CN103634217A - Method for issuing route information, method and device for transmitting massage - Google Patents

Abstract

The invention discloses a method for issuing route information, a method and a device for transmitting a message. The method for issuing the route information comprises the steps of receiving route issuing information issued by a first PE (Provider Edge) by a VPN (Virtual Private Network) server, and selecting a second PE which is used as the VPN mark of a destination end by the VPN; selecting a second VPN mark which is matched with a first VPN mark from VPN marks of the second PE by the VPN server according to the first VPN mark, adding the second VPN mark which is used as the VPN mark of the destination end in VPN topological connection information, and obtaining modified route issuing information; determining VXLAN (Virtual Extension Local Area Network) tunnel encapsulation information that the message is transmitted to the first PE by the second PE by the VPN server according to the first VPN mark and the second VPN mark; sending the VXLAN tunnel encapsulation information and the modified route issuing information to the second PE by the VPN server.

Description

Method for publishing routing information, method and device for transmitting messages

technical field

The invention relates to the field of computer technology, in particular to a method and device for publishing routing information and a method and device for transmitting messages.

Background technique

Existing Virtual Private Network (Virtual Private Network referred to as VPN) usually needs to use Multi Protocol Label Switching (Multi Protocol Label Switch referred to as MPLS) technology, and VPN is a remote access technology that uses public network links to set up a private network, usually through Different autonomous systems (Autonomous System referred to as AS), because the VPN essentially uses encryption technology to encapsulate a data communication tunnel on the public network, so that the security performance can be improved during the process of transmitting messages through the VPN.

However, when the existing VPN is performing route publishing, the issuing end will transmit the routing information of the issuing end to the router connected to the issuing end, and the router will forward the routing information to the next router connected to the router. Routers, and then forward the routing information in sequence, and then complete the routing publishing, resulting in the routing publishing in the prior art needs to carry out routing forwarding one by one, and when routing forwarding between different ASs, it is also necessary to pass the cross- Domain technology is used to realize route forwarding, which leads to more times of route forwarding in the prior art when routing forwarding, and when routing forwarding between different ASs, it is also necessary to implement route forwarding through cross-domain technology, so that route publishing The time is long, and the efficiency of routing advertisement is also low.

Contents of the invention

The embodiments of the present application provide a method and device for publishing routing information and a method and device for transmitting messages, so as to solve the technical problems of long time and low efficiency of route publishing in the prior art.

According to a first aspect of the present invention, a method for publishing routing information is provided, the method comprising: a virtual private network VPN server receiving route publishing information from a first service provider edge device PE, wherein the routing publishing information Including the VPN topology connection information corresponding to the first PE, the VPN topology connection information includes the VPN identifier of the source end, and the VPN identifier of the source end is the first VPN identifier in the first PE; the VPN server selects as The second PE at the destination end; the VPN server selects a second VPN identifier matching the first VPN identifier from the VPN identifiers of the second PE according to the first VPN identifier, and connects in the VPN topology Adding the second VPN ID as the VPN ID of the destination to the information to obtain the modified route advertisement information; and the VPN server determines the second VPN ID according to the first VPN ID and the second VPN ID. The second PE transmits the packet to the VXLAN tunnel encapsulation information of the first PE; the VPN server sends the VXLAN tunnel encapsulation information and the modified route advertisement information to the second PE.

With reference to the first aspect, in a first possible implementation manner, the route advertisement information further includes an IP address of a network interconnection protocol of the user network edge device CE connected to the first PE, and the VPN topology connection information and the IP address of the first PE, and the first VPN identifier corresponds to the CE.

With reference to the first aspect or the first possible implementation manner, in a second possible implementation manner, the VPN server selects a second VPN identifier that matches the first VPN identifier according to the first VPN identifier, It specifically includes: the VPN server selects, according to the first VPN identifier, the second VPN identifier that matches the first VPN identifier from the TAG correspondence in the VPN, where the TAG correspondence includes the The corresponding relationship between the VPN identifier in the first PE and the VPN identifier in the second PE.

With reference to the first aspect or the first possible implementation manner or the second possible implementation manner, in a third possible implementation manner, the VXLAN tunnel encapsulation information includes the VXLAN interface IP address set in the first PE address and the VXLAN interface IP address set in the second PE.

According to the second aspect of the present invention, a method for transmitting a message is provided, the method includes: the first PE receives the message sent from the source CE, and determines the message according to the message sent by the source CE. The target PE of the message transmission is the second PE; the first PE selects the IP address corresponding to the target CE from the received routing advertisement information of the second PE according to the IP address of the target CE in the message. route advertisement information, and select the VXLAN tunnel encapsulation information corresponding to the destination CE from the received VXLAN tunnel encapsulation information of the second PE, wherein the route advertisement information of the second PE and the VXLAN tunnel encapsulation information It is sent to the first PE by the VPN server; the first PE determines that the first PE transmits the message to the VXLAN of the second PE according to the route advertisement information and the VXLAN tunnel encapsulation information. Tunnel: the first PE transmits the packet to the second PE through the VXLAN tunnel.

With reference to the second aspect, in a first possible implementation manner, the first PE determines that the first PE transmits the packet to the second PE according to the route advertisement information and the VXLAN tunnel encapsulation information The VXLAN tunnel specifically includes:

The first PE determines that the first PE will transmit the packet according to the first VPN identifier of the first PE and the second VPN identifier of the second PE in the route advertisement information corresponding to the destination CE. A VPN routing and forwarding table for the second PE;

The first PE determines the IP address of the first PE and the IP address of the second PE according to the VXLAN tunnel encapsulation information corresponding to the destination CE;

The first PE determines, according to the VPN routing forwarding table, the IP address of the first PE, and the IP address of the second PE, the VXLAN tunnel through which the first PE transmits the packet to the second PE .

According to a third aspect of the present invention, a device for publishing routing information is provided, the device comprising:

A receiving unit, configured to receive route advertisement information from the first PE, wherein the route advertisement information includes VPN topology connection information corresponding to the first PE, the VPN topology connection information includes a source VPN identifier, and the source The VPN identifier of the end is the first VPN identifier in the first PE;

a selection unit, configured to select a second PE as a destination;

a route modifying unit, configured to receive the route advertisement information sent by the receiving unit and the second PE sent by the selecting unit, and select from the VPN ID of the second PE according to the first VPN ID Selecting a second VPN identity that matches the first VPN identity, and adding the second VPN identity as the VPN identity of the destination end to the VPN topology connection information, to obtain the modified route release information;

a tunnel selection unit, configured to receive the first VPN identifier and the second VPN identifier sent by the route modification unit, and determine, according to the first VPN identifier and the second VPN identifier, that the second PE will The message is transmitted to the virtual extended local area network VXLAN tunnel encapsulation information of the first PE;

a sending unit, configured to receive the modified route advertisement information sent by the route modification unit and the VXLAN tunnel encapsulation information sent by the tunnel selection unit, and combine the VXLAN tunnel encapsulation information with the modified The route advertisement information is sent to the second PE.

With reference to the third aspect, in a first possible implementation manner, the route advertisement information further includes an IP address of a network interconnection protocol of a user network edge device CE connected to the first PE, and the VPN topology connection information and the IP address of the first PE, and the first VPN identifier corresponds to the CE.

With reference to the third aspect or the first possible implementation manner, in a second possible implementation manner, the route modifying unit includes a VPN identifier determining unit configured to, according to the first VPN identifier, select the Selecting the second VPN identity that matches the first VPN identity from the TAG correspondence, where the TAG correspondence includes a correspondence between the VPN identity in the first PE and the VPN identity in the second PE.

With reference to the third aspect or the first possible implementation manner or the second possible implementation manner, in a third possible implementation manner, the VXLAN tunnel encapsulation information includes the VXLAN interface IP address set in the first PE address and the VXLAN interface IP address set in the second PE.

According to a fourth aspect of the present invention, a VPN server is provided, and the server includes:

A receiver, configured to receive route advertisement information from the first PE, wherein the route advertisement information includes VPN topology connection information corresponding to the first PE, the VPN topology connection information includes a source VPN identifier, and the source The VPN identifier of the end is the first VPN identifier in the first PE;

a processor, configured to select a second PE as the destination end, and select a second VPN ID that matches the first VPN ID from the VPN IDs of the second PE according to the first VPN ID, and Adding the second VPN identity as the VPN identity of the destination end to the VPN topology connection information to obtain the modified route advertisement information; and determining the second VPN identity according to the first VPN identity and the second VPN identity The second PE transmits the message to the virtual extended local area network VXLAN tunnel encapsulation information of the first PE;

A sender, configured to send the VXLAN tunnel encapsulation information and the modified route advertisement information to the second PE.

With reference to the fourth aspect, in a first possible implementation manner, the route advertisement information further includes an IP address of a network interconnection protocol of a user network edge device CE connected to the first PE, and the VPN topology connection information and the IP address of the first PE, and the first VPN identifier corresponds to the CE.

With reference to the fourth aspect or the first possible implementation manner, in a second possible implementation manner, the processor is specifically configured to select from TAG correspondences in the VPN according to the first VPN identifier For the second VPN identifier that matches the first VPN identifier, the TAG correspondence includes a correspondence between the VPN identifier in the first PE and the VPN identifier in the second PE.

With reference to the fourth aspect or the first possible implementation manner or the second possible implementation manner, in a third possible implementation manner, the VXLAN tunnel encapsulation information includes the VXLAN interface IP address set in the first PE address and the VXLAN interface IP address set in the second PE.

According to a fifth aspect of the present invention, a device for transmitting a message is provided, the device comprising:

a receiving unit, configured to receive a message sent from the source CE,

a PE determining unit, configured to receive the message sent by the receiving unit, and determine, according to the message, that the destination PE for the message transmission is the second PE;

A routing selection unit, configured to receive the message sent by the receiving unit, and select the IP address corresponding to the destination CE from the received routing advertisement information of the second PE according to the IP address of the destination CE in the message. route advertisement information of the second PE, wherein the route advertisement information of the second PE is sent to the routing selection unit by the VPN server;

a tunnel information acquiring unit, configured to receive the second PE sent by the PE determining unit, and select the VXLAN tunnel encapsulation information corresponding to the destination CE from the received VXLAN tunnel encapsulation information of the second PE, wherein , the VXLAN tunnel encapsulation information of the second PE is sent to the tunnel selection unit by a VPN server;

a tunnel determination unit, configured to receive the route advertisement information corresponding to the destination CE sent by the routing selection unit and the VXLAN tunnel encapsulation information sent by the tunnel information acquisition unit, Publishing information and the VXLAN tunnel encapsulation information, determining that the first PE transmits the message to the VXLAN tunnel of the second PE;

A message transmission unit, configured to receive the VXLAN tunnel sent by the tunnel determination unit, and transmit the message to the second PE through the VXLAN tunnel.

With reference to the fifth aspect, in a first possible implementation manner, the tunnel determining unit is specifically configured to advertise the first PE's first VPN identifier and the The second VPN identifier of the second PE determines the VPN routing and forwarding table in which the first PE transmits the message to the second PE, and then determines the first PE according to the VXLAN tunnel encapsulation information corresponding to the destination CE. The IP address of the PE and the IP address of the second PE, and according to the VPN routing and forwarding table, the IP address of the first PE, and the IP address of the second PE, determine that the first PE sends the packet transmitted to the VXLAN tunnel of the second PE.

The beneficial effects of the present invention are as follows:

In the embodiment of the present invention, the technical solution of the present application is that the VPN server receives the route announcement information published by the first PE, and selects the second PE that the VPN server selects for message transmission with the first PE, and then according to the The first VPN identifier, selecting a second VPN identifier that matches the first VPN identifier, and adding the second VPN identifier as the VPN identifier of the destination end to the VPN topology connection information to obtain the modified route Publish information, the VPN server sends the VXLAN tunnel encapsulation information and the modified route advertisement information to the second PE, so that the route advertisement information of the first PE only passes through the VPN server It can be directly transmitted to the second PE as the destination PE, so that the route advertisement of the first PE is realized, thereby shortening the route advertisement time and improving the efficiency of route advertisement.

Description of drawings

FIG. 1 is a flow chart of a method for publishing routing information in an embodiment of the present invention;

FIG. 2 is a first structural diagram of routing advertisement performed by a first PE in an embodiment of the present invention;

FIG. 3 is a second structure diagram of the distribution by the first PE in the embodiment of the present invention;

FIG. 4 is a flow chart of routing announcement by the first PE in an embodiment of the present invention;

FIG. 5 is a flowchart of a method for transmitting a message in an embodiment of the present invention;

FIG. 6 is a structural diagram of a device for publishing routing information in an embodiment of the present invention;

FIG. 7 is a structural diagram of a VPN server in an embodiment of the present invention;

FIG. 8 is a structural diagram of a device for transmitting a message in an embodiment of the present invention.

Detailed ways

Aiming at the existing route publishing strategy, there are technical problems that the route publishing time is too long and the working effect of the route publishing is low. In the technical solution proposed by the embodiment of the present invention, firstly, the VPN server receives the route publishing information from the first PE, and selects The VPN server selects a second service provider edge device PE for packet transmission with the first PE, and then selects a second VPN identifier matching the first VPN identifier according to the first VPN identifier, and Add the second VPN identifier as the VPN identifier of the destination end to the VPN topology connection information to obtain the modified route release information, and the VPN server encapsulates the VXLAN tunnel information and the modified route The advertisement information is sent to the second PE, so that the route advertisement information of the first PE can be directly transmitted to the second PE as the destination PE only through the VPN server, thereby realizing the first The routing advertisement of the PE shortens the route advertisement time and improves the efficiency of the route advertisement.

The main realization principles, specific implementation modes and corresponding beneficial effects of the technical solutions of the embodiments of the present invention will be described in detail below in conjunction with each accompanying drawing.

Embodiment one:

Embodiment 1 of the present invention proposes a method for publishing routing information, as shown in Figure 1, the specific processing process of the method is as follows:

Step 101: The virtual private network VPN server receives route announcement information from the first service provider edge device PE, wherein the route announcement information includes VPN topology connection information corresponding to the first PE, and the VPN topology connection information Only including the VPN identification of the source end, the VPN identification of the source end is the first VPN identification in the first PE;

Step 102: The VPN server selects the second PE as the destination;

Step 103: The VPN server selects a second VPN ID that matches the first VPN ID from the VPN IDs of the second PE according to the first VPN ID, and adds Obtaining the modified route advertisement information from the second VPN identity as the VPN identity of the destination end;

Step 104: Determine the virtual extended local area network (VXLAN) tunnel encapsulation information of the second PE to transmit the message to the first PE;

Step 105: The VPN server sends the VXLAN tunnel encapsulation information and the modified route advertisement information to the second PE.

Wherein, in step 101, a virtual private network (Virtual Private Network referred to as VPN) server receives route advertisement information issued by a first service provider edge device (Provider Edge referred to as PE), wherein the route advertisement information includes the first VPN topology connection information corresponding to a PE, where the VPN topology connection information only includes a source-end VPN identifier, and the source-end VPN identifier is the first VPN identifier in the first PE.

Wherein, the VPN server is connected to a plurality of PEs, so that the VPN server can be used to realize routing announcement from one PE to another PE, and a VPN identifier is associated with a VPN routing forwarding table (VPN Routing and Forwarding table (referred to as VRF), and the source end is the first PE, which means that a VPN identifier corresponds to a VRF in the first PE.

In a specific implementation process, the first PE may have one or more VRFs, and a VPN ID corresponds to a VRF, so that the corresponding VRF can be determined through the VPN ID, and the VPN topology connection information corresponding to the first PE It only includes the VPN identification field of the source end and the VPN identification field of the destination end. Since the VPN server receives the route advertisement information of the first PE, the VPN topology connection information of the source end corresponding to the first PE The identification field is the first VPN identification, and the VPN identification field of the destination is empty, so that the VPN topology connection information corresponding to the first PE contains the first VPN identification, but does not include the destination The VPN ID of the endpoint.

Wherein, the VPN topology connection information can be represented by VPN_TOPO_CONNECTOR, the VPN identifier of the source end can be represented by Local VPN TAG (abbreviated as L-TAG), and the VPN identifier of the destination end can be represented by Remote VPN TAG (abbreviated as R-TAG). ) to represent, for example, the VPN topology connection information may be represented in the following manner:

VPN_TOPO_CONNECTOR Attribute:

Local VPN TAG

Remote VPN TAG.

Among them, Local VPN TAG and Remote VPN TAG can be represented by 4 bytes or 8 bytes.

Specifically, the PE is directly connected to the customer edge device (Customer Edge, CE for short), and the CE may be a router or a switch, or a host. When the PE receives the request from the CE , the PE will advertise the route, so that when the VPN server receives the route advertisement information from the first PE, the route advertisement information includes the user network edge equipment CE connected to the first PE IP address, the VPN topology connection information and the IP (Internet Protocol full name protocol for interconnection between networks) address of the first PE, and the first VPN identifier corresponds to the CE.

For example, referring to Figure 2, taking the first PE as PE1 as an example, PE1 is directly connected to CE1, CE2, and CE3 respectively. Assume that CE3 is the 163 server. In order to enable users to find the 163 server, CE3 will request PE1 to advertise the route. , so that the VPN server receives the route advertisement information of PE1, wherein the route advertisement information includes the IP address of CE3, the VPN topology connection information corresponding to PE1 and the IP address of PE1.

Among them, PE1 has VRF1, VRF2 and VRF3, and the VPN ID corresponding to VRF1 in PE1 is TAG1, the VPN ID corresponding to VRF2 is TAG2, and the VPN ID corresponding to VRF3 is TAG3, and each TAG corresponds to one or more CE.

For example, TAG1 corresponds to CE3. TAG1 can also correspond to CE1 and CE2, and TAG1 can also correspond to CE1, CE2, and CE3. For example, when TAG1 corresponds to CE3, if CE3 requests PE1 to advertise routes, PE1 can be determined. The VPN topology connection information of the local VPN TAG is TAG1, and the Remote VPN TAG is empty and R-RULL is used to indicate that the IP address of CE3 is the private network IP address, for example, 192.168.1.102, and the IP address of PE1 is the public network IP address , for example, when it is 4.4.4.4, the route advertisement information of PE1 is:

VPN_TOPO_CONNECTOR:

Local VPN TAG: TAG1;

Remote VPN TAG: NULL;

NLRI (Network Layer Reachability Information): 192.168.1.102;

NHP (Next Hop Prefix next hop public network address): 4.4.4.4;

Then encapsulate it into a Border Gateway Protocol (BGP for short) message and publish it.

Among them, VPN_TOPO_CONNECTOR is specifically: Local VPN TAG: TAG1; Remote VPNTAG: NULL; it can also be represented by VPNATR (L-TAG1, R-RULL).

Of course, when TAG2 corresponds to CE3, if CE3 requests PE1 to advertise routes, it can be determined that the VPN topology connection information of PE1 is VPNATR (L-TAG2, R-RULL).

Next, step 102 is executed. In this step, the VPN server selects the second PE as the destination end.

In a specific implementation process, the VPN server is configured with other PEs for VPN communication with the first PE, and configured with tunnel encapsulation information between the first PE and the other PEs, so that the VPN The server selects the second PE as the destination according to the IP address of the first PE in the route advertisement information, or selects the second PE according to the first VPN identifier in the route advertisement information. PE is the destination end.

For example, as shown in Figure 2, since packets can be transmitted between PE1 and PE2 through the VPN, the VPN server will associate PE2 with PE1, so that when the VPN server receives the route advertisement information sent by PE1, it will IP address of PE1 and select PE2 as the destination.

For another example, as shown in Figure 3, PE1 and PE3 can also transmit VPN packets. When the VPN server associates PE2 with PE1, it also associates PE3 with PE1, so that the VPN server receives the route sent by PE1. When publishing information, according to the IP address of PE1 in the route publishing information, it can be determined whether the second PE that performs packet transmission with PE1 is PE2 or PE3.

For another example, referring to FIG. 2 , PE2 has VRF4 and VRF5, the VPN ID corresponding to VRF4 is TAG4, the VPN ID corresponding to VRF5 is TAG5, and TAG4 corresponds to TAG1, the VRF from PE2 to PE1 can be determined through VRF4 and VRF1, And TAG5 corresponds to TAG2, and the VRF from PE2 to PE1 can also be determined through VRF5 and VRF2. In this way, the VPN server associates PE1 with PE2, TAG5 corresponds to TAG2, and TAG4 corresponds to TAG1. Due to the routing announcement of PE1 The VPN identifier in the information is TAG1, and since TAG1 in the VPN server corresponds to TAG4, and TAG4 belongs to PE2, it can be determined that the second PE is PE2.

Next, step 103 is executed. In this step, the VPN server selects a second VPN identifier matching the first VPN identifier from the VPN identifiers of the second PE according to the first VPN identifier, and Adding the second VPN identifier as the VPN identifier of the destination end to the VPN topology connection information to obtain the modified route advertisement information.

In a specific implementation process, during the process of configuring the first PE and the other PEs, the VPN server also configures the corresponding relationship between the VPN identifier of the first PE and the VPN identifiers of the other PEs, so as to obtain And save the TAG correspondence between the first PE and the other PEs, so that the VPN server can select the TAG correspondence with the first VPN from the TAG correspondence in the VPN according to the first VPN A VPN identifier matches the second VPN identifier, and the TAG correspondence includes a correspondence between the VPN identifier in the first PE and the VPN identifier in the second PE.

For example, referring to Figure 3, PE2 has VRF4 and VRF5, the VPN ID corresponding to VRF4 is TAG4, the VPN ID corresponding to VRF5 is TAG5, and TAG4 corresponds to TAG1, the VRF from PE2 to PE1 can be determined through VRF4 and VRF1, and TAG5 corresponds to TAG2, and the VRF from PE2 to PE1 can also be determined through VRF5 and VRF2. In this way, the VPN server associates PE1 with PE2, TAG5 corresponds to TAG2, and TAG4 corresponds to TAG1. Specifically, it can be expressed as: { vPE1:TAG1, vPE2:TAG4}, {vPE1:TAG2, vPE2:TAG5}.

Among them, PE3 has VRF6 and VRF7, the VPN ID corresponding to VRF6 is TAG6, the VPN ID corresponding to VRF7 is TAG7, and TAG6 corresponds to TAG2, the VRF from PE3 to PE1 can be determined through VRF6 and VRF2, and the relationship between TAG7 and TAG3 Correspondingly, the VRF from PE3 to PE1 can also be determined through VRF7 and VRF3. In this way, PE1 and PE3 are associated in the VPN server, TAG6 corresponds to TAG2, and TAG7 corresponds to TAG3. Specifically, it can be expressed as: {vPE1:TAG2 , vPE3:TAG6}, {vPE1:TAG3, vPE3:TAG7}.

Furthermore, since CE3 requests PE1 to advertise routes, the VRF selected is VRF1, resulting in PE1's route advertisement information as {NLRI:192.168.1.102, VPNATR (L-TAG1, R-RULL), NHP:4.4.4.4}, which , since the first TAG is TAG1, according to the configuration in the VPN server {vPE1:TAG1, vPE2:TAG4}, {vPE1:TAG2, vPE2:TAG5}, {vPE1:TAG2, vPE3:TAG6} and {vPE1: TAG3, vPE3:TAG7}, it can be determined that the second TAG is TAG4, and the VPNATR (L-TAG1, R-RULL) is changed to VPNATR (L-TAG1, R-TAG4).

Next, step 104 is executed, in which step, the VPN server determines that the second PE transmits the packet to the virtual extended local area network of the first PE according to the first VPN identifier and the second VPN identifier VXLAN tunnel encapsulation information.

In a specific implementation process, since the VPN server is configured with tunnel encapsulation information between the first PE and the other PEs, it can determine the second VPN ID according to the first VPN ID and the second VPN ID. The PE transmits the packet to the VXLAN tunnel encapsulation information of the first PE.

Wherein, the VXLAN tunnel encapsulation information includes the VXLAN interface IP address set in the first PE and the VXLAN interface IP address set in the second PE, so that the entry of the message points to the VXLAN interface in the second PE Interface IP address, the egress of the message points to the VXLAN interface IP address in the first PE, so that the message is transmitted through the VXLAN tunnel between the first PE and the second PE.

Specifically, when the VPN server configures tunnel encapsulation information between the first PE and the other PEs, it can be configured as a virtual network instance (Virtual Network Instance, vni for short), and the tunnel can be determined according to the vni. Packaging information.

For example, as shown in Figure 2, the VPN server is configured with {vPE1:TAG1, vPE2:TAG4} and its corresponding vni is vni1. The IP address corresponding to TAG1 in the extended local area network (Virtual Extensible Local Area Network referred to as VXLAN), the vxlanif corresponding to TAG4, and the IP address corresponding to TAG4 in VXLAN,

Specifically, it can be expressed in the following way:

vxlan vni1

vPE1 (PE1)

interface vxlanif1

ip address uip1

vPE2 (PE2)

interface vxlanif4

ip address uip4

Among them, vxlanif1 represents vxlanif corresponding to TAG1, vxlanif4 represents vxlanif corresponding to TAG4, further, uip is the abbreviation of Underlying network IP, uip1 represents the IP address corresponding to TAG1 in VXLAN, uip4 represents the IP address corresponding to TAG4 in VXLAN IP address.

Similarly, the VPN server is configured with {vPE1:TAG2, vPE2:TAG5} and its corresponding vni is vni2, which can be expressed in the following way:

vxlan vni2

vPE1 (PE1)

interface vxlanif2

ip address uip2

vPE2 (PE2)

interface vxlanif5

ip address uip5

The second VPN identifier determined by the VPN server according to the request of CE3 is TAG4, and according to TAG1 and TAG4, it is determined that the vni matching TAG1 and TAG4 is vni1, then it can be determined that the tunnel encapsulation information of the VXLAN is:

vxlan vni1

vPE1 (PE1)

interface vxlanif1

ip address uip1

vPE2 (PE2)

interface vxlanif4

ip address uip4.

Next, step 105 is executed. In this step, the VPN server sends the VXLAN tunnel encapsulation information and the modified route advertisement information to the second PE.

In the specific implementation process, the VXLAN tunnel encapsulation information and the modified route advertisement information are sent to the second PE, so that the second PE finds the R-VPN according to the R-VPN identifier. The VRF corresponding to the VPN identifier, and then according to the VXLAN tunnel encapsulation information, generate a VXLAN tunnel for the message from the second PE to the first PE, and then pass the message received by the second PE through the VXLAN Tunnel transmission to the first PE.

For example, referring to Figure 4, when the private network IP address of CE3 is 192.168.1.102, and PE1 is requested to advertise routes, PE1 generates route advertisement information, and the route advertisement information is: {NLRI:192.168.1.102, VPNATR:( L_TAG1, NULL), NHP:4.4.4.4}, at this time, execute step 401, PE1 advertises the route to the VPN server, and encapsulates {NLRI:192.168.1.102, VPNATR:(L_TAG1, NULL), NHP:4.4.4.4} into BGP message 1, the BGP message 1 is referred to as BGP1.

Next, step 402 is executed, PE1 sends BGP1, so that the VPN server receives BGP1.

Next, step 403 is executed, the VPN server receives the BGP1 issued by PE1, and according to the configuration in the VPN server, obtains the modified route advertisement information and VXLAN tunnel information as: {NLRI:192.168.1.102, VPN ATR:(L_TAG1, R_TAG4), VXLAN ATR: (vni1, uip1, uip4), NHP: 4.4.4.4}, and {NLRI: 192.168.1.102, VPN ATR: (L_TAG1, R_TAG4), VXLAN ATR: (vni1, uip1, uip4), NHP: 4.4. 4.4} encapsulated into BGP message 2, and the BGP message 2 is referred to as BGP2.

Next, step 404 is executed, the VPN server sends BGP2 to PE2, so that PE2 receives BGP2.

Next step 405 is executed, PE2 receives the BGP2 sent by the VPN server, matches the corresponding local VRF according to the R-TAG tag, finds vxlanif1 and vxlanif4 according to the carried uip4 address and uip1, and imports the packet into vxlanif1, and sends the packet The egress point to vxlanif4, and generate a vxlan tunnel table associated with PEI and PE2, and then form a vxlan tunnel, so that PE2 receives the message sent by the CE connected to PE2 and transmits it to PE1 through the vxlan tunnel.

Referring to Figure 3, when PE1 advertises routes in the prior art, the route advertisement information of PE1 is first published to AS1 and AS3, AS1 sends the route advertisement information of PE1 to router A1, and router A1 then publishes the route advertisement information of PE1 Then send it to router A2, router A2 sends the route advertisement information of PE1 to AS2, then AS2 sends the route advertisement information of PE1 to PE2, and AS3 sends the route advertisement information of PE1 to router A3, router A3 sends The route advertisement information of PE1 is sent to router A4, router A4 sends the route advertisement information of PE1 to AS4, and then AS4 sends the route advertisement information of PE1 to PE3, when both PE2 and PE3 receive the route advertisement information of PE1 , so that PE1 completes route advertisement.

Among them, AS is the abbreviation of Autonomous System, and the Chinese name is autonomous system.

In the embodiment of this application, the route advertisement information of PE1 is directly transmitted to the VPN server, and the VPN server determines that the destination PE is PE2 according to the route advertisement information of PE1, adds the TAG of the destination end, and obtains the revised route advertisement information of PE1, and according to the route advertisement information of PE1 TAG matching the TAG of PE2, determine the VXLAN tunnel encapsulation information, send the modified PE1 route announcement information and the VXLAN tunnel encapsulation information to PE2, and then complete the route announcement of PE1, while the route announcement in the prior art requires one by one For routing and forwarding, and when routing and forwarding between different ASs, it is necessary to implement routing and forwarding through cross-domain technology. When performing routing forwarding between users, it is also necessary to implement routing forwarding through cross-domain technology, which makes the time for routing release longer and the efficiency of routing release is also low. However, this application allows this application to complete routing only through the VPN server. Publishing, the route publishing is completed only through one route forwarding, and there is no need to implement route forwarding through cross-domain technology, which can shorten the time of route publishing and improve the efficiency of route publishing.

Embodiment two:

Based on the same technical concept as the above method, Embodiment 2 of the present invention proposes a method for transmitting messages, as shown in FIG. 5 , the specific processing process of the method is as follows:

Step 501: the first PE receives the message sent from the source CE, and determines that the destination PE for the message transmission is the second PE according to the message sent by the source CE;

Step 502: The first PE selects the route advertisement information corresponding to the destination CE from the received route advertisement information of the second PE according to the IP address of the destination CE in the message, and receives Select the VXLAN tunnel encapsulation information corresponding to the destination CE from the received VXLAN tunnel encapsulation information of the second PE, wherein the route advertisement information and VXLAN tunnel encapsulation information of the second PE are sent to the the first PE;

Step 503: The first PE determines the VXLAN tunnel through which the first PE transmits the message to the second PE according to the route advertisement information and the VXLAN tunnel encapsulation information corresponding to the destination CE;

Step 504: The first PE transmits the packet to the second PE through the VXLAN tunnel.

Wherein, in step 501, the first PE receives the message sent from the source CE, and according to the message sent by the source CE, determines that the destination PE for the message transmission is the second PE, wherein the The source CE is connected to the first PE.

In the specific implementation process, first, the first PE will receive the route advertisement information and the VXLAN tunnel encapsulation information sent by the VPN server. When the first PE receives the message sent by the source CE, due to the If there is an IP address of the destination CE in the message, the second PE directly connected to the destination CE may be determined from the received route advertisement information sent by the VPN server according to the IP address of the destination CE, and the The second PE is the target PE.

For example, referring to FIG. 2, taking PE2 as the first PE as an example, PE2 will first receive the route advertisement information and tunnel encapsulation information of PE1 sent by the VPN server, and the route advertisement information and tunnel encapsulation information of PE1 may include CE1 , the route advertisement information corresponding to CE2 and CE3 and the corresponding tunnel encapsulation information, and then when PE2 receives the packet sent by the source CE, it can obtain the IP address of the destination CE in the packet, if the destination The IP of CE is the IP address of CE3, and according to the received route advertisement information of PE1, it can be determined that the destination PE is PE1.

Next, step 502 is executed. In this step, the first PE selects an IP address corresponding to the destination CE from the received route advertisement information of the second PE according to the IP address of the destination CE in the message. route advertisement information, and select the VXLAN tunnel encapsulation information corresponding to the destination CE from the received VXLAN tunnel encapsulation information of the second PE, wherein the route advertisement information of the second PE and the VXLAN tunnel encapsulation information is sent to the first PE by the VPN server.

In the specific implementation process, because the second PE will write the IP address of the CE requesting the second PE to advertise the route into the route advertisement information of the second PE when advertising the route, so that the After the first PE determines the second PE through step 501, it can select the route advertisement information and VXLAN tunnel encapsulation information corresponding to the destination CE from the route advertisement information and VXLAN tunnel encapsulation information of the second PE.

For example, referring to FIG. 2, taking PE2 as the first PE as an example, after CE3 requests the route advertisement information performed by PE1, PE2 receives the route advertisement information and VXLAN tunnel information sent by the VPN server including: {NLRI:192.168. 1.102, VPN ATR: (L_TAG1, R_TAG4), VXLANATR: (vni1, uip1, uip4), NHP: 4.4.4.4}, and if the IP address of CE2 is 192.168.1.95, and after requesting the routing advertisement information carried out by PE1, Make PE2 receive the route advertisement information and VXLAN tunnel information sent by the VPN server, including: {NLRI:192.168.1.95, VPN ATR:(L_TAG2, R_TAG5), VXLAN ATR:(vni2, uip2, uip5), NHP:4.4.4.4} .

Wherein, when PE2 receives the packet of the source CE, if the IP address of the destination CE of the packet is 192.168.1.102, it can be determined that the second PE is PE1 and the destination CE is CE3, and then from PE2 receives the route advertisement information and VXLAN tunnel information of PE1 sent by the VPN server and determines that the route advertisement information and VXLAN tunnel information corresponding to CE3 are {NLRI:192.168.1.102, VPNATR:(L_TAG1, R_TAG4), VXLAN ATR:(vni1 , uip1, uip4), NHP:4.4.4.4}.

Next, step 503 is executed. In this step, the first PE determines the time at which the first PE transmits the message to the second PE according to the route advertisement information and the VXLAN tunnel encapsulation information corresponding to the destination CE. VXLAN tunnel.

In the specific implementation process, the first PE finds the VRF corresponding to the R-VPN identifier according to the R-VPN identifier in the route advertisement information corresponding to the destination CE, and then encapsulates the information according to the VXLAN tunnel , determine that the first PE transmits the packet to the VXLAN tunnel of the second PE, and then transmit the packet received by the first PE to the second PE through the VXLAN tunnel.

Specifically, the first PE determines, according to the first VPN identifier of the first PE and the second VPN identifier of the second PE in the route advertisement information corresponding to the destination CE, that the first PE transmit the message to the VPN routing forwarding table of the second PE; the first PE determines the IP address of the first PE and the IP address of the second PE according to the VXLAN tunnel encapsulation information corresponding to the destination CE; IP address: the first PE determines that the first PE transmits the message to the second PE according to the VPN routing and forwarding table, the IP address of the first PE, and the IP address of the second PE VXLAN tunnel.

For example, referring to FIG. 2, PE2 receives a message from CE, and the IP address of the destination CE of the message is 192.168.1.102, then it can be determined that the second PE is PE1 and the destination CE is CE3, and then from PE2 After receiving the routing advertisement information and VXLAN tunnel information of PE1 sent by the VPN server, it is determined that the routing advertisement information and VXLAN tunnel information corresponding to CE3 are {NLRI:192.168.1.102, VPN ATR: (L_TAG1, R_TAG4), VXLAN ATR: (vni1 , uip1, uip4), NHP:4.4.4.4}, according to R-TAG4, determine the VRF4 corresponding to TAG4 from the VRF in PE2, and according to the VRF1 corresponding to TAG1, according to VRF4 and VRF1, you can determine the VRF from PE2 to PE1 , and then according to the uip4 address and uip1 carried in the VXLAN tunnel information, find vxlanif1 and vxlanif4, point the ingress vxlanif1 of the packet, point the egress of the packet to vxlanif4, and then generate the VXLAN tunnel table associated with PEI and PE2, and then obtain the VXLAN tunnel , so that PE2 receives the packet sent by the source CE and transmits it to PE1 through the VXLAN tunnel.

Next, step 504 is executed, and in this step, the first PE transmits the packet to the second PE through the VXLAN tunnel.

In the specific implementation process, after the VXLAN tunnel is obtained in step 503, the first PE transmits the received message of the source CE to the second PE through the VXLAN tunnel, so that The second PE transmits the packet to the destination CE according to the destination IP address in the packet.

For example, as shown in Figure 2, when PE2 receives a packet sent by CE and transmits it to PE1 through the VXLAN tunnel, PE1 will remove the encapsulation information with the VXLAN tunnel, and read the destination IP address in the packet as 192.168.1.102 , PE1 finds that the CE corresponding to 192.168.1.102 is CE3 according to the destination IP address, and then transmits the packet to CE3.

Because in the prior art, MPLS technology is usually used to implement VPN construction, referred to as MPLS/VPN, but the existing MPLS/VPN needs to deploy Label Distribution Protocol (Label Distribution Protocol referred to as LDP) as a tunnel, and then deploy BGP multi-protocol Extensions (MultiprotocolExtensions for BGP MP-BGP for short) propagate VPN routes and carry out distributed configuration. Every time a PE/VPN is added, the configuration of other PEs needs to be adjusted. Since MPLS/VPN needs to pass through different ASs, it is necessary to deploy various In addition, if VPN service is added in a new area, MPLS needs to be deployed on the network to ensure MPLS connectivity, which leads to poor performance of VPN service expansion in the existing technology and requires technical problems of cross-domain configuration.

In the embodiment of the present application, on the basis of routing forwarding by the VPN server, after receiving the routing advertisement information and VXLAN tunnel information of the VPN server, the source PE can obtain the VXLAN tunnel according to the routing advertisement information and VXLAN tunnel information of the VPN server. And the message is transmitted to the destination PE through the VXLAN tunnel, so that no cross-domain configuration is required, and when adding VPN services in a new area, it is only necessary to configure the newly added PE with other PEs, instead of deploying on the network MPLS improves the expansion performance of VPN services and makes the provisioning and maintenance of VPN services more convenient.

Embodiment three:

Based on the same technical concept as the above method, Embodiment 3 of the present invention proposes a device for distributing routing information, see Figure 6, the device includes:

The receiving unit 601 is configured to receive route advertisement information from the first PE, wherein the route advertisement information includes VPN topology connection information corresponding to the first PE, and the VPN topology connection information includes a VPN identifier of the source end, the The VPN identifier of the source end is the first VPN identifier in the first PE;

a selection unit 602, configured to select a second PE as a destination;

The route modifying unit 603 is configured to receive the route advertisement information sent by the receiving unit 601 and the second PE sent by the selecting unit 602, and select from the VPN ID of the second PE according to the first VPN ID. A second VPN identifier that matches the first VPN identifier, and adding the second VPN identifier as the VPN identifier of the destination end to the VPN topology connection information to obtain the modified route release information;

The tunnel selection unit 604 is configured to receive the first VPN identifier and the second VPN identifier sent by the route modification unit 603, and determine, according to the first VPN identifier and the second VPN identifier, that the second PE will The message is transmitted to the virtual extended local area network VXLAN tunnel encapsulation information of the first PE;

The sending unit 605 is configured to receive the modified route advertisement information sent by the route modification unit 603 and the VXLAN tunnel encapsulation information sent by the tunnel selection unit, and combine the VXLAN tunnel encapsulation information and the modified The route advertisement information is sent to the second PE.

Wherein, the device for distributing routing information is connected to multiple PEs, so that the distributing of routes from one PE to another PE can be realized through the device, and a VPN identifier corresponds to a VRF in the source end, and the The source end is the first PE, which means that a VPN identifier corresponds to a VRF in the first PE.

In a specific implementation process, the first PE may have one or more VRFs, and a VPN ID corresponds to a VRF, so that the corresponding VRF can be determined through the VPN ID, and the VPN topology connection information corresponding to the first PE It only includes the VPN identification field of the source end and the VPN identification field of the destination end. Since the VPN server receives the route advertisement information of the first PE, the VPN topology connection information of the source end corresponding to the first PE The identification field is the first VPN identification, and the VPN identification field of the destination is empty, so that the VPN topology connection information corresponding to the first PE contains the first VPN identification, but does not include the destination The VPN ID of the endpoint.

Specifically, the route advertisement information also includes the IP address of the CE connected to the first PE, the VPN topology connection information and the IP address of the first PE, and the first VPN identifier and the CE correspond.

For example, referring to Figure 2, taking the first PE as PE1 as an example, PE1 is directly connected to CE1, CE2, and CE3 respectively. Assume that CE3 is the 163 server. In order to enable users to find the 163 server, CE3 will request PE1 to advertise the route. , so that the VPN server receives the route advertisement information of PE1, wherein the route advertisement information includes the IP address of CE3, and the VPN topology connection information corresponding to PE1 and the IP address of PE1 are, for example, 159.226.1.1.

Preferably, the route modifying unit 603 includes a VPN identifier determining unit 606, configured to select the second VPN that matches the first VPN identifier from the TAG correspondence in the VPN according to the first VPN identifier. The TAG correspondence includes the correspondence between the VPN identifier in the first PE and the VPN identifier in the second PE.

Specifically, during the process of configuring the first PE and the other PEs, the device for publishing routing information also configures the corresponding relationship between the VPN ID of the first PE and the VPN IDs of the other PEs, so as to obtain And store the TAG correspondence between the first PE and the other PEs, so that the VPN server can select the TAG correspondence between the VPN according to the first VPN identifier and the first PE The second VPN identifier matched by a VPN identifier, the TAG correspondence includes the correspondence between the VPN identifier in the first PE and the VPN identifier in the second PE, wherein the TAG represents the meaning of the identifier .

For example, referring to Figure 3, PE2 has VRF4 and VRF5, the VPN ID corresponding to VRF4 is TAG4, the VPN ID corresponding to VRF5 is TAG5, and TAG4 corresponds to TAG1, the VRF from PE2 to PE1 can be determined through VRF4 and VRF1, and TAG5 corresponds to TAG2, and the VRF from PE2 to PE1 can also be determined through VRF5 and VRF2. In this way, the VPN server associates PE1 with PE2, TAG5 corresponds to TAG2, and TAG4 corresponds to TAG1. Specifically, it can be expressed as: { vPE1:TAG1, vPE2:TAG4}, {vPE1:TAG2, vPE2:TAG5}.

Specifically, since the tunnel encapsulation information of the first PE and the other PEs is configured in the device for publishing routing information, the tunnel selection unit 604 can , to determine the VXLAN tunnel encapsulation information for the second PE to transmit the packet to the first PE.

Preferably, the VXLAN tunnel encapsulation information includes the VXLAN interface IP address set in the first PE and the VXLAN interface IP address set in the second PE.

Preferably, the sending unit 605 sends the VXLAN tunnel encapsulation information and the modified route advertisement information to the second PE, so that the second PE finds the -The VRF corresponding to the VPN identifier, and then according to the VXLAN tunnel encapsulation information, generate a VXLAN tunnel for packets from the second PE to the first PE, and then pass the packets received by the second PE through the The VXLAN tunnel is transmitted to the first PE.

In the embodiment of this application, the route advertisement information of PE1 is directly transmitted to the VPN server, and the VPN server determines that the destination PE is PE2 according to the route advertisement information of PE1, adds the TAG of the destination end, and obtains the revised route advertisement information of PE1, and according to the route advertisement information of PE1 TAG matching the TAG of PE2, determine the VXLAN tunnel encapsulation information, send the modified PE1 route announcement information and the VXLAN tunnel encapsulation information to PE2, and then complete the route announcement of PE1, while the route announcement in the prior art requires one by one For routing and forwarding, and when routing and forwarding between different ASs, it is necessary to implement routing and forwarding through cross-domain technology. When performing routing forwarding between users, it is also necessary to implement routing forwarding through cross-domain technology, which makes the time for routing release longer and the efficiency of routing release is also low. However, this application allows this application to complete routing only through the VPN server. Publishing, the route publishing is completed only through one route forwarding, and there is no need to implement route forwarding through cross-domain technology, which can shorten the time of route publishing and improve the efficiency of route publishing.

Embodiment four:

Based on the same technical concept as the above method, Embodiment 4 of the present invention proposes a VPN server, see FIG. 7, the server includes:

The receiver 701 is configured to receive route advertisement information from the first PE, wherein the route advertisement information includes VPN topology connection information corresponding to the first PE, and the VPN topology connection information includes a VPN identifier of a source end, the The VPN identifier of the source end is the first VPN identifier in the first PE;

The processor 702 is configured to select a second PE as the destination end, and select a second VPN ID matching the first VPN ID from the VPN IDs of the second PE according to the first VPN ID, and Adding the second VPN ID as the VPN ID of the destination end to the VPN topology connection information to obtain the modified routing information; and determining the VPN ID according to the first VPN ID and the second VPN ID. The second PE transmits the message to the virtual extended local area network VXLAN tunnel encapsulation information of the first PE;

The sender 703 is configured to send the VXLAN tunnel encapsulation information and the modified route advertisement information to the second PE.

Wherein, the receiver 701 is, for example, an electronic device such as a wireless antenna, a wifi module, etc. Further, the processor 702 is, for example, an electronic device such as a separate processing chip or a single-chip microcomputer, and further, the transmitter 703 is, for example, an electronic device such as a wireless antenna.

Specifically, the VPN server is connected to a plurality of PEs, so that the VPN server can implement routing advertisement from one PE to another PE, and a VPN identifier is associated with a VPN routing forwarding table (VPN Routing and Forwarding table (VRF for short), and the source end is the first PE, which means that a VPN identifier corresponds to a VRF in the first PE.

Preferably, the first PE may have one or more VRFs, and a VPN ID corresponds to a VRF, so that the corresponding VRF can be determined through the VPN ID, and the VPN topology connection information corresponding to the first PE only includes The VPN identification field of the source end and the VPN identification field of the destination end, since the VPN server receives the routing advertisement information of the first PE, the VPN identification field of the source end in the VPN topology connection information corresponding to the first PE is the first VPN ID, and the VPN ID field of the destination is empty, so that the VPN topology connection information corresponding to the first PE contains the first VPN ID, but does not include the VPN ID of the destination logo.

Preferably, the route advertisement information also includes the IP address of the CE connected to the first PE, the VPN topology connection information and the IP address of the first PE, and the first VPN identifier is related to the CE correspondence.

For example, referring to Figure 2, taking the first PE as PE1 as an example, PE1 is directly connected to CE1, CE2, and CE3 respectively. Assume that CE3 is the 163 server. In order to enable users to find the 163 server, CE3 will request PE1 to advertise the route. , so that the VPN server receives the route advertisement information of PE1, wherein the route advertisement information includes the IP address of CE3, and the VPN topology connection information corresponding to PE1 and the IP address of PE1 are, for example, 159.226.1.1.

Preferably, the processor 702 is specifically configured to, according to the first VPN identifier, select the second VPN identifier that matches the first VPN identifier from the TAG correspondence in the VPN, and the TAG corresponds to The relationship includes a correspondence relationship between the VPN identifier in the first PE and the VPN identifier in the second PE.

Specifically, during the process of configuring the first PE and the other PEs, the VPN server also configures the correspondence between the VPN identifier of the first PE and the VPN identifiers of the other PEs, so as to obtain and save the The TAG correspondence between the first PE and the other PEs, so that the VPN server can select the TAG correspondence with the first VPN identifier from the TAG correspondence in the VPN according to the first VPN identifier For the matched second VPN ID, the TAG correspondence includes the correspondence between the VPN ID in the first PE and the VPN ID in the second PE, where the TAG means ID.

For example, referring to Figure 3, PE2 has VRF4 and VRF5, the VPN ID corresponding to VRF4 is TAG4, the VPN ID corresponding to VRF5 is TAG5, and TAG4 corresponds to TAG1, the VRF from PE2 to PE1 can be determined through VRF4 and VRF1, and TAG5 corresponds to TAG2, and the VRF from PE2 to PE1 can also be determined through VRF5 and VRF2. In this way, the VPN server associates PE1 with PE2, TAG5 corresponds to TAG2, and TAG4 corresponds to TAG1. Specifically, it can be expressed as: { vPE1:TAG1, vPE2:TAG4}, {vPE1:TAG2, vPE2:TAG5}.

Specifically, since the device for publishing routing information is configured with tunnel encapsulation information between the first PE and the other PEs, the processor 702 can, according to the first VPN identifier and the second VPN identifier, Determine the VXLAN tunnel encapsulation information for the second PE to transmit the packet to the first PE.

Preferably, the VXLAN tunnel encapsulation information includes the VXLAN interface IP address set in the first PE and the VXLAN interface IP address set in the second PE.

Preferably, the sender 703 is specifically configured to send the VXLAN tunnel encapsulation information and the modified route advertisement information to the second PE, so that the second PE finds the The VRF corresponding to the R-VPN identifier generates a VXLAN tunnel for packets from the second PE to the first PE according to the VXLAN tunnel encapsulation information, and then transmits the packet received by the second PE The text is transmitted to the first PE through the VXLAN tunnel.

In the embodiment of this application, the route advertisement information of PE1 is directly transmitted to the VPN server, and the VPN server determines that the destination PE is PE2 according to the route advertisement information of PE1, adds the TAG of the destination end, and obtains the revised route advertisement information of PE1, and according to the route advertisement information of PE1 TAG matching the TAG of PE2, determine the VXLAN tunnel encapsulation information, send the modified PE1 route announcement information and the VXLAN tunnel encapsulation information to PE2, and then complete the route announcement of PE1, while the route announcement in the prior art requires one by one For routing and forwarding, and when routing and forwarding between different ASs, it is necessary to implement routing and forwarding through cross-domain technology. When performing routing forwarding between users, it is also necessary to implement routing forwarding through cross-domain technology, which makes the time for routing release longer and the efficiency of routing release is also low. However, this application allows this application to complete routing only through the VPN server. Publishing, the route publishing is completed only through one route forwarding, and there is no need to implement route forwarding through cross-domain technology, which can shorten the time of route publishing and improve the efficiency of route publishing.

Embodiment five:

Based on the same technical concept as the above method, Embodiment 5 of the present invention proposes a device for transmitting messages, as shown in Figure 8, the device includes:

A receiving unit 801, configured to receive a message sent from a source CE,

The PE determining unit 802 is configured to receive the message sent by the receiving unit 801, and determine, according to the message, that the destination PE for the message transmission is the second PE;

The routing selection unit 803 is configured to receive the packet sent by the receiving unit 801, and select the IP address corresponding to the destination CE from the received routing advertisement information of the second PE according to the IP address of the destination CE in the packet. route advertisement information of the second PE, wherein the route advertisement information of the second PE is sent to the route selection unit 803 by the VPN server;

The tunnel information acquiring unit 804 is configured to receive the second PE sent by the PE determining unit 802, and select the VXLAN tunnel encapsulation information corresponding to the destination CE from the received VXLAN tunnel encapsulation information of the second PE, wherein , the VXLAN tunnel encapsulation information of the second PE is sent to the tunnel selection unit 804 by the VPN server;

The tunnel determination unit 805 is configured to receive the route announcement information corresponding to the destination CE sent by the routing selection unit 803 and the VXLAN tunnel encapsulation information sent by the tunnel information acquisition unit 804, and publish the information according to the route corresponding to the destination CE. information and the VXLAN tunnel encapsulation information, to determine that the first PE transmits the message to the VXLAN tunnel of the second PE;

The packet transmission unit 806 is configured to receive the VXLAN tunnel sent by the tunnel determination unit 805, and transmit the packet to the second PE through the VXLAN tunnel.

Specifically, first, the device for transmitting the message will receive the route advertisement information and the VXLAN tunnel encapsulation information sent by the VPN server. When the receiving unit 801 in the device receives the message sent by the source CE, due to The packet has the IP address of the destination CE, so that the PE determining unit 802 can determine the IP address of the destination CE and the received route advertisement information sent by the VPN server to determine the IP address of the destination CE directly connected to the destination CE. A second PE, where the second PE is the target PE.

For example, referring to FIG. 2, taking PE2 as the first PE as an example, PE2 will first receive the route advertisement information and tunnel encapsulation information of PE1 sent by the VPN server, and the route advertisement information and tunnel encapsulation information of PE1 may include CE1 , the route advertisement information corresponding to CE2 and CE3 and the corresponding tunnel encapsulation information, and then when PE2 receives the packet sent by the source CE, it can obtain the IP address of the destination CE in the packet, if the destination The IP of CE is the IP address of CE3, and according to the received route advertisement information of PE1, it can be determined that the destination PE is PE1.

Specifically, when the second PE advertises the route, it writes the IP address of the CE requesting the second PE to advertise the route into the route advertisement information of the second PE, so that the PE determines After the unit 802 determines the second PE, the tunnel information obtaining unit 804 can select the route advertisement information corresponding to the destination CE from the route advertisement information of the second PE, and the tunnel determination unit 805 can select the route advertisement information from the second PE Select the VXLAN tunnel encapsulation information corresponding to the destination CE from the VXLAN tunnel encapsulation information of the two PEs.

Preferably, the tunnel determining unit 805 is specifically configured to determine the first VPN identifier of the first PE and the second VPN identifier of the second PE in the route advertisement information corresponding to the destination CE The first PE transmits the packet to the VPN routing forwarding table of the second PE, and then determines the IP address of the first PE and the IP address of the second PE according to the VXLAN tunnel encapsulation information corresponding to the destination CE address, and according to the VPN routing and forwarding table, the IP address of the first PE, and the IP address of the second PE, determine the VXLAN tunnel through which the first PE transmits the packet to the second PE.

For example, referring to FIG. 2, PE2 receives a message from CE, and the IP address of the destination CE of the message is 192.168.1.102, then it can be determined that the second PE is PE1 and the destination CE is CE3, and then from PE2 After receiving the routing advertisement information and VXLAN tunnel information of PE1 sent by the VPN server, it is determined that the routing advertisement information and VXLAN tunnel information corresponding to CE3 are {NLRI:192.168.1.102, VPN ATR: (L_TAG1, R_TAG4), VXLAN ATR: (vni1 , uip1, uip4), NHP:4.4.4.4}, according to R-TAG4, determine the VRF4 corresponding to TAG4 from the VRF in PE2, and according to the VRF1 corresponding to TAG1, according to VRF4 and VRF1, you can determine the VRF from PE2 to PE1 , and then according to the uip4 address and uip1 carried in the VXLAN tunnel information, find vxlanif1 and vxlanif4, point the ingress vxlanif1 of the packet, point the egress of the packet to vxlanif4, and then generate the VXLAN tunnel table associated with PEI and PE2, and then obtain the VXLAN tunnel , so that PE2 receives the packet sent by the source CE and transmits it to PE1 through the VXLAN tunnel.

Preferably, the message transmission unit 806 transmits the received message of the source CE to the second PE through the VXLAN tunnel, so that the second PE address, and transmit the packet to the destination CE.

For example, as shown in Figure 2, when PE2 receives a packet sent by CE and transmits it to PE1 through the VXLAN tunnel, PE1 will remove the encapsulation information with the VXLAN tunnel, and read the destination IP address in the packet as 192.168.1.102 , PE1 finds that the CE corresponding to 192.168.1.102 is CE3 according to the destination IP address, and then transmits the packet to CE3.

Because in the prior art, MPLS technology is usually used to implement VPN construction, referred to as MPLS/VPN, but the existing MPLS/VPN needs to deploy LDP as a tunnel, and then deploy BGP to propagate VPN routes and perform distributed configuration. Every time you add a PE/VPN, you need to adjust the configuration of other PEs. Since MPLS/VPN needs to pass through different ASs, you need to deploy various cross-domain technologies. In addition, adding VPN services in a new area also needs to be deployed on the network. MPLS guarantees MPLS connectivity, which leads to poor performance of VPN service expansion in the prior art and requires cross-domain configuration.

In the embodiment of the present application, on the basis of routing forwarding by the VPN server, after receiving the routing advertisement information and VXLAN tunnel information of the VPN server, the source PE can obtain the VXLAN tunnel according to the routing advertisement information and VXLAN tunnel information of the VPN server. And the message is transmitted to the destination PE through the VXLAN tunnel, so that no cross-domain configuration is required, and when adding VPN services in a new area, it is only necessary to configure the newly added PE with other PEs, instead of deploying on the network MPLS improves the expansion performance of VPN services and makes the provisioning and maintenance of VPN services more convenient.

Those skilled in the art should understand that the embodiments of the present invention may be provided as methods, devices (devices), or computer program products. Accordingly, the present invention can take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.

The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (devices) and computer program products according to embodiments of the invention. It should be understood that each procedure and/or block in the flowchart and/or block diagram, and a combination of procedures and/or blocks in the flowchart and/or block diagram can be realized by computer program instructions. These computer program instructions may be provided to a general purpose computer, special purpose computer, embedded processor, or processor of other programmable data processing equipment to produce a machine such that the instructions executed by the processor of the computer or other programmable data processing equipment produce a An apparatus for realizing the functions specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.

These computer program instructions may also be stored in a computer-readable memory capable of directing a computer or other programmable data processing apparatus to operate in a specific manner, such that the instructions stored in the computer-readable memory produce an article of manufacture comprising instruction means, the instructions The device realizes the function specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.

These computer program instructions can also be loaded onto a computer or other programmable data processing device, causing a series of operational steps to be performed on the computer or other programmable device to produce a computer-implemented process, thereby The instructions provide steps for implementing the functions specified in the flow chart or blocks of the flowchart and/or the block or blocks of the block diagrams.

While preferred embodiments of the invention have been described, additional changes and modifications to these embodiments can be made by those skilled in the art once the basic inventive concept is appreciated. Therefore, it is intended that the appended claims be construed to cover the preferred embodiment as well as all changes and modifications which fall within the scope of the invention.

Obviously, those skilled in the art can make various changes and modifications to the present invention without departing from the spirit and scope of the present invention. Thus, if these modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalent technologies, the present invention also intends to include these modifications and variations.

Claims (15)

1. a method for routing iinformation issue, is characterized in that, described method comprises:

The route that virtual private network server receives from first service provider edge PE releases news, wherein, described route releases news and comprises the VPN topology link information that a described PE is corresponding, described VPN topology link information comprises the VPN sign of source, and the VPN of described source is designated the VPN sign in a described PE;

Described vpn server is selected the 2nd PE as destination;

Described vpn server is according to a described VPN sign, from the VPN sign of described the 2nd PE, select the two VPN sign marking matched with a described VPN, and in described VPN topology link information, increase described the 2nd VPN sign as the VPN sign of destination, obtain amended described route and release news; And

Described vpn server is according to a described VPN sign and described the 2nd VPN sign, determine described the 2nd PE by message transmissions the virtual extended local area network (LAN) VXLAN tunnel encapsulation information to a described PE;

Described vpn server releases news described VXLAN tunnel encapsulation information and amended described route to send to described the 2nd PE.

2. the method for claim 1, it is characterized in that, described route releases news and also comprises protocol IP address interconnected between the network of the user network boundary device CE being connected with a described PE, the IP address of described VPN topology link information and a described PE, and a described VPN sign is corresponding with described CE.

3. method as claimed in claim 1 or 2, is characterized in that, described vpn server, according to a described VPN sign, is selected the two VPN sign marking matched with a described VPN, specifically comprises:

Described vpn server is according to a described VPN sign, in TAG corresponding relation from described VPN, select the described two VPN sign marking matched with a described VPN, described TAG corresponding relation comprises the corresponding relation of the VPN sign in VPN sign in a described PE and described the 2nd PE.

4. the method as described in claim 1-3 any one, is characterized in that, described VXLAN tunnel encapsulation information comprises the VXLAN interface IP address being arranged in a described PE and is arranged on the VXLAN interface IP address in described the 2nd PE.

5. a method for message transmission, is characterized in that, described method comprises:

The one PE receives the message sending from source CE, and the message sending according to described source CE, and the object PE that determines described message transmissions is the 2nd PE;

A described PE is according to the IP address of the object CE in described message, from the route of described the 2nd PE that receives releases news, the selection route corresponding with described object CE releases news, and from the VXLAN tunnel encapsulation information of described the 2nd PE that receives, select the VXLAN tunnel encapsulation information corresponding with described object CE, wherein, the route of described the 2nd PE releases news and by vpn server, sends to a described PE with VXLAN tunnel encapsulation information;

A described PE releases news and VXLAN tunnel encapsulation information according to the route corresponding with described object CE, determine a described PE by message transmissions the VXLAN tunnel to described the 2nd PE;

A described PE passes through described VXLAN tunnel transmission to described the 2nd PE by described message.

6. method as claimed in claim 5, is characterized in that, a described PE releases news and described VXLAN tunnel encapsulation information according to described route, determine a described PE by message transmissions the VXLAN tunnel to described the 2nd PE, specifically comprise:

A VPN sign of a described PE described PE in releasing news according to the route corresponding with described object CE and the 2nd VPN sign of described the 2nd PE, determine a described PE by message transmissions the VPN route forwarding table to described the 2nd PE;

A described PE, according to the VXLAN tunnel encapsulation information corresponding with described object CE, determines the IP address of a described PE and the IP address of described the 2nd PE;

A described PE is according to the IP address of the IP address of described VPN route forwarding table and a described PE and described the 2nd PE, determine a described PE by message transmissions the VXLAN tunnel to described the 2nd PE.

7. a device for routing iinformation issue, is characterized in that, described device comprises:

Receiving element, for the route receiving from a PE, release news, wherein, described route releases news and comprises the VPN topology link information that a described PE is corresponding, described VPN topology link information comprises the VPN sign of source, and the VPN of described source is designated the VPN sign in a described PE;

Selected cell, for selecting the 2nd PE as destination;

Route is revised unit, for receiving the described route of described receiving element transmission, release news and receive described the 2nd PE that described selected cell sends, according to a described VPN sign, from the VPN sign of described the 2nd PE, select the two VPN sign marking matched with a described VPN, and in described VPN topology link information, increase described the 2nd VPN sign as the VPN sign of destination, obtain amended described route and release news;

Tunnel selected cell, for receiving described route, revise a described VPN sign and described the 2nd VPN sign that unit sends, according to a described VPN sign and described the 2nd VPN sign, determine described the 2nd PE by message transmissions the virtual extended local area network (LAN) VXLAN tunnel encapsulation information to a described PE;

Transmitting element, for receiving described route, revise amended described route that unit sends and release news and receive the described VXLAN tunnel encapsulation information that described tunnel selected cell sends, described VXLAN tunnel encapsulation information and amended described route are released news and send to described the 2nd PE.

8. device as claimed in claim 7, it is characterized in that, described route releases news and also comprises protocol IP address interconnected between the network of the user network boundary device CE being connected with a described PE, the IP address of described VPN topology link information and a described PE, and a described VPN sign is corresponding with described CE.

9. install as claimed in claim 7 or 8, it is characterized in that, described route is revised unit and is comprised VPN sign determining unit, for identifying according to a described VPN, in TAG corresponding relation from described VPN, select the described two VPN sign marking matched with a described VPN, described TAG corresponding relation comprises the corresponding relation of the VPN sign in VPN sign in a described PE and described the 2nd PE.

10. the device as described in claim 7-9 any one, is characterized in that, described VXLAN tunnel encapsulation information comprises the VXLAN interface IP address being arranged in a described PE and is arranged on the VXLAN interface IP address in described the 2nd PE.

11. 1 kinds of vpn servers, is characterized in that, described server comprises:

Receiver, for the route receiving from a PE, release news, wherein, described route releases news and comprises the VPN topology link information that a described PE is corresponding, described VPN topology link information comprises the VPN sign of source, and the VPN of described source is designated the VPN sign in a described PE;

Processor, for selecting the 2nd PE as destination, and according to a described VPN sign, from the VPN sign of described the 2nd PE, select the two VPN sign marking matched with a described VPN, and in described VPN topology link information, increase described the 2nd VPN sign as the VPN sign of destination, obtain amended described route and release news; And according to a described VPN sign and described the 2nd VPN sign, determine described the 2nd PE by message transmissions the virtual extended local area network (LAN) VXLAN tunnel encapsulation information to a described PE;

Transmitter, for releasing news described VXLAN tunnel encapsulation information and amended described route to send to described the 2nd PE.

12. servers as claimed in claim 11, it is characterized in that, described route releases news and also comprises protocol IP address interconnected between the network of the user network boundary device CE being connected with a described PE, the IP address of described VPN topology link information and a described PE, and a described VPN sign is corresponding with described CE.

13. servers as described in claim 11 or 12, it is characterized in that, described processor, specifically for identifying according to a described VPN, in TAG corresponding relation from described VPN, select the described two VPN sign marking matched with a described VPN, described TAG corresponding relation comprises the corresponding relation of the VPN sign in VPN sign in a described PE and described the 2nd PE.

The device of 14. 1 kinds of message transmissions, is characterized in that, described device comprises:

Receiving element, for receiving the message sending from source CE,

PE determining unit, the message sending for receiving described receiving element, according to described message, the object PE that determines described message transmissions is the 2nd PE;

Route Selection unit, the message sending for receiving described receiving element, according to the IP address of the object CE in described message, from the route of described the 2nd PE that receives releases news, the selection route corresponding with described object CE releases news, wherein, the route of described the 2nd PE releases news and sends to described Route Selection unit by vpn server;

Tunnel information acquiring unit, described the 2nd PE sending for receiving described PE determining unit, from the VXLAN tunnel encapsulation information of described the 2nd PE that receives, select the VXLAN tunnel encapsulation information corresponding with described object CE, wherein, the VXLAN tunnel encapsulation information of described the 2nd PE sends to described tunnel selected cell by vpn server;

Tunnel determining unit, for receiving the route corresponding with described object CE of described Route Selection unit transmission, release news and receive the described VXLAN tunnel encapsulation information that described tunnel information acquiring unit sends, according to the route corresponding with described object CE, release news and described VXLAN tunnel encapsulation information, determine a described PE by message transmissions the VXLAN tunnel to described the 2nd PE;

Message transmissions unit, the described VXLAN tunnel sending for receiving described tunnel determining unit, passes through described VXLAN tunnel transmission to described the 2nd PE by described message.

15. devices as claimed in claim 14, it is characterized in that, described tunnel determining unit, specifically for a VPN sign of the described PE in releasing news according to the route corresponding with described object CE and the 2nd VPN sign of described the 2nd PE, determine that a described PE gives message transmissions the VPN route forwarding table of described the 2nd PE, again according to the VXLAN tunnel encapsulation information corresponding with described object CE, determine the IP address of a described PE and the IP address of described the 2nd PE, and according to the IP address of the IP address of described VPN route forwarding table and a described PE and described the 2nd PE, determine that a described PE gives message transmissions in the VXLAN tunnel of described the 2nd PE.

Images