAC地址或其他形式的物理地址，不予限制。The protocol address in the embodiment of the present application may be an IP address or another form of protocol address, which is not limited. The physical address in the embodiment of the present application may be a MAC address or other forms of physical address, and is not limited.

上述透明VAS设备107工作在透明模式，即对网络***10中的转发设备不可见。透明VAS设备107可以为用户端108提供相应的增值服务。透明VAS设备107可以为一层透明VAS设备或二层透明VAS设备。The above-mentioned transparent VAS device 107 works in a transparent mode, that is, it is invisible to the forwarding device in the network system 10. The transparent VAS device 107 can provide corresponding value-added services for the user end 108. The transparent VAS device 107 may be a one-layer transparent VAS device or a two-layer transparent VAS device.

上述用户端108可以是计算机，或具有无线收发功能的设备。用户端108也可以称为终端设备、终端、用户设备、移动站或移动台等。用户端108可以是个人电脑、服务器、手机(mobile phone)、平板电脑(pad)、车载设备、可穿戴设备等等。The above-mentioned user terminal 108 may be a computer or a device with a wireless transceiver function. The user terminal 108 may also be referred to as a terminal device, a terminal, a user device, a mobile station or a mobile station, and so on. The user terminal 108 may be a personal computer, a server, a mobile phone, a tablet computer (pad), a vehicle-mounted device, a wearable device, and so on.

上述服务器109可以是一种能够为用户端108提供计算，或应用等服务的设备。The above-mentioned server 109 may be a device capable of providing computing or application services for the client 108.

可选的，图1所示的网络***还包括软件定义网络(software defined networking，SDN)控制器(图1中未示出)。SDN控制器可以与图1中的每个转发设备通信连接。例如，SDN控制器分别与转发设备101-转发设备106通信连接。SDN控制器可以为图1中的任一转发设备配置数据报文转发策略，或用于转发数据报文的配置等。例如，SDN控制器可以为转发设备101配置策略路由，为转发设备102配置ARP表项。Optionally, the network system shown in FIG. 1 further includes a software defined network (software defined networking, SDN) controller (not shown in FIG. 1). The SDN controller can communicate with each forwarding device in FIG. 1. For example, the SDN controller is in communication connection with the forwarding device 101-the forwarding device 106 respectively. The SDN controller can configure a data packet forwarding strategy for any forwarding device in FIG. 1, or a configuration for forwarding data packets. For example, the SDN controller may configure policy routing for the forwarding device 101 and configure ARP entries for the forwarding device 102.

透明VAS设备107没有IP地址和设备业务IP地址，并且该透明VAS设备107要么不学习MAC地址，要么只能进行二层转发。因此，透明VAS设备107接入三层网络后，若用户端108需要增值服务，如何使得用户端108发送的数据报文经过透明VAS设备107到达服务器109成了亟需解决的问题。The transparent VAS device 107 has no IP address and device service IP address, and the transparent VAS device 107 either does not learn the MAC address, or can only perform Layer 2 forwarding. Therefore, after the transparent VAS device 107 is connected to the three-layer network, if the user end 108 needs value-added services, how to make the data packet sent by the user end 108 reach the server 109 through the transparent VAS device 107 has become an urgent problem to be solved.

为了解决上述技术问题，可以在转发设备102与透明VAS设备107连接的接口上配置ARP表项，在转发设备101上配置策略路由。ARP表项包括协议地址，以及与该协议地址对应的物理地址。协议地址为转发设备102与透明VAS设备107连接的接口所在网段的空闲地址，该物理地址为转发设备103与透明VAS设备107连接的接口的物理地址。策略路由的下一跳为ARP表项中的协议地址。如此，转发设备101接收到来自用户端108的数据后，可以根据策略路由将数据发送给转发设备102，转发设备102接收到该数据后，可以根据ARP表项通过与透明VAS设备107连接的接口，将数据发送给透明VAS设备107。具体的，可以参考下述图3或图4所示方法中所述。In order to solve the above technical problems, ARP entries can be configured on the interface connecting the forwarding device 102 and the transparent VAS device 107, and the policy routing can be configured on the forwarding device 101. The ARP table entry includes the protocol address and the physical address corresponding to the protocol address. The protocol address is an idle address of the network segment where the interface connecting the forwarding device 102 and the transparent VAS device 107 is located, and the physical address is the physical address of the interface connecting the forwarding device 103 and the transparent VAS device 107. The next hop of policy routing is the protocol address in the ARP table entry. In this way, after the forwarding device 101 receives the data from the client 108, it can send the data to the forwarding device 102 according to the policy routing. After the forwarding device 102 receives the data, it can pass the interface connected to the transparent VAS device 107 according to the ARP table entry. , And send the data to the transparent VAS device 107. Specifically, reference may be made to the method shown in FIG. 3 or FIG. 4 below.

图3或图4所示方法仅是本申请实施例提供的报文传输方法的示例，本申请实施例提供的报文传输方法使用的思路(通过在转发设备上配置策略路由和ARP表项，将策略路由的下一跳配置为ARP表项中的协议地址，来重定向数据报文)还可以应用在其他需要根据需求分发数据流的场景，不予限制。The method shown in FIG. 3 or FIG. 4 is only an example of the message transmission method provided by the embodiment of this application. The idea of using the message transmission method provided by the embodiment of this application (by configuring policy routing and ARP entries on the forwarding device, The next hop of the policy routing is configured as the protocol address in the ARP table entry to redirect data packets) It can also be applied to other scenarios where data flow needs to be distributed according to demand, without limitation.

本申请实施例提供的报文传输方法还适用于多协议标签交换(multi-protocol label switching，MPLS)EVPN，或者分段路由(segment routing，SR)6的SDN中的透明VAS设备的业务链编排。具体的，可以参考本申请实施例提供的网络***中透明VAS 设备的业务编排。The message transmission method provided in the embodiments of this application is also suitable for multi-protocol label switching (MPLS) EVPN, or segment routing (segment routing, SR) 6 SDN service chain orchestration of transparent VAS equipment . Specifically, you can refer to the service scheduling of the transparent VAS device in the network system provided in the embodiment of the present application.

本申请实施例中涉及的转发设备的某一接口的物理地址还可以替换为该转发设备的网关(gateway，GW)的物理地址。本申请实施例中涉及的转发设备的某一接口的协议地址还可以替换为该转发设备的网关的协议地址。The physical address of a certain interface of the forwarding device involved in the embodiment of the present application can also be replaced with the physical address of the gateway (gateway, GW) of the forwarding device. The protocol address of a certain interface of the forwarding device involved in the embodiment of the present application can also be replaced with the protocol address of the gateway of the forwarding device.

应注意，图1所示的网络***10仅用于举例，并非用于限制本申请的技术方案。本领域的技术人员应当明白，在具体实现过程中，网络***10还可以包括其他设备，同时也可根据具体需要来确定转发设备、用户端、透明VAS设备以及服务器的数量。图1中的各网元还可以通过其他接口进行连接。It should be noted that the network system 10 shown in FIG. 1 is only used as an example, and is not used to limit the technical solution of the present application. Those skilled in the art should understand that in a specific implementation process, the network system 10 may also include other devices, and the number of forwarding devices, user terminals, transparent VAS devices, and servers may also be determined according to specific needs. The network elements in Figure 1 can also be connected through other interfaces.

可选的，本申请实施例图1中的各网元，例如，转发设备101-转发设备106，可以是一个设备内的一个功能模块。可以理解的是，上述功能既可以是硬件设备中的网络元件，例如交换机中的转发芯片，也可以是在专用硬件上运行的软件功能，或者是平台(例如，云平台)上实例化的虚拟化功能。Optionally, each network element in FIG. 1 in the embodiment of the present application, for example, forwarding device 101-forwarding device 106, may be a functional module in one device. It is understandable that the above function can be either a network element in a hardware device, such as a forwarding chip in a switch, or a software function running on dedicated hardware, or a virtual instantiation on a platform (for example, a cloud platform).化 function.

例如，图1中的各网元均可以通过图2中的通信装置200来实现。图2所示为可适用于本申请实施例的通信装置的硬件结构示意图。该通信装置200包括至少一个处理器201，通信线路202，存储器203，至少一个通信接口204以及转发芯片205。For example, each network element in FIG. 1 may be implemented by the communication device 200 in FIG. 2. Fig. 2 shows a schematic diagram of the hardware structure of a communication device applicable to the embodiments of the present application. The communication device 200 includes at least one processor 201, a communication line 202, a memory 203, at least one communication interface 204, and a forwarding chip 205.

处理器201可以是一个通用中央处理器(central processing unit，CPU)，微处理器，特定应用集成电路(application-specific integrated circuit，ASIC)，或一个或多个用于控制本申请方案程序执行的集成电路。The processor 201 can be a general-purpose central processing unit (central processing unit, CPU), a microprocessor, an application-specific integrated circuit (ASIC), or one or more programs for controlling the execution of the program of this application. integrated circuit.

通信线路202可包括一通路，在上述组件之间传送信息，例如总线。The communication line 202 may include a path for transferring information between the above-mentioned components, such as a bus.

通信接口204，使用任何收发器一类的装置，用于与其他设备或通信网络通信，如以太网接口，无线接入网接口(radio access network，RAN)，无线局域网接口(wireless local area networks，WLAN)等。The communication interface 204 uses any device such as a transceiver to communicate with other devices or communication networks, such as an Ethernet interface, a radio access network (RAN), and a wireless local area network (wireless local area networks, WLAN) etc.

转发芯片205可以被处理器201控制进行初始化、业务表项下发、协议报文收发或各类中断处理等。例如，转发芯片205可以是以太网交换(LAN switch，LSW)芯片或网络处理器(network processor，NP)芯片等。可选的，转发芯片205有外置的存储器(图2中未示出)，该存储器可以用于存放的报文。The forwarding chip 205 can be controlled by the processor 201 to perform initialization, service entry issuance, protocol message transmission and reception, or various interrupt processing. For example, the forwarding chip 205 may be an Ethernet switch (LAN switch, LSW) chip, a network processor (NP) chip, or the like. Optionally, the forwarding chip 205 has an external memory (not shown in FIG. 2), and the memory can be used for stored messages.

存储器203可以是只读存储器(read-only memory，ROM)或可存储静态信息和指令的其他类型的静态存储设备，随机存取存储器(random access memory，RAM)或者可存储信息和指令的其他类型的动态存储设备，也可以是电可擦可编程只读存储器(electrically erasable programmable read-only memory，EEPROM)、只读光盘(compact disc read-only memory，CD-ROM)或其他光盘存储、光碟存储(包括压缩光碟、激光碟、光碟、数字通用光碟、蓝光光碟等)、磁盘存储介质或者其他磁存储设备、或者能够用于携带或存储具有指令或数据结构形式的期望的程序代码并能够由计算机存取的任何其他介质，但不限于此。存储器可以是独立存在，通过通信线路202与处理器相连接。存储器也可以和处理器集成在一起。本申请实施例提供的存储器通常可以具有非易失性。其中，存储器203用于存储执行本申请方案所涉及的计算机可执行指令，并由处理器201来控制执行。处理器201用于执行存储器203中存储的计算机可执行指令，从而实现本申请实施例提供的方法。The memory 203 may be a read-only memory (ROM) or other types of static storage devices that can store static information and instructions, random access memory (RAM), or other types that can store information and instructions The dynamic storage device can also be electrically erasable programmable read-only memory (EEPROM), compact disc read-only memory (CD-ROM) or other optical disk storage, optical disc storage (Including compact discs, laser discs, optical discs, digital versatile discs, Blu-ray discs, etc.), magnetic disk storage media or other magnetic storage devices, or can be used to carry or store desired program codes in the form of instructions or data structures and can be used by a computer Any other media accessed, but not limited to this. The memory can exist independently and is connected to the processor through the communication line 202. The memory can also be integrated with the processor. The memory provided by the embodiments of the present application may generally be non-volatile. The memory 203 is used to store and execute computer executable instructions involved in the solution of the present application, and the processor 201 controls the execution. The processor 201 is configured to execute computer-executable instructions stored in the memory 203, so as to implement the method provided in the embodiment of the present application.

可选的，本申请实施例中的计算机可执行指令也可以称之为应用程序代码，本申请实施例对此不作具体限定。Optionally, the computer-executable instructions in the embodiments of the present application may also be referred to as application program codes, which are not specifically limited in the embodiments of the present application.

在一种实施方式中，处理器201可以包括一个或多个CPU，例如图2中的CPU0和CPU1。In an embodiment, the processor 201 may include one or more CPUs, such as CPU0 and CPU1 in FIG. 2.

在另一种实施方式中，通信装置200可以包括多个处理器，例如图2中的处理器201和处理器206。这些处理器中的每一个可以是一个单核(single-CPU)处理器，也可以是一个多核(multi-CPU)处理器。这里的处理器可以指一个或多个设备、电路、和/或用于处理数据的处理核。In another embodiment, the communication device 200 may include multiple processors, such as the processor 201 and the processor 206 in FIG. 2. Each of these processors can be a single-CPU (single-CPU) processor or a multi-core (multi-CPU) processor. The processor here may refer to one or more devices, circuits, and/or processing cores for processing data.

上述的通信装置200可以是一个通用设备或者是一个专用设备。例如，通信装置200可以是交换机、路由器或有图2中类似结构的设备。本申请实施例不限定通信装置200的类型。The aforementioned communication device 200 may be a general-purpose device or a special-purpose device. For example, the communication device 200 may be a switch, a router, or a device having a similar structure in FIG. 2. The embodiment of the present application does not limit the type of the communication device 200.

下面以EVPN为例，对本申请实施例提供的报文传输方法进行具体阐述。传统的三层VPN中的报文传输方法的具体过程，可以参考下述EVPN中报文传输方法的描述。The following takes EVPN as an example to specifically describe the message transmission method provided in the embodiment of the present application. For the specific process of the message transmission method in the traditional three-layer VPN, please refer to the description of the message transmission method in the EVPN below.

本申请下述实施例中各个网元之间的消息名字或消息中各参数的名字等只是一个示例，具体实现中也可以是其他的名字，本申请实施例对此不作具体限定。The name of the message between each network element or the name of each parameter in the message in the following embodiments of the present application is just an example, and other names may also be used in specific implementation, which is not specifically limited in the embodiments of the present application.

在本申请的描述中，“第一”、或“第二”等词汇，仅用于区分描述的目的，而不能理解为指示或暗示相对重要性，也不能理解为指示或暗示顺序。本申请中的“第一转发设备”等具有不同编号的转发设备，该编号仅为用于上下文行文方便，不同的次序编号本身不具有特定技术含义，比如，第一转发设备，第二转发设备等，可以理解为是一系列转发设备中的一个或者任一个。可理解，在具体实施时，不同编号的转发设备也可以是同一个或者同一种类型的转发设备，本申请对此不作限定。In the description of this application, words such as “first” or “second” are only used for the purpose of distinguishing description, and cannot be understood as indicating or implying relative importance, nor as indicating or implying order. In this application, the "first forwarding device" and other forwarding devices with different numbers are used only for the convenience of context, and the different sequence numbers themselves do not have specific technical meanings, for example, the first forwarding device, the second forwarding device It can be understood as one or any one of a series of forwarding devices. It can be understood that, in specific implementation, forwarding devices with different numbers may also be the same or the same type of forwarding device, which is not limited in this application.

本申请实施例中同一个步骤，或者具有相同功能的步骤或者消息在不同实施例之间可以互相参考借鉴。The same step, or steps or messages with the same function in the embodiments of the present application can be used for reference between different embodiments.

本申请实施例中，第一转发设备和/或第二转发设备可以执行本申请实施例中的部分或全部步骤，这些步骤仅是示例，本申请实施例还可以执行其它步骤或者各种步骤的变形。此外，各个步骤可以按照本申请实施例呈现的不同的顺序来执行，并且有可能并非要执行本申请实施例中的全部步骤。In the embodiments of the present application, the first forwarding device and/or the second forwarding device may perform some or all of the steps in the embodiments of the present application. These steps are only examples, and the embodiments of the present application may also perform other steps or various steps. Deformed. In addition, each step may be executed in a different order presented in the embodiment of the present application, and it may not be necessary to perform all the steps in the embodiment of the present application.

如图3所示，为本申请实施例提供的一种报文传输方法，该报文传输方法包括步骤301-步骤303。As shown in FIG. 3, a message transmission method provided by an embodiment of this application, the message transmission method includes step 301 to step 303.

步骤301、第一转发设备获取第一数据报文。Step 301: The first forwarding device obtains the first data packet.

其中，第一转发设备和第二转发设备属于同一个三层虚拟专用网。本申请实施例是以EVPN为例，所以第一转发设备和第二转发设备属于同一个EVPN。Wherein, the first forwarding device and the second forwarding device belong to the same three-layer virtual private network. The embodiment of this application takes EVPN as an example, so the first forwarding device and the second forwarding device belong to the same EVPN.

在一种可能的实现方式中，第一转发设备通过第一接口与透明VAS设备的一个接口通信连接，透明VAS设备的另一个接口与第二转发设备的第二接口通信连接。例如，该第一转发设备为图1中的转发设备102，透明VAS设备为图1中的透明VAS设备107，第二转发设备为图1中的转发设备103。转发设备102通过自己的一个接口与透明VAS设备107的一个接口通信连接，透明VAS设备107的另一个接口与转发设备103的一个接口通信连接。In a possible implementation manner, the first forwarding device is communicatively connected to one interface of the transparent VAS device through the first interface, and the other interface of the transparent VAS device is communicatively connected to the second interface of the second forwarding device. For example, the first forwarding device is the forwarding device 102 in FIG. 1, the transparent VAS device is the transparent VAS device 107 in FIG. 1, and the second forwarding device is the forwarding device 103 in FIG. 1. The forwarding device 102 is communicatively connected with an interface of the transparent VAS device 107 through an interface of its own, and the other interface of the transparent VAS device 107 is communicatively connected with an interface of the forwarding device 103.

第一转发设备和第二转发设备相同或不同，即第一转发设备和第二转发设备可以是同一个设备，也可以是不同的设备。第一接口与第二接口不同。例如，透明VAS设备连接在同一个转发设备的同一个VRF的不同接口，或者连接在两个不同的转发设备上。The first forwarding device and the second forwarding device are the same or different, that is, the first forwarding device and the second forwarding device may be the same device or different devices. The first interface is different from the second interface. For example, a transparent VAS device is connected to different interfaces of the same VRF of the same forwarding device, or connected to two different forwarding devices.

可选的，第一接口为第一转发设备的任一物理端口对应的任一逻辑接口。第二接口为第二转发设备的任一物理端口对应的任一逻辑接口。Optionally, the first interface is any logical interface corresponding to any physical port of the first forwarding device. The second interface is any logical interface corresponding to any physical port of the second forwarding device.

示例性的，以第一转发设备有物理端口1和物理端口2，物理端口1对应逻辑接口1和逻辑接口2，物理端口2对应逻辑接口3和逻辑接口4；第二转发设备有物理端口3和物理端口4，物理端口3对应逻辑接口5，物理端口4对应逻辑接口6和逻辑接口7为例，则第一接口可以为第一转发设备的逻辑接口1、逻辑接口2、逻辑接口3或逻辑接口4，第二接口可以为逻辑接口5、逻辑接口6或逻辑接口7。Exemplarily, the first forwarding device has physical port 1 and physical port 2, physical port 1 corresponds to logical interface 1 and logical interface 2, and physical port 2 corresponds to logical interface 3 and logical interface 4; the second forwarding device has physical port 3. And physical port 4, physical port 3 corresponds to logical interface 5, physical port 4 corresponds to logical interface 6 and logical interface 7 as an example, then the first interface can be logical interface 1, logical interface 2, logical interface 3, or logical interface 3 of the first forwarding device Logical interface 4, the second interface can be logical interface 5, logical interface 6, or logical interface 7.

可选的，第一数据报文包括第一源协议地址、第一目的协议地址、第一源物理地址、第一目的物理地址和第一数据。第一数据为用户端要发送给服务器的数据。该用户端需要增值服务。Optionally, the first data message includes a first source protocol address, a first destination protocol address, a first source physical address, a first destination physical address, and first data. The first data is the data to be sent by the client to the server. The client needs value-added services.

在三层虚拟专用网中，第一转发设备的物理连接方式不同，第一转发设备获取第一数据报文的方式不同。示例性的，在三层虚拟专用网中，第一转发设备有以下两种连接方式：In a three-layer virtual private network, the first forwarding device has a different physical connection mode, and the first forwarding device obtains the first data packet in a different manner. Exemplarily, in a three-layer virtual private network, the first forwarding device has the following two connection modes:

方式1：第一转发设备与用户端通信连接。Manner 1: The first forwarding device communicates with the user terminal.

对于方式1，第一转发设备接收来自用户端的第一数据报文。其中，第一源协议地址为用户端的协议地址。第一目的协议地址为服务器的协议地址。第一源物理地址为用户端的物理地址。第一目的物理地址为第一转发设备的GW的物理地址。For mode 1, the first forwarding device receives the first data message from the user end. Wherein, the first source protocol address is the protocol address of the client. The first destination protocol address is the protocol address of the server. The first source physical address is the physical address of the client. The first destination physical address is the physical address of the GW of the first forwarding device.

若用户端需要增值服务，用户端发送的第一数据需要经过透明VAS设备，也就是说，第一数据需要通过第一接口发送给透明VAS设备。而第一转发设备有至少一个物理端口，任一个物理端口还可以对应至少一个逻辑接口。因此，第一转发设备获取到第一数据报文后，不一定会从第一接口转发第一数据。另外，挂接透明VAS设备的网络的两个接口要属于相同网段，否则透明VAS设备不能正常通信。为了使得透明VAS设备正常通信，并且用户端发送的第一数据经过透明VAS设备，可以在第一转发设备上配置第三策略路由，在第一接口上配置第一ARP表项。If the user side needs value-added services, the first data sent by the user side needs to pass through the transparent VAS device, that is, the first data needs to be sent to the transparent VAS device through the first interface. The first forwarding device has at least one physical port, and any physical port may also correspond to at least one logical interface. Therefore, after the first forwarding device obtains the first data packet, it may not necessarily forward the first data from the first interface. In addition, the two interfaces of the network to which the transparent VAS device is attached must belong to the same network segment, otherwise the transparent VAS device cannot communicate normally. In order to enable the transparent VAS device to communicate normally and the first data sent by the user end to pass through the transparent VAS device, a third policy routing can be configured on the first forwarding device, and the first ARP entry can be configured on the first interface.

其中，第三策略路由包括匹配条件和下一跳的信息。下一跳的信息用于指示第三策略路由的下一跳。第三策略路由的下一跳为第一ARP表项中的协议地址。该匹配条件可以根据用户需要配置。该匹配条件可以用于筛选数据报文。例如，该匹配条件可以用于筛选用户端发送的数据报文，也就是说，该匹配条件可以将源协议地址为用户端的协议地址的数据报文筛选出来。在这种情况下，第一转发设备会将接收到的来自用户端的数据报文中的数据转发给第三策略路由的下一跳。应理解，上述匹配条件仅是示例性的，第三策略路由中的匹配条件还可以是其他形式的，不予限制。Among them, the third policy routing includes matching conditions and next hop information. The next hop information is used to indicate the next hop of the third policy routing. The next hop of the third policy routing is the protocol address in the first ARP entry. The matching condition can be configured according to user needs. This matching condition can be used to filter data packets. For example, the matching condition can be used to filter data packets sent by the user end, that is, the matching condition can filter out data packets whose source protocol address is the protocol address of the user end. In this case, the first forwarding device forwards the data in the received data message from the user end to the next hop of the third policy routing. It should be understood that the foregoing matching conditions are only exemplary, and the matching conditions in the third policy routing may also be in other forms and are not limited.

其中，第一ARP表项包括协议地址和物理地址。该协议地址为第一接口所在网段的空闲地址。例如，该协议地址为第一接口所在网段的空闲IP地址。该物理地址为第二接口的物理地址。例如，该物理地址为第二接口的MAC地址。Among them, the first ARP table entry includes a protocol address and a physical address. The protocol address is an idle address of the network segment where the first interface is located. For example, the protocol address is an idle IP address of the network segment where the first interface is located. The physical address is the physical address of the second interface. For example, the physical address is the MAC address of the second interface.

方式2：第一转发设备通过至少一个其他转发设备与用户端通信连接。Manner 2: The first forwarding device communicates with the user terminal through at least one other forwarding device.

对于方式2，第一转发设备接收来自第三转发设备的第一数据报文。其中，第三转发设备是该至少一个转发设备中，与第一转发设备直接通信连接的转发设备。For mode 2, the first forwarding device receives the first data packet from the third forwarding device. Wherein, the third forwarding device is a forwarding device directly communicatively connected with the first forwarding device among the at least one forwarding device.

三层虚拟专用网中的转发设备(例如，第一转发设备或第二转发设备)可以通过IRB对称模式或IRB非对称(asymmetric)模式转发数据。IRB对称模式是指在转发设备的入口GW和出口GW都做三层转发。IRB非对称模式是指在转发设备的入口GW同时做二层转发和三层转发，而在转发设备的出口GW，做二层转发。The forwarding device (for example, the first forwarding device or the second forwarding device) in the three-layer virtual private network can forward data in an IRB symmetric mode or an IRB asymmetric mode. The IRB symmetric mode means that both the ingress GW and the egress GW of the forwarding device do three-layer forwarding. The IRB asymmetric mode means that the ingress GW of the forwarding device does both Layer 2 forwarding and the third layer forwarding at the same time, and the egress GW of the forwarding device does Layer 2 forwarding.

在方式2中，若三层虚拟专用网中的转发设备通过IRB对称模式转发数据，上述第一源协议地址为用户端的协议地址，第一目的协议地址为服务器的协议地址，第一源物理地址为第四转发设备的物理地址，第一目的物理地址为第二转发设备的物理地址。若EVPN中的转发设备通过IRB非对称模式转发数据，上述第一源协议地址为用户端的协议地址，第一目的协议地址为服务器的协议地址，第一源物理地址为第四转发设备的物理地址，第一目的物理地址为第二接口的物理地址。其中，第四转发设备为与用户端直接通信连接的转发设备。其中，第四转发设备与第三转发设备可以是同一个设备或不同的设备。In method 2, if the forwarding device in the three-layer virtual private network forwards data through the IRB symmetric mode, the above-mentioned first source protocol address is the protocol address of the user end, the first destination protocol address is the protocol address of the server, and the first source physical address Is the physical address of the fourth forwarding device, and the first destination physical address is the physical address of the second forwarding device. If the forwarding device in EVPN forwards data through IRB asymmetric mode, the above-mentioned first source protocol address is the protocol address of the user end, the first destination protocol address is the server protocol address, and the first source physical address is the physical address of the fourth forwarding device , The first destination physical address is the physical address of the second interface. Wherein, the fourth forwarding device is a forwarding device directly connected in communication with the user end. Wherein, the fourth forwarding device and the third forwarding device may be the same device or different devices.

若用户端需要增值服务，用户端发送的第一数据需要经过透明VAS设备，也就是说，用户端发送的第一数据需要到达第一转发设备，并通过第一接口发送给透明VAS设备。而用户端与服务器之间有多条路径，即用户端发送的第一数据可以通过任一条路径到达服务器。该多条路径中，并不是每条路径都存在透明VAS设备。另外，挂接透明VAS设备的网络的两个接口要属于相同网段，否则透明VAS设备不能正常通信。为了使得透明VAS设备正常通信，并且为了使得用户端发送的第一数据到达第一转发设备，并通过第一接口发送给透明VAS设备，可以在第四转发设备上配置第三策略路由，在第一接口上配置第一ARP表项。If the user side needs value-added services, the first data sent by the user side needs to pass through the transparent VAS device, that is, the first data sent by the user side needs to reach the first forwarding device and be sent to the transparent VAS device through the first interface. There are multiple paths between the client and the server, that is, the first data sent by the client can reach the server through any path. Among the multiple paths, not every path has a transparent VAS device. In addition, the two interfaces of the network to which the transparent VAS device is attached must belong to the same network segment, otherwise the transparent VAS device cannot communicate normally. In order to make the transparent VAS device communicate normally, and to make the first data sent by the user reach the first forwarding device and send it to the transparent VAS device through the first interface, the third policy routing can be configured on the fourth forwarding device, and in the first The first ARP entry is configured on an interface.

其中，第三策略路由和第一ARP表项的介绍可以参考上述方式1中所述。如此，第四转发设备接收到来自用户端的数据报文后，可以根据该匹配条件筛选数据报文，为筛选出的数据报文中的数据建立隧道，该隧道的起始端为第四转发设备，该隧道的终端为第一转发设备。后续，第四转发设备可以通过该隧道向第一转发设备发送筛选出的数据报文中的数据。该隧道的起始端和终端都是VTEP。Among them, the introduction of the third policy routing and the first ARP table entry can refer to the above method 1. In this way, after the fourth forwarding device receives the data message from the user end, it can filter the data message according to the matching condition, and establish a tunnel for the data in the filtered data message. The start end of the tunnel is the fourth forwarding device, The terminal of the tunnel is the first forwarding device. Subsequently, the fourth forwarding device may send the data in the filtered data packet to the first forwarding device through the tunnel. Both the start and end of the tunnel are VTEPs.

示例性的，该匹配条件可以用于筛选用户端发送的数据报文，在这种情况下，第四转发设备接收到来自用户端的第一数据时，会为该第一数据建立隧道，该隧道的起始端为第四转发设备，该隧道的终端为第一转发设备。后续，第四转发设备可以通过该隧道向第一转发设备发送第一数据。Exemplarily, the matching condition can be used to filter data packets sent by the user end. In this case, when the fourth forwarding device receives the first data from the user end, it will establish a tunnel for the first data. The start end of is the fourth forwarding device, and the terminal of the tunnel is the first forwarding device. Subsequently, the fourth forwarding device may send the first data to the first forwarding device through the tunnel.

在方式2中，第一数据报文为被封装了VXLAN包头的报文。因此，第一数据报文还包括VTEP的信息。例如，第一数据报文还包括第二源协议地址、第二目的协议地址、第二源物理地址、第二目的物理地址。其中，第二源协议地址为隧道的起始端的协议地址。第二目的协议地址为隧道的终端的协议地址。第二源物理地址为第四转发设备的GW的物理地址。第二目的物理地址为第三转发设备的GW的物理地址。In mode 2, the first data message is a message encapsulated with a VXLAN header. Therefore, the first data message also includes VTEP information. For example, the first data message further includes a second source protocol address, a second destination protocol address, a second source physical address, and a second destination physical address. Wherein, the second source protocol address is the protocol address of the start end of the tunnel. The second destination protocol address is the protocol address of the terminal of the tunnel. The second source physical address is the physical address of the GW of the fourth forwarding device. The second destination physical address is the physical address of the GW of the third forwarding device.

在方式2中，第一转发设备获取到第一数据报文后，解封装该第一数据报文，得到被封装之前的数据报文。被封装之前的数据报文包括第一源协议地址、第一目的协议地址、第一源物理地址、第一目的物理地址和第一数据。In Manner 2, after obtaining the first data message, the first forwarding device decapsulates the first data message to obtain the data message before being encapsulated. The data message before being encapsulated includes a first source protocol address, a first destination protocol address, a first source physical address, a first destination physical address, and first data.

可选的，上述第三策略路由和第一ARP表项是用户手动配置的；或者，上述第三策略路由和第一ARP表项是SDN控制器生成并下发的。SDN控制器的介绍可以参考上述图1中所述。Optionally, the above-mentioned third policy route and the first ARP table entry are manually configured by the user; or, the above-mentioned third policy route and the first ARP table entry are generated and issued by the SDN controller. For the introduction of the SDN controller, please refer to Figure 1 above.

一种可能的实现方式，上述第一ARP表项引入到边界网关协议(Border Gateway Protocol，BGP)EVPN的5类路由并发布到网络中，这样用户端可以获取第一ARP表项对应的路由，从而配置第三策略路由指向第一ARP表项中的协议地址。其中，EVPN的5类路由(type-5route)，又称为IP前缀路由，用于当二层域里的IP子网限制在单个数据中心里，且二层连接没有跨数据中心时，数据中心之间的通信。5类路由通过通告为限制在单个数据中心的VXLAN分配的IP前缀来使能能跨数据中心的连接。In a possible implementation manner, the above-mentioned first ARP entry is imported into the Border Gateway Protocol (Border Gateway Protocol, BGP) EVPN type 5 route and advertised to the network, so that the user end can obtain the route corresponding to the first ARP entry. Thus, the third policy route is configured to point to the protocol address in the first ARP entry. Among them, EVPN's type-5 route (type-5route), also known as IP prefix routing, is used when the IP subnet in the second-level domain is limited to a single data center, and the second-level connection does not cross data centers. Communication between. Type 5 routing enables cross-data center connections by advertising the IP prefixes allocated for VXLAN restricted to a single data center.

步骤302、第一转发设备获取第一数据报文对应的第一ARP表项。Step 302: The first forwarding device obtains the first ARP entry corresponding to the first data packet.

三层虚拟专用网中的转发设备转发第一数据的模式不同，第一转发设备获取第一数据报文对应的第一ARP表项的过程不同。具体的，可以参考如下两种情况：The forwarding device in the three-layer virtual private network forwards the first data in different modes, and the first forwarding device obtains the first ARP entry corresponding to the first data packet in a different process. Specifically, you can refer to the following two situations:

情况1：三层虚拟专用网中的转发设备通过IRB对称模式转发第一数据，第一转发设备上还配置有第一策略路由。第一转发设备获取第一数据报文对应的第一ARP表项，包括：第一转发设备获取第一源协议地址对应的第一策略路由；第一转发设备根据第一策略路由获取第一ARP表项。Case 1: The forwarding device in the three-layer virtual private network forwards the first data through the IRB symmetric mode, and the first policy routing is also configured on the first forwarding device. The first forwarding device acquiring the first ARP entry corresponding to the first data packet includes: the first forwarding device acquires the first policy route corresponding to the first source protocol address; the first forwarding device acquires the first ARP according to the first policy route Table entry.

对于上述方式1，与用户端直接通信连接的转发设备为第一转发设备。第一策略路由与第三策略路由相同。第一转发设备可以根据第一策略路由中的匹配条件获取第一策略路由。例如，若根据该匹配条件筛选出的数据报文为：源协议地址为用户端的协议地址的数据报文，则源协议地址为用户端的协议地址的数据报文对应的是第一策略路由。在这种情况下，第一转发设备获取该第一策略路由。其中，第一策略路由的下一跳为第一ARP表项中的协议地址，后续，第一转发设备可以根据第一策略路由的下一跳获取第一ARP表项。For the above method 1, the forwarding device directly communicating with the user terminal is the first forwarding device. The first policy routing is the same as the third policy routing. The first forwarding device may obtain the first policy route according to the matching condition in the first policy route. For example, if the data message filtered according to the matching condition is a data message whose source protocol address is the protocol address of the client, then the data message whose source protocol address is the protocol address of the client corresponds to the first policy routing. In this case, the first forwarding device obtains the first policy route. Wherein, the next hop of the first policy routing is the protocol address in the first ARP entry, and subsequently, the first forwarding device may obtain the first ARP entry according to the next hop of the first policy routing.

对于上述方式2，与用户端直接通信连接的转发设备为第四转发设备，第四转发设备与第一转发设备不同。第一策略路由与第三策略路由相同或不同。第一策略路由包括匹配条件和下一跳的信息。下一跳的信息用于指示第一策略路由的下一跳。第一策略路由的下一跳为第一ARP表项中的协议地址。该匹配条件可以根据用户需要配置。该匹配条件可以用于筛选数据报文。For the above method 2, the forwarding device directly communicating with the user terminal is the fourth forwarding device, and the fourth forwarding device is different from the first forwarding device. The first policy route is the same or different from the third policy route. The first policy routing includes matching conditions and next hop information. The next hop information is used to indicate the next hop of the first policy routing. The next hop of the first policy routing is the protocol address in the first ARP entry. The matching condition can be configured according to user needs. This matching condition can be used to filter data packets.

第一策略路由与第三策略路由不同时，第一策略路由中的匹配条件与第三策略路由中的匹配条件不同。例如，该匹配条件可以用于筛选特定入接口(如：接收第一数据报文的接口)的数据报文，也就是说，该匹配条件可以将从特定入接口接收的数据报文筛选出来。在这种情况下，第一转发设备会将从特定入接口接收的数据报文中的数据转发给第一策略路由的下一跳。应理解，上述匹配条件仅是示例性的，第一策略路由中的匹配条件还可以是其他形式的，不予限制。When the first policy routing is different from the third policy routing, the matching condition in the first policy routing is different from the matching condition in the third policy routing. For example, the matching condition can be used to filter data packets of a specific inbound interface (for example, the interface that receives the first data packet), that is, the matching condition can be used to filter out data packets received from the specific inbound interface. In this case, the first forwarding device will forward the data in the data packet received from the specific ingress interface to the next hop of the first policy routing. It should be understood that the foregoing matching conditions are only exemplary, and the matching conditions in the first policy routing may also be in other forms and are not limited.

在方式2中，第一转发设备可以根据第一策略路由中的匹配条件获取第一策略路由。例如，若根据该匹配条件筛选出的数据报文为：源协议地址为用户端的协议地址的数据报文，则源协议地址为用户端的协议地址的数据报文对应的是第一策略路由。在这种情况下，第一转发设备获取该第一策略路由。其中，第一策略路由的下一跳为第一ARP表项中的协议地址，后续，第一转发设备可以根据第一策略路由的下一跳获取第一ARP表项。又例如，若根据该匹配条件筛选出的数据报文为：从特定入接口接收的数据报文，则从特定入接口接收的数据报文对应的是第一策略路由。在这种情况下，第一转发设备获取该第一策略路由。其中，第一策略路由的下一跳为第一ARP表项中的协议地址，后续，第一转发设备可以根据第一策略路由的下一跳获取第一ARP表项。In Manner 2, the first forwarding device may obtain the first policy route according to the matching condition in the first policy route. For example, if the data message filtered according to the matching condition is a data message whose source protocol address is the protocol address of the client, then the data message whose source protocol address is the protocol address of the client corresponds to the first policy routing. In this case, the first forwarding device obtains the first policy route. Wherein, the next hop of the first policy routing is the protocol address in the first ARP entry, and subsequently, the first forwarding device may obtain the first ARP entry according to the next hop of the first policy routing. For another example, if the data message filtered according to the matching condition is: a data message received from a specific ingress interface, the data message received from the specific ingress interface corresponds to the first policy routing. In this case, the first forwarding device obtains the first policy route. Wherein, the next hop of the first policy routing is the protocol address in the first ARP entry, and subsequently, the first forwarding device may obtain the first ARP entry according to the next hop of the first policy routing.

情况2：三层虚拟专用网中的的转发设备通过IRB非对称模式转发第一数据。Case 2: The forwarding device in the three-layer virtual private network forwards the first data through the IRB asymmetric mode.

对于上述方式1，第一转发设备获取第一数据报文对应的第一ARP表项，包括：第一转发设备获取第一源协议地址对应的第三策略路由；第一转发设备根据第三策略路由获取第一ARP表项。具体的，可以参考上述情况1中对应的描述，不予赘述。For the above method 1, the first forwarding device acquiring the first ARP entry corresponding to the first data message includes: the first forwarding device acquiring the third policy route corresponding to the first source protocol address; the first forwarding device according to the third policy The route obtains the first ARP entry. Specifically, you can refer to the corresponding description in Case 1 above, which will not be repeated.

对于上述方式2，第一转发设备获取第一数据报文对应的第一ARP表项，包括：第一转发设备根据第一目的物理地址查找ARP表，得到第一ARP表项。其中，第一目的物理地址为第二接口的物理地址。如此，第一转发设备根据第一目的物理地址查找ARP表可以得到第一ARP表项。For the above method 2, the first forwarding device acquiring the first ARP table entry corresponding to the first data message includes: the first forwarding device searches the ARP table according to the first destination physical address to obtain the first ARP table entry. Wherein, the first destination physical address is the physical address of the second interface. In this way, the first forwarding device can obtain the first ARP entry by looking up the ARP table according to the first destination physical address.

步骤303、第一转发设备通过第一接口向透明VAS设备发送第一数据。Step 303: The first forwarding device sends the first data to the transparent VAS device through the first interface.

可选的，第二接口的物理地址对应第一接口。第二接口的物理地址与第一接口的对应关系存储在物理映射表中，或者第二接口的物理地址与第一接口的对应关系存储在第一ARP表项中。第二接口的物理地址与第一接口的对应关系存储在第一ARP表项中时，第一ARP表项还包括出接口。该出接口用于指示第一转发设备将数据报文发送到第一ARP表项中物理地址时，使用的接口。Optionally, the physical address of the second interface corresponds to the first interface. The correspondence between the physical address of the second interface and the first interface is stored in the physical mapping table, or the correspondence between the physical address of the second interface and the first interface is stored in the first ARP table entry. When the correspondence between the physical address of the second interface and the first interface is stored in the first ARP entry, the first ARP entry further includes the outgoing interface. The outbound interface is used to indicate the interface used when the first forwarding device sends a data packet to the physical address in the first ARP entry.

示例性的，以第二接口的物理地址与第一接口的对应关系存储在物理映射表中为例，在步骤303之前，第一转发设备根据第一ARP表项中的第二接口的物理地址查找物理映射表，确定需要通过第一接口发送第一数据。Exemplarily, taking the correspondence between the physical address of the second interface and the first interface stored in the physical mapping table as an example, before step 303, the first forwarding device according to the physical address of the second interface in the first ARP entry Look up the physical mapping table and determine that the first data needs to be sent through the first interface.

示例性的，以第二接口的物理地址与第一接口的对应关系存储在第一ARP表项中为例，在步骤303之前，第一转发设备根据第一ARP表项中的出接口确定需要通过第一接口发送第一数据。Exemplarily, taking the correspondence between the physical address of the second interface and the first interface stored in the first ARP entry as an example, before step 303, the first forwarding device determines the need according to the outgoing interface in the first ARP entry. The first data is sent through the first interface.

在一种可能的实现方式中，第一转发设备通过第一接口向透明VAS设备发送第一数据，包括：第一转发设备通过第一接口向透明VAS设备发送第二数据报文。第二数据报文包括第三源协议地址、第三目的协议地址、第三源物理地址、第三目的物理地址和第一数据。第三源协议地址为用户端的协议地址。第三目的协议地址为服务器的协议地址。In a possible implementation manner, that the first forwarding device sends the first data to the transparent VAS device through the first interface includes: the first forwarding device sends the second data packet to the transparent VAS device through the first interface. The second data message includes a third source protocol address, a third destination protocol address, a third source physical address, a third destination physical address, and the first data. The third source protocol address is the protocol address of the client. The third destination protocol address is the protocol address of the server.

对于上述情况1，第三源物理地址为第一接口的物理地址。第三目的物理地址为第二接口的物理地址。对于上述情况2中的方式1，第三源物理地址为第一转发设备的物理地址。第三目的物理地址为第二接口的物理地址。对于上述情况2中的方式2，第三源物理地址为第四转发设备的物理地址。第三目的物理地址为第二接口的物理地址。For the above case 1, the third source physical address is the physical address of the first interface. The third destination physical address is the physical address of the second interface. For the method 1 in the above case 2, the third source physical address is the physical address of the first forwarding device. The third destination physical address is the physical address of the second interface. For the method 2 in the above case 2, the third source physical address is the physical address of the fourth forwarding device. The third destination physical address is the physical address of the second interface.

步骤303之后，透明VAS设备通过第二接口向第二转发设备发送第一数据。第二转发设备接收到第一数据后，通过IRB对称模式或IRB非对称模式转发第一数据。After step 303, the transparent VAS device sends the first data to the second forwarding device through the second interface. After receiving the first data, the second forwarding device forwards the first data in the IRB symmetric mode or the IRB asymmetric mode.

在一种可能的实现方式中，服务器接收到第一数据，会向用户端返回第二数据。若第二数据也需要经过透明VAS设备，同理可以采用图3所述的方法传输数据报文。不同之处有以下2点：In a possible implementation, the server receives the first data and returns the second data to the user. If the second data also needs to pass through the transparent VAS device, similarly, the method described in FIG. 3 can be used to transmit the data message. The differences are as follows:

区别1、若第二转发设备与服务器通信连接，可以在第二转发设备上配置第四策略路由，在第二接口上配置第二ARP表项。Difference 1. If the second forwarding device is in communication with the server, the fourth policy routing can be configured on the second forwarding device, and the second ARP entry can be configured on the second interface.

其中，第四策略路由包括匹配条件和下一跳的信息。下一跳的信息用于指示第四策略路由的下一跳。第四策略路由的下一跳为第二ARP表项中的协议地址。该匹配条件可以根据用户需要配置。该匹配条件可以用于筛选数据报文。例如，该匹配条件可以用于筛选服务器发送的数据报文，也就是说，该匹配条件可以将源协议地址为服务器的协议地址的数据报文筛选出来。在这种情况下，第二转发设备会将接收到的来自服务器的数据报文中的数据转发给第四策略路由的下一跳。应理解，上述匹配条件仅是示例性的，第四策略路由中的匹配条件还可以是其他形式的，不予限制。Among them, the fourth policy routing includes matching conditions and next hop information. The information of the next hop is used to indicate the next hop of the fourth policy routing. The next hop of the fourth policy routing is the protocol address in the second ARP entry. The matching condition can be configured according to user needs. This matching condition can be used to filter data packets. For example, the matching condition can be used to filter data packets sent by the server, that is, the matching condition can filter out data packets whose source protocol address is the protocol address of the server. In this case, the second forwarding device will forward the data in the received data message from the server to the next hop of the fourth policy routing. It should be understood that the above matching conditions are only exemplary, and the matching conditions in the fourth policy routing may also be in other forms and are not limited.

其中，第二ARP表项包括协议地址和物理地址。该协议地址为第二接口所在网段的空闲地址。例如，该协议地址为第二接口所在网段的空闲IP地址。该物理地址为第一接口的物理地址。例如，该物理地址为第一接口的MAC地址。Among them, the second ARP table entry includes a protocol address and a physical address. The protocol address is an idle address of the network segment where the second interface is located. For example, the protocol address is an idle IP address of the network segment where the second interface is located. The physical address is the physical address of the first interface. For example, the physical address is the MAC address of the first interface.

区别2、若第二转发设备通过至少一个其他转发设备与服务器通信连接，可以在第五转发设备上配置第四策略路由，在第二接口上配置第二ARP表项。Difference 2: If the second forwarding device communicates with the server through at least one other forwarding device, the fourth policy routing can be configured on the fifth forwarding device, and the second ARP entry can be configured on the second interface.

其中，第二策略路由与第四策略路由相同或不同。第二策略路由包括匹配条件和下一跳的信息。下一跳的信息用于指示第二策略路由的下一跳。第二策略路由的下一跳为第二ARP表项中的协议地址。该匹配条件可以根据用户需要配置。该匹配条件可以用于筛选数据报文。Wherein, the second policy route is the same or different from the fourth policy route. The second policy routing includes matching conditions and next hop information. The next hop information is used to indicate the next hop of the second policy routing. The next hop of the second policy routing is the protocol address in the second ARP entry. The matching condition can be configured according to user needs. This matching condition can be used to filter data packets.

第二策略路由与第四策略路由不同时，第二策略路由中的匹配条件与第四策略路由中的匹配条件不同。例如，该匹配条件可以用于筛选特定入接口(如：接收第二数据的接口)的数据报文，也就是说，该匹配条件可以将从特定入接口接收的数据报文筛选出来。在这种情况下，第二转发设备会将从特定入接口接收的数据报文中的数据转发给第二策略路由的下一跳。应理解，上述匹配条件仅是示例性的，第二策略路由中的匹配条件还可以是其他形式的，不予限制。When the second policy routing is different from the fourth policy routing, the matching condition in the second policy routing is different from the matching condition in the fourth policy routing. For example, the matching condition can be used to filter data packets of a specific inbound interface (for example, an interface that receives the second data), that is, the matching condition can be used to filter out data packets received from a specific inbound interface. In this case, the second forwarding device forwards the data in the data packet received from the specific ingress interface to the next hop of the second policy routing. It should be understood that the foregoing matching conditions are only exemplary, and the matching conditions in the second policy routing may also be in other forms and are not limited.

在区别2中，当三层虚拟专用网中的转发设备通过IRB对称模式转发第二数据，第二转发设备上还配置有第二策略路由。In difference 2, when the forwarding device in the three-layer virtual private network forwards the second data through the IRB symmetric mode, the second forwarding device is also configured with a second policy route.

第二ARP表项的介绍可以参考上述区别1中所述，不予赘述。For the introduction of the second ARP entry, please refer to the above-mentioned difference 1 and will not be repeated.

基于图3所示的方法，第一转发设备可以获取第一数据报文，根据第一数据报文获取第一数据报文对应的第一ARP表项，并通过第一接口向透明VAS设备发送第一数据。如此，通过在第一转发设备上配置包括协议地址和物理地址的第一ARP表项，使得透明VAS设备处理用户端与服务器之间交互的数据报文，为用户端提供相应的增值服务。并且，本申请中，对于配置了策略路由和第一ARP表项的设备，根据本申请实施例提供的方法传输报文，对于不需要经过透明VAS设备的数据报文，还是按照查路由或者查MAC地址的方法转发，实现了灵活的引流需求。另外，本申请实施例提供的报文传输方法不消耗额外的VRF和FIB资源，编排简单。Based on the method shown in Figure 3, the first forwarding device can obtain the first data packet, obtain the first ARP entry corresponding to the first data packet according to the first data packet, and send it to the transparent VAS device through the first interface The first data. In this way, by configuring the first ARP entry including the protocol address and the physical address on the first forwarding device, the transparent VAS device can process the data packets interacted between the user end and the server, and provide corresponding value-added services for the user end. In addition, in this application, for devices configured with policy routing and the first ARP entry, packets are transmitted according to the method provided in the embodiments of this application. For data packets that do not need to pass through the transparent VAS device, follow the route search or search The method of MAC address forwarding realizes flexible diversion requirements. In addition, the message transmission method provided in the embodiment of the present application does not consume additional VRF and FIB resources, and the layout is simple.

下面以图1所示网络***为例，介绍本申请实施例提供的报文传输方法的详细流程。The following takes the network system shown in FIG. 1 as an example to introduce the detailed flow of the message transmission method provided by the embodiment of the present application.

请参考图4，图4为本申请实施例提供的又一种报文传输方法。图4所示的方法包括步骤401-步骤408。Please refer to FIG. 4, which is another message transmission method provided by an embodiment of this application. The method shown in FIG. 4 includes step 401-step 408.

步骤401、用户端108向转发设备101发送数据报文1。Step 401: The user end 108 sends a data message 1 to the forwarding device 101.

其中，数据报文1包括的内容可以如图5a中的501所示。数据报文1的源协议地址(SrcIP)为用户端108的IP地址、目的协议地址(DestIP)为服务器109的IP地址、源物理地址(SrcMAC)为用户端108的MAC地址，、目的物理地址(DestMAC)为转发设备101的GW的MAC地址，数据报文1还包括数据1。The content included in the data message 1 may be as shown in 501 in FIG. 5a. The source protocol address (SrcIP) of the data message 1 is the IP address of the client 108, the destination protocol address (DestIP) is the IP address of the server 109, the source physical address (SrcMAC) is the MAC address of the client 108, and the destination physical address (DestMAC) is the MAC address of the GW of the forwarding device 101, and the data message 1 also includes data 1.

图1中的转发设备转发数据报文时，可以通过IRB对称模式转发，也可以通过IRB非对称模式转发。通过IRB对称模式转发时，数据报文包括的内容可以如图5a所示。通过IRB非对称模式转发时，数据报文包括的内容可以如图5b所示。When the forwarding device in Figure 1 forwards a data message, it can be forwarded in IRB symmetric mode or in IRB asymmetric mode. When forwarding through the IRB symmetric mode, the content of the data message can be as shown in Figure 5a. When forwarding through the IRB asymmetric mode, the content included in the data message can be as shown in Figure 5b.

图5a或图5b所示的数据报文仅是示例性的，在实际应用中，数据报文还可以是其他形式的，并且数据报文还可以包括比图5a或图5b所示更多或更少的内容，不予限制。The data message shown in Figure 5a or Figure 5b is only exemplary. In practical applications, the data message may also be in other forms, and the data message may also include more or Less content, no restrictions.

步骤402、转发设备101接收来自用户端108的数据报文1，根据第三策略路由向转发设备105发送数据报文2。Step 402: The forwarding device 101 receives the data message 1 from the client 108, and sends the data message 2 to the forwarding device 105 according to the third policy routing.

转发设备101为VTEP，转发设备101会为数据1建立隧道，该隧道的起始端为转发设备101。转发设备101根据第三策略路由确定该隧道的终端为转发设备102。The forwarding device 101 is a VTEP, and the forwarding device 101 will establish a tunnel for data 1, and the beginning of the tunnel is the forwarding device 101. The forwarding device 101 determines that the terminal of the tunnel is the forwarding device 102 according to the third policy routing.

可选的，转发设备101修改数据报文1的源物理地址和目的物理地址，并把修改后的数据报文封装进VXLAN帧头，得到数据报文2。数据报文2包括外层源协议地址、外层目的协议地址、外层源物理地址、外层目的物理地址、用户数据报协议(User Datagram Protocol，UDP)头、VXLAN头、内层源协议地址、内层目的协议地址、内层源物理地址、内层目的物理地址和数据1。Optionally, the forwarding device 101 modifies the source physical address and the destination physical address of the data message 1, and encapsulates the modified data message into the VXLAN frame header to obtain the data message 2. Data message 2 includes outer layer source protocol address, outer layer destination protocol address, outer layer source physical address, outer layer destination physical address, User Datagram Protocol (UDP) header, VXLAN header, inner layer source protocol address , Inner layer destination protocol address, inner layer source physical address, inner layer destination physical address and data 1.

在一种可能的实现方式中，数据报文是通过IRB对称模式转发的。数据报文2包括的内容可以如图5a中的502所示。其中，外层源协议地址为转发设备101的VTEP IP地址(即：loopback接口的IP地址)。外层目的协议地址为转发设备102的VTEP IP地址。外层源物理地址为转发设备101的GW的MAC地址。外层目的物理地址为转发设备105的GW的MAC地址。内层源协议地址为用户端108的IP地址。内层目的协议地址为服务器109的协议地址。内层源物理地址为转发设备101的MAC地址，图5a和图5b中将转发设备的MAC地址称为虚拟网络边缘(network virtualization edge，NVE)MAC地址。内层目的物理地址为转发设备103的MAC地址。In a possible implementation, the data message is forwarded through the IRB symmetric mode. The content included in the data message 2 may be as shown in 502 in FIG. 5a. Among them, the outer source protocol address is the VTEP IP address of the forwarding device 101 (that is, the IP address of the loopback interface). The outer destination protocol address is the VTEP IP address of the forwarding device 102. The outer source physical address is the MAC address of the GW of the forwarding device 101. The outer destination physical address is the MAC address of the GW of the forwarding device 105. The inner source protocol address is the IP address of the client 108. The inner destination protocol address is the protocol address of the server 109. The inner source physical address is the MAC address of the forwarding device 101, and the MAC address of the forwarding device is referred to as a virtual network edge (network virtualization edge, NVE) MAC address in FIGS. 5a and 5b. The inner destination physical address is the MAC address of the forwarding device 103.

在一种可能的实现方式中，数据报文是通过IRB非对称模式转发的。数据报文2包括的内容可以如图5b中的506所示。其中，外层源协议地址为转发设备101的VTEP IP地址。外层目的协议地址为转发设备102的VTEP IP地址。外层源物理地址为转发设备101的GW的MAC地址。外层目的物理地址为转发设备105的GW的MAC地址。内层源协议地址为用户端108的IP地址。内层目的协议地址为服务器109的协议地址。内层源物理地址为转发设备101的MAC地址。内层目的物理地址为第二接口的MAC地址。第二接口为转发设备103上与透明VAS设备107连接的接口，因此，图5b中内层目的物理地址呈现为转发设备103的MAC地址。In a possible implementation, the data message is forwarded in IRB asymmetric mode. The content included in the data message 2 may be as shown in 506 in FIG. 5b. Among them, the outer source protocol address is the VTEP IP address of the forwarding device 101. The outer destination protocol address is the VTEP IP address of the forwarding device 102. The outer source physical address is the MAC address of the GW of the forwarding device 101. The outer destination physical address is the MAC address of the GW of the forwarding device 105. The inner source protocol address is the IP address of the client 108. The inner destination protocol address is the protocol address of the server 109. The inner source physical address is the MAC address of the forwarding device 101. The inner destination physical address is the MAC address of the second interface. The second interface is the interface connected to the transparent VAS device 107 on the forwarding device 103. Therefore, the inner destination physical address in FIG. 5b is presented as the MAC address of the forwarding device 103.

步骤403、转发设备105接收来自转发设备101的数据报文2，根据数据报文2中的外层源协议地址、外层目的协议地址、外层源物理地址和外层目的物理地址查询FIB，并向转发设备102发送数据报文2。Step 403: The forwarding device 105 receives the data message 2 from the forwarding device 101, and queries the FIB according to the outer source protocol address, the outer destination protocol address, the outer source physical address, and the outer destination physical address in the data message 2. And send a data message 2 to the forwarding device 102.

步骤404、转发设备102接收来自转发设备105的数据报文2，向透明VAS设备107发送数据报文3。Step 404: The forwarding device 102 receives the data message 2 from the forwarding device 105, and sends the data message 3 to the transparent VAS device 107.

在一种可能的实现方式中，数据报文是通过IRB对称模式转发的。转发设备102根据第一策略路由向透明VAS设备107发送数据报文3。In a possible implementation, the data message is forwarded through the IRB symmetric mode. The forwarding device 102 sends the data message 3 to the transparent VAS device 107 according to the first policy routing.

在这种情况下，转发设备102为隧道的终端，转发设备102接收到数据报文2后，解除数据报文2的VXLAN封装，修改解封装后得到的数据报文的源物理地址和目的物理地址，得到数据报文3。In this case, the forwarding device 102 is the terminal of the tunnel. After receiving the data message 2, the forwarding device 102 removes the VXLAN encapsulation of the data message 2, and modifies the source physical address and destination physical address of the data message obtained after decapsulation. Address, get data message 3.

其中，数据报文3的内容可以如图5a中的503所示。数据报文3包括源协议地址、目的协议地址、源物理地址、目的物理地址和数据1。其中，源协议地址为用户端108的IP地址。目的协议地址为服务器109的IP地址。源物理地址为第一接口的MAC地址(由于第一接口在转发设备102上，图中呈现为转发设备102的GW的MAC地址)。目的物理地址为第二接口的MAC地址(由于第二接口在转发设备103上，图中呈现为转发设备103的GW的MAC地址)。The content of the data message 3 may be as shown in 503 in FIG. 5a. Data message 3 includes source protocol address, destination protocol address, source physical address, destination physical address, and data 1. Among them, the source protocol address is the IP address of the client 108. The destination protocol address is the IP address of the server 109. The source physical address is the MAC address of the first interface (since the first interface is on the forwarding device 102, the MAC address of the GW of the forwarding device 102 is shown in the figure). The destination physical address is the MAC address of the second interface (because the second interface is on the forwarding device 103, it appears as the MAC address of the GW of the forwarding device 103 in the figure).

第一策略路由的下一跳为第一ARP表项中的协议地址，第一ARP表项的协议地址对应的物理地址为第二接口的物理地址，如此，转发设备102根据第一策略路由获取第一ARP表项，根据第一ARP表项向透明VAS设备107发送数据报文3。The next hop of the first policy routing is the protocol address in the first ARP entry, and the physical address corresponding to the protocol address of the first ARP entry is the physical address of the second interface. Thus, the forwarding device 102 obtains it according to the first policy routing The first ARP entry sends a data packet 3 to the transparent VAS device 107 according to the first ARP entry.

在另一种可能的实现方式中，数据报文是通过IRB非对称模式转发的。转发设备102获取第一ARP表项，并根据第一ARP表项向透明VAS设备107发送数据报文3。也就是说，数据报文是通过IRB非对称模式转发时，转发设备102做的是二层转发。In another possible implementation, the data message is forwarded in IRB asymmetric mode. The forwarding device 102 obtains the first ARP entry, and sends a data message 3 to the transparent VAS device 107 according to the first ARP entry. In other words, when the data message is forwarded through the IRB asymmetric mode, the forwarding device 102 performs Layer 2 forwarding.

在这种情况下，转发设备102为隧道的终端，转发设备102接收到数据报文2后，解除数据报文2的VXLAN封装，得到数据报文3。In this case, the forwarding device 102 is the terminal of the tunnel. After receiving the data message 2, the forwarding device 102 decapsulates the data message 2 to obtain data message 3.

其中，数据报文3的内容可以如图5b中的507所示。数据报文3包括源协议地址、目的协议地址、源物理地址、目的物理地址和数据1。其中，源协议地址为用户端108的IP地址。目的协议地址为服务器109的IP地址。源物理地址为转发设备101的MAC地址。目的物理地址为第二接口的MAC地址。The content of the data message 3 may be as shown in 507 in FIG. 5b. Data message 3 includes source protocol address, destination protocol address, source physical address, destination physical address, and data 1. Among them, the source protocol address is the IP address of the client 108. The destination protocol address is the IP address of the server 109. The source physical address is the MAC address of the forwarding device 101. The destination physical address is the MAC address of the second interface.

图1中的转发设备105和转发设备106都和转发设备101-转发设备104通信连接，因此步骤402-步骤404中的转发设备105可以替换为转发设备106。Both the forwarding device 105 and the forwarding device 106 in FIG. 1 are in communication connection with the forwarding device 101-the forwarding device 104, so the forwarding device 105 in the step 402 to the step 404 can be replaced with the forwarding device 106.

步骤405、透明VAS设备107接收来自转发设备102的数据报文3，对数据报文3执行增值业务处理，然后向转发设备103发送该数据报文3。Step 405: The transparent VAS device 107 receives the data message 3 from the forwarding device 102, performs value-added service processing on the data message 3, and then sends the data message 3 to the forwarding device 103.

其中，透明VAS设备在对数据报文3执行增值业务处理的过程中，可能会修改数据报文3的部分内容，也可能不会修改数据报文3的部分内容，由于本申请不关注增值业务设备的处理，因此将经过透明VAS设备的数据报文3仍然称为数据报文3。Among them, when the transparent VAS device performs value-added service processing on data message 3, part of the content of data message 3 may be modified, or part of the content of data message 3 may not be modified, because this application does not focus on value-added services The processing of the device, therefore, the data message 3 passing through the transparent VAS device is still referred to as the data message 3.

步骤406、转发设备103接收来自透明VAS设备107的数据报文3，根据FIB向转发设备106发送数据报文4。Step 406: The forwarding device 103 receives the data packet 3 from the transparent VAS device 107, and sends the data packet 4 to the forwarding device 106 according to the FIB.

转发设备103为VTEP，转发设备103会为数据1建立隧道，该隧道的起始端为转发设备103。转发设备103根据FIB确定该隧道的终端为转发设备104。The forwarding device 103 is a VTEP, and the forwarding device 103 will establish a tunnel for data 1, and the beginning of the tunnel is the forwarding device 103. The forwarding device 103 determines that the terminal of the tunnel is the forwarding device 104 according to FIB.

可选的，转发设备103修改数据报文3的源物理地址和目的物理地址，并把修改后的数据报文封装进VXLAN帧头，得到数据报文4。数据报文4包括外层源协议地址、外层目的协议地址、外层源物理地址、外层目的物理地址、UDP头、VXLAN头、内层源协议地址、内层目的协议地址、内层源物理地址、内层目的物理地址和数据1。Optionally, the forwarding device 103 modifies the source physical address and the destination physical address of the data message 3, and encapsulates the modified data message into the VXLAN frame header to obtain the data message 4. Data message 4 includes outer layer source protocol address, outer layer destination protocol address, outer layer source physical address, outer layer destination physical address, UDP header, VXLAN header, inner layer source protocol address, inner layer destination protocol address, inner layer source Physical address, internal destination physical address and data 1.

在一种可能的实现方式中，数据报文是通过IRB对称模式转发的。在这种情况下，数据报文4包括的内容可以如图5a中的504所示。其中，外层源协议地址为转发设备103的VTEP IP地址。外层目的协议地址为转发设备104的VTEP IP地址。外层源物理地址为转发设备103的GW的MAC地址。外层目的物理地址为转发设备106的GW的MAC地址。内层源协议地址为用户端108的IP地址。内层目的协议地址为服务器109的IP地址。内层源物理地址为转发设备103的MAC地址。内层目的物理地址为转发设备104的MAC地址。In a possible implementation, the data message is forwarded through the IRB symmetric mode. In this case, the content included in the data message 4 may be as shown in 504 in FIG. 5a. Among them, the outer source protocol address is the VTEP IP address of the forwarding device 103. The outer destination protocol address is the VTEP IP address of the forwarding device 104. The outer source physical address is the MAC address of the GW of the forwarding device 103. The outer destination physical address is the MAC address of the GW of the forwarding device 106. The inner source protocol address is the IP address of the client 108. The inner destination protocol address is the IP address of the server 109. The internal source physical address is the MAC address of the forwarding device 103. The inner destination physical address is the MAC address of the forwarding device 104.

在另一种可能的实现方式中，数据报文是通过IRB非对称模式转发的。在这种情况下，数据报文4中内层目的物理地址与上述数据报文通过IRB对称模式转发时，数据报文4中内层目的物理地址不同，为服务器109的MAC地址。具体的，数据报文通过IRB非对称模式转发时，数据报文4包括的内容可以如图5b中的508所示。In another possible implementation, the data message is forwarded in IRB asymmetric mode. In this case, when the inner destination physical address in the data message 4 is forwarded through the IRB symmetric mode, the inner destination physical address in the data message 4 is different and is the MAC address of the server 109. Specifically, when the data message is forwarded in the IRB asymmetric mode, the content included in the data message 4 may be as shown in 508 in FIG. 5b.

步骤407、转发设备106接收来自转发设备103的数据报文4，根据数据报文4中的外层源协议地址、外层目的协议地址、外层源物理地址和外层目的物理地址查询FIB，并向转发设备104发送数据报文4。Step 407: The forwarding device 106 receives the data message 4 from the forwarding device 103, and queries the FIB according to the outer source protocol address, the outer destination protocol address, the outer source physical address, and the outer destination physical address in the data message 4, And send a data message 4 to the forwarding device 104.

步骤408：转发设备104接收来自转发设备106的数据报文4，向服务器109发送数据报文5。Step 408: The forwarding device 104 receives the data message 4 from the forwarding device 106, and sends the data message 5 to the server 109.

在一种可能的实现方式中，数据报文是通过IRB对称模式转发的，转发设备104为隧道的终端，转发设备104接收到数据报文4后，解除数据报文4的VXLAN封装，修改解封装后得到的数据报文的源物理地址和目的物理地址，得到数据报文5。In a possible implementation, the data message is forwarded in IRB symmetric mode, and the forwarding device 104 is the terminal of the tunnel. After the forwarding device 104 receives the data message 4, it removes the VXLAN encapsulation of the data message 4 and modifies the solution. The source physical address and the destination physical address of the data message obtained after encapsulation are obtained as data message 5.

其中，数据报文5的内容可以如图5a中的505所示。数据报文5包括源协议地址、目的协议地址、源物理地址、目的物理地址和数据1。其中，源协议地址为用户端108的IP地址。目的协议地址为服务器109的IP地址。源物理地址为转发设备104的GW的MAC地址。目的物理地址为服务器109的MAC地址。The content of the data message 5 may be as shown in 505 in FIG. 5a. The data message 5 includes a source protocol address, a destination protocol address, a source physical address, a destination physical address, and data 1. Among them, the source protocol address is the IP address of the client 108. The destination protocol address is the IP address of the server 109. The source physical address is the MAC address of the GW of the forwarding device 104. The destination physical address is the MAC address of the server 109.

数据报文通过IRB对称模式转发时，转发设备104做的是普通的三层转发。例如，转发设备104查路由表，根据路由表向服务器109发送数据报文5。When the data message is forwarded in the IRB symmetric mode, the forwarding device 104 performs ordinary three-layer forwarding. For example, the forwarding device 104 checks the routing table, and sends the data message 5 to the server 109 according to the routing table.

在另一种可能的实现方式中，数据报文是通过IRB非对称模式转发的，转发设备104为隧道的终端，转发设备104接收到数据报文4后，解除数据报文4的VXLAN封装，得到数据报文5。In another possible implementation manner, the data message is forwarded in IRB asymmetric mode, and the forwarding device 104 is the terminal of the tunnel. After the forwarding device 104 receives the data message 4, it removes the VXLAN encapsulation of the data message 4. Get data message 5.

其中，数据报文5的内容可以如图5b中的509所示。数据报文5包括源协议地址、目的协议地址、源物理地址、目的物理地址和数据1。其中，源协议地址为用户端108的IP地址。目的协议地址为服务器109的IP地址。源物理地址为转发设备103的MAC地址。目的物理地址为服务器109的MAC地址。The content of the data message 5 may be as shown in 509 in FIG. 5b. The data message 5 includes a source protocol address, a destination protocol address, a source physical address, a destination physical address, and data 1. Among them, the source protocol address is the IP address of the client 108. The destination protocol address is the IP address of the server 109. The source physical address is the MAC address of the forwarding device 103. The destination physical address is the MAC address of the server 109.

数据报文通过IRB非对称模式转发时，转发设备104做的是二层转发。例如，转发设备104查物理映射表，根据物理映射表向服务器109发送数据报文5。When the data message is forwarded in the IRB asymmetric mode, the forwarding device 104 performs Layer 2 forwarding. For example, the forwarding device 104 checks the physical mapping table, and sends the data message 5 to the server 109 according to the physical mapping table.

图1中的转发设备105和转发设备106都和转发设备101-转发设备104通信连接，因此步骤406-步骤408中的转发设备106可以替换为转发设备105。Both the forwarding device 105 and the forwarding device 106 in FIG. 1 are in communication connection with the forwarding device 101-the forwarding device 104, so the forwarding device 106 in step 406 to step 408 can be replaced with the forwarding device 105.

对应的，服务器109接收来自转发设备104的数据报文5。Correspondingly, the server 109 receives the data message 5 from the forwarding device 104.

基于图4所示的方法，通过在转发设备101上配置第三策略路由，在转发设备102 上配置第一策略路由，在第一接口配置第一ARP表项，可以使得用户端108发送的数据1经过透明VAS设备107后到达服务器109，为用户端108提供相应的增值服务。另外，本申请实施例提供的报文传输方法不消耗额外的VRF和FIB资源，编排简单。Based on the method shown in Figure 4, by configuring the third policy routing on the forwarding device 101, configuring the first policy routing on the forwarding device 102, and configuring the first ARP entry on the first interface, the data sent by the client 108 can be 1 After passing through the transparent VAS device 107, it reaches the server 109, and provides corresponding value-added services for the client 108. In addition, the message transmission method provided in the embodiment of the present application does not consume additional VRF and FIB resources, and the layout is simple.

进一步，服务器109接收到数据1后，还可以向用户端108返回数据2，该数据2也可以经过透明VAS设备107。具体的，可以参考图6所示方法，图4所示方法还包括步骤601-步骤608。Further, after the server 109 receives the data 1, it can also return the data 2 to the user terminal 108, and the data 2 can also pass through the transparent VAS device 107. Specifically, reference may be made to the method shown in FIG. 6. The method shown in FIG. 4 further includes step 601 to step 608.

步骤601、服务器109向转发设备104发送数据报文6。Step 601: The server 109 sends a data packet 6 to the forwarding device 104.

其中，数据报文6包括源协议地址、目的协议地址、源物理地址、目的物理地址和数据2。其中，源协议地址为服务器109的IP地址。目的协议地址为用户端108的IP地址。源物理地址为服务器109的MAC地址。目的物理地址为转发设备104的GW的MAC地址。Among them, the data message 6 includes a source protocol address, a destination protocol address, a source physical address, a destination physical address, and data 2. Wherein, the source protocol address is the IP address of the server 109. The destination protocol address is the IP address of the client 108. The source physical address is the MAC address of the server 109. The destination physical address is the MAC address of the GW of the forwarding device 104.

步骤602：转发设备104接收来自服务器109的数据报文6，根据第四策略路由向转发设备106发送数据报文7。Step 602: The forwarding device 104 receives the data message 6 from the server 109, and sends the data message 7 to the forwarding device 106 according to the fourth policy routing.

转发设备104为VTEP，转发设备104会为数据2建立隧道，该隧道的起始端为转发设备104。转发设备104根据第四策略路由确定该隧道的终端为转发设备103。The forwarding device 104 is a VTEP, and the forwarding device 104 will establish a tunnel for data 2, and the beginning of the tunnel is the forwarding device 104. The forwarding device 104 determines that the terminal of the tunnel is the forwarding device 103 according to the fourth policy routing.

可选的，转发设备104修改数据报文6的源物理地址和目的物理地址，并把修改后的数据报文封装进VXLAN帧头，得到数据报文7。数据报文7包括外层源协议地址、外层目的协议地址、外层源物理地址、外层目的物理地址、UDP头、VXLAN头、内层源协议地址、内层目的协议地址、内层源物理地址、内层目的物理地址和数据2。Optionally, the forwarding device 104 modifies the source physical address and the destination physical address of the data message 6, and encapsulates the modified data message into the VXLAN frame header to obtain the data message 7. Data message 7 includes outer layer source protocol address, outer layer destination protocol address, outer layer source physical address, outer layer destination physical address, UDP header, VXLAN header, inner layer source protocol address, inner layer destination protocol address, inner layer source Physical address, internal destination physical address and data 2.

在一种可能的实现方式中，数据报文是通过IRB对称模式转发的。在这种情况下，外层源协议地址为转发设备104的IP地址。外层目的协议地址为转发设备103的IP地址。外层源物理地址为转发设备104的GW的MAC地址。外层目的物理地址为转发设备106的GW的MAC地址。内层源协议地址为服务器109的IP地址。内层目的协议地址为用户端108的协议地址。内层源物理地址为转发设备104的MAC地址。内层目的物理地址为转发设备102的MAC地址。In a possible implementation, the data message is forwarded through the IRB symmetric mode. In this case, the outer source protocol address is the IP address of the forwarding device 104. The outer destination protocol address is the IP address of the forwarding device 103. The outer source physical address is the MAC address of the GW of the forwarding device 104. The outer destination physical address is the MAC address of the GW of the forwarding device 106. The inner source protocol address is the IP address of the server 109. The inner destination protocol address is the protocol address of the client 108. The inner source physical address is the MAC address of the forwarding device 104. The inner destination physical address is the MAC address of the forwarding device 102.

在另一种可能的实现方式中，数据报文是通过IRB非对称模式转发的。在这种情况下，外层源协议地址为转发设备104的IP地址。外层目的协议地址为转发设备103的IP地址。外层源物理地址为转发设备104的GW的MAC地址。外层目的物理地址为转发设备106的GW的MAC地址。内层源协议地址为服务器109的IP地址。内层目的协议地址为用户端108的协议地址。内层源物理地址为转发设备104的MAC地址。内层目的物理地址为第一接口的MAC地址。In another possible implementation, the data message is forwarded in IRB asymmetric mode. In this case, the outer source protocol address is the IP address of the forwarding device 104. The outer destination protocol address is the IP address of the forwarding device 103. The outer source physical address is the MAC address of the GW of the forwarding device 104. The outer destination physical address is the MAC address of the GW of the forwarding device 106. The inner source protocol address is the IP address of the server 109. The inner destination protocol address is the protocol address of the client 108. The inner source physical address is the MAC address of the forwarding device 104. The inner destination physical address is the MAC address of the first interface.

步骤603、转发设备106接收来自转发设备104的数据报文7，根据数据报文7中的外层源协议地址、外层目的协议地址、外层源物理地址和外层目的物理地址查询FIB，并向转发设备103发送数据报文7。Step 603: The forwarding device 106 receives the data message 7 from the forwarding device 104, and queries the FIB according to the outer source protocol address, the outer destination protocol address, the outer source physical address, and the outer destination physical address in the data message 7. And send a data message 7 to the forwarding device 103.

步骤604、转发设备103接收来自转发设备106的数据报文7，向透明VAS设备107发送数据报文8。Step 604: The forwarding device 103 receives the data message 7 from the forwarding device 106, and sends the data message 8 to the transparent VAS device 107.

在一种可能的实现方式中，数据报文是通过IRB对称模式转发的。转发设备103根据第二策略路由向透明VAS设备107发送数据报文8。In a possible implementation, the data message is forwarded through the IRB symmetric mode. The forwarding device 103 sends the data packet 8 to the transparent VAS device 107 according to the second policy routing.

在这种情况下，转发设备103为隧道的终端，转发设备103接收到数据报文7后，解除数据报文7的VXLAN封装，修改解封装后得到的数据报文的源物理地址和目的物理地址，得到数据报文8。In this case, the forwarding device 103 is the terminal of the tunnel. After receiving the data message 7, the forwarding device 103 decapsulates the VXLAN of the data message 7, and modifies the source physical address and destination physical address of the data message obtained after decapsulation. Address, get data message 8.

其中，数据报文8包括源协议地址、目的协议地址、源物理地址、目的物理地址和数据2。其中，源协议地址为服务器109的IP地址。目的协议地址为用户端108的IP地址。源物理地址为第二接口的MAC地址。目的物理地址为第一接口的MAC地址。Among them, the data message 8 includes a source protocol address, a destination protocol address, a source physical address, a destination physical address, and data 2. Wherein, the source protocol address is the IP address of the server 109. The destination protocol address is the IP address of the client 108. The source physical address is the MAC address of the second interface. The destination physical address is the MAC address of the first interface.

第二策略路由的下一跳为第二ARP表项中的协议地址，第二ARP表项的协议地址对应的物理地址为第一接口的物理地址，如此，转发设备103根据第二策略路由获取第二ARP表项，根据第二ARP表项向透明VAS设备107发送数据报文8。The next hop of the second policy routing is the protocol address in the second ARP entry, and the physical address corresponding to the protocol address of the second ARP entry is the physical address of the first interface. Thus, the forwarding device 103 obtains it according to the second policy routing The second ARP entry sends a data packet 8 to the transparent VAS device 107 according to the second ARP entry.

在另一种可能的实现方式中，数据报文是通过IRB非对称模式转发的。转发设备103获取第二ARP表项，并根据第二ARP表项向透明VAS设备107发送数据报文8。也就是说，数据报文是通过IRB非对称模式转发时，转发设备103做的是二层转发。In another possible implementation, the data message is forwarded in IRB asymmetric mode. The forwarding device 103 obtains the second ARP entry, and sends a data message 8 to the transparent VAS device 107 according to the second ARP entry. That is to say, when the data message is forwarded through the IRB asymmetric mode, the forwarding device 103 performs Layer 2 forwarding.

在这种情况下，转发设备103为隧道的终端，转发设备103接收到数据报文7后，解除数据报文7的VXLAN封装，得到数据报文8。In this case, the forwarding device 103 is the terminal of the tunnel. After the forwarding device 103 receives the data message 7, it decapsulates the data message 7 from VXLAN to obtain the data message 8.

其中，数据报文8包括源协议地址、目的协议地址、源物理地址、目的物理地址和数据1。其中，源协议地址为服务器109的IP地址。目的协议地址为用户端108的IP地址。源物理地址为转发设备104的MAC地址。目的物理地址为第一接口的MAC地址。Among them, the data message 8 includes a source protocol address, a destination protocol address, a source physical address, a destination physical address, and data 1. Wherein, the source protocol address is the IP address of the server 109. The destination protocol address is the IP address of the client 108. The source physical address is the MAC address of the forwarding device 104. The destination physical address is the MAC address of the first interface.

图1中的转发设备105和转发设备106都和转发设备101-转发设备104通信连接，因此步骤602-步骤604中的转发设备106可以替换为转发设备105。Both the forwarding device 105 and the forwarding device 106 in FIG. 1 are in communication connection with the forwarding device 101-the forwarding device 104, so the forwarding device 106 in step 602 to step 604 can be replaced with the forwarding device 105.

步骤605、透明VAS设备107接收来自转发设备103的数据报文8，并向转发设备102发送该数据报文8。Step 605: The transparent VAS device 107 receives the data message 8 from the forwarding device 103, and sends the data message 8 to the forwarding device 102.

步骤606、转发设备102接收来自透明VAS设备107的数据报文8，根据FIB向转发设备105发送数据报文9。Step 606: The forwarding device 102 receives the data packet 8 from the transparent VAS device 107, and sends the data packet 9 to the forwarding device 105 according to FIB.

转发设备102为VTEP，转发设备102会为数据2建立隧道，该隧道的起始端为转发设备102。转发设备102根据FIB确定该隧道的终端为转发设备101。The forwarding device 102 is a VTEP, and the forwarding device 102 will establish a tunnel for data 2, and the beginning of the tunnel is the forwarding device 102. The forwarding device 102 determines that the terminal of the tunnel is the forwarding device 101 according to FIB.

可选的，转发设备102修改数据报文8的源物理地址和目的物理地址，并把修改后的数据报文封装进VXLAN帧头，得到数据报文9。数据报文9包括外层源协议地址、外层目的协议地址、外层源物理地址、外层目的物理地址、UDP头、VXLAN头、内层源协议地址、内层目的协议地址、内层源物理地址、内层目的物理地址和数据2。Optionally, the forwarding device 102 modifies the source physical address and the destination physical address of the data message 8 and encapsulates the modified data message into the VXLAN frame header to obtain the data message 9. Data message 9 includes outer layer source protocol address, outer layer destination protocol address, outer layer source physical address, outer layer destination physical address, UDP header, VXLAN header, inner layer source protocol address, inner layer destination protocol address, inner layer source Physical address, internal destination physical address and data 2.

在一种可能的实现方式中，数据报文是通过IRB对称模式转发的。在这种情况下，外层源协议地址为转发设备102的IP地址。外层目的协议地址为转发设备101的IP地址。外层源物理地址为转发设备102的GW的MAC地址。外层目的物理地址为转发设备105的GW的MAC地址。内层源协议地址为服务器109的IP地址。内层目的协议地址为用户端108的协议地址。内层源物理地址为转发设备102的MAC地址。内层目的物理地址为转发设备101的MAC地址。In a possible implementation, the data message is forwarded through the IRB symmetric mode. In this case, the outer source protocol address is the IP address of the forwarding device 102. The outer layer destination protocol address is the IP address of the forwarding device 101. The outer source physical address is the MAC address of the GW of the forwarding device 102. The outer destination physical address is the MAC address of the GW of the forwarding device 105. The inner source protocol address is the IP address of the server 109. The inner destination protocol address is the protocol address of the client 108. The inner source physical address is the MAC address of the forwarding device 102. The inner destination physical address is the MAC address of the forwarding device 101.

在另一种可能的实现方式中，数据报文是通过IRB非对称模式转发的。在这种情况下，数据报文9中内层目的物理地址与上述数据报文通过IRB对称模式转发时，数据报文9中内层目的物理地址不同，为用户端108的MAC地址。In another possible implementation, the data message is forwarded in IRB asymmetric mode. In this case, when the inner destination physical address in the data message 9 is forwarded through the IRB symmetric mode, the inner destination physical address in the data message 9 is different and is the MAC address of the client 108.

步骤607、转发设备105接收来自转发设备102的数据报文9，根据数据报文9中的外层源协议地址、外层目的协议地址、外层源物理地址和外层目的物理地址查询FIB，并向转发设备101发送数据报文9。Step 607: The forwarding device 105 receives the data message 9 from the forwarding device 102, and queries the FIB according to the outer source protocol address, the outer destination protocol address, the outer source physical address, and the outer destination physical address in the data message 9. And send a data message 9 to the forwarding device 101.

步骤608、转发设备101接收来自转发设备105的数据报文9，向用户端108发送数据报文10。Step 608: The forwarding device 101 receives the data message 9 from the forwarding device 105, and sends the data message 10 to the client 108.

在一种可能的实现方式中，数据报文是通过IRB对称模式转发的，转发设备101为隧道的终端，转发设备101接收到数据报文9后，解除数据报文9的VXLAN封装，修改解封装后得到的数据报文的源物理地址和目的物理地址，得到数据报文10。In a possible implementation, the data message is forwarded in IRB symmetric mode, and the forwarding device 101 is the terminal of the tunnel. After the forwarding device 101 receives the data message 9, it removes the VXLAN encapsulation of the data message 9 and modifies the solution. The source physical address and the destination physical address of the data message obtained after the encapsulation are obtained, and the data message 10 is obtained.

其中，数据报文10包括源协议地址、目的协议地址、源物理地址、目的物理地址和数据2。其中，源协议地址为服务器109的IP地址。目的协议地址为用户端108的IP地址。源物理地址为转发设备101的GW的MAC地址。目的物理地址为用户端108的MAC地址。Among them, the data message 10 includes a source protocol address, a destination protocol address, a source physical address, a destination physical address, and data 2. Wherein, the source protocol address is the IP address of the server 109. The destination protocol address is the IP address of the client 108. The source physical address is the MAC address of the GW of the forwarding device 101. The destination physical address is the MAC address of the client 108.

数据报文通过IRB对称模式转发时，转发设备101做的是普通的三层转发。例如，转发设备101查路由表，根据路由表向用户端108发送数据报文10。When the data message is forwarded in the IRB symmetric mode, the forwarding device 101 performs ordinary Layer 3 forwarding. For example, the forwarding device 101 checks the routing table, and sends the data message 10 to the user end 108 according to the routing table.

在另一种可能的实现方式中，数据报文是通过IRB非对称模式转发的，转发设备101为隧道的终端，转发设备101接收到数据报文9后，解除数据报文9的VXLAN封装，得到数据报文10。In another possible implementation manner, the data message is forwarded through the IRB asymmetric mode, and the forwarding device 101 is the terminal of the tunnel. After the forwarding device 101 receives the data message 9, it removes the VXLAN encapsulation of the data message 9. Get data message 10.

其中，数据报文10包括源协议地址、目的协议地址、源物理地址、目的物理地址和数据2。其中，源协议地址为服务器109的IP地址。目的协议地址为用户端108的IP地址。源物理地址为转发设备102的MAC地址。目的物理地址为用户端108的MAC地址。Among them, the data message 10 includes a source protocol address, a destination protocol address, a source physical address, a destination physical address, and data 2. Wherein, the source protocol address is the IP address of the server 109. The destination protocol address is the IP address of the client 108. The source physical address is the MAC address of the forwarding device 102. The destination physical address is the MAC address of the client 108.

数据报文通过IRB非对称模式转发时，转发设备101做的是二层转发。例如，转发设备101查物理映射表，根据物理映射表向用户端108发送数据报文10。When the data message is forwarded through the IRB asymmetric mode, the forwarding device 101 performs Layer 2 forwarding. For example, the forwarding device 101 checks the physical mapping table, and sends the data message 10 to the user terminal 108 according to the physical mapping table.

图1中的转发设备105和转发设备106都和转发设备101-转发设备104通信连接，因此步骤606-步骤608中的转发设备105可以替换为转发设备106。Both the forwarding device 105 and the forwarding device 106 in FIG. 1 are in communication connection with the forwarding device 101-the forwarding device 104, so the forwarding device 105 in step 606 to step 608 can be replaced with the forwarding device 106.

对应的，用户端108接收来自转发设备101的数据报文10。Correspondingly, the user end 108 receives the data message 10 from the forwarding device 101.

基于图6所示的方法，若服务器109接收到数据1后，向用户端108返回数据2，并且该数据2需要经过透明VAS设备107，则可以通过在转发设备104上配置第四策略路由，在转发设备102上配置第二策略路由，在第二接口配置第二ARP表项，使得服务器109发送的数据2经过透明VAS设备107后到达用户端108。另外，本申请实施例提供的报文传输方法不消耗额外的VRF和FIB资源，编排简单。Based on the method shown in Figure 6, if the server 109 returns data 2 to the client 108 after receiving data 1, and the data 2 needs to pass through the transparent VAS device 107, the fourth policy route can be configured on the forwarding device 104, The second policy routing is configured on the forwarding device 102, and the second ARP entry is configured on the second interface, so that the data 2 sent by the server 109 reaches the user end 108 after passing through the transparent VAS device 107. In addition, the message transmission method provided in the embodiment of the present application does not consume additional VRF and FIB resources, and the layout is simple.

上述图4或图6所示方法的具体过程可以参考上述图3所示方法中所述。For the specific process of the method shown in FIG. 4 or FIG. 6, reference may be made to the method shown in FIG. 3 above.

上述主要从各个设备之间交互的角度对本申请实施例提供的方案进行了介绍。可以理解的是，上述各转发设备等为了实现上述功能，其包含了执行各个功能相应的硬件结构和/或软件模块。本领域技术人员应该很容易意识到，结合本文中所公开的实施例描述的各示例的单元及算法操作，本申请能够以硬件或硬件和计算机软件的结合形式来实现。某个功能究竟以硬件还是计算机软件驱动硬件的方式来执行，取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能，但是这种实现不应认为超出本申请的范围。The foregoing mainly introduces the solutions provided by the embodiments of the present application from the perspective of interaction between various devices. It can be understood that, in order to realize the above-mentioned functions, the above-mentioned forwarding devices and the like include hardware structures and/or software modules corresponding to the respective functions. Those skilled in the art should easily realize that in combination with the units and algorithm operations of the examples described in the embodiments disclosed herein, the present application can be implemented in the form of hardware or a combination of hardware and computer software. Whether a certain function is executed by hardware or computer software-driven hardware depends on the specific application and design constraint conditions of the technical solution. Professionals and technicians can use different methods for each specific application to implement the described functions, but such implementation should not be considered as going beyond the scope of this application.

本申请实施例可以根据上述方法示例对各转发设备进行功能模块的划分，例如，可以对应各个功能划分各个功能模块，也可以将两个或两个以上的功能集成在一个处理模块中。上述集成的模块既可以采用硬件的形式实现，也可以采用软件功能模块的形式实现。本申请实施例中对模块的划分是示意性的，仅仅为一种逻辑功能划分，实际实现时可以有另外的划分方式。The embodiment of the present application may divide the function modules of each forwarding device according to the foregoing method examples. For example, each function module may be divided corresponding to each function, or two or more functions may be integrated into one processing module. The above-mentioned integrated modules can be implemented in the form of hardware or software function modules. The division of modules in the embodiments of the present application is illustrative, and is only a logical function division, and there may be other division methods in actual implementation.

比如，以采用集成的方式划分各个功能模块的情况下，图7示出了一种通信装置的结构示意图。该通信装置可以为上述第一转发设备或者第一转发设备中的芯片或者片上***，或其他可实现上述第一转发设备功能的组合器件、部件等，该通信装置可以用于执行上述实施例中涉及的第一转发设备的功能。For example, in the case of dividing various functional modules in an integrated manner, FIG. 7 shows a schematic structural diagram of a communication device. The communication device may be the first forwarding device or the chip or system on a chip in the first forwarding device, or other combination devices, components, etc. that can realize the functions of the first forwarding device, and the communication device may be used to perform the above-mentioned embodiments The function of the first forwarding device involved.

作为一种可能的实现方式，图7所示的通信装置包括：获取模块701、处理模块702和发送模块703。As a possible implementation manner, the communication device shown in FIG. 7 includes: an acquisition module 701, a processing module 702, and a sending module 703.

获取模块701，用于获取第一数据报文；该通信装置通过第一接口与透明增值服务VAS设备的一个接口通信连接，该透明VAS设备的另一个接口与第二转发设备的第二接口通信连接；该第一数据报文包括第一数据；该通信装置和该第二转发设备属于同一个三层虚拟专用网。The obtaining module 701 is used to obtain a first data message; the communication device communicates with one interface of the transparent value-added service VAS device through the first interface, and the other interface of the transparent VAS device communicates with the second interface of the second forwarding device Connection; the first data message includes the first data; the communication device and the second forwarding device belong to the same three-layer virtual private network.

处理模块702，用于获取该第一数据报文对应的第一地址解析协议ARP表项；该第一ARP表项中的协议地址为该第一接口所在网段的空闲地址，该第一ARP表项中的物理地址为该第二接口的物理地址。The processing module 702 is configured to obtain a first address resolution protocol ARP entry corresponding to the first data message; the protocol address in the first ARP entry is an idle address of the network segment where the first interface is located, and the first ARP The physical address in the table entry is the physical address of the second interface.

发送模块703，用于通过该第一接口向该透明VAS设备发送该第一数据；该第二接口的物理地址对应该第一接口。The sending module 703 is configured to send the first data to the transparent VAS device through the first interface; the physical address of the second interface corresponds to the first interface.

可选的，该第一数据报文包括第一源协议地址，处理模块702，具体用于获取该第一源协议地址对应的第一策略路由，该第一策略路由的下一跳为该第一ARP表项中的该协议地址；处理模块702，还具体用于根据该第一策略路由获取该第一ARP表项。Optionally, the first data message includes a first source protocol address, and the processing module 702 is specifically configured to obtain the first policy route corresponding to the first source protocol address, and the next hop of the first policy route is the first policy route. The protocol address in an ARP entry; the processing module 702 is further specifically configured to obtain the first ARP entry according to the first policy routing.

可选的，该第一数据报文包括第一目的物理地址，处理模块702，具体用于根据该第一目的物理地址查找ARP表，得到该第一ARP表项。Optionally, the first data message includes a first destination physical address, and the processing module 702 is specifically configured to look up an ARP table according to the first destination physical address to obtain the first ARP table entry.

可选的，处理模块702，还用于根据该第一ARP表项中的该第二接口的物理地址查找物理映射表，确定需要通过该第一接口发送该第一数据；或者，处理模块702，还用于根据该第一ARP表项中的出接口确定需要通过该第一接口发送该第一数据。Optionally, the processing module 702 is further configured to look up a physical mapping table according to the physical address of the second interface in the first ARP entry, and determine that the first data needs to be sent through the first interface; or, the processing module 702 And is also used to determine, according to the outgoing interface in the first ARP entry, that the first data needs to be sent through the first interface.

可选的，通信装置与该第二转发设备相同或不同，该第一接口与该第二接口不同。Optionally, the communication device is the same as or different from the second forwarding device, and the first interface is different from the second interface.

其中，上述方法实施例涉及的各操作的所有相关内容均可以援引到对应功能模块的功能描述，在此不再赘述。Among them, all relevant content of each operation involved in the foregoing method embodiment can be cited in the function description of the corresponding function module, and will not be repeated here.

在本实施例中，该通信装置以采用集成的方式划分各个功能模块的形式来呈现。这里的“模块”可以指特定ASIC，电路，执行一个或多个软件或固件程序的处理器和存储器，集成逻辑电路，和/或其他可以提供上述功能的器件。在一个简单的实施例中，本领域的技术人员可以想到该通信装置可以采用图2所示的形式。In this embodiment, the communication device is presented in the form of dividing various functional modules in an integrated manner. The "module" here may refer to a specific ASIC, a circuit, a processor and memory that executes one or more software or firmware programs, an integrated logic circuit, and/or other devices that can provide the above-mentioned functions. In a simple embodiment, those skilled in the art can imagine that the communication device may adopt the form shown in FIG. 2.

比如，图2中的处理器201可以通过调用存储器203中存储的计算机可执行指令，使得通信装置执行上述方法实施例中的报文传输方法。For example, the processor 201 in FIG. 2 may invoke the computer executable instructions stored in the memory 203 to cause the communication device to execute the message transmission method in the foregoing method embodiment.

示例性的，图7中的获取模块701、处理模块702和发送模块703的功能/实现过程可以通过图2中的处理器201调用存储器203中存储的计算机可执行指令来实现。或者，图7中的获取模块701和处理模块702的功能/实现过程可以通过图2中的处理器201调用存储器203中存储的计算机可执行指令来实现，图7中的发送模块703的功能/实现过程可以通过图2中的通信接口204来实现。Exemplarily, the function/implementation process of the acquiring module 701, the processing module 702, and the sending module 703 in FIG. 7 may be implemented by the processor 201 in FIG. 2 calling the computer executable instructions stored in the memory 203. Alternatively, the function/implementation process of the acquisition module 701 and the processing module 702 in FIG. 7 can be implemented by the processor 201 in FIG. 2 calling computer executable instructions stored in the memory 203, and the function/implementation process of the sending module 703 in FIG. 7 The implementation process can be implemented through the communication interface 204 in FIG. 2.

由于本实施例提供的通信装置可执行上述的报文传输方法，因此其所能获得的技术效果可参考上述方法实施例。Since the communication device provided in this embodiment can execute the foregoing message transmission method, the technical effects that can be obtained can refer to the foregoing method embodiment.

图8为本申请实施例提供的一种芯片的结构示意图。芯片80包括一个或多个处理器801以及接口电路802。可选的，所述芯片80还可以包含总线803。其中：FIG. 8 is a schematic structural diagram of a chip provided by an embodiment of the application. The chip 80 includes one or more processors 801 and an interface circuit 802. Optionally, the chip 80 may further include a bus 803. in:

处理器801可能是一种集成电路芯片，具有信号的处理能力。在实现过程中，上述方法的各步骤可以通过处理器801中的硬件的集成逻辑电路或者软件形式的指令完成。上述的处理器801可以是通用处理器、数字通信器(DSP)、专用集成电路(ASIC)、现场可编程门阵列(FPGA)或者其它可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件。可以实现或者执行本申请实施例中的公开的各方法、步骤。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。The processor 801 may be an integrated circuit chip with signal processing capabilities. In the implementation process, the steps of the foregoing method can be completed by an integrated logic circuit of hardware in the processor 801 or instructions in the form of software. The aforementioned processor 801 may be a general-purpose processor, a digital communicator (DSP), an application specific integrated circuit (ASIC), a field programmable gate array (FPGA) or other programmable logic devices, discrete gates or transistor logic devices, discrete hardware components . The methods and steps disclosed in the embodiments of the present application can be implemented or executed. The general-purpose processor may be a microprocessor or the processor may also be any conventional processor or the like.

接口电路802用于数据、指令或者信息的发送或者接收。处理器801可以利用接口电路802接收的数据、指令或者其它信息，进行加工，可以将加工完成信息通过接口电路802发送出去。The interface circuit 802 is used for sending or receiving data, instructions or information. The processor 801 can use the data, instructions or other information received by the interface circuit 802 to perform processing, and can send the processing completion information through the interface circuit 802.

可选的，芯片80还包括存储器，该存储器可以包括只读存储器和随机存取存储器，并向处理器提供操作指令和数据。该存储器的一部分还可以包括非易失性随机存取存储器(NVRAM)。Optionally, the chip 80 further includes a memory, which may include a read-only memory and a random access memory, and provides operation instructions and data to the processor. A part of the memory may also include non-volatile random access memory (NVRAM).

可选的，该存储器存储了可执行软件模块或者数据结构，处理器801可以通过调用该存储器存储的操作指令(该操作指令可存储在操作***中)，执行相应的操作。Optionally, the memory stores executable software modules or data structures, and the processor 801 can execute corresponding operations by calling operation instructions stored in the memory (the operation instructions may be stored in the operating system).

可选的，芯片80可以使用在本申请实施例涉及的通信装置中。可选的，接口电路802可用于输出处理器801的执行结果。关于本申请的一个或多个实施例提供的报文传输方法可参考前述各个实施例，这里不再赘述。Optionally, the chip 80 may be used in the communication device involved in the embodiment of the present application. Optionally, the interface circuit 802 may be used to output the execution result of the processor 801. For the message transmission method provided by one or more embodiments of the present application, reference may be made to each of the foregoing embodiments, which will not be repeated here.

需要说明的，处理器801、接口电路802各自对应的功能既可以通过硬件设计实现，也可以通过软件设计来实现，还可以通过软硬件结合的方式来实现，这里不作限制。It should be noted that the respective functions of the processor 801 and the interface circuit 802 can be implemented either through hardware design, through software design, or through a combination of software and hardware, which is not limited here.

在上述实施例中，可以全部或部分地通过软件、硬件、固件或者其任意组合来实现。当使用软件程序实现时，可以全部或部分地以计算机程序产品的形式来实现。该计算机程序产品包括一个或多个计算机指令。在计算机上加载和执行计算机程序指令时，全部或部分地产生按照本申请实施例的流程或功能。计算机可以是通用计算机、专用计算机、计算机网络、或者其他可编程装置。计算机指令可以存储在计算机可读存储介质中，或者从一个计算机可读存储介质向另一个计算机可读存储介质传输，例如，计算机指令可以从一个网站站点、计算机、服务器或者数据中心通过有线(例如同轴电缆、光纤、数字用户线(digital subscriber line，DSL))或无线(例如红外、无线、微波等)方式向另一个网站站点、计算机、服务器或数据中心进行传输。计算机可读存储介质可以是计算机能够存取的任何可用介质或者是包含一个或多个可以用介质集成的服务器、数据中心等数据存储设备。可用介质可以是磁性介质(例如，软盘、硬盘、磁带)，光介质(例如，DVD)、或者半导体介质(例如固态硬盘(solid state disk，SSD))等。In the above-mentioned embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented using a software program, it can be implemented in the form of a computer program product in whole or in part. The computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on the computer, the processes or functions according to the embodiments of the present application are generated in whole or in part. The computer can be a general-purpose computer, a special-purpose computer, a computer network, or other programmable devices. Computer instructions may be stored in a computer-readable storage medium, or transmitted from one computer-readable storage medium to another computer-readable storage medium. For example, computer instructions may be transmitted from a website, computer, server, or data center through a cable (such as Coaxial cable, optical fiber, digital subscriber line (digital subscriber line, DSL) or wireless (such as infrared, wireless, microwave, etc.) transmission to another website site, computer, server or data center. The computer-readable storage medium may be any available medium that can be accessed by a computer or may include one or more data storage devices such as a server or a data center that can be integrated with the medium. The usable medium may be a magnetic medium (for example, a floppy disk, a hard disk, and a magnetic tape), an optical medium (for example, a DVD), or a semiconductor medium (for example, a solid state disk (SSD)).

尽管在此结合各实施例对本申请进行了描述，然而，在实施所要求保护的本申请过程中，本领域技术人员通过查看附图、公开内容、以及所附权利要求书，可理解并实现公开实施例的其他变化。在权利要求中，“包括”(comprising)一词不排除其他组成部分或操作，“一”或“一个”不排除多个的情况。单个处理器或其他单元可以实现权利要求中列举的若干项功能。相互不同的从属权利要求中记载了某些措施，但这并不表示这些措施不能组合起来产生良好的效果。Although this application has been described in conjunction with various embodiments, in the process of implementing the claimed application, those skilled in the art can understand and realize the disclosure by looking at the drawings, the disclosure, and the appended claims. Other changes to the embodiment. In the claims, the word "comprising" does not exclude other components or operations, and "a" or "one" does not exclude multiple. A single processor or other unit can implement several functions listed in the claims. Certain measures are described in mutually different dependent claims, but this does not mean that these measures cannot be combined to produce good results.

尽管结合具体特征及其实施例对本申请进行了描述，显而易见的，在不脱离本申请的范围的情况下，可对其进行各种修改和组合。相应地，本说明书和附图仅仅是所附权利要求所界定的本申请的示例性说明，且视为已覆盖本申请范围内的任意和所有修改、变化、组合或等同物。显然，本领域的技术人员可以对本申请进行各种改动和变型而不脱离本申请的精神和范围。这样，倘若本申请的这些修改和变型属于本申请权利要求及其等同技术的范围之内，则本申请也意图包含这些改动和变型在内。Although the application has been described in combination with specific features and embodiments, it is obvious that various modifications and combinations can be made without departing from the scope of the application. Correspondingly, the specification and drawings are merely exemplary descriptions of the application as defined by the appended claims, and are deemed to have covered any and all modifications, changes, combinations or equivalents within the scope of the application. Obviously, those skilled in the art can make various changes and modifications to the application without departing from the spirit and scope of the application. In this way, if these modifications and variations of this application fall within the scope of the claims of this application and their equivalent technologies, this application also intends to include these modifications and variations.

Claims

一种网络***，其特征在于，所述***包括第一转发设备、第二转发设备和透明增值服务VAS设备，所述第一转发设备和所述第二转发设备属于同一个三层虚拟专用网；A network system, characterized in that the system includes a first forwarding device, a second forwarding device, and a transparent value-added service VAS device, and the first forwarding device and the second forwarding device belong to the same three-layer virtual private network ；

所述第一转发设备通过第一接口与所述透明VAS设备通信连接；The first forwarding device communicates with the transparent VAS device through a first interface;

所述第二转发设备通过第二接口与所述透明VAS设备通信连接；The second forwarding device communicates with the transparent VAS device through a second interface;

所述第一转发设备上存储有第一地址解析协议ARP表项，所述第一ARP表项中的协议地址为所述第一接口所在网段的空闲地址，所述第一ARP表项中的物理地址为所述第二接口的物理地址。A first address resolution protocol ARP entry is stored on the first forwarding device, the protocol address in the first ARP entry is an idle address of the network segment where the first interface is located, and the first ARP entry is The physical address of is the physical address of the second interface.
根据权利要求1所述的网络***，其特征在于：The network system according to claim 1, wherein:

所述第一转发设备上还存储有第一策略路由，所述第一策略路由的下一跳为所述第一ARP表项中的协议地址。The first forwarding device also stores a first policy route, and the next hop of the first policy route is the protocol address in the first ARP entry.
根据权利要求1或2所述的网络***，其特征在于：The network system according to claim 1 or 2, characterized in that:

所述第二转发设备上存储有第二ARP表项，所述第二ARP表项中的协议地址为所述第二接口所在网段的空闲地址，所述第二ARP表项中的物理地址为所述第一接口的物理地址。A second ARP entry is stored on the second forwarding device, the protocol address in the second ARP entry is an idle address of the network segment where the second interface is located, and the physical address in the second ARP entry Is the physical address of the first interface.
根据权利要求3所述的网络***，其特征在于，The network system according to claim 3, wherein:

所述第二转发设备上还存储有第二策略路由，所述第二策略路由的下一跳为所述第二ARP表项中的协议地址。The second forwarding device also stores a second policy route, and the next hop of the second policy route is the protocol address in the second ARP entry.
根据权利要求1-4中任意一项所述的网络***，其特征在于，所述网络***还包括控制器，所述控制器用于生成所述第一ARP表项，以及，向所述第一转发设备发送所述第一ARP表项。The network system according to any one of claims 1 to 4, wherein the network system further comprises a controller, and the controller is configured to generate the first ARP entry, and send the first ARP entry to the The forwarding device sends the first ARP entry.
一种报文传输方法，其特征在于，所述方法包括：A message transmission method, characterized in that the method includes:

第一转发设备获取第一数据报文；所述第一转发设备通过第一接口与透明增值服务VAS设备的一个接口通信连接，所述透明VAS设备的另一个接口与第二转发设备的第二接口通信连接；所述第一数据报文包括第一数据；所述第一转发设备和所述第二转发设备属于同一个三层虚拟专用网；The first forwarding device obtains the first data packet; the first forwarding device communicates with one interface of the transparent value-added service VAS device through the first interface, and the other interface of the transparent VAS device communicates with the second forwarding device of the second forwarding device. Interface communication connection; the first data message includes first data; the first forwarding device and the second forwarding device belong to the same three-tier virtual private network;

所述第一转发设备获取所述第一数据报文对应的第一地址解析协议ARP表项；所述第一ARP表项中的协议地址为所述第一接口所在网段的空闲地址，所述第一ARP表项中的物理地址为所述第二接口的物理地址；The first forwarding device obtains a first address resolution protocol ARP table entry corresponding to the first data message; the protocol address in the first ARP table entry is an idle address of the network segment where the first interface is located, so The physical address in the first ARP entry is the physical address of the second interface;

所述第一转发设备通过所述第一接口向所述透明VAS设备发送所述第一数据；所述第二接口的物理地址对应所述第一接口。The first forwarding device sends the first data to the transparent VAS device through the first interface; the physical address of the second interface corresponds to the first interface.
根据权利要求6所述的方法，其特征在于，所述第一数据报文包括第一源协议地址，所述第一转发设备获取所述第一数据报文对应的第一地址解析协议ARP表项包括：The method according to claim 6, wherein the first data message includes a first source protocol address, and the first forwarding device obtains a first address resolution protocol ARP table corresponding to the first data message Items include:

所述第一转发设备获取所述第一源协议地址对应的第一策略路由，所述第一策略路由的下一跳为所述第一ARP表项中的所述协议地址；Acquiring, by the first forwarding device, a first policy route corresponding to the first source protocol address, and the next hop of the first policy route is the protocol address in the first ARP entry;

所述第一转发设备根据所述第一策略路由获取所述第一ARP表项。The first forwarding device obtains the first ARP entry according to the first policy routing.
根据权利要求6所述的方法，其特征在于，所述第一数据报文包括第一目的物理地址，所述第一转发设备获取所述第一数据报文对应的第一地址解析协议ARP表项包括：The method according to claim 6, wherein the first data message includes a first destination physical address, and the first forwarding device obtains a first address resolution protocol ARP table corresponding to the first data message Items include:

所述第一转发设备根据所述第一目的物理地址查找ARP表，得到所述第一ARP表项。The first forwarding device searches the ARP table according to the first destination physical address to obtain the first ARP table entry.
根据权利要求6-8中任意一项所述的方法，其特征在于，所述第一转发设备通过所述第一接口向所述透明VAS设备发送所述第一数据之前，所述方法还包括：The method according to any one of claims 6-8, wherein before the first forwarding device sends the first data to the transparent VAS device through the first interface, the method further comprises :

所述第一转发设备根据所述第一ARP表项中的所述第二接口的物理地址查找物理映射表，确定需要通过所述第一接口发送所述第一数据；The first forwarding device searches a physical mapping table according to the physical address of the second interface in the first ARP entry, and determines that the first data needs to be sent through the first interface;

或or

所述第一转发设备根据所述第一ARP表项中的出接口确定需要通过所述第一接口发送所述第一数据。The first forwarding device determines, according to the outgoing interface in the first ARP entry, that the first data needs to be sent through the first interface.
根据权利要求6-9中任意一项所述的方法，其特征在于，所述第一转发设备与所述第二转发设备相同或不同，所述第一接口与所述第二接口不同。The method according to any one of claims 6-9, wherein the first forwarding device is the same as or different from the second forwarding device, and the first interface is different from the second interface.
一种通信装置，其特征在于，所述通信装置包括：获取模块、处理模块和发送模块；A communication device, characterized in that the communication device includes: an acquisition module, a processing module, and a sending module;

所述获取模块，用于获取第一数据报文；所述通信装置通过第一接口与透明增值服务VAS设备的一个接口通信连接，所述透明VAS设备的另一个接口与第二转发设备的第二接口通信连接；所述第一数据报文包括第一数据；所述通信装置和所述第二转发设备属于同一个三层虚拟专用网；The acquisition module is configured to acquire a first data message; the communication device communicates with an interface of a transparent value-added service VAS device through a first interface, and the other interface of the transparent VAS device communicates with the first interface of the second forwarding device. Two-interface communication connection; the first data message includes first data; the communication device and the second forwarding device belong to the same three-layer virtual private network;

所述处理模块，用于获取所述第一数据报文对应的第一地址解析协议ARP表项；所述第一ARP表项中的协议地址为所述第一接口所在网段的空闲地址，所述第一ARP表项中的物理地址为所述第二接口的物理地址；The processing module is configured to obtain a first address resolution protocol ARP table entry corresponding to the first data message; the protocol address in the first ARP table entry is an idle address of the network segment where the first interface is located, The physical address in the first ARP entry is the physical address of the second interface;

所述发送模块，用于通过所述第一接口向所述透明VAS设备发送所述第一数据；所述第二接口的物理地址对应所述第一接口。The sending module is configured to send the first data to the transparent VAS device through the first interface; the physical address of the second interface corresponds to the first interface.
根据权利要求11所述的通信装置，其特征在于，所述第一数据报文包括第一源协议地址，所述处理模块用于：The communication device according to claim 11, wherein the first data message includes a first source protocol address, and the processing module is configured to:

获取所述第一源协议地址对应的第一策略路由，所述第一策略路由的下一跳为所述第一ARP表项中的所述协议地址；Acquiring a first policy route corresponding to the first source protocol address, where the next hop of the first policy route is the protocol address in the first ARP entry;

根据所述第一策略路由获取所述第一ARP表项。Acquire the first ARP entry according to the first policy routing.
根据权利要求11所述的通信装置，其特征在于，所述第一数据报文包括第一目的物理地址，The communication device according to claim 11, wherein the first data message includes a first destination physical address,

所述处理模块，用于根据所述第一目的物理地址查找ARP表，得到所述第一ARP表项。The processing module is configured to search the ARP table according to the first destination physical address to obtain the first ARP table entry.
根据权利要求11-13中任意一项所述的通信装置，其特征在于，所述处理模块，还用于：The communication device according to any one of claims 11-13, wherein the processing module is further configured to:

根据所述第一ARP表项中的所述第二接口的物理地址查找物理映射表，确定需要通过所述第一接口发送所述第一数据；Searching a physical mapping table according to the physical address of the second interface in the first ARP entry, and determining that the first data needs to be sent through the first interface;

或or

根据所述第一ARP表项中的出接口确定需要通过所述第一接口发送所述第一数据。It is determined according to the outgoing interface in the first ARP entry that the first data needs to be sent through the first interface.
根据权利要求11-14中任意一项所述的通信装置，其特征在于，所述通信装置与所述第二转发设备相同或不同，所述第一接口与所述第二接口不同。The communication device according to any one of claims 11-14, wherein the communication device is the same as or different from the second forwarding device, and the first interface is different from the second interface.
一种通信装置，其特征在于，包括：处理器，所述处理器与存储器耦合，所述存储器用于存储程序或指令，当所述程序或指令被所述处理器执行时，使得所述装置执行如权利要求6至10中任一项所述的方法。A communication device, characterized by comprising: a processor, the processor is coupled with a memory, the memory is used to store a program or instruction, when the program or instruction is executed by the processor, the device The method according to any one of claims 6 to 10 is performed.