WO2022001666A1 - Method for creating vxlan tunnel and related devices - Google Patents

Abstract

Disclosed are a method for creating a VXLAN tunnel and related devices, which belongs to the technical field of communication. In the method, if a first terminal device migrates out from a first network device, even if a forwarding list at a second network device is not promptly updated which leads to a first VXLAN message being mistakenly sent to the first network device, a control device can still be notified of the migration circumstance by means of an error message notification message, so that the second network device is notified by means of the control device, and the second network device can promptly update the forwarding list. Therefore, when a terminal device migrates, the method provided in the present application dynamically changes a VXLAN tunnel that is created in the forwarding list, so that a VXLAN tunnel created in a network can characterize the VXLAN tunnel which is currently required in real time. The flexibility with which VXLAN tunnels are created is increased, so that the VXLAN does not need to keep all of the VXLAN tunnels between devices.

Description

Method and related equipment for establishing VXLAN tunnel

The embodiments of this application claim the priority of the Chinese patent application with the application number 202010615448.X and the invention titled "Method for Establishing a VXLAN Tunnel and Related Equipment" filed on June 30, 2020, the entire contents of which are incorporated herein by reference application examples.

technical field

The present application relates to the field of communication technologies, and in particular, to a method for establishing a virtual extensible local area network (VXLAN) tunnel and related equipment.

Background technique

VXLAN is a virtual network built on the underlying network. VXLAN includes virtual network devices with two roles of border (border) device and edge (edge) device. As the network egress of the VXLAN, the border device is responsible for forwarding the packets in the VXLAN to other VXLANs or non-VXLANs. As the service access point of the VXLAN, the edge device is responsible for forwarding the packets of the user equipment to the VXLAN. A VXLAN tunnel is established between the edge device and the edge device, as well as between the edge device and the edge device, to implement packet forwarding in the VXLAN.

In the related art, for one edge device and multiple edge devices included in the VXLAN, a VXLAN tunnel is established in advance between any edge device and the edge device, and between any two edge devices in a dynamic routing manner. This method of establishing a VXLAN tunnel requires establishing a VXLAN tunnel between all devices in the VXLAN, resulting in low flexibility in establishing a VXLAN tunnel.

SUMMARY OF THE INVENTION

The present application provides a method and related equipment for establishing a VXLAN tunnel, which can improve the flexibility of establishing a VXLAN tunnel. The technical solution is as follows:

A first aspect provides a method for establishing a virtual extended local area network VXLAN tunnel, the method is applied to a first network device in the VXLAN, the VXLAN includes multiple network devices, and a VXLAN tunnel is established between any network device and a control device. , the first network device is one of the multiple network devices. In this method, a first VXLAN message from the second network device is received, and the destination address of the original frame included in the first VXLAN message is the address of the first terminal device; if there is no terminal device connected to the first network device The first terminal device sends an error message notification message to the control device, where the error message notification message includes the address of the first terminal device, the identifier of the first network device, and the identifier of the second network device, and the error message notification message indicates the first terminal device. A terminal device is not connected to the first network device, but the first network device still receives the VXLAN packet from the second network device and sent to the first terminal device.

With the method for establishing a VXLAN tunnel provided by the present application, when the first network device determines that the first terminal device is not connected to itself, it will send an error message passing message to the control device. Therefore, if the first terminal device migrates from the first network device, even if the forwarding table at the second network device is not updated in time, the first VXLAN packet is erroneously sent to the first network device. The notification message can still notify the control device of the migration situation, so as to notify the second network device through the control device, so that the second network device updates the forwarding table in time. Therefore, the method provided by the present application can dynamically change the VXLAN tunnel established in the forwarding table when the terminal device is migrated, so that the VXLAN tunnel established in the network can represent the VXLAN tunnel currently required in real time. In this way, not only the flexibility of establishing a VXLAN tunnel is improved, but also it is unnecessary to reserve all VXLAN tunnels between devices in the VXLAN, thereby saving forwarding table resources at each network device.

It should be noted that, in this application, establishing a VXLAN tunnel is essentially to obtain the identifier of the VXLAN tunnel, and then establish a correspondence between the destination address of the packet and the tunnel identifier, so that subsequent packets sent to the destination address are all can be forwarded through this VXLAN tunnel. The tunnel identifier may be the identifier of the peer device of the VXLAN tunnel (eg, the IP address of the peer device). The tunnel identifier may also be other symbols uniquely capable of identifying the tunnel in addition to the identifier of the peer device of the VXLAN tunnel, for example, the tunnel identifier is a unique number for the VXLAN tunnel. The network device can use this number to index the corresponding entry, and the entry stores the VXLAN tunnel parameters including the IP address of the peer device.

Based on the method provided by the first aspect, in a possible implementation manner, in the method, when the first terminal device leaves the first network device, the first terminal device is deleted from the terminal access set of the first network device address, the terminal access set includes the addresses of each terminal device connected to the first network device.

Through the above implementation manner, each network device can update the terminal access set in time when the terminal device is migrated, so that the terminal access set is more ready to represent each terminal device currently connected to the network device, so as to facilitate the subsequent dynamic change of the VXLAN tunnel.

Based on the method provided by the first aspect, in a possible implementation manner, in the method, if it is detected that the first terminal device and the first network device are disconnected from communication, it is determined that the first terminal device leaves the first network device.

The above implementation manner is applied to the scenario in which the first network device can perceive the migration of the first terminal device. In this scenario, if the first network device detects that the first terminal device and the first network device are disconnected from communication, the first The terminal device is migrated from the first network device.

Based on the method provided by the first aspect, in a possible implementation manner, in the method, when the first terminal device leaves the first network device, it sends a terminal relocation notification to the control device, and the terminal relocation notification includes the first terminal The address of the device and the identifier of the first network device, and the terminal move-out notification instructs the first terminal device to leave the first network device.

It can be seen from this that in the scenario where the first network device can perceive the migration of the first terminal device, the first network device not only deletes the address of the first terminal device in the local terminal access set, but also notifies the control device to delete the first network as well. The address of the first terminal device in the terminal access set of the device. The technical effect of this is that the terminal access set stored at the control device and the network device can accurately represent the connection status of the terminal device in real time, so that when other terminal devices access the terminal device that has been migrated, it can be dynamically changed. An established VXLAN tunnel.

Based on the method provided in the first aspect, in a possible implementation manner, the above-mentioned implementation process of determining that the first terminal device has left the first network device is: if a terminal move-out instruction from the control device is received, determining that the first terminal When the device leaves the first network device, the terminal move-out instruction includes the address of the first terminal device, and the terminal move-out instruction is used to instruct the first terminal device to leave the first network device.

The above implementation manner is applied to a scenario where the first network device cannot perceive the migration of the first terminal device. Therefore, when the first terminal device migrates out, the first network device cannot immediately delete the information of the first terminal device from the terminal information. . Instead, it is determined by the notification of the control device that the first terminal device has migrated out.

Based on the method provided in the first aspect, in a possible implementation manner, in the method, the original frame is encapsulated into a second VXLAN packet, and the second VXLAN packet is sent via the first network device to the control device. The VXLAN tunnel is sent to the control device.

When the first network device receives a VXLAN packet that does not reach the terminal device connected to itself, the first network device may re-encapsulate the first VXLAN packet and forward it by the control device.

In a second aspect, a method for establishing a virtual extended local area network VXLAN tunnel is provided, and the method is applied to a control device. In this method, an error message notification message from a first network device in the VXLAN is received, and the error message notification message includes the address of the first terminal device, the identifier of the first network device, and the identifier of the second network device. The message notification message indicates that the first terminal device is not connected to the first network device, but the first network device still receives the VXLAN message from the second network device and sent to the first terminal device. The VXLAN includes multiple network devices. A network device and a second network device are two of multiple network devices; send a terminal change message to the second network device, the terminal change message includes the address of the first terminal device and the identifier of the third network device, and the terminal change message indicates The first terminal device is currently connected to the third network device.

With the method for establishing a VXLAN tunnel provided by the present application, when the first network device determines that the first terminal device is not connected to itself, it will send an error message passing message to the control device. Therefore, if the first terminal device moves out from the first network device, even if the VXLAN packet is erroneously sent to the first network device because the forwarding table at the second network device is not updated in time, the error message notification message is sent to the first network device. It is still possible to notify the control device of the migration situation, so as to notify the second network device through the control device, so that the second network device updates the forwarding table in time. Therefore, the method provided by the present application can dynamically change the VXLAN tunnel that has been established in the forwarding table when the terminal device is migrated, so that the VXLAN tunnel established in the network can represent the VXLAN tunnel currently required in real time. In this way, not only the flexibility of establishing a VXLAN tunnel is improved, but also it is unnecessary to reserve all VXLAN tunnels between devices in the VXLAN, thereby saving forwarding table resources at each network device.

Based on the method provided by the second aspect, in a possible implementation manner. In this method, a terminal move-out notification from a first network device is received, the terminal move-out notification includes an address of the first terminal device and an identifier of the first network device, and the terminal move-out notification instructs the first terminal device to leave the first network device ; delete the address of the first terminal device from the terminal access set of the first network device, where the terminal access set includes the addresses of each terminal device connected to the first network device.

It can be seen from this that in a scenario where the first network device can perceive the migration of the first terminal device, the first network device notifies the control device to also delete the address of the first terminal device in the terminal access set of the first network device. The technical effect of this is that the terminal access set stored by the control device can accurately represent the connection status of the terminal device in real time, so that when other terminal devices access the terminal device that has been migrated, the established VXLAN can be dynamically changed. tunnel.

Based on the method provided in the second aspect, in a possible implementation manner, a terminal access announcement message sent from a third network device is received, where the terminal access announcement message includes the address of the first terminal device and the identifier of the third network device, The terminal access announcement message indicates that the first terminal device is connected to the third network device; if the address of the first terminal device is included in the terminal access set of the first network device, delete the first terminal device in the terminal access set of the first network device. The address of a terminal device is sent to the first network device, and the terminal relocation instruction includes the address of the first terminal device, and the terminal relocation instruction is used to instruct the first terminal device to leave the first network device.

The above implementation manner is applied to a scenario where the first network device cannot perceive the migration of the first terminal device. Therefore, when the first terminal device migrates out, the first network device cannot immediately remove the information of the first terminal device from the terminal access set. delete. Instead, it is determined that the first terminal device has migrated out by means of the advertisement of the network device newly accessed by the first terminal device.

Based on the method provided in the second aspect, in a possible implementation manner, after receiving the terminal access announcement message sent from the third network device, the address of the first terminal device is added to the terminal access of the third network device in the collection.

In the scenario in which it is determined that the first terminal device has migrated out based on the notification of the network device newly accessed by the first terminal device, the terminal of the newly accessed network device may also be notified based on the notification of the network device newly accessed by the first terminal device. The access set is updated in time, so that the terminal access set stored at the control device can accurately represent the connection situation of the terminal device in real time.

In a third aspect, a first network device in a VXLAN is provided, where the first network device has a function of implementing the behavior of the method for establishing a VXLAN tunnel in the first aspect. The first network device includes at least one module, and the at least one module is configured to implement the method for establishing a VXLAN tunnel provided by the above-mentioned first aspect.

In a fourth aspect, a control device is provided, and the control device has a function of implementing the behavior of the method for establishing a VXLAN tunnel in the second aspect. The control device includes at least one module, and the at least one module is configured to implement the method for establishing a VXLAN tunnel provided in the second aspect above.

A fifth aspect provides a first network device, the structure of the first network device includes a processor and a memory, and the memory is used to store a program that supports the apparatus to execute the method for establishing a VXLAN tunnel provided in the first aspect, and Data involved in implementing the method for establishing a VXLAN tunnel provided by the first aspect is stored. The processor is configured to execute programs stored in the memory. The operating means of the memory device may also include a communication bus for establishing a connection between the processor and the memory.

In a sixth aspect, a control device is provided, the structure of the control device includes a processor and a memory, and the memory is used to store a program that supports the apparatus to perform the method for establishing a VXLAN tunnel provided in the second aspect, and stores a program for Data involved in implementing the method for establishing a VXLAN tunnel provided in the second aspect above. The processor is configured to execute programs stored in the memory. The operating means of the memory device may also include a communication bus for establishing a connection between the processor and the memory.

In a seventh aspect, a computer-readable storage medium is provided, and instructions are stored in the computer-readable storage medium, when the computer-readable storage medium runs on a computer, the computer executes the method for establishing a VXLAN tunnel of the first aspect or the second aspect.

In an eighth aspect, there is provided a computer program product comprising instructions, which, when executed on a computer, cause the computer to perform the method for establishing a VXLAN tunnel of the first or second aspect above.

The technical effects obtained by the third aspect to the eighth aspect are similar to the technical effects obtained by the corresponding technical means in the first aspect and the second aspect, and will not be repeated here.

Description of drawings

Fig. 1 is a system schematic diagram of a VXLAN provided by an embodiment of the present application;

FIG. 2 is a schematic flowchart of updating user information provided by an embodiment of the present application;

3 is a flowchart of a method for establishing a VXLAN tunnel provided by an embodiment of the present application;

4 is a schematic diagram of a format of a VXLAN message provided by an embodiment of the present application;

FIG. 5 is a flowchart of another method for establishing a VXLAN tunnel provided by an embodiment of the present application;

FIG. 6 is a schematic structural diagram of a first network device provided by an embodiment of the present application;

7 is a schematic structural diagram of a control device provided by an embodiment of the present application;

FIG. 8 is a schematic structural diagram of a network device provided by an embodiment of the present application.

detailed description

In order to make the objectives, technical solutions and advantages of the embodiments of the present application more clear, the embodiments of the present application will be further described in detail below with reference to the accompanying drawings.

Before describing the embodiments of the present application in detail, the application scenarios involved in the embodiments of the present application are explained in detail.

VXLAN can superimpose Layer 2 virtual network on any routeable underlying network, realize intercommunication within VXLAN network through VXLAN gateway, and also realize intercommunication with traditional non-VXLAN network through VXLAN network. VXLAN technology extends the Layer 2 network by adopting the encapsulation method of Media Access Control (MAC) into (in) User Datagram Protocol (UDP), and encapsulates Ethernet packets in the network (internet protocol). , IP) packets are transmitted in the network through the VXLAN gateway, without paying attention to the MAC addresses of terminal devices such as virtual machines. Since the routing network has no network structure restrictions, it has the ability to expand on a large scale. Therefore, through the routing network, the migration of terminal devices such as virtual machines is not limited by the network architecture. VXLAN can meet the needs of virtual migration and multi-tenancy of data center networks. Similarly, VXLAN is also suitable for the scenario of "one network with multiple uses" in the campus network. For example, the same bearer network is virtualized into multiple service networks to achieve mutual isolation between different service networks.

For the convenience of subsequent descriptions, several technical terms involved in the embodiments of the present application are explained first.

VXLAN Network Identifier (VNI): Similar to the VLAN ID in traditional networks, it is used to distinguish VXLAN network segments. Tenants in different VXLAN segments cannot directly communicate at Layer 2. A network can be divided into one or more VNIs.

Broadcast domain (Bridge Domain, BD): Similar to the method of dividing the broadcast domain by VLAN in the traditional network, the broadcast domain is divided by BD in the VXLAN network. In a VXLAN network, a VNI is mapped to a broadcast domain BD in a 1:1 manner. A BD represents a broadcast domain, and hosts in the same BD can communicate at Layer 2.

VXLAN Tunnel Endpoints (VTEP): VTEP can encapsulate and decapsulate VXLAN packets. In a VXLAN packet, the source IP address is the IP address of the source VTEP, and the destination IP address is the IP address of the destination VTEP. A pair of VTEP addresses corresponds to a VXLAN tunnel. After the source end encapsulates the packet, the encapsulated packet is sent to the destination VTEP through the tunnel, and the destination VTEP decapsulates the received encapsulated packet.

Virtual Access Point (VAP): VXLAN service access point, which can access services based on VLAN or packet flow encapsulation type.

Network Virtualization Edge (NVE): NVE is a network entity that implements network virtualization functions. After the packets are encapsulated and converted by NVE, a Layer 2 virtualized network can be established between NVEs based on the Layer 3 basic network.

Similar to the traditional VLAN network, the VXLAN network also has mutual access within the VXLAN network and mutual access between the VXLAN networks.

Layer 2 gateway: Similar to a Layer 2 access device on a traditional network, in a VXLAN network, a Layer 2 gateway enables tenants to access the VXLAN virtual network. Layer 2 gateways can also be used for subnet communication within the same VXLAN virtual network. Combined with the foregoing explanation of the functions of edge devices and edge devices, in VXLAN, edge devices can be used as Layer 2 gateways.

Layer 3 gateway: Similar to traditional networks, users in different VLANs cannot directly communicate with each other at Layer 2, and VXLANs between different VNIs and between VXLANs and non-VXLANs cannot directly communicate with each other. To enable communication between VXLANs and between VXLANs and non-VXLANs, the concept of VXLAN Layer 3 gateways is introduced. Layer 3 gateways are used for cross-subnet communication of VXLAN virtual networks and access to external networks. Likewise, in conjunction with the foregoing explanations of the functions of the edge device and the edge device, in VXLAN, the edge device can be used as a Layer 3 gateway.

The method provided by the embodiment of the present application is applied to the above scenario of forwarding packets through VXLAN, and the purpose is to dynamically change the established VXLAN tunnel when the terminal device is migrated, so that the VXLAN tunnel established in the network can represent the current demand in real time VXLAN tunnel. In this way, not only the flexibility of establishing a VXLAN tunnel is improved, but also it is unnecessary to reserve all VXLAN tunnels between devices in the VXLAN, thereby saving forwarding table resources at each network device.

It should be noted that, in this embodiment of the present application, establishing a VXLAN tunnel is essentially acquiring the identifier of the VXLAN tunnel, and then establishing a correspondence between the destination address of the packet and the tunnel identifier, so as to facilitate subsequent packets sent to the destination address. All messages can be forwarded through the VXLAN tunnel. The tunnel identifier can be the identifier of the peer device of the VXLAN tunnel (such as the IP address of the peer device), or it can be other unique symbols other than the identifier of the peer device of the VXLAN tunnel that can uniquely identify the tunnel, for example, the tunnel identifier is for VXLAN A unique number for the tunnel. The network device can use this number to index the corresponding entry, and the entry stores the VXLAN tunnel parameters including the IP address of the peer device.

The method for establishing a VXLAN tunnel provided by the embodiment of the present application will be explained in detail below. The method for establishing a VXLAN tunnel provided by the embodiment of the present application is applied to a scenario in which an established VXLAN tunnel can be dynamically changed when a terminal device is migrated. To achieve this technical effect, configure a control device for the VXLAN network. After the control device is configured, the following configuration is performed between the control device and each network device in the VXLAN.

In a possible implementation manner, the above-mentioned control device is a certain network device in the VXLAN. The control device may also be a device other than the above VXLAN, for example, the control device supports VXLAN but is in a VXLAN different from the virtual network identifier (VNI) of the network device, or the control device may not support VXLAN. The following describes the configuration process by taking the control device as a network device in the VXLAN as an example.

The terminal access set of any network device in the VXLAN is stored at the control device, and any network device locally also stores its own terminal access set. The terminal access set of any network device includes the addresses of each terminal device connected to the network device. And when the terminal device migrates, the terminal access set at the control device and the terminal access set at the network device are updated. So that the established VXLAN tunnel can be dynamically changed when other network devices access the terminal device that has been migrated later. The data structure of the aforementioned terminal access set may be a terminal access list, a terminal access list, a terminal access linked list, etc. The embodiment of the present application does not limit the data structure of the terminal access set.

The following content is used to explain in detail the update of the terminal access set at the control device and the terminal access set at the network device when the terminal device is migrated. The following content is described by taking the migration of the first terminal device from the first network device as an example. The first network device is any device in the VXLAN, and the first terminal device is any terminal device that accesses the first network device.

In a possible implementation manner, after the first terminal device accesses the first network device, the first network device can receive a packet sent by the first terminal device, and the source address of the packet is the first terminal device. Therefore, if the first network device receives a message from the first terminal device for the first time, it indicates that the first terminal device is connected to the first network device, and the first network device adds the address of the first terminal device to the first network In the terminal access set of the device. Subsequently, if the first network device determines that the first terminal device leaves the first network device, the address of the first terminal device is deleted from the terminal access set of the first network device.

It should be noted that, in some scenarios, the first network device can sense that the first terminal device leaves the first network device. However, in some scenarios, the first network device cannot sense that the first terminal device leaves the first network device. The following describes how the first network device determines that the first terminal device leaves the first network device in two scenarios.

(1) The first network device can sense that the first terminal device leaves

In this scenario, if the first network device detects that the first terminal device and the first network device are disconnected from communication, it is determined that the first terminal device leaves the first network device.

For example, the first terminal device is directly connected to the first network device in a wired manner, and the first network device determines whether the first terminal device leaves the first network device according to whether the wired port is down (down). If the wired port connected to the first terminal device is disconnected, it is determined that the first terminal device leaves the first network device.

For another example, the first network device is used as the wireless access point of the first terminal device. If the first terminal device is disassociated from the wireless access point and the first network device can recognize that the first terminal device is offline, then the first network device The device then determines that the first terminal device leaves the first network device.

For another example, if the first network device receives traffic from the first terminal device within a certain period of time, it is determined that the first terminal device leaves the first network device.

In this scenario, when the first network device detects that the first terminal device leaves the first network device, in addition to deleting the identifier of the first terminal device from the terminal access set of the first network device, it also sends a terminal transition message to the control device. The terminal move-out notification instructs the first terminal device to leave the first network device. The control device receives the terminal migration notification sent by the first network device, and the control device deletes the address of the first terminal device from the terminal access set of the first network device.

It can be seen from this that in a scenario where the first network device can sense the departure of the first terminal device, the first network device not only deletes the address of the first terminal device in the local terminal access set, but also notifies the control device to delete the first network as well. The address of the first terminal device in the terminal access set of the device. The technical effect of this is: the terminal access set stored at the control device and the network device can accurately represent which terminal devices are connected to the network device in real time, so that other terminal devices can access the migrated terminal devices in the future. , the established VXLAN tunnel can be dynamically changed.

In addition, in order to realize the communication between other network devices in VXLAN and the control device, in a possible implementation manner, a virtual network control protocol (overlaycontrol protocol, OCP) is pre-deployed on the control device and other network devices in VXLAN, So that the control device acts as the OCP server (OCP server), and other network devices in the VXLAN act as the OCP client (OCP client).

Since the OCP client and the OCP server can exchange information, the terminal migration notification sent by the first network device to the control device can be sent through the OCP protocol.

In addition, optionally, when the VXLAN network is initialized, any network device may first establish a VXLAN tunnel with the control device. Therefore, when a certain network device receives a VXLAN message whose destination is not the terminal device to which it is connected, it can forward the VXLAN message in a detour through the control device. When a VXLAN tunnel is established between any network device and the control device, the above-mentioned terminal migration notification can be forwarded through the VXLAN tunnel.

FIG. 1 is a schematic diagram of the architecture of a VXLAN provided by an embodiment of the present application. The VXLAN includes five VXLAN tunnel endpoints (VXLAN Tunnel Endpoints, VTEP), which are marked as VTEP-1, VTEP-2, VTEP-3, VTEP-4, and VTEP-5. Among them, VTEP P-1, VTEP-2, VTEP-3, VTEP-4 are network equipment, and VTEP-5 is control equipment. Deploy the OCP protocol on VTEP-1, VTEP-2, VTEP-3, VTEP-4, and VTEP-5 respectively, so that VTEP-5 acts as the OCP server, VTEP P-1, VTEP-2, VTEP-3, VTEP -4 as OCP client.

As shown in Figure 5, based on the deployed OCP protocol, VTEP-1, VTEP-2, VTEP-3, and VTEP-4 establish VXLAN tunnels with VTEP-5 respectively, and obtain four VXLAN tunnels in the north-south direction as shown in Figure 5. . VXLAN tunnels are not established between VTEP-1, VTEP-2, VTEP-3, and VTEP-4. Instead, VXLAN tunnels between network devices are dynamically established later based on traffic requirements, and VXLAN tunnels between network devices are dynamically changed when terminal devices are migrated. It should be noted that the embodiments of the present application do not limit the specific implementation manner of dynamically establishing a VXLAN tunnel between network devices based on traffic requirements.

In addition, the above-mentioned OCP protocol is only an optional control plane protocol for realizing the communication between the control device and the network device. This embodiment of the present application does not limit how the control device establishes the control plane protocol with each network device.

In addition, when a VXLAN tunnel is dynamically established between network devices based on traffic requirements, if the aging time method is used to delete a VXLAN tunnel that has been idle for a long time, in the case of terminal device migration, the VXLAN tunnel cannot be changed in time, which also leads to forwarding table resources. of waste. In this scenario, through the method for establishing a VXLAN tunnel provided by the embodiments of the present application, the established VXLAN tunnel can be dynamically changed when the terminal device is migrated, so that the VXLAN tunnel established in the network can represent the current demanded VXLAN tunnel in real time. In this way, not only the flexibility of establishing a VXLAN tunnel is improved, but also it is unnecessary to reserve all VXLAN tunnels between devices in the VXLAN, thereby saving forwarding table resources at each network device.

(2) The first network device cannot sense that the first terminal device leaves

For example, the first terminal device is first connected to a HUB (hub) device, and then the HUB device is connected to the first network device. In this case, if the first terminal device is disconnected from the HUB device, the first network device cannot sense the departure of the first terminal device.

For another example, if the first network device is the wireless access point of the first terminal device, if the first terminal device directly leaves the range covered by the SSID of the first network device, the first network device cannot sense that the first terminal device leaves.

Since the first network device cannot sense the departure of the first terminal device, when the first terminal device migrates out, the first network device cannot immediately delete the address of the first terminal device from the terminal access set. Instead, it is determined that the first terminal device leaves the first network device by means of the advertisement of the network device newly accessed by the first terminal device.

Therefore, in a possible implementation manner, in this scenario, the implementation manner for the first network device to determine that the first terminal device leaves the first network device may be: the control device receives the terminal access announcement sent by the third network device message, the terminal access announcement message includes the address of the first terminal device and the identifier of the third network device, and the terminal access announcement message indicates that the first terminal device is connected to the third network device. If the terminal access set of the first network device includes the address of the first terminal device, the control device can learn that the first terminal device has migrated from the first network device to the third network device, so the control device deletes the first network device The identifier of the first terminal device in the terminal access set. At the same time, the control device sends a terminal relocation instruction to the first network device, where the terminal relocation instruction includes the address of the first terminal device, and the terminal relocation instruction is used to instruct the first terminal device to leave the first network device. Therefore, if the first network device receives the terminal relocation instruction sent by the control device, it is determined that the first terminal device leaves the first network device.

In this scenario, since the first network device determines that the first terminal device has migrated from the first network device through the control device, the first network device only needs to delete the first network device from the terminal access set of the first network device. The identification of the terminal device is sufficient, and the update process of the terminal access set at the control device does not need to be concerned.

Similarly, when the VXLAN network is initialized, any network device and the control device first establish a VXLAN tunnel. In this scenario, the above-mentioned online notification message and the second terminal relocation message can be implemented through the established north-south VXLAN tunnel.

FIG. 2 is a schematic flowchart of updating a terminal access set provided by an embodiment of the present application, which is used to further describe the situation in the above scenario (2) in detail. The flow shown in Figure 2 includes the following steps.

1) After terminal device A migrates from edge device 1 to edge device 2, terminal device A sends traffic to edge device 2. The traffic sent by terminal device A to edge device 2 refers to the packets sent by terminal device A to edge device 2 for the first time. Optionally, the message is an online notification message, which is used to notify the terminal device A to access the edge device 2 . Optionally, the packet is a data packet sent by the first terminal device to the first network device for the first time.

2) The edge device 2 will recognize the address of the terminal device A (such as a MAC address and/or an IP address), and the edge device 2 will add the address of the terminal device A to the terminal access set of the edge device 2 .

3) The edge device 2 reports the address of the terminal device A to the edge device by means of a terminal access notification message based on the OCP protocol.

4) The edge device searches the stored terminal access set of each edge device, and finds that the address of terminal device A already exists in the terminal access set of edge device 1, and it is edge device 2 that sends the terminal access announcement message this time. Therefore, the edge device updates the terminal access sets of edge device 2 and edge device 1. The relocation situation of the terminal device A is notified to the edge device previously accessed by the terminal device A, that is, the edge device 1, in the form of a terminal relocation instruction.

5) The edge device 1 receives the terminal migration instruction sent by the edge device, and deletes the address of the terminal device A from the local terminal access set.

Based on the process shown in FIG. 2 , in the case where the edge device cannot perceive the terminal device migration, it can also be implemented to update the terminal access set at the edge device and the terminal at the edge device in time after the terminal device leaves the first network device. Access collection.

After the terminal device is migrated, based on the above process of updating the terminal access set at the control device and the terminal access set at the network device, when other terminal devices subsequently access the terminal device that has been migrated, it is possible to dynamically change the Established VXLAN tunnel. The following embodiments are used to explain in detail how to dynamically change the established VXLAN tunnel.

FIG. 3 is a flowchart of a method for establishing a VXLAN tunnel provided by an embodiment of the present application. As shown in Figure 3, the method includes the following steps.

Step 301: The first network device receives a first VXLAN packet from the second network device, and the destination address of the original frame included in the first VXLAN packet is the address of the first terminal device.

It is assumed that the original frame in the first VXLAN packet is a packet in the traffic of the second terminal device accessing the first terminal device, and the second terminal device is connected to the second network device. A possible application scenario of the embodiment of the present application is: before the first terminal device is migrated from the first network device to the third network device, the second terminal device has already accessed the first terminal device, so the transfer of the second network device The publication stores the correspondence between the tunnel identifier of the VXLAN tunnel between the second network device and the first network device and the address of the first terminal device. However, after the first terminal device is migrated, the first network device does not immediately update the forwarding table. Therefore, if the second terminal device accesses the first terminal device again, the second network device still uses the unupdated forwarding table at this time. The message is sent to the first network device to expect to access the first terminal device through the first network device.

For the convenience of subsequent description, the forwarding table of the second network device is explained here. The forwarding table includes a plurality of terminal device addresses and tunnel identifiers corresponding to the respective terminal device addresses. The function of the forwarding table is: through the VXLAN tunnel indicated by the tunnel identifier corresponding to any terminal device address, the message can be forwarded to the terminal device indicated by the terminal device address.

In a possible implementation manner, the above-mentioned tunnel identifier is an identifier of the VTEP at the receiving end of the VXLAN tunnel (eg, the IP address of the peer device). For example, for a VXLAN tunnel from the second network device to the first network device, the tunnel identifier of the VXLAN tunnel is the identifier of the first network device.

In another possible implementation manner, the above-mentioned tunnel identifier is a symbol other than the identifier of the peer device of the VXLAN tunnel that can uniquely identify the tunnel, for example, the tunnel identifier is a unique number for the VXLAN tunnel. For example, for the VXLAN tunnel from the second edge device to the first edge device, the tunnel identifier of the VXLAN tunnel is tunnel 1 . It should be noted that, in this implementation, in order to facilitate the subsequent query of the peer end of a certain VXLAN tunnel, the network device can use this number to index the corresponding entry, and the entry contains the IP address of the peer device. VXLAN tunnel parameters. Therefore, in a possible implementation manner, the second network device may also maintain a tunnel list, where the tunnel list includes the identifiers of the VTEPs of the receiving ends of the tunnels that correspond one-to-one with each tunnel identifier.

Therefore, after receiving the packet whose source address is the address of the second terminal device and the destination address is the address of the first terminal device, the second network device queries the forwarding table and finds that the VXLAN between the second network device and the first network device can be passed through. The tunnel sends the packet. In this way, the second network device encapsulates the packet as an original frame into a first VXLAN packet, and passes the first VXLAN packet through the VXLAN tunnel between the second network device and the first network device. sent to the first network device.

The above-mentioned encapsulating the message as the original frame into the first VXLAN message refers to: adding the outer frame header such as the VXLAN frame header to the first network device as the destination of the first VXLAN message, so as to realize the sending of the first VXLAN message to the first network device.

In order to facilitate the understanding of encapsulating the original frame into the first VXLAN packet, the encapsulation format of the VXLAN packet is also explained here. As shown in Figure 4, the original frame (original L2frame) is first added with a VXLAN frame header during the encapsulation process, and then encapsulated in the outer UDP frame header, and the IP and MAC addresses of the bearer network are used as the outer header for encapsulation. A VXLAN packet can be obtained.

The explanation of each field in the above VXLAN frame header, outer layer UDP frame header, outer layer IP frame header, and outer layer Ethernet frame header is shown in Table 1. The meaning of each field in the VXLAN packet will not be explained in detail here.

Table 1

Step 302: If there is no first terminal device in the terminal devices connected to the first network device, send an error message notification message to the control device, and the control device receives the error message notification message from the first network device.

Based on the above process of updating the terminal access set at the control device and the terminal access set at the network device, it can be known that if the first terminal device migrates from the first network device, the terminal access set of the first network device will no longer have the identity of the first terminal device. Therefore, when the first network device receives the first VXLAN packet, if there is no address of the first terminal device in the terminal access set of the first network device, it indicates that the first terminal device is not connected to the first network device. In this scenario, the first network device sends an error message notification message to the control device. The control device receives the error message notification message sent by the first network device.

The error message notification message includes the address of the first terminal device, the identifier of the first network device, and the identifier of the second network device. The error message notification message indicates that the first terminal device is not connected to the first network device, but the first network device still receives the VXLAN packet from the second network device and sent to the first terminal device.

In addition, it should be noted that the execution scenario of step 302 is a case where the received message is a message encapsulated in the VXLAN format. If the packet in step 301 is not a packet encapsulated in the VXLAN format, it is not necessary to dynamically change the established VXLAN tunnel.

After receiving the error message notification message, the control device may query the network device currently accessed by the first terminal device from the terminal access set of each network device. and use the queried network device as the third network device.

In addition, after the first network device receives the first VXLAN packet, if there is no address of the first terminal device in the local terminal access set, it indicates that the first terminal device is not currently connected to the first network device. In this scenario, if a VXLAN tunnel is established between each network device in the VXLAN and the control device, the first network device encapsulates the original frame in the first VXLAN packet into a second VXLAN packet, and encapsulates the original frame in the first VXLAN packet into a second VXLAN packet. The second VXLAN packet is sent to the control device via the VXLAN tunnel between the first network device and the control device. The control device receives the second VXLAN packet from the first network device. The control device encapsulates the original frame into a third VXLAN packet, and sends the third VXLAN packet to the third network device through the VXLAN tunnel between the control device and the third network device, so as to implement the second terminal device to the migrated Access to the first terminal device.

In addition, after receiving the error message notification message, the control device needs to notify the second network device to change the established VXLAN tunnel through the following steps, so as to prevent the second network device from sending an error message to the first network device. Internet equipment.

Step 303: The control device sends a terminal change message to the second network device, the terminal change message includes the address of the first terminal device and the identifier of the third network device, and the terminal change message indicates that the first terminal device is currently connected to the third network device.

After receiving the terminal change message, the second network device learns that the first terminal device has been migrated from the first network device to the third network device. Therefore, the second network device needs to update the forwarding table to avoid the second network device The device subsequently sends the erroneous packet to the first network device again.

In a possible implementation manner, after receiving the terminal change message, the second network device may delete from the forwarding table the relationship between the tunnel identifier of the VXLAN tunnel from the second network device to the first network and the address of the first terminal device corresponding relationship. A corresponding relationship between the tunnel identifier of the VXLAN tunnel from the second network device to the third network and the address of the first terminal device is established in the forwarding table.

In the scenario where the tunnel identifier in the forwarding table is the identifier of the VTEP of the receiving end of the VXLAN tunnel, the tunnel identifier of the VXLAN tunnel from the second network device to the third network is the identifier of the third network device. The tunnel identifier of the VXLAN tunnel from the second network device to the first network is the identifier of the first network device.

If the tunnel identifier in the forwarding table is a symbol other than the identifier of the peer device of the VXLAN tunnel that can uniquely identify the tunnel, for example, in the scenario where the tunnel identifier is a unique number for the VXLAN tunnel, the network device can use this number to index the Corresponding entry, the entry stores VXLAN tunnel parameters including the IP address of the peer device. In a possible implementation manner, the second network device also maintains a tunnel list, where the tunnel list includes the identifiers of the VTEPs of the receiving ends of the tunnels that correspond one-to-one with each tunnel identifier. In this scenario, the second network device searches the local forwarding table for the address of the terminal device corresponding to the tunnel identifier of the VXLAN tunnel between the second network device and the first network device. address of the device, not only deletes the correspondence between the tunnel identifier of the VXLAN tunnel from the second network device to the first network device in the tunnel list and the address of the first terminal device from the forwarding table, but also deletes the first terminal device from the tunnel list. The correspondence between the tunnel identifier of the VXLAN tunnel from the second network device to the first network device and the identifier of the first network device. If there are other terminal device addresses besides the first terminal device address in the found terminal device address, the tunnel identifier of the VXLAN tunnel from the second network device to the first network device and the first network device are not deleted from the tunnel list. The corresponding relationship between the device identifiers, but the corresponding relationship between the tunnel identifier of the VXLAN tunnel between the second network device and the first network device and the address of the first terminal device in the forwarding table is deleted.

It should be noted that the above process of deleting the corresponding relationship between the tunnel identifier of the VXLAN tunnel from the second network device to the first network device and the identifier of the first network device from the tunnel list is also referred to as deleting the second network device to the first network device. The process of VXLAN tunneling of the first network device.

In addition, in the scenario where the tunnel identifier in the forwarding table is a symbol other than the identifier of the peer device of the VXLAN tunnel that can uniquely identify the tunnel, the second network device, after receiving the terminal change message, ID, find the tunnel ID of the VXLAN tunnel of the third network device corresponding to the tunnel receiving end from the tunnel list. If a tunnel ID is found, the tunnel ID is the ID of the VXLAN tunnel between the second network device and the third network device. The identifier indicates that a VXLAN tunnel from the second network device to the third network device is currently established, but the correspondence between the address of the first terminal device and the tunnel identifier of the VXLAN tunnel has not been created. If no tunnel identifier is found, the tunnel identifier of the VXLAN tunnel between the second network device and the third network device is generated based on the tunnel identifier generation rule. Then, the corresponding relationship between the generated tunnel identifier and the identifier of the third network device is added to the tunnel list. The tunnel identifier generation rule is a set rule for generating a unique identifier for a VXLAN tunnel, which is not specifically limited in this embodiment of the present application. For example, the tunnel identifier is generated based on the number of VXLAN tunnels from the second network device to other network devices.

It should be noted that the above process after the tunnel identifier is not found is also referred to as the process of establishing a VXLAN tunnel between the second network device and the third network device. At this time, the above process can be described as follows: after receiving the terminal change message, the second network device searches whether it has already connected with the VXLAN tunnel from the second network device to the third network device. If there is no VXLAN tunnel from the second network device to the third network device VXLAN tunnel, establish a VXLAN tunnel from the second network device to the third network device, and add the corresponding relationship between the tunnel identifier of the VXLAN tunnel from the second network device to the third network device and the address of the first terminal device to the forwarding table middle. If a VXLAN tunnel from the second network device to the third network device has been established, it is only necessary to add the corresponding relationship between the tunnel identifier of the VXLAN tunnel from the second network device to the third network device and the address of the first terminal device to It can be forwarded.

The flow shown in FIG. 3 is further explained in detail below with the embodiment shown in FIG. 5 . In the embodiment shown in FIG. 5 , the control device is a border device in the VXLAN network.

1. After terminal device A is migrated to edge device 2, if terminal device A and terminal device B do not communicate with each other for a period of time, edge device 4 does not receive traffic destined for terminal device A within the aging time. The edge device 4 deletes the entry of the terminal device A in the forwarding table, and at the same time determines that there is no entry of the terminal device under the edge device 1 in the forwarding table, and deletes the VXLAN tunnel from the edge device 4 to the edge device 1.

2. After the terminal device is migrated to the edge device 2, if the terminal device A and the terminal device B have mutual visits. Then the process is shown in Figure 5.

1) Terminal device B sends traffic to access terminal device A

2) The edge device 4 forwards the traffic to the VXLAN tunnel from the edge device 4 to the edge device 1 according to the forwarding table.

3) The edge device 1 receives the traffic of the terminal device B, inquires that there is no terminal device A in the terminal access set of the device, and at the same time recognizes that the received traffic is a VXLAN packet.

4) Since there is no terminal device A in the terminal access set of the edge device 1, the traffic is forwarded through the VXLAN tunnel from the edge device 1 to the edge device.

5) The border device receives the traffic and forwards the traffic to the edge device 2 through the VLXLAN tunnel from the border device to the edge device 2.

6) The edge device 2 device receives the traffic and forwards it to the terminal device A according to the forwarding table.

7) When the edge device 1 forwards the traffic, it triggers an error message notification message, and notifies the edge device terminal device B to access the error message of the terminal device A through the OCP protocol.

8) The edge device queries the terminal access set of each terminal device, and finds that the VTEP corresponding to the terminal device B is the edge device 4 .

9) The edge device sends a notification to the edge device 4 through the OCP protocol to notify that the VTEP corresponding to the terminal device A is the edge device 2 .

10) After receiving the notification, the edge device 4 updates the entry of the terminal device A in the forwarding table through the following steps.

11) Edge device 4 judges that if the VXLAN tunnel from edge device 4 to edge device 2 has not been created, establish a VXLAN tunnel from edge device 4 to edge device 2 (here, establishing a VXLAN tunnel of edge device 4->edge device 2 refers to : Obtain the tunnel ID of the VXLAN tunnel of edge device 4->edge device 2, and add the corresponding relationship between the tunnel ID and the address of terminal device A to the forwarding table).

12) Edge device 4 deletes the correspondence between the address of terminal device A in the forwarding table and the tunnel identifier of the VXLAN tunnel between edge device 4 and edge device 1, and judges that if the forwarding table of this device does not include the tunnel The corresponding relationship between the identifiers indicates that there is no entry of the terminal device connected to edge device 1 in the forwarding table, then delete the VXLAN tunnel from edge device 4 to edge device 1 (here, delete the VXLAN tunnel from edge device 4 to edge device 1 is Refers to: delete the corresponding relationship between the tunnel ID of the VXLAN tunnel from edge device 4 to edge device 1 and the ID of edge device 1 in the tunnel list).

13) After the VXLAN tunnel from edge device 4 to edge device 2 is established, the traffic of terminal device B accessing terminal device A is forwarded from the VXLAN tunnel from edge device 4 to edge device 2.

With the method for establishing a VXLAN tunnel provided by the embodiment of the present application, when the first network device determines that the first terminal device is not connected to itself, it will send an error message passing message to the control device. Therefore, if the first terminal device migrates from the first network device, even if the forwarding table at the second network device is not updated in time, the first VXLAN packet is erroneously sent to the first network device. The notification message can still notify the control device of the migration situation, so as to notify the second network device through the control device, so that the second network device updates the forwarding table in time. Therefore, with the method provided by the embodiments of the present application, the established VXLAN tunnel in the forwarding table can be dynamically changed when the terminal device is migrated, so that the VXLAN tunnel established in the network can represent the current demanded VXLAN tunnel in real time. In this way, not only the flexibility of establishing a VXLAN tunnel is improved, but also it is unnecessary to reserve all VXLAN tunnels between devices in the VXLAN, thereby saving forwarding table resources at each network device.

FIG. 6 is a schematic structural diagram of a first network device in a VXLAN provided by an embodiment of the present application. The VXLAN includes multiple network devices, and the first network device is one of the multiple network devices.

As shown in FIG. 6, the first network device 600 includes:

A receiving module 601, configured to receive a first VXLAN message from a second network device, where the destination address of the original frame included in the first VXLAN message is the address of the first terminal device;

The sending module 602 is configured to send an error message notification message to the control device if there is no first terminal device in the terminal device connected to the first network device, where the error message notification message includes the address of the first terminal device, the first network The identifier of the device and the identifier of the second network device, the error message notification message indicates that the first terminal device is not connected to the first network device, but the first network device still receives the message from the second network device and sent to the first terminal device. VXLAN packets.

Optionally, the first network device further includes:

A deletion module, configured to delete the address of the first terminal device from the terminal access set of the first network device when it is determined that the first terminal device has left the first network device, where the terminal access set includes each device connected to the first network device The address of the end device.

Optionally, delete modules are used to:

If it is detected that the first terminal device and the first network device are disconnected from communication, it is determined that the first terminal device leaves the first network device.

Optionally, the sending module is also used for:

A terminal move-out notification is sent to the control device, where the terminal move-out notification includes the address of the first terminal device and the identifier of the first network device, and the terminal move-out notification instructs the first terminal device to leave the first network device.

Optionally, delete modules are used to:

If a terminal move-out instruction is received from the control device, it is determined that the first terminal equipment leaves the first network device, the terminal move-out instruction includes the address of the first terminal equipment, and the terminal move-out instruction is used to instruct the first terminal equipment to leave the first terminal Internet equipment.

Optionally, the sending module is also used for:

The original frame is encapsulated into a second VXLAN packet, and the second VXLAN packet is sent to the control device through the VXLAN tunnel between the first network device and the control device.

In this embodiment of the present application, when the first network device determines that the first terminal device is not connected to itself, it will send an error message pass message to the control device. Therefore, if the first terminal device migrates from the first network device, even if the forwarding table at the second network device is not updated in time, the first VXLAN packet is erroneously sent to the first network device. The notification message can still notify the control device of the migration situation, so as to notify the second network device through the control device, so that the second network device updates the forwarding table in time. Therefore, with the method provided by the embodiments of the present application, the established VXLAN tunnel in the forwarding table can be dynamically changed when the terminal device is migrated, so that the VXLAN tunnel established in the network can represent the current demanded VXLAN tunnel in real time. In this way, not only the flexibility of establishing a VXLAN tunnel is improved, but also it is unnecessary to reserve all VXLAN tunnels between devices in the VXLAN, thereby saving forwarding table resources at each network device.

It should be noted that: when the first network device provided in the above embodiment establishes a VXLAN tunnel, only the division of the above functional modules is used as an example for illustration. In practical applications, the above functions can be allocated to different functional modules as required. , that is, dividing the internal structure of the device into different functional modules to complete all or part of the functions described above. In addition, the first network device provided in the above embodiment and the method embodiment for establishing a VXLAN tunnel belong to the same concept, and the specific implementation process thereof is detailed in the method embodiment, which will not be repeated here.

FIG. 7 is a schematic structural diagram of a control device provided by an embodiment of the present application. As shown in FIG. 7, the control device 700 includes:

The receiving module 701 is configured to receive an error message notification message from a first network device in the VXLAN, where the error message notification message includes the address of the first terminal device, the identifier of the first network device, and the identifier of the second network device. The message notification message indicates that the first terminal device is not connected to the first network device, but the first network device still receives a VXLAN message from the second network device and sent to the first terminal device, where the VXLAN includes multiple network devices, The first network device and the second network device are two of the multiple network devices;

The sending module 702 is configured to send a terminal change message to the second network device, where the terminal change message includes the address of the first terminal device and the identifier of the third network device, and the terminal change message indicates that the first terminal device is currently connected to the third network device.

Optionally,

The receiving module is further configured to receive a terminal relocation notification from the first network device, where the terminal relocation notification includes the address of the first terminal device and the identifier of the first network device, and the terminal relocation notification instructs the first terminal device to leave the first network equipment;

The control device further includes a deletion module configured to delete the address of the first terminal device from the terminal access set of the first network device, where the terminal access set includes addresses of each terminal device connected to the first network device.

Optionally,

The receiving module is further configured to receive a terminal access announcement message sent from a third network device, where the terminal access announcement message includes the address of the first terminal device and the identifier of the third network device, and the terminal access announcement message indicates that the first terminal device is connected at a third network device;

The control device further includes a deletion module, configured to delete the address of the first terminal device in the terminal access set of the first network device if the address of the first terminal device is included in the terminal access set of the first network device;

The sending module is further configured to send a terminal relocation instruction to the first network device, where the terminal relocation instruction includes the address of the first terminal device, and the terminal relocation instruction is used to instruct the first terminal device to leave the first network device.

Optionally, the control device further includes:

The adding module is configured to add the address of the first terminal device to the terminal access set of the third network device.

In this embodiment of the present application, when the first network device determines that the first terminal device is not connected to itself, it will send an error message pass message to the control device. Therefore, if the first terminal device migrates from the first network device, even if the forwarding table at the second network device is not updated in time, the first VXLAN packet is erroneously sent to the first network device. The notification message can still notify the control device of the migration situation, so as to notify the second network device through the control device, so that the second network device updates the forwarding table in time. Therefore, with the method provided by the embodiments of the present application, the established VXLAN tunnel in the forwarding table can be dynamically changed when the terminal device is migrated, so that the VXLAN tunnel established in the network can represent the current demanded VXLAN tunnel in real time. In this way, not only the flexibility of establishing a VXLAN tunnel is improved, but also it is unnecessary to reserve all VXLAN tunnels between devices in the VXLAN, thereby saving forwarding table resources at each network device.

It should be noted that: when the control device provided in the above embodiment establishes a VXLAN tunnel, only the division of the above functional modules is used as an example. The internal structure of the device is divided into different functional modules to complete all or part of the functions described above. In addition, the control device provided in the above embodiment and the method embodiment for establishing a VXLAN tunnel belong to the same concept, and the specific implementation process thereof is detailed in the method embodiment, which will not be repeated here.

FIG. 8 is a schematic structural diagram of a network device provided by an embodiment of the present application. Any network device or control device in the foregoing embodiments may be implemented by the network device shown in FIG. 8 . Referring to FIG. 8 , the network device includes at least one processor 801 , a communication bus 802 , a memory 803 and at least one communication interface 804 .

The processor 801 may be a general-purpose central processing unit (central processing unit, CPU), an application-specific integrated circuit (application-specific integrated circuit, ASIC), or one or more integrated circuits for controlling the execution of the programs of the present application. The deletion module in the embodiment of FIG. 6 and the functions of the deletion module and the addition module in the embodiment of FIG. 7 can all be implemented by a processor.

Communication bus 802 may include a path to communicate information between the aforementioned components.

The memory 803 may be read-only memory (ROM), random access memory (RAM), electrically erasable programmable read-only memory (EEPROM), optical disk ( including compact disc read-only memory (CD-ROM), compact disc, laser disc, digital versatile disc, Blu-ray disc, etc.), magnetic disk or other magnetic storage device, or capable of carrying or storing instructions or data A desired program code in a structured form and any other medium that can be accessed by a computer, but is not limited thereto. The memory 803 can exist independently and is connected to the processor 801 through the communication bus 802 . The memory 803 may also be integrated with the processor 801 .

Wherein, the memory 803 is used for storing the program code for executing the solution of the present application, and the execution is controlled by the processor 801 . The processor 801 is used to execute program codes stored in the memory 803 . One or more software modules may be included in the program code. The network device or control device in FIGS. 1 to 6 may determine data for developing an application through the processor 801 and one or more software modules in the program code in the memory 803 .

Communication interface 804, using any transceiver-like device, for communicating with other devices or communication networks, such as Ethernet, radio access network (RAN), wireless local area networks (WLAN), etc. . The functions of the receiving module and the sending module in the embodiment of FIG. 6 or FIG. 7 may be implemented through a communication interface.

In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware or any combination thereof. When implemented in software, it can be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When the computer instructions are loaded and executed on a computer, all or part of the processes or functions described in the embodiments of the present application are generated. The computer may be a general purpose computer, special purpose computer, computer network, or other programmable device. The computer instructions may be stored in or transmitted from one computer readable storage medium to another computer readable storage medium, for example, the computer instructions may be downloaded from a website site, computer, server or data center Transmission to another website site, computer, server, or data center by wire (eg, coaxial cable, optical fiber, digital subscriber line (DSL)) or wireless (eg, infrared, wireless, microwave, etc.). The computer-readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that includes an integration of one or more available media. The available media may be magnetic media (eg, floppy disk, hard disk, magnetic tape), optical media (eg, digital versatile disc (DVD)), or semiconductor media (eg, solid state disk (SSD)) )Wait.

Those of ordinary skill in the art can understand that all or part of the steps of implementing the above embodiments can be completed by hardware, or can be completed by instructing relevant hardware through a program, and the program can be stored in a computer-readable storage medium. The storage medium mentioned may be a read-only memory, a magnetic disk or an optical disk, etc.

The above-mentioned embodiments provided for this application are not intended to limit this application. Any modifications, equivalent replacements, improvements, etc. made within the spirit and principles of the embodiments of this application shall be included in the embodiments of this application. within the scope of protection.

Claims (21)

A method for establishing a virtual extended local area network VXLAN tunnel, characterized in that it is applied to a first network device in a VXLAN, the VXLAN includes multiple network devices, and the first network device is one of the multiple network devices. One; The method includes: receiving the first VXLAN message from the second network device, where the destination address of the original frame included in the first VXLAN message is the address of the first terminal device; If there is no first terminal device in the terminal devices connected to the first network device, send an error message notification message to the control device, where the error message notification message includes the address of the first terminal device, the The identifier of the first network device and the identifier of the second network device, the error message notification message indicates that the first terminal device is not connected to the first network device, but the first network device still receives to the VXLAN packet from the second network device and sent to the first terminal device. The method of claim 1, wherein the method further comprises: When the first terminal device leaves the first network device, delete the address of the first terminal device from the terminal access set of the first network device, where the terminal access set includes connecting the The address of each terminal device of the first network device. The method of claim 2, wherein the method further comprises: If it is detected that the first terminal device and the first network device are disconnected from communication, it is determined that the first terminal device leaves the first network device. The method according to claim 2 or 3, characterized in that the method further comprises: When the first terminal device leaves the first network device, send a terminal move-out notification to the control device, where the terminal move-out notification includes the address of the first terminal device and the identifier of the first network device , the terminal move-out notification instructs the first terminal device to leave the first network device. The method of any one of claims 2 to 4, comprising: If a terminal relocation instruction is received from the control device, it is determined that the first terminal device leaves the first network device, the terminal relocation instruction includes the address of the first terminal device, and the terminal relocation instruction includes the address of the first terminal device. The output instruction is used to instruct the first terminal device to leave the first network device. The method according to any one of claims 1 to 5, wherein the method further comprises: The original frame is encapsulated into a second VXLAN packet, and the second VXLAN packet is sent to the control device via the VXLAN tunnel between the first network device and the control device. A method for establishing a virtual extended local area network VXLAN tunnel, which is characterized in that it is applied to a control device; The method includes: Receive an error message notification message from the first network device in the VXLAN, where the error message notification message includes the address of the first terminal device, the identifier of the first network device, and the identifier of the second network device, where The error message notification message indicates that the first terminal device is not connected to the first network device, but the first network device still receives messages from the second network device and sent to the first terminal device. VXLAN packet, the VXLAN includes multiple network devices, and the first network device and the second network device are two of the multiple network devices; Send a terminal change message to the second network device, where the terminal change message includes the address of the first terminal device and the identifier of the third network device, and the terminal change message indicates that the first terminal device is currently connected to the third network device. The method of claim 7, wherein the method further comprises: Receive a terminal move-out notification from the first network device, the terminal move-out notification includes an address of the first terminal device and an identifier of the first network device, and the terminal move-out notification indicates the first The terminal device leaves the first network device; Delete the address of the first terminal device from a terminal access set of the first network device, where the terminal access set includes addresses of each terminal device connected to the first network device. The method of claim 7 or 8, wherein the method further comprises: Receive a terminal access announcement message sent from the third network device, the terminal access announcement message includes the address of the first terminal device and the identifier of the third network device, and the terminal access announcement message indicates the the first terminal device is connected to the third network device; If the terminal access set of the first network device includes the address of the first terminal device, delete the address of the first terminal device in the terminal access set of the first network device and send the address to the first terminal device. A network device sends a terminal relocation instruction, where the terminal relocation instruction includes the address of the first terminal device, and the terminal relocation instruction is used to instruct the first terminal device to leave the first network device. The method according to claim 9, wherein after receiving the terminal access announcement message sent from the third network device, the method further comprises: The address of the first terminal device is added to the terminal access set of the third network device. A first network device in a VXLAN, wherein the VXLAN includes multiple network devices, and the first network device is one of the multiple network devices; The first network device includes: a receiving module, configured to receive the first VXLAN message from the second network device, where the destination address of the original frame included in the first VXLAN message is the address of the first terminal device; a sending module, configured to send an error message notification message to a control device if the first terminal device is not included in the terminal devices connected to the first network device, where the error message notification message includes the first terminal The address of the device, the identifier of the first network device, and the identifier of the second network device, the error message notification message indicates that the first terminal device is not connected to the first network device, but the first terminal device is not connected to the first network device. A network device still receives the VXLAN packet from the second network device and sent to the first terminal device. The first network device according to claim 11, wherein the first network device further comprises: a deletion module, configured to delete the address of the first terminal device from the terminal access set of the first network device when the first terminal device leaves the first network device, the terminal access set Include the address of each terminal device connected to the first network device. The first network device according to claim 12, wherein the deletion module is used for: If it is detected that the first terminal device and the first network device are disconnected from communication, it is determined that the first terminal device leaves the first network device. The first network device according to claim 13, wherein the sending module is further configured to: When the first terminal device leaves the first network device, send a terminal move-out notification to the control device, where the terminal move-out notification includes the address of the first terminal device and the identifier of the first network device , the terminal move-out notification instructs the first terminal device to leave the first network device. The first network device according to any one of claims 12 to 14, wherein the deletion module is configured to: If a terminal relocation instruction is received from the control device, it is determined that the first terminal device leaves the first network device, the terminal relocation instruction includes the address of the first terminal device, and the terminal relocation instruction includes the address of the first terminal device. The output instruction is used to instruct the first terminal device to leave the first network device. The first network device according to any one of claims 11 to 15, wherein the sending module is further configured to: The original frame is encapsulated into a second VXLAN packet, and the second VXLAN packet is sent to the control device via the VXLAN tunnel between the first network device and the control device. A control device, characterized in that the control device comprises: a receiving module, configured to receive an error message notification message from a first network device in the VXLAN, where the error message notification message includes the address of the first terminal device, the identifier of the first network device, and the second network device The identification of the device, the error message notification message indicates that the first terminal device is not connected to the first network device, but the first network device still receives from the second network device and sends it to the The VXLAN message of the first terminal device, the VXLAN includes multiple network devices, and the first network device and the second network device are two of the multiple network devices; a sending module, configured to send a terminal change message to the second network device, where the terminal change message includes an address of the first terminal device and an identifier of a third network device, and the terminal change message indicates the first terminal The device is currently connected to the third network device. The control device of claim 17, wherein: The receiving module is further configured to receive a terminal migration notification from the first network device, where the terminal migration notification includes the address of the first terminal device and the identifier of the first network device, and the terminal The move-out notification instructs the first terminal device to leave the first network device; The control device further includes a deletion module, configured to delete the address of the first terminal device from a terminal access set of the first network device, where the terminal access set includes a terminal connected to the first network device. The address of each terminal device. A control device as claimed in claim 17 or 18, characterized in that, The receiving module is further configured to receive a terminal access announcement message sent from the third network device, where the terminal access announcement message includes the address of the first terminal device and the identifier of the third network device, the the terminal access announcement message indicates that the first terminal device is connected to the third network device; The control device further includes a deletion module, configured to delete the address of the first terminal device in the terminal access set of the first network device if the address of the first terminal device is included in the terminal access set of the first network device. the address of the first terminal device; The sending module is further configured to send a terminal relocation instruction to the first network device, where the terminal relocation instruction includes the address of the first terminal device, and the terminal relocation instruction is used to indicate the first terminal relocation instruction. The terminal device leaves the first network device. The control device of claim 19, wherein the control device further comprises: The adding module is configured to add the address of the first terminal device to the terminal access set of the third network device. A computer-readable storage medium having instructions stored in the computer-readable storage medium, when running on a computer, causes the computer to execute the method of any one of claims 1-6, or execute the method of claim 7- 10. The method of any one.

Images