CN116436729B - Message transmission method, networking system and access cloud gateway - Google Patents
Message transmission method, networking system and access cloud gateway Download PDFInfo
- Publication number
- CN116436729B CN116436729B CN202310676715.8A CN202310676715A CN116436729B CN 116436729 B CN116436729 B CN 116436729B CN 202310676715 A CN202310676715 A CN 202310676715A CN 116436729 B CN116436729 B CN 116436729B
- Authority
- CN
- China
- Prior art keywords
- message
- cloud gateway
- tunnel
- access cloud
- forwarded
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/66—Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/12—Avoiding congestion; Recovering from congestion
- H04L47/125—Avoiding congestion; Recovering from congestion by balancing the load, e.g. traffic engineering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/08—Protocols for interworking; Protocol conversion
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2212/00—Encapsulation of packets
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
本申请提供一种报文传输方法、组网系统及接入云网关。该组网系统中的用户边缘设备根据隧道选择条件确定第一目标隧道和第一目标网络边缘设备,并发送初始报文至所述第一目标网络边缘设备,第一目标网络边缘设备基于第一预设协议封装该初始报文,得到并通过第一目标隧道发送第一转发报文至系统中的接入云网关,最后该接入云网关通过根据隧道选择条件确定的第二目标隧道和第二目标网络边缘设备,将基于预设网络转换技术和第一预设协议,处理第一转发报文得到的第二转发报文发送至系统中的宽带接入服务器。该方法通过设置至少两个网络边缘设备,实现了多归的组网模式,从而提高了带宽利用效率、降低了运维的复杂度。
This application provides a message transmission method, networking system and access cloud gateway. The user edge device in the networking system determines the first target tunnel and the first target network edge device according to the tunnel selection condition, and sends an initial message to the first target network edge device. The first target network edge device is based on the first The preset protocol encapsulates the initial message, obtains and sends the first forwarding message to the access cloud gateway in the system through the first target tunnel. Finally, the access cloud gateway passes the second target tunnel and the third target tunnel determined according to the tunnel selection conditions. The second target network edge device sends the second forwarded message obtained by processing the first forwarded message based on the preset network conversion technology and the first preset protocol to the broadband access server in the system. This method achieves a multi-homing networking mode by setting up at least two network edge devices, thereby improving bandwidth utilization efficiency and reducing operation and maintenance complexity.
Description
技术领域Technical field
本申请涉及网络技术领域,尤其涉及一种报文传输方法、组网系统及接入云网关。This application relates to the field of network technology, and in particular to a message transmission method, a networking system and an access cloud gateway.
背景技术Background technique
随着数据中心数量和规模的指数级增长,多个不同物理域的数据中心需要互联,为了降低运营和管理成本,也需要对原有二层虚拟专用网(L2VPN)技术做出变革。然而,当前组网系统中虚拟专用局域网业务(VPLS)泛红效率低,带宽利用率比较局限,且传统的网络部署方式通常涉及到网络层的复杂配置,在新增或替换某些设备时,会导致新增或删除互联站点时已有站点的配置受到影响,加大了运维的复杂度。With the exponential growth in the number and scale of data centers, multiple data centers in different physical domains need to be interconnected. In order to reduce operation and management costs, it is also necessary to make changes to the original Layer 2 Virtual Private Network (L2VPN) technology. However, the virtual private LAN service (VPLS) in the current networking system has low efficiency and limited bandwidth utilization, and the traditional network deployment method usually involves complex configuration of the network layer. When adding or replacing certain devices, This will cause the configuration of existing sites to be affected when adding or deleting interconnected sites, increasing the complexity of operation and maintenance.
因此,当前技术存在带宽利用率较低、运维复杂度较高的技术问题,需要改进。Therefore, the current technology has technical problems such as low bandwidth utilization and high operation and maintenance complexity, which need to be improved.
发明内容Contents of the invention
本申请提供一种报文传输方法、组网系统及接入云网关,用于缓解当前技术中存在的带宽利用率较低、运维复杂度较高的技术问题。This application provides a message transmission method, networking system and access cloud gateway to alleviate the technical problems of low bandwidth utilization and high operation and maintenance complexity existing in the current technology.
为了解决上述技术问题,本申请提供以下技术方案:In order to solve the above technical problems, this application provides the following technical solutions:
本申请提供一种报文传输方法,应用于组网系统,所述组网系统包括用户边缘设备、至少两个网络边缘设备、接入云网关以及宽带接入服务器;该方法包括:This application provides a message transmission method, which is applied to a networking system. The networking system includes a user edge device, at least two network edge devices, an access cloud gateway, and a broadband access server; the method includes:
所述用户边缘设备根据隧道选择条件确定第一目标隧道和第一目标网络边缘设备,发送初始报文至所述第一目标网络边缘设备;其中,所述隧道选择条件是基于各网络边缘设备的实时设备负载情况、主备属性、实时隧道通断情况中的至少一个确定的;The user edge device determines the first target tunnel and the first target network edge device according to the tunnel selection condition, and sends an initial message to the first target network edge device; wherein the tunnel selection condition is based on the parameters of each network edge device. At least one of the real-time device load conditions, active and backup attributes, and real-time tunnel connection and disconnection conditions is determined;
所述第一目标网络边缘设备基于第一预设协议封装所述初始报文,得到第一转发报文,并通过所述第一目标隧道发送所述第一转发报文至所述接入云网关;The first target network edge device encapsulates the initial message based on a first preset protocol, obtains a first forwarding message, and sends the first forwarding message to the access cloud through the first target tunnel. gateway;
所述接入云网关根据所述隧道选择条件确定第二目标隧道和第二目标网络边缘设备;其中,所述第二预设链路选择条件是基于各网络边缘设备的实时设备负载情况、主备属性、实时链路通断情况中的至少一个确定的;The access cloud gateway determines the second target tunnel and the second target network edge device according to the tunnel selection condition; wherein the second preset link selection condition is based on the real-time device load of each network edge device, the host At least one of the equipment attributes and real-time link on-and-off conditions is determined;
所述接入云网关基于预设网络转换技术和所述第一预设协议,处理所述第一转发报文,得到第二转发报文;The access cloud gateway processes the first forwarded message based on the preset network conversion technology and the first preset protocol to obtain a second forwarded message;
所述接入云网关通过所述第二目标隧道和所述第二目标网络边缘设备,将所述第二转发报文发送至所述宽带接入服务器。The access cloud gateway sends the second forwarding message to the broadband access server through the second target tunnel and the second target network edge device.
相应的,本申请还提供一种组网系统,包括用户边缘设备、至少两个网络边缘设备、接入云网关以及宽带接入服务器;其中:Correspondingly, this application also provides a networking system, including a user edge device, at least two network edge devices, an access cloud gateway and a broadband access server; wherein:
所述用户边缘设备用于,根据隧道选择条件确定第一目标隧道和第一目标网络边缘设备,发送初始报文至所述第一目标网络边缘设备;其中,所述隧道选择条件是基于各网络边缘设备的实时设备负载情况、主备属性、实时隧道通断情况中的至少一个确定的;The user edge device is configured to determine a first target tunnel and a first target network edge device according to tunnel selection conditions, and send an initial message to the first target network edge device; wherein the tunnel selection conditions are based on each network At least one of the real-time device load conditions, active and backup attributes, and real-time tunnel connection and disconnection conditions of the edge device is determined;
所述第一目标网络边缘设备用于,基于第一预设协议封装所述初始报文,得到第一转发报文,并通过所述第一目标隧道发送所述第一转发报文至所述接入云网关;The first target network edge device is configured to encapsulate the initial message based on a first preset protocol, obtain a first forwarding message, and send the first forwarding message to the first forwarding message through the first target tunnel. Access cloud gateway;
所述接入云网关用于,根据所述隧道选择条件确定第二目标隧道和第二目标网络边缘设备;其中,所述第二预设链路选择条件是基于各网络边缘设备的实时设备负载情况、主备属性、实时链路通断情况中的至少一个确定的;The access cloud gateway is configured to determine a second target tunnel and a second target network edge device according to the tunnel selection condition; wherein the second preset link selection condition is based on the real-time device load of each network edge device. At least one of the conditions, active and backup attributes, and real-time link on-and-off conditions is determined;
所述接入云网关还用于,基于预设网络转换技术和所述第一预设协议,处理所述第一转发报文,得到第二转发报文;The access cloud gateway is also configured to process the first forwarding message based on the preset network conversion technology and the first preset protocol to obtain a second forwarding message;
所述接入云网关还用于,通过所述第二目标隧道和所述第二目标网络边缘设备,将所述第二转发报文发送至所述宽带接入服务器。The access cloud gateway is further configured to send the second forwarding message to the broadband access server through the second target tunnel and the second target network edge device.
此外,本申请还提供一种接入云网关,包括:In addition, this application also provides an access cloud gateway, including:
报文接收单元,用于接收第一目标网络边缘设备通过第一目标隧道发送的第一转发报文;其中,所述第一转发报文为所述第一目标网络边缘设备基于第一预设协议封装初始报文得到的,所述初始报文为用户边缘设备发送的,所述第一目标隧道和所述第一目标网络边缘设备为所述用户边缘设备根据隧道选择条件确定的,所述隧道选择条件是基于各网络边缘设备的实时设备负载情况、主备属性、实时隧道通断情况中的至少一个确定的;A message receiving unit configured to receive a first forwarding message sent by the first target network edge device through the first target tunnel; wherein the first forwarding message is the first forwarding message sent by the first target network edge device based on the first preset The initial message is obtained by encapsulating the initial message with the protocol. The initial message is sent by the user edge device. The first target tunnel and the first target network edge device are determined by the user edge device according to tunnel selection conditions. The tunnel selection conditions are determined based on at least one of the real-time device load status, active and backup attributes, and real-time tunnel on/off status of each network edge device;
第一确定单元,用于根据所述隧道选择条件确定第二目标隧道和第二目标网络边缘设备;其中,所述第二预设链路选择条件是基于各网络边缘设备的实时设备负载情况、主备属性、实时链路通断情况中的至少一个确定的;A first determination unit configured to determine the second target tunnel and the second target network edge device according to the tunnel selection condition; wherein the second preset link selection condition is based on the real-time device load condition of each network edge device, At least one of the active and standby attributes and real-time link connection and disconnection conditions is determined;
报文处理单元,用于基于预设网络转换技术和所述第一预设协议,处理所述第一转发报文,得到第二转发报文;A message processing unit, configured to process the first forwarded message based on the preset network conversion technology and the first preset protocol to obtain a second forwarded message;
报文转发单元,用于通过所述第二目标隧道和所述第二目标网络边缘设备,将所述第二转发报文发送至所述宽带接入服务器。A message forwarding unit, configured to send the second forwarding message to the broadband access server through the second target tunnel and the second target network edge device.
有益效果:本申请提供一种报文传输方法、组网系统及接入云网关。具体地,该组网系统包括用户边缘设备、至少两个网络边缘设备、接入云网关以及宽带接入服务器,系统中的用户边缘设备根据隧道选择条件确定第一目标隧道和第一目标网络边缘设备,发送初始报文至第一目标网络边缘设备;其中,该隧道选择条件是基于各网络边缘设备的实时设备负载情况、主备属性、实时隧道通断情况中的至少一个确定的;然后,该第一目标网络边缘设备基于第一预设协议封装接收到的初始报文,得到第一转发报文,并通过第一目标隧道发送第一转发报文至系统中的接入云网关;接着该接入云网关根据隧道选择条件确定第二目标隧道和第二目标网络边缘设备;其中,第二预设链路选择条件是基于各网络边缘设备的实时设备负载情况、主备属性、实时链路通断情况中的至少一个确定的;最后,该接入云网关基于预设网络转换技术和第一预设协议处理第一转发报文,得到第二转发报文,并通过第二目标隧道和第二目标网络边缘设备,将该第二转发报文发送至系统中的宽带接入服务器。该方法通过在组网系统中设置至少两个网络边缘设备,搭建了以网络边缘设备为中心的通信隧道,使得用户边缘设备发往接入云网关以及接入云网关发往宽带接入服务器的报文可以从至少两条隧道中选择合适的隧道进行报文传输,实现了多归的组网模式,从而减少了物理设备备份、链路备份,提高了传输链路的可靠性,使得流量负载均衡,避免了流量堵塞,实现了报文的高效、安全传输,提高了宽带利用效率,减少了带宽消耗,同时,这种多归的组网模式可实现在增删改互联站点时,采用单边部署方式,使得已有站点的配置不受影响,降低了运维的复杂度。Beneficial effects: This application provides a message transmission method, networking system and access cloud gateway. Specifically, the networking system includes a user edge device, at least two network edge devices, an access cloud gateway, and a broadband access server. The user edge device in the system determines the first target tunnel and the first target network edge according to the tunnel selection conditions. The device sends an initial message to the first target network edge device; wherein the tunnel selection condition is determined based on at least one of real-time device load conditions, active and backup attributes, and real-time tunnel on-off conditions of each network edge device; then, The first target network edge device encapsulates the received initial message based on the first preset protocol, obtains the first forwarded message, and sends the first forwarded message to the access cloud gateway in the system through the first target tunnel; then The access cloud gateway determines the second target tunnel and the second target network edge device according to the tunnel selection conditions; wherein the second preset link selection condition is based on the real-time device load status, active and backup attributes, and real-time link selection conditions of each network edge device. At least one of the path openness and disconnection conditions is determined; finally, the access cloud gateway processes the first forwarding message based on the preset network conversion technology and the first preset protocol, obtains the second forwarding message, and passes the second target tunnel and the second target network edge device, sending the second forwarded message to the broadband access server in the system. This method builds a communication tunnel centered on the network edge device by setting up at least two network edge devices in the networking system, so that the user edge device sends data to the access cloud gateway and the access cloud gateway sends data to the broadband access server. Messages can choose the appropriate tunnel from at least two tunnels for message transmission, realizing a multi-homing networking mode, thereby reducing physical device backup and link backup, improving the reliability of the transmission link, and reducing the traffic load. Balanced, avoids traffic congestion, achieves efficient and safe transmission of messages, improves broadband utilization efficiency, and reduces bandwidth consumption. At the same time, this multi-homing networking mode can realize the use of unilateral methods when adding, deleting, or modifying interconnected sites. The deployment method ensures that the configuration of existing sites is not affected and reduces the complexity of operation and maintenance.
附图说明Description of the drawings
下面结合附图,通过对本申请的具体实施方式详细描述,将使本申请的技术方案及其它有益效果显而易见。The technical solutions and other beneficial effects of the present application will be apparent through a detailed description of the specific embodiments of the present application in conjunction with the accompanying drawings.
图1是本申请实施例提供的组网系统的系统架构图。Figure 1 is a system architecture diagram of a networking system provided by an embodiment of the present application.
图2是本申请实施例提供的报文传输方法的流程示意图。Figure 2 is a schematic flowchart of a message transmission method provided by an embodiment of the present application.
图3是本申请实施例提供的组网系统的拓扑结构示意图。Figure 3 is a schematic diagram of the topology of the networking system provided by the embodiment of the present application.
图4是本申请实施例提供的报文传输的数据流向示意图。Figure 4 is a schematic diagram of the data flow of message transmission provided by the embodiment of the present application.
图5是本申请实施例提供的接入云网关的结构示意图。Figure 5 is a schematic structural diagram of an access cloud gateway provided by an embodiment of the present application.
具体实施方式Detailed ways
下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述。显然,所描述的实施例仅仅是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application. Obviously, the described embodiments are only some of the embodiments of the present application, but not all of the embodiments. Based on the embodiments in this application, all other embodiments obtained by those skilled in the art without making creative efforts fall within the scope of protection of this application.
本申请的说明书和权利要求书中的术语“包括”和“具有”以及他们的任何变形,意图在于覆盖不排他的包含;本申请中所出现的模块的划分,仅仅是一种逻辑上的划分,实际应用中实现时可以有另外的划分方式,例如多个模块可以结合成或集成在另一个系统中,或一些特征可以忽略,或不执行。The terms "including" and "having" and any variations thereof in the description and claims of this application are intended to cover non-exclusive inclusion; the division of modules appearing in this application is only a logical division , there may be other division methods when implemented in actual applications, for example, multiple modules can be combined or integrated into another system, or some features can be ignored or not implemented.
本申请提供一种报文传输方法、组网系统及接入云网关,其中,该接入云网关可以是服务器,也可以是终端等设备。This application provides a message transmission method, a networking system, and an access cloud gateway. The access cloud gateway can be a server or a terminal or other device.
请参阅图1,图1是本申请实施例提供的组网系统的系统架构图,如图1所示,该组网系统可以包括终端以及设备,终端之间、设备之间、以及终端与设备之间通过各种网关组成的互联网等方式连接通信,其中,该组网系统至少包括用户边缘设备101、至少两个网络边缘设备102、接入云网关103以及宽带接入服务器104,其中:Please refer to Figure 1. Figure 1 is a system architecture diagram of a networking system provided by an embodiment of the present application. As shown in Figure 1, the networking system can include terminals and devices, between terminals, between devices, and between terminals and devices. They are connected and communicated through the Internet composed of various gateways. The networking system includes at least a user edge device 101, at least two network edge devices 102, an access cloud gateway 103 and a broadband access server 104, where:
用户边缘设备101指的是用来与PTN网络的边缘设备对接的设备,包括用于连接光纤干线的终端设备,例如光线路终端(OLT)。User edge equipment 101 refers to equipment used to interface with edge equipment of the PTN network, including terminal equipment used to connect optical fiber trunk lines, such as optical line terminals (OLT).
网络边缘设备102可以是服务提供商骨干网的边缘路由器,它相当于标签边缘路由器(LER)。PE路由器连接CE路由器和P路由器,是最重要的网络节点。用户的流量通过PE路由器流入用户网络,或者通过PE路由器流到组网骨干网。The network edge device 102 may be an edge router of the service provider's backbone network, which is equivalent to a Label Edge Router (LER). The PE router connects the CE router and the P router and is the most important network node. User traffic flows into the user network through the PE router, or flows through the PE router to the backbone network.
接入云网关103位于软交换架构当中的边缘接入层,提供模拟用户线接口,用于直接将普通电话用户接入到软交换网中。The access cloud gateway 103 is located at the edge access layer in the softswitch architecture and provides an analog subscriber line interface for directly connecting ordinary telephone users to the softswitch network.
宽带接入服务器(Bras)104是接入网和骨干网之间的桥梁,它是一个网关,牢牢控制着用户的数据进出骨干网。宽带接入服务器104既要负责用户管理,也要负责数据流的转发。需要说明的是,宽带接入服务器104还可以是虚拟化(云化)的,即vBRAS,其可以灵活进行弹性扩容、缩容,简化运维,统一标准接口,提升设备性能。Broadband access server (Bras) 104 is the bridge between the access network and the backbone network. It is a gateway that firmly controls the user's data entering and exiting the backbone network. The broadband access server 104 is responsible for both user management and data flow forwarding. It should be noted that the broadband access server 104 can also be virtualized (clouded), that is, vBRAS, which can flexibly expand and reduce capacity, simplify operation and maintenance, unify standard interfaces, and improve equipment performance.
用户边缘设备101、至少两个网络边缘设备102、接入云网关103以及宽带接入服务器104之间设有通信链路,以实现信息交互;通信链路的类型可以包括有线、无线通信链路或者光纤电缆等,本申请在此不做限制,具体的:Communication links are provided between the user edge device 101, at least two network edge devices 102, the access cloud gateway 103 and the broadband access server 104 to realize information interaction; the types of communication links may include wired and wireless communication links. Or fiber optic cables, etc. This application is not limited here, specifically:
该用户边缘设备101用于根据隧道选择条件确定第一目标隧道和第一目标网络边缘设备,然后发送初始报文至前述过程确定的第一目标网络边缘设备,其中,该第一目标网络边缘设备为至少两个网络边缘设备102中的一个,该隧道选择条件是基于各网络边缘设备102的实时设备负载情况、主备属性、实时隧道通断情况中的至少一个确定的,然后,该第一目标网络边缘设备用于基于第一预设协议封装接收到的该初始报文,得到第一转发报文,并通过前述过程确定的第一目标隧道发送该第一转发报文至接入云网关103,接着,该接入云网关103用于根据隧道选择条件确定第二目标隧道和第二目标网络边缘设备,其中,该第二预设链路选择条件也是基于各网络边缘设备102的实时设备负载情况、主备属性、实时链路通断情况中的至少一个确定的,此外,该接入云网关103还用于基于预设网络转换技术和第一预设协议处理该第一转发报文,得到第二转发报文,最后,该接入云网关103还用于通过前述过程确定的第二目标隧道和第二目标网络边缘设备,将该第二转发报文发送至宽带接入服务器104。The user edge device 101 is configured to determine the first target tunnel and the first target network edge device according to the tunnel selection condition, and then send an initial message to the first target network edge device determined in the foregoing process, wherein the first target network edge device For one of at least two network edge devices 102, the tunnel selection condition is determined based on at least one of the real-time device load status, active and backup attributes, and real-time tunnel on/off status of each network edge device 102. Then, the first The target network edge device is configured to encapsulate the received initial message based on the first preset protocol, obtain the first forwarded message, and send the first forwarded message to the access cloud gateway through the first target tunnel determined in the aforementioned process. 103. Next, the access cloud gateway 103 is used to determine the second target tunnel and the second target network edge device according to the tunnel selection condition, wherein the second preset link selection condition is also based on the real-time device of each network edge device 102 At least one of the load conditions, active and standby attributes, and real-time link on-and-off conditions is determined. In addition, the access cloud gateway 103 is also used to process the first forwarded message based on the preset network conversion technology and the first preset protocol. , to obtain the second forwarding message. Finally, the access cloud gateway 103 is also used to send the second forwarding message to the broadband access server 104 through the second target tunnel and the second target network edge device determined through the aforementioned process. .
除此之外,该组网系统还可以包括安全业务云网关105,该安全业务云网关105是用于承载安全的业务云网关。此时组网系统中的上行报文到达接入云网关后,接入云网关101通过与安全业务云网关105之间的第二预设协议(例如VxLAN协议)隧道,实现第一预设协议(例如SRv6)到第二预设协议(例如VxLAN)的转换,将上行报文通过第二预设协议(例如VxLAN)引入该安全业务云网关105中进行清洗过滤,得到健康的报文数据,然后将清洗后的报文数据通过第二预设协议(例如VxLAN)再次导入接入云网关101中,由接入云网关根据第一预设协议(例如SRv6)对其进行封装,并送到宽带接入服务器104中,发起PPPoE拨号,以完成认证和网络接入。In addition, the networking system may also include a secure service cloud gateway 105, which is a secure service cloud gateway used to carry security. At this time, after the uplink packets in the networking system arrive at the access cloud gateway, the access cloud gateway 101 implements the first preset protocol through the second preset protocol (such as VxLAN protocol) tunnel with the security service cloud gateway 105 (for example, SRv6) to the second preset protocol (for example, VxLAN), and introduce the uplink packets into the security service cloud gateway 105 through the second preset protocol (for example, VxLAN) for cleaning and filtering to obtain healthy packet data. The cleaned message data is then imported into the access cloud gateway 101 again through the second preset protocol (for example, VxLAN). The access cloud gateway encapsulates it according to the first preset protocol (for example, SRv6) and sends it to In the broadband access server 104, PPPoE dial-up is initiated to complete authentication and network access.
在上述报文传输过程中,该组网系统通过设置至少两个网络边缘设备,搭建了以网络边缘设备为中心的通信隧道,使得用户边缘设备发往接入云网关以及接入云网关发往宽带接入服务器的报文可以从至少两条隧道中选择合适的隧道进行报文传输,实现了多归的组网模式,从而减少了物理设备备份、链路备份,提高了传输链路的可靠性,使得流量负载均衡,避免了流量堵塞,实现了报文的高效、安全传输,提高了宽带利用效率,减少了带宽消耗,同时,这种多归的组网模式可实现在增删改互联站点时,采用单边部署方式,使得已有站点的配置不受影响,降低了运维的复杂度。During the above message transmission process, the networking system sets up at least two network edge devices to build a communication tunnel with the network edge device as the center, so that the user edge device sends to the access cloud gateway and the access cloud gateway sends to Broadband access server packets can choose the appropriate tunnel from at least two tunnels for packet transmission, realizing a multi-homing networking mode, thereby reducing physical device backup and link backup, and improving the reliability of the transmission link. It ensures traffic load balancing, avoids traffic congestion, realizes efficient and safe transmission of messages, improves broadband utilization efficiency, and reduces bandwidth consumption. At the same time, this multi-homing networking mode can realize the addition, deletion and modification of interconnected sites. When deploying, a unilateral deployment method is adopted so that the configuration of existing sites is not affected and the complexity of operation and maintenance is reduced.
需要说明的是,图1所示的系统架构图仅仅是一个示例,本申请实施例描述的终端、设备以及场景是为了更加清楚的说明本申请实施例的技术方案,并不构成对于本申请实施例提供的技术方案的限定,本领域普通技术人员可知,随着系统的演变和新业务场景的出现,本申请实施例提供的技术方案对于类似的技术问题,同样适用。以下分别进行详细说明。需说明的是,以下实施例的描述顺序不作为对实施例优选顺序的限定。It should be noted that the system architecture diagram shown in Figure 1 is only an example. The terminals, devices and scenarios described in the embodiments of this application are for the purpose of more clearly illustrating the technical solutions of the embodiments of this application, and do not constitute a requirement for the implementation of this application. As the limitations of the technical solutions provided in the examples, those of ordinary skill in the art will know that with the evolution of the system and the emergence of new business scenarios, the technical solutions provided in the embodiments of this application are equally applicable to similar technical problems. Each is explained in detail below. It should be noted that the order of description of the following embodiments does not limit the preferred order of the embodiments.
在本申请实施例中,请参阅图2所示,图2是本申请实施例提供的报文传输方法的流程示意图,该报文传输方法应用于组网系统,该组网系统包括用户边缘设备、至少两个网络边缘设备、接入云网关以及宽带接入服务器。该方法至少包括以下步骤:In the embodiment of the present application, please refer to Figure 2. Figure 2 is a schematic flow chart of a message transmission method provided by an embodiment of the present application. The message transmission method is applied to a networking system. The networking system includes user edge devices. , at least two network edge devices, access cloud gateways and broadband access servers. The method includes at least the following steps:
S201:用户边缘设备根据隧道选择条件确定第一目标隧道和第一目标网络边缘设备,发送初始报文至第一目标网络边缘设备;其中,隧道选择条件是基于各网络边缘设备的实时设备负载情况、主备属性、实时隧道通断情况中的至少一个确定的。S201: The user edge device determines the first target tunnel and the first target network edge device according to the tunnel selection conditions, and sends an initial message to the first target network edge device; wherein, the tunnel selection conditions are based on the real-time device load of each network edge device. , at least one of active and standby attributes, and real-time tunnel connection and disconnection conditions is determined.
在一种实施例中,在步骤S201之前还包括:至少两个网络边缘设备与接入云网关建立LAN侧的至少两条第一预设协议隧道;接入云网关与至少两个网络边缘设备建立WAN侧的至少两条第一预设协议隧道。其中,如图3所示,图3为本申请实施例提供的组网系统的拓扑结构示意图,图3仅示出了两个网络边缘设备,网络边缘设备A以下简称为ALEAF,网络边缘设备B以下简称为BLEAF。In one embodiment, before step S201, it also includes: at least two network edge devices and the access cloud gateway establishing at least two first preset protocol tunnels on the LAN side; the access cloud gateway and the at least two network edge devices Establish at least two first default protocol tunnels on the WAN side. As shown in Figure 3, Figure 3 is a schematic diagram of the topology of the networking system provided by the embodiment of the present application. Figure 3 only shows two network edge devices. Network edge device A is hereinafter referred to as ALEAF, and network edge device B Hereinafter referred to as BLEAF.
具体的,ALEAF和BLEAF分别与接入云网关建立LAN侧的第一预设协议隧道,而接入云网关与城域网内的vBras建立WAN侧的第一预设协议隧道,如图3,具体是接入云网关分别与ALEAF和BLEAF建立WAN侧的第一预设协议隧道。如图3所示的拓扑示意图,这种一个用户边缘设备(CE)与至少两个网络边缘设备(PE)相连的模式称为多归,而如图3中所示只有两个网络边缘设备的为双归,需要说明的是,多归的网络边缘设备具有相同的ESI,协议层会处理。Specifically, ALEAF and BLEAF establish the first preset protocol tunnel on the LAN side with the access cloud gateway respectively, while the access cloud gateway establishes the first preset protocol tunnel on the WAN side with the vBras in the metropolitan area network, as shown in Figure 3. Specifically, the access cloud gateway establishes the first preset protocol tunnel on the WAN side with ALEAF and BLEAF respectively. As shown in the topology diagram in Figure 3, this mode in which one user edge device (CE) is connected to at least two network edge devices (PE) is called multi-homing, while as shown in Figure 3, there are only two network edge devices. For dual-homing, it should be noted that the network edge devices with multiple homing have the same ESI, and the protocol layer will handle it.
在一种实施例中,第一预设协议隧道包括SRv6隧道,且第一预设协议隧道承载EVPN VPLS业务。其中,SRv6是根据电信内部新型城域网的建设规划,城域层面将以网络架构简化采用spine-leaf结构,并在此基础上采用SRv6技术支持各种业务的开展,如图4所示,图4为本申请实施例提供的报文传输的数据流向示意图,图4中示出了网络边缘设备和接入云网关之间采用的是spine-leaf结构;该组网系统支持EVPNVPLS over SRv6,即通过第一预设协议隧道(SRv6隧道)承载EVPNVPLS业务,通过IPv6网络透明传输用户二层数据,实现用户网络穿越IPv6网络建立点到多点连接,这种方式分离了控制平面和数据平面,控制平面负责路由发布,数据平面负责报文转发,分工明确,易于管理,而EVPN使用BGP自带的路由反射属性,使得网络部署更简化,更清晰,大大降低了网络的复杂度;此外,还使得系统的可扩展性得到了提升,可以使得互联站点数、扩展VLAN数和MAC地址容量达到一定的规模,满足大规模和超大规模的数据中心的使用。In one embodiment, the first preset protocol tunnel includes an SRv6 tunnel, and the first preset protocol tunnel carries EVPN VPLS services. Among them, SRv6 is based on Telecom's internal construction plan of a new metropolitan area network. The metropolitan area level will simplify the network architecture and adopt a spine-leaf structure. On this basis, SRv6 technology will be used to support the development of various services, as shown in Figure 4. Figure 4 is a schematic diagram of the data flow of message transmission provided by the embodiment of this application. Figure 4 shows that the spine-leaf structure is adopted between the network edge device and the access cloud gateway; the networking system supports EVPNVPLS over SRv6. That is, the EVPNVPLS service is carried through the first preset protocol tunnel (SRv6 tunnel), user layer 2 data is transparently transmitted through the IPv6 network, and the user network establishes point-to-multipoint connections across the IPv6 network. This method separates the control plane and data plane. The control plane is responsible for route publishing, and the data plane is responsible for packet forwarding. The division of labor is clear and easy to manage. EVPN uses the route reflection attribute that comes with BGP, making network deployment simpler and clearer, and greatly reducing the complexity of the network; in addition, it also This improves the scalability of the system, allowing the number of interconnected sites, the number of extended VLANs, and the MAC address capacity to reach a certain scale to meet the needs of large-scale and ultra-large-scale data centers.
根据前文的描述,网络边缘设备与接入云网关之间建立了至少两条第一预设协议隧道,图3中的用户边缘设备可以是光纤线路终端(Optical Line Termination,OLT),用户侧二层流量经OLT进入ALEAF或BLEAF,然后由ALEAF或BLEAF转入第一预设协议隧道到达接入云网关,完成终端的DHCP IP 申请和网络接入,因此,用户边缘设备需要根据隧道选择条件分别从各第一预设协议隧道和各网络边缘设备中确定第一目标隧道和第一目标网络边缘设备。According to the previous description, at least two first preset protocol tunnels are established between the network edge device and the access cloud gateway. The user edge device in Figure 3 can be an optical line terminal (Optical Line Termination, OLT), and the user side two The layer traffic enters ALEAF or BLEAF through the OLT, and then is transferred from ALEAF or BLEAF to the first preset protocol tunnel to reach the access cloud gateway to complete the terminal's DHCP IP application and network access. Therefore, the user edge device needs to be separated according to the tunnel selection conditions. Determine the first target tunnel and the first target network edge device from each first preset protocol tunnel and each network edge device.
具体的,本申请提供的组网系统细分为多归多活和多归单活。OLT来的数据负载均衡从ALEAF或者BLEAF到达接入云网关,这种负载均衡模式是多归多活;OLT来的数据从ALEAF/BLEAF(选一个为主)中一路到达接入云网关,这种主备模式是多归单活。因此,用户边缘设备需要基于各网络边缘设备的设备负载情况、主备属性、实时隧道通断情况中的至少一个,从多条LAN侧的第一预设协议隧道和多个网络边缘设备中确定第一目标隧道和第一目标网络边缘设备,并将初始报文发送至第一目标网络边缘设备。其中,设备负载情况指的是各网络边缘设备的实时负载量,是否能处理数据的情况;主备属性指的是各网络边缘设备是主设备还是副设备,若是主设备,则直接采用主备模式,实现多归单活;实时隧道通断情况指的是第一预设协议隧道是否通畅。Specifically, the networking system provided by this application is subdivided into multi-homing, multi-active and multi-homing, single-active. The data from the OLT is load balanced from ALEAF or BLEAF to the access cloud gateway. This load balancing mode is multi-homing and multi-active; the data from the OLT is from ALEAF/BLEAF (select one as the main one) all the way to the access cloud gateway. This is The first active-standby mode is multi-homing and single-active. Therefore, the user edge device needs to determine from multiple first preset protocol tunnels on the LAN side and multiple network edge devices based on at least one of the device load conditions, active and backup attributes, and real-time tunnel on and off conditions of each network edge device. The first target tunnel and the first target network edge device, and sends the initial message to the first target network edge device. Among them, the device load refers to the real-time load of each network edge device and whether it can process data; the active and backup attributes refer to whether each network edge device is the primary device or the secondary device. If it is the primary device, the primary and secondary devices are directly used. mode to achieve multi-homing and single-active; the real-time tunnel connection and disconnection status refers to whether the first preset protocol tunnel is unblocked.
需要说明的是,这种多归的方式,减少了物理设备备份、链路备份,实现了网络数据的高效和安全传输;同时,减少了增删改互联站点时,对已有站点配置的影响。It should be noted that this multi-homing method reduces physical device backup and link backup, achieving efficient and safe transmission of network data; at the same time, it reduces the impact on existing site configurations when adding, deleting, or modifying interconnected sites.
S202:第一目标网络边缘设备基于第一预设协议封装初始报文,得到第一转发报文,并通过第一目标隧道发送第一转发报文至接入云网关。S202: The first target network edge device encapsulates the initial message based on the first preset protocol, obtains the first forwarded message, and sends the first forwarded message to the access cloud gateway through the first target tunnel.
根据步骤S201确定了第一目标网络边缘设备和第一目标隧道后,第一目标网络边缘设备基于第一预设协议(包括SRv6协议)封装初始报文,得到第一转发报文,该第一转发报文为上行报文,该第一转发报文是源IP为第一目标网络边缘设备的SRv6(Segment-Routing-Ipv6)封装的source IPv6,目标IP为接入云网关LAN EVPN条目对应的SID(识别移动业务本地网的号码) DT2M or DT2U,然后第一目标网络边缘设备通过第一目标隧道将第一转发报文发送至接入云网关。After determining the first target network edge device and the first target tunnel according to step S201, the first target network edge device encapsulates the initial message based on the first preset protocol (including the SRv6 protocol) to obtain the first forwarded message. The forwarded packet is an uplink packet. The first forwarded packet is source IPv6 encapsulated with SRv6 (Segment-Routing-Ipv6) of the first target network edge device. The target IP is the access cloud gateway corresponding to the LAN EVPN entry. SID (number that identifies the mobile service local network) DT2M or DT2U, and then the first target network edge device sends the first forwarding message to the access cloud gateway through the first target tunnel.
具体的,如图3所示,OLT到接入云网关的报文数据流向,存在以下可能:OLT将初始报文发送至ALEAF,ALEAF通过lan vpls隧道的SID A1将第一转发报文发送至接入云网关;OLT将初始报文发送至BLEAF,BLEAF通过lan vpls隧道的SIDA2将第一转发报文发送至接入云网关。Specifically, as shown in Figure 3, the packet data flow direction from OLT to the access cloud gateway has the following possibilities: OLT sends the initial packet to ALEAF, and ALEAF sends the first forwarded packet to ALEAF through SID A1 of the lan vpls tunnel. Access cloud gateway; OLT sends the initial message to BLEAF, and BLEAF sends the first forwarded message to the access cloud gateway through SIDA2 of the lan vpls tunnel.
S203:接入云网关根据隧道选择条件确定第二目标隧道和第二目标网络边缘设备;其中,第二预设链路选择条件是基于各网络边缘设备的实时设备负载情况、主备属性、实时链路通断情况中的至少一个确定的。S203: The access cloud gateway determines the second target tunnel and the second target network edge device according to the tunnel selection conditions; wherein the second preset link selection condition is based on the real-time device load, active and backup attributes, real-time At least one of the link up and down conditions is determined.
根据前述步骤,第一转发报文已经通过第一目标网络边缘设备发送至接入云网关,同样的,接入云网关需要基于各网络边缘设备的设备负载情况、主备属性、实时隧道通断情况中的至少一个,从多条WAN侧的第一预设协议隧道和多个网络边缘设备中选择第二目标隧道和第二目标网络边缘设备。According to the aforementioned steps, the first forwarded message has been sent to the access cloud gateway through the first target network edge device. Similarly, the access cloud gateway needs to be based on the device load, active and backup attributes, and real-time tunnel on/off of each network edge device. In at least one of the situations, the second target tunnel and the second target network edge device are selected from a plurality of first preset protocol tunnels and a plurality of network edge devices on the WAN side.
需要说明的是,第一目标隧道和第二目标隧道可以为同一网络边缘设备与接入云网关之间的通信链路,也可以为不同网络边缘设备与接入云网关之间的通信链路;第一目标网络边缘设备和第二目标网络边缘设备可以相同,也可以不相同。It should be noted that the first target tunnel and the second target tunnel may be communication links between the same network edge device and the access cloud gateway, or they may be communication links between different network edge devices and the access cloud gateway. ; The first target network edge device and the second target network edge device may be the same or different.
S204:接入云网关基于预设网络转换技术和第一预设协议,处理所述第一转发报文,得到第二转发报文。S204: The access cloud gateway processes the first forwarding message based on the preset network conversion technology and the first preset protocol to obtain the second forwarding message.
在一种实施例中,步骤S204包括:接入云网关基于第一预设协议处理第一转发报文,得到待转发报文;接入云网关基于预设网络转换技术,对待转发报文进行转换处理,得到网络转换报文;接入云网关基于网络拨号协议和第一预设协议,封装网络转换报文,得到第二转发报文。其中,第一预设协议包括SRv6协议;预设网络转换技术可以是LAN到WAN的NAT技术;网络拨号协议可以是PPPoE协议。In one embodiment, step S204 includes: the access cloud gateway processes the first forwarded message based on the first preset protocol to obtain the message to be forwarded; the access cloud gateway processes the message to be forwarded based on the preset network conversion technology. Conversion processing is performed to obtain a network conversion message; the access cloud gateway encapsulates the network conversion message based on the network dial-up protocol and the first preset protocol to obtain a second forwarding message. The first preset protocol includes the SRv6 protocol; the preset network conversion technology may be the NAT technology from LAN to WAN; and the network dial-up protocol may be the PPPoE protocol.
具体的,如图3所示,接入云网关的vswitch接收到第一转发报文后,对其进行解封装操作,即将第一转发报文的SRv6封装解除,得到待转发报文,该待转发报文包括LAN口网络地址,然后,基于预设网络转换技术对转发报文进行网络转换,得到了网络转换地址,接着,接入云网关通过PPPoE协议封装该网络转换报文,并转发给接入云网关的vswitch(虚拟交换机),最后,接入云网关的vswitch根据出vni+qinq->evpn_name(出规则),根据evpn_name找evpn_instance表得到源IPv6,通过SRv6协议封装由PPPoE封装过的网络转发报文,得到第二转发报文。Specifically, as shown in Figure 3, after receiving the first forwarded message, the vswitch connected to the cloud gateway performs a decapsulation operation on it, that is, decapsulating the SRv6 encapsulation of the first forwarded message to obtain the message to be forwarded. The forwarded message includes the LAN port network address. Then, the forwarded message is network converted based on the preset network conversion technology to obtain the network translation address. Then, the access cloud gateway encapsulates the network conversion message through the PPPoE protocol and forwards it to Connect to the vswitch (virtual switch) of the cloud gateway. Finally, the vswitch connected to the cloud gateway searches the evpn_instance table according to the outgoing vni+qinq->evpn_name (outgoing rule) to obtain the source IPv6, which is encapsulated by PPPoE through the SRv6 protocol. The network forwards the message and obtains the second forwarded message.
可选的,上述基于预设网络转换技术对转发报文进行网络转换,得到了网络转换地址的过程可以包括:例如根据dipv6->evpn实例(evpn_local_sid表),根据qinq+evpn_name->vcpe_vnfid+入vni(入规则)转到对应的vcpe(虚拟客户端),vcpe(虚拟客户端)根据lan_vni+qinq找到账号,替换sip为wan_ip,出vni为wan_vni,从而得到网络转换地址,此时,网络转换地址包括WAN口网络地址,待转换地址包括LAN口网络地址,上行报文的网络转换过程即完成了将LAN口网络地址转换为路由器的WAN口网络地址。Optionally, the above process of performing network conversion on the forwarded packet based on the preset network conversion technology and obtaining the network conversion address may include: for example, according to dipv6->evpn instance (evpn_local_sid table), according to qinq+evpn_name->vcpe_vnfid+enter vni (Incoming rules) Go to the corresponding vcpe (virtual client). The vcpe (virtual client) finds the account based on lan_vni+qinq, replaces sip with wan_ip, and outgoing vni with wan_vni to obtain the network translation address. At this time, the network translation address It includes the WAN port network address, and the address to be converted includes the LAN port network address. The network conversion process of the uplink message completes the conversion of the LAN port network address into the router's WAN port network address.
在一种实施例中,组网系统还包括安全业务云网关,初始报文为上行报文,接入云网关基于第一预设协议处理第一转发报文,得到待转发报文的步骤包括:接入云网关基于第一预设协议解封装第一转发报文,得到解封装报文;接入云网关基于第二预设协议封装解封装报文,得到第一重封装报文,并将第一重封装报文引入安全业务云网关;安全业务云网关对第一重封装报文进行安全处理,得到待转发报文,并将待转发报文发送至接入云网关。其中,第二预设协议包括VxLAN协议。In one embodiment, the networking system also includes a secure service cloud gateway. The initial message is an uplink message. The access cloud gateway processes the first forwarded message based on the first preset protocol. The steps of obtaining the message to be forwarded include: : The access cloud gateway decapsulates the first forwarding message based on the first preset protocol and obtains the decapsulated message; the access cloud gateway encapsulates and decapsulates the message based on the second preset protocol and obtains the first re-encapsulated message, and The first re-encapsulated message is introduced into the secure service cloud gateway; the secure service cloud gateway performs secure processing on the first re-encapsulated message, obtains the message to be forwarded, and sends the message to be forwarded to the access cloud gateway. Wherein, the second preset protocol includes VxLAN protocol.
具体的,如图3所示,若组网系统中还配置了承载安全的安全业务云网关,则在前述初始报文中的上行报文由第一目标网络边缘设备发送至接入云网关的vswitch后,接入云网关将基于SRv6协议解封装该第一转发报文的SRv6头,得到解封装报文,然后根据内层dip->隧道组(MEC业务流程),查找成功,则基于第二预设协议(本申请实施例以VxLAN协议为例)封装该解封装报文,即给该解封装报文加上VxLAN报文头,得到第一重封装报文,随后将该第一重封装报文转发给安全业务云网关的vswitch,该安全业务云网关根据运营商提供的全球安全IP库,对该第一重封装报文进行过滤清洗等安全处理,得到待转发报文,并将该待转发报文重新发送至接入云网关,以使得接入云网关使用安全的报文向宽带接入服务器发送拨号请求。Specifically, as shown in Figure 3, if a secure service cloud gateway carrying security is also configured in the networking system, the uplink message in the aforementioned initial message is sent by the first target network edge device to the access cloud gateway. After vswitch, the access cloud gateway will decapsulate the SRv6 header of the first forwarded message based on the SRv6 protocol to obtain the decapsulated message, and then based on the inner dip->tunnel group (MEC business process), if the search is successful, then based on the Two preset protocols (the VxLAN protocol is used as an example in the embodiment of this application) encapsulate the decapsulated message, that is, add a VxLAN header to the decapsulated message to obtain the first re-encapsulated message, and then add the first re-encapsulated message to the decapsulated message. The encapsulated message is forwarded to the vswitch of the security service cloud gateway. The security service cloud gateway performs security processing such as filtering and cleaning on the first re-encapsulated message based on the global security IP library provided by the operator, and obtains the message to be forwarded, and The packet to be forwarded is re-sent to the access cloud gateway, so that the access cloud gateway uses a secure packet to send a dialing request to the broadband access server.
在一种实施例中,在接入云网关基于第二预设协议封装解封装报文,得到第一重封装报文,并将第一重封装报文引入安全业务云网关的步骤之前还包括:接入云网关与安全业务云网关建立双向第二预设协议隧道。其中,第二预设协议包括VxLAN协议。In one embodiment, before the access cloud gateway encapsulates and decapsulates the message based on the second preset protocol, obtains the first re-encapsulated message, and introduces the first re-encapsulated message into the secure service cloud gateway, the step further includes: : Establish a bidirectional second preset protocol tunnel between the access cloud gateway and the security service cloud gateway. Wherein, the second preset protocol includes VxLAN protocol.
具体的,接入云网关与安全业务云网关的组网简单,不需要使用SRv6这种复杂协议即可很好运作,因此,接入云网关与安全业务云网关之间可以使用VxLAN隧道进行报文传输,由于接入云网关与安全业务云网关之间实现了SRv6到VxLAN的转换,提高了灵活性,且方便快捷,能够很好的实现多接入到多MEC的切换,也解决了带宽升级将面临MEC网络瘫痪的问题。同时,接入云网关与安全业务云网关之间通过VxLAN隧道,将上行报文引入安全业务云网关,通过安全业务云网关做安全分析,然后将风险报文切断,将健康的报文重定向引入到接入云网关,提高了系统的安全性。Specifically, the networking of the access cloud gateway and the security service cloud gateway is simple and can operate well without using complex protocols such as SRv6. Therefore, the access cloud gateway and the security service cloud gateway can use VxLAN tunnels for reporting. File transmission, since the conversion from SRv6 to VxLAN is implemented between the access cloud gateway and the security service cloud gateway, the flexibility is improved, and it is convenient and fast. It can well realize the switch from multi-access to multi-MEC and also solve the bandwidth problem. The upgrade will face the problem of MEC network paralysis. At the same time, the VxLAN tunnel is used between the access cloud gateway and the security service cloud gateway to introduce upstream packets into the security service cloud gateway. Security analysis is performed through the security service cloud gateway, and then risk packets are cut off and healthy packets are redirected. Introduced into the access cloud gateway, the security of the system is improved.
在一种实施例中,安全业务云网关对第一重封装报文进行安全处理,得到待转发报文,并将待转发报文发送至接入云网关的步骤包括:安全业务云网关基于第二预设协议解封装第一重封装报文,得到第一重解封装报文;安全业务云网关基于预设安全网络库,对第一重解封装报文进行过滤清洗,得到安全解封装报文;安全业务云网关基于第二预设协议封装安全解封装报文,得到待转发报文,并发送待转发报文至接入云网关。其中,第二预设协议包括VxLAN协议;预设安全网络库为运营商提供的全球安全IP库。In one embodiment, the secure service cloud gateway performs security processing on the first re-encapsulated message, obtains the message to be forwarded, and sends the message to be forwarded to the access cloud gateway. The steps of the secure service cloud gateway include: The second preset protocol decapsulates the first re-encapsulated message, and obtains the first re-decapsulated message; the security service cloud gateway filters and cleans the first re-decapsulated message based on the preset security network library, and obtains the secure decapsulated message. The secure service cloud gateway encapsulates the secure decapsulation message based on the second preset protocol, obtains the message to be forwarded, and sends the message to be forwarded to the access cloud gateway. Among them, the second default protocol includes the VxLAN protocol; the default security network library is a global security IP library provided by the operator.
具体的,安全业务云网关先基于VxLAN协议解封装第一重封装报文的VxLAN报文头,得到第一重解封装报文,然后基于运营商提供的全球安全IP库,将第一重解封装报文进行过滤清洗,得到安全解封装报文,再基于VxLAN协议给该安全解封装报文封装上VxLAN报文头,得到待转发报文,并将该待转发报文发送至接入云网关,该待转发报文也包括LAN口网络地址,然后,接入云网关的vswitch根据VxLAN协议对接收到的待转发报文进行解封装处理,剥掉该待转发报文的VxLAN报文头,该待转发报文包括LAN口网络地址,然后根据vni+qing->evpn_name (出规则)(LAN侧)和evpn_name>evpn实例(目的IPv6)进行网络转换处理,得到了网络转换地址,该网络转换地址包括WAN口网络地址,该网络转换过程即完成了将LAN口网络地址转换为路由器的WAN口网络地址,接着,接入云网关通过PPPoE协议封装该网络转换报文,并转发给接入云网关的vswitch(虚拟交换机),最后,接入云网关的vswitch根据出vni+qinq->evpn_name(出规则),根据evpn_name找evpn_instance表得到源IPv6,通过SRv6协议封装由PPPoE封装过的网络转发报文,得到第二转发报文。Specifically, the security service cloud gateway first decapsulates the VxLAN header of the first re-encapsulated message based on the VxLAN protocol to obtain the first re-decapsulated message, and then decrypts the first re-decapsulated message based on the global security IP library provided by the operator. The encapsulated packets are filtered and cleaned to obtain securely decapsulated packets, and then the securely decapsulated packets are encapsulated with a VxLAN header based on the VxLAN protocol to obtain the packets to be forwarded, and the packets to be forwarded are sent to the access cloud. Gateway, the packet to be forwarded also includes the LAN port network address. Then, the vswitch connected to the cloud gateway decapsulates the received packet to be forwarded according to the VxLAN protocol, and peels off the VxLAN header of the packet to be forwarded. , the packet to be forwarded includes the LAN port network address, and then performs network conversion processing based on vni+qing->evpn_name (outgoing rule) (LAN side) and evpn_name>evpn instance (destination IPv6), and obtains the network conversion address. The network The translation address includes the WAN port network address. The network translation process completes the conversion of the LAN port network address into the WAN port network address of the router. Then, the access cloud gateway encapsulates the network translation message through the PPPoE protocol and forwards it to the access cloud gateway. The vswitch (virtual switch) of the cloud gateway. Finally, the vswitch connected to the cloud gateway searches the evpn_instance table according to the outgoing vni+qinq->evpn_name (outgoing rule) to obtain the source IPv6, and encapsulates the network forwarding encapsulated by PPPoE through the SRv6 protocol. message and obtain the second forwarded message.
可选的,在启用安全业务云网关的时,可以将协议报文(例如DHCP和PPPoE)与业务报文分开处理,避免将所有的报文都转发到安全业务网关,这样可以在故障拨号的时候进一步减少故障时延。Optionally, when the secure service cloud gateway is enabled, protocol packets (such as DHCP and PPPoE) can be processed separately from service packets to avoid forwarding all packets to the secure service gateway. This way, dial-up can be performed when a fault occurs. time to further reduce failure delays.
S205:接入云网关通过第二目标隧道和第二目标网络边缘设备,将第二转发报文发送至宽带接入服务器。S205: The access cloud gateway sends the second forwarding message to the broadband access server through the second target tunnel and the second target network edge device.
接入云网关接收到第二转发报文,并通过前述过程确定的第二目标隧道将第二转发报文先转入第二目标网络边缘设备,再由第二目标网络边缘设备将该报文发送至宽带接入服务器,发起PPPoE拨号,从而完成认证和网络接入。该第二转发报文为上行接入云网关到宽带接入服务器的报文,源IP为接入云网关WANEVPN条目配置的SIP,目的IP为从远端网络边缘设备(ALEAF或BLEAF)的WAN VPLS学来的SIDDT2M or DT2U。The access cloud gateway receives the second forwarded message and forwards the second forwarded message to the second target network edge device through the second target tunnel determined in the foregoing process, and then the second target network edge device forwards the message. Send it to the broadband access server to initiate PPPoE dial-up to complete authentication and network access. The second forwarded message is a message from the upstream access cloud gateway to the broadband access server. The source IP is the SIP configured in the WANEVPN entry of the access cloud gateway, and the destination IP is the WAN from the remote network edge device (ALEAF or BLEAF). SIDDT2M or DT2U learned from VPLS.
在本申请的另一种实施例中,宽带接入服务器下行到接入云网关的下行报文,该下行报文经宽带接入服务器进入ALEAF或BLEAF,然后由ALEAF或BLEAF基于第一预设协议(包括SRv6协议)封装该下行报文,得到下行第一转发报文,该下行第一转发报文的隧道源IP为ALEAF或BLEAF的Segment-Routing-Ipv6封装的source IPv6,目的IP为接入云网关LANEVPN条目对应的SIDDT2M or DT2U;然后由第一预设协议隧道将下行第一转发报文转入接入云网关,接入云网关的vswitch接收到该下行第一转发报文以后,基于SRv6协议进行解封装,随后,接入云网关基于WAN到LAN的NAT技术对该解封装后的下行第一转发报文进行网络转换,例如根据dipv6->evpn实例(evpn_local_sid表),根据qinq+evpn_name->vcpe_vnfid+ 入vni(入规则)转到对应的vcpe(虚拟客户端),vcpe(虚拟客户端)根据wan_vni+qinq找到账号,替换dip为ueip,出vni为lan_vni,从而得到下行第二转发报文;最后,该接入云网关对于下行第二转发报文进行处理,根据出vni+qinq->evpn_name(出规则),根据evpn_name找evpn_instance表得到源IPv6,封装SRv6 VPLS 隧道转发出去,该下行第二转发报文为接入云网关到OLT的报文,其隧道源IP为接入云网关LAN EVPN条目配置的SIP,目的IP为从远端ALEAF或BLEAF LAN VPLS学来的SID DT2Mor DT2U。In another embodiment of the present application, the broadband access server downlinks downlink packets to the access cloud gateway. The downlink packets enter ALEAF or BLEAF through the broadband access server, and are then sent by ALEAF or BLEAF based on the first preset Protocol (including SRv6 protocol) encapsulates the downstream message to obtain the first downstream forwarded message. The tunnel source IP of the first downstream forwarded message is the source IPv6 encapsulated by Segment-Routing-Ipv6 of ALEAF or BLEAF, and the destination IP is the access IPv6. SIDDT2M or DT2U corresponding to the LANEVPN entry of the ingress cloud gateway; then the first preset protocol tunnel transfers the first downlink forwarding message to the access cloud gateway. After the vswitch accessing the cloud gateway receives the downlink first forwarding message, Decapsulation is performed based on the SRv6 protocol. Subsequently, the access cloud gateway performs network conversion on the decapsulated downlink first forwarded message based on WAN to LAN NAT technology. For example, according to the dipv6->evpn instance (evpn_local_sid table), according to qinq +evpn_name->vcpe_vnfid+ Enter vni (incoming rule) and go to the corresponding vcpe (virtual client). The vcpe (virtual client) finds the account based on wan_vni+qinq, replaces dip with ueip, and exits vni with lan_vni, thus obtaining the second downstream Forward the packet; finally, the access cloud gateway processes the second downlink forwarding packet, and according to the outgoing vni+qinq->evpn_name (outgoing rule), finds the evpn_instance table according to the evpn_name to obtain the source IPv6, encapsulates the SRv6 VPLS tunnel and forwards it out. The second downlink forwarded message is a message from the access cloud gateway to the OLT. The tunnel source IP is the SIP configured in the LAN EVPN entry of the access cloud gateway, and the destination IP is the SID DT2Mor learned from the remote ALEAF or BLEAF LAN VPLS. DT2U.
在一种实施例中,该接入云网关具备MAC地址通告路由的能力。具体而言,接入云网关具备EVPN routetype2(MACadvertisement Route)的能力,即通过BGP协议发布与学习2类路由并存储,对于未知单播BUM报文(broadcastunicast multicast)发送双份报文,即源一样,目的IPv6为双归双活学到的远端DT2M,对于已知单播报文,从远端学到的DT2U封装DIP。In one embodiment, the access cloud gateway has the ability to advertise routes by MAC address. Specifically, the access cloud gateway has the capability of EVPN routetype2 (MACadvertisement Route), that is, it publishes and learns type 2 routes through the BGP protocol and stores them. For unknown unicast BUM packets (broadcastunicast multicast), it sends double packets, that is, source Similarly, the destination IPv6 is the remote DT2M learned by dual-homing and dual-active. For known unicast packets, the DT2U learned from the remote encapsulates DIP.
结合图3的拓扑结构示意图和前文所述的内容,用户边缘设备发起DHCP IP申请和网络接入过程中的报文数据流向,存在以下几种可能:Combining the topology diagram in Figure 3 and the content mentioned above, there are several possibilities for the packet data flow during the user edge device initiating DHCP IP application and network access process:
第一种,OLT-->ALEAF -->接入云网关-->ALEAF-->宽带接入服务器;OLT将初始报文发送至ALEAF,ALEAF通过LAN VPLS隧道的SIDA1将第一转发报文发送至接入云网关,接入云网关对第一转发报文进行处理得到第二转发报文,再通过WAN VPLS隧道的SIDB1将第二转发报文发送至ALEAF,最后由ALEAF将该第二转发报文发送至宽带接入服务器。The first is OLT-->ALEAF -->Access Cloud Gateway-->ALEAF-->Broadband Access Server; OLT sends the initial message to ALEAF, and ALEAF forwards the first message through SIDA1 of the LAN VPLS tunnel. Sent to the access cloud gateway, the access cloud gateway processes the first forwarded message to obtain the second forwarded message, and then sends the second forwarded message to ALEAF through SIDB1 of the WAN VPLS tunnel. Finally, ALEAF transmits the second forwarded message. Forward the packet and send it to the broadband access server.
第二种,OLT-->BLEAF -->接入云网关-->BLEAF-->宽带接入服务器;OLT将初始报文发送至BLEAF,BLEAF通过LAN VPLS隧道的SIDA2将第一转发报文发送至接入云网关,接入云网关对第一转发报文进行处理得到第二转发报文,再通过WAN VPLS隧道的SIDB2将第二转发报文发送至BLEAF,最后由BLEAF将该第二转发报文发送至宽带接入服务器。The second type is OLT-->BLEAF-->Access Cloud Gateway-->BLEAF-->Broadband Access Server; OLT sends the initial message to BLEAF, and BLEAF forwards the first message through SIDA2 of the LAN VPLS tunnel. Sent to the access cloud gateway, the access cloud gateway processes the first forwarded message to obtain the second forwarded message, and then sends the second forwarded message to BLEAF through SIDB2 of the WAN VPLS tunnel. Finally, BLEAF transmits the second forwarded message. Forward the packet and send it to the broadband access server.
其中,第一种和第二种是基于设备的主备情况确定的目标隧道和目标网络边缘设备。Among them, the first and second types are the target tunnel and target network edge device determined based on the active and backup status of the device.
第三种,OLT-->ALEAF -->BLEAF-->接入云网关-->ALEAF-->宽带接入服务器;OLT将初始报文发送至ALEAF,但是由于SID A1不通,ALEAF直接将初始报文发送到BLEAF,BLEAF通过LAN VPLS隧道的SID A2将第一转发报文发送至接入云网关,接入云网关对第一转发报文进行处理得到第二转发报文,再通过WAN VPLS隧道的SIDB1将第二转发报文发送至ALEAF,最后由ALEAF将该第二转发报文发送至宽带接入服务器。The third type, OLT-->ALEAF -->BLEAF-->Access cloud gateway-->ALEAF-->Broadband access server; OLT sends the initial message to ALEAF, but because SID A1 is unreachable, ALEAF directly The initial message is sent to BLEAF, and BLEAF sends the first forwarded message to the access cloud gateway through SID A2 of the LAN VPLS tunnel. The access cloud gateway processes the first forwarded message to obtain the second forwarded message, and then passes the WAN SIDB1 of the VPLS tunnel sends the second forwarding packet to ALEAF, and finally ALEAF sends the second forwarding packet to the broadband access server.
第四种,OLT-->ALEAF -->接入云网关-->ALEAF -->BLEAF -->宽带接入服务器;OLT将初始报文发送至ALEAF,ALEAF通过LAN VPLS隧道的SID A1将第一转发报文发送至接入云网关,接入云网关对第一转发报文进行处理得到第二转发报文,再通过WAN VPLS隧道的SIDB1将第二转发报文发送至ALEAF,但是由于SIDB1不通,ALEAF直接将第二转发报文发送到BLEAF,最后由BLEAF将该第二转发报文发送至宽带接入服务器。The fourth type, OLT-->ALEAF -->Access cloud gateway-->ALEAF -->BLEAF -->Broadband access server; OLT sends the initial message to ALEAF, and ALEAF sends it through SID A1 of the LAN VPLS tunnel. The first forwarded message is sent to the access cloud gateway. The access cloud gateway processes the first forwarded message to obtain the second forwarded message, and then sends the second forwarded message to ALEAF through SIDB1 of the WAN VPLS tunnel. However, due to SIDB1 is unavailable, ALEAF directly sends the second forwarding message to BLEAF, and finally BLEAF sends the second forwarding message to the broadband access server.
第五种,OLT-->BLEAF -->ALEAF -->接入云网关-->ALEAF -->宽带接入服务器;OLT将初始报文发送至BLEAF,但是由于SID A2不通,BLEAF直接将初始报文发送到ALEAF,ALEAF通过LAN VPLS隧道的SID A1将第一转发报文发送至接入云网关,接入云网关对第一转发报文进行处理得到第二转发报文,再通过WAN VPLS隧道的SIDB1将第二转发报文发送至ALEAF,最后由ALEAF将该第二转发报文发送至宽带接入服务器。The fifth type, OLT-->BLEAF -->ALEAF -->Access cloud gateway-->ALEAF -->Broadband access server; OLT sends the initial message to BLEAF, but because SID A2 is unreachable, BLEAF directly The initial packet is sent to ALEAF, and ALEAF sends the first forwarded packet to the access cloud gateway through SID A1 of the LAN VPLS tunnel. The access cloud gateway processes the first forwarded packet to obtain the second forwarded packet, and then passes the WAN SIDB1 of the VPLS tunnel sends the second forwarding packet to ALEAF, and finally ALEAF sends the second forwarding packet to the broadband access server.
第六种,OLT-->BLEAF -->接入云网关-->BLEAF -->ALEAF -->宽带接入服务器;OLT将初始报文发送至BLEAF,BLEAF通过LAN VPLS隧道的SID A2将第一转发报文发送至接入云网关,接入云网关对第一转发报文进行处理得到第二转发报文,再通过WAN VPLS隧道的SIDB1将第二转发报文发送至BLEAF,但是由于SIDB2不通,BLEAF直接将第二转发报文发送到ALEAF,最后由ALEAF将该第二转发报文发送至宽带接入服务器。The sixth method is OLT-->BLEAF-->Access Cloud Gateway-->BLEAF-->ALEAF-->Broadband Access Server; OLT sends the initial message to BLEAF, and BLEAF passes it through SID A2 of the LAN VPLS tunnel. The first forwarded message is sent to the access cloud gateway. The access cloud gateway processes the first forwarded message to obtain the second forwarded message, and then sends the second forwarded message to BLEAF through SIDB1 of the WAN VPLS tunnel. However, due to SIDB2 is unreachable, BLEAF directly sends the second forwarding message to ALEAF, and finally ALEAF sends the second forwarding message to the broadband access server.
其中,第三种至第六种是双归双活场景下,由实时隧道通断情况确定的,此时那个用户流量按账号的QinQ负载均衡,同一个账号下的后续所有终端设备请求数据都根据账号的QinQ负载模式选择同一条隧道,如果出现隧道链路故障,则重新选择另外一条隧道。Among them, the third to sixth types are determined by the real-time tunnel connection and disconnection conditions in dual-homing and dual-active scenarios. At this time, the user traffic is balanced according to the QinQ load balance of the account, and all subsequent terminal device request data under the same account will be Select the same tunnel according to the QinQ load mode of the account. If a tunnel link failure occurs, another tunnel will be selected.
通过上述各实施例可知,本申请的报文传输方法结合SRv6的多归组网模式,加上安全业务云网关的配置,提高了传输的安全性和可靠性。且在大型的运维部署中,由于采用了SRv6协议,使得网络更为简洁,双归属性使得网络更加可靠,且接入云网关具备EVPNroutetype2(MAC advertisement Route)的能力,提高了带宽的利用率,而安全业务云网关则提升了网络安全的门槛,整套方案使得网络算力有一个1到N的提升,网络改动也不大,运维工作量较小。It can be seen from the above embodiments that the message transmission method of this application combines the multi-homing networking mode of SRv6 and the configuration of the security service cloud gateway to improve the security and reliability of transmission. And in large-scale operation and maintenance deployment, due to the adoption of SRv6 protocol, the network is simpler, the dual-homing attribute makes the network more reliable, and the access cloud gateway has the capability of EVPNroutetype2 (MAC advertisement Route), which improves bandwidth utilization. , and the security business cloud gateway has raised the threshold of network security. The entire solution has improved the network computing power by 1 to N, the network has not changed much, and the operation and maintenance workload is small.
基于上述实施例的内容,本申请实施例提供了一种接入云网关,具体地,请参阅图5,该接入云网关包括:Based on the contents of the above embodiments, embodiments of this application provide an access cloud gateway. Specifically, please refer to Figure 5. The access cloud gateway includes:
报文接收单元501,用于接收第一目标网络边缘设备通过第一目标隧道发送的第一转发报文;其中,所述第一转发报文为所述第一目标网络边缘设备基于第一预设协议封装初始报文得到的,所述初始报文为用户边缘设备发送的,所述第一目标隧道和所述第一目标网络边缘设备为所述用户边缘设备根据隧道选择条件确定的,所述隧道选择条件是基于各网络边缘设备的实时设备负载情况、主备属性、实时隧道通断情况中的至少一个确定的;The message receiving unit 501 is configured to receive a first forwarding message sent by the first target network edge device through the first target tunnel; wherein the first forwarding message is the first forwarding message sent by the first target network edge device based on the first preset. Assume that the initial message is obtained by encapsulating the initial message by the protocol, the initial message is sent by the user edge device, the first target tunnel and the first target network edge device are determined by the user edge device according to tunnel selection conditions, so The tunnel selection conditions are determined based on at least one of real-time device load conditions, active and backup attributes, and real-time tunnel on-off conditions of each network edge device;
第一确定单元502,用于根据所述隧道选择条件确定第二目标隧道和第二目标网络边缘设备;其中,所述第二预设链路选择条件是基于各网络边缘设备的实时设备负载情况、主备属性、实时链路通断情况中的至少一个确定的;The first determining unit 502 is configured to determine the second target tunnel and the second target network edge device according to the tunnel selection condition; wherein the second preset link selection condition is based on the real-time device load condition of each network edge device. , at least one of the active and standby attributes and real-time link on-and-off conditions is determined;
报文处理单元503,用于基于预设网络转换技术和所述第一预设协议,处理所述第一转发报文,得到第二转发报文;The message processing unit 503 is configured to process the first forwarded message based on the preset network conversion technology and the first preset protocol to obtain a second forwarded message;
报文转发单元504,用于通过所述第二目标隧道和所述第二目标网络边缘设备,将所述第二转发报文发送至所述宽带接入服务器。The message forwarding unit 504 is configured to send the second forwarding message to the broadband access server through the second target tunnel and the second target network edge device.
在一种实施例中,该接入云网关还包括:In one embodiment, the access cloud gateway also includes:
第一建立模块,用于与所述至少两个网络边缘设备建立LAN侧的至少两条第一预设协议隧道;A first establishment module configured to establish at least two first preset protocol tunnels on the LAN side with the at least two network edge devices;
第二建立模块,用于与所述至少两个网络边缘设备建立WAN侧的至少两条第一预设协议隧道。The second establishment module is configured to establish at least two first preset protocol tunnels on the WAN side with the at least two network edge devices.
其中,所述第一预设协议隧道包括SRv6隧道,且所述第一预设协议隧道承载EVPNVPLS业务。Wherein, the first preset protocol tunnel includes an SRv6 tunnel, and the first preset protocol tunnel carries the EVPNVPLS service.
在一种实施例中,报文处理单元503包括:In one embodiment, the message processing unit 503 includes:
第一处理子单元,用于基于所述第一预设协议处理所述第一转发报文,得到待转发报文;A first processing subunit, configured to process the first forwarded message based on the first preset protocol to obtain a message to be forwarded;
第二处理子单元,用于基于预设网络转换技术,对所述待转发报文进行转换处理,得到网络转换报文;The second processing subunit is used to convert the message to be forwarded based on the preset network conversion technology to obtain a network conversion message;
第三处理子单元,用于基于网络拨号协议和所述第一预设协议,封装所述网络转换报文,得到第二转发报文。The third processing subunit is configured to encapsulate the network conversion message based on the network dial-up protocol and the first preset protocol to obtain a second forwarding message.
在一种实施例中,第一处理子单元还包括:In one embodiment, the first processing subunit further includes:
解封装单元,用于基于所述第一预设协议解封装所述第一转发报文,得到解封装报文;A decapsulation unit, configured to decapsulate the first forwarded message based on the first preset protocol to obtain a decapsulated message;
报文引入单元,用于基于第二预设协议封装所述解封装报文,得到第一重封装报文,并将所述第一重封装报文引入所述安全业务云网关。A message introduction unit is configured to encapsulate the decapsulated message based on a second preset protocol, obtain a first re-encapsulated message, and introduce the first re-encapsulated message into the secure service cloud gateway.
在一种实施例中,该接入云网关还包括:In one embodiment, the access cloud gateway also includes:
第三建立单元,用于与安全业务云网关建立双向第二预设协议隧道,所述第二预设协议隧道包括VxLAN隧道。The third establishment unit is configured to establish a bidirectional second preset protocol tunnel with the security service cloud gateway, where the second preset protocol tunnel includes a VxLAN tunnel.
在一种实施例中,该接入云网关具备MAC地址通告路由的能力。In one embodiment, the access cloud gateway has the ability to advertise routes by MAC address.
此外,该接入云网关还可以包括处理器和存储器,其中:In addition, the access cloud gateway may also include a processor and memory, including:
处理器是该接入云网关的控制中心,利用各种接口和线路连接整个接入云网关的各个部分,通过运行或执行存储在存储器内的软件程序和/或模块,以及调用存储在存储器内的数据,执行接入云网关上述各单元的各种功能和处理数据,从而对接入云网关进行整体监控。在一种实施例中,处理器可包括一个或多个处理核心;优选的,处理器可集成应用处理器和调制解调处理器,其中,应用处理器主要处理操作系统、用户界面和应用程序等,调制解调处理器主要处理无线通信。可以理解的是,上述调制解调处理器也可以不集成到处理器中。The processor is the control center of the access cloud gateway. It uses various interfaces and lines to connect various parts of the entire access cloud gateway. It runs or executes software programs and/or modules stored in the memory, and calls the software programs and/or modules stored in the memory. According to the data, the various functions and data processing of the above units of the access cloud gateway are executed, so as to conduct overall monitoring of the access cloud gateway. In one embodiment, the processor may include one or more processing cores; preferably, the processor may integrate an application processor and a modem processor, where the application processor mainly processes the operating system, user interface and application programs etc., the modem processor mainly handles wireless communications. It can be understood that the above modem processor may not be integrated into the processor.
存储器可用于存储软件程序以及模块,处理器通过运行存储在存储器的计算机程序以及模块,从而执行各种功能应用以及数据处理。存储器可主要包括存储程序区和存储数据区,其中,存储程序区可存储操作系统、至少一个功能所需的应用程序等;存储数据区可存储根据终端的使用所创建的数据等。此外,存储器可以包括高速随机存取存储器,还可以包括非易失性存储器,例如至少一个磁盘存储器件、闪存器件、或其他易失性固态存储器件。相应地,存储器还可以包括存储器控制器,以提供处理器和输入单元对存储器的访问。The memory can be used to store software programs and modules, and the processor executes various functional applications and data processing by running the computer programs and modules stored in the memory. The memory may mainly include a stored program area and a stored data area, wherein the stored program area may store an operating system, at least one application required for a function, etc.; the stored data area may store data created based on the use of the terminal, etc. In addition, the memory may include high-speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid-state storage device. Accordingly, the memory may also include a memory controller to provide the processor and the input unit with access to the memory.
以上对本申请实施例所提供的报文传输方法、组网系统及接入云网关进行了详细介绍,本文中应用了具体个例对本申请的原理及实施方式进行了阐述,以上实施例的说明只是用于帮助理解本申请的方法及其核心思想;同时,对于本领域的技术人员,依据本申请的思想,在具体实施方式及应用范围上均会有改变之处,综上所述,本说明书内容不应理解为对本申请的限制。The above is a detailed introduction to the message transmission method, networking system and access cloud gateway provided by the embodiments of this application. This article uses specific examples to illustrate the principles and implementation methods of this application. The description of the above embodiments is only It is used to help understand the methods and core ideas of this application; at the same time, for those skilled in the art, there will be changes in the specific implementation and application scope based on the ideas of this application. In summary, this specification The contents should not be construed as limitations on this application.
Claims (7)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310676715.8A CN116436729B (en) | 2023-06-08 | 2023-06-08 | Message transmission method, networking system and access cloud gateway |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310676715.8A CN116436729B (en) | 2023-06-08 | 2023-06-08 | Message transmission method, networking system and access cloud gateway |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116436729A CN116436729A (en) | 2023-07-14 |
| CN116436729B true CN116436729B (en) | 2023-09-08 |
Family
ID=87083544
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310676715.8A Active CN116436729B (en) | 2023-06-08 | 2023-06-08 | Message transmission method, networking system and access cloud gateway |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116436729B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN119211199B (en) * | 2024-09-18 | 2025-10-31 | 中移(杭州)信息技术有限公司 | Method, device, equipment and storage medium for distributing user equipment IP address |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111404797A (en) * | 2019-01-02 | 2020-07-10 | 中国移动通信有限公司研究院 | Control method, SDN controller, SDN access point, SDN gateway and CE |
| CN112311645A (en) * | 2019-07-31 | 2021-02-02 | 中兴通讯股份有限公司 | Method, system and first GW for realizing DCI three-layer communication |
| CN113207192A (en) * | 2021-03-29 | 2021-08-03 | 新华三信息安全技术有限公司 | Message forwarding method and device |
| CN113660151A (en) * | 2021-08-09 | 2021-11-16 | 中国电信股份有限公司 | L2VPN cross-service communication method, device, electronic equipment and readable medium |
| CN113660164A (en) * | 2020-05-12 | 2021-11-16 | 华为技术有限公司 | A message forwarding method and network device |
| CN114221895A (en) * | 2020-09-04 | 2022-03-22 | 华为技术有限公司 | Data transmission method, device and network equipment |
| CN114760248A (en) * | 2020-12-28 | 2022-07-15 | 北京华为数字技术有限公司 | Message transmission method, device and system |
| CN115426296A (en) * | 2022-08-31 | 2022-12-02 | 杭州云合智网技术有限公司 | Method, device, equipment and medium for confirming communication under EVPN VPWS dual-homing dual-activity |
| CN115695306A (en) * | 2022-10-27 | 2023-02-03 | 北京星网锐捷网络技术有限公司 | Message transmission system, method, device, equipment and medium |
| CN115811499A (en) * | 2021-09-11 | 2023-03-17 | 华为技术有限公司 | Method and equipment for designated forwarder DF election |
| CN115914087A (en) * | 2021-09-30 | 2023-04-04 | 华为技术有限公司 | Message forwarding method, device, equipment, system and storage medium |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10506083B2 (en) * | 2017-06-27 | 2019-12-10 | Cisco Technology, Inc. | Segment routing gateway storing segment routing encapsulating header used in encapsulating and forwarding of returned native packet |
| US10958570B2 (en) * | 2019-04-04 | 2021-03-23 | Cisco Technology, Inc. | Interoperability between symmetric and asymmetric EVPN IRB modes |
-
2023
- 2023-06-08 CN CN202310676715.8A patent/CN116436729B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111404797A (en) * | 2019-01-02 | 2020-07-10 | 中国移动通信有限公司研究院 | Control method, SDN controller, SDN access point, SDN gateway and CE |
| CN112311645A (en) * | 2019-07-31 | 2021-02-02 | 中兴通讯股份有限公司 | Method, system and first GW for realizing DCI three-layer communication |
| CN113660164A (en) * | 2020-05-12 | 2021-11-16 | 华为技术有限公司 | A message forwarding method and network device |
| CN114221895A (en) * | 2020-09-04 | 2022-03-22 | 华为技术有限公司 | Data transmission method, device and network equipment |
| CN114760248A (en) * | 2020-12-28 | 2022-07-15 | 北京华为数字技术有限公司 | Message transmission method, device and system |
| CN113207192A (en) * | 2021-03-29 | 2021-08-03 | 新华三信息安全技术有限公司 | Message forwarding method and device |
| CN113660151A (en) * | 2021-08-09 | 2021-11-16 | 中国电信股份有限公司 | L2VPN cross-service communication method, device, electronic equipment and readable medium |
| CN115811499A (en) * | 2021-09-11 | 2023-03-17 | 华为技术有限公司 | Method and equipment for designated forwarder DF election |
| CN115914087A (en) * | 2021-09-30 | 2023-04-04 | 华为技术有限公司 | Message forwarding method, device, equipment, system and storage medium |
| CN115426296A (en) * | 2022-08-31 | 2022-12-02 | 杭州云合智网技术有限公司 | Method, device, equipment and medium for confirming communication under EVPN VPWS dual-homing dual-activity |
| CN115695306A (en) * | 2022-10-27 | 2023-02-03 | 北京星网锐捷网络技术有限公司 | Message transmission system, method, device, equipment and medium |
Non-Patent Citations (1)
| Title |
|---|
| 城域网间异厂家跨域SRv6实践;朱明星;杨世标;;电子测试(09);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116436729A (en) | 2023-07-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7489700B2 (en) | Virtual access router | |
| US9166807B2 (en) | Transmission of layer two (L2) multicast traffic over multi-protocol label switching networks | |
| KR102342286B1 (en) | DCN message processing method, network device, and network system | |
| CN103391296B (en) | A kind of controller, transponder and Path Setup method and system | |
| JPH1141272A (en) | Lan internet connection | |
| US20050232263A1 (en) | Communication control apparatus, communication network and method of updating packet transfer control information | |
| EP4016932A1 (en) | Evpn and vpls coexistence method, apparatus, and system | |
| US20040202199A1 (en) | Address resolution in IP interworking layer 2 point-to-point connections | |
| JP2019526983A (en) | Separation of control plane function and transfer plane function of broadband remote access server | |
| JPH098838A (en) | Method and device for lan interconnection | |
| US20090225660A1 (en) | Communication device and operation management method | |
| US11582113B2 (en) | Packet transmission method, apparatus, and system utilizing keepalive packets between forwarding devices | |
| CN105553849A (en) | Conventional IP network and SPTN network intercommunication method and system | |
| CN112583718B (en) | SRv6 message transmission method, system, equipment and medium in SRoU scene | |
| CN101185296B (en) | Method and corresponding device for establishing multi-link access between local network and remote network | |
| CN101499951B (en) | Tunnel configuration method, virtual access node, virtual edge node and system | |
| CN112671650A (en) | End-to-end SR control method, system and readable storage medium under SD-WAN scene | |
| CN113794615A (en) | Message forwarding method and device | |
| CN111756565B (en) | Managing satellite devices within a branched network | |
| CN110199504B (en) | Method and system for enhanced use of switching fabric within central office delivery point | |
| CN116436729B (en) | Message transmission method, networking system and access cloud gateway | |
| CN117811875A (en) | Household intercommunication network access method and device | |
| WO2021169291A1 (en) | Route advertising method, network elements, system, and device | |
| CN112134770A (en) | Network access system based on mutual redundant backup of optical fiber and LTE/5G wireless network | |
| CN101499950B (en) | Service provider backbone transmission ring multicast method, multicast ring network and node equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address |
Address after: 430074 Wuhan East Lake New Technology Development Zone, Wuhan City, Hubei Province, China. Room 01, 4th floor, 5th floor, and 6th floor, Building 2, Phase 6, Optics Valley Software Park, No. 4 Software Park Middle Road Patentee after: Wuhan Green Network Co.,Ltd. Country or region after: China Address before: 430074 room 01, 4 / F, room 01, 5 / F, room 01, 6 / F, building 2, phase 6, optical valley software park, No. 4, Software Park Middle Road, Donghu New Technology Development Zone, Wuhan City, Hubei Province Patentee before: WUHAN GREENET INFORMATION SERVICE Co.,Ltd. Country or region before: China |
|
| CP03 | Change of name, title or address | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: Message transmission methodnetworking systemaccess cloud gateway Granted publication date: 20230908 Pledgee: Guanggu Branch of Wuhan Rural Commercial Bank Co.,Ltd. Pledgor: Wuhan Green Network Co.,Ltd. Registration number: Y2025980059489 |