WO2023274083A1 - Route publishing method and apparatus, packet forwarding method and apparatus, device, and storage medium - Google Patents

Route publishing method and apparatus, packet forwarding method and apparatus, device, and storage medium Download PDF

Info

Publication number
WO2023274083A1
WO2023274083A1 PCT/CN2022/101251 CN2022101251W WO2023274083A1 WO 2023274083 A1 WO2023274083 A1 WO 2023274083A1 CN 2022101251 W CN2022101251 W CN 2022101251W WO 2023274083 A1 WO2023274083 A1 WO 2023274083A1
Authority
WO
WIPO (PCT)
Prior art keywords
node
message
routing
autonomous domain
vpn sid
Prior art date
Application number
PCT/CN2022/101251
Other languages
French (fr)
Chinese (zh)
Inventor
陈新隽
王海波
王丽丽
赵科强
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2023274083A1 publication Critical patent/WO2023274083A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/02Topology update or discovery
    • H04L45/04Interdomain routing, e.g. hierarchical routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/50Routing or path finding of packets in data switching networks using label swapping, e.g. multi-protocol label switch [MPLS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/50Routing or path finding of packets in data switching networks using label swapping, e.g. multi-protocol label switch [MPLS]
    • H04L45/507Label distribution

Definitions

  • the present application relates to the technical field of network communication, in particular to a method, device, device and storage medium for routing, publishing and forwarding messages.
  • the Internet is divided into multiple autonomous systems (ASs), and the multi-protocol external border gateway protocol (MP-EBGP) runs between different ASs.
  • the edge routing device in the autonomous domain publishes all virtual private network (virtual private network, VPN) routing information in the autonomous domain to the edge routing device in another autonomous domain through MP-EBGP.
  • the edge routing device in the other autonomous domain redistributes a label for the received VPN routing information, and advertises it in the autonomous domain where it is located.
  • edge routing devices of each autonomous domain assign labels to all VPN routing information, and the processing complexity is high.
  • the present application provides a method, device, device and storage medium for route publishing and message forwarding, which can simplify the process of route publishing and message forwarding.
  • the present application provides a method for routing distribution, the method is applied to a first node in a first autonomous domain, and the first node is an edge routing device in the first autonomous domain, and the method includes: receiving The first routing message sent by the second node of the second node, wherein the second node is the edge routing device of the second autonomous domain, the first routing message includes the VPN SID, the prefix address associated with the VPN SID, and the first next hop, the first The next hop is the second node, and the first routing message is used to send the message to the prefix address; the second routing message is obtained, wherein the second routing message includes the VPN SID, the prefix address and the second next hop, and the second The next hop is the first node, and the VPN SID in the first routing message is the same as the VPN SID in the second routing message; the second routing message is advertised in the first autonomous domain, wherein the second routing message is used to send to the prefix address message.
  • the VPN segment identifier (segment identifier) SID is a segment routing internet protocol version 6 (segment routing internet protocol version 6, SRv6) SID.
  • the first node is an edge routing device of the first autonomous domain.
  • the second node is an edge routing device of the second autonomous domain.
  • the first node receives the first routing message sent by the second node in the second autonomous domain, and the first node obtains the second routing message.
  • the prefix address in the second routing message is the same as the prefix address in the first routing message; the VPN SID in the second routing message is the same as the VPN SID in the first routing message; the next hop in the second routing message is the same as the first The next hops in routing messages are not the same.
  • the first node advertises the second routing message in the first autonomous domain. In this way, when the VPN routes are advertised between autonomous domains, the edge routing devices of the autonomous domains do not modify the VPN SID, which simplifies the process of routing advertisement.
  • the method further includes: adding the VPN SID in the first routing message and the first next hop correspondingly to the routing table. In this way, in this way, the message sent to the prefix address in the first routing message can be forwarded.
  • receiving the first routing message sent by the second node in the second autonomous domain includes: receiving the routing message sent by the second node in the second autonomous domain through an external border gateway protocol (external border gateway protocol, EBGP).
  • EBGP external border gateway protocol
  • the first routing message further includes a coloring (color) parameter, where the color parameter is a color parameter configured in the second autonomous domain; before the first autonomous domain notifies the second routing message, it further includes: If the color parameter configured on the first node is inconsistent with the color parameter in the first routing message, modify the color parameter in the second routing message to be the color parameter configured on the first node.
  • a coloring (color) parameter where the color parameter is a color parameter configured in the second autonomous domain
  • the color parameter is configured on the first node. If the color parameter configured on the first node is inconsistent with the color parameter in the first routing message, the first node can modify the color parameter in the second routing message It is the color parameter configured on the first node. In this way, each autonomous domain can flexibly use the color parameter.
  • the first routing message does not include the color parameter; before the first autonomous domain notifies the second routing message, it also includes: if the first node is configured with the color parameter, then in the second routing message Add the color parameter configured on the first node. In this way, the color parameter is not configured in the second autonomous domain, but the color parameter is configured in the first autonomous domain, so that each autonomous domain can flexibly use the SRv6 tunnel.
  • the present application provides a method for routing distribution, the method is applied to a second node in a second autonomous domain, and the second node is an edge routing device in the second autonomous domain, the method includes: receiving the second autonomous domain The third routing message sent by the third node, wherein, the third routing message includes the VPN SID, the prefix address associated with the VPN SID and the third next hop, the third next hop is the third node, and the third routing message uses To send the message to the prefix address; obtain the first routing message, wherein the first routing message includes VPN SID, prefix address and the first next hop, the first next hop is the second node, in the first routing message
  • the VPN SID in the third routing message is the same as the VPN SID in the third routing message; the first routing message is sent to the first node in the first autonomous domain, where the first node is an edge routing device in the first autonomous domain, and the first routing message is used for Send packets destined for the prefix address.
  • the second node in the second autonomous domain receives the third routing message sent by the third node in the second autonomous domain, and the second node obtains the first routing message.
  • the prefix address in the first routing message is the same as the prefix address in the third routing message;
  • the VPN SID in the first routing message is the same as the VPN SID in the third routing message;
  • the next hop in the first routing message is the same as the third routing message The next hops in routing messages are not the same.
  • the second node sends the first routing message to the first node in the first autonomous domain. In this way, when the VPN routes are advertised between autonomous domains, the edge routing devices of the autonomous domains do not modify the VPN SID, which simplifies the route advertisement process.
  • the method further includes: adding the VPN SID in the third routing message and the third next hop correspondingly to the routing table. In this way, the message sent to the prefix address in the third routing message can be forwarded.
  • sending the first routing message to the first node in the first autonomous domain includes: sending the first routing message to the first node in the first autonomous domain through EBGP. In this way, route advertisement between autonomous domains can be realized.
  • the present application provides a method for forwarding packets, the method is applied to a second node in a second autonomous domain, and the second node is an edge routing device in the second autonomous domain, the method includes: receiving the first autonomous The first message sent by the first node of the domain, wherein the first node is the edge routing device of the first autonomous domain, the first message includes the VPN SID, and the first message is the SRv6 address sent to the prefix address associated with the VPN SID. message; determine the forwarding policy of the first message in the second autonomous domain based on the VPN SID; The VPN SID included in a packet is the same.
  • the second node in the second autonomous domain receives the first message sent by the first node in the first autonomous domain, and uses the VPN SID to determine the forwarding policy of the first message in the second autonomous domain. Then the second node sends the first packet based on the forwarding policy.
  • the first packet received by the second node is the same as the VPN SID in the first packet sent by the second node. In this way, when packets are forwarded between autonomous domains, there is no need to modify the VPN SID, which simplifies the packet forwarding process.
  • determining the forwarding policy of the first message in the second autonomous domain based on the VPN SID includes: if the VPN SID is associated with SRv6 Policy tunnel information, determining the forwarding policy of the first message in the second autonomous domain The forwarding policy is based on the SRv6 Policy tunnel; if the VPN SID is not associated with SRv6 policy (Policy) tunnel information, then determine that the forwarding policy of the first packet in the second autonomous domain is based on the SRv6 best effort (BE) tunnel strategy. In this way, the forwarding policy can be accurately determined according to whether the VPN SID is associated with SRv6 Policy tunnel information.
  • Policy SRv6 policy
  • the method further includes: receiving a third routing message sent by a third node in the second autonomous domain, where the third routing message includes the VPN SID, prefix address and next hop, and the third routing message includes: The next hop in the routing message is the third node; the VPN SID and the next hop in the third routing message are correspondingly added to the routing table.
  • the second node adds the VPN SID and the next hop in its own routing table.
  • the second node can search the next hop based on the VPN SID in the routing table to realize fast forwarding of the message.
  • the first message is sent based on the forwarding policy, including: if the forwarding policy is a policy based on the SRv6 Policy tunnel, then based on the next hop corresponding to the VPN SID in the routing table, in the first message Encapsulate the SRv6 Policy tunnel information in the document to obtain the second packet; send the second packet; if the forwarding policy is based on the SRv6 BE tunnel, use the outbound interface corresponding to the next hop to send the first packet. In this way, packets in the second autonomous domain can be forwarded through different SRv6 tunnels.
  • the method further includes: obtaining the first routing message, wherein the first routing message includes the VPN SID, the prefix address and the next hop of the first routing information, and the next hop of the first routing message Be the second node, the VPN SID in the first routing message is the same as the VPN SID in the third routing message; send the first routing message to the first node.
  • the second node obtains the first routing message, and the prefix address in the first routing message is the same as the prefix address in the third routing message; the VPN SID in the first routing message is the same as The VPN SID in the third routing message is the same; the next hop in the first routing message is different from the next hop in the third routing message.
  • the second node sends the first routing message to the second node in the first autonomous domain. In this way, when the VPN routes are advertised between autonomous domains, the edge routing devices of the autonomous domains do not modify the VPN SID, which simplifies the route advertisement process.
  • the destination address field in the Internet protocol version 6 (internet protocol version 6, IPv6) packet header of the first packet received by the second node includes the VPN SID.
  • the present application provides a method for forwarding a message, the method is applied to a first node in a first autonomous domain, and the first node is an edge routing device in the first autonomous domain, and the method includes: receiving the first message
  • the first message includes the VPN SID, and the first message is an SRV6 message destined for the prefix address associated with the VPN SID; the next hop is determined based on the VPN SID, and the next hop is the second autonomous domain
  • the second node, the second node is the edge routing device of the second autonomous domain; based on the next hop, the first message is sent, wherein, the VPN SID included in the first message sent is the same as that in the received first message
  • the included VPN SID is the same.
  • the first node in the first autonomous domain receives the first message, determines the next hop based on the VPN SID in the first message, and then sends the first message based on the next hop.
  • the VPN SID included in the first packet sent by the first node is the same as the VPN SID included in the received first packet. In this way, when packets are forwarded between autonomous domains, there is no need to modify the VPN SID, which simplifies the packet forwarding process.
  • the method before determining the next hop based on the VPN SID, further includes: receiving a first routing message sent by the second node, wherein the first routing message includes the VPN SID, the prefix address and the next hop Hop; The VPN SID in the first routing message and the next hop are correspondingly added to the routing table; Determine the next hop based on the VPN SID, including: in the routing table, determine the next hop corresponding to the VPN SID.
  • the first node adds the VPN SID and the next hop in its own routing table.
  • the first node can search the next hop based on the VPN SID in the routing table to realize fast forwarding of the message.
  • the method further includes: obtaining a second routing message, where the second routing message includes the next hop of the VPN SID, the prefix address and the second routing message, and the next hop of the second routing message Be the first node, the VPN SID in the first routing message is the same as the VPN SID in the second routing message; advertise the second routing message in the first autonomous domain.
  • the first node obtains the second routing message, and the prefix address in the second routing message is the same as the prefix address in the first routing message; the VPN SID in the second routing message is the same as The VPN SID in the first routing message is the same; the next hop in the second routing message is different from the next hop in the first routing message.
  • the first node advertises the second routing message in the first autonomous domain. In this way, when the VPN routes are advertised between autonomous domains, the edge routing devices of the autonomous domains do not modify the VPN SID, which simplifies the route advertisement process.
  • receiving the first message includes: receiving the first message through an SRv6 BE tunnel or an SRv6 Policy tunnel.
  • the SRv6 tunnel can be flexibly used in the first autonomous domain.
  • the destination address field in the IPv6 packet header of the first packet sent includes the VPN SID.
  • the first packet can be forwarded based on the VPN SID.
  • the present application provides a device for publishing routes, which is applied to a first node in a first autonomous domain, where the first node is an edge routing device of the first autonomous domain, and the device includes:
  • a receiving module configured to receive a first routing message sent by a second node of a second autonomous domain, wherein the second node is an edge routing device of the second autonomous domain, and the first routing message includes a VPN SID .
  • the second routing message includes the VPN SID, the prefix address and a second next hop, the second next hop is the first node, and the first routing
  • the VPN SID in the message is identical with the VPN SID in the second routing message
  • the device further includes:
  • An adding module configured to add the VPN SID in the first routing message and the first next hop correspondingly to a routing table.
  • the receiving module is configured to receive the first routing message sent by the second node in the second autonomous domain through an external border gateway protocol (EBGP).
  • EBGP external border gateway protocol
  • the first routing message further includes a color parameter, where the color parameter is a color parameter configured in the second autonomous domain; If the color parameter configured on the first node is inconsistent with the color parameter in the first routing message before the autonomous domain notifies the second routing message, modify the color parameter in the second routing message to be the color parameter in the first routing message.
  • the color parameter configured on a node If the color parameter configured on a node is inconsistent with the color parameter in the first routing message before the autonomous domain notifies the second routing message, modify the color parameter in the second routing message to be the color parameter in the first routing message.
  • the color parameter is not included in the first routing message
  • the publishing module is further configured to add the first node in the second routing message if the first node is configured with a color parameter before the first autonomous domain notifies the second routing message The color parameter configured above.
  • the present application provides a device for publishing routes, which is applied to a second node in a second autonomous domain, where the second node is an edge routing device in the second autonomous domain, and the device includes:
  • a receiving module configured to receive a third routing message sent by a third node in the second autonomous domain, wherein the third routing message includes a VPN SID, a prefix address associated with the VPN SID, and a third next hop, the The third next hop is the third node, and the third routing message is used to send a message destined for the prefix address;
  • a publishing module configured to obtain a first routing message, wherein the first routing message includes the VPN SID, the prefix address and a first next hop, the first next hop being the second node,
  • the VPN SID in the first routing message is identical to the VPN SID in the third routing message;
  • a sending module configured to send the first routing message to a first node in the first autonomous domain, where the first node is an edge routing device in the first autonomous domain, and the first routing message is used to send Packets destined for the prefix address.
  • the device further includes:
  • An adding module configured to add the VPN SID in the third routing message and the third next hop correspondingly to a routing table.
  • the sending module is configured to send the first routing message to the first node in the first autonomous domain through EBGP.
  • the present application provides a device for forwarding messages, which is applied to a second node in a second autonomous domain, where the second node is an edge routing device in the second autonomous domain, and the device includes:
  • a receiving module configured to receive a first message sent by a first node in a first autonomous domain, where the first node is an edge routing device in the first autonomous domain, and the first message includes a VPN SID, The first message is an SRv6 message destined for the prefix address associated with the VPN SID;
  • a policy determination module configured to determine a forwarding policy of the first message in the second autonomous domain based on the VPN SID
  • a sending module configured to send the first packet based on the forwarding strategy, wherein the VPN SID included in the first packet sent based on the forwarding strategy is the same as the VPN SID included in the received first packet.
  • the policy determination module is configured to:
  • VPN SID is associated with SRv6 Policy tunnel information, then determining that the forwarding strategy of the first message in the second autonomous domain is based on the strategy of the SRv6 Policy tunnel;
  • the forwarding policy of the first message in the second autonomous domain is a policy based on the SRv6 BE tunnel.
  • the receiving module is further configured to receive a third routing message sent by a third node in the second autonomous domain, where the third routing message includes the VPN SID, The prefix address and the next hop, the next hop in the third routing message is the third node; the VPN SID and the next hop in the third routing message are correspondingly added to the route surface.
  • the sending module is configured to:
  • the forwarding strategy is a strategy based on the SRv6 Policy tunnel
  • the forwarding strategy is a strategy based on the SRv6 Policy tunnel
  • the forwarding policy is a policy based on the SRv6 BE tunnel, then use the outbound interface corresponding to the next hop to send the first packet.
  • the device further includes: an publishing module, configured to obtain a first routing message, where the first routing message includes the VPN SID, the prefix address, and the first routing message The next hop of the information, the next hop of the first routing message is the second node, and the VPN SID in the first routing message is the same as the VPN SID in the third routing message;
  • the sending module further sends the first routing message to the first node.
  • the destination address field in the IPv6 packet header of the received first packet includes the VPN SID.
  • the present application provides a device for forwarding messages, which is applied to a first node in a first autonomous domain, where the first node is an edge routing device in the first autonomous domain, and the device includes:
  • a receiving module configured to receive a first message, wherein the first message includes a VPN SID, and the first message is an SRV6 message destined for a prefix address associated with the VPN SID;
  • a next hop determination module configured to determine a next hop based on the VPN SID, wherein the next hop is a second node of a second autonomous domain, and the second node is an edge route of the second autonomous domain equipment;
  • a sending module configured to send the first packet based on the next hop, wherein the VPN SID included in the sent first packet is the same as the VPN SID included in the received first packet.
  • the receiving module is further configured to receive a first routing message sent by the second node before determining the next hop based on the VPN SID, where the first routing message Including the VPN SID, the prefix address and the next hop; correspondingly adding the VPN SID and the next hop in the first routing message to a routing table;
  • the next hop determining module is configured to determine the next hop corresponding to the VPN SID in the routing table.
  • the device further includes: an issuing module, configured to obtain a second routing message, where the second routing message includes the VPN SID, the prefix address, and the second routing message The next hop of the message, the next hop of the second routing message is the first node, and the VPN SID in the first routing message is the same as the VPN SID in the second routing message; in the second routing message An autonomous domain advertises the second routing message.
  • an issuing module configured to obtain a second routing message, where the second routing message includes the VPN SID, the prefix address, and the second routing message The next hop of the message, the next hop of the second routing message is the first node, and the VPN SID in the first routing message is the same as the VPN SID in the second routing message; in the second routing message An autonomous domain advertises the second routing message.
  • the receiving module is configured to:
  • the destination address field in the IPv6 packet header of the first packet sent includes the VPN SID.
  • the present application provides a route publishing system, which includes the device described in the fifth aspect and the device described in the sixth aspect.
  • the present application provides a route distribution system, which includes the device described in the seventh aspect and the device described in the eighth aspect.
  • the present application provides a device for advertising routes, which is applied to a first node in a first autonomous domain, where the first node is an edge routing device of the first autonomous domain, and the device includes a processor and a memory, the memory is used to store program codes, and the processor is used to call the program codes in the memory so that the device executes the route publishing provided in the first aspect or in any optional manner of the first aspect method.
  • the present application provides a route publishing device, which includes a network interface, a memory, and a processor connected to the memory;
  • the network interface is configured to receive the first routing message sent by the second node in the second autonomous domain
  • the memory is used to store program instructions
  • the processor is configured to execute the program instructions, so that the route publishing device executes the route publishing method provided in the first aspect or any optional manner of the first aspect.
  • the present application provides a computer-readable storage medium, at least one instruction is stored in the storage medium, and the instruction is read by a processor so that the route issuing device executes any one of the above-mentioned first aspect or the first aspect.
  • the method of route publishing provided by an optional method.
  • the present application provides a computer program product, where the computer program product includes computer instructions, and the computer instructions are stored in a computer-readable storage medium.
  • the processor of the route publishing device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions, so that the route publishing device executes the route publishing provided in the first aspect or any optional method of the first aspect Methods.
  • the present application provides a device for advertising routes, which is applied to a second node in a second autonomous domain, where the second node is an edge routing device in the second autonomous domain, and the device includes a processor and a memory, the memory is used to store program codes, and the processor is used to call the program codes in the memory so that the device executes the route publishing provided in the second aspect or in any optional manner of the second aspect method.
  • the present application provides a route publishing device, where the route publishing device includes a network interface, a memory, and a processor connected to the memory;
  • the network interface is configured to receive a third routing message sent by a third node in the second autonomous domain, and send a first routing message to the first node in the first autonomous domain;
  • the memory is used to store program instructions
  • the processor is configured to execute the program instructions, so that the route publishing device executes the route publishing method provided in the second aspect or any optional manner of the second aspect.
  • the present application provides a computer-readable storage medium, at least one instruction is stored in the storage medium, and the instruction is read by a processor so that the route publishing device executes any one of the second aspect or the second aspect.
  • the provided route publishing method is not limited to:
  • the present application provides a computer program product, where the computer program product includes computer instructions, and the computer instructions are stored in a computer-readable storage medium.
  • the processor of the route publishing device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions, so that the route publishing device executes the route publishing provided in the second aspect or in any optional manner of the second aspect. method.
  • the present application provides a device for forwarding messages, which is applied to a second node in a second autonomous domain, where the second node is an edge routing device in the second autonomous domain, and the device includes processing A device and a memory, the memory is used to store program codes, and the processor is used to call the program codes in the memory so that the device executes the forwarding message provided in the third aspect or in any optional manner of the third aspect text method.
  • the present application provides a message forwarding device, where the message forwarding device includes a network interface, a memory, and a processor connected to the memory;
  • the network interface is configured to receive a first message sent by a first node in the first autonomous domain, and send the first message based on the next hop and the forwarding policy;
  • the memory is used to store program instructions
  • the processor is configured to execute the program instructions, so that the packet forwarding device executes the packet forwarding method provided in the third aspect or any optional manner of the third aspect.
  • the present application provides a computer-readable storage medium, at least one instruction is stored in the storage medium, and the instruction is read by a processor so that the message forwarding device performs any of the third aspect or the third aspect.
  • a method of forwarding packets provided by an optional method.
  • the present application provides a computer program product, where the computer program product includes computer instructions, and the computer instructions are stored in a computer-readable storage medium.
  • the processor of the message forwarding device reads the computer instruction from the computer-readable storage medium, and the processor executes the computer instruction, so that the message forwarding device performs the forwarding provided by the third aspect or any optional method of the third aspect message method.
  • the present application provides a device for forwarding messages, which is applied to a first node in a first autonomous domain, where the first node is an edge routing device of the first autonomous domain, and the device includes A processor and a memory, the memory is used to store program codes, and the processor is used to call the program codes in the memory so that the device executes the forwarding provided by the fourth aspect or any optional manner of the fourth aspect message method.
  • the present application provides a message forwarding device, where the message forwarding device includes a network interface, a memory, and a processor connected to the memory;
  • the network interface is configured to receive a first message sent by a first node in the first autonomous domain, and send the first message based on the next hop and the forwarding policy;
  • the memory is used to store program instructions
  • the processor is configured to execute the program instructions, so that the packet forwarding device executes the packet forwarding method provided in the fourth aspect or any optional manner of the fourth aspect.
  • the present application provides a computer-readable storage medium, at least one instruction is stored in the storage medium, and the instruction is read by a processor so that the message forwarding device performs any of the fourth aspect or the fourth aspect.
  • a method of forwarding packets provided by an optional method.
  • the present application provides a computer program product, where the computer program product includes computer instructions, and the computer instructions are stored in a computer-readable storage medium.
  • the processor of the message forwarding device reads the computer instruction from the computer-readable storage medium, and the processor executes the computer instruction, so that the message forwarding device performs the forwarding provided by the fourth aspect or any optional mode of the fourth aspect. message method.
  • FIG. 1 is a schematic diagram of the format of an SRv6 message provided by an exemplary embodiment of the present application
  • Fig. 2 is a schematic diagram of the format of the SRv6 SID provided by an exemplary embodiment of the present application
  • FIG. 3 is a schematic diagram of two autonomous domains publishing VPN routing information and forwarding messages provided by an exemplary embodiment of the present application
  • Fig. 4 is a schematic diagram of an application scenario provided by an exemplary embodiment of the present application.
  • Fig. 5 is a schematic diagram of an application scenario provided by an exemplary embodiment of the present application.
  • FIG. 6 is a schematic flowchart of a method for publishing routes provided by an exemplary embodiment of the present application.
  • FIG. 7 is a schematic flowchart of a method for publishing routes provided by an exemplary embodiment of the present application.
  • FIG. 8 is a schematic flowchart of a method for publishing routes provided by an exemplary embodiment of the present application.
  • Fig. 9 is a schematic flowchart of a method for forwarding a message provided by an exemplary embodiment of the present application.
  • FIG. 10 is a schematic flowchart of a method for forwarding a message provided by an exemplary embodiment of the present application.
  • Fig. 11 is a schematic flowchart of a method for forwarding a message provided by an exemplary embodiment of the present application.
  • Fig. 12 is a schematic flowchart of a method for forwarding a message provided by an exemplary embodiment of the present application.
  • Fig. 13 is a schematic flowchart of a method for forwarding a message provided by an exemplary embodiment of the present application
  • Fig. 14 is a schematic diagram of an established tunnel provided by an exemplary embodiment of the present application.
  • Fig. 15 is a schematic diagram of different autonomous domains using different tunnels provided by an exemplary embodiment of the present application.
  • Fig. 16 is a schematic structural diagram of a device for advertising routes provided by an exemplary embodiment of the present application.
  • Fig. 17 is a schematic structural diagram of a device for advertising routes provided by an exemplary embodiment of the present application.
  • FIG. 18 is a schematic structural diagram of a device for forwarding messages provided by an exemplary embodiment of the present application.
  • FIG. 19 is a schematic structural diagram of a device for advertising routes provided by an exemplary embodiment of the present application.
  • Fig. 20 is a schematic structural diagram of a device provided by an exemplary embodiment of the present application.
  • Fig. 21 is a schematic structural diagram of a device provided by an exemplary embodiment of the present application.
  • segment routing segment routing
  • SR is a tunneling technology based on source routing forwarding mode.
  • the basic design idea of SR is: maintain the state of each flow at the head node of the service flow, without maintaining the state of each flow at the intermediate node and tail node.
  • the head node and the tail node are the head node and the tail node of the SR tunnel.
  • the SR packet includes an SR header and an Internet Protocol (internet protocol, IP) packet.
  • IP Internet Protocol
  • the SR header is encapsulated in the outer layer of the IP header and IP payload. From the sequence of the packet header to the packet tail, the SR packet is followed by the SR header, the IP header, and the IP payload.
  • the SR header is usually added to the message by the head node of the SR tunnel.
  • the SR header includes path information of the SR tunnel.
  • the SR header includes information of at least one node or at least one link in the SR tunnel.
  • IP packets are sometimes called data packets, service packets, or original packets.
  • the IP payload includes service data.
  • the IP packet includes but is not limited to an Internet protocol version 4 (internet protocol version4, IPv4) packet or an IPv6 packet.
  • IPv4 Internet protocol version 4, IPv4
  • IPv6 IPv6
  • An SRv6 packet is a type of SR packet. If the SR packet is an SRv6 packet, the SR header in the SR packet is an SRv6 header.
  • FIG. 1 is a schematic diagram of the format of an SRv6 packet. As shown in Figure 1, the SRv6 header includes an IPv6 basic header and a segment routing header (segment routing header, SRH).
  • the IPv6 basic header includes a version number (version) field, a traffic class (traffic class) field, a flow label (flow label) field, a payload length (payload length) field, a next header (next header) field, and an effective hop count ( hop limit) field, IPv6 packet source address (source address, SA) field and IPv6 packet destination address (destination address, SA) field.
  • the version field is used to identify the protocol version of the current IP, and the value is 6.
  • the traffic class field is used to identify the quality of service (quality of service, QoS).
  • the flow label field is used to indicate load sharing.
  • the backbone node does not need to perform hashing (Hash) according to the content in the inner packet header, but only needs to perform hashing according to the flow label to realize flow-based load sharing.
  • the payload length field identifies the payload length of the SRv6 packet except the IPv6 basic header.
  • the next header field identifies the type of the next header.
  • the hop limit field identifies the number of times an SRv6 packet is forwarded between routers. Each time an SRv6 packet is forwarded, this field decreases by 1. When it reaches 0, the SRv6 packet is discarded.
  • the SA field identifies the source address of the SRv6 packet.
  • the DA field identifies the destination address of the SRv6 packet.
  • SRH includes the next header (next header) field, extended header length (header extended length) field, routing type (routing type) field, the number of remaining segments (segments Left, SL), the last segment index (last entry) field, flag (flags) field, tag (tag) field and segment list (Segment List), etc.
  • Segment List can also be referred to as SID list for short.
  • the next header field is used to identify the type of the next header of the SRH.
  • the header extended length field is used to indicate the length of the SRH, and the unit is 8 bytes.
  • the routing type field is used to indicate the type of the routing header. For SRH, the value of the routing type field is 4.
  • the SL field is used to indicate the number of intermediate nodes that should still be visited before reaching the destination node.
  • the SL field acts as a pointer to the active SID in the segment list. For example, if the segment list of the SRH includes 5 SIDs, namely SID0, SID1, SID2, SID3 and SID4, and the value of SL is 2, it indicates that the active SID in the segment list is SID2.
  • the last entry field indicates the index of the last segment in the SID list.
  • the tag field is used to identify the same group of data packets.
  • the Segment List includes one or more SRv6 SIDs. Each SRv6 SID is in the form of an IPv6 address.
  • the Segment List is encoded by reverse ordering the paths: the last Segment is at the first position of the Segment List (Segment List[0]), and the first Segment is at the last position of the Segment List (Segment List[n]) .
  • the last segment refers to the segment that the SRv6 packet passes through last, and the first segment refers to the segment that the SRv6 packet passes through first.
  • the SRH also includes one or more types, lengths, and values (tag length value, TLV).
  • SID is the core element of SR.
  • a segment can represent any instruction, topological or service based (a SID can represent any topology, instruction or service).
  • SID is used to identify a unique segment.
  • the SID in SRv6 is in the form of an IPv6 address, and it is usually called SRv6 SID (Segment Identifier).
  • the SRv6 SID has the form of an IPv6 address and can be considered as an IPv6 address.
  • the length of SRv6 SID is 128 bits.
  • Figure 2 is a schematic diagram of an SRv6 SID. As shown in Figure 2, the SRv6 SID includes three parts: location identifier (locator), function (function) and parameters (arguments, args).
  • locator occupies the high bit of the SRv6 SID, the args occupies the low bit of the SRv6 SID, and the function occupies the other bits of the SRv6 SID.
  • the locator is used to locate the node that issued the SRv6 SID.
  • a locator represents an IPv6 network segment, and the IPv6 addresses under this network segment can be allocated as SRv6 SIDs.
  • function represents the instructions of the device, which are pre-set on the device, and the function part is used to instruct the issuing node of the SRv6 SID to perform corresponding functional operations.
  • args is an optional parameter, which can define information such as flow and service of some packets.
  • SRv6 SID includes End SID, End.X SID and End.DT4 SID, etc.
  • End SID is used to identify a certain destination address prefix in the network;
  • End.X SID is used to identify a certain link in the network;
  • End.DT4 SID indicates the provider edge (PE) type end node (Endpoint) SID, used to identify an IPv4VPN instance in the network.
  • PE provider edge
  • Endpoint End node
  • the forwarding action corresponding to the End.DT4 SID is to decapsulate the packet, and search the routing table of the IPv4VPN instance for forwarding.
  • the End.DT4 SID can be generated through static configuration, or automatically allocated within the dynamic SID range of Locator through BGP.
  • the VPN SID mentioned later belongs to any kind of SID such as Layer 2 VPN, Layer 3 VPN, public network, etc., for example, EDN.DT4 SID, END.DX4 SID, END.DT6 SID, END.DX6 SID, End.DX2 SID and End.DT2U SID etc.
  • End.DT6 SID represents the Endpoint SID of PE type, which is used to identify an IPv6VPN instance in the network.
  • End.DX4 SID indicates the Endpoint SID of a PE-type Layer 3 cross-connect, which is used to identify an IPv4 user edge (customer edge, CE) in the network.
  • End.DX6 SID indicates the Endpoint SID of PE-type Layer 3 cross-connection, which is used to identify an IPv6 CE in the network.
  • End.DX2 SID indicates the Endpoint SID of the Layer 2 cross-connect, which is used to identify an endpoint.
  • the End.DT2U SID represents the Endpoint SID for Layer 2 cross-connection and unicast media access control (media access control, MAC) table lookup function, which is used to identify an endpoint.
  • media access control media access control
  • An SR tunnel is a virtual point-to-point connection from the head node to the tail node.
  • the head node encapsulates the IPv6 message, so that the encapsulated message is transmitted to the tail node in the network with the IPv6SR function enabled.
  • the path through which encapsulated packets are transmitted on the network is called an SR tunnel.
  • SR tunnels include SRv6 BE tunnels and SRv6 Policy tunnels.
  • An SRv6 Policy tunnel can also be called an SRv6 traffic engineering (traffic engineering, TE) Policy tunnel.
  • the SRv6 BE tunnel publishes the location identification (locator) network segment, and the nodes in SRv6 calculate the optimal route to the locator network segment according to the shortest path first algorithm.
  • the path corresponding to the optimal route is an SRv6 BE tunnel.
  • an interior gateway protocol can be used within an autonomous domain
  • EBGP can be used between different autonomous domains.
  • SRv6 Policy tunnel is a new tunnel diversion technology developed on the basis of SRv6 technology.
  • the path of SRv6 Policy tunnel is a SID list (Segment List) represented as a specified path.
  • SID list is an end-to-end path from the head node to the tail node, and instructs passing intermediate nodes in the network to follow the specified path instead of following the calculated shortest path.
  • An SRv6 Policy tunnel consists of three parts: a head node, a coloring or color (color) parameter, and a tail node.
  • the head node is the node generated by the SRv6Policy tunnel; the color parameter is the extended community attribute carried by the SRv6 Policy tunnel; the tail node is the end node of the SRv6Policy tunnel.
  • the color parameter defines an application-level service-level agreement (SLA) policy, which can plan transmission paths based on specific business SLAs.
  • SLA service-level agreement
  • An SRv6 Policy tunnel can contain multiple candidate paths. Candidate paths carry a priority attribute. The valid candidate path with the highest priority is used as the primary path of the SRv6 Policy tunnel.
  • a candidate path can contain multiple Segment Lists, and each Segment List carries a Weight attribute. Load sharing can be formed between multiple Segment Lists.
  • the local SID table is a table maintained by SRv6-enabled nodes.
  • the local SID table is used to save the SRv6 SID generated by this node and the information associated with the SRv6 SID.
  • the local SID table includes the SRv6 SID, the SID type, the outgoing interface bound to the SID, and the VPN instance (instance) associated with the SRv6 SID.
  • VPN routing forwarding virtual routing forwarding
  • a VRF can also be called a VPN instance.
  • a VPN instance is a special entity established and maintained by PEs for directly connected sites. Each site has its own VPN instance on the PE, and each VPN instance contains routing and forwarding tables to one or more CEs directly connected to the PE.
  • the VRF may be a Layer 2 VPN instance, a Layer 3 VPN instance, or the like.
  • MP-EBGP runs between different autonomous domains.
  • An edge routing device in an autonomous domain advertises all VPN routing information in the autonomous domain to an edge routing device in another autonomous domain through MP-EBGP.
  • the edge routing device in the other autonomous domain redistributes a label for the received VPN routing information, and advertises it in the autonomous domain where it is located.
  • FIG. 3 is a schematic diagram of two autonomous domains publishing VPN routing information and forwarding packets.
  • autonomous domain 1 includes autonomous system border router (autonomous system border router, ASBR) 1, access router (access router, ACC )1 and ASBR2, and autonomous domain 2 includes ASBR3, ASBR4, PE1, and PE2.
  • ACC1 is connected to CE1, PE1 and PE2 are connected to CE2, and the address of CE2 is 2.2.2.2.
  • the VPN route includes CE2's address, next hop and label L1, and the next hop is PE1.
  • ASBR3 modifies the next hop to ASBR3 and switches label L1 to label L2.
  • ASBR3 sends the VPN route to ASBR1.
  • ASBR1 modifies the next hop to ASBR1 and switches label L2 to label L3.
  • ASBR1 diffuses the VPN route in AS1.
  • ASBR1 when transmitting packets subsequently, after ASBR1 receives the packet sent by ACC1 (the packet is sent to CE2), it exchanges label L3 for label L2 and sends it to ASBR3.
  • ASBR3 switches label L2 to label L1.
  • ASBR3 sends the message for exchanging labels to PE1, PE1 pops out the label L1, and based on the address of CE2, sends the message to CE2. Only part of the message is shown in FIG. 3 . In this way, edge routing devices in each autonomous domain assign labels to all VPN routing information, which also requires label switching when forwarding packets, and the processing complexity is high.
  • VPN-A for a VPN client (VPN-A) that needs to cross autonomous domains, the same VPN-A needs to be configured on the ASBR in the autonomous domain.
  • An ASBR in an autonomous domain regards the peer ASBR as its own CE device. In this way, for two autonomous domains, it is the same as the multi-protocol label switching (multi-protocol label switching, MPLS) VPN service running in one autonomous domain.
  • the ASBR spreads the VPN route to another ASBR in the autonomous domain. After receiving the VPN route, the ASBR in the other autonomous domain diffuses the VPN route in the autonomous domain. In this way, the intercommunication of the VPN routes of the two autonomous domains is realized.
  • the VPN SID in SRv6 is used as the label, and the VPN SID is not modified when the VPN route is released between autonomous domains, that is to say, the label exchange is not performed, and the method of publishing the VPN route in option B and the size of the message are optimized. forwarding method.
  • the edge routing device in an autonomous domain does not need to regard the ASBR of another autonomous domain as its own CE, so it does not need to create a VPN instance for each VPN.
  • the VPN SID is carried end-to-end when the message is forwarded, compared with option A, the service can be realized end-to-end.
  • each autonomous domain can be flexibly controlled according to the policy of each autonomous domain.
  • the present application provides a method for forwarding messages, and the execution subject of the method may be a first node in a first autonomous domain or a second node in a second autonomous domain.
  • the first node may be an edge routing device of the first autonomous domain, such as an ASBR, a PE, an aggregation (aggregation, AGG) node, and the like.
  • the second node may be an edge routing device of the second autonomous domain, such as ASBR, PE, metro core (metro core, MC) and so on.
  • the present application also provides a method for route announcement, and the execution body of the method may be the first node in the first autonomous domain or the second node in the second autonomous domain.
  • the first node mentioned in this application is called a route publishing device when it advertises a route, and it may be called a message forwarding device when it forwards a message.
  • a route publishing device when it advertises a route, it is called a route advertising device, and when it forwards a message, it may be called a message forwarding device. That is to say, the first node and the second node are devices capable of advertising routes and forwarding messages.
  • Fig. 4 is an exemplary application scenario.
  • the network includes a first autonomous domain and a second autonomous domain.
  • the first autonomous domain is adjacent to the second autonomous domain.
  • the first autonomous domain includes the first node, the ACC connected to CE1 and some other nodes, such as AGG, PE, etc. Other nodes are not shown in FIG. 4 .
  • the second autonomous domain includes a second node, a third node connected to CE2 and some other nodes, such as PEs, etc.
  • the link aggregation between the third node and PE. There is a connection between the first node and the second node.
  • Fig. 5 is another exemplary application scenario.
  • the network includes a first autonomous domain, a second autonomous domain and a third autonomous domain.
  • the first autonomous domain is adjacent to the second autonomous domain, and the second autonomous domain is adjacent to the third autonomous domain.
  • the first autonomous domain includes a first node, a node connected to CE1 and some other nodes, such as ACC, AGG, etc., and other nodes are not shown in FIG. 5 .
  • the second autonomous domain includes a second node, a third node connected to CE2 and some other nodes, such as PEs, etc.
  • the third autonomous domain includes multiple PEs (PE1 to PE2).
  • the first node is connected to PE1, and PE2 is connected to the second node.
  • FIG. 5 only shows that there is a third autonomous domain between the first autonomous domain and the second autonomous domain.
  • there are multiple autonomous domains between the first autonomous domain and the second autonomous domain and the solution of this application can also be used.
  • the first autonomous domain and the second autonomous domain can use SRv6 tunnels to transmit packets, and the SRv6 tunnels are SRv6 policy tunnels or SRv6 BE tunnels.
  • FIG. 4 and FIG. 5 is only an example, and cannot be used to limit the application scenario of the embodiment of the present application.
  • FIG. 6 the address of CE2 is issued as an example for illustration.
  • Step S601 the third node in the second autonomous domain sends a third routing message to the second node, and the second node receives the third routing message sent by the third node, wherein the third routing message includes the VPN SID and the information associated with the VPN SID A prefix address and a third next hop, where the third next hop is a third node, and the third routing message is used to send packets destined for the prefix address.
  • the prefix address is the address of CE2, and the prefix address can also be called a private network routing prefix and the like.
  • the third node in the second autonomous domain is connected to CE2, and advertises the prefix address of CE2 to the first autonomous domain.
  • the third node generates a VPN SID or obtains a statically configured VPN SID, adds the prefix address of CE2 and the outgoing interface to the prefix address to the VRF, adds the VPN SID to the local SID table, and associates the VPN SID with the VRF.
  • the third node sends the third routing message through BGP, the third routing message includes the prefix address of CE2, the third next hop and the VPN SID, and the third next hop is the third node.
  • the second node receives the third routing message.
  • the third node and the second node are BGP neighbors, and the third node sends the third routing message to the second node through BGP.
  • the second node receives the third routing message sent by the third node through BGP.
  • both the third node and the second node are connected to a route reflector (route reflector, RR) 1.
  • route reflector route reflector
  • a routing table is created on the second node, and the routing table may be a VPN SID routing table.
  • the routing table includes VPN SID field, next hop field, etc.
  • the second node if there is an SRv6 BE tunnel between the third node and the second node, the second node correspondingly adds the VPN SID and the third next hop to the routing table.
  • the third routing message also includes a color parameter, which is the color parameter configured on the third node in the second autonomous domain.
  • the second node correspondingly adds the VPN SID, the third next hop and the color parameter to the routing table.
  • the prefix address in the third routing message can also be correspondingly added.
  • the color parameter on the third node is statically configured, or the second autonomous domain is connected to a controller, and the controller configures the color parameter for the third node.
  • Step S602 the second node obtains a first routing message, wherein the first routing message includes a VPN SID, a prefix address and a first next hop, the first next hop is the second node, the VPN SID in the first routing message and The VPN SID in the third routing message is the same.
  • the VPN SID in the first routing message is the same as the VPN SID in the third routing message, indicating that the value of the VPN SID in the first routing message is the same as the value of the VPN SID in the third routing message, that is, VPN The SID is not modified.
  • the second node after the second node receives the third routing message, it modifies the third next hop in the third routing message to the first next hop (the first next hop is the second node), and obtains the A routing message; or after the second node receives the third routing message, it obtains the prefix address and VPN SID from the third routing message, and then generates the first routing message, and the first routing message includes the VPN SID, the prefix address and the first routing message. one jump.
  • Step S603 the second node sends a first routing message to the first node in the first autonomous domain.
  • the first node is an edge routing device of the first autonomous domain, and the first routing message is used to send a message destined for the prefix address.
  • the second node sends a first routing message to the first node in the first autonomous domain, where the first routing message is used to send a packet destined for the prefix address in the first routing message.
  • an EBGP neighbor relationship is established between the second node and the first node.
  • the second node sends the first routing message to the first node through EBGP.
  • both the second node and the first node are connected to the route reflector RR2.
  • the second node sends the first routing message to the first node
  • the second node sends the first routing message to RR2.
  • RR2 sends the first routing message to the first node.
  • the first node receives the first routing message sent by RR2.
  • Step S604 the first node receives the first routing message sent by the second node in the second autonomous domain, wherein the second node is an edge routing device, and the first routing message includes the VPN SID, the prefix address associated with the VPN SID, and the first routing message.
  • the next hop, the first next hop is the second node, and the first routing message is used to send a message destined for the prefix address.
  • step S604 the first node receives the first routing message sent by the second node through EBGP.
  • a routing table is created on the first node, and the routing table may be a VPN SID routing table.
  • the routing table includes VPN SID field, next hop field, etc.
  • the first node correspondingly adds the VPN SID and the first next hop in the first routing message to the routing table.
  • the first node may also correspondingly add the prefix address in the first routing message.
  • Step S605 the first node obtains the second routing message, the second routing message includes VPN SID, prefix address and second next hop, the second next hop is the first node, the VPN SID in the first routing message and the second Same VPN SID in routing messages.
  • the VPN SID in the first routing message is the same as the VPN SID in the second routing message, indicating that the value of the VPN SID in the first routing message is the same as the value of the VPN SID in the second routing message, that is, the VPN The SID is not modified.
  • the first node after the first node receives the first routing message, it modifies the first next hop in the first routing message to the second next hop (the second next hop is the first node), and obtains the first routing message.
  • Two routing messages or after the first node receives the first routing message, it obtains the prefix address and VPN SID from the first routing message, and then generates the second routing message, and the second routing message includes the VPN SID, the prefix address and the second routing message. one jump.
  • step S606 the first node advertises a second routing message in the first autonomous domain, and the second routing message is used to send packets destined for the prefix address.
  • the first node after the first node obtains the second routing message, the first node advertises the second routing message in the first autonomous domain, so that the second routing message is diffused in the first autonomous domain. In this way, there is a route to the prefix address in the first autonomous domain.
  • the first node establishes a BGP neighbor relationship with the ACC, and the first node sends the second routing message to the ACC through BGP.
  • both the first node and the ACC of the first autonomous domain are connected to RR3, and the first node sends the second routing message to RR3.
  • RR3 sends the second routing message to the ACC.
  • the ACC receives the second routing message, and the ACC adds the prefix address, the VPN SID, and the next hop to the forwarding table of the VRF.
  • the ACC advertises the prefix address to the connected CE1, so that CE1 stores the prefix address of CE2. In this way, CE1 can send packets to CE2 subsequently.
  • FIG. 7 a schematic diagram of issuing the address of CE2 is given in conjunction with Figure 4, see Figure 7, the VPN SID is used as a label in the routing message.
  • the prefix address of CE2 is 2.2.2.2
  • the value of VPN SID is VPN SID1.
  • the third routing message also includes a color parameter, which is the color parameter of the third node in the second autonomous domain.
  • the color parameter configured on the node Before step 606, if the color parameter configured on the first node is inconsistent with the color parameter in the first routing message, the first node modifies the color parameter in the second routing message to the color parameter configured on the first node. In this way, after receiving the second routing message, the ACC in the first autonomous domain correspondingly adds the VPN SID, the next hop, and the color parameter in the routing table. In this way, the color parameter obtained by the ACC of the first autonomous domain belongs to the configuration of the first autonomous domain.
  • the third routing message does not include the color parameter.
  • the color parameter is also not included in the first routing message received by the first node.
  • the first node may determine whether it is configured with a color parameter, and if it is configured with a color parameter, add the color parameter in the second routing message.
  • the ACC correspondingly adds the VPN SID, next hop and the color parameter in the routing table. In this way, the color parameter acquired by the ACC of the first autonomous domain belongs to the configuration in the first autonomous domain.
  • the first autonomous domain is connected to the controller.
  • the controller sends information about the SRv6 policy tunnel to the ACC, which indicates that the end of the SRv6 policy tunnel is the first node, the color parameter, and the Segment List, which includes the SIDs of the nodes passing through to reach the first node.
  • the message from the ACC to the first node needs to be superimposed on the SRH, and the SRH includes the Segment List indicated by the controller.
  • the SRv6 policy tunnel information in the ACC can also be statically configured.
  • the route publishing process in Figure 6 is illustrated by taking the application scenario in Figure 4 as an example.
  • the third autonomous domain uses the SRv6 BE tunnel
  • the second node sends a routing message to the first node
  • the first routing message may not pass through the third autonomous domain.
  • the first routing message may be sent directly, or both the first node and the second node are connected to the RR, and the first routing message is sent through the RR. Route messages.
  • the third autonomous domain uses the SRv6 policy tunnel, the first routing message must pass through the third autonomous domain.
  • Figure 8 provides the process of issuing the CE2 address in Figure 5.
  • the third autonomous domain uses the SRv6 policy tunnel, and the VPN SID is used as a label in the routing message.
  • the prefix address of CE2 is 2.2.2.2
  • the value of VPN SID is VPN SID1.
  • FIG. 9 is still the application scenario applied to FIG. 4 .
  • the process of sending a message from CE1 to CE2 is taken as an example for illustration, see step S901 to step S903 .
  • Step S901 the first node receives a first packet, wherein the first packet includes a VPN SID, and the first packet is an SRV6 packet destined for a prefix address associated with the VPN SID.
  • CE1 when CE1 sends a message to CE2, it generates an IP message sent to CE2, and the destination address of the IP message is the prefix address of CE2.
  • the IP packet may be an IPv4 packet, or an IPv6 packet, etc., and the embodiment of the present application uses an IPv4 packet as an example for illustration.
  • CE1 sends an IP packet to the ACC.
  • the ACC receives IP packets from the interface bound to the VRF.
  • the ACC provides the first packet to the first node.
  • there are multiple ways for the first node to receive the first message Three feasible ways are provided as follows, see ways 1 to 3.
  • the first node receives the first packet through the SRv6 BE tunnel.
  • the ACC matches the prefix address of the IP packet in the forwarding table of the VRF, and finds the associated VPN SID and next hop.
  • the ACC directly uses the VPN SID as the destination address.
  • the ACC encapsulates the IPv6 packet header for the IP packet.
  • the destination address in the IPv6 packet header is the VPN SID
  • the source IP address is the SID of the ACC.
  • the first packet is generated.
  • ACC determines the route matched by the VPN SID according to the longest match principle.
  • the ACC sends outwards according to the route until the first packet reaches the first node. What needs to be explained here is that each node that passes through from the ACC to the first node determines the route matched by the VPN SID according to the longest match principle.
  • the first node receives the first message through the SRv6 policy tunnel.
  • the ACC matches the prefix address of the IP packet in the forwarding table of the VRF, finds the associated VPN SID, and determines the SRv6 associated with the color parameter and the next hop based on the color parameter and the next hop corresponding to the VPN SID.
  • Policy tunnel information where the next hop is the first node.
  • the SRv6 policy tunnel information includes the Segment List to the first node, and the Segment List includes ACC.
  • the ACC encapsulates the SRH and the basic IPv6 header in the outer layer of the IP packet to obtain the encapsulated packet.
  • SRH includes Segment List and VPN SID, and VPN SID is located in Segment List[0] in Segment List.
  • the packet After encapsulation, the packet will be forwarded to the first node according to the path specified by the Segment List.
  • the encapsulated message passes through the tail node (endpoint) node, check the SL value in SRH, if SL is greater than 0, then subtract 1 from the SL value, and update the destination address in the IPv6 basic header to the address indicated by SL , look up the routing table according to the destination address in the IPv6 basic header to forward; if SL is equal to 0, update the destination address in the IPv6 basic header to the address indicated by SL, and pop up the SRH, and search for the route according to the destination address in the IPv6 basic header The table is forwarded.
  • the first message received by the first node includes an IPv6 basic header and SRH
  • the destination address included in the IPv6 basic header is the SID of the first node
  • SL in the SRH is equal to 0
  • the Segment List in the SRH only includes the VPN SID.
  • the first node receives the first message through the SRv6 policy tunnel and the direct link.
  • the ACC matches the prefix address of the IP packet in the forwarding table of the VRF, finds the associated VPN SID, and determines the SRv6 associated with the color parameter and the next hop based on the color parameter and the next hop corresponding to the VPN SID.
  • Policy tunnel information where the next hop is the first node.
  • the SRv6 policy tunnel information includes the Segment List of the previous node to the first node, and the Segment List includes ACC.
  • the ACC encapsulates the SRH and the basic IPv6 header in the outer layer of the IP packet to obtain the encapsulated packet.
  • SRH includes Segment List and VPN SID, and VPN SID is located in Segment List[0] in Segment List.
  • the packet After encapsulation, the packet will be forwarded to the node preceding the first node according to the path specified by the Segment List.
  • the node preceding the first node updates the destination address in the IPv6 basic header to the address indicated by the SL, and pops up the SRH, and obtains the first packet at this time.
  • the first message includes an IPv6 basic header and an IP packet, and the destination address in the IPv6 basic header is a VPN SID.
  • the node preceding the first node sends the first packet to the first node through the direct link.
  • Step S902 the first node determines a next hop based on the VPN SID, wherein the next hop is a second node in the second autonomous domain, and the second node is an edge routing device in the second autonomous domain.
  • a routing table including the VPN SID is established on the first node.
  • the first node determines the next hop corresponding to the VPN SID in the routing table.
  • the next hop is the second node in the second autonomous domain.
  • Step S903 the first node sends a first packet based on the next hop, wherein the VPN SID included in the sent first packet is the same as the VPN SID included in the received first packet.
  • the destination address field in the IPv6 message header includes the VPN SID.
  • the IPv6 packet header is an IPv6 basic header.
  • the first node uses the next hop to determine the outbound interface corresponding to the next hop.
  • the first node sends the first packet through the outbound interface.
  • the destination address field in the IPv6 header includes the VPN SID, indicating that label switching is not performed on the first node, so the processing can be simplified.
  • step S903 that different methods are used to receive the first message in step S901, and the message header of the first message sent by the first node in step S903 may be different. details as follows:
  • step S901 the first node directly sends the first message received from the ACC.
  • the first message received by the first node includes the IPv6 basic header and the SRH, the SL in the SRH is equal to 0, and the Segment List in the SRH only includes the VPN SID.
  • the first node updates the destination address in the IPv6 basic header to the VPN SID in the Segment List, and ejects the SRH of the first message.
  • the first packet includes the IPv6 basic header and the IP packet sent by CE1.
  • the processing performed by the first node is only to modify the packet header, so it can also be considered that the first node still sends the first packet.
  • the packet forwarding process shown in FIG. 9 is applied to the application scenario shown in FIG. 4 .
  • the packet forwarding process shown in Figure 9 is applied to the application scenario shown in Figure 5 .
  • the nodes in the third autonomous domain determine the route matched by the VPN SID according to the longest match principle, and send the first message to the second autonomous domain according to the route.
  • the SRv6 policy tunnel is used to forward the first message in the third autonomous domain, then in step S902, the next hop is PE1 in the third autonomous domain, and in step S903, the first message will be sent to PE1.
  • the SRv6 policy tunnel is used between PE1 and PE2 to forward the first packet. PE2 sends the first packet to the second node.
  • step S903 the first message sent by the first node will reach the second node in the second autonomous domain.
  • step S903 the process of forwarding the message based on the process of publishing the route shown in FIG. 6 will be described, see FIG. 10 .
  • Fig. 10 is an application scenario applied to Fig. 4 and Fig. 5 .
  • the process of the message passing through the second autonomous domain during the process of sending the message from CE1 to CE2 is taken as an example for illustration.
  • Step S1001 the second node receives the first message sent by the first node, wherein the first node is the edge routing device of the first autonomous domain, the first message includes the VPN SID, and the first message is directed to the VPN SID association SRV6 packets with prefix addresses.
  • the first packet includes an IPv6 basic header and an IP packet
  • the destination address in the IPv6 basic header is the VPN SID.
  • the source address in the IPv6 basic header is the address of the ACC.
  • the packet forwarding process shown in FIG. 10 is applied to the application scenario shown in FIG. 4 , the first packet received by the second node comes directly from the first node. If the message forwarding process shown in Figure 10 is applied to the application scenario shown in Figure 5, the first message received by the second node comes directly from the first node, and the first message sent from the first node passes through the third Autonomous domain forwarding.
  • Step S1002 the second node determines the forwarding policy of the first message in the second autonomous domain based on the VPN SID.
  • the forwarding policy can be regarded as a tunneling policy.
  • the method of determining the forwarding policy of the first message in the second autonomous domain is: if the VPN SID is associated with SRv6 Policy tunnel information, then determine that the forwarding policy of the first message in the second autonomous domain is based on SRv6 Policy tunnel policy; if the VPN SID is not associated with SRv6 Policy tunnel information, it is determined that the forwarding policy of the first packet in the second autonomous domain is a policy based on the SRv6 BE tunnel.
  • a routing table including the VPN SID is established on the second node. If the routing table includes the color parameter corresponding to the VPN SID, it is determined that the VPN SID is associated with SRv6 Policy tunnel information; otherwise, it is determined that the VPN SID is not associated with SRv6 Policy tunnel information.
  • Step S1003 the second node sends a first packet based on the forwarding strategy, wherein the VPN SID included in the first packet sent based on the forwarding strategy is the same as the VPN SID included in the received first packet.
  • Method 1 if the forwarding policy is based on the SRv6 Policy tunnel, the second node encapsulates the SRV6 Policy tunnel information in the first packet based on the next hop corresponding to the VPN SID in the routing table to obtain the second packet; sends the second message.
  • an SRv6 policy tunnel is established between the second node and the third node.
  • the second node determines the color parameter and the next hop corresponding to the VPN SID in the routing table. As can be seen from the flow shown in Figure 6, the next hop belongs to the second autonomous domain, and the next hop is the second autonomous domain.
  • third node The second node determines the SRv6 policy tunnel information associated with the color parameter and the next hop based on the color parameter and the next hop corresponding to the VPN SID, where the next hop is the third node.
  • the SRv6 policy tunnel information includes the Segment List to the third node, and the Segment List includes the second node.
  • the second node encapsulates the SRH in the outer layer of the IP message to obtain the second message, and the second message includes the IP message, the IPv6 basic header and the SRH.
  • SRH includes Segment List and VPN SID, and VPN SID is located in Segment List[0] in Segment List.
  • the packet will be forwarded to the third node according to the path specified by the Segment List.
  • the third node is the tail node of the SRv6 policy tunnel.
  • the packet received by the third node includes the IPv6 basic header and SRH.
  • the destination address included in the IPv6 basic header is the SID of the third node.
  • SL in SRH is equal to 0, and Segment List in SRH Only VPN SIDs are included.
  • the VPN SID in the SRH of the second message is updated to the IPv6 basic header.
  • the third node uses the VPN SID in the IPv6 basic header to determine the corresponding VRF in the local SID table, and pops up the IPv6 basic header and SRH.
  • the third node uses the address of CE2 in the forwarding table of the VRF to find the outbound interface, and sends the IP message to CE2 through the outbound interface.
  • Method 2 If the forwarding policy is based on the SRv6 BE tunnel, use the outbound interface corresponding to the next hop to send the first packet.
  • the second node uses the next hop to determine the outbound interface corresponding to the next hop.
  • the first node sends the first packet through the outbound interface.
  • the third node pops up the IPv6 header of the first message, and uses the VPN SID in the IPv6 header to determine the VRF corresponding to the VPN SID in the local SID table. Use the address of CE2 in the VRF forwarding table to find out the outbound interface, and send the IP packet to CE2 through the outbound interface.
  • FIG. 11 describes the process of using the SRv6 BE tunnel to send packets
  • Figure 12 describes the process of using the SRv6 policy tunnel to send packets.
  • Step S901 in FIG. 12 adopts the second method.
  • the prefix address of CE2 is 2.2.2.2
  • the value of VPN SID is VPN SID1.
  • FIG. 13 describes the process of sending packets using the SRv6 policy tunnel.
  • Step S901 in FIG. 13 adopts the second method.
  • the prefix address of CE2 is 2.2.2.2
  • the value of VPN SID is VPN SID1.
  • the VPN SID is unique during the inter-autonomous domain message forwarding process, and label switching is not required at the edge routing device, so the processing is relatively simple. Moreover, the VPN SID is directly associated with the SRv6 tunnel, and the intermediate node does not need to maintain the VPN SID resource, which reduces the control of the control face to the intermediate node.
  • label switching is not required in this application, which is simplified compared to the solution of option B.
  • the VPN SID is end-to-end, it also realizes end-to-end.
  • the VPN SID is used as the unique identifier of the service and is carried end-to-end.
  • Each autonomous domain can perceive the service corresponding to the VPN SID, which is convenient for unified management and various control strategies (such as optimizing the forwarding path, business analysis, statistics and billing, etc.) .
  • the tunnels in each autonomous domain are configured in each autonomous domain, and there is no need to use end-to-end tunnels. The number of aggregation-side tunnels can be reduced.
  • each autonomous domain tunnel is configured by each autonomous domain.
  • One autonomous domain can deploy SRv6 policy tunnels, while the other autonomous domain cannot deploy SRv6 policy tunnels.
  • end-to-end SRv6 services can also be deployed.
  • end-to-end SRv6 services can be deployed without the cooperation of each controller.
  • the first autonomous domain is controlled by controller 1
  • SRv6 policy tunnels are deployed in the first autonomous domain
  • the second autonomous domain is controlled by controller 2
  • the second autonomous domain deploys SRv6 BE tunnel.
  • FIG. 16 is a structural diagram of an apparatus for advertising routes provided by an embodiment of the present application.
  • the device can be implemented as a part or all of the device through software, hardware or a combination of the two.
  • the route publishing device is applied to the first node of the first autonomous domain, and the first node is the edge routing device of the first autonomous domain.
  • the route publishing device provided in the embodiment of the present application can realize the embodiment of the present application Figure 6 According to the process described above, the device includes: a receiving module 1610 and a publishing module 1620, wherein:
  • the receiving module 1610 is configured to receive a first routing message sent by a second node in a second autonomous domain, where the second node is an edge routing device in the second autonomous domain, and the first routing message includes a VPN
  • the prefix address associated with the SID, the VPN SID, and the first next hop, the first next hop is the second node, and the first routing message is used to send a message to the prefix address, Specifically, it can be used to realize the receiving function of step S604 and execute the implicit steps included in step S604;
  • the second routing message includes the VPN SID, the prefix address and a second next hop, the second next hop is the first node, and the first routing
  • the VPN SID in the message is identical with the VPN SID in the second routing message
  • the second routing message is notified in the first autonomous domain, wherein the second routing message is used to send a message destined for the prefix address, and specifically can be used to implement the publishing functions of steps S605 and S606 and execute Steps S605 and S606 contain implicit steps.
  • the device further includes:
  • Adding module 1630 configured to add the VPN SID in the first routing message and the first next hop correspondingly to a routing table.
  • the receiving module 1610 is configured to receive the first routing message sent by the second node in the second autonomous domain through EBGP.
  • the first routing message further includes a color parameter, and the color parameter is a color parameter configured in the second autonomous domain; If the color parameter configured on the first node is inconsistent with the color parameter in the first routing message before an autonomous domain notifies the second routing message, modify the color parameter in the second routing message to the The color parameter configured on the first node.
  • the color parameter is not included in the first routing message
  • the publishing module 1620 is further configured to add the first color parameter to the second routing message if the first node is configured with a color parameter before the first autonomous domain notifies the second routing message.
  • FIG. 17 is a structural diagram of an apparatus for advertising routes provided by an embodiment of the present application.
  • the device can be implemented as a part or all of the device through software, hardware or a combination of the two.
  • the route publishing device is applied to the second node of the second autonomous domain, and the second node is the edge routing device of the second autonomous domain.
  • the route publishing device provided in the embodiment of the present application can realize the embodiment of the present application Figure 6 In the process described above, the device includes: a receiving module 1710, a publishing module 1720, and a sending module 1730, wherein:
  • the receiving module 1710 is configured to receive a third routing message sent by a third node in the second autonomous domain, where the third routing message includes a VPN SID, a prefix address associated with the VPN SID, and a third next hop, The third next hop is the third node, and the third routing message is used to send the message to the prefix address, which can be specifically used to implement the receiving function in step S601 and execute the hidden message included in step S601. with steps;
  • Publishing module 1720 configured to obtain a first routing message, wherein the first routing message includes the VPN SID, the prefix address and a first next hop, and the first next hop is the second node , the VPN SID in the first routing message is the same as the VPN SID in the third routing message, which can specifically be used to implement the publishing function in step S602 and perform the implicit steps included in step S602;
  • a sending module 1730 configured to send the first routing message to a first node in the first autonomous domain, where the first node is an edge routing device in the first autonomous domain, and the first routing message is used for Sending the message to the prefix address may specifically be used to implement the sending function of step S603 and perform the implicit steps included in step S603.
  • the device further includes:
  • Adding module 1740 configured to correspondingly add the VPN SID and the third next hop in the third routing message to a routing table.
  • the sending module 1730 is configured to send the first routing message to the first node in the first autonomous domain through EBGP.
  • FIG. 18 is a structural diagram of an apparatus for forwarding packets provided by an embodiment of the present application.
  • the device can be implemented as a part or all of the device through software, hardware or a combination of the two.
  • the device for forwarding a message is applied to a second node in a second autonomous domain, and the second node is an edge routing device of the second autonomous domain.
  • the device for forwarding a message provided in this embodiment of the application can implement the embodiment of this application
  • the process described in FIG. 10 the device includes: a receiving module 1810, a policy determining module 1820, and a sending module 1830, wherein:
  • a receiving module 1810 configured to receive a first message sent by a first node in a first autonomous domain, where the first node is an edge routing device in the first autonomous domain, and the first message includes a VPN SID , the first message is an SRv6 message destined for the prefix address associated with the VPN SID, which can specifically be used to realize the receiving function of step S1001 and perform the implicit steps included in step S1001;
  • the policy determination module 1820 is configured to determine the forwarding policy of the first message in the second autonomous domain based on the VPN SID, specifically, it may be used to implement the policy and next hop determination function in step S1002 and perform step S1002 including the implicit steps of
  • the sending module 1830 is configured to send the first packet based on the forwarding strategy, wherein the VPN SID included in the first packet sent based on the forwarding strategy is the same as the VPN SID included in the received first packet , specifically can be used to realize the sending function of step S1003 and execute the implicit steps included in step S1003.
  • the policy determination module 1820 is configured to:
  • VPN SID is associated with SRv6 Policy tunnel information, then determining that the forwarding strategy of the first message in the second autonomous domain is based on the strategy of the SRv6 Policy tunnel;
  • the forwarding policy of the first message in the second autonomous domain is a policy based on the SRv6 BE tunnel.
  • the receiving module 1810 is further configured to receive a third routing message sent by a third node in the second autonomous domain, where the third routing message includes the VPN SID , the prefix address and the next hop, the next hop in the third routing message is the third node; the VPN SID and the next hop in the third routing message are correspondingly added to routing table.
  • the sending module 1830 is configured to:
  • the forwarding strategy is a strategy based on the SRv6 Policy tunnel
  • the forwarding strategy is a strategy based on the SRv6 Policy tunnel
  • the forwarding policy is a policy based on the SRv6 BE tunnel, then use the outbound interface corresponding to the next hop to send the first packet.
  • the device further includes: an issuing module 1840, configured to obtain a first routing message, where the first routing message includes the VPN SID, the prefix address and the next hop of the first routing message, the next hop of the first routing message is the second node, the VPN SID in the first routing message is the same as the VPN in the third routing message SIDs are the same;
  • the sending module 1830 further sends the first routing message to the first node.
  • the destination address field in the IPv6 packet header of the received first packet includes the VPN SID.
  • FIG. 19 is a structural diagram of an apparatus for forwarding packets provided by an embodiment of the present application.
  • the device can be implemented as a part or all of the device through software, hardware or a combination of the two.
  • the device for forwarding the message is applied to the first node of the first autonomous domain, and the first node is the edge routing device of the first autonomous domain.
  • the device for forwarding the message provided by the embodiment of the present application can realize the embodiment of the present application
  • the process described in FIG. 9 the device includes: a receiving module 1910, a next hop determining module 1920, and a sending module 1930, wherein:
  • the receiving module 1910 is configured to receive a first message, wherein the first message includes a virtual private network segment routing identifier VPN SID, and the first message is an SRV6 message destined for a prefix address associated with the VPN SID Specifically, it can be used to realize the receiving function of step S901 and execute the implicit steps included in step S901;
  • a next hop determining module 1920 configured to determine a next hop based on the VPN SID, wherein the next hop is a second node of a second autonomous domain, and the second node is an edge of the second autonomous domain
  • the routing device can specifically be used to implement the next hop determination function in step S902 and perform the implicit steps included in step S902;
  • the sending module 1930 is configured to send the first packet based on the next hop, wherein the VPN SID included in the sent first packet is the same as the VPN SID included in the received first packet, specifically It can be used to realize the sending function of step S903 and execute the implicit steps included in step S903.
  • the receiving module 1910 is further configured to receive a first routing message sent by the second node before determining the next hop based on the VPN SID, where the first routing The message includes the VPN SID, the prefix address and the next hop; adding the VPN SID and the next hop in the first routing message to a routing table;
  • the next hop determining module 1920 is configured to determine the next hop corresponding to the VPN SID in the routing table.
  • the device further includes: an publishing module 1940, configured to obtain a second routing message, where the second routing message includes the VPN SID, the prefix address, and the second The next hop of the routing message, the next hop of the second routing message is the first node, and the VPN SID in the first routing message is the same as the VPN SID in the second routing message; in the The first autonomous domain advertises the second routing message.
  • an publishing module 1940 configured to obtain a second routing message, where the second routing message includes the VPN SID, the prefix address, and the second The next hop of the routing message, the next hop of the second routing message is the first node, and the VPN SID in the first routing message is the same as the VPN SID in the second routing message; in the The first autonomous domain advertises the second routing message.
  • the receiving module 1910 :
  • the destination address field in the IPv6 packet header of the first packet sent includes the VPN SID.
  • the division of the module of the device for route publishing and the module of the device for forwarding messages is schematic, and it is only a logical function division. In actual implementation, there may be other division methods.
  • Each functional module in each embodiment may be integrated into one processor, or physically exist separately, or two or more modules may be integrated into one module.
  • the above-mentioned integrated modules can be implemented in the form of hardware or in the form of software function modules.
  • the integrated module is realized in the form of a software function module and sold or used as an independent product, it can be stored in a computer-readable storage medium.
  • the technical solution of the present application is essentially or the part that contributes to the prior art, or all or part of the technical solution can be embodied in the form of software products, and the computer software products are stored in a storage medium
  • several instructions are included to make a computer device (which may be a network device, etc.) execute all or part of the steps of the methods in the various embodiments of the present application.
  • the aforementioned storage medium includes: U disk, mobile hard disk, read-only memory (read-only memory, ROM), random access memory (random access memory, RAM), magnetic disk or optical disc and other media that can store program codes. .
  • FIG. 20 is a schematic structural diagram of a device 200 provided by an embodiment of the present application.
  • the device 200 shown in FIG. 20 may be the first node and the second node in FIG. 4 and FIG. 5 .
  • the device 200 shown in FIG. 20 may optionally be the route publishing device and packet forwarding device described above.
  • the Device 200 is optionally implemented by a generic bus architecture.
  • the device 200 includes at least one processor 201 , a communication bus 202 , a memory 203 and at least one network interface 204 .
  • the processor 201 is, for example, a general-purpose CPU, a network processor (network processor, NP), a graphics processing unit (graphics processing unit, GPU), a neural network processor (neural-network processing units, NPU), a data processing unit (data processing unit) , DPU), microprocessor, or one or more integrated circuits for implementing the scheme of the present application.
  • the processor 201 includes an application-specific integrated circuit (application-specific integrated circuit, ASIC), a programmable logic device (programmable logic device, PLD) or a combination thereof.
  • the PLD is, for example, a complex programmable logic device (complex programmable logic device, CPLD), a field-programmable gate array (field-programmable gate array, FPGA), a general array logic (generic array logic, GAL) or any combination thereof.
  • complex programmable logic device complex programmable logic device, CPLD
  • field-programmable gate array field-programmable gate array
  • GAL general array logic
  • the communication bus 202 is used to transfer information between the aforementioned components.
  • the communication bus 202 can be divided into address bus, data bus, control bus and so on. For ease of representation, only one thick line is used in FIG. 20 , but it does not mean that there is only one bus or one type of bus.
  • the memory 203 is, for example, a ROM or other types of static storage devices that can store static information and instructions, another example of a RAM or other types of dynamic storage devices that can store information and instructions, and another example is an electrically erasable programmable read-only memory (electrically erasable Programmable read-only Memory, EEPROM), compact disc read-only memory (CD-ROM) or other optical disc storage, optical disc storage (including compact disc, laser disc, optical disc, digital versatile disc, Blu-ray disc, etc.), Disk storage media or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer, without limitation.
  • the memory 203 exists independently, for example, and is connected to the processor 201 through the communication bus 202 .
  • the memory 203 can also be integrated with the processor 201 .
  • Network interface 204 uses any transceiver-like device for communicating with other devices or a communication network.
  • the network interface 204 includes a wired network interface, and may also include a wireless network interface.
  • the wired network interface may be an Ethernet interface, for example.
  • the Ethernet interface can be an optical interface, an electrical interface or a combination thereof.
  • the wireless network interface may be a wireless local area network (wireless local area networks, WLAN) interface, a cellular network interface or a combination thereof.
  • the processor 201 may include one or more CPUs.
  • the device 200 may include multiple processors. Each of these processors can be a single-core processor (single-CPU) or a multi-core processor (multi-CPU).
  • a processor herein may refer to one or more devices, circuits, and/or processing cores for processing data such as computer program instructions.
  • the memory 203 is used to store the program code 210 for implementing the solution of the present application, and the processor 201 can execute the program code 210 stored in the memory 203 . That is, the device 200 can use the processor 201 and the program code 210 in the memory 203 to implement the route advertisement method and/or the packet forwarding method provided by the method embodiment.
  • FIG. 21 is a schematic structural diagram of a device 300 provided in an embodiment of the present application.
  • the device 200 shown in FIG. 21 may be the first node and the second node in FIG. 4 and FIG. 5 .
  • the device 300 shown in FIG. 21 can optionally be the route publishing device and packet forwarding device described above.
  • the device 300 includes: a main control board 310 and an interface board 330 .
  • the main control board is also called a main processing unit (main processing unit, MPU) or a route processing card (route processor card). Equipment maintenance, protocol processing functions.
  • the main control board 310 includes: a central processing unit 311 and a memory 312 (the memory 312 is not shown in FIG. 21 ).
  • the interface board 330 is also called a line interface unit card (line processing unit, LPU), a line card (line card), or a service board.
  • the interface board 330 is used to provide various service interfaces and implement forwarding of data packets.
  • the service interface includes but is not limited to an Ethernet interface, a POS (packet over sONET/SDH) interface, etc., and the Ethernet interface is, for example, a flexible ethernet service interface (flexible ethernet clients, FlexE clients).
  • the interface board 330 includes: a central processing unit 331 , a network processor 332 , a forwarding entry storage 334 and a physical interface card (physical interface card, PIC) 333 .
  • the central processor 331 on the interface board 330 is used to control and manage the interface board 330 and communicate with the central processor 311 on the main control board 310 .
  • the network processor 332 is configured to implement message forwarding processing and/or route publishing processing.
  • the form of the network processor 332 is, for example, a forwarding chip.
  • the network processor 332 is used to forward the received message based on the forwarding table stored in the forwarding table item storage 334, and if the destination address of the message is the address of the device 300, the message is sent to the CPU (such as If the destination address of the message is not the address of the device 300, the next hop and the outgoing interface corresponding to the destination address are found from the forwarding table according to the destination address, and the message is forwarded to the destination The outbound interface corresponding to the address.
  • the physical interface card 333 is used to implement the interconnection function of the physical layer.
  • the original traffic enters the interface board 330 through this, and the processed packets are sent out from the physical interface card 333 .
  • the physical interface card 333 is also called a daughter card, which can be installed on the interface board 330, and is responsible for converting the photoelectric signal into a message, checking the validity of the message and forwarding it to the network processor 332 for processing.
  • the central processing unit can also perform the functions of the network processor 332 , such as implementing software forwarding based on a general-purpose CPU, so that the network processor 332 is not required in the physical interface card 333 .
  • the device 300 includes multiple interface boards.
  • the device 300 further includes an interface board 340 , and the interface board 340 includes: a central processing unit 341 , a network processor 342 , a forwarding entry storage 344 and a physical interface card 343 .
  • the device 300 further includes a switching fabric unit 320 .
  • the SFU 320 is also called, for example, a switch fabric unit (SFU).
  • SFU switch fabric unit
  • the SFU board 320 is used to complete data exchange between the interface boards.
  • the interface board 330 communicates with the interface board 340 through, for example, the switching fabric board 320 .
  • the main control board 310 is coupled to the interface board 330 .
  • the main control board 310 , the interface board 330 and the interface board 340 , and the switching fabric board 320 are connected to the system backplane through the system bus to realize intercommunication.
  • an inter-process communication protocol IPC
  • IPC inter-process communication
  • the device 300 includes a control plane and a forwarding plane.
  • the control plane includes a main control board 310 and a central processing unit 331.
  • the forwarding plane includes various components for performing forwarding, such as a forwarding entry storage 334, a physical interface card 333, and a network processor. 332.
  • the control plane executes routers, generates forwarding tables, processes signaling and protocol packets, configures and maintains device status, and other functions.
  • the control plane sends the generated forwarding tables to the forwarding plane.
  • the network processor 332 The issued forwarding table looks up and forwards the packets received by the physical interface card 333 .
  • the forwarding table issued by the control plane is saved in the forwarding table item storage 334, for example.
  • the control plane and the forwarding plane are, for example, completely separated and not on the same device.
  • the operations on the interface board 340 are the same as those on the interface board 330 , and will not be repeated for brevity.
  • the device 300 in this embodiment may correspond to the first node or the second node in the above method embodiments, and the main control board 310, the interface board 330 and/or 340 in the device 300, for example, implement the first node in the above method embodiments
  • the functions and/or various steps implemented by a node or the second node are not repeated here.
  • main control boards there may be one or more main control boards, and when there are multiple main control boards, it includes, for example, an active main control board and a standby main control board. There may be one or more interface boards. The stronger the data processing capability of the network device, the more interface boards it provides. There may also be one or more physical interface cards on the interface board. There may be no SFU, or there may be one or more SFUs. When there are multiple SFUs, they can jointly implement load sharing and redundant backup.
  • the present application provides a computer program product comprising computer instructions stored in a computer readable storage medium.
  • the processor of the route publishing device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions, so that the route publishing device executes the route publishing method.
  • the present application provides a computer program product comprising computer instructions stored in a computer readable storage medium.
  • the processor of the message forwarding device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions, so that the message forwarding device executes the method for forwarding messages.
  • first and second in the description and claims of the embodiments of the present application are used to distinguish different objects, not to describe a specific order of objects, nor can they be interpreted as indicating or implying relative importance sex.
  • a first device and a second device are used to distinguish different devices rather than to describe a specific device.
  • the above-mentioned embodiments may be fully or partially implemented by software, hardware, firmware or any combination thereof.
  • software When implemented using software, it may be implemented in whole or in part in the form of a computer program product.
  • the computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on the computer, all or part of the processes or functions described in accordance with the embodiments of the present application will be generated.
  • the computer can be a general purpose computer, a special purpose computer, a computer network, or other programmable devices.
  • the computer instructions may be stored in or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be transmitted from a website, computer, server or data center Transmission to another website site, computer, server, or data center by wired (eg, coaxial cable, fiber optic, digital subscriber line (DSL)) or wireless (eg, infrared, wireless, microwave, etc.) means.
  • the computer-readable storage medium may be any available medium that can be accessed by a computer, or a data storage device such as a server or a data center integrated with one or more available media.
  • the available medium may be a magnetic medium (for example, a floppy disk, a hard disk, a tape), an optical medium (such as a digital video disk (DVD)), or a semiconductor medium (for example, a solid state disk (solid state disk, SSD) etc. .
  • a magnetic medium for example, a floppy disk, a hard disk, a tape
  • an optical medium such as a digital video disk (DVD)
  • DVD digital video disk
  • semiconductor medium for example, a solid state disk (solid state disk, SSD) etc.

Abstract

The present application relates to the technical field of network communications, and provides a route publishing method and apparatus, a packet forwarding method and apparatus, a device, and a storage medium. In the present application, when a VPN route is published between autonomous systems, a second node of the second autonomous system sends a first route message to a first node of the first autonomous system, wherein the first route message comprises a VPN SID, a prefix address associated with the VPN SID, and a first next hop. After receiving the first route message, the first node of the first autonomous system modifies the next hop without modifying the VPN SID to obtain a second route message. The first node announces the second route message in the first autonomous system. In this way, when a VPN route is published between autonomous systems, the VPN SID is not modified, and thus, the route publishing process can be simplified.

Description

路由发布和转发报文的方法、装置、设备和存储介质Method, device, equipment and storage medium for routing, publishing and forwarding messages
本申请要求于2021年06月29日提交的申请号为202110726967.8、发明名称为“路由发布和转发报文的方法、装置、设备和存储介质”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of the Chinese patent application with the application number 202110726967.8 and the title of the invention "method, device, equipment and storage medium for routing, publishing and forwarding messages" submitted on June 29, 2021, the entire content of which is incorporated by reference incorporated in this application.
技术领域technical field
本申请涉及网络通信技术领域,特别涉及一种路由发布和转发报文的方法、装置、设备和存储介质。The present application relates to the technical field of network communication, in particular to a method, device, device and storage medium for routing, publishing and forwarding messages.
背景技术Background technique
互联网被分为多个自治域(autonomous system,AS),不同的自治域之间运行多协议边界网关协议(multi-protocol external border gateway protocol,MP-EBGP)。自治域中的边缘路由设备通过MP-EBGP将该自治域内所有的虚拟专用网络(virtual private network,VPN)路由信息,发布给另一个自治域的边缘路由设备。该另一个自治域中的边缘路由设备为接收到的VPN路由信息重新分配标签,并在自身所在的自治域内进行通告。The Internet is divided into multiple autonomous systems (ASs), and the multi-protocol external border gateway protocol (MP-EBGP) runs between different ASs. The edge routing device in the autonomous domain publishes all virtual private network (virtual private network, VPN) routing information in the autonomous domain to the edge routing device in another autonomous domain through MP-EBGP. The edge routing device in the other autonomous domain redistributes a label for the received VPN routing information, and advertises it in the autonomous domain where it is located.
这样,各个自治域的边缘路由设备为所有VPN路由信息分配标签,处理复杂度高。In this way, the edge routing devices of each autonomous domain assign labels to all VPN routing information, and the processing complexity is high.
发明内容Contents of the invention
本申请提供了一种路由发布和转发报文的方法、装置、设备和存储介质,能够简化路由发布过程和报文转发过程。The present application provides a method, device, device and storage medium for route publishing and message forwarding, which can simplify the process of route publishing and message forwarding.
第一方面,本申请提供了一种路由发布的方法,该方法应用于第一自治域的第一节点,第一节点为第一自治域的边缘路由设备,该方法包括:接收第二自治域的第二节点发送的第一路由消息,其中,第二节点为第二自治域的边缘路由设备,第一路由消息中包括VPN SID、VPN SID关联的前缀地址和第一下一跳,第一下一跳为第二节点,第一路由消息用于发送去往前缀地址的报文;获得第二路由消息,其中,第二路由消息包括VPN SID、前缀地址和第二下一跳,第二下一跳为第一节点,第一路由消息中的VPN SID与第二路由消息中的VPN SID相同;在第一自治域通告第二路由消息,其中,第二路由消息用于发送去往前缀地址的报文。In a first aspect, the present application provides a method for routing distribution, the method is applied to a first node in a first autonomous domain, and the first node is an edge routing device in the first autonomous domain, and the method includes: receiving The first routing message sent by the second node of the second node, wherein the second node is the edge routing device of the second autonomous domain, the first routing message includes the VPN SID, the prefix address associated with the VPN SID, and the first next hop, the first The next hop is the second node, and the first routing message is used to send the message to the prefix address; the second routing message is obtained, wherein the second routing message includes the VPN SID, the prefix address and the second next hop, and the second The next hop is the first node, and the VPN SID in the first routing message is the same as the VPN SID in the second routing message; the second routing message is advertised in the first autonomous domain, wherein the second routing message is used to send to the prefix address message.
本申请所示的方案,VPN段标识(segment identifier)SID是一种段路由互联网协议第六版(segment routing internet protocol version6,SRv6)SID。第一节点为第一自治域的边缘路由设备。第二节点为第二自治域的边缘路由设备。在自治域间发布VPN路由时,第一节点接收第二自治域的第二节点发送的第一路由消息,第一节点获得第二路由消息。第二路由消息中的前缀地址与第一路由消息中的前缀地址相同;第二路由消息中的VPN SID与第一路由消息中的VPN SID相同;第二路由消息中的下一跳与第一路由消息中的下一跳不相同。第一节点在第一自治域中通告第二路由消息。这样,在自治域间发布VPN路由时,自治域的边缘路 由设备没有修改VPN SID,能够简化路由发布的过程。In the scheme shown in this application, the VPN segment identifier (segment identifier) SID is a segment routing internet protocol version 6 (segment routing internet protocol version 6, SRv6) SID. The first node is an edge routing device of the first autonomous domain. The second node is an edge routing device of the second autonomous domain. When a VPN route is advertised between autonomous domains, the first node receives the first routing message sent by the second node in the second autonomous domain, and the first node obtains the second routing message. The prefix address in the second routing message is the same as the prefix address in the first routing message; the VPN SID in the second routing message is the same as the VPN SID in the first routing message; the next hop in the second routing message is the same as the first The next hops in routing messages are not the same. The first node advertises the second routing message in the first autonomous domain. In this way, when the VPN routes are advertised between autonomous domains, the edge routing devices of the autonomous domains do not modify the VPN SID, which simplifies the process of routing advertisement.
在一种可能的实现方式中,该方法还包括:将第一路由消息中的VPN SID和第一下一跳对应添加至路由表。这样,这样,能够转发发往第一路由消息中的前缀地址的报文。In a possible implementation manner, the method further includes: adding the VPN SID in the first routing message and the first next hop correspondingly to the routing table. In this way, in this way, the message sent to the prefix address in the first routing message can be forwarded.
在一种可能的实现方式中,接收第二自治域的第二节点发送的第一路由消息,包括:通过外部边界网关协议(external border gateway protocol,EBGP)接收第二自治域的第二节点发送的第一路由消息。这样,能够实现自治域间的路由发布。In a possible implementation manner, receiving the first routing message sent by the second node in the second autonomous domain includes: receiving the routing message sent by the second node in the second autonomous domain through an external border gateway protocol (external border gateway protocol, EBGP). The first routing message for . In this way, route advertisement between autonomous domains can be realized.
在一种可能的实现方式中,第一路由消息中还包括着色(color)参数,该color参数为第二自治域内配置的color参数;在第一自治域通告第二路由消息之前,还包括:若第一节点上配置的color参数与第一路由消息中的color参数不一致,则修改第二路由消息中的color参数为第一节点上配置的color参数。In a possible implementation manner, the first routing message further includes a coloring (color) parameter, where the color parameter is a color parameter configured in the second autonomous domain; before the first autonomous domain notifies the second routing message, it further includes: If the color parameter configured on the first node is inconsistent with the color parameter in the first routing message, modify the color parameter in the second routing message to be the color parameter configured on the first node.
本申请所示的方案,第一节点上配置有color参数,若第一节点上配置的color参数与第一路由消息中的color参数不一致,则第一节点可以修改第二路由消息中的color参数为第一节点上配置的color参数。这样,能够使得各自治域灵活使用color参数。In the solution shown in this application, the color parameter is configured on the first node. If the color parameter configured on the first node is inconsistent with the color parameter in the first routing message, the first node can modify the color parameter in the second routing message It is the color parameter configured on the first node. In this way, each autonomous domain can flexibly use the color parameter.
在一种可能的实现方式中,第一路由消息中不包括color参数;在第一自治域通告第二路由消息之前,还包括:若第一节点配置有color参数,则在第二路由消息中添加第一节点上配置的color参数。这样,第二自治域没有配置color参数,而第一自治域配置有color参数,能够使得各自治域灵活使用SRv6隧道。In a possible implementation, the first routing message does not include the color parameter; before the first autonomous domain notifies the second routing message, it also includes: if the first node is configured with the color parameter, then in the second routing message Add the color parameter configured on the first node. In this way, the color parameter is not configured in the second autonomous domain, but the color parameter is configured in the first autonomous domain, so that each autonomous domain can flexibly use the SRv6 tunnel.
第二方面,本申请提供了一种路由发布的方法,该方法应用于第二自治域的第二节点,第二节点为第二自治域的边缘路由设备,该方法包括:接收第二自治域的第三节点发送的第三路由消息,其中,第三路由消息中包括VPN SID、VPN SID关联的前缀地址和第三下一跳,第三下一跳为第三节点,第三路由消息用于发送去往前缀地址的报文;获得第一路由消息,其中,第一路由消息包括VPN SID、前缀地址和第一下一跳,第一下一跳为第二节点,第一路由消息中的VPN SID与第三路由消息中的VPN SID相同;向第一自治域的第一节点发送第一路由消息,其中,第一节点为第一自治域的边缘路由设备,第一路由消息用于发送去往前缀地址的报文。In a second aspect, the present application provides a method for routing distribution, the method is applied to a second node in a second autonomous domain, and the second node is an edge routing device in the second autonomous domain, the method includes: receiving the second autonomous domain The third routing message sent by the third node, wherein, the third routing message includes the VPN SID, the prefix address associated with the VPN SID and the third next hop, the third next hop is the third node, and the third routing message uses To send the message to the prefix address; obtain the first routing message, wherein the first routing message includes VPN SID, prefix address and the first next hop, the first next hop is the second node, in the first routing message The VPN SID in the third routing message is the same as the VPN SID in the third routing message; the first routing message is sent to the first node in the first autonomous domain, where the first node is an edge routing device in the first autonomous domain, and the first routing message is used for Send packets destined for the prefix address.
本申请所示的方案,第二自治域的第二节点接收第二自治域的第三节点发送的第三路由消息,第二节点获得第一路由消息。第一路由消息中的前缀地址与第三路由消息中的前缀地址相同;第一路由消息中的VPN SID与第三路由消息中的VPN SID相同;第一路由消息中的下一跳与第三路由消息中的下一跳不相同。第二节点向第一自治域的第一节点发送第一路由消息。这样,在自治域间发布VPN路由时,自治域的边缘路由设备没有修改VPN SID,能够简化路由发布的过程。In the solution shown in this application, the second node in the second autonomous domain receives the third routing message sent by the third node in the second autonomous domain, and the second node obtains the first routing message. The prefix address in the first routing message is the same as the prefix address in the third routing message; the VPN SID in the first routing message is the same as the VPN SID in the third routing message; the next hop in the first routing message is the same as the third routing message The next hops in routing messages are not the same. The second node sends the first routing message to the first node in the first autonomous domain. In this way, when the VPN routes are advertised between autonomous domains, the edge routing devices of the autonomous domains do not modify the VPN SID, which simplifies the route advertisement process.
在一种可能的实现方式中,该方法还包括:将第三路由消息中的VPN SID和第三下一跳对应添加至路由表。这样,能够转发发往第三路由消息中的前缀地址的报文。In a possible implementation manner, the method further includes: adding the VPN SID in the third routing message and the third next hop correspondingly to the routing table. In this way, the message sent to the prefix address in the third routing message can be forwarded.
在一种可能的实现方式中,向第一自治域的第一节点发送第一路由消息,包括:通过EBGP向第一自治域的第一节点发送第一路由消息。这样,能够实现自治域间的路由发布。In a possible implementation manner, sending the first routing message to the first node in the first autonomous domain includes: sending the first routing message to the first node in the first autonomous domain through EBGP. In this way, route advertisement between autonomous domains can be realized.
第三方面,本申请提供了一种转发报文的方法,该方法应用于第二自治域的第二节点,第二节点为第二自治域的边缘路由设备,该方法包括:接收第一自治域的第一节点发送的第一报文,其中,第一节点为第一自治域的边缘路由设备,第一报文包括VPN SID,第一报文为去往VPN SID关联的前缀地址的SRv6报文;基于VPN SID确定第一报文在第二自治域的 转发策略;基于转发策略,发送第一报文,其中,基于转发策略发送的第一报文包括的VPN SID与接收到的第一报文包括的VPN SID相同。In a third aspect, the present application provides a method for forwarding packets, the method is applied to a second node in a second autonomous domain, and the second node is an edge routing device in the second autonomous domain, the method includes: receiving the first autonomous The first message sent by the first node of the domain, wherein the first node is the edge routing device of the first autonomous domain, the first message includes the VPN SID, and the first message is the SRv6 address sent to the prefix address associated with the VPN SID. message; determine the forwarding policy of the first message in the second autonomous domain based on the VPN SID; The VPN SID included in a packet is the same.
本申请所示的方案,第二自治域的第二节点接收第一自治域的第一节点发送的第一报文,使用VPN SID确定第一报文在第二自治域的转发策略。然后第二节点基于转发策略,发送第一报文。第二节点接收到的第一报文和第二节点发送的第一报文中的VPN SID相同。这样,在自治域之间转发报文时,无需修改VPN SID,能够简化报文转发过程。In the solution shown in this application, the second node in the second autonomous domain receives the first message sent by the first node in the first autonomous domain, and uses the VPN SID to determine the forwarding policy of the first message in the second autonomous domain. Then the second node sends the first packet based on the forwarding policy. The first packet received by the second node is the same as the VPN SID in the first packet sent by the second node. In this way, when packets are forwarded between autonomous domains, there is no need to modify the VPN SID, which simplifies the packet forwarding process.
在一种可能的实现方式中,基于VPN SID确定第一报文在第二自治域的转发策略,包括:若VPN SID关联有SRv6 Policy隧道信息,则确定第一报文在第二自治域的转发策略为基于SRv6 Policy隧道的策略;若VPN SID未关联有SRv6策略(Policy)隧道信息,则确定第一报文在第二自治域的转发策略为基于SRv6最小代价(best effort,BE)隧道的策略。这样,通过VPN SID是否关联有SRv6 Policy隧道信息,能够准确确定转发策略。In a possible implementation manner, determining the forwarding policy of the first message in the second autonomous domain based on the VPN SID includes: if the VPN SID is associated with SRv6 Policy tunnel information, determining the forwarding policy of the first message in the second autonomous domain The forwarding policy is based on the SRv6 Policy tunnel; if the VPN SID is not associated with SRv6 policy (Policy) tunnel information, then determine that the forwarding policy of the first packet in the second autonomous domain is based on the SRv6 best effort (BE) tunnel strategy. In this way, the forwarding policy can be accurately determined according to whether the VPN SID is associated with SRv6 Policy tunnel information.
在一种可能的实现方式中,该方法还包括:接收第二自治域的第三节点发送的第三路由消息,其中,第三路由消息中包括VPN SID、前缀地址和下一跳,第三路由消息中的下一跳为第三节点;将第三路由消息中的VPN SID和下一跳对应添加至路由表。In a possible implementation, the method further includes: receiving a third routing message sent by a third node in the second autonomous domain, where the third routing message includes the VPN SID, prefix address and next hop, and the third routing message includes: The next hop in the routing message is the third node; the VPN SID and the next hop in the third routing message are correspondingly added to the routing table.
本申请所示的方案中,在路由发布过程中,第二节点在自身的路由表中,添加VPN SID和下一跳。在报文转发过程中,第二节点能够在路由表中基于VPN SID查找下一跳,实现报文的快速转发。In the scheme shown in this application, during the route publishing process, the second node adds the VPN SID and the next hop in its own routing table. During the message forwarding process, the second node can search the next hop based on the VPN SID in the routing table to realize fast forwarding of the message.
在一种可能的实现方式中,基于转发策略,发送第一报文,包括:若转发策略为基于SRv6 Policy隧道的策略,则基于VPN SID在路由表中对应的下一跳,在第一报文封装SRv6 Policy隧道信息,获得第二报文;发送第二报文;若转发策略为基于SRv6 BE隧道的策略,则使用下一跳对应的出接口发送第一报文。这样,第二自治域中能够通过不同的SRv6隧道转发报文。In a possible implementation, the first message is sent based on the forwarding policy, including: if the forwarding policy is a policy based on the SRv6 Policy tunnel, then based on the next hop corresponding to the VPN SID in the routing table, in the first message Encapsulate the SRv6 Policy tunnel information in the document to obtain the second packet; send the second packet; if the forwarding policy is based on the SRv6 BE tunnel, use the outbound interface corresponding to the next hop to send the first packet. In this way, packets in the second autonomous domain can be forwarded through different SRv6 tunnels.
在一种可能的实现方式中,该方法还包括:获得第一路由消息,其中,第一路由消息包括VPN SID、前缀地址和第一路由信息的下一跳,第一路由消息的下一跳为第二节点,第一路由消息中的VPN SID与第三路由消息中的VPN SID相同;向第一节点发送第一路由消息。In a possible implementation, the method further includes: obtaining the first routing message, wherein the first routing message includes the VPN SID, the prefix address and the next hop of the first routing information, and the next hop of the first routing message Be the second node, the VPN SID in the first routing message is the same as the VPN SID in the third routing message; send the first routing message to the first node.
本申请所示的方案,在路由发布过程中,第二节点获得第一路由消息,第一路由消息中的前缀地址与第三路由消息中的前缀地址相同;第一路由消息中的VPN SID与第三路由消息中的VPN SID相同;第一路由消息中的下一跳与第三路由消息中的下一跳不相同。第二节点向第一自治域的第二节点发送第一路由消息。这样,在自治域间发布VPN路由时,自治域的边缘路由设备没有修改VPN SID,能够简化路由发布的过程。In the scheme shown in this application, in the routing announcement process, the second node obtains the first routing message, and the prefix address in the first routing message is the same as the prefix address in the third routing message; the VPN SID in the first routing message is the same as The VPN SID in the third routing message is the same; the next hop in the first routing message is different from the next hop in the third routing message. The second node sends the first routing message to the second node in the first autonomous domain. In this way, when the VPN routes are advertised between autonomous domains, the edge routing devices of the autonomous domains do not modify the VPN SID, which simplifies the route advertisement process.
在一种可能的实现方式中,第二节点接收的第一报文的互联网协议第六版(internet protocol version 6,IPv6)报文头中的目的地址字段包括VPN SID。In a possible implementation manner, the destination address field in the Internet protocol version 6 (internet protocol version 6, IPv6) packet header of the first packet received by the second node includes the VPN SID.
第四方面,本申请提供了一种转发报文的方法,该方法应用于第一自治域的第一节点,第一节点为第一自治域的边缘路由设备,该方法包括:接收第一报文,其中,第一报文包括VPN SID,第一报文为去往VPN SID关联的前缀地址的SRV6报文;基于VPN SID确定下一跳,其中,该下一跳是第二自治域的第二节点,第二节点为第二自治域的边缘路由设备;基于下一跳,发送第一报文,其中,发送的第一报文中包括的VPN SID与接收到的第一报文中包括的VPN SID相同。In a fourth aspect, the present application provides a method for forwarding a message, the method is applied to a first node in a first autonomous domain, and the first node is an edge routing device in the first autonomous domain, and the method includes: receiving the first message The first message includes the VPN SID, and the first message is an SRV6 message destined for the prefix address associated with the VPN SID; the next hop is determined based on the VPN SID, and the next hop is the second autonomous domain The second node, the second node is the edge routing device of the second autonomous domain; based on the next hop, the first message is sent, wherein, the VPN SID included in the first message sent is the same as that in the received first message The included VPN SID is the same.
本申请所示的方案,第一自治域的第一节点接收第一报文,基于第一报文中的VPN SID 确定下一跳,然后基于该下一跳发送第一报文。第一节点发送的第一报文中包括的VPN SID与接收到的第一报文中包括的VPN SID相同。这样,在自治域之间转发报文时,无需修改VPN SID,能够简化报文转发过程。In the solution shown in this application, the first node in the first autonomous domain receives the first message, determines the next hop based on the VPN SID in the first message, and then sends the first message based on the next hop. The VPN SID included in the first packet sent by the first node is the same as the VPN SID included in the received first packet. In this way, when packets are forwarded between autonomous domains, there is no need to modify the VPN SID, which simplifies the packet forwarding process.
在一种可能的实现方式中,在基于VPN SID确定下一跳之前,该方法还包括:接收第二节点发送的第一路由消息,其中,第一路由消息包括VPN SID、前缀地址和下一跳;将第一路由消息中的VPN SID和下一跳对应添加至路由表;基于VPN SID确定下一跳,包括:在路由表中,确定VPN SID对应的下一跳。In a possible implementation, before determining the next hop based on the VPN SID, the method further includes: receiving a first routing message sent by the second node, wherein the first routing message includes the VPN SID, the prefix address and the next hop Hop; The VPN SID in the first routing message and the next hop are correspondingly added to the routing table; Determine the next hop based on the VPN SID, including: in the routing table, determine the next hop corresponding to the VPN SID.
本申请所示的方案中,在路由发布过程中,第一节点在自身的路由表中,添加VPN SID和下一跳。在报文转发过程中,第一节点能够在路由表中基于VPN SID查找下一跳,实现报文的快速转发。In the scheme shown in this application, during the route publishing process, the first node adds the VPN SID and the next hop in its own routing table. During the message forwarding process, the first node can search the next hop based on the VPN SID in the routing table to realize fast forwarding of the message.
在一种可能的实现方式中,该方法还包括:获得第二路由消息,其中,第二路由消息包括VPN SID、前缀地址和第二路由消息的下一跳,第二路由消息的下一跳为第一节点,第一路由消息中的VPN SID与第二路由消息中的VPN SID相同;在第一自治域通告第二路由消息。In a possible implementation, the method further includes: obtaining a second routing message, where the second routing message includes the next hop of the VPN SID, the prefix address and the second routing message, and the next hop of the second routing message Be the first node, the VPN SID in the first routing message is the same as the VPN SID in the second routing message; advertise the second routing message in the first autonomous domain.
本申请所示的方案,在路由发布过程中,第一节点获得第二路由消息,第二路由消息中的前缀地址与第一路由消息中的前缀地址相同;第二路由消息中的VPN SID与第一路由消息中的VPN SID相同;第二路由消息中的下一跳与第一路由消息中的下一跳不相同。第一节点在第一自治域中通告第二路由消息。这样,在自治域间发布VPN路由时,自治域的边缘路由设备没有修改VPN SID,能够简化路由发布的过程。In the scheme shown in this application, in the routing publishing process, the first node obtains the second routing message, and the prefix address in the second routing message is the same as the prefix address in the first routing message; the VPN SID in the second routing message is the same as The VPN SID in the first routing message is the same; the next hop in the second routing message is different from the next hop in the first routing message. The first node advertises the second routing message in the first autonomous domain. In this way, when the VPN routes are advertised between autonomous domains, the edge routing devices of the autonomous domains do not modify the VPN SID, which simplifies the route advertisement process.
在一种可能的实现方式中,接收第一报文,包括:通过SRv6 BE隧道或者SRv6 Policy隧道,接收第一报文。这样,能够在第一自治域中灵活使用SRv6隧道。In a possible implementation manner, receiving the first message includes: receiving the first message through an SRv6 BE tunnel or an SRv6 Policy tunnel. In this way, the SRv6 tunnel can be flexibly used in the first autonomous domain.
在一种可能的实现方式中,发送的第一报文的IPv6报文头中的目的地址字段包括VPN SID。这样,能够基于VPN SID转发第一报文。In a possible implementation manner, the destination address field in the IPv6 packet header of the first packet sent includes the VPN SID. In this way, the first packet can be forwarded based on the VPN SID.
第五方面,本申请提供了一种路由发布的装置,应用于第一自治域的第一节点,所述第一节点为所述第一自治域的边缘路由设备,所述装置包括:In a fifth aspect, the present application provides a device for publishing routes, which is applied to a first node in a first autonomous domain, where the first node is an edge routing device of the first autonomous domain, and the device includes:
接收模块,用于接收第二自治域的第二节点发送的第一路由消息,其中,所述第二节点为所述第二自治域的边缘路由设备,所述第一路由消息中包括VPN SID、所述VPN SID关联的前缀地址和第一下一跳,所述第一下一跳为所述第二节点,所述第一路由消息用于发送去往所述前缀地址的报文;A receiving module, configured to receive a first routing message sent by a second node of a second autonomous domain, wherein the second node is an edge routing device of the second autonomous domain, and the first routing message includes a VPN SID . The prefix address associated with the VPN SID and the first next hop, the first next hop is the second node, and the first routing message is used to send a message destined for the prefix address;
发布模块,用于:Release modules for:
获得第二路由消息,其中,所述第二路由消息包括所述VPN SID、所述前缀地址和第二下一跳,所述第二下一跳为所述第一节点,所述第一路由消息中的VPN SID与所述第二路由消息中的VPN SID相同;Obtain a second routing message, wherein the second routing message includes the VPN SID, the prefix address and a second next hop, the second next hop is the first node, and the first routing The VPN SID in the message is identical with the VPN SID in the second routing message;
在所述第一自治域通告所述第二路由消息,其中,所述第二路由消息用于发送去往所述前缀地址的报文。Notifying the second routing message in the first autonomous domain, where the second routing message is used to send packets destined for the prefix address.
在一种可能的实现方式中,所述装置还包括:In a possible implementation manner, the device further includes:
添加模块,用于将所述第一路由消息中的所述VPN SID和所述第一下一跳对应添加至路由表。An adding module, configured to add the VPN SID in the first routing message and the first next hop correspondingly to a routing table.
在一种可能的实现方式中,所述接收模块,用于通过外部边界网关协议EBGP接收第二 自治域的第二节点发送的第一路由消息。In a possible implementation manner, the receiving module is configured to receive the first routing message sent by the second node in the second autonomous domain through an external border gateway protocol (EBGP).
在一种可能的实现方式中,所述第一路由消息中还包括color参数,所述color参数为所述第二自治域内配置的color参数;所述发布模块,还用于在所述第一自治域通告所述第二路由消息之前若所述第一节点配置上的color参数与所述第一路由消息中的color参数不一致,则修改所述第二路由消息中的color参数为所述第一节点上配置的color参数。In a possible implementation manner, the first routing message further includes a color parameter, where the color parameter is a color parameter configured in the second autonomous domain; If the color parameter configured on the first node is inconsistent with the color parameter in the first routing message before the autonomous domain notifies the second routing message, modify the color parameter in the second routing message to be the color parameter in the first routing message. The color parameter configured on a node.
在一种可能的实现方式中,所述第一路由消息中不包括color参数;In a possible implementation manner, the color parameter is not included in the first routing message;
所述发布模块,还用于在所述第一自治域通告所述第二路由消息之前,若所述第一节点配置有color参数,则在所述第二路由消息中添加所述第一节点上配置的color参数。The publishing module is further configured to add the first node in the second routing message if the first node is configured with a color parameter before the first autonomous domain notifies the second routing message The color parameter configured above.
第六方面,本申请提供了一种路由发布的装置,应用于第二自治域的第二节点,所述第二节点为所述第二自治域的边缘路由设备,所述装置包括:In a sixth aspect, the present application provides a device for publishing routes, which is applied to a second node in a second autonomous domain, where the second node is an edge routing device in the second autonomous domain, and the device includes:
接收模块,用于接收所述第二自治域的第三节点发送的第三路由消息,其中,第三路由消息中包括VPN SID、所述VPN SID关联的前缀地址和第三下一跳,所述第三下一跳为所述第三节点,所述第三路由消息用于发送去往所述前缀地址的报文;A receiving module, configured to receive a third routing message sent by a third node in the second autonomous domain, wherein the third routing message includes a VPN SID, a prefix address associated with the VPN SID, and a third next hop, the The third next hop is the third node, and the third routing message is used to send a message destined for the prefix address;
发布模块,用于获得第一路由消息,其中,所述第一路由消息包括所述VPN SID、所述前缀地址和第一下一跳,所述第一下一跳为所述第二节点,所述第一路由消息中的VPN SID与所述第三路由消息中的VPN SID相同;A publishing module, configured to obtain a first routing message, wherein the first routing message includes the VPN SID, the prefix address and a first next hop, the first next hop being the second node, The VPN SID in the first routing message is identical to the VPN SID in the third routing message;
发送模块,用于向第一自治域的第一节点发送所述第一路由消息,其中,所述第一节点为所述第一自治域的边缘路由设备,所述第一路由消息用于发送去往所述前缀地址的报文。A sending module, configured to send the first routing message to a first node in the first autonomous domain, where the first node is an edge routing device in the first autonomous domain, and the first routing message is used to send Packets destined for the prefix address.
在一种可能的实现方式中,所述装置还包括:In a possible implementation manner, the device further includes:
添加模块,用于将所述第三路由消息中的所述VPN SID和所述第三下一跳对应添加至路由表。An adding module, configured to add the VPN SID in the third routing message and the third next hop correspondingly to a routing table.
在一种可能的实现方式中,所述发送模块,用于通过EBGP向第一自治域的第一节点发送所述第一路由消息。In a possible implementation manner, the sending module is configured to send the first routing message to the first node in the first autonomous domain through EBGP.
第七方面,本申请提供了一种转发报文的装置,应用于第二自治域的第二节点,所述第二节点为所述第二自治域的边缘路由设备,所述装置包括:In a seventh aspect, the present application provides a device for forwarding messages, which is applied to a second node in a second autonomous domain, where the second node is an edge routing device in the second autonomous domain, and the device includes:
接收模块,用于接收第一自治域的第一节点发送的第一报文,其中,所述第一节点为所述第一自治域的边缘路由设备,所述第一报文包括VPN SID,所述第一报文为去往所述VPN SID关联的前缀地址的SRv6报文;A receiving module, configured to receive a first message sent by a first node in a first autonomous domain, where the first node is an edge routing device in the first autonomous domain, and the first message includes a VPN SID, The first message is an SRv6 message destined for the prefix address associated with the VPN SID;
策略确定模块,用于基于所述VPN SID确定所述第一报文在所述第二自治域的转发策略;A policy determination module, configured to determine a forwarding policy of the first message in the second autonomous domain based on the VPN SID;
发送模块,用于基于所述转发策略,发送所述第一报文,其中,基于所述转发策略发送的第一报文包括的VPN SID与接收到的第一报文包括的VPN SID相同。A sending module, configured to send the first packet based on the forwarding strategy, wherein the VPN SID included in the first packet sent based on the forwarding strategy is the same as the VPN SID included in the received first packet.
在一种可能的实现方式中,所述策略确定模块,用于:In a possible implementation manner, the policy determination module is configured to:
若所述VPN SID关联有SRv6 Policy隧道信息,则确定所述第一报文在所述第二自治域的转发策略为基于所述SRv6 Policy隧道的策略;If the VPN SID is associated with SRv6 Policy tunnel information, then determining that the forwarding strategy of the first message in the second autonomous domain is based on the strategy of the SRv6 Policy tunnel;
若所述VPN SID未关联有SRv6 Policy隧道信息,则确定所述第一报文在所述第二自治域的转发策略为基于SRv6 BE隧道的策略。If the VPN SID is not associated with SRv6 Policy tunnel information, it is determined that the forwarding policy of the first message in the second autonomous domain is a policy based on the SRv6 BE tunnel.
在一种可能的实现方式中,所述接收模块,还用于接收所述第二自治域的第三节点发送的第三路由消息,其中,所述第三路由消息中包括所述VPN SID、所述前缀地址和下一跳,所述第三路由消息中的下一跳为所述第三节点;将所述第三路由消息中的所述VPN SID和所 述下一跳对应添加至路由表。In a possible implementation manner, the receiving module is further configured to receive a third routing message sent by a third node in the second autonomous domain, where the third routing message includes the VPN SID, The prefix address and the next hop, the next hop in the third routing message is the third node; the VPN SID and the next hop in the third routing message are correspondingly added to the route surface.
在一种可能的实现方式中,所述发送模块,用于:In a possible implementation manner, the sending module is configured to:
若所述转发策略为基于SRv6 Policy隧道的策略,则基于所述VPN SID在所述路由表中对应的下一跳,在所述第一报文封装SRv6 Policy隧道信息,获得第二报文;发送所述第二报文;If the forwarding strategy is a strategy based on the SRv6 Policy tunnel, then based on the next hop corresponding to the VPN SID in the routing table, encapsulate the SRv6 Policy tunnel information in the first message to obtain a second message; sending the second message;
若所述转发策略为基于SRv6 BE隧道的策略,则使用所述下一跳对应的出接口发送所述第一报文。If the forwarding policy is a policy based on the SRv6 BE tunnel, then use the outbound interface corresponding to the next hop to send the first packet.
在一种可能的实现方式中,所述装置还包括:发布模块,用于获得第一路由消息,其中,所述第一路由消息包括所述VPN SID、所述前缀地址和所述第一路由信息的下一跳,所述第一路由消息的下一跳为所述第二节点,所述第一路由消息中的VPN SID与所述第三路由消息中的VPN SID相同;In a possible implementation manner, the device further includes: an publishing module, configured to obtain a first routing message, where the first routing message includes the VPN SID, the prefix address, and the first routing message The next hop of the information, the next hop of the first routing message is the second node, and the VPN SID in the first routing message is the same as the VPN SID in the third routing message;
所述发送模块,还向所述第一节点发送所述第一路由消息。The sending module further sends the first routing message to the first node.
在一种可能的实现方式中,接收的所述第一报文的IPv6报文头中的目的地址字段包括所述VPN SID。In a possible implementation manner, the destination address field in the IPv6 packet header of the received first packet includes the VPN SID.
第八方面,本申请提供了一种转发报文的装置,应用于第一自治域的第一节点,所述第一节点为第一自治域的边缘路由设备,所述装置包括:In an eighth aspect, the present application provides a device for forwarding messages, which is applied to a first node in a first autonomous domain, where the first node is an edge routing device in the first autonomous domain, and the device includes:
接收模块,用于接收第一报文,其中,所述第一报文包括VPN SID,所述第一报文为去往所述VPN SID关联的前缀地址的SRV6报文;A receiving module, configured to receive a first message, wherein the first message includes a VPN SID, and the first message is an SRV6 message destined for a prefix address associated with the VPN SID;
下一跳确定模块,用于基于所述VPN SID确定下一跳,其中,所述下一跳是第二自治域的第二节点,所述第二节点为所述第二自治域的边缘路由设备;A next hop determination module, configured to determine a next hop based on the VPN SID, wherein the next hop is a second node of a second autonomous domain, and the second node is an edge route of the second autonomous domain equipment;
发送模块,用于基于所述下一跳,发送所述第一报文,其中,发送的第一报文中包括的VPN SID与接收到的第一报文中包括的VPN SID相同。A sending module, configured to send the first packet based on the next hop, wherein the VPN SID included in the sent first packet is the same as the VPN SID included in the received first packet.
在一种可能的实现方式中,所述接收模块,还用于在基于所述VPN SID确定下一跳之前,接收所述第二节点发送的第一路由消息,其中,所述第一路由消息包括所述VPN SID、所述前缀地址和所述下一跳;将所述第一路由消息中的所述VPN SID和所述下一跳对应添加至路由表;In a possible implementation manner, the receiving module is further configured to receive a first routing message sent by the second node before determining the next hop based on the VPN SID, where the first routing message Including the VPN SID, the prefix address and the next hop; correspondingly adding the VPN SID and the next hop in the first routing message to a routing table;
所述下一跳确定模块,用于在所述路由表中,确定所述VPN SID对应的下一跳。The next hop determining module is configured to determine the next hop corresponding to the VPN SID in the routing table.
在一种可能的实现方式中,所述装置还包括:发布模块,用于获得第二路由消息,其中,所述第二路由消息包括所述VPN SID、所述前缀地址和所述第二路由消息的下一跳,所述第二路由消息的下一跳为所述第一节点,所述第一路由消息中的VPN SID与所述第二路由消息中的VPN SID相同;在所述第一自治域通告所述第二路由消息。In a possible implementation manner, the device further includes: an issuing module, configured to obtain a second routing message, where the second routing message includes the VPN SID, the prefix address, and the second routing message The next hop of the message, the next hop of the second routing message is the first node, and the VPN SID in the first routing message is the same as the VPN SID in the second routing message; in the second routing message An autonomous domain advertises the second routing message.
在一种可能的实现方式中,所述接收模块,用于:In a possible implementation manner, the receiving module is configured to:
通过SRv6 BE隧道或者SRv6 Policy隧道,接收第一报文。Receive the first packet through the SRv6 BE tunnel or SRv6 Policy tunnel.
在一种可能的实现方式中,发送的第一报文的IPv6报文头中的目的地址字段包括所述VPN SID。In a possible implementation manner, the destination address field in the IPv6 packet header of the first packet sent includes the VPN SID.
第九方面,本申请提供了一种路由发布***,该***包括第五方面所述的装置以及如第六方面所述的装置。In a ninth aspect, the present application provides a route publishing system, which includes the device described in the fifth aspect and the device described in the sixth aspect.
第十方面,本申请提供了一种路由发布***,该***包括第七方面所述的装置以及如第八方面所述的装置。In a tenth aspect, the present application provides a route distribution system, which includes the device described in the seventh aspect and the device described in the eighth aspect.
第十一方面,本申请提供了一种路由发布的装置,应用于第一自治域的第一节点,所述第一节点为所述第一自治域的边缘路由设备,所述装置包括处理器和存储器,所述存储器用于存储程序代码,所述处理器用于调用所述存储器中的程序代码以使得所述装置执行第一方面或第一方面任一种可选方式所提供的路由发布的方法。In an eleventh aspect, the present application provides a device for advertising routes, which is applied to a first node in a first autonomous domain, where the first node is an edge routing device of the first autonomous domain, and the device includes a processor and a memory, the memory is used to store program codes, and the processor is used to call the program codes in the memory so that the device executes the route publishing provided in the first aspect or in any optional manner of the first aspect method.
第十二方面,本申请提供了一种路由发布设备,该路由发布设备包括网络接口、存储器和与所述存储器连接的处理器;In a twelfth aspect, the present application provides a route publishing device, which includes a network interface, a memory, and a processor connected to the memory;
所述网络接口,用于接收第二自治域的第二节点发送的第一路由消息;The network interface is configured to receive the first routing message sent by the second node in the second autonomous domain;
所述存储器用于存储程序指令;The memory is used to store program instructions;
所述处理器用于执行所述程序指令,以使所述路由发布设备执行第一方面或第一方面任一种可选方式所提供的路由发布的方法。The processor is configured to execute the program instructions, so that the route publishing device executes the route publishing method provided in the first aspect or any optional manner of the first aspect.
第十三方面,本申请提供了一种计算机可读存储介质,该存储介质中存储有至少一条指令,该指令由处理器读取以使路由发布设备执行上述第一方面或第一方面任一种可选方式所提供的路由发布的方法。In a thirteenth aspect, the present application provides a computer-readable storage medium, at least one instruction is stored in the storage medium, and the instruction is read by a processor so that the route issuing device executes any one of the above-mentioned first aspect or the first aspect. The method of route publishing provided by an optional method.
第十四方面,本申请提供了一种计算机程序产品,该计算机程序产品包括计算机指令,该计算机指令存储在计算机可读存储介质中。路由发布设备的处理器从计算机可读存储介质读取该计算机指令,处理器执行该计算机指令,使得该路由发布设备执行上述第一方面或第一方面任一种可选方式所提供的路由发布的方法。In a fourteenth aspect, the present application provides a computer program product, where the computer program product includes computer instructions, and the computer instructions are stored in a computer-readable storage medium. The processor of the route publishing device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions, so that the route publishing device executes the route publishing provided in the first aspect or any optional method of the first aspect Methods.
第十五方面,本申请提供了一种路由发布的装置,应用于第二自治域的第二节点,所述第二节点为所述第二自治域的边缘路由设备,所述装置包括处理器和存储器,所述存储器用于存储程序代码,所述处理器用于调用所述存储器中的程序代码以使得所述装置执行第二方面或第二方面任一种可选方式所提供的路由发布的方法。In a fifteenth aspect, the present application provides a device for advertising routes, which is applied to a second node in a second autonomous domain, where the second node is an edge routing device in the second autonomous domain, and the device includes a processor and a memory, the memory is used to store program codes, and the processor is used to call the program codes in the memory so that the device executes the route publishing provided in the second aspect or in any optional manner of the second aspect method.
第十六方面,本申请提供了一种路由发布设备,该路由发布设备包括网络接口、存储器和与所述存储器连接的处理器;In a sixteenth aspect, the present application provides a route publishing device, where the route publishing device includes a network interface, a memory, and a processor connected to the memory;
所述网络接口,用于接收第二自治域的第三节点发送的第三路由消息,向第一自治域的第一节点发送第一路由消息;The network interface is configured to receive a third routing message sent by a third node in the second autonomous domain, and send a first routing message to the first node in the first autonomous domain;
所述存储器用于存储程序指令;The memory is used to store program instructions;
所述处理器用于执行所述程序指令,以使所述路由发布设备执行第二方面或第二方面任一种可选方式所提供的路由发布的方法。The processor is configured to execute the program instructions, so that the route publishing device executes the route publishing method provided in the second aspect or any optional manner of the second aspect.
第十七方面,本申请提供了一种计算机可读存储介质,该存储介质中存储有至少一条指令,该指令由处理器读取以使路由发布设备执行第二方面或第二方面任一种可选方式所提供的路由发布的方法。In a seventeenth aspect, the present application provides a computer-readable storage medium, at least one instruction is stored in the storage medium, and the instruction is read by a processor so that the route publishing device executes any one of the second aspect or the second aspect. Optionally the provided route publishing method.
第十八方面,本申请提供了一种计算机程序产品,该计算机程序产品包括计算机指令,该计算机指令存储在计算机可读存储介质中。路由发布设备的处理器从计算机可读存储介质读取该计算机指令,处理器执行该计算机指令,使得该路由发布设备执行第二方面或第二方面任一种可选方式所提供的路由发布的方法。In an eighteenth aspect, the present application provides a computer program product, where the computer program product includes computer instructions, and the computer instructions are stored in a computer-readable storage medium. The processor of the route publishing device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions, so that the route publishing device executes the route publishing provided in the second aspect or in any optional manner of the second aspect. method.
第十九方面,本申请提供了一种转发报文的装置,应用于第二自治域的第二节点,所述第二节点为所述第二自治域的边缘路由设备,所述装置包括处理器和存储器,所述存储器用于存储程序代码,所述处理器用于调用所述存储器中的程序代码以使得所述装置执行第三方面或第三方面任一种可选方式所提供的转发报文的方法。In a nineteenth aspect, the present application provides a device for forwarding messages, which is applied to a second node in a second autonomous domain, where the second node is an edge routing device in the second autonomous domain, and the device includes processing A device and a memory, the memory is used to store program codes, and the processor is used to call the program codes in the memory so that the device executes the forwarding message provided in the third aspect or in any optional manner of the third aspect text method.
第二十方面,本申请提供了一种转发报文设备,该转发报文设备包括网络接口、存储器和与所述存储器连接的处理器;In a twentieth aspect, the present application provides a message forwarding device, where the message forwarding device includes a network interface, a memory, and a processor connected to the memory;
所述网络接口,用于接收第一自治域的第一节点发送的第一报文,基于所述下一跳和所述转发策略,发送第一报文;The network interface is configured to receive a first message sent by a first node in the first autonomous domain, and send the first message based on the next hop and the forwarding policy;
所述存储器用于存储程序指令;The memory is used to store program instructions;
所述处理器用于执行所述程序指令,以使所述转发报文设备执行第三方面或第三方面任一种可选方式所提供的转发报文的方法。The processor is configured to execute the program instructions, so that the packet forwarding device executes the packet forwarding method provided in the third aspect or any optional manner of the third aspect.
第二十一方面,本申请提供了一种计算机可读存储介质,该存储介质中存储有至少一条指令,该指令由处理器读取以使转发报文设备执行第三方面或第三方面任一种可选方式所提供的转发报文的方法。In the twenty-first aspect, the present application provides a computer-readable storage medium, at least one instruction is stored in the storage medium, and the instruction is read by a processor so that the message forwarding device performs any of the third aspect or the third aspect. A method of forwarding packets provided by an optional method.
第二十二方面,本申请提供了一种计算机程序产品,该计算机程序产品包括计算机指令,该计算机指令存储在计算机可读存储介质中。转发报文设备的处理器从计算机可读存储介质读取该计算机指令,处理器执行该计算机指令,使得该转发报文设备执行第三方面或第三方面任一种可选方式所提供的转发报文的方法。In a twenty-second aspect, the present application provides a computer program product, where the computer program product includes computer instructions, and the computer instructions are stored in a computer-readable storage medium. The processor of the message forwarding device reads the computer instruction from the computer-readable storage medium, and the processor executes the computer instruction, so that the message forwarding device performs the forwarding provided by the third aspect or any optional method of the third aspect message method.
第二十三方面,本申请提供了一种转发报文的装置,应用于第一自治域的第一节点,所述第一节点为所述第一自治域的边缘路由设备,所述装置包括处理器和存储器,所述存储器用于存储程序代码,所述处理器用于调用所述存储器中的程序代码以使得所述装置执行第四方面或第四方面任一种可选方式所提供的转发报文的方法。In a twenty-third aspect, the present application provides a device for forwarding messages, which is applied to a first node in a first autonomous domain, where the first node is an edge routing device of the first autonomous domain, and the device includes A processor and a memory, the memory is used to store program codes, and the processor is used to call the program codes in the memory so that the device executes the forwarding provided by the fourth aspect or any optional manner of the fourth aspect message method.
第二十四方面,本申请提供了一种转发报文设备,该转发报文设备包括网络接口、存储器和与所述存储器连接的处理器;In a twenty-fourth aspect, the present application provides a message forwarding device, where the message forwarding device includes a network interface, a memory, and a processor connected to the memory;
所述网络接口,用于接收第一自治域的第一节点发送的第一报文,基于所述下一跳和所述转发策略,发送第一报文;The network interface is configured to receive a first message sent by a first node in the first autonomous domain, and send the first message based on the next hop and the forwarding policy;
所述存储器用于存储程序指令;The memory is used to store program instructions;
所述处理器用于执行所述程序指令,以使所述转发报文设备执行第四方面或第四方面任一种可选方式所提供的转发报文的方法。The processor is configured to execute the program instructions, so that the packet forwarding device executes the packet forwarding method provided in the fourth aspect or any optional manner of the fourth aspect.
第二十五方面,本申请提供了一种计算机可读存储介质,该存储介质中存储有至少一条指令,该指令由处理器读取以使转发报文设备执行第四方面或第四方面任一种可选方式所提供的转发报文的方法。In the twenty-fifth aspect, the present application provides a computer-readable storage medium, at least one instruction is stored in the storage medium, and the instruction is read by a processor so that the message forwarding device performs any of the fourth aspect or the fourth aspect. A method of forwarding packets provided by an optional method.
第二十六方面,本申请提供了一种计算机程序产品,该计算机程序产品包括计算机指令,该计算机指令存储在计算机可读存储介质中。转发报文设备的处理器从计算机可读存储介质读取该计算机指令,处理器执行该计算机指令,使得该转发报文设备执行第四方面或第四方面任一种可选方式所提供的转发报文的方法。In a twenty-sixth aspect, the present application provides a computer program product, where the computer program product includes computer instructions, and the computer instructions are stored in a computer-readable storage medium. The processor of the message forwarding device reads the computer instruction from the computer-readable storage medium, and the processor executes the computer instruction, so that the message forwarding device performs the forwarding provided by the fourth aspect or any optional mode of the fourth aspect. message method.
附图说明Description of drawings
图1是本申请一个示例性实施例提供的SRv6报文的格式示意图;FIG. 1 is a schematic diagram of the format of an SRv6 message provided by an exemplary embodiment of the present application;
图2是本申请一个示例性实施例提供的SRv6 SID的格式示意图;Fig. 2 is a schematic diagram of the format of the SRv6 SID provided by an exemplary embodiment of the present application;
图3是本申请一个示例性实施例提供的两个自治域发布VPN路由信息和转发报文的示意图;FIG. 3 is a schematic diagram of two autonomous domains publishing VPN routing information and forwarding messages provided by an exemplary embodiment of the present application;
图4是本申请一个示例性实施例提供的应用场景示意图;Fig. 4 is a schematic diagram of an application scenario provided by an exemplary embodiment of the present application;
图5是本申请一个示例性实施例提供的应用场景示意图;Fig. 5 is a schematic diagram of an application scenario provided by an exemplary embodiment of the present application;
图6是本申请一个示例性实施例提供的路由发布的方法流程示意图;FIG. 6 is a schematic flowchart of a method for publishing routes provided by an exemplary embodiment of the present application;
图7是本申请一个示例性实施例提供的路由发布的方法流程示意图;FIG. 7 is a schematic flowchart of a method for publishing routes provided by an exemplary embodiment of the present application;
图8是本申请一个示例性实施例提供的路由发布的方法流程示意图;FIG. 8 is a schematic flowchart of a method for publishing routes provided by an exemplary embodiment of the present application;
图9是本申请一个示例性实施例提供的转发报文的方法流程示意图;Fig. 9 is a schematic flowchart of a method for forwarding a message provided by an exemplary embodiment of the present application;
图10是本申请一个示例性实施例提供的转发报文的方法流程示意图;FIG. 10 is a schematic flowchart of a method for forwarding a message provided by an exemplary embodiment of the present application;
图11是本申请一个示例性实施例提供的转发报文的方法流程示意图;Fig. 11 is a schematic flowchart of a method for forwarding a message provided by an exemplary embodiment of the present application;
图12是本申请一个示例性实施例提供的转发报文的方法流程示意图;Fig. 12 is a schematic flowchart of a method for forwarding a message provided by an exemplary embodiment of the present application;
图13是本申请一个示例性实施例提供的转发报文的方法流程示意图;Fig. 13 is a schematic flowchart of a method for forwarding a message provided by an exemplary embodiment of the present application;
图14是本申请一个示例性实施例提供的建立的隧道的示意图;Fig. 14 is a schematic diagram of an established tunnel provided by an exemplary embodiment of the present application;
图15是本申请一个示例性实施例提供的不同自治域使用不同隧道的示意图;Fig. 15 is a schematic diagram of different autonomous domains using different tunnels provided by an exemplary embodiment of the present application;
图16是本申请一个示例性实施例提供的路由发布的装置的结构示意图;Fig. 16 is a schematic structural diagram of a device for advertising routes provided by an exemplary embodiment of the present application;
图17是本申请一个示例性实施例提供的路由发布的装置的结构示意图;Fig. 17 is a schematic structural diagram of a device for advertising routes provided by an exemplary embodiment of the present application;
图18是本申请一个示例性实施例提供的转发报文的装置的结构示意图;FIG. 18 is a schematic structural diagram of a device for forwarding messages provided by an exemplary embodiment of the present application;
图19是本申请一个示例性实施例提供的路由发布的装置的结构示意图;FIG. 19 is a schematic structural diagram of a device for advertising routes provided by an exemplary embodiment of the present application;
图20是本申请一个示例性实施例提供的设备的结构示意图;Fig. 20 is a schematic structural diagram of a device provided by an exemplary embodiment of the present application;
图21是本申请一个示例性实施例提供的设备的结构示意图。Fig. 21 is a schematic structural diagram of a device provided by an exemplary embodiment of the present application.
具体实施方式detailed description
为使本申请的目的、技术方案和优点更加清楚,下面将结合附图对本申请实施方式作进一步地详细描述。In order to make the purpose, technical solution and advantages of the present application clearer, the implementation manners of the present application will be further described in detail below in conjunction with the accompanying drawings.
下面对本申请实施例涉及的一些术语概念做解释说明。Some terms and concepts involved in the embodiments of the present application are explained below.
(1)段路由(segment routing,SR)(1) segment routing (segment routing, SR)
SR是一种基于源路由转发模式的隧道技术。SR的基本设计思想为:在业务流的头节点维护每条流的状态,而无需在中间节点和尾节点维护每条流的状态。头节点和尾节点为SR隧道的头节点和尾节点。SR is a tunneling technology based on source routing forwarding mode. The basic design idea of SR is: maintain the state of each flow at the head node of the service flow, without maintaining the state of each flow at the intermediate node and tail node. The head node and the tail node are the head node and the tail node of the SR tunnel.
(2)SR报文(2) SR message
SR报文包括SR头和互联网协议(internet protocol,IP)报文。SR头封装于IP头和IP载荷(payload)外层。从报文头至报文尾的顺序来看,SR报文中从前之后依次为SR头、IP头、IP载荷。The SR packet includes an SR header and an Internet Protocol (internet protocol, IP) packet. The SR header is encapsulated in the outer layer of the IP header and IP payload. From the sequence of the packet header to the packet tail, the SR packet is followed by the SR header, the IP header, and the IP payload.
其中,SR头通常由SR隧道的头节点添加到报文中。SR头包括SR隧道的路径信息。例如,SR头包括SR隧道中至少一个节点或至少一条链路的信息。Wherein, the SR header is usually added to the message by the head node of the SR tunnel. The SR header includes path information of the SR tunnel. For example, the SR header includes information of at least one node or at least one link in the SR tunnel.
IP报文有时也称为数据报文、业务报文或原始报文。IP载荷包括业务数据。IP报文包括而不限于互联网协议第4版(internet protocol version4,IPv4)报文或者IPv6报文。在IP报文为IPv4报文的情况下,IP头具体为IPv4头。在IP报文为IPv6报文的情况下,IP头具体为IPv6头。IP packets are sometimes called data packets, service packets, or original packets. The IP payload includes service data. The IP packet includes but is not limited to an Internet protocol version 4 (internet protocol version4, IPv4) packet or an IPv6 packet. In the case that the IP packet is an IPv4 packet, the IP header is specifically an IPv4 header. In the case that the IP packet is an IPv6 packet, the IP header is specifically an IPv6 header.
(3)SRv6报文(3) SRv6 message
SRv6报文是SR报文的一种,在SR报文为SRv6报文的情况下,SR报文中的SR头为SRv6头。图1是一种SRv6报文的格式示意图。如图1所示,SRv6头包括IPv6基本头和段 路由头(segment routing header,SRH)。An SRv6 packet is a type of SR packet. If the SR packet is an SRv6 packet, the SR header in the SR packet is an SRv6 header. FIG. 1 is a schematic diagram of the format of an SRv6 packet. As shown in Figure 1, the SRv6 header includes an IPv6 basic header and a segment routing header (segment routing header, SRH).
IPv6基本头包括版本号(version)字段、流量等级(traffic class)字段、流标签(flow label)字段、负载长度(payload length)字段、下一个报文头(next header)字段、有效跳数(hop limit)字段、IPv6报文源地址(source address,SA)字段和IPv6报文目的地址(destination address,SA)字段。下面对IPv6基本头中的一些字段进行解释说明。The IPv6 basic header includes a version number (version) field, a traffic class (traffic class) field, a flow label (flow label) field, a payload length (payload length) field, a next header (next header) field, and an effective hop count ( hop limit) field, IPv6 packet source address (source address, SA) field and IPv6 packet destination address (destination address, SA) field. Some fields in the IPv6 basic header are explained below.
version字段用于标识当前IP的协议版本,值为6。The version field is used to identify the protocol version of the current IP, and the value is 6.
traffic class字段用于标识服务质量(quality of service,QoS)。The traffic class field is used to identify the quality of service (quality of service, QoS).
flow label字段用于指示负载分担。例如,在骨干节点无需根据内层报文头中的内容进行哈希(Hash),只需要根据流标签进行Hash来实现基于流的负载分担。The flow label field is used to indicate load sharing. For example, the backbone node does not need to perform hashing (Hash) according to the content in the inner packet header, but only needs to perform hashing according to the flow label to realize flow-based load sharing.
payload length字段标识SRv6报文中除去IPv6基本头之外的报文负载长度。The payload length field identifies the payload length of the SRv6 packet except the IPv6 basic header.
next header字段标识下一个报文头的类型。The next header field identifies the type of the next header.
hop limit字段标识SRv6报文在路由器之间转发次数,SRv6报文每经过一次转发,该字段减1,减到0时,将该SRv6报文丢弃。The hop limit field identifies the number of times an SRv6 packet is forwarded between routers. Each time an SRv6 packet is forwarded, this field decreases by 1. When it reaches 0, the SRv6 packet is discarded.
SA字段标识SRv6报文的源地址。The SA field identifies the source address of the SRv6 packet.
DA字段标识SRv6报文的目的地址。The DA field identifies the destination address of the SRv6 packet.
SRH包括下一个头(next header)字段、扩展头长度(header extended length)字段、路由类型(routing type)字段、剩余段数量(segments Left,SL)、最后一个段索引(last entry)字段、标志(flags)字段、标签(tag)字段和段列表(Segment List)等,Segment List也可以简称为SID list。SRH includes the next header (next header) field, extended header length (header extended length) field, routing type (routing type) field, the number of remaining segments (segments Left, SL), the last segment index (last entry) field, flag (flags) field, tag (tag) field and segment list (Segment List), etc., Segment List can also be referred to as SID list for short.
下面对SRH中的一些字段进行解释说明。Some fields in the SRH are explained below.
next header字段用于标识SRH的下一个报文头的类型。The next header field is used to identify the type of the next header of the SRH.
header extended length字段用于指示SRH的长度,单位为8字节。The header extended length field is used to indicate the length of the SRH, and the unit is 8 bytes.
routing type字段用于表示路由头的类型,对于SRH而言,routing type字段的值是4。The routing type field is used to indicate the type of the routing header. For SRH, the value of the routing type field is 4.
SL字段用于指示到达目的节点前仍然应当访问的中间节点数量。SL字段的作用相当于一个指针,指向段列表中的活跃SID。例如,若SRH的段列表包括5个SID,分别是SID0、SID1、SID2、SID3以及SID4,而SL取值为2,指示段列表中的活跃SID是SID2。The SL field is used to indicate the number of intermediate nodes that should still be visited before reaching the destination node. The SL field acts as a pointer to the active SID in the segment list. For example, if the segment list of the SRH includes 5 SIDs, namely SID0, SID1, SID2, SID3 and SID4, and the value of SL is 2, it indicates that the active SID in the segment list is SID2.
last entry字段指示SID列表中最后一个段的索引。The last entry field indicates the index of the last segment in the SID list.
tag字段用于标识同组数据包。The tag field is used to identify the same group of data packets.
Segment List包括一个或多个SRv6 SID。每个SRv6 SID是IPv6地址的形式。采用对路径进行逆序排列的方式对Segment List进行编码:最后一个Segment在Segment List的第一个位置(Segment List[0]),第一个Segment在Segment List的最后位置(Segment List[n])。最后一个Segment指SRv6报文最后经过的Segment,第一个Segment是指SRv6报文第一个经过的Segment。The Segment List includes one or more SRv6 SIDs. Each SRv6 SID is in the form of an IPv6 address. The Segment List is encoded by reverse ordering the paths: the last Segment is at the first position of the Segment List (Segment List[0]), and the first Segment is at the last position of the Segment List (Segment List[n]) . The last segment refers to the segment that the SRv6 packet passes through last, and the first segment refers to the segment that the SRv6 packet passes through first.
可选地,SRH还包括一个或多个类型、长度、值(tag length value,TLV)。Optionally, the SRH also includes one or more types, lengths, and values (tag length value, TLV).
(4)段标识(segment ID,SID)(4) Segment ID (segment ID, SID)
SID是SR的核心要素。在[RFC8402 Segment Routing Architecture]中,将段(segment)定义为下面的语义:A segment can represent any instruction,topological or service based(一个SID能表示任意拓扑、指令或服务)。SID用来标识唯一的段。SRv6中SID是IPv6地址形式,通常也可以称为SRv6 SID(Segment Identifier)。SID is the core element of SR. In [RFC8402 Segment Routing Architecture], a segment is defined as the following semantics: A segment can represent any instruction, topological or service based (a SID can represent any topology, instruction or service). SID is used to identify a unique segment. The SID in SRv6 is in the form of an IPv6 address, and it is usually called SRv6 SID (Segment Identifier).
(5)SRv6 SID(5) SRv6 SIDs
SRv6 SID具有IPv6地址的形式,可以认为是一个IPv6地址。SRv6 SID的长度是128比特。图2是SRv6 SID的示意图。如图2所示,SRv6 SID包括三个部分:位置标识(locator)、功能(function)和参数(arguments,args)。locator占据SRv6 SID的高比特位,args占据SRv6SID的低比特位,function占据SRv6 SID的其它比特位。locator用于定位至发布SRv6 SID的节点。一个locator代表一个IPv6网段,该网段下的IPv6地址可作为SRv6 SID分配。function代表设备的指令,这些指令在设备上预先设定,function部分用于指示SRv6 SID的发布节点进行相应的功能操作。args是可选参数,可以定义一些报文的流和服务等信息。The SRv6 SID has the form of an IPv6 address and can be considered as an IPv6 address. The length of SRv6 SID is 128 bits. Figure 2 is a schematic diagram of an SRv6 SID. As shown in Figure 2, the SRv6 SID includes three parts: location identifier (locator), function (function) and parameters (arguments, args). The locator occupies the high bit of the SRv6 SID, the args occupies the low bit of the SRv6 SID, and the function occupies the other bits of the SRv6 SID. The locator is used to locate the node that issued the SRv6 SID. A locator represents an IPv6 network segment, and the IPv6 addresses under this network segment can be allocated as SRv6 SIDs. function represents the instructions of the device, which are pre-set on the device, and the function part is used to instruct the issuing node of the SRv6 SID to perform corresponding functional operations. args is an optional parameter, which can define information such as flow and service of some packets.
根据SRv6 SID的功能的不同,SRv6 SID包括End SID、End.X SID和End.DT4 SID等。End SID用于标识网络中的某个目的地址前缀;End.X SID用于标识网络中的某条链路;End.DT4 SID表示服务商边缘(provider edge,PE)类型的尾节点(Endpoint)SID,用于标识网络中某个IPv4VPN实例。End.DT4 SID对应的转发动作是解封装报文,并且查找IPv4VPN实例路由表转发。End.DT4 SID可以通过静态配置生成,也可以通过BGP在Locator的动态SID范围内自动分配。According to the different functions of SRv6 SID, SRv6 SID includes End SID, End.X SID and End.DT4 SID, etc. End SID is used to identify a certain destination address prefix in the network; End.X SID is used to identify a certain link in the network; End.DT4 SID indicates the provider edge (PE) type end node (Endpoint) SID, used to identify an IPv4VPN instance in the network. The forwarding action corresponding to the End.DT4 SID is to decapsulate the packet, and search the routing table of the IPv4VPN instance for forwarding. The End.DT4 SID can be generated through static configuration, or automatically allocated within the dynamic SID range of Locator through BGP.
后文中提到的VPN SID属于二层VPN、三层VPN、公网等任一种SID,例如,EDN.DT4 SID、END.DX4 SID、END.DT6 SID、END.DX6 SID、End.DX2 SID和End.DT2U SID等。其中,End.DT6 SID表示PE类型的Endpoint SID,用于标识网络中的某个IPv6VPN实例。End.DX4 SID表示PE类型的三层交叉连接的Endpoint SID,用于标识网络中的某个IPv4用户边缘(customer edge,CE)。End.DX6 SID表示PE类型的三层交叉连接的Endpoint SID,用于标识网络中的某个IPv6 CE。End.DX2 SID表示二层交叉连接的Endpoint SID,用于标识一个端点。End.DT2U SID表示二层交叉连接且进行单播媒体访问控制(media access control,MAC)表查找功能的Endpoint SID,用于标识一个端点。The VPN SID mentioned later belongs to any kind of SID such as Layer 2 VPN, Layer 3 VPN, public network, etc., for example, EDN.DT4 SID, END.DX4 SID, END.DT6 SID, END.DX6 SID, End.DX2 SID and End.DT2U SID etc. Among them, End.DT6 SID represents the Endpoint SID of PE type, which is used to identify an IPv6VPN instance in the network. End.DX4 SID indicates the Endpoint SID of a PE-type Layer 3 cross-connect, which is used to identify an IPv4 user edge (customer edge, CE) in the network. End.DX6 SID indicates the Endpoint SID of PE-type Layer 3 cross-connection, which is used to identify an IPv6 CE in the network. End.DX2 SID indicates the Endpoint SID of the Layer 2 cross-connect, which is used to identify an endpoint. The End.DT2U SID represents the Endpoint SID for Layer 2 cross-connection and unicast media access control (media access control, MAC) table lookup function, which is used to identify an endpoint.
(6)SR隧道(6) SR tunnel
SR隧道是从头节点至尾节点的一个虚拟的点对点连接。头节点对IPv6报文进行封装,使封装后的报文在开启IPv6SR功能的网络中传输至尾节点。封装后的报文在网络中传输的路径称为是SR隧道。An SR tunnel is a virtual point-to-point connection from the head node to the tail node. The head node encapsulates the IPv6 message, so that the encapsulated message is transmitted to the tail node in the network with the IPv6SR function enabled. The path through which encapsulated packets are transmitted on the network is called an SR tunnel.
其中,SR隧道包括SRv6 BE隧道和SRv6 Policy隧道等。SRv6 Policy隧道也可以称为是SRv6流量工程(traffic engineering,TE)Policy隧道。Among them, SR tunnels include SRv6 BE tunnels and SRv6 Policy tunnels. An SRv6 Policy tunnel can also be called an SRv6 traffic engineering (traffic engineering, TE) Policy tunnel.
SRv6 BE隧道是通过发布位置标识(locator)网段,SRv6中的节点按照最短路径优先算法计算到达locator网段的最优路由。该最优路由对应的路径为SRv6 BE隧道。可选的,在发布locator网段时,在一个自治域内可以使用内部网关协议(interior gateway protocol,IGP),在不同自治域间可以使用EBGP。The SRv6 BE tunnel publishes the location identification (locator) network segment, and the nodes in SRv6 calculate the optimal route to the locator network segment according to the shortest path first algorithm. The path corresponding to the optimal route is an SRv6 BE tunnel. Optionally, when publishing the locator network segment, an interior gateway protocol (interior gateway protocol, IGP) can be used within an autonomous domain, and EBGP can be used between different autonomous domains.
SRv6 Policy隧道是在SRv6技术基础上发展的一种新的隧道引流技术,SRv6 Policy隧道的路径为表示为指定路径的SID列表(Segment List)。每个SID列表是从头节点至尾节点的端到端路径,并指示网络中经过的中间节点遵循指定的路径,而不是遵循计算的最短路径。SRv6 Policy隧道包括三个部分:头节点、着色或颜色(color)参数和尾节点。头节点为SRv6Policy隧道生成的节点;color参数为SRv6 Policy隧道携带的扩展团体属性;尾节点为SRv6Policy隧道的末端节点。color参数定义了应用级的服务等级协议(service-level agreement,SLA)策略,能够基于特定业务SLA规划传输路径。一个SRv6 Policy隧道可以包含多个候 选路径(candidate path)。候选路径携带优先级属性。优先级最高的有效候选路径作为SRv6 Policy隧道的主路径。一个候选路径可以包含多个Segment List,每个Segment List携带权重(Weight)属性。多个Segment List之间可以形成负载分担。SRv6 Policy tunnel is a new tunnel diversion technology developed on the basis of SRv6 technology. The path of SRv6 Policy tunnel is a SID list (Segment List) represented as a specified path. Each SID list is an end-to-end path from the head node to the tail node, and instructs passing intermediate nodes in the network to follow the specified path instead of following the calculated shortest path. An SRv6 Policy tunnel consists of three parts: a head node, a coloring or color (color) parameter, and a tail node. The head node is the node generated by the SRv6Policy tunnel; the color parameter is the extended community attribute carried by the SRv6 Policy tunnel; the tail node is the end node of the SRv6Policy tunnel. The color parameter defines an application-level service-level agreement (SLA) policy, which can plan transmission paths based on specific business SLAs. An SRv6 Policy tunnel can contain multiple candidate paths. Candidate paths carry a priority attribute. The valid candidate path with the highest priority is used as the primary path of the SRv6 Policy tunnel. A candidate path can contain multiple Segment Lists, and each Segment List carries a Weight attribute. Load sharing can be formed between multiple Segment Lists.
(7)本地SID表(local SID table)(7) Local SID table (local SID table)
本地SID表是使能SRv6的节点会维护的一个表。本地SID表用于保存本节点生成的SRv6 SID以及SRv6 SID关联的信息。例如,本地SID表包括SRv6 SID、SID类型以及SID绑定的出接口等、SRv6 SID关联的VPN实例(instance)等。The local SID table is a table maintained by SRv6-enabled nodes. The local SID table is used to save the SRv6 SID generated by this node and the information associated with the SRv6 SID. For example, the local SID table includes the SRv6 SID, the SID type, the outgoing interface bound to the SID, and the VPN instance (instance) associated with the SRv6 SID.
(8)VPN路由转发(virtual routing forwarding,VRF)(8) VPN routing forwarding (virtual routing forwarding, VRF)
VRF也可以称为是VPN实例。VPN实例是PE为直接相连的站点(site)建立并维护的一个专门实体。每个site在PE上都有自己的VPN实例,每个VPN实例包含到一个或多个该PE直接相连的CE的路由和转发表。在本申请实施例中,VRF可以是二层VPN实例、三层VPN实例等。A VRF can also be called a VPN instance. A VPN instance is a special entity established and maintained by PEs for directly connected sites. Each site has its own VPN instance on the PE, and each VPN instance contains routing and forwarding tables to one or more CEs directly connected to the PE. In this embodiment of the application, the VRF may be a Layer 2 VPN instance, a Layer 3 VPN instance, or the like.
下面描述本申请实施例的相关技术。The related technologies of the embodiments of the present application are described below.
随着网络规模越来越大,互联网被分为多个自治域,不同的自治域之间需要扩散VPN路由信息。在一种实现中,不同的自治域之间运行MP-EBGP。自治域中的边缘路由设备通过MP-EBGP将该自治域内所有的VPN路由信息发布给另一个自治域的边缘路由设备。该另一个自治域中的边缘路由设备为接收到的VPN路由信息重新分配标签,并在自身所在的自治域内进行通告。As the network scale increases, the Internet is divided into multiple autonomous domains, and VPN routing information needs to be diffused among different autonomous domains. In one implementation, MP-EBGP runs between different autonomous domains. An edge routing device in an autonomous domain advertises all VPN routing information in the autonomous domain to an edge routing device in another autonomous domain through MP-EBGP. The edge routing device in the other autonomous domain redistributes a label for the received VPN routing information, and advertises it in the autonomous domain where it is located.
例如,图3是两个自治域发布VPN路由信息和转发报文的示意图。如图3所示,假设网络中存在两个自治域,即自治域1和自治域2,自治域1包括自治***边界路由器(autonomous system border router,ASBR)1、接入路由器(access router,ACC)1和ASBR2等,自治域2包括ASBR3、ASBR4、PE1和PE2等。ACC1连接有CE1,PE1和PE2连接有CE2,CE2的地址为2.2.2.2。在当前的选项(option)B中,PE1向ASBR3发送CE2的VPN路由后,VPN路由包括CE2的地址、下一跳和标签L1,该下一跳为PE1。ASBR3修改下一跳为ASBR3,并交换标签L1为标签L2,ASBR3将VPN路由发送给ASBR1,ASBR1修改下一跳为ASBR1,并交换标签L2为标签L3。ASBR1将该VPN路由在自治域1内扩散。这样,后续传输报文时,在ASBR1收到ACC1发送的报文(该报文发往CE2)后,将标签L3交换为标签L2,发送给ASBR3。ASBR3接收到ASBR1发送的报文后,将标签L2交换为标签L1。ASBR3将交换标签的报文发送给PE1,PE1弹出标签L1,基于CE2的地址,将报文发送给CE2,在图3中仅示出了报文的部分内容。这样,各个自治域的边缘路由设备为所有VPN路由信息分配标签,会使得进行报文转发时也需要进行标签交换,处理复杂度高。For example, FIG. 3 is a schematic diagram of two autonomous domains publishing VPN routing information and forwarding packets. As shown in Figure 3, it is assumed that there are two autonomous domains in the network, that is, autonomous domain 1 and autonomous domain 2, and autonomous domain 1 includes autonomous system border router (autonomous system border router, ASBR) 1, access router (access router, ACC )1 and ASBR2, and autonomous domain 2 includes ASBR3, ASBR4, PE1, and PE2. ACC1 is connected to CE1, PE1 and PE2 are connected to CE2, and the address of CE2 is 2.2.2.2. In the current option (option) B, after PE1 sends CE2's VPN route to ASBR3, the VPN route includes CE2's address, next hop and label L1, and the next hop is PE1. ASBR3 modifies the next hop to ASBR3 and switches label L1 to label L2. ASBR3 sends the VPN route to ASBR1. ASBR1 modifies the next hop to ASBR1 and switches label L2 to label L3. ASBR1 diffuses the VPN route in AS1. In this way, when transmitting packets subsequently, after ASBR1 receives the packet sent by ACC1 (the packet is sent to CE2), it exchanges label L3 for label L2 and sends it to ASBR3. After receiving the packet sent by ASBR1, ASBR3 switches label L2 to label L1. ASBR3 sends the message for exchanging labels to PE1, PE1 pops out the label L1, and based on the address of CE2, sends the message to CE2. Only part of the message is shown in FIG. 3 . In this way, edge routing devices in each autonomous domain assign labels to all VPN routing information, which also requires label switching when forwarding packets, and the processing complexity is high.
在另一种实现中,在option A中,对于一个需要跨自治域的VPN客户(VPN-A),需要在所在自治域的ASBR上配置一个相同的VPN-A。一个自治域的ASBR将对端的ASBR看作是自己的CE设备。这样,对于两个自治域而言,就是运行在一个自治域内的多协议标签交换(multi-protocol label switching,MPLS)VPN业务一样,先将自治域内的VPN路由扩散到该自治域的ASBR,该ASBR再将VPN路由扩散到另一个自治域的ASBR。该另一个自治域的ASBR收到VPN路由后,将该VPN路由在自治域内扩散。这样就实现了两个自治域的VPN路由的互通。在option A中,由于自治域中的ASBR需要管理所有的VPN路由,为每个VPN创建VPN实例,会导致ASBR上的VPN实例过多。而且由于ASBR之间是普通 的IP转发,要求为每个跨自治域的VPN使用不同的接口,对ASBR的要求比较高。而且若VPN要跨多个自治域,中间的自治域必须支持VPN,配置较大。另外,报文传输也不是端到端。In another implementation, in option A, for a VPN client (VPN-A) that needs to cross autonomous domains, the same VPN-A needs to be configured on the ASBR in the autonomous domain. An ASBR in an autonomous domain regards the peer ASBR as its own CE device. In this way, for two autonomous domains, it is the same as the multi-protocol label switching (multi-protocol label switching, MPLS) VPN service running in one autonomous domain. The ASBR spreads the VPN route to another ASBR in the autonomous domain. After receiving the VPN route, the ASBR in the other autonomous domain diffuses the VPN route in the autonomous domain. In this way, the intercommunication of the VPN routes of the two autonomous domains is realized. In option A, since the ASBR in the autonomous domain needs to manage all VPN routes, creating a VPN instance for each VPN will result in too many VPN instances on the ASBR. Moreover, since the common IP forwarding between ASBRs requires different interfaces for each inter-autonomous domain VPN, the requirements for ASBRs are relatively high. Moreover, if the VPN needs to span multiple autonomous domains, the intermediate autonomous domain must support VPN, and the configuration is relatively large. In addition, packet transmission is not end-to-end.
本申请实施例中,使用SRv6中的VPN SID作为标签,在自治域间发布VPN路由时,不修改VPN SID,也就是说不进行标签交换,优化option B中VPN路由的发布方式以及报文的转发方式。而且自治域中的边缘路由设备不需要将另一个自治域的ASBR看作是自己的CE,所以也不需要为每个VPN创建VPN实例。而且由于在报文转发时,VPN SID是端到端携带,所以相比option A能够实现业务端到端。另外,采用本申请实施例,各自治域可按照各自治域的策略灵活控制。In the embodiment of this application, the VPN SID in SRv6 is used as the label, and the VPN SID is not modified when the VPN route is released between autonomous domains, that is to say, the label exchange is not performed, and the method of publishing the VPN route in option B and the size of the message are optimized. forwarding method. Moreover, the edge routing device in an autonomous domain does not need to regard the ASBR of another autonomous domain as its own CE, so it does not need to create a VPN instance for each VPN. And because the VPN SID is carried end-to-end when the message is forwarded, compared with option A, the service can be realized end-to-end. In addition, by adopting the embodiment of the present application, each autonomous domain can be flexibly controlled according to the policy of each autonomous domain.
下面描述本申请实施例的执行主体。The execution subject of the embodiment of the present application is described below.
本申请提供了一种转发报文的方法,该方法的执行主体可以是第一自治域的第一节点或者第二自治域的第二节点。第一节点可以是第一自治域的边缘路由设备,如ASBR、PE、汇聚(aggregation,AGG)节点等。第二节点可以是第二自治域的边缘路由设备,如ASBR、PE、城域核心(metro core,MC)等。The present application provides a method for forwarding messages, and the execution subject of the method may be a first node in a first autonomous domain or a second node in a second autonomous domain. The first node may be an edge routing device of the first autonomous domain, such as an ASBR, a PE, an aggregation (aggregation, AGG) node, and the like. The second node may be an edge routing device of the second autonomous domain, such as ASBR, PE, metro core (metro core, MC) and so on.
本申请还提供了一种路由发布的方法,该方法的执行主体可以是第一自治域的第一节点或者第二自治域的第二节点。The present application also provides a method for route announcement, and the execution body of the method may be the first node in the first autonomous domain or the second node in the second autonomous domain.
本申请中提到的第一节点进行路由发布时,称为是路由发布设备,在进行报文转发时,可以称为是转发报文设备。同样第二节点进行路由发布时,称为是路由发布设备,在进行报文转发时,可以称为是转发报文设备。也就是说第一节点和第二节点为具有路由发布和转发报文功能的设备。The first node mentioned in this application is called a route publishing device when it advertises a route, and it may be called a message forwarding device when it forwards a message. Similarly, when the second node advertises a route, it is called a route advertising device, and when it forwards a message, it may be called a message forwarding device. That is to say, the first node and the second node are devices capable of advertising routes and forwarding messages.
下面描述本申请实施例的应用场景。The application scenarios of the embodiments of the present application are described below.
图4是一种示例性的应用场景。如图4所示,网络包括第一自治域和第二自治域。第一自治域与第二自治域相邻。第一自治域包括第一节点、连接CE1的ACC和一些其它节点,其它节点如AGG、PE等,其它节点在图4中未示出。第二自治域包括第二节点、连接CE2的第三节点和一些其它节点,其它节点如PE等,在第二自治域中第三节点与PE链路聚合。第一节点与第二节点之间有连接。Fig. 4 is an exemplary application scenario. As shown in Figure 4, the network includes a first autonomous domain and a second autonomous domain. The first autonomous domain is adjacent to the second autonomous domain. The first autonomous domain includes the first node, the ACC connected to CE1 and some other nodes, such as AGG, PE, etc. Other nodes are not shown in FIG. 4 . The second autonomous domain includes a second node, a third node connected to CE2 and some other nodes, such as PEs, etc. In the second autonomous domain, the link aggregation between the third node and PE. There is a connection between the first node and the second node.
图5是另一种示例性的应用场景。如图5所示,网络包括第一自治域、第二自治域和第三自治域。第一自治域与第二自治域相邻,第二自治域与第三自治域相邻。第一自治域包括第一节点、连接CE1的节点和一些其它节点,其它节点如ACC、AGG等,其它节点在图5中未示出。第二自治域包括第二节点、连接CE2的第三节点和一些其它节点,其它节点如PE等,在第二自治域中第三节点与PE链路聚合。第三自治域包括多个PE(PE1至PE2)。第一节点与PE1连接,PE2与第二节点连接。图5中仅示出第一自治域与第二自治域之间存在第三自治域,当然第一自治域与第二自治域之间存在多个自治域也能使用本申请的方案。Fig. 5 is another exemplary application scenario. As shown in FIG. 5 , the network includes a first autonomous domain, a second autonomous domain and a third autonomous domain. The first autonomous domain is adjacent to the second autonomous domain, and the second autonomous domain is adjacent to the third autonomous domain. The first autonomous domain includes a first node, a node connected to CE1 and some other nodes, such as ACC, AGG, etc., and other nodes are not shown in FIG. 5 . The second autonomous domain includes a second node, a third node connected to CE2 and some other nodes, such as PEs, etc. In the second autonomous domain, the link aggregation between the third node and PE. The third autonomous domain includes multiple PEs (PE1 to PE2). The first node is connected to PE1, and PE2 is connected to the second node. FIG. 5 only shows that there is a third autonomous domain between the first autonomous domain and the second autonomous domain. Of course, there are multiple autonomous domains between the first autonomous domain and the second autonomous domain, and the solution of this application can also be used.
需要说明的是,在图4和图5所示的应用场景中,第一自治域内和第二自治域内可以使用SRv6隧道传输报文,SRv6隧道为SRv6 policy隧道或者SRv6 BE隧道。It should be noted that in the application scenarios shown in Figure 4 and Figure 5, the first autonomous domain and the second autonomous domain can use SRv6 tunnels to transmit packets, and the SRv6 tunnels are SRv6 policy tunnels or SRv6 BE tunnels.
还需要说明的是,在图4和图5中所示的网络架构仅是一种示例,不能用以限制本申请实施例的应用场景。It should also be noted that the network architecture shown in FIG. 4 and FIG. 5 is only an example, and cannot be used to limit the application scenario of the embodiment of the present application.
接下来结合图4描述路由发布的方法流程,参见图6。在图6中以发布CE2的地址为例进行说明。Next, the flow of the route publishing method is described in conjunction with FIG. 4 , see FIG. 6 . In FIG. 6, the address of CE2 is issued as an example for illustration.
步骤S601,第二自治域的第三节点向第二节点发送第三路由消息,第二节点接收第三节点发送的第三路由消息,其中,第三路由消息中包括VPN SID、VPN SID关联的前缀地址和第三下一跳,第三下一跳为第三节点,第三路由消息用于发送去往前缀地址的报文。Step S601, the third node in the second autonomous domain sends a third routing message to the second node, and the second node receives the third routing message sent by the third node, wherein the third routing message includes the VPN SID and the information associated with the VPN SID A prefix address and a third next hop, where the third next hop is a third node, and the third routing message is used to send packets destined for the prefix address.
其中,前缀地址是CE2的地址,前缀地址也能称为是私网路由前缀等。Wherein, the prefix address is the address of CE2, and the prefix address can also be called a private network routing prefix and the like.
在本实施例中,第二自治域的第三节点连接有CE2,将CE2的前缀地址发布至第一自治域。第三节点生成VPN SID或者获取静态配置的VPN SID,将CE2的前缀地址和去往该前缀地址的出接口添加至VRF中,并在本地SID表添加VPN SID,将该VPN SID关联该VRF。第三节点通过BGP发送第三路由消息,第三路由消息包括CE2的前缀地址、第三下一跳和VPN SID,第三下一跳为第三节点。第二节点接收第三路由消息。In this embodiment, the third node in the second autonomous domain is connected to CE2, and advertises the prefix address of CE2 to the first autonomous domain. The third node generates a VPN SID or obtains a statically configured VPN SID, adds the prefix address of CE2 and the outgoing interface to the prefix address to the VRF, adds the VPN SID to the local SID table, and associates the VPN SID with the VRF. The third node sends the third routing message through BGP, the third routing message includes the prefix address of CE2, the third next hop and the VPN SID, and the third next hop is the third node. The second node receives the third routing message.
可选地,第三节点与第二节点是BGP邻居,第三节点通过BGP向第二节点发送第三路由消息。第二节点接收第三节点通过BGP发送的第三路由消息。Optionally, the third node and the second node are BGP neighbors, and the third node sends the third routing message to the second node through BGP. The second node receives the third routing message sent by the third node through BGP.
可选地,第三节点与第二节点均连接有路由反射器(route reflector,RR)1。第三节点向第二节点发送第三路由消息时,第三节点向RR1发送第三路由消息,RR1向第二节点发送第三路由消息。第二节点接收RR1发送的第三路由消息。Optionally, both the third node and the second node are connected to a route reflector (route reflector, RR) 1. When the third node sends the third routing message to the second node, the third node sends the third routing message to RR1, and RR1 sends the third routing message to the second node. The second node receives the third routing message sent by RR1.
可选地,第二节点上创建有路由表,该路由表可以是VPN SID路由表。该路由表中包括VPN SID字段、下一跳字段等。在第二自治域中,若第三节点与第二节点之间是SRv6 BE隧道,则第二节点将VPN SID和第三下一跳对应添加至路由表中。在第二自治域中,若第三节点与第二节点之间是SRv6 policy隧道,第三路由消息中还包括color参数,该color参数是第二自治域内第三节点上配置的color参数。第二节点将VPN SID、第三下一跳和color参数对应添加至路由表中。另外,在添加至路由表时,还可以对应添加第三路由消息中的前缀地址。Optionally, a routing table is created on the second node, and the routing table may be a VPN SID routing table. The routing table includes VPN SID field, next hop field, etc. In the second autonomous domain, if there is an SRv6 BE tunnel between the third node and the second node, the second node correspondingly adds the VPN SID and the third next hop to the routing table. In the second autonomous domain, if there is an SRv6 policy tunnel between the third node and the second node, the third routing message also includes a color parameter, which is the color parameter configured on the third node in the second autonomous domain. The second node correspondingly adds the VPN SID, the third next hop and the color parameter to the routing table. In addition, when adding to the routing table, the prefix address in the third routing message can also be correspondingly added.
需要说明的是,在第三路由消息包括color参数的情况下,第三节点上的color参数是静态配置的,或者第二自治域连接有控制器,该控制器为第三节点配置color参数。It should be noted that, when the third routing message includes the color parameter, the color parameter on the third node is statically configured, or the second autonomous domain is connected to a controller, and the controller configures the color parameter for the third node.
步骤S602,第二节点获得第一路由消息,其中,第一路由消息包括VPN SID、前缀地址和第一下一跳,第一下一跳为第二节点,第一路由消息中的VPN SID与第三路由消息中的VPN SID相同。Step S602, the second node obtains a first routing message, wherein the first routing message includes a VPN SID, a prefix address and a first next hop, the first next hop is the second node, the VPN SID in the first routing message and The VPN SID in the third routing message is the same.
其中,第一路由消息中的VPN SID与第三路由消息中的VPN SID相同表示第一路由消息中的VPN SID的值与第三路由消息中的VPN SID的值相同,即在路由发布时VPN SID未修改。Wherein, the VPN SID in the first routing message is the same as the VPN SID in the third routing message, indicating that the value of the VPN SID in the first routing message is the same as the value of the VPN SID in the third routing message, that is, VPN The SID is not modified.
在本实施例中,第二节点接收到第三路由消息后,将第三路由消息中的第三下一跳修改为第一下一跳(第一下一跳为第二节点),获得第一路由消息;或者第二节点接收到第三路由消息后,从第三路由消息中获得前缀地址、VPN SID,然后生成第一路由消息,第一路由消息包括VPN SID、前缀地址和第一下一跳。In this embodiment, after the second node receives the third routing message, it modifies the third next hop in the third routing message to the first next hop (the first next hop is the second node), and obtains the A routing message; or after the second node receives the third routing message, it obtains the prefix address and VPN SID from the third routing message, and then generates the first routing message, and the first routing message includes the VPN SID, the prefix address and the first routing message. one jump.
步骤S603,第二节点向第一自治域的第一节点发送第一路由消息。Step S603, the second node sends a first routing message to the first node in the first autonomous domain.
其中,第一节点为第一自治域的边缘路由设备,第一路由消息用于发送去往前缀地址的报文。Wherein, the first node is an edge routing device of the first autonomous domain, and the first routing message is used to send a message destined for the prefix address.
在本实施例中,第二节点向第一自治域的第一节点发送第一路由消息,该第一路由消息用于发送去往第一路由消息中的前缀地址的报文。In this embodiment, the second node sends a first routing message to the first node in the first autonomous domain, where the first routing message is used to send a packet destined for the prefix address in the first routing message.
可选地,第二节点与第一节点之间建立有EBGP邻居。第二节点通过EBGP向第一节点发送第一路由消息。Optionally, an EBGP neighbor relationship is established between the second node and the first node. The second node sends the first routing message to the first node through EBGP.
可选地,第二节点与第一节点均连接路由反射器RR2。第二节点向第一节点发送第一路由消息时,第二节点向RR2发送第一路由消息。RR2向第一节点发送第一路由消息。第一节点接收RR2发送的第一路由消息。Optionally, both the second node and the first node are connected to the route reflector RR2. When the second node sends the first routing message to the first node, the second node sends the first routing message to RR2. RR2 sends the first routing message to the first node. The first node receives the first routing message sent by RR2.
步骤S604,第一节点接收第二自治域的第二节点发送的第一路由消息,其中,第二节点为边缘路由设备,第一路由消息中包括VPN SID、VPN SID关联的前缀地址和第一下一跳,第一下一跳为第二节点,第一路由消息用于发送去往前缀地址的报文。Step S604, the first node receives the first routing message sent by the second node in the second autonomous domain, wherein the second node is an edge routing device, and the first routing message includes the VPN SID, the prefix address associated with the VPN SID, and the first routing message. The next hop, the first next hop is the second node, and the first routing message is used to send a message destined for the prefix address.
可选地,在步骤S604中,第一节点通过EBGP接收第二节点发送的第一路由消息。Optionally, in step S604, the first node receives the first routing message sent by the second node through EBGP.
可选地,第一节点上创建有路由表,该路由表可以是VPN SID路由表。该路由表中包括VPN SID字段、下一跳字段等。第一节点将第一路由消息中的VPN SID和第一下一跳对应添加至路由表中。另外,在添加至路由表时,第一节点还可以对应添加第一路由消息中的前缀地址。Optionally, a routing table is created on the first node, and the routing table may be a VPN SID routing table. The routing table includes VPN SID field, next hop field, etc. The first node correspondingly adds the VPN SID and the first next hop in the first routing message to the routing table. In addition, when adding to the routing table, the first node may also correspondingly add the prefix address in the first routing message.
步骤S605,第一节点获得第二路由消息,第二路由消息包括VPN SID、前缀地址和第二下一跳,第二下一跳为第一节点,第一路由消息中的VPN SID与第二路由消息中的VPN SID相同。Step S605, the first node obtains the second routing message, the second routing message includes VPN SID, prefix address and second next hop, the second next hop is the first node, the VPN SID in the first routing message and the second Same VPN SID in routing messages.
其中,第一路由消息中的VPN SID与第二路由消息中的VPN SID相同表示第一路由消息中的VPN SID的值与第二路由消息中的VPN SID的值相同,即在路由发布时VPN SID未修改。Wherein, the VPN SID in the first routing message is the same as the VPN SID in the second routing message, indicating that the value of the VPN SID in the first routing message is the same as the value of the VPN SID in the second routing message, that is, the VPN The SID is not modified.
在本实施例中,第一节点接收到第一路由消息后,将第一路由消息中的第一下一跳修改为第二下一跳(第二下一跳为第一节点),获得第二路由消息;或者第一节点接收到第一路由消息后,从第一路由消息中获得前缀地址、VPN SID,然后生成第二路由消息,第二路由消息包括VPN SID、前缀地址和第二下一跳。In this embodiment, after the first node receives the first routing message, it modifies the first next hop in the first routing message to the second next hop (the second next hop is the first node), and obtains the first routing message. Two routing messages; or after the first node receives the first routing message, it obtains the prefix address and VPN SID from the first routing message, and then generates the second routing message, and the second routing message includes the VPN SID, the prefix address and the second routing message. one jump.
步骤S606,第一节点在第一自治域通告第二路由消息,第二路由消息用于发送去往前缀地址的报文。In step S606, the first node advertises a second routing message in the first autonomous domain, and the second routing message is used to send packets destined for the prefix address.
在本实施例中,第一节点获得第二路由消息后,第一节点在第一自治域中通告第二路由消息,使得第二路由消息在第一自治域中扩散。这样,第一自治域就存在到达前缀地址的路由。In this embodiment, after the first node obtains the second routing message, the first node advertises the second routing message in the first autonomous domain, so that the second routing message is diffused in the first autonomous domain. In this way, there is a route to the prefix address in the first autonomous domain.
可选地,第一节点与ACC建立有BGP邻居,第一节点通过BGP向ACC发送第二路由消息。或者,第一节点与第一自治域的ACC均连接RR3,第一节点向RR3发送第二路由消息。RR3向ACC发送第二路由消息。这样,ACC接收到第二路由消息,ACC将前缀地址、VPN SID、下一跳加入到VRF的转发表。另外,ACC将前缀地址通告给连接的CE1,使得CE1存储CE2的前缀地址。这样,后续CE1可以向CE2发送报文。Optionally, the first node establishes a BGP neighbor relationship with the ACC, and the first node sends the second routing message to the ACC through BGP. Alternatively, both the first node and the ACC of the first autonomous domain are connected to RR3, and the first node sends the second routing message to RR3. RR3 sends the second routing message to the ACC. In this way, the ACC receives the second routing message, and the ACC adds the prefix address, the VPN SID, and the next hop to the forwarding table of the VRF. In addition, the ACC advertises the prefix address to the connected CE1, so that CE1 stores the prefix address of CE2. In this way, CE1 can send packets to CE2 subsequently.
为了更好地理解图6的流程,结合图4给出了发布CE2的地址的示意图,参见图7,VPN SID在路由消息中作为标签。在图7中,CE2的前缀地址为2.2.2.2,VPN SID的值为VPN SID1。In order to better understand the process in Figure 6, a schematic diagram of issuing the address of CE2 is given in conjunction with Figure 4, see Figure 7, the VPN SID is used as a label in the routing message. In Figure 7, the prefix address of CE2 is 2.2.2.2, and the value of VPN SID is VPN SID1.
针对图6所示的流程,在第二自治域中,若第三节点与第二节点之间是SRv6 policy隧道,第三路由消息中还包括color参数,该color参数是第二自治域内第三节点上配置的color参数。在步骤606之前,若第一节点上配置的color参数与第一路由消息中的color参数不一致,第一节点将第二路由消息中的color参数修改为第一节点上配置的color参数。这样,第一自治域的ACC接收到第二路由消息后,在路由表中对应添加VPN SID、下一跳和该color 参数。这样,第一自治域的ACC获取到的color参数是属于第一自治域配置的。For the process shown in Figure 6, in the second autonomous domain, if there is an SRv6 policy tunnel between the third node and the second node, the third routing message also includes a color parameter, which is the color parameter of the third node in the second autonomous domain. The color parameter configured on the node. Before step 606, if the color parameter configured on the first node is inconsistent with the color parameter in the first routing message, the first node modifies the color parameter in the second routing message to the color parameter configured on the first node. In this way, after receiving the second routing message, the ACC in the first autonomous domain correspondingly adds the VPN SID, the next hop, and the color parameter in the routing table. In this way, the color parameter obtained by the ACC of the first autonomous domain belongs to the configuration of the first autonomous domain.
针对图6所示的流程,在第二自治域中,若第三节点与第二之间是SRv6 BE隧道,则第三路由消息中不包括color参数。第一节点接收到的第一路由消息中也不包括color参数。第一节点可以确定自身是否配置有color参数,若自身配置有color参数,则在第二路由消息中添加该color参数。ACC接收到第二路由消息后,在路由表中对应添加VPN SID、下一跳和该color参数。这样,第一自治域的ACC获取到的color参数是属于第一自治域内配置的。For the process shown in Figure 6, in the second autonomous domain, if the third node and the second autonomous domain are SRv6 BE tunnels, the third routing message does not include the color parameter. The color parameter is also not included in the first routing message received by the first node. The first node may determine whether it is configured with a color parameter, and if it is configured with a color parameter, add the color parameter in the second routing message. After receiving the second routing message, the ACC correspondingly adds the VPN SID, next hop and the color parameter in the routing table. In this way, the color parameter acquired by the ACC of the first autonomous domain belongs to the configuration in the first autonomous domain.
需要说明的是,在第二路由消息包括color参数的情况下,第一自治域连接有控制器。控制器向ACC下发SRv6 policy隧道的信息,该信息中指示SRv6 policy隧道的末端是第一节点、color参数和Segment List,该Segment List包括到达第一节点经过的节点的SID。这样,ACC去往第一节点的报文要叠加SRH,SRH包括控制器指示的Segment List。当然ACC中的SRv6 policy隧道的信息也可以是静态配置的。It should be noted that, in the case that the second routing message includes the color parameter, the first autonomous domain is connected to the controller. The controller sends information about the SRv6 policy tunnel to the ACC, which indicates that the end of the SRv6 policy tunnel is the first node, the color parameter, and the Segment List, which includes the SIDs of the nodes passing through to reach the first node. In this way, the message from the ACC to the first node needs to be superimposed on the SRH, and the SRH includes the Segment List indicated by the controller. Of course, the SRv6 policy tunnel information in the ACC can also be statically configured.
从图6所示的路由发布的方法流程可知,在VPN路由的发布过程中,VPN SID没有被修改,VPN SID是端到端的。It can be seen from the method flow of route distribution shown in Figure 6 that during the VPN route distribution process, the VPN SID is not modified, and the VPN SID is end-to-end.
图6的路由发布流程是以图4的应用场景为例进行说明,在应用于图5的场景时,若第三自治域使用SRv6 BE隧道,则第二节点向第一节点发送路由消息时,第一路由消息可以不经过第三自治域,如第一节点与第二节点之间建立EBGP邻居,直接发送第一路由消息,或者第一节点与第二节点均连接RR,通过RR发送第一路由消息。若第三自治域使用SRv6 policy隧道,则第一路由消息要经过第三自治域,在第一路由消息经过第三自治域时,仅修改下一跳,而不修改VPN SID。图8提供图5中发布CE2地址的过程,在图8中第三自治域使用SRv6 policy隧道,VPN SID在路由消息中作为标签。在图8中,CE2的前缀地址为2.2.2.2,VPN SID的值为VPN SID1。The route publishing process in Figure 6 is illustrated by taking the application scenario in Figure 4 as an example. When applied to the scenario in Figure 5, if the third autonomous domain uses the SRv6 BE tunnel, when the second node sends a routing message to the first node, The first routing message may not pass through the third autonomous domain. For example, if an EBGP neighbor relationship is established between the first node and the second node, the first routing message may be sent directly, or both the first node and the second node are connected to the RR, and the first routing message is sent through the RR. Route messages. If the third autonomous domain uses the SRv6 policy tunnel, the first routing message must pass through the third autonomous domain. When the first routing message passes through the third autonomous domain, only the next hop is modified, and the VPN SID is not modified. Figure 8 provides the process of issuing the CE2 address in Figure 5. In Figure 8, the third autonomous domain uses the SRv6 policy tunnel, and the VPN SID is used as a label in the routing message. In Figure 8, the prefix address of CE2 is 2.2.2.2, and the value of VPN SID is VPN SID1.
接下来描述基于图6所示的发布路由的过程转发报文的流程,参见图9。图9依然是应用于图4的应用场景。在图9中,以CE1向CE2发送报文的过程中报文经过第一自治域的过程为例进行说明,参见步骤S901至步骤S903。Next, the flow of packet forwarding based on the process of publishing routes shown in FIG. 6 is described, see FIG. 9 . FIG. 9 is still the application scenario applied to FIG. 4 . In FIG. 9 , the process of sending a message from CE1 to CE2 is taken as an example for illustration, see step S901 to step S903 .
步骤S901,第一节点接收第一报文,其中,第一报文包括VPN SID,第一报文为去往VPN SID关联的前缀地址的SRV6报文。Step S901, the first node receives a first packet, wherein the first packet includes a VPN SID, and the first packet is an SRV6 packet destined for a prefix address associated with the VPN SID.
在本实施例中,CE1向CE2发送报文时,生成一个发送给CE2的IP报文,该IP报文的目的地址为CE2的前缀地址。该IP报文可以是IPv4报文,也可以是IPv6报文等,本申请实施例以IP报文为IPv4报文为例进行说明。CE1向ACC发送IP报文。ACC从绑定了VRF的接口上接收到IP报文。ACC向第一节点提供第一报文。此处第一节点接收第一报文的方式有多种如下提供三种可行的方式,见方式一至方式三。In this embodiment, when CE1 sends a message to CE2, it generates an IP message sent to CE2, and the destination address of the IP message is the prefix address of CE2. The IP packet may be an IPv4 packet, or an IPv6 packet, etc., and the embodiment of the present application uses an IPv4 packet as an example for illustration. CE1 sends an IP packet to the ACC. The ACC receives IP packets from the interface bound to the VRF. The ACC provides the first packet to the first node. Here, there are multiple ways for the first node to receive the first message. Three feasible ways are provided as follows, see ways 1 to 3.
方式一,第一节点通过SRv6 BE隧道接收第一报文。Mode 1, the first node receives the first packet through the SRv6 BE tunnel.
在方式一中,ACC在VRF的转发表中,匹配IP报文的前缀地址,查找到关联的VPN SID以及下一跳。此处ACC与第一节点之间若使用SRv6 BE隧道,则ACC直接将VPN SID,作为目的地址。ACC为IP报文封装IPv6报文头,IPv6报文头中的目的地址为VPN SID,源IP地址为ACC的SID。此处IP报文封装IPv6报文头后,生成第一报文。ACC按照最长匹配原则,确定VPN SID匹配到的路由。ACC按照该路由向外发送,直到第一报文到达第一节点。此处需要说明的是,从ACC至第一节点所经过的各个节点均是按照最长匹配原则,确定VPN SID匹配到的路由。In method 1, the ACC matches the prefix address of the IP packet in the forwarding table of the VRF, and finds the associated VPN SID and next hop. Here, if the SRv6 BE tunnel is used between the ACC and the first node, the ACC directly uses the VPN SID as the destination address. The ACC encapsulates the IPv6 packet header for the IP packet. The destination address in the IPv6 packet header is the VPN SID, and the source IP address is the SID of the ACC. Here, after the IPv6 packet header is encapsulated in the IP packet, the first packet is generated. ACC determines the route matched by the VPN SID according to the longest match principle. The ACC sends outwards according to the route until the first packet reaches the first node. What needs to be explained here is that each node that passes through from the ACC to the first node determines the route matched by the VPN SID according to the longest match principle.
方式二,第一节点通过SRv6 policy隧道接收第一报文。Mode 2, the first node receives the first message through the SRv6 policy tunnel.
在方式二中,ACC在VRF的转发表中,匹配IP报文的前缀地址,查找到关联的VPN SID,基于VPN SID对应的color参数和下一跳,确定color参数和下一跳关联的SRv6 policy隧道信息,此处下一跳为第一节点。SRv6 policy隧道信息包括去往第一节点的Segment List,Segment List包括ACC。ACC在IP报文的外层封装SRH和IPv6基本头,获得封装后的报文。SRH包括Segment List和VPN SID,VPN SID位于Segment List中的Segment List[0]。封装后报文会按照Segment List指定的路径被转发至第一节点。其中,封装后的报文经过尾节点(endpoint)节点时,检查SRH中的SL值,若SL大于0,则将SL值减去1,将IPv6基本头中的目的地址更新为SL指示的地址,根据IPv6基本头中的目的地址查找路由表进行转发;若SL等于0,则将IPv6基本头中的目的地址更新为SL指示的地址,并弹出SRH,根据IPv6基本头中的目的地址查找路由表进行转发。第一节点接收到的第一报文包括IPv6基本头和SRH,IPv6基本头包括的目的地址为第一节点的SID,SRH中SL等于0,SRH中Segment List仅包括VPN SID。In method 2, the ACC matches the prefix address of the IP packet in the forwarding table of the VRF, finds the associated VPN SID, and determines the SRv6 associated with the color parameter and the next hop based on the color parameter and the next hop corresponding to the VPN SID. Policy tunnel information, where the next hop is the first node. The SRv6 policy tunnel information includes the Segment List to the first node, and the Segment List includes ACC. The ACC encapsulates the SRH and the basic IPv6 header in the outer layer of the IP packet to obtain the encapsulated packet. SRH includes Segment List and VPN SID, and VPN SID is located in Segment List[0] in Segment List. After encapsulation, the packet will be forwarded to the first node according to the path specified by the Segment List. Among them, when the encapsulated message passes through the tail node (endpoint) node, check the SL value in SRH, if SL is greater than 0, then subtract 1 from the SL value, and update the destination address in the IPv6 basic header to the address indicated by SL , look up the routing table according to the destination address in the IPv6 basic header to forward; if SL is equal to 0, update the destination address in the IPv6 basic header to the address indicated by SL, and pop up the SRH, and search for the route according to the destination address in the IPv6 basic header The table is forwarded. The first message received by the first node includes an IPv6 basic header and SRH, the destination address included in the IPv6 basic header is the SID of the first node, SL in the SRH is equal to 0, and the Segment List in the SRH only includes the VPN SID.
方式三,第一节点通过SRv6 policy隧道和直连链路接收第一报文。ACC与第一节点的前一节点之间是SRv6 policy隧道,直连链路为该前一节点与第一节点之间的链路。Mode 3, the first node receives the first message through the SRv6 policy tunnel and the direct link. There is an SRv6 policy tunnel between the ACC and the previous node of the first node, and the direct link is the link between the previous node and the first node.
在方式三中,ACC在VRF的转发表中,匹配IP报文的前缀地址,查找到关联的VPN SID,基于VPN SID对应的color参数和下一跳,确定color参数和下一跳关联的SRv6 policy隧道信息,此处下一跳为第一节点。SRv6 policy隧道信息包括去往第一节点的前一节点的Segment List,Segment List包括ACC。ACC在IP报文的外层封装SRH和IPv6基本头,获得封装后的报文。SRH包括Segment List和VPN SID,VPN SID位于Segment List中的Segment List[0]。封装后报文会按照Segment List指定的路径被转发至第一节点的前一节点。第一节点的前一节点将IPv6基本头中的目的地址更新为SL指示的地址,并弹出SRH,此时得到第一报文。第一报文包括IPv6基本头和IP报文,IPv6基本头中的目的地址为VPN SID。第一节点的前一节点通过直连链路向第一节点发送第一报文。In method 3, the ACC matches the prefix address of the IP packet in the forwarding table of the VRF, finds the associated VPN SID, and determines the SRv6 associated with the color parameter and the next hop based on the color parameter and the next hop corresponding to the VPN SID. Policy tunnel information, where the next hop is the first node. The SRv6 policy tunnel information includes the Segment List of the previous node to the first node, and the Segment List includes ACC. The ACC encapsulates the SRH and the basic IPv6 header in the outer layer of the IP packet to obtain the encapsulated packet. SRH includes Segment List and VPN SID, and VPN SID is located in Segment List[0] in Segment List. After encapsulation, the packet will be forwarded to the node preceding the first node according to the path specified by the Segment List. The node preceding the first node updates the destination address in the IPv6 basic header to the address indicated by the SL, and pops up the SRH, and obtains the first packet at this time. The first message includes an IPv6 basic header and an IP packet, and the destination address in the IPv6 basic header is a VPN SID. The node preceding the first node sends the first packet to the first node through the direct link.
步骤S902,第一节点基于VPN SID确定下一跳,其中,下一跳是第二自治域的第二节点,第二节点是第二自治域的边缘路由设备。Step S902, the first node determines a next hop based on the VPN SID, wherein the next hop is a second node in the second autonomous domain, and the second node is an edge routing device in the second autonomous domain.
在本实施例中,通过图6所示的流程可知,第一节点上建立有包括VPN SID的路由表。第一节点在该路由表中,确定VPN SID对应的下一跳。该下一跳为第二自治域的第二节点。In this embodiment, it can be seen from the flow shown in FIG. 6 that a routing table including the VPN SID is established on the first node. The first node determines the next hop corresponding to the VPN SID in the routing table. The next hop is the second node in the second autonomous domain.
步骤S903,第一节点基于下一跳,发送第一报文,其中,发送的第一报文中包括的VPN SID与接收到的第一报文中包括的VPN SID相同。在发送的第一报文中,IPv6报文头中的目的地址字段包括VPN SID。Step S903, the first node sends a first packet based on the next hop, wherein the VPN SID included in the sent first packet is the same as the VPN SID included in the received first packet. In the first message sent, the destination address field in the IPv6 message header includes the VPN SID.
其中,IPv6报文头为IPv6基本头。Wherein, the IPv6 packet header is an IPv6 basic header.
在本实施例中,第一节点使用下一跳,确定该下一跳对应的出接口。第一节点通过该出接口发送第一报文。在发送的第一报文中,IPv6报头中的目的地址字段包括VPN SID,说明在第一节点上未进行标签交换,所以可以简化处理。In this embodiment, the first node uses the next hop to determine the outbound interface corresponding to the next hop. The first node sends the first packet through the outbound interface. In the first message sent, the destination address field in the IPv6 header includes the VPN SID, indicating that label switching is not performed on the first node, so the processing can be simplified.
在步骤S903中需要说明的是,步骤S901中采用不同的方式接收第一报文,步骤S903中第一节点发送的第一报文的报文头有可能不一样。具体如下:It should be noted in step S903 that different methods are used to receive the first message in step S901, and the message header of the first message sent by the first node in step S903 may be different. details as follows:
若步骤S901中采用方式一或者采用方式三,则第一节点直接将接收自ACC的第一报文进行发送。If mode 1 or mode 3 is adopted in step S901, the first node directly sends the first message received from the ACC.
若步骤S901中采用方式二,则第一节点接收到的第一报文包括IPv6基本头和SRH,SRH中SL等于0,SRH中Segment List仅包括VPN SID。第一节点将IPv6基本头中的目的地址更新为Segment List中的VPN SID,将第一报文的SRH弹出。此时第一报文包括IPv6基本头和CE1发送的IP报文。此处第一节点做的处理仅是修改报文头,所以也可以认为第一节点还是发送第一报文。If mode 2 is adopted in step S901, the first message received by the first node includes the IPv6 basic header and the SRH, the SL in the SRH is equal to 0, and the Segment List in the SRH only includes the VPN SID. The first node updates the destination address in the IPv6 basic header to the VPN SID in the Segment List, and ejects the SRH of the first message. At this time, the first packet includes the IPv6 basic header and the IP packet sent by CE1. Here, the processing performed by the first node is only to modify the packet header, so it can also be considered that the first node still sends the first packet.
图9所示的转发报文流程是应用于图4所示的应用场景。在图9所示的转发报文流程应用于图5所示的应用场景时,若第三自治域中转发第一报文使用SRv6 BE隧道,则在步骤S903中,第一报文被发往第三自治域,第三自治域的节点按照最长匹配原则,确定VPN SID匹配到的路由,按照该路由向第二自治域发送第一报文。若第三自治域中转发第一报文使用SRv6 policy隧道,则在步骤S902中,下一跳为第三自治域的PE1,在步骤S903中,第一报文会被发往PE1。在第三自治域中,PE1和PE2之间使用SRv6 policy隧道转发第一报文。PE2向第二节点发送第一报文。The packet forwarding process shown in FIG. 9 is applied to the application scenario shown in FIG. 4 . When the packet forwarding process shown in Figure 9 is applied to the application scenario shown in Figure 5, if the first packet is forwarded using the SRv6 BE tunnel in the third autonomous domain, then in step S903, the first packet is sent to In the third autonomous domain, the nodes in the third autonomous domain determine the route matched by the VPN SID according to the longest match principle, and send the first message to the second autonomous domain according to the route. If the SRv6 policy tunnel is used to forward the first message in the third autonomous domain, then in step S902, the next hop is PE1 in the third autonomous domain, and in step S903, the first message will be sent to PE1. In the third autonomous domain, the SRv6 policy tunnel is used between PE1 and PE2 to forward the first packet. PE2 sends the first packet to the second node.
在步骤S903中第一节点发送的第一报文会到达第二自治域的第二节点,接下来描述基于图6所示的发布路由的过程转发报文的流程,参见图10。图10是应用于图4和图5的应用场景。在图10中,以CE1向CE2发送报文的过程中报文经过第二自治域的过程为例进行说明。In step S903, the first message sent by the first node will reach the second node in the second autonomous domain. Next, the process of forwarding the message based on the process of publishing the route shown in FIG. 6 will be described, see FIG. 10 . Fig. 10 is an application scenario applied to Fig. 4 and Fig. 5 . In FIG. 10 , the process of the message passing through the second autonomous domain during the process of sending the message from CE1 to CE2 is taken as an example for illustration.
步骤S1001,第二节点接收第一节点发送的第一报文,其中,第一节点为第一自治域的边缘路由设备,第一报文包括VPN SID,第一报文是去往VPN SID关联的前缀地址的SRV6报文。Step S1001, the second node receives the first message sent by the first node, wherein the first node is the edge routing device of the first autonomous domain, the first message includes the VPN SID, and the first message is directed to the VPN SID association SRV6 packets with prefix addresses.
在本实施例中,第一报文包括IPv6基本头和IP报文,IPv6基本头中的目的地址为VPN SID。IPv6基本头中的源地址为ACC的地址。In this embodiment, the first packet includes an IPv6 basic header and an IP packet, and the destination address in the IPv6 basic header is the VPN SID. The source address in the IPv6 basic header is the address of the ACC.
此处若图10所示的报文转发流程应用于图4所示的应用场景,则第二节点接收的第一报文直接来自第一节点。若图10所示的报文转发流程应用于图5所示的应用场景,则第二节点接收的第一报文间接来自第一节点,从第一节点发出的第一报文经过了第三自治域的转发。Here, if the packet forwarding process shown in FIG. 10 is applied to the application scenario shown in FIG. 4 , the first packet received by the second node comes directly from the first node. If the message forwarding process shown in Figure 10 is applied to the application scenario shown in Figure 5, the first message received by the second node comes directly from the first node, and the first message sent from the first node passes through the third Autonomous domain forwarding.
步骤S1002,第二节点基于VPN SID确定第一报文在第二自治域的转发策略。Step S1002, the second node determines the forwarding policy of the first message in the second autonomous domain based on the VPN SID.
其中,转发策略可以认为是隧道策略。Among them, the forwarding policy can be regarded as a tunneling policy.
在本实施例中,确定第一报文在第二自治域的转发策略的方式为:若VPN SID关联有SRv6 Policy隧道信息,则确定第一报文在第二自治域的转发策略为基于SRv6 Policy隧道的策略;若VPN SID未关联有SRv6 Policy隧道信息,则确定第一报文在第二自治域的转发策略为基于SRv6 BE隧道的策略。示例性的,通过图6所示的流程可知,第二节点上建立有包括VPN SID的路由表。若路由表中包括VPN SID对应的color参数,则确定VPN SID关联有SRv6 Policy隧道信息,反之则确定VPN SID未关联有SRv6 Policy隧道信息。In this embodiment, the method of determining the forwarding policy of the first message in the second autonomous domain is: if the VPN SID is associated with SRv6 Policy tunnel information, then determine that the forwarding policy of the first message in the second autonomous domain is based on SRv6 Policy tunnel policy; if the VPN SID is not associated with SRv6 Policy tunnel information, it is determined that the forwarding policy of the first packet in the second autonomous domain is a policy based on the SRv6 BE tunnel. Exemplarily, it can be known from the flow shown in FIG. 6 that a routing table including the VPN SID is established on the second node. If the routing table includes the color parameter corresponding to the VPN SID, it is determined that the VPN SID is associated with SRv6 Policy tunnel information; otherwise, it is determined that the VPN SID is not associated with SRv6 Policy tunnel information.
步骤S1003,第二节点基于转发策略,发送第一报文,其中,基于该转发策略发送的第一报文包括的VPN SID与接收到的第一报文包括的VPN SID相同。Step S1003, the second node sends a first packet based on the forwarding strategy, wherein the VPN SID included in the first packet sent based on the forwarding strategy is the same as the VPN SID included in the received first packet.
在本实施例中,第二节点基于转发策略发送第一报文有多种方式,此处提供两种可行的方式,见方式一和方式二。In this embodiment, there are multiple ways for the second node to send the first packet based on the forwarding strategy, and two feasible ways are provided here, see way 1 and way 2.
方式一,若转发策略为基于SRv6 Policy隧道的策略,第二节点基于VPN SID在路由表中对应的下一跳,在第一报文封装SRV6 Policy隧道信息,获得第二报文;发送第二报文。Method 1, if the forwarding policy is based on the SRv6 Policy tunnel, the second node encapsulates the SRV6 Policy tunnel information in the first packet based on the next hop corresponding to the VPN SID in the routing table to obtain the second packet; sends the second message.
在方式一中,第二节点与第三节点之间建立有SRv6 policy隧道。第二节点在路由表中, 确定VPN SID对应的color参数和下一跳,从图6所示的流程可知,该下一跳属于第二自治域,且该下一跳为第二自治域的第三节点。第二节点基于VPN SID对应的color参数和下一跳,确定color参数和下一跳关联的SRv6 policy隧道信息,此处下一跳为第三节点。SRv6 policy隧道信息包括去往第三节点的Segment List,Segment List包括第二节点。第二节点在IP报文的外层封装SRH,获得第二报文,第二报文包括IP报文、IPv6基本头和SRH。SRH包括Segment List和VPN SID,VPN SID位于Segment List中的Segment List[0]。封装后报文会按照Segment List指定的路径被转发至第三节点。第三节点是SRv6 policy隧道的尾节点,第三节点接收到的报文包括IPv6基本头和SRH,IPv6基本头包括的目的地址为第三节点的SID,SRH中SL等于0,SRH中Segment List仅包括VPN SID。In mode one, an SRv6 policy tunnel is established between the second node and the third node. The second node determines the color parameter and the next hop corresponding to the VPN SID in the routing table. As can be seen from the flow shown in Figure 6, the next hop belongs to the second autonomous domain, and the next hop is the second autonomous domain. third node. The second node determines the SRv6 policy tunnel information associated with the color parameter and the next hop based on the color parameter and the next hop corresponding to the VPN SID, where the next hop is the third node. The SRv6 policy tunnel information includes the Segment List to the third node, and the Segment List includes the second node. The second node encapsulates the SRH in the outer layer of the IP message to obtain the second message, and the second message includes the IP message, the IPv6 basic header and the SRH. SRH includes Segment List and VPN SID, and VPN SID is located in Segment List[0] in Segment List. After encapsulation, the packet will be forwarded to the third node according to the path specified by the Segment List. The third node is the tail node of the SRv6 policy tunnel. The packet received by the third node includes the IPv6 basic header and SRH. The destination address included in the IPv6 basic header is the SID of the third node. SL in SRH is equal to 0, and Segment List in SRH Only VPN SIDs are included.
第三节点接收到第二报文后,将第二报文的SRH中的VPN SID更新至IPv6基本头。第三节点使用IPv6基本头中的VPN SID,在本地SID表中确定对应的VRF,并且弹出IPv6基本头和SRH。第三节点在VRF的转发表中使用CE2的地址,查找到出接口,通过该出接口向CE2发送IP报文。After the third node receives the second message, the VPN SID in the SRH of the second message is updated to the IPv6 basic header. The third node uses the VPN SID in the IPv6 basic header to determine the corresponding VRF in the local SID table, and pops up the IPv6 basic header and SRH. The third node uses the address of CE2 in the forwarding table of the VRF to find the outbound interface, and sends the IP message to CE2 through the outbound interface.
方式二,若转发策略为基于SRv6 BE隧道的策略,则使用下一跳对应的出接口发送第一报文。Method 2: If the forwarding policy is based on the SRv6 BE tunnel, use the outbound interface corresponding to the next hop to send the first packet.
在方式二中,第二节点使用下一跳,确定该下一跳对应的出接口。第一节点通过该出接口发送第一报文。第三节点接收到第一报文后,将第一报文的弹出IPv6头,并使用IPv6头中的VPN SID,在本地SID表中确定VPN SID对应的VRF。在VRF的转发表中使用CE2的地址,查找到出接口,通过该出接口向CE2发送IP报文。In the second manner, the second node uses the next hop to determine the outbound interface corresponding to the next hop. The first node sends the first packet through the outbound interface. After the third node receives the first message, it pops up the IPv6 header of the first message, and uses the VPN SID in the IPv6 header to determine the VRF corresponding to the VPN SID in the local SID table. Use the address of CE2 in the VRF forwarding table to find out the outbound interface, and send the IP packet to CE2 through the outbound interface.
为了更好地理解图9和图10的流程,结合图4给出了CE1向CE2发送报文的示意图,参见图11和图12。图11中描述了使用SRv6 BE隧道发送报文的过程;图12中描述了使用SRv6 policy隧道发送报文的过程。在图12中步骤S901采用的是方式二。在图11和图12中,CE2的前缀地址为2.2.2.2,VPN SID的值为VPN SID1。In order to better understand the processes in FIG. 9 and FIG. 10 , a schematic diagram of CE1 sending a message to CE2 is given in conjunction with FIG. 4 , see FIG. 11 and FIG. 12 . Figure 11 describes the process of using the SRv6 BE tunnel to send packets; Figure 12 describes the process of using the SRv6 policy tunnel to send packets. Step S901 in FIG. 12 adopts the second method. In Figure 11 and Figure 12, the prefix address of CE2 is 2.2.2.2, and the value of VPN SID is VPN SID1.
为了更好地理解图9和图10的流程,结合图5给出了CE1向CE2发送报文的示意图,参见图13。图13中描述了使用SRv6 policy隧道发送报文的过程。在图13中步骤S901采用的是方式二。在图13中,CE2的前缀地址为2.2.2.2,VPN SID的值为VPN SID1。In order to better understand the processes in FIG. 9 and FIG. 10 , a schematic diagram of CE1 sending a message to CE2 is given in conjunction with FIG. 5 , see FIG. 13 . Figure 13 describes the process of sending packets using the SRv6 policy tunnel. Step S901 in FIG. 13 adopts the second method. In Figure 13, the prefix address of CE2 is 2.2.2.2, and the value of VPN SID is VPN SID1.
通过本申请实施例,在跨自治域报文转发过程中VPN SID是唯一的,在边缘路由设备处不需要进行标签交换,所以处理比较简单。而且使用VPN SID直接关联SRv6隧道,中间节点不需要维护VPN SID资源,减少控制面对中间节点的控制。Through the embodiment of this application, the VPN SID is unique during the inter-autonomous domain message forwarding process, and label switching is not required at the edge routing device, so the processing is relatively simple. Moreover, the VPN SID is directly associated with the SRv6 tunnel, and the intermediate node does not need to maintain the VPN SID resource, which reduces the control of the control face to the intermediate node.
具体的,本申请中不需要进行标签交换,相对于option B的方案,进行了简化。同时由于VPN SID是端到端,所以也实现了端到端。而且VPN SID作为业务唯一标识,端到端携带,各个自治域均可以感知到VPN SID对应的业务,方便统一管理和做各种控制策略(如优化转发路径、业务分析、统计和计费等)。而且虽然是VPN SID是端到端,但是在各个自治域隧道是各个自治域配置的,不需要采用端到端隧道。可以减少汇聚侧隧道数量。例如,如图14所示,PE3下有4K个基站(在图14中基站是ACC),现有的方案中每个ACC到PE3均需要创建一个SRv6 policy隧道,参见图14中的(a)。然而采用本申请的方案后,ACC与MC1之间创建一个SRv6 policy隧道,汇聚侧PE3只需要和PE1创建一个SRv6 policy隧道,而不需要为每个ACC与PE3创建一个SRv6 policy隧道,简化了端到端SRv6 policy隧道部署,参见图14中的(b)。在图14中的(a)和图14中的(b)中,带箭头的曲线表示建立的 SRv6 policy隧道。Specifically, label switching is not required in this application, which is simplified compared to the solution of option B. At the same time, because the VPN SID is end-to-end, it also realizes end-to-end. Moreover, the VPN SID is used as the unique identifier of the service and is carried end-to-end. Each autonomous domain can perceive the service corresponding to the VPN SID, which is convenient for unified management and various control strategies (such as optimizing the forwarding path, business analysis, statistics and billing, etc.) . And although the VPN SID is end-to-end, the tunnels in each autonomous domain are configured in each autonomous domain, and there is no need to use end-to-end tunnels. The number of aggregation-side tunnels can be reduced. For example, as shown in Figure 14, there are 4K base stations under PE3 (the base station is an ACC in Figure 14), and in the existing solution, an SRv6 policy tunnel needs to be created from each ACC to PE3, see (a) in Figure 14 . However, after adopting the solution of this application, an SRv6 policy tunnel is created between ACC and MC1, PE3 on the aggregation side only needs to create an SRv6 policy tunnel with PE1, and does not need to create an SRv6 policy tunnel for each ACC and PE3, which simplifies the For end-to-end SRv6 policy tunnel deployment, see (b) in Figure 14. In (a) in Figure 14 and (b) in Figure 14, the curve with the arrow indicates the established SRv6 policy tunnel.
另外,各个自治域隧道是各个自治域配置的,一个自治域可以部署SRv6 policy隧道,另一个自治域不可以部署SRv6 policy隧道,这种情况下也能部署端到端的SRv6业务,这样,在多个自治域采用不同的控制器时,不需要各个控制器配合就能部署端到端的SRv6业务。例如,在图4的应用场景中,如图15所示,第一自治域使用控制器1控制,第一自治域部署SRv6 policy隧道;第二自治域使用控制器2控制,第二自治域部署SRv6 BE隧道。In addition, each autonomous domain tunnel is configured by each autonomous domain. One autonomous domain can deploy SRv6 policy tunnels, while the other autonomous domain cannot deploy SRv6 policy tunnels. In this case, end-to-end SRv6 services can also be deployed. In this way, multiple When different controllers are used in an autonomous domain, end-to-end SRv6 services can be deployed without the cooperation of each controller. For example, in the application scenario shown in Figure 4, as shown in Figure 15, the first autonomous domain is controlled by controller 1, and SRv6 policy tunnels are deployed in the first autonomous domain; the second autonomous domain is controlled by controller 2, and the second autonomous domain deploys SRv6 BE tunnel.
上面介绍了本申请实施例的方法实施例,下面介绍从逻辑功能的角度介绍本申请实施例的路由发布的装置和转发报文的装置。The method embodiments of the embodiments of the present application are described above, and the following introduces the device for publishing routes and the device for forwarding messages in the embodiments of the present application from the perspective of logical functions.
图16是本申请实施例提供的路由发布的装置的结构图。该装置可以通过软件、硬件或者两者的结合实现成为装置中的部分或者全部。路由发布的装置应用于第一自治域的第一节点,所述第一节点为所述第一自治域的边缘路由设备,本申请实施例提供的路由发布的装置可以实现本申请实施例图6所述的流程,该装置包括:接收模块1610和发布模块1620,其中:FIG. 16 is a structural diagram of an apparatus for advertising routes provided by an embodiment of the present application. The device can be implemented as a part or all of the device through software, hardware or a combination of the two. The route publishing device is applied to the first node of the first autonomous domain, and the first node is the edge routing device of the first autonomous domain. The route publishing device provided in the embodiment of the present application can realize the embodiment of the present application Figure 6 According to the process described above, the device includes: a receiving module 1610 and a publishing module 1620, wherein:
接收模块1610,用于接收第二自治域的第二节点发送的第一路由消息,其中,所述第二节点为所述第二自治域的边缘路由设备,所述第一路由消息中包括VPN SID、所述VPN SID关联的前缀地址和第一下一跳,所述第一下一跳为所述第二节点,所述第一路由消息用于发送去往所述前缀地址的报文,具体可以用于实现步骤S604的接收功能以及执行步骤S604包含的隐含步骤;The receiving module 1610 is configured to receive a first routing message sent by a second node in a second autonomous domain, where the second node is an edge routing device in the second autonomous domain, and the first routing message includes a VPN The prefix address associated with the SID, the VPN SID, and the first next hop, the first next hop is the second node, and the first routing message is used to send a message to the prefix address, Specifically, it can be used to realize the receiving function of step S604 and execute the implicit steps included in step S604;
发布模块1620,用于: Issue module 1620 for:
获得第二路由消息,其中,所述第二路由消息包括所述VPN SID、所述前缀地址和第二下一跳,所述第二下一跳为所述第一节点,所述第一路由消息中的VPN SID与所述第二路由消息中的VPN SID相同;Obtain a second routing message, wherein the second routing message includes the VPN SID, the prefix address and a second next hop, the second next hop is the first node, and the first routing The VPN SID in the message is identical with the VPN SID in the second routing message;
在所述第一自治域通告所述第二路由消息,其中,所述第二路由消息用于发送去往所述前缀地址的报文,具体可以用于实现步骤S605和S606的发布功能以及执行步骤S605和S606包含的隐含步骤。The second routing message is notified in the first autonomous domain, wherein the second routing message is used to send a message destined for the prefix address, and specifically can be used to implement the publishing functions of steps S605 and S606 and execute Steps S605 and S606 contain implicit steps.
在一种可能的实现方式中,如图16所示,所述装置还包括:In a possible implementation manner, as shown in FIG. 16, the device further includes:
添加模块1630,用于将所述第一路由消息中的所述VPN SID和所述第一下一跳对应添加至路由表。Adding module 1630, configured to add the VPN SID in the first routing message and the first next hop correspondingly to a routing table.
在一种可能的实现方式中,所述接收模块1610,用于通过EBGP接收第二自治域的第二节点发送的第一路由消息。In a possible implementation manner, the receiving module 1610 is configured to receive the first routing message sent by the second node in the second autonomous domain through EBGP.
在一种可能的实现方式中,所述第一路由消息中还包括color参数,所述color参数为所述第二自治域内配置的color参数;所述发布模块1620,还用于在所述第一自治域通告所述第二路由消息之前若所述第一节点配置上的color参数与所述第一路由消息中的color参数不一致,则修改所述第二路由消息中的color参数为所述第一节点上配置的color参数。In a possible implementation manner, the first routing message further includes a color parameter, and the color parameter is a color parameter configured in the second autonomous domain; If the color parameter configured on the first node is inconsistent with the color parameter in the first routing message before an autonomous domain notifies the second routing message, modify the color parameter in the second routing message to the The color parameter configured on the first node.
在一种可能的实现方式中,所述第一路由消息中不包括color参数;In a possible implementation manner, the color parameter is not included in the first routing message;
所述发布模块1620,还用于在所述第一自治域通告所述第二路由消息之前,若所述第一节点配置有color参数,则在所述第二路由消息中添加所述第一节点上配置的color参数。The publishing module 1620 is further configured to add the first color parameter to the second routing message if the first node is configured with a color parameter before the first autonomous domain notifies the second routing message. The color parameter configured on the node.
图17是本申请实施例提供的路由发布的装置的结构图。该装置可以通过软件、硬件或者两者的结合实现成为装置中的部分或者全部。路由发布的装置应用于第二自治域的第二节点,所述第二节点为所述第二自治域的边缘路由设备,本申请实施例提供的路由发布的装置可以 实现本申请实施例图6所述的流程,该装置包括:接收模块1710、发布模块1720和发送模块1730,其中:FIG. 17 is a structural diagram of an apparatus for advertising routes provided by an embodiment of the present application. The device can be implemented as a part or all of the device through software, hardware or a combination of the two. The route publishing device is applied to the second node of the second autonomous domain, and the second node is the edge routing device of the second autonomous domain. The route publishing device provided in the embodiment of the present application can realize the embodiment of the present application Figure 6 In the process described above, the device includes: a receiving module 1710, a publishing module 1720, and a sending module 1730, wherein:
接收模块1710,用于接收所述第二自治域的第三节点发送的第三路由消息,其中,第三路由消息中包括VPN SID、所述VPN SID关联的前缀地址和第三下一跳,所述第三下一跳为所述第三节点,所述第三路由消息用于发送去往所述前缀地址的报文,具体可以用于实现步骤S601的接收功能以及执行步骤S601包含的隐含步骤;The receiving module 1710 is configured to receive a third routing message sent by a third node in the second autonomous domain, where the third routing message includes a VPN SID, a prefix address associated with the VPN SID, and a third next hop, The third next hop is the third node, and the third routing message is used to send the message to the prefix address, which can be specifically used to implement the receiving function in step S601 and execute the hidden message included in step S601. with steps;
发布模块1720,用于获得第一路由消息,其中,所述第一路由消息包括所述VPN SID、所述前缀地址和第一下一跳,所述第一下一跳为所述第二节点,所述第一路由消息中的VPN SID与所述第三路由消息中的VPN SID相同,具体可以用于实现步骤S602的发布功能以及执行步骤S602包含的隐含步骤; Publishing module 1720, configured to obtain a first routing message, wherein the first routing message includes the VPN SID, the prefix address and a first next hop, and the first next hop is the second node , the VPN SID in the first routing message is the same as the VPN SID in the third routing message, which can specifically be used to implement the publishing function in step S602 and perform the implicit steps included in step S602;
发送模块1730,用于向第一自治域的第一节点发送所述第一路由消息,其中,所述第一节点为所述第一自治域的边缘路由设备,所述第一路由消息用于发送去往所述前缀地址的报文,具体可以用于实现步骤S603的发送功能以及执行步骤S603包含的隐含步骤。A sending module 1730, configured to send the first routing message to a first node in the first autonomous domain, where the first node is an edge routing device in the first autonomous domain, and the first routing message is used for Sending the message to the prefix address may specifically be used to implement the sending function of step S603 and perform the implicit steps included in step S603.
在一种可能的实现方式中,如图17所示,所述装置还包括:In a possible implementation manner, as shown in FIG. 17, the device further includes:
添加模块1740,用于将所述第三路由消息中的所述VPN SID和所述第三下一跳对应添加至路由表。Adding module 1740, configured to correspondingly add the VPN SID and the third next hop in the third routing message to a routing table.
在一种可能的实现方式中,所述发送模块1730,用于通过EBGP向第一自治域的第一节点发送所述第一路由消息。In a possible implementation manner, the sending module 1730 is configured to send the first routing message to the first node in the first autonomous domain through EBGP.
图18是本申请实施例提供的转发报文的装置的结构图。该装置可以通过软件、硬件或者两者的结合实现成为装置中的部分或者全部。转发报文的装置应用于第二自治域的第二节点,所述第二节点为所述第二自治域的边缘路由设备,本申请实施例提供的转发报文的装置可以实现本申请实施例图10所述的流程,该装置包括:接收模块1810、策略确定模块1820和发送模块1830,其中:FIG. 18 is a structural diagram of an apparatus for forwarding packets provided by an embodiment of the present application. The device can be implemented as a part or all of the device through software, hardware or a combination of the two. The device for forwarding a message is applied to a second node in a second autonomous domain, and the second node is an edge routing device of the second autonomous domain. The device for forwarding a message provided in this embodiment of the application can implement the embodiment of this application The process described in FIG. 10 , the device includes: a receiving module 1810, a policy determining module 1820, and a sending module 1830, wherein:
接收模块1810,用于接收第一自治域的第一节点发送的第一报文,其中,所述第一节点为所述第一自治域的边缘路由设备,所述第一报文包括VPN SID,所述第一报文为去往所述VPN SID关联的前缀地址的SRv6报文,具体可以用于实现步骤S1001的接收功能以及执行步骤S1001包含的隐含步骤;A receiving module 1810, configured to receive a first message sent by a first node in a first autonomous domain, where the first node is an edge routing device in the first autonomous domain, and the first message includes a VPN SID , the first message is an SRv6 message destined for the prefix address associated with the VPN SID, which can specifically be used to realize the receiving function of step S1001 and perform the implicit steps included in step S1001;
策略确定模块1820,用于基于所述VPN SID确定所述第一报文在所述第二自治域的转发策略,具体可以用于实现步骤S1002的策略和下一跳确定功能以及执行步骤S1002包含的隐含步骤;The policy determination module 1820 is configured to determine the forwarding policy of the first message in the second autonomous domain based on the VPN SID, specifically, it may be used to implement the policy and next hop determination function in step S1002 and perform step S1002 including the implicit steps of
发送模块1830,用于基于所述转发策略,发送所述第一报文,其中,基于所述转发策略发送的第一报文包括的VPN SID与接收到的第一报文包括的VPN SID相同,具体可以用于实现步骤S1003的发送功能以及执行步骤S1003包含的隐含步骤。The sending module 1830 is configured to send the first packet based on the forwarding strategy, wherein the VPN SID included in the first packet sent based on the forwarding strategy is the same as the VPN SID included in the received first packet , specifically can be used to realize the sending function of step S1003 and execute the implicit steps included in step S1003.
在一种可能的实现方式中,所述策略确定模块1820,用于:In a possible implementation, the policy determination module 1820 is configured to:
若所述VPN SID关联有SRv6 Policy隧道信息,则确定所述第一报文在所述第二自治域的转发策略为基于所述SRv6 Policy隧道的策略;If the VPN SID is associated with SRv6 Policy tunnel information, then determining that the forwarding strategy of the first message in the second autonomous domain is based on the strategy of the SRv6 Policy tunnel;
若所述VPN SID未关联有SRv6 Policy隧道信息,则确定所述第一报文在所述第二自治域的转发策略为基于SRv6 BE隧道的策略。If the VPN SID is not associated with SRv6 Policy tunnel information, it is determined that the forwarding policy of the first message in the second autonomous domain is a policy based on the SRv6 BE tunnel.
在一种可能的实现方式中,所述接收模块1810,还用于接收所述第二自治域的第三节点 发送的第三路由消息,其中,所述第三路由消息中包括所述VPN SID、所述前缀地址和下一跳,所述第三路由消息中的下一跳为所述第三节点;将所述第三路由消息中的所述VPN SID和所述下一跳对应添加至路由表。In a possible implementation manner, the receiving module 1810 is further configured to receive a third routing message sent by a third node in the second autonomous domain, where the third routing message includes the VPN SID , the prefix address and the next hop, the next hop in the third routing message is the third node; the VPN SID and the next hop in the third routing message are correspondingly added to routing table.
在一种可能的实现方式中,所述发送模块1830,用于:In a possible implementation manner, the sending module 1830 is configured to:
若所述转发策略为基于SRv6 Policy隧道的策略,则基于所述VPN SID在所述路由表中对应的下一跳,在所述第一报文封装SRv6 Policy隧道信息,获得第二报文;发送所述第二报文;If the forwarding strategy is a strategy based on the SRv6 Policy tunnel, then based on the next hop corresponding to the VPN SID in the routing table, encapsulate the SRv6 Policy tunnel information in the first message to obtain a second message; sending the second message;
若所述转发策略为基于SRv6 BE隧道的策略,则使用所述下一跳对应的出接口发送所述第一报文。If the forwarding policy is a policy based on the SRv6 BE tunnel, then use the outbound interface corresponding to the next hop to send the first packet.
在一种可能的实现方式中,如图18所示,所述装置还包括:发布模块1840,用于获得第一路由消息,其中,所述第一路由消息包括所述VPN SID、所述前缀地址和所述第一路由信息的下一跳,所述第一路由消息的下一跳为所述第二节点,所述第一路由消息中的VPN SID与所述第三路由消息中的VPN SID相同;In a possible implementation manner, as shown in FIG. 18 , the device further includes: an issuing module 1840, configured to obtain a first routing message, where the first routing message includes the VPN SID, the prefix address and the next hop of the first routing message, the next hop of the first routing message is the second node, the VPN SID in the first routing message is the same as the VPN in the third routing message SIDs are the same;
所述发送模块1830,还向所述第一节点发送所述第一路由消息。The sending module 1830 further sends the first routing message to the first node.
在一种可能的实现方式中,接收的所述第一报文的IPv6报文头中的目的地址字段包括所述VPN SID。In a possible implementation manner, the destination address field in the IPv6 packet header of the received first packet includes the VPN SID.
图19是本申请实施例提供的转发报文的装置的结构图。该装置可以通过软件、硬件或者两者的结合实现成为装置中的部分或者全部。转发报文的装置应用于第一自治域的第一节点,所述第一节点为所述第一自治域的边缘路由设备,本申请实施例提供的转发报文的装置可以实现本申请实施例图9所述的流程,该装置包括:接收模块1910、下一跳确定模块1920和发送模块1930,其中:FIG. 19 is a structural diagram of an apparatus for forwarding packets provided by an embodiment of the present application. The device can be implemented as a part or all of the device through software, hardware or a combination of the two. The device for forwarding the message is applied to the first node of the first autonomous domain, and the first node is the edge routing device of the first autonomous domain. The device for forwarding the message provided by the embodiment of the present application can realize the embodiment of the present application The process described in FIG. 9 , the device includes: a receiving module 1910, a next hop determining module 1920, and a sending module 1930, wherein:
接收模块1910,用于接收第一报文,其中,所述第一报文包括虚拟专用网络段路由标识VPN SID,所述第一报文为去往所述VPN SID关联的前缀地址的SRV6报文,具体可以用于实现步骤S901的接收功能以及执行步骤S901包含的隐含步骤;The receiving module 1910 is configured to receive a first message, wherein the first message includes a virtual private network segment routing identifier VPN SID, and the first message is an SRV6 message destined for a prefix address associated with the VPN SID Specifically, it can be used to realize the receiving function of step S901 and execute the implicit steps included in step S901;
下一跳确定模块1920,用于基于所述VPN SID确定下一跳,其中,所述下一跳是第二自治域的第二节点,所述第二节点为所述第二自治域的边缘路由设备,具体可以用于实现步骤S902的下一跳确定功能以及执行步骤S902包含的隐含步骤;A next hop determining module 1920, configured to determine a next hop based on the VPN SID, wherein the next hop is a second node of a second autonomous domain, and the second node is an edge of the second autonomous domain The routing device can specifically be used to implement the next hop determination function in step S902 and perform the implicit steps included in step S902;
发送模块1930,用于基于所述下一跳,发送所述第一报文,其中,发送的第一报文中包括的VPN SID与接收到的第一报文中包括的VPN SID相同,具体可以用于实现步骤S903的发送功能以及执行步骤S903包含的隐含步骤。The sending module 1930 is configured to send the first packet based on the next hop, wherein the VPN SID included in the sent first packet is the same as the VPN SID included in the received first packet, specifically It can be used to realize the sending function of step S903 and execute the implicit steps included in step S903.
在一种可能的实现方式中,所述接收模块1910,还用于在基于所述VPN SID确定下一跳之前,接收所述第二节点发送的第一路由消息,其中,所述第一路由消息包括所述VPN SID、所述前缀地址和所述下一跳;将所述第一路由消息中的所述VPN SID和所述下一跳对应添加至路由表;In a possible implementation manner, the receiving module 1910 is further configured to receive a first routing message sent by the second node before determining the next hop based on the VPN SID, where the first routing The message includes the VPN SID, the prefix address and the next hop; adding the VPN SID and the next hop in the first routing message to a routing table;
所述下一跳确定模块1920,用于在所述路由表中,确定所述VPN SID对应的下一跳。The next hop determining module 1920 is configured to determine the next hop corresponding to the VPN SID in the routing table.
在一种可能的实现方式中,所述装置还包括:发布模块1940,用于获得第二路由消息,其中,所述第二路由消息包括所述VPN SID、所述前缀地址和所述第二路由消息的下一跳,所述第二路由消息的下一跳为所述第一节点,所述第一路由消息中的VPN SID与所述第二路由消息中的VPN SID相同;在所述第一自治域通告所述第二路由消息。In a possible implementation manner, the device further includes: an publishing module 1940, configured to obtain a second routing message, where the second routing message includes the VPN SID, the prefix address, and the second The next hop of the routing message, the next hop of the second routing message is the first node, and the VPN SID in the first routing message is the same as the VPN SID in the second routing message; in the The first autonomous domain advertises the second routing message.
在一种可能的实现方式中,所述接收模块1910:In a possible implementation, the receiving module 1910:
通过SRv6 BE隧道或者SRv6 Policy隧道,接收第一报文。Receive the first packet through the SRv6 BE tunnel or SRv6 Policy tunnel.
在一种可能的实现方式中,发送的第一报文的IPv6报文头中的目的地址字段包括所述VPN SID。In a possible implementation manner, the destination address field in the IPv6 packet header of the first packet sent includes the VPN SID.
本申请实施例中对路由发布的装置的模块和转发报文的装置模块的划分是示意性的,仅仅为一种逻辑功能划分,实际实现时也可以有另外的划分方式,另外,在本申请各个实施例中的各功能模块可以集成在一个处理器中,也可以是单独物理存在,也可以两个或两个以上模块集成为一个模块中。上述集成的模块既可以采用硬件的形式实现,也可以采用软件功能模块的形式实现。In the embodiment of the present application, the division of the module of the device for route publishing and the module of the device for forwarding messages is schematic, and it is only a logical function division. In actual implementation, there may be other division methods. In addition, in this application Each functional module in each embodiment may be integrated into one processor, or physically exist separately, or two or more modules may be integrated into one module. The above-mentioned integrated modules can be implemented in the form of hardware or in the form of software function modules.
该集成的模块如果以软件功能模块的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读存储介质中。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分,或者该技术方案的全部或部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是网络设备等)执行本申请各个实施例中方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(read-only memory,ROM)、随机存取存储器(random access memory,RAM)、磁碟或者光盘等各种可以存储程序代码的介质。If the integrated module is realized in the form of a software function module and sold or used as an independent product, it can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present application is essentially or the part that contributes to the prior art, or all or part of the technical solution can be embodied in the form of software products, and the computer software products are stored in a storage medium In, several instructions are included to make a computer device (which may be a network device, etc.) execute all or part of the steps of the methods in the various embodiments of the present application. The aforementioned storage medium includes: U disk, mobile hard disk, read-only memory (read-only memory, ROM), random access memory (random access memory, RAM), magnetic disk or optical disc and other media that can store program codes. .
图20是本申请实施例提供的一种设备200的结构示意图。FIG. 20 is a schematic structural diagram of a device 200 provided by an embodiment of the present application.
可选地,结合图4和图5,图20所示的设备200可选地为图4、图5中的第一节点、第二节点。另外,图20所示的设备200可选地为前文描述的路由发布设备、转发报文设备。Optionally, referring to FIG. 4 and FIG. 5 , the device 200 shown in FIG. 20 may be the first node and the second node in FIG. 4 and FIG. 5 . In addition, the device 200 shown in FIG. 20 may optionally be the route publishing device and packet forwarding device described above.
设备200可选地由一般性的总线体系结构来实现。设备200包括至少一个处理器201、通信总线202、存储器203以及至少一个网络接口204。 Device 200 is optionally implemented by a generic bus architecture. The device 200 includes at least one processor 201 , a communication bus 202 , a memory 203 and at least one network interface 204 .
处理器201例如是通用CPU、网络处理器(network processer,NP)、图形处理器(graphics processing unit,GPU)、神经网络处理器(neural-network processing units,NPU)、数据处理单元(data processing unit,DPU)、微处理器或者一个或多个用于实现本申请方案的集成电路。例如,处理器201包括专用集成电路(application-specific integrated circuit,ASIC),可编程逻辑器件(programmable logic device,PLD)或其组合。PLD例如是复杂可编程逻辑器件(complex programmable logic device,CPLD)、现场可编程逻辑门阵列(field-programmable gate array,FPGA)、通用阵列逻辑(generic array logic,GAL)或其任意组合。The processor 201 is, for example, a general-purpose CPU, a network processor (network processor, NP), a graphics processing unit (graphics processing unit, GPU), a neural network processor (neural-network processing units, NPU), a data processing unit (data processing unit) , DPU), microprocessor, or one or more integrated circuits for implementing the scheme of the present application. For example, the processor 201 includes an application-specific integrated circuit (application-specific integrated circuit, ASIC), a programmable logic device (programmable logic device, PLD) or a combination thereof. The PLD is, for example, a complex programmable logic device (complex programmable logic device, CPLD), a field-programmable gate array (field-programmable gate array, FPGA), a general array logic (generic array logic, GAL) or any combination thereof.
通信总线202用于在上述组件之间传送信息。通信总线202可以分为地址总线、数据总线、控制总线等。为便于表示,图20中仅用一条粗线表示,但并不表示仅有一根总线或一种类型的总线。The communication bus 202 is used to transfer information between the aforementioned components. The communication bus 202 can be divided into address bus, data bus, control bus and so on. For ease of representation, only one thick line is used in FIG. 20 , but it does not mean that there is only one bus or one type of bus.
存储器203例如是ROM或可存储静态信息和指令的其它类型的静态存储设备,又如是RAM或者可存储信息和指令的其它类型的动态存储设备,又如是电可擦可编程只读存储器(electrically erasable programmable read-only Memory,EEPROM)、只读光盘(compact disc read-only memory,CD-ROM)或其它光盘存储、光碟存储(包括压缩光碟、激光碟、光碟、数字通用光碟、蓝光光碟等)、磁盘存储介质或者其它磁存储设备,或者是能够用于携带或存储具有指令或数据结构形式的期望的程序代码并能够由计算机存取的任何其它介质,但不限于此。存储器203例如是独立存在,并通过通信总线202与处理器201相连接。存储器203也可以和处理器201集成在一起。The memory 203 is, for example, a ROM or other types of static storage devices that can store static information and instructions, another example of a RAM or other types of dynamic storage devices that can store information and instructions, and another example is an electrically erasable programmable read-only memory (electrically erasable Programmable read-only Memory, EEPROM), compact disc read-only memory (CD-ROM) or other optical disc storage, optical disc storage (including compact disc, laser disc, optical disc, digital versatile disc, Blu-ray disc, etc.), Disk storage media or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer, without limitation. The memory 203 exists independently, for example, and is connected to the processor 201 through the communication bus 202 . The memory 203 can also be integrated with the processor 201 .
网络接口204使用任何收发器一类的装置,用于与其它设备或通信网络通信。网络接口204包括有线网络接口,还可以包括无线网络接口。其中,有线网络接口例如可以为以太网接口。以太网接口可以是光接口,电接口或其组合。无线网络接口可以为无线局域网(wireless local area networks,WLAN)接口,蜂窝网络网络接口或其组合等。 Network interface 204 uses any transceiver-like device for communicating with other devices or a communication network. The network interface 204 includes a wired network interface, and may also include a wireless network interface. Wherein, the wired network interface may be an Ethernet interface, for example. The Ethernet interface can be an optical interface, an electrical interface or a combination thereof. The wireless network interface may be a wireless local area network (wireless local area networks, WLAN) interface, a cellular network interface or a combination thereof.
在具体实现中,作为一种实施例,处理器201可以包括一个或多个CPU。In a specific implementation, as an embodiment, the processor 201 may include one or more CPUs.
在具体实现中,作为一种实施例,设备200可以包括多个处理器。这些处理器中的每一个可以是一个单核处理器(single-CPU),也可以是一个多核处理器(multi-CPU)。这里的处理器可以指一个或多个设备、电路、和/或用于处理数据(如计算机程序指令)的处理核。In a specific implementation, as an embodiment, the device 200 may include multiple processors. Each of these processors can be a single-core processor (single-CPU) or a multi-core processor (multi-CPU). A processor herein may refer to one or more devices, circuits, and/or processing cores for processing data such as computer program instructions.
在一些实施例中,存储器203用于存储执行本申请方案的程序代码210,处理器201可以执行存储器203中存储的程序代码210。也即是,设备200可以通过处理器201以及存储器203中的程序代码210,来实现方法实施例提供的路由发布的方法和/或转发报文的方法。In some embodiments, the memory 203 is used to store the program code 210 for implementing the solution of the present application, and the processor 201 can execute the program code 210 stored in the memory 203 . That is, the device 200 can use the processor 201 and the program code 210 in the memory 203 to implement the route advertisement method and/or the packet forwarding method provided by the method embodiment.
参见图21,图21是本申请实施例提供的一种设备300的结构示意图。Referring to FIG. 21 , FIG. 21 is a schematic structural diagram of a device 300 provided in an embodiment of the present application.
可选地,结合图4和图5,图21所示的设备200可选地为图4、图5中的第一节点、第二节点。另外,图21所示的设备300可选地为前文描述的路由发布设备、转发报文设备。Optionally, referring to FIG. 4 and FIG. 5 , the device 200 shown in FIG. 21 may be the first node and the second node in FIG. 4 and FIG. 5 . In addition, the device 300 shown in FIG. 21 can optionally be the route publishing device and packet forwarding device described above.
设备300包括:主控板310和接口板330。The device 300 includes: a main control board 310 and an interface board 330 .
主控板也称为主处理单元(main processing unit,MPU)或路由处理卡(route processor card),主控板310用于对设备300中各个组件的控制和管理,包括路由计算、设备管理、设备维护、协议处理功能。主控板310包括:中央处理器311和存储器312(图21中未示出存储器312)。The main control board is also called a main processing unit (main processing unit, MPU) or a route processing card (route processor card). Equipment maintenance, protocol processing functions. The main control board 310 includes: a central processing unit 311 and a memory 312 (the memory 312 is not shown in FIG. 21 ).
接口板330也称为线路接口单元卡(line processing unit,LPU)、线卡(line card)或业务板。接口板330用于提供各种业务接口并实现数据包的转发。业务接口包括而不限于以太网接口、POS(packet over sONET/SDH)接口等,以太网接口例如是灵活以太网业务接口(flexible ethernet clients,FlexE clients)。接口板330包括:中央处理器331、网络处理器332、转发表项存储器334和物理接口卡(physical interface card,PIC)333。The interface board 330 is also called a line interface unit card (line processing unit, LPU), a line card (line card), or a service board. The interface board 330 is used to provide various service interfaces and implement forwarding of data packets. The service interface includes but is not limited to an Ethernet interface, a POS (packet over sONET/SDH) interface, etc., and the Ethernet interface is, for example, a flexible ethernet service interface (flexible ethernet clients, FlexE clients). The interface board 330 includes: a central processing unit 331 , a network processor 332 , a forwarding entry storage 334 and a physical interface card (physical interface card, PIC) 333 .
接口板330上的中央处理器331用于对接口板330进行控制管理并与主控板310上的中央处理器311进行通信。The central processor 331 on the interface board 330 is used to control and manage the interface board 330 and communicate with the central processor 311 on the main control board 310 .
网络处理器332用于实现报文的转发处理和/或路由发布处理。网络处理器332的形态例如是转发芯片。具体而言,网络处理器332用于基于转发表项存储器334保存的转发表转发接收到的报文,如果报文的目的地址为设备300的地址,则将该报文上送至CPU(如中央处理器311)处理;如果报文的目的地址不是设备300的地址,则根据该目的地址从转发表中查找到该目的地址对应的下一跳和出接口,将该报文转发到该目的地址对应的出接口。The network processor 332 is configured to implement message forwarding processing and/or route publishing processing. The form of the network processor 332 is, for example, a forwarding chip. Specifically, the network processor 332 is used to forward the received message based on the forwarding table stored in the forwarding table item storage 334, and if the destination address of the message is the address of the device 300, the message is sent to the CPU (such as If the destination address of the message is not the address of the device 300, the next hop and the outgoing interface corresponding to the destination address are found from the forwarding table according to the destination address, and the message is forwarded to the destination The outbound interface corresponding to the address.
物理接口卡333用于实现物理层的对接功能,原始的流量由此进入接口板330,以及处理后的报文从该物理接口卡333发出。物理接口卡333也称为子卡,可安装在接口板330上,负责将光电信号转换为报文并对报文进行合法性检查后转发给网络处理器332处理。在一些实施例中,中央处理器也可执行网络处理器332的功能,比如基于通用CPU实现软件转发,从而物理接口卡333中不需要网络处理器332。The physical interface card 333 is used to implement the interconnection function of the physical layer. The original traffic enters the interface board 330 through this, and the processed packets are sent out from the physical interface card 333 . The physical interface card 333 is also called a daughter card, which can be installed on the interface board 330, and is responsible for converting the photoelectric signal into a message, checking the validity of the message and forwarding it to the network processor 332 for processing. In some embodiments, the central processing unit can also perform the functions of the network processor 332 , such as implementing software forwarding based on a general-purpose CPU, so that the network processor 332 is not required in the physical interface card 333 .
可选地,设备300包括多个接口板,例如设备300还包括接口板340,接口板340包括:中央处理器341、网络处理器342、转发表项存储器344和物理接口卡343。Optionally, the device 300 includes multiple interface boards. For example, the device 300 further includes an interface board 340 , and the interface board 340 includes: a central processing unit 341 , a network processor 342 , a forwarding entry storage 344 and a physical interface card 343 .
可选地,设备300还包括交换网板320。交换网板320也例如称为交换网板单元(switch  fabric unit,SFU)。在网络设备有多个接口板330的情况下,交换网板320用于完成各接口板之间的数据交换。例如,接口板330和接口板340之间例如通过交换网板320通信。Optionally, the device 300 further includes a switching fabric unit 320 . The SFU 320 is also called, for example, a switch fabric unit (SFU). In the case where the network device has multiple interface boards 330, the SFU board 320 is used to complete data exchange between the interface boards. For example, the interface board 330 communicates with the interface board 340 through, for example, the switching fabric board 320 .
主控板310和接口板330耦合。例如。主控板310、接口板330和接口板340,以及交换网板320之间通过***总线与***背板相连实现互通。在一种可能的实现方式中,主控板310和接口板330之间建立进程间通信协议(inter-process communication,IPC)通道,主控板310和接口板330之间通过IPC通道进行通信。The main control board 310 is coupled to the interface board 330 . E.g. The main control board 310 , the interface board 330 and the interface board 340 , and the switching fabric board 320 are connected to the system backplane through the system bus to realize intercommunication. In a possible implementation manner, an inter-process communication protocol (inter-process communication, IPC) channel is established between the main control board 310 and the interface board 330, and the main control board 310 and the interface board 330 communicate through the IPC channel.
在逻辑上,设备300包括控制面和转发面,控制面包括主控板310和中央处理器331,转发面包括执行转发的各个组件,比如转发表项存储器334、物理接口卡333和网络处理器332。控制面执行路由器、生成转发表、处理信令和协议报文、配置与维护设备的状态等功能,控制面将生成的转发表下发给转发面,在转发面,网络处理器332基于控制面下发的转发表对物理接口卡333收到的报文查表转发。控制面下发的转发表例如保存在转发表项存储器334中。在有些实施例中,控制面和转发面例如完全分离,不在同一设备上。Logically, the device 300 includes a control plane and a forwarding plane. The control plane includes a main control board 310 and a central processing unit 331. The forwarding plane includes various components for performing forwarding, such as a forwarding entry storage 334, a physical interface card 333, and a network processor. 332. The control plane executes routers, generates forwarding tables, processes signaling and protocol packets, configures and maintains device status, and other functions. The control plane sends the generated forwarding tables to the forwarding plane. On the forwarding plane, the network processor 332 The issued forwarding table looks up and forwards the packets received by the physical interface card 333 . The forwarding table issued by the control plane is saved in the forwarding table item storage 334, for example. In some embodiments, the control plane and the forwarding plane are, for example, completely separated and not on the same device.
接口板340上的操作与接口板330的操作一致,为了简洁,不再赘述。本实施例的设备300可对应于上述各个方法实施例中的第一节点或第二节点,该设备300中的主控板310、接口板330和/或340例如实现上述各个方法实施例中第一节点或第二节点所具有的功能和/或所实施的各种步骤,为了简洁,在此不再赘述。The operations on the interface board 340 are the same as those on the interface board 330 , and will not be repeated for brevity. The device 300 in this embodiment may correspond to the first node or the second node in the above method embodiments, and the main control board 310, the interface board 330 and/or 340 in the device 300, for example, implement the first node in the above method embodiments For the sake of brevity, the functions and/or various steps implemented by a node or the second node are not repeated here.
值得说明的是,主控板可能有一块或多块,有多块的时候例如包括主用主控板和备用主控板。接口板可能有一块或多块,网络设备的数据处理能力越强,提供的接口板越多。接口板上的物理接口卡也可以有一块或多块。交换网板可能没有,也可能有一块或多块,有多块的时候可以共同实现负荷分担冗余备份。It is worth noting that there may be one or more main control boards, and when there are multiple main control boards, it includes, for example, an active main control board and a standby main control board. There may be one or more interface boards. The stronger the data processing capability of the network device, the more interface boards it provides. There may also be one or more physical interface cards on the interface board. There may be no SFU, or there may be one or more SFUs. When there are multiple SFUs, they can jointly implement load sharing and redundant backup.
在一些实施例中,本申请提供了一种计算机程序产品,该计算机程序产品包括计算机指令,该计算机指令存储在计算机可读存储介质中。路由发布设备的处理器从计算机可读存储介质读取该计算机指令,处理器执行该计算机指令,使得该路由发布设备执行路由发布的方法。In some embodiments, the present application provides a computer program product comprising computer instructions stored in a computer readable storage medium. The processor of the route publishing device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions, so that the route publishing device executes the route publishing method.
在一些实施例中,本申请提供了一种计算机程序产品,该计算机程序产品包括计算机指令,该计算机指令存储在计算机可读存储介质中。转发报文设备的处理器从计算机可读存储介质读取该计算机指令,处理器执行该计算机指令,使得该转发报文设备执行转发报文的方法。In some embodiments, the present application provides a computer program product comprising computer instructions stored in a computer readable storage medium. The processor of the message forwarding device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions, so that the message forwarding device executes the method for forwarding messages.
本说明书中的各个实施例均采用递进的方式描述,各个实施例之间相同相似的部分可互相参考,每个实施例重点说明的都是与其他实施例的不同之处。Each embodiment in this specification is described in a progressive manner, the same and similar parts of each embodiment can be referred to each other, and each embodiment focuses on the differences from other embodiments.
本申请实施例的说明书和权利要求书中的术语“第一”和“第二”等是用于区别不同的对象,而不是用于描述对象的特定顺序,也不能理解为指示或暗示相对重要性。例如,第一装置和第二装置用于区别不同的装置,而不是用于描述特定的装置。The terms "first" and "second" in the description and claims of the embodiments of the present application are used to distinguish different objects, not to describe a specific order of objects, nor can they be interpreted as indicating or implying relative importance sex. For example, a first device and a second device are used to distinguish different devices rather than to describe a specific device.
本申请实施例中,“和/或”表示三种情况,例如,A和/或B表示A、B、A和B三种情况。In the embodiments of the present application, "and/or" means three situations, for example, A and/or B means A, B, A and B three situations.
本申请实施例,除非另有说明,“至少一个”的含义是指一个或多个,“多个”的含义是指两个或两个以上。In the embodiments of the present application, unless otherwise specified, "at least one" means one or more, and "multiple" means two or more.
上述实施例可以全部或部分地通过软件、硬件、固件或者其任意组合来实现。当使用软件实现时,可以全部或部分地以计算机程序产品的形式实现。所述计算机程序产品包括一个 或多个计算机指令。在计算机上加载和执行所述计算机程序指令时,全部或部分地产生按照本申请实施例描述的流程或功能。所述计算机可以是通用计算机、专用计算机、计算机网络、或者其他可编程装置。所述计算机指令可以存储在计算机可读存储介质中,或者从一个计算机可读存储介质向另一个计算机可读存储介质传输,例如,所述计算机指令可以从一个网站站点、计算机、服务器或数据中心通过有线(例如,同轴电缆、光纤、数字用户线(DSL))或无线(例如红外、无线、微波等)方式向另一个网站站点、计算机、服务器或数据中心进行传输。所述计算机可读存储介质可以是计算机能够存取的任何可用介质或者是包含一个或多个可用介质集成的服务器、数据中心等数据存储设备。所述可用介质可以是磁性介质,(例如,软盘、硬盘、磁带)、光介质(如数字视盘(digital video disk,DVD))、或者半导体介质(例如,固态硬盘(solid state disk,SSD)等。The above-mentioned embodiments may be fully or partially implemented by software, hardware, firmware or any combination thereof. When implemented using software, it may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on the computer, all or part of the processes or functions described in accordance with the embodiments of the present application will be generated. The computer can be a general purpose computer, a special purpose computer, a computer network, or other programmable devices. The computer instructions may be stored in or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be transmitted from a website, computer, server or data center Transmission to another website site, computer, server, or data center by wired (eg, coaxial cable, fiber optic, digital subscriber line (DSL)) or wireless (eg, infrared, wireless, microwave, etc.) means. The computer-readable storage medium may be any available medium that can be accessed by a computer, or a data storage device such as a server or a data center integrated with one or more available media. The available medium may be a magnetic medium (for example, a floppy disk, a hard disk, a tape), an optical medium (such as a digital video disk (DVD)), or a semiconductor medium (for example, a solid state disk (solid state disk, SSD) etc. .
以上实施例仅用以说明本申请的技术方案,而非对其限制;尽管参照前述实施例对本申请进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本申请各实施例技术方案的范围。The above embodiments are only used to illustrate the technical solutions of the present application, rather than to limit them; although the present application has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that: it can still apply to the foregoing embodiments Modifications are made to the recorded technical solutions, or equivalent replacements are made to some of the technical features; and these modifications or replacements do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of each embodiment of the application.

Claims (25)

  1. 一种路由发布的方法,其特征在于,应用于第一自治域的第一节点,所述第一节点为所述第一自治域的边缘路由设备,所述方法包括:A method for publishing routes, characterized in that it is applied to a first node in a first autonomous domain, and the first node is an edge routing device in the first autonomous domain, the method comprising:
    接收第二自治域的第二节点发送的第一路由消息,其中,所述第二节点为所述第二自治域的边缘路由设备,所述第一路由消息中包括虚拟专用网络段路由标识VPN SID、所述VPN SID关联的前缀地址和第一下一跳,所述第一下一跳为所述第二节点,所述第一路由消息用于发送去往所述前缀地址的报文;receiving a first routing message sent by a second node in the second autonomous domain, wherein the second node is an edge routing device in the second autonomous domain, and the first routing message includes a virtual private network segment routing identifier VPN The prefix address associated with the SID, the VPN SID, and a first next hop, the first next hop is the second node, and the first routing message is used to send a message to the prefix address;
    获得第二路由消息,其中,所述第二路由消息包括所述VPN SID、所述前缀地址和第二下一跳,所述第二下一跳为所述第一节点,所述第一路由消息中的VPN SID与所述第二路由消息中的VPN SID相同;Obtain a second routing message, wherein the second routing message includes the VPN SID, the prefix address and a second next hop, the second next hop is the first node, and the first routing The VPN SID in the message is identical with the VPN SID in the second routing message;
    在所述第一自治域通告所述第二路由消息,其中,所述第二路由消息用于发送去往所述前缀地址的报文。Notifying the second routing message in the first autonomous domain, where the second routing message is used to send packets destined for the prefix address.
  2. 根据权利要求1所述的方法,其特征在于,所述方法还包括:The method according to claim 1, further comprising:
    将所述第一路由消息中的所述VPN SID和所述第一下一跳对应添加至路由表。Adding the VPN SID in the first routing message and the first next hop correspondingly to a routing table.
  3. 根据权利要求1或2所述的方法,其特征在于,所述接收第二自治域的第二节点发送的第一路由消息,包括:The method according to claim 1 or 2, wherein the receiving the first routing message sent by the second node in the second autonomous domain comprises:
    通过外部边界网关协议EBGP接收第二自治域的第二节点发送的第一路由消息。The first routing message sent by the second node in the second autonomous domain is received through the external border gateway protocol EBGP.
  4. 根据权利要求1至3任一项所述的方法,其特征在于,所述第一路由消息中还包括着色color参数,所述color参数为所述第二自治域内配置的color参数;所述在所述第一自治域通告所述第二路由消息之前,还包括:The method according to any one of claims 1 to 3, wherein the first routing message further includes a color parameter, and the color parameter is a color parameter configured in the second autonomous domain; Before the first autonomous domain notifies the second routing message, it also includes:
    若所述第一节点上配置的color参数与所述第一路由消息中的color参数不一致,则修改所述第二路由消息中的color参数为所述第一节点上配置的color参数。If the color parameter configured on the first node is inconsistent with the color parameter in the first routing message, modify the color parameter in the second routing message to be the color parameter configured on the first node.
  5. 根据权利要求4所述的方法,其特征在于,所述第一路由消息中不包括color参数;The method according to claim 4, wherein the color parameter is not included in the first routing message;
    所述在所述第一自治域通告所述第二路由消息之前,还包括:Before the first autonomous domain notifies the second routing message, it further includes:
    若所述第一节点配置有color参数,则在所述第二路由消息中添加所述第一节点上配置的color参数。If the first node is configured with a color parameter, the color parameter configured on the first node is added to the second routing message.
  6. 一种路由发布的方法,其特征在于,应用于第二自治域的第二节点,所述第二节点为所述第二自治域的边缘路由设备,所述方法包括:A method for route publishing, characterized in that it is applied to a second node in a second autonomous domain, and the second node is an edge routing device in the second autonomous domain, and the method includes:
    接收所述第二自治域的第三节点发送的第三路由消息,其中,第三路由消息中包括虚拟专用网络段路由标识VPN SID、所述VPN SID关联的前缀地址和第三下一跳,所述第三下一跳为所述第三节点,所述第三路由消息用于发送去往所述前缀地址的报文;receiving a third routing message sent by a third node in the second autonomous domain, wherein the third routing message includes a virtual private network segment routing identifier VPN SID, a prefix address associated with the VPN SID, and a third next hop, The third next hop is the third node, and the third routing message is used to send a message destined for the prefix address;
    获得第一路由消息,其中,所述第一路由消息包括所述VPN SID、所述前缀地址和第一下一跳,所述第一下一跳为所述第二节点,所述第一路由消息中的VPN SID与所述第三路由消息中的VPN SID相同;Obtain a first routing message, wherein the first routing message includes the VPN SID, the prefix address and a first next hop, the first next hop is the second node, and the first routing The VPN SID in the message is identical to the VPN SID in the third routing message;
    向第一自治域的第一节点发送所述第一路由消息,其中,所述第一节点为所述第一自治域的边缘路由设备,所述第一路由消息用于发送去往所述前缀地址的报文。sending the first routing message to a first node in the first autonomous domain, where the first node is an edge routing device in the first autonomous domain, and the first routing message is used to send the first routing message to the prefix address message.
  7. 根据权利要求6所述的方法,其特征在于,所述方法还包括:The method according to claim 6, further comprising:
    将所述第三路由消息中的所述VPN SID和所述第三下一跳对应添加至路由表。The VPN SID in the third routing message and the third next hop are correspondingly added to a routing table.
  8. 根据权利要求6或7所述的方法,其特征在于,所述向第一自治域的第一节点发送所述第一路由消息,包括:The method according to claim 6 or 7, wherein the sending the first routing message to the first node in the first autonomous domain comprises:
    通过外部边界网关协议EBGP向第一自治域的第一节点发送所述第一路由消息。The first routing message is sent to the first node in the first autonomous domain through an external border gateway protocol (EBGP).
  9. 一种转发报文的方法,其特征在于,应用于第二自治域的第二节点,所述第二节点为所述第二自治域的边缘路由设备,所述方法包括:A method for forwarding packets, characterized in that it is applied to a second node in a second autonomous domain, and the second node is an edge routing device in the second autonomous domain, the method comprising:
    接收第一自治域的第一节点发送的第一报文,其中,所述第一节点为所述第一自治域的边缘路由设备,所述第一报文包括虚拟专用网络段路由标识VPN SID,所述第一报文为去往所述VPN SID关联的前缀地址的段路由互联网协议第六版SRv6报文;Receiving a first message sent by a first node of a first autonomous domain, wherein the first node is an edge routing device of the first autonomous domain, and the first message includes a virtual private network segment routing identifier VPN SID , the first message is a Segment Routing Internet Protocol Version 6 SRv6 message destined for the prefix address associated with the VPN SID;
    基于所述VPN SID确定所述第一报文在所述第二自治域的转发策略;determining a forwarding policy of the first message in the second autonomous domain based on the VPN SID;
    基于所述转发策略,发送所述第一报文,其中,基于所述转发策略发送的第一报文包括的VPN SID与接收到的第一报文包括的VPN SID相同。Sending the first packet based on the forwarding strategy, where the VPN SID included in the first packet sent based on the forwarding strategy is the same as the VPN SID included in the received first packet.
  10. 根据权利要求9所述的方法,其特征在于,所述基于所述VPN SID确定所述第一报文在所述第二自治域的转发策略,包括:The method according to claim 9, wherein the determining the forwarding policy of the first message in the second autonomous domain based on the VPN SID comprises:
    若所述VPN SID关联有段路由互联网协议第六版SRv6策略Policy隧道信息,则确定所述第一报文在所述第二自治域的转发策略为基于所述SRv6 Policy隧道的策略;If the VPN SID is associated with Segment Routing Internet Protocol Version 6 SRv6 policy policy tunnel information, then determine that the forwarding policy of the first message in the second autonomous domain is based on the policy of the SRv6 Policy tunnel;
    若所述VPN SID未关联有SRv6 Policy隧道信息,则确定所述第一报文在所述第二自治域的转发策略为基于SRv6最小代价BE隧道的策略。If the VPN SID is not associated with SRv6 Policy tunnel information, then it is determined that the forwarding policy of the first message in the second autonomous domain is a policy based on the SRv6 minimum cost BE tunnel.
  11. 根据权利要求9或10所述的方法,其特征在于,所述方法还包括:The method according to claim 9 or 10, characterized in that the method further comprises:
    接收所述第二自治域的第三节点发送的第三路由消息,其中,所述第三路由消息中包括所述VPN SID、所述前缀地址和下一跳,所述第三路由消息中的下一跳为所述第三节点;receiving a third routing message sent by a third node in the second autonomous domain, where the third routing message includes the VPN SID, the prefix address, and the next hop, and the third routing message includes The next hop is the third node;
    将所述第三路由消息中的所述VPN SID和所述下一跳对应添加至路由表。The VPN SID in the third routing message and the next hop are correspondingly added to a routing table.
  12. 根据权利要求11所述的方法,其特征在于,所述基于所述转发策略,发送所述第一报文,包括:The method according to claim 11, wherein the sending the first message based on the forwarding strategy includes:
    若所述转发策略为基于SRv6 Policy隧道的策略,则基于所述VPN SID在所述路由表中对应的下一跳,在所述第一报文封装SRv6 Policy隧道信息,获得第二报文;发送所述第二报文;If the forwarding strategy is a strategy based on the SRv6 Policy tunnel, then based on the next hop corresponding to the VPN SID in the routing table, encapsulate the SRv6 Policy tunnel information in the first message to obtain a second message; sending the second message;
    若所述转发策略为基于SRv6 BE隧道的策略,则使用所述下一跳对应的出接口发送所述第一报文。If the forwarding policy is a policy based on the SRv6 BE tunnel, then use the outbound interface corresponding to the next hop to send the first message.
  13. 根据权利要求11所述的方法,其特征在于,所述方法还包括:The method according to claim 11, characterized in that the method further comprises:
    获得第一路由消息,其中,所述第一路由消息包括所述VPN SID、所述前缀地址和所述第一路由信息的下一跳,所述第一路由消息的下一跳为所述第二节点,所述第一路由消息中的VPN SID与所述第三路由消息中的VPN SID相同;Obtaining a first routing message, wherein the first routing message includes the VPN SID, the prefix address and the next hop of the first routing information, and the next hop of the first routing message is the first Two nodes, the VPN SID in the first routing message is the same as the VPN SID in the third routing message;
    向所述第一节点发送所述第一路由消息。sending the first routing message to the first node.
  14. 根据权利要求9至13任一项所述的方法,其特征在于,接收的所述第一报文的互联网协议第六版IPv6报文头中的目的地址字段包括所述VPN SID。The method according to any one of claims 9 to 13, wherein the destination address field in the Internet Protocol Version 6 IPv6 header of the received first message includes the VPN SID.
  15. 一种转发报文的方法,其特征在于,应用于第一自治域的第一节点,所述第一节点为所述第一自治域的边缘路由设备,所述方法包括:A method for forwarding messages, characterized in that it is applied to a first node in a first autonomous domain, where the first node is an edge routing device in the first autonomous domain, and the method includes:
    接收第一报文,其中,所述第一报文包括虚拟专用网络段路由标识VPN SID,所述第一 报文为去往所述VPN SID关联的前缀地址的段路由互联网协议第六版SRV6报文;Receive a first message, wherein the first message includes a virtual private network segment routing identifier VPN SID, and the first message is a segment route to the prefix address associated with the VPN SID Internet Protocol Version 6 SRV6 message;
    基于所述VPN SID确定下一跳,其中,所述下一跳是第二自治域的第二节点,所述第二节点为所述第二自治域的边缘路由设备;Determine a next hop based on the VPN SID, where the next hop is a second node in a second autonomous domain, and the second node is an edge routing device in the second autonomous domain;
    基于所述下一跳,发送所述第一报文,其中,发送的第一报文中包括的VPN SID与接收到的第一报文中包括的VPN SID相同。Based on the next hop, sending the first packet, wherein the VPN SID included in the sent first packet is the same as the VPN SID included in the received first packet.
  16. 根据权利要求15所述的方法,其特征在于,在基于所述VPN SID确定下一跳之前,所述方法还包括:The method according to claim 15, wherein, before determining the next hop based on the VPN SID, the method further comprises:
    接收所述第二节点发送的第一路由消息,其中,所述第一路由消息包括所述VPN SID、所述前缀地址和所述下一跳;receiving a first routing message sent by the second node, where the first routing message includes the VPN SID, the prefix address, and the next hop;
    将所述第一路由消息中的所述VPN SID和所述下一跳对应添加至路由表;The VPN SID and the next hop in the first routing message are correspondingly added to the routing table;
    所述基于所述VPN SID确定下一跳,包括:The determining the next hop based on the VPN SID includes:
    在所述路由表中,确定所述VPN SID对应的下一跳。In the routing table, determine the next hop corresponding to the VPN SID.
  17. 根据权利要求16所述的方法,其特征在于,所述方法还包括:The method according to claim 16, further comprising:
    获得第二路由消息,其中,所述第二路由消息包括所述VPN SID、所述前缀地址和所述第二路由消息的下一跳,所述第二路由消息的下一跳为所述第一节点,所述第一路由消息中的VPN SID与所述第二路由消息中的VPN SID相同;Obtaining a second routing message, wherein the second routing message includes the VPN SID, the prefix address, and a next hop of the second routing message, and the next hop of the second routing message is the first A node, the VPN SID in the first routing message is the same as the VPN SID in the second routing message;
    在所述第一自治域通告所述第二路由消息。Notifying the second routing message in the first autonomous domain.
  18. 根据权利要求15至17任一项所述的方法,其特征在于,所述接收第一报文,包括:The method according to any one of claims 15 to 17, wherein the receiving the first message includes:
    通过段路由互联网协议第六版SRv6最小代价BE隧道或者SRv6策略Policy隧道,接收第一报文。The first packet is received through the Segment Routing Internet Protocol Version 6 SRv6 minimum-cost BE tunnel or the SRv6 Policy tunnel.
  19. 根据权利要求15至18任一项所述的方法,其特征在于,发送的第一报文的互联网协议第六版IPv6报文头中的目的地址字段包括所述VPN SID。The method according to any one of claims 15 to 18, wherein the destination address field in the Internet Protocol Version 6 IPv6 packet header of the first packet sent includes the VPN SID.
  20. 一种路由发布的装置,其特征在于,应用于第一自治域的第一节点,所述第一节点为所述第一自治域的边缘路由设备,所述装置包括处理器和存储器,所述存储器用于存储程序代码,所述处理器用于调用所述存储器中的程序代码以使得所述装置执行如权利要求1至5任一项所述的方法。A device for advertising routes, characterized in that it is applied to a first node in a first autonomous domain, the first node is an edge routing device in the first autonomous domain, the device includes a processor and a memory, the The memory is used to store program codes, and the processor is used to call the program codes in the memory to make the device execute the method according to any one of claims 1 to 5.
  21. 一种路由发布的装置,其特征在于,应用于第二自治域的第二节点,所述第二节点为所述第二自治域的边缘路由设备,所述装置包括处理器和存储器,所述存储器用于存储程序代码,所述处理器用于调用所述存储器中的程序代码以使得所述装置执行如权利要求6至8任一项所述的方法。A device for advertising routes, characterized in that it is applied to a second node in a second autonomous domain, the second node is an edge routing device in the second autonomous domain, the device includes a processor and a memory, the The memory is used to store program codes, and the processor is used to call the program codes in the memory so that the device executes the method according to any one of claims 6 to 8.
  22. 一种转发报文的装置,其特征在于,应用于第二自治域的第二节点,所述第二节点为所述第二自治域的边缘路由设备,所述装置包括处理器和存储器,所述存储器用于存储程序代码,所述处理器用于调用所述存储器中的程序代码以使得所述装置执行如权利要求9至14任一项所述的方法。A device for forwarding messages, characterized in that it is applied to a second node in a second autonomous domain, the second node is an edge routing device in the second autonomous domain, the device includes a processor and a memory, and the The memory is used to store program codes, and the processor is used to call the program codes in the memory so that the device executes the method according to any one of claims 9 to 14.
  23. 一种转发报文的装置,其特征在于,应用于第一自治域的第一节点,所述第一节点为所述第一自治域的边缘路由设备,所述装置包括处理器和存储器,所述存储器用于存储程序代码,所述处理器用于调用所述存储器中的程序代码以使得所述装置执行如权利要求15至19任一项所述的方法。A device for forwarding messages, characterized in that it is applied to a first node in a first autonomous domain, the first node is an edge routing device in the first autonomous domain, the device includes a processor and a memory, and the The memory is used for storing program codes, and the processor is used for invoking the program codes in the memory so that the device executes the method according to any one of claims 15 to 19.
  24. 一种路由发布***,其特征在于,所述***包括如权利要求20所述的装置以及如权 利要求21所述的装置。A route publishing system, characterized in that the system comprises the device according to claim 20 and the device according to claim 21.
  25. 一种转发报文***,其特征在于,所述***包括如权利要求22所述的装置以及如权利要求23所述的装置。A message forwarding system, characterized in that the system comprises the device according to claim 22 and the device according to claim 23 .
PCT/CN2022/101251 2021-06-29 2022-06-24 Route publishing method and apparatus, packet forwarding method and apparatus, device, and storage medium WO2023274083A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202110726967.8A CN115550252A (en) 2021-06-29 2021-06-29 Method, device, equipment and storage medium for routing publishing and forwarding message
CN202110726967.8 2021-06-29

Publications (1)

Publication Number Publication Date
WO2023274083A1 true WO2023274083A1 (en) 2023-01-05

Family

ID=84690058

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2022/101251 WO2023274083A1 (en) 2021-06-29 2022-06-24 Route publishing method and apparatus, packet forwarding method and apparatus, device, and storage medium

Country Status (2)

Country Link
CN (1) CN115550252A (en)
WO (1) WO2023274083A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116095000A (en) * 2023-02-13 2023-05-09 烽火通信科技股份有限公司 Route issuing method, device, equipment and readable storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110830352A (en) * 2018-08-07 2020-02-21 中兴通讯股份有限公司 Method and device for realizing VPN cross-domain and boundary node
WO2020083016A1 (en) * 2018-10-23 2020-04-30 华为技术有限公司 Data transmission method and device
CN111901184A (en) * 2019-05-04 2020-11-06 瞻博网络公司 Path monitoring system controller or multiprotocol label switching (PING) and route tracing
CN112511423A (en) * 2020-09-03 2021-03-16 中兴通讯股份有限公司 Message processing method, boundary device and computer readable medium

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110830352A (en) * 2018-08-07 2020-02-21 中兴通讯股份有限公司 Method and device for realizing VPN cross-domain and boundary node
WO2020083016A1 (en) * 2018-10-23 2020-04-30 华为技术有限公司 Data transmission method and device
CN111901184A (en) * 2019-05-04 2020-11-06 瞻博网络公司 Path monitoring system controller or multiprotocol label switching (PING) and route tracing
CN112511423A (en) * 2020-09-03 2021-03-16 中兴通讯股份有限公司 Message processing method, boundary device and computer readable medium

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116095000A (en) * 2023-02-13 2023-05-09 烽火通信科技股份有限公司 Route issuing method, device, equipment and readable storage medium

Also Published As

Publication number Publication date
CN115550252A (en) 2022-12-30

Similar Documents

Publication Publication Date Title
US11936552B2 (en) Method and device for implementing VPN cross-domain, and border node
CN108574639B (en) EVPN message processing method, device and system
CN108574630B (en) EVPN message processing method, device and system
US8467411B1 (en) Service-specific forwarding in an LDP-RSVP hybrid network
US9350646B2 (en) MPLS traffic engineering for point-to-multipoint label switched paths
WO2020134139A1 (en) Service data forwarding method, network device, and network system
US11240063B2 (en) Methods, nodes and computer readable media for tunnel establishment per slice
US11362954B2 (en) Tunneling inter-domain stateless internet protocol multicast packets
US20230300070A1 (en) Packet Sending Method, Device, and System
WO2023045871A1 (en) Packet processing method, network device and system
WO2022012689A1 (en) Route advertisement method and related device
WO2023011149A1 (en) Communication method based on segment routing over internet protocol version 6 (srv6)
WO2023274083A1 (en) Route publishing method and apparatus, packet forwarding method and apparatus, device, and storage medium
WO2022048418A1 (en) Method, device and system for forwarding message
CN114598635A (en) Message transmission method and device
US20230353479A1 (en) Edge Computing Data and Service Discovery Using an Interior Gateway Protocol (IGP)
WO2024007762A1 (en) Route publishing method, and communication method and apparatus
WO2023213216A1 (en) Packet processing method and related device
WO2022116615A1 (en) Message transmission method, method for acquiring correspondence, and apparatus and system
US10924395B2 (en) Seamless multipoint label distribution protocol (mLDP) transport over a bit index explicit replication (BIER) core
WO2023169364A1 (en) Routing generation method and apparatus, and data message forwarding method and apparatus
WO2023159975A1 (en) Network scheduling method, network device, and readable storage medium
WO2022012690A1 (en) Router advertisement method and related device
US20230261963A1 (en) Underlay path discovery for a wide area network
WO2022042610A1 (en) Information processing method, network controller, node and computer-readable storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22831897

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE