[go: up one dir, main page]

WO2019134637A1 - Method, device, and system for multi-type network virtualization overlay interconnection - Google Patents

Method, device, and system for multi-type network virtualization overlay interconnection Download PDF

Info

Publication number
WO2019134637A1
WO2019134637A1 PCT/CN2019/070052 CN2019070052W WO2019134637A1 WO 2019134637 A1 WO2019134637 A1 WO 2019134637A1 CN 2019070052 W CN2019070052 W CN 2019070052W WO 2019134637 A1 WO2019134637 A1 WO 2019134637A1
Authority
WO
WIPO (PCT)
Prior art keywords
host
gateway
reachability information
edge device
virtual edge
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2019/070052
Other languages
French (fr)
Chinese (zh)
Inventor
敖婷
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Publication of WO2019134637A1 publication Critical patent/WO2019134637A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/70Admission control; Resource allocation
    • H04L47/82Miscellaneous aspects
    • H04L47/825Involving tunnels, e.g. MPLS

Definitions

  • the present disclosure relates to, but is not limited to, the field of data communications.
  • NVO Network Virtualization Overlay
  • a method of multi-type cascading virtual network interconnection including a conversion gateway, a first virtual edge device supporting a first tunnel type, and a second virtual layer supporting a second tunnel type
  • the edge device includes: when the first host connected to the first virtual edge device needs to send a data packet to the second host connected to the second virtual edge device, the first virtual edge device The data packet is encapsulated to obtain a first encapsulated packet, and is sent to the translation gateway. After the decapsulation of the first encapsulated packet, the translation gateway determines to reach the second host.
  • the host can obtain the second encapsulated packet and send it to the local device according to the reachability information of the host that is used to reach the second host, and the data packet obtained by the decapsulation is re-encapsulated.
  • the second virtual edge device is configured to send the second encapsulated packet to the second host after decapsulating the second encapsulated packet.
  • a method of multi-type cascading virtual network interconnection including a translation gateway for message forwarding and a plurality of virtual edge devices supporting different tunnel types, the method including Transmitting, to the cascading virtual network, host reachability information for a host connected to each of the virtual edge device connections; transmitting gateway reachability information for reaching the translation gateway to the cascading virtual network; Data packets that need to be exchanged between the hosts are encapsulated and sent by the host reachability information of the host used to reach the connection of each of the virtual edge devices and the gateway reachability information used to reach the conversion gateway.
  • a multi-type cascading virtual network interconnection conversion gateway including the conversion gateway, a first virtual edge device supporting a first tunnel type, and a second tunnel type supporting a second virtual edge device
  • the conversion gateway includes a packet receiving module, a destination reachability determining module, and a package forwarding module, where the first host connected to the first virtual edge device needs to be sent to the second virtual edge device
  • the packet receiving module receives the first encapsulated packet that is obtained by the first virtual edge device to encapsulate and send the data packet, and the destination is reachable.
  • the module decapsulates the first encapsulated packet, and determines host reachability information used to reach the second host, and the encapsulated forwarding module is configured according to the reachability information of the host used to reach the second host.
  • the data packet obtained by the decapsulation is re-encapsulated to obtain a second encapsulated packet, and sent to the second virtual edge device.
  • a system for interconnecting multiple types of cascading virtual networks includes a conversion gateway, a first virtual edge device supporting a first tunnel type, and a second virtual edge device supporting a second tunnel type, where When the first host connected to the first virtual edge device needs to send a data packet to the second host connected to the second virtual edge device, the first virtual edge device is used to arrive through the conversion gateway.
  • FIG. 1 is a schematic diagram of a topology structure of a cascading virtual network
  • 2A, 2B, and 2C are three package form diagrams of a current stacked virtual network
  • FIG. 3 is a flow diagram of a method of multi-type cascading virtual network interconnections in accordance with an embodiment of the present disclosure
  • FIG. 4 is a block diagram showing a structure of a conversion gateway of a multi-type cascading virtual network interconnection according to an embodiment of the present disclosure
  • FIG. 5 is a flow chart of a control protocol for multiple types of cascading virtual network interconnections in accordance with an embodiment of the present disclosure
  • FIG. 6 is a schematic diagram of a host accessing a cascading virtual network in accordance with an embodiment of the present disclosure
  • FIG. 7 is a first connection diagram of a host access cascading virtual network control plane according to an embodiment of the present disclosure
  • FIG. 8 is a second connection diagram of a host access cascading virtual network control plane according to an embodiment of the present disclosure.
  • NVO overlay-based cascading virtual network
  • VNs virtual networks
  • Each tenant can use the same address space in different VNs.
  • Each tenant can have multiple VNs, but the traffic between each VN cannot flow freely and needs to be implemented through routers, security gateways, and so on.
  • NVO can solve virtual machine migration and multi-tenancy problems without changing the existing network, and only need to add gateway devices to effectively protect user investment.
  • a common topology diagram of NVO is shown in Figure 1.
  • the edge device accessing the network by the terminal TS needs to be virtualized, the packet of the terminal TS is identified, and the packet is encapsulated and then transmitted to the traditional network for transmission.
  • a variety of more common technologies such as VXLAN, NVGRE, GENEVE, GUE, and MPLSoGRE, can support Layer 2 packets to access Layer 3 network transmission and Layer 3 packet access.
  • Three-tier network Three-tier network.
  • the cascading virtual network includes a conversion gateway, a first virtual edge device NVE1 supporting the first tunnel type, and a second virtual edge device NVE2 supporting the second tunnel type (see FIG. 6).
  • the method includes steps S101 to S104.
  • step S101 when the first host connected to the NVE1 needs to send a data packet to the second host connected to the NVE2, the NVE1 encapsulates the data packet to obtain the first encapsulated packet, and sends the packet to the translation gateway.
  • step S102 after the decapsulation of the first encapsulated packet, the translation gateway determines the reachability information of the host used to reach the second host.
  • the switching gateway decapsulates the first encapsulated packet according to the first tunnel type to obtain the data packet. Then, according to the destination address and/or the virtual network identifier carried in the data packet obtained by the decapsulation, the host reachability information used to reach the second host is queried.
  • the switching gateway re-encapsulates the data packet obtained after decapsulation according to the reachability information of the host that is used to reach the second host, and obtains the second encapsulated packet, and sends the packet to the NVE2.
  • the switching gateway determines a second tunnel type for encapsulating the data packet according to the host reachability information used to reach the second host, and according to the second tunnel type, The data packet is encapsulated to obtain the second encapsulated packet.
  • step S104 the NVE2 decapsulates the second encapsulated packet, obtains the data packet, and sends the data packet to the second host.
  • the NVE2 may decapsulate the second encapsulated packet according to the second tunnel type to obtain the data packet.
  • control mode can be distributed or centralized.
  • the cascading virtual network further includes a centralized controller
  • the method may further include: the centralized controller receives the NVE1, the NVE2, and the translation gateway respectively sent to reach the first Host reachability information of a host, host reachability information for reaching the second host, and gateway reachability information for reaching the conversion gateway; the centralized controller will receive the host for reaching the second host The reachable information is sent to the conversion gateway; and the centralized controller generates, according to the host reachability information used to reach the second host, and the reachability information of the gateway used to reach the conversion gateway, to be used to arrive via the conversion gateway.
  • the host reachability information of the second host is sent to the NVE1, so that the NVE1 can encapsulate the data packet according to the host reachability information used to reach the second host via the switch gateway, to obtain the first Encapsulate the message.
  • the method may further include: the switching gateway sends the gateway reachability information to the NVE1 and/or the NVE2, and receives the host sent by the NVE1 to reach the first host. Up to the information and/or the reachability information sent by the NVE2 to reach the second host; and/or the NVE2 sends the host reachability information used to reach the second host to the NVE1, and receives the NVE1 for sending To reach the host reachability information of the first host.
  • the NVE1 may determine, according to the received gateway reachability information and host reachability information used to reach the second host, host reachability information used to reach the second host via the translation gateway.
  • the NVE1 may then encapsulate the data packet according to the host reachability information used to reach the second host by using the translation gateway to obtain the first encapsulated packet.
  • the host reachability information used to reach the first host may include an address of the first host, an address of the NVE1, an identifier of the virtual network where the NVE1 is located, the first tunnel type, and the first host carrying element
  • At least one of the information of the data the host reachability information used to reach the second host may include an address of the second host, an address of the NVE2, an identifier of the virtual network where the NVE2 is located, and the second tunnel type.
  • at least one of the information that the second host carries the metadata, and the gateway reachability information used to reach the translation gateway may include an address of the translation gateway, an identifier of the virtual network where the conversion gateway is located, and a tunnel type supported by the conversion gateway. At least one of them.
  • devices using different cascading technologies can be accessed in the same cascading virtual network, so that different hosts are no longer limited by the implementation scheme, and all can be accessed.
  • cascading virtual network multiple access solutions are supported to increase network availability and compatibility.
  • an embodiment of the present disclosure may further provide a storage medium on which a program of a plurality of types of cascading virtual network interconnections is stored, and the program of the multi-type cascading virtual network interconnection is implemented by a processor to implement the foregoing multi-type The steps of the method of cascading virtual network interconnections.
  • the cascading virtual network includes the conversion gateway, a first virtual edge device NVE1 supporting a first tunnel type, and a second virtual edge device NVE2 supporting a second tunnel type.
  • the conversion gateway includes a message receiving module, a destination reachability determining module, and a package forwarding module.
  • the packet receiving module receives the first encapsulated packet obtained by the NVE1 to encapsulate and send the data packet, and the destination can be determined.
  • the module decapsulates the first encapsulated packet, and determines host reachability information used to reach the second host, and the encapsulation forwarding module solves the solution according to the reachability information of the host used to reach the second host.
  • the data packet obtained after the encapsulation is re-encapsulated to obtain a second encapsulated packet and sent to the NVE2.
  • the functions of the packet receiving module, the destination reachability determining module, and the package forwarding module may be implemented by a processor and a memory. Further, embodiments of the present disclosure may further provide an apparatus for interconnecting multiple types of cascading virtual networks, including a processor and a memory coupled to the processor, where the memory is stored to be run on the processor A computer program that, when executed by the processor, performs a method of multi-type cascading virtual network interconnections in accordance with various embodiments of the present disclosure.
  • a cascading virtual network includes a translation gateway for message forwarding and a plurality of virtual edge devices (NVEs) supporting different tunnel types.
  • NVEs virtual edge devices
  • control protocol flow may include steps S201 to S203.
  • step S201 host reachability information for the host that arrives at each NVE connection is sent to the cascading virtual network.
  • each NVE when performing step S201, each NVE sends the host reachability information for reaching the host to which it is connected to the centralized controller in the cascaded virtual network.
  • each NVE when performing step S201, each NVE sends the host reachability information used to reach its connected host to other NVEs in the cascading virtual network.
  • the host reachability information may include at least one of an address of the host to which the NVE is connected, an address of the NVE, an identifier of the virtual network where the NVE is located, a tunnel type supported by the NVE, and a metadata type.
  • gateway reachability information for reaching the translation gateway is sent to the cascading virtual network.
  • the conversion gateway when performing step S202, sends the gateway reachability information used to reach itself to the centralized controller in the cascading virtual network.
  • the switching gateway when performing step S202, sends the gateway reachability information used to reach itself to each NVE in the cascading virtual network.
  • the gateway reachability information may include at least one of an address of the conversion gateway, an identifier of the virtual network in which the conversion gateway is located, and a tunnel type supported by the conversion gateway.
  • step S203 the data reachable information between the hosts is encapsulated and transmitted by using the host reachability information of the host used to reach each NVE connection and the gateway reachability information used to reach the conversion gateway.
  • the centralized controller when performing step S203: connects to each NVE according to the host reachability information of the host used to reach each NVE connection and the gateway reachability information used to reach the conversion gateway.
  • the host determines the host reachability information of the host used to reach other NVE connections via the translation gateway and sends it to each NVE; each NVE can be based on the host reachability information of the host used to reach other NVE connections via the translation gateway,
  • the data packet sent to the host connected to the other virtual edge device is encapsulated and sent to the translation gateway;
  • the centralized controller sends the received host reachability information of the host used to reach each NVE connection to the translation gateway;
  • the conversion gateway generates a host reachability information table according to the received host reachability information of the host connected to each of the virtual edge devices, and sends the package to each NVE according to the host reachability information table. After the data packet is decapsulated, it is re-encapsulated and forwarded to the other NVE.
  • the host reachability information used to reach the hosts of other NVE connections via the translation gateway may include the first tunnel type and the address of the translation gateway.
  • each NVE when performing step S203: each NVE generates another host reachability information table according to the host reachability information of the host used to reach the other NVE connection, and according to the other host reachability information
  • the data packet of the host sent to the other NVE connection is encapsulated and sent to the conversion gateway; and the conversion gateway generates the host reachability information according to the host reachability information of the host used to reach each NVE connection.
  • the encapsulated data packet sent by each NVE is decapsulated and then re-encapsulated and forwarded to the other NVEs according to the host reachability information table.
  • the embodiment of the present disclosure further provides a system for interconnecting multiple types of cascading virtual networks, including a conversion gateway, an NVE1 supporting a first tunnel type, and an NVE2 supporting a second tunnel type, wherein when the first host connected by the NVE1 needs to When the second host connected to the NVE2 sends a data packet, the NVE1 encapsulates the data packet according to the reachability information of the host that is used to reach the NVE2 through the translation gateway, and obtains the first encapsulated packet and sends the packet to the translation gateway.
  • the switching gateway decapsulates the first encapsulated packet, and determines host reachability information used to reach the second host, and decapsulates according to the reachability information of the host used to reach the second host.
  • the obtained data packet is re-encapsulated to obtain a second encapsulated packet, and is sent to the NVE2, and the NVE2 sends the second encapsulated packet to the second host after decapsulating the second encapsulated packet.
  • the system according to the embodiment of the present disclosure can communicate with the NVEs supporting different tunnel types by using the control protocol and the forwarding process provided by the embodiments of the present disclosure, so as to implement packet exchange between the two NVE-connected hosts.
  • FIG. 6 is a schematic diagram of a host accessing a cascading virtual network in accordance with an embodiment of the present disclosure.
  • embodiments of the present disclosure provide a specific scheme for implementing interconnection of multiple cascading technologies, and provide data planes and control planes. Complete program.
  • the NVE of the cascading virtual network sends the reachability information of each station TS through the control protocol, and the tunnel capability of the NVE and the ability to carry metadata.
  • the tunnel capability refers to the encapsulation format of data packets used by the interface of the edge device of the network, such as VXLAN, GPE, and GENEVE.
  • the capability of carrying the metadata refers to some information carried in the packet header of the tunnel, which may be the type and quantity of metadata supported by the tunnel.
  • the control protocol indicates that no metadata type is supported.
  • Control protocols can be distributed or centralized.
  • a transformation gateway (Transformer NVE, tNVE) may be set in the cascading virtual network, which may be a dedicated gateway or a specific cascading virtual network edge device.
  • the conversion gateway tNVE also serves as the NVE to send its tunnel type advertisement and metadata capability notification reachability information, and if necessary, can also forward the reachability information of other sites to which it is connected.
  • each NVE comprehensively determines whether the destination node can be transmitted through the cascading virtual network according to the received reachability information, tunnel capability, and metadata capabilities.
  • the conversion gateway can form different subnets with each edge device.
  • it can also be implemented by such a conversion gateway.
  • the conversion gateway tNVE can be specified by configuration or by the control protocol after collecting all NVE capabilities.
  • the conversion gateway can be centralized or distributed by multiple NVEs.
  • the conversion gateway tNVE is different from the cascade gateway (not shown), which is used for communication between different virtual networks, and the conversion gateway is used to connect different tunnels.
  • the cascade gateway not shown
  • the conversion gateway tNVE and the cascade gateway can be implemented on the same device.
  • the specific operation of the conversion gateway tNVE includes: after the conversion gateway tNVE receives the tunnel data traffic; de-tunes the encapsulation; performs a table lookup on the host reachability information table in the conversion gateway tNVE; and according to the destination address and the virtual network ID in the host data traffic (VNID) Query reachable information. If the reachable information is found, the destination is reachable. The packet can be forwarded to the corresponding card or port of the device that supports the tunnel according to the tunnel information in the reachable information table, and the data packet is received. Re-encapsulation, re-select the new reachable tunnel for forwarding, so that data traffic can be forwarded according to the tunnel encapsulation.
  • VNID host data traffic
  • FIG. 7 is a first connection diagram of a host access cascading virtual network control plane according to an embodiment of the present disclosure.
  • Each edge device (NVE1 to NVE6) of the cascading virtual network transmits reachability information of the host to which it is connected through the control protocol of the network, including address mapping, tunnel type, and metadata information of the host and the network.
  • the information carried in the control protocol of the edge device NVE1 is as shown in Table 1.
  • VXLAN-GPE does not support metadata
  • the metadata package here is filled with NULL.
  • the information carried in the control protocol sent by the edge device NVE2 is shown in Table 2.
  • VNIDx Tunnel type GENEVE Metadata type NULL
  • the metadata type carried here is the metadata information required when the host TS is the destination host. Some metadata information is optional, and some are mandatory.
  • the control protocol carries the communication with the host TS2.
  • the metadata information there is no necessary option in this embodiment, so NULL is also filled here.
  • the information carried in the control protocol sent by the edge device NVE3 is shown in Table 3.
  • the conversion gateway tNVE also publishes its own tunnel encapsulation information and other reachable information through the control protocol, as shown in Table 4.
  • NVE address IPt Virtual network identification VNIDa-VNIDb Tunnel type GUE, GENEVE, VXLAN-GPE
  • the virtual network identifier here is a range of VNIDs.
  • the conversion gateway tNVE can belong to all VNIDs in order to connect as many different hosts as possible.
  • it belongs to a VNID range, that is, VNIDa-VNIDb.
  • the conversion gateway tNVE may be a dedicated device or an NVE device, and the NVE device may configure itself as a function of converting the gateway tNVE, or may be a virtual network control entity (NVA).
  • the NVE device is designated as the role of the translation gateway tNVE.
  • each edge device NVE sends the reachability information of the connected host to the centralized controller (ie, NVA), so that the centralized controller NVA obtains the reachability information of the entire network host.
  • the centralized controller ie, NVA
  • the reachable information can be actively sent to other edge devices (such as NVE1, NVE2, NVE3, ...), or can be sent through the cascading virtual network as needed.
  • the edge device NVE obtains the request for the reachability information of a certain host, the reachable information is sent to the requested edge device NVE.
  • the centralized controller NVA collects all the host reachability information, it actively informs the reachable information of different hosts of the NVEs of the edge devices, and notifies the host reachability of the same virtual network.
  • the host TS1 sends a message to the host TS2 as an example to describe the control plane protocol in detail, and how the conversion gateway tNVE implements interworking between different packaging technologies.
  • Hosts TS1 and TS2 belong to the same virtual network VNIDx. In principle, they should be able to communicate with each other. However, host TS1 can only be forwarded by edge device NVE1 to implement VXLAN-GPE, while host TS2 can only be forwarded by edge device NVE2 to implement GENEVE. tNVE to achieve interoperability between the two.
  • the centralized controller NVA can detect that the edge devices NVE1 and NVE2 cannot communicate with each other. Therefore, the centralized controller NVA sends the reachability information of the host TS2 connected to the edge device NVE2 to the edge device NVE1.
  • the reachability information of the host TS2 sent by the centralized controller NVA to the edge device NVE1 is shown in Table 5.
  • the reachability information of the host TS2 is basically the same as that of the edge device NVE2 sent to the centralized controller NVA, except that the NVE address is changed to the address of the conversion gateway tNVE, that is, IPt, and the host TS1 is notified to be encapsulated by the VXLAN-GPE.
  • the data message is forwarded to the host TS2.
  • the reachable information of the host TS2 sent by the centralized controller NVA to the conversion gateway tNVE is as shown in Table 6.
  • the reachability information of the host TS2 here is the same as that of the edge device NVE2 sent to the centralized controller NVA.
  • the conversion gateway tNVE is known by the reachability information, and needs to encapsulate the data packet to be sent to the host TS2 through GENEVE and then send it to the edge device NVE2.
  • the switch gateway tNVE stores each host reachability information table. As shown in Table 7, the host reachable information table is used to forward the corresponding message.
  • the data packet sent by the host TS1 to the host TS2 is forwarded in the cascading virtual network according to the encapsulation of the VXLAN-GPE, and then tunneled by the conversion gateway tNVE lookup table and transmitted to the host TS2.
  • the data packet sent by the host TS2 to the host TS1 is forwarded in the cascading virtual network according to the encapsulation of the GENEVE, and then tunneled by the conversion gateway tNVE lookup table and then sent to the host TS1, thereby realizing the same through the conversion gateway tNVE. Interworking between two virtual networks.
  • the centralized controller NVA Before sending the reachable information, the centralized controller NVA first needs to judge whether the hosts TS1 and TS3 have interoperability. . In this embodiment, the hosts TS1 and TS3 belong to the same virtual network, but because the requirements for metadata are inconsistent, that is, the host TS3 needs to have a security key, and the host TS1 cannot provide the metadata. It is determined that the hosts TS1 and TS3 cannot communicate directly. Therefore, the centralized controller NVA does not deliver the reachability information of the hosts TS3 and TS1 to the edge devices NVE1 and NVE3.
  • FIG. 8 is a second connection diagram of a host access cascading virtual network control plane according to an embodiment of the present disclosure.
  • Each edge device (NVE1 to NVE6) of the cascading virtual network sends the reachability information of the connected host to other edge devices through the distributed control protocol of the network, including address mapping, tunnel type, and metadata information of the host and the network.
  • the information carried in the control protocols of the edge devices NVE1 to NVE3 and the information carried in the control protocol of the switching gateway tNVE are the same as those described with reference to FIG. 7, as shown in Tables 8 to 11, respectively.
  • NVE address IPt Virtual network identification VNIDa-VNIDb Tunnel type GUE, GENEVE, VXLAN-GPE
  • each edge device NVE sends the reachability information of the connected host to the other edge devices NVE in the network, and each edge device NVE maintains the reachability information sent by other edge devices NVE. Thus, each edge device NVE obtains reachability information of other hosts in the network.
  • the edge device NVE1 obtains the reachability information of other hosts, as shown in Table 12.
  • the edge device NVE1 finds the host TS2 according to the reachability information of the above table, but the edge device NVE1 only supports the VXLAN-GPE mode. Therefore, the edge device NVE1 first encapsulates the packet in the VXLAN-GPE manner according to the reachability information table, and sets the destination address of the outer tunnel to IPt (that is, the address of the translation gateway tNVE), and then forwards the support through the tunnel. VXLAN-GPE conversion gateway tNVE.
  • the host reachability information table of other host devices in the network is also obtained, as shown in Table 13.
  • the conversion gateway tNVE receives the data packet from the host TS1 to be sent to the host TS2 through the VXLAN-GPE tunnel, decapsulates the data packet, finds the above reachable information table, and finds the host address MAC2 of the host TS2.
  • the packet is forwarded to the GENEVE-enabled board or port, and the packet is encapsulated by GENEVE and forwarded to the host TS2 through the GENEVE tunnel.
  • the data packet sent by the host TS2 to the host TS1 can also be sent to the host TS1 through the conversion gateway tNVE, thereby implementing interworking between the same virtual network through the conversion gateway tNVE.
  • the embodiments of the present disclosure can access different tunnel technologies into the cascading virtual network, implement interconnection and intercommunication between multiple tunnels, and improve network availability and scalability.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present disclosure provides a method, a device, and a system for multi-type network virtualization overlay interconnection. The method comprises: when a first host connected to a first network virtualization edge needs to send a data packet to a second host connected to a second network virtualization edge, the first network virtualization edge encapsulating the data packet to obtain a first encapsulated packet, and sending the same to a conversion gateway; after decapsulating the first encapsulated packet, the conversion gateway determining host reachability information for reaching the second host; the conversion gateway again encapsulating, according to the host reachability information for reaching the second host, the data packet obtained after decapsulation, to obtain a second encapsulated packet, and sending the same to the second network virtualization edge; and the second network virtualization edge decapsulating the second encapsulated packet and then sending the same to the second host.

Description

多类型的层叠虚拟网络互连的方法、装置及系统Method, device and system for multi-type cascading virtual network interconnection 技术领域Technical field

本公开涉及(但不限于)数据通讯领域。The present disclosure relates to, but is not limited to, the field of data communications.

背景技术Background technique

随着数据中心服务器虚拟化技术的大量使用,虚拟机数量猛增,并且在混合云和公有云数据中心,需要提供海量租户支持,传统网络无法满足需求。为了能够满足多租户的需求,提出了一种基于层叠的层叠虚拟网络(Network Virtualization Overlay,NVO)技术。With the massive use of data center server virtualization technology, the number of virtual machines has soared, and in hybrid and public cloud data centers, massive tenant support is needed, and traditional networks cannot meet the demand. In order to meet the needs of multi-tenancy, a layered cascaded virtual network (Network Virtualization Overlay (NVO) technology is proposed.

一般来说,在数据中心网络中,要求同一网络中的设备遵循相同的技术实现,从而实现他们的互连互通,但这个要求对于网络边缘越来越接近用户侧越来越难以实现。接入同一数据中心网络的设备将更加多样化,为了包容这样的趋势,需要为不同虚拟隧道技术之间的互连提供保障。Generally speaking, in a data center network, devices in the same network are required to follow the same technical implementation to achieve their interconnection, but this requirement is increasingly difficult to achieve for the network edge to be closer to the user side. Devices that access the same data center network will be more diverse. To accommodate this trend, it is necessary to provide protection for interconnection between different virtual tunnel technologies.

发明内容Summary of the invention

根据本公开实施例,提供一种多类型的层叠虚拟网络互连的方法,所述层叠虚拟网络包括转换网关、支持第一隧道类型的第一虚拟边缘设备和支持第二隧道类型的第二虚拟边缘设备,所述方法包括:当所述第一虚拟边缘设备连接的第一主机需要向所述第二虚拟边缘设备连接的第二主机发送数据报文时,所述第一虚拟边缘设备对所述数据报文进行封装,得到第一封装报文,并发送至所述转换网关;所述转换网关在对所述第一封装报文进行解封装后,确定用来到达所述第二主机的主机可达信息;所述转换网关根据用来到达所述第二主机的主机可达信息,对解封装后得到的所述数据报文进行再次封装,得到第二封装报文,并发送至所述第二虚拟边缘设备;以及所述第二虚拟边缘设备在对所述第二封装报文进行解封装后发送至所述第二主机。According to an embodiment of the present disclosure, there is provided a method of multi-type cascading virtual network interconnection, the cascading virtual network including a conversion gateway, a first virtual edge device supporting a first tunnel type, and a second virtual layer supporting a second tunnel type The edge device, the method includes: when the first host connected to the first virtual edge device needs to send a data packet to the second host connected to the second virtual edge device, the first virtual edge device The data packet is encapsulated to obtain a first encapsulated packet, and is sent to the translation gateway. After the decapsulation of the first encapsulated packet, the translation gateway determines to reach the second host. The host can obtain the second encapsulated packet and send it to the local device according to the reachability information of the host that is used to reach the second host, and the data packet obtained by the decapsulation is re-encapsulated. The second virtual edge device is configured to send the second encapsulated packet to the second host after decapsulating the second encapsulated packet.

根据本公开实施例,提供一种多类型的层叠虚拟网络互连的方 法,所述层叠虚拟网络包括用于报文转发的转换网关和支持不同隧道类型的多个虚拟边缘设备,所述方法包括:将用来到达每个所述虚拟边缘设备连接的主机的主机可达信息发送至所述层叠虚拟网络;将用来到达所述转换网关的网关可达信息发送至所述层叠虚拟网络;以及利用用来到达每个所述虚拟边缘设备连接的主机的主机可达信息和用来到达所述转换网关的网关可达信息,对在各个主机间需要交互的数据报文进行封装和发送。In accordance with an embodiment of the present disclosure, a method of multi-type cascading virtual network interconnection is provided, the cascading virtual network including a translation gateway for message forwarding and a plurality of virtual edge devices supporting different tunnel types, the method including Transmitting, to the cascading virtual network, host reachability information for a host connected to each of the virtual edge device connections; transmitting gateway reachability information for reaching the translation gateway to the cascading virtual network; Data packets that need to be exchanged between the hosts are encapsulated and sent by the host reachability information of the host used to reach the connection of each of the virtual edge devices and the gateway reachability information used to reach the conversion gateway.

根据本公开实施例,提供一种多类型的层叠虚拟网络互连的转换网关,所述层叠虚拟网络包括所述转换网关、支持第一隧道类型的第一虚拟边缘设备和支持第二隧道类型的第二虚拟边缘设备,所述转换网关包括报文接收模块、目的可达确定模块和封装转发模块,其中,当所述第一虚拟边缘设备连接的第一主机需要向所述第二虚拟边缘设备连接的第二主机发送数据报文时,所述报文接收模块接收所述第一虚拟边缘设备对所述数据报文进行封装而得到并发送的第一封装报文,所述目的可达确定模块对所述第一封装报文进行解封装,并确定用来到达所述第二主机的主机可达信息,并且所述封装转发模块根据用来到达所述第二主机的主机可达信息,对解封装后得到的所述数据报文进行再次封装,得到第二封装报文,并发送至所述第二虚拟边缘设备。According to an embodiment of the present disclosure, there is provided a multi-type cascading virtual network interconnection conversion gateway, the cascading virtual network including the conversion gateway, a first virtual edge device supporting a first tunnel type, and a second tunnel type supporting a second virtual edge device, the conversion gateway includes a packet receiving module, a destination reachability determining module, and a package forwarding module, where the first host connected to the first virtual edge device needs to be sent to the second virtual edge device When the connected second host sends a data packet, the packet receiving module receives the first encapsulated packet that is obtained by the first virtual edge device to encapsulate and send the data packet, and the destination is reachable. The module decapsulates the first encapsulated packet, and determines host reachability information used to reach the second host, and the encapsulated forwarding module is configured according to the reachability information of the host used to reach the second host. The data packet obtained by the decapsulation is re-encapsulated to obtain a second encapsulated packet, and sent to the second virtual edge device.

根据本公开实施例提供的一种多类型的层叠虚拟网络互连的系统,包括转换网关、支持第一隧道类型的第一虚拟边缘设备和支持第二隧道类型的第二虚拟边缘设备,其中,当所述第一虚拟边缘设备连接的第一主机需要向所述第二虚拟边缘设备连接的第二主机发送数据报文时,所述第一虚拟边缘设备根据用来经由所述转换网关到达所述第二主机的主机可达信息,对所述数据报文进行封装,得到第一封装报文,并发送至所述转换网关,所述转换网关对所述第一封装报文进行解封装,并确定用来到达所述第二主机的主机可达信息,并且根据用来到达所述第二主机的主机可达信息,对解封装后得到的所述数据报文进行再次封装,得到第二封装报文,并发送至所述第二虚拟边缘设备,并且所述第二虚拟边缘设备在对所述第二封装报文进行解封 装后发送至所述第二主机。A system for interconnecting multiple types of cascading virtual networks according to an embodiment of the present disclosure includes a conversion gateway, a first virtual edge device supporting a first tunnel type, and a second virtual edge device supporting a second tunnel type, where When the first host connected to the first virtual edge device needs to send a data packet to the second host connected to the second virtual edge device, the first virtual edge device is used to arrive through the conversion gateway. The host-capable information of the second host, the data packet is encapsulated, and the first encapsulated packet is obtained and sent to the translation gateway, where the conversion gateway decapsulates the first encapsulated packet. And determining the host reachability information of the second host, and re-encapsulating the data packet obtained after the decapsulation according to the host reachability information used to reach the second host, to obtain a second Encapsulating the packet and sending the packet to the second virtual edge device, and the second virtual edge device sends the packet to the second encapsulated packet after decapsulating the packet Second host.

附图说明DRAWINGS

图1是层叠虚拟网络的拓扑结构示意图;1 is a schematic diagram of a topology structure of a cascading virtual network;

图2A、图2B和图2C是当前层叠虚拟网络的三种封装形式图;2A, 2B, and 2C are three package form diagrams of a current stacked virtual network;

图3是根据本公开实施例的多类型的层叠虚拟网络互连的方法的流程图;3 is a flow diagram of a method of multi-type cascading virtual network interconnections in accordance with an embodiment of the present disclosure;

图4是根据本公开实施例的多类型的层叠虚拟网络互连的转换网关结构框图;4 is a block diagram showing a structure of a conversion gateway of a multi-type cascading virtual network interconnection according to an embodiment of the present disclosure;

图5是根据本公开实施例的多类型的层叠虚拟网络互连的控制协议流程图;5 is a flow chart of a control protocol for multiple types of cascading virtual network interconnections in accordance with an embodiment of the present disclosure;

图6是根据本公开实施例的主机接入层叠虚拟网络的示意图;6 is a schematic diagram of a host accessing a cascading virtual network in accordance with an embodiment of the present disclosure;

图7是根据本公开实施例的主机接入层叠虚拟网络控制面第一连接示意图;以及7 is a first connection diagram of a host access cascading virtual network control plane according to an embodiment of the present disclosure;

图8是根据本公开实施例的主机接入层叠虚拟网络控制面第二连接示意图。FIG. 8 is a second connection diagram of a host access cascading virtual network control plane according to an embodiment of the present disclosure.

具体实施方式Detailed ways

以下结合附图对本公开的实施例进行详细说明,应当理解,以下所说明的优选实施例仅用于说明和解释本公开,并不用于限定本公开。The embodiments of the present disclosure are described in detail below with reference to the accompanying drawings.

为了能够满足多租户(tenant)的需求,提出了一种基于重叠的层叠虚拟网络(NVO)技术。这种NVO不仅可以支持多租户和多虚拟网络(Virtual Network,VN),而且每个租户之间的地址空间、流量彼此隔离且不可见。各个租户能在不同VN中使用相同的地址空间。每个租户可以拥有多个VN,但是每个VN之间的流量不能自由流动,需要通过路由器、安全网关等才能实现。NVO可以不改动已有网络,仅需增加网关设备,就可以解决虚拟机迁移和多租户问题,有效保护用户投资。NVO的常见拓扑图如图1所示。In order to meet the needs of multi-tenant (tenant), an overlay-based cascading virtual network (NVO) technology is proposed. This kind of NVO can not only support multi-tenancy and multiple virtual networks (VNs), but also the address space and traffic between each tenant are isolated and invisible. Each tenant can use the same address space in different VNs. Each tenant can have multiple VNs, but the traffic between each VN cannot flow freely and needs to be implemented through routers, security gateways, and so on. NVO can solve virtual machine migration and multi-tenancy problems without changing the existing network, and only need to add gateway devices to effectively protect user investment. A common topology diagram of NVO is shown in Figure 1.

为了实现NVO,需要对终端TS接入网络的边缘设备进行虚拟化, 对终端TS的报文做出识别,并对报文做出相应封装后再接入到传统网络中进行传输。针对边缘设备的虚拟化,目前出现了多种较通用的技术,例如VXLAN、NVGRE、GENEVE、GUE、MPLSoGRE等,都可以支持二层报文接入三层网络传输,以及三层报文接入三层网络。这些不同的虚拟化技术都有一定的实现,代表了不同厂家的实现方案,各自有各自的优势和支持者。具体的封装如图2A至图2C所示。In order to implement the NVO, the edge device accessing the network by the terminal TS needs to be virtualized, the packet of the terminal TS is identified, and the packet is encapsulated and then transmitted to the traditional network for transmission. For the virtualization of edge devices, a variety of more common technologies, such as VXLAN, NVGRE, GENEVE, GUE, and MPLSoGRE, can support Layer 2 packets to access Layer 3 network transmission and Layer 3 packet access. Three-tier network. These different virtualization technologies have certain implementations, representing the implementation solutions of different manufacturers, each with its own advantages and supporters. The specific package is shown in Figures 2A to 2C.

一般来说,在数据中心网络中,要求同一网络中的设备遵循相同的技术实现,从而实现他们的互连互通,但这个要求对于网络边缘越来越接近用户侧越来越难以实现。接入同一数据中心网络的设备将更加多样化,为了包容这样的趋势,需要为不同虚拟隧道技术之间的互连提供保障。Generally speaking, in a data center network, devices in the same network are required to follow the same technical implementation to achieve their interconnection, but this requirement is increasingly difficult to achieve for the network edge to be closer to the user side. Devices that access the same data center network will be more diverse. To accommodate this trend, it is necessary to provide protection for interconnection between different virtual tunnel technologies.

图3是根据本公开实施例的多类型的层叠虚拟网络互连的方法的流程图。根据本公开实施例,层叠虚拟网络包括转换网关、支持第一隧道类型的第一虚拟边缘设备NVE1和支持第二隧道类型的第二虚拟边缘设备NVE2(参见图6)。3 is a flow diagram of a method of multiple types of cascading virtual network interconnections in accordance with an embodiment of the disclosure. According to an embodiment of the present disclosure, the cascading virtual network includes a conversion gateway, a first virtual edge device NVE1 supporting the first tunnel type, and a second virtual edge device NVE2 supporting the second tunnel type (see FIG. 6).

如图3所示,所述方法包括步骤S101至S104。As shown in FIG. 3, the method includes steps S101 to S104.

在步骤S101,当NVE1连接的第一主机需要向NVE2连接的第二主机发送数据报文时,NVE1对数据报文进行封装,得到第一封装报文,并发送至转换网关。In step S101, when the first host connected to the NVE1 needs to send a data packet to the second host connected to the NVE2, the NVE1 encapsulates the data packet to obtain the first encapsulated packet, and sends the packet to the translation gateway.

在步骤S102,转换网关在对所述第一封装报文进行解封装后,确定用来到达所述第二主机的主机可达信息。In step S102, after the decapsulation of the first encapsulated packet, the translation gateway determines the reachability information of the host used to reach the second host.

在执行步骤S102时,转换网关根据所述第一隧道类型,对所述第一封装报文进行解封装,得到所述数据报文。然后根据解封装得到的所述数据报文携带的目的地址和/或虚拟网络标识,查询用来到达所述第二主机的主机可达信息。When the step S102 is performed, the switching gateway decapsulates the first encapsulated packet according to the first tunnel type to obtain the data packet. Then, according to the destination address and/or the virtual network identifier carried in the data packet obtained by the decapsulation, the host reachability information used to reach the second host is queried.

在步骤S103,转换网关根据用来到达所述第二主机的主机可达信息,对解封装后得到的所述数据报文进行再次封装,得到第二封装报文,并发送至NVE2。In the step S103, the switching gateway re-encapsulates the data packet obtained after decapsulation according to the reachability information of the host that is used to reach the second host, and obtains the second encapsulated packet, and sends the packet to the NVE2.

在执行步骤S103时,转换网关根据用来到达所述第二主机的主机可达信息,确定用于封装所述数据报文的第二隧道类型,并根据所 述第二隧道类型,对所述数据报文进行封装,得到所述第二封装报文。When performing step S103, the switching gateway determines a second tunnel type for encapsulating the data packet according to the host reachability information used to reach the second host, and according to the second tunnel type, The data packet is encapsulated to obtain the second encapsulated packet.

在步骤S104,NVE2对所述第二封装报文进行解封装,得到所述数据报文,并发送至所述第二主机。NVE2可以根据所述第二隧道类型,对所述第二封装报文进行解封装,得到所述数据报文。In step S104, the NVE2 decapsulates the second encapsulated packet, obtains the data packet, and sends the data packet to the second host. The NVE2 may decapsulate the second encapsulated packet according to the second tunnel type to obtain the data packet.

根据不同的控制协议,控制方式可以分布式的,也可以使集中式的。According to different control protocols, the control mode can be distributed or centralized.

对于集中式控制方式,所述层叠虚拟网络还包括集中控制器,并且在执行步骤S101前,所述方法还可以包括:集中控制器接收NVE1、NVE2和转换网关分别发送的用来到达所述第一主机的主机可达信息、用来到达所述第二主机的主机可达信息和用来到达转换网关的网关可达信息;集中控制器将收到的用来到达所述第二主机的主机可达信息发送至所述转换网关;以及集中控制器根据用来到达所述第二主机的主机可达信息和用来到达转换网关的网关可达信息,生成用来经由所述转换网关到达所述第二主机的主机可达信息,并发送至NVE1,使得NVE1可以根据用来经由转换网关到达所述第二主机的主机可达信息,对所述数据报文进行封装,得到所述第一封装报文。For the centralized control mode, the cascading virtual network further includes a centralized controller, and before performing step S101, the method may further include: the centralized controller receives the NVE1, the NVE2, and the translation gateway respectively sent to reach the first Host reachability information of a host, host reachability information for reaching the second host, and gateway reachability information for reaching the conversion gateway; the centralized controller will receive the host for reaching the second host The reachable information is sent to the conversion gateway; and the centralized controller generates, according to the host reachability information used to reach the second host, and the reachability information of the gateway used to reach the conversion gateway, to be used to arrive via the conversion gateway. The host reachability information of the second host is sent to the NVE1, so that the NVE1 can encapsulate the data packet according to the host reachability information used to reach the second host via the switch gateway, to obtain the first Encapsulate the message.

对于分布式控制方式,在执行步骤S101前,所述方法还可以包括:转换网关将网关可达信息发送至NVE1和/或NVE2,并接收NVE1发送的用来到达所述第一主机的主机可达信息和/或NVE2发送的用来到达所述第二主机的主机可达信息;以及/或者NVE2将用来到达所述第二主机的主机可达信息发送至NVE1,并接收NVE1发送的用来到达所述第一主机的主机可达信息。NVE1可以根据接收的所述网关可达信息和用来到达所述第二主机的主机可达信息,确定用来经由所述转换网关到达所述第二主机的主机可达信息。然后NVE1可以根据用来经由转换网关到达所述第二主机的主机可达信息,对所述数据报文进行封装,得到所述第一封装报文。For the distributed control mode, before performing step S101, the method may further include: the switching gateway sends the gateway reachability information to the NVE1 and/or the NVE2, and receives the host sent by the NVE1 to reach the first host. Up to the information and/or the reachability information sent by the NVE2 to reach the second host; and/or the NVE2 sends the host reachability information used to reach the second host to the NVE1, and receives the NVE1 for sending To reach the host reachability information of the first host. The NVE1 may determine, according to the received gateway reachability information and host reachability information used to reach the second host, host reachability information used to reach the second host via the translation gateway. The NVE1 may then encapsulate the data packet according to the host reachability information used to reach the second host by using the translation gateway to obtain the first encapsulated packet.

用来到达所述第一主机的主机可达信息可以包括所述第一主机的地址、NVE1的地址、NVE1所在的虚拟网络的标识、所述第一隧道类型、以及所述第一主机携带元数据的信息中的至少一个,用来到达所述第二主机的主机可达信息可以包括所述第二主机的地址、NVE2 的地址、NVE2所在的述虚拟网络的标识、所述第二隧道类型、以及所述第二主机携带元数据的信息中的至少一个,并且用来到达转换网关的网关可达信息可以包括转换网关的地址,转换网关所在虚拟网络的标识,以及转换网关支持的隧道类型中的至少一个。The host reachability information used to reach the first host may include an address of the first host, an address of the NVE1, an identifier of the virtual network where the NVE1 is located, the first tunnel type, and the first host carrying element At least one of the information of the data, the host reachability information used to reach the second host may include an address of the second host, an address of the NVE2, an identifier of the virtual network where the NVE2 is located, and the second tunnel type. And at least one of the information that the second host carries the metadata, and the gateway reachability information used to reach the translation gateway may include an address of the translation gateway, an identifier of the virtual network where the conversion gateway is located, and a tunnel type supported by the conversion gateway. At least one of them.

根据本公开的实施例,在同一层叠虚拟网络中可以接入使用不同的层叠技术(即,不同的隧道类型)的设备,使得不同的主机不再受到实现方案的限制,都可以接入到同一个层叠虚拟网络中,支持多样性接入方案,从而提高网络的可用性和兼容性。According to an embodiment of the present disclosure, devices using different cascading technologies (ie, different tunnel types) can be accessed in the same cascading virtual network, so that different hosts are no longer limited by the implementation scheme, and all can be accessed. In a cascading virtual network, multiple access solutions are supported to increase network availability and compatibility.

本领域普通技术人员可以理解,实现上述实施例方法中的全部或部分步骤是可以通过程序来指令相关的硬件来完成,所述的程序可以存储于计算机可读取存储介质中。进一步说,本公开实施例还可以提供一种存储介质,其上存储有多类型层叠虚拟网互连的程序,所述多类型层叠虚拟网互连的程序被处理器执行时实现上述的多类型层叠虚拟网互连的方法的步骤。It will be understood by those skilled in the art that all or part of the steps of the above embodiments may be implemented by a program to instruct related hardware, and the program may be stored in a computer readable storage medium. Further, an embodiment of the present disclosure may further provide a storage medium on which a program of a plurality of types of cascading virtual network interconnections is stored, and the program of the multi-type cascading virtual network interconnection is implemented by a processor to implement the foregoing multi-type The steps of the method of cascading virtual network interconnections.

图4是根据本公开实施例的多类型的层叠虚拟网络互连的转换网关结构框图。根据本公开实施例,层叠虚拟网络包括所述转换网关、支持第一隧道类型的第一虚拟边缘设备NVE1和支持第二隧道类型的第二虚拟边缘设备NVE2。4 is a block diagram of a translation gateway structure of a multi-type cascading virtual network interconnect in accordance with an embodiment of the present disclosure. According to an embodiment of the present disclosure, the cascading virtual network includes the conversion gateway, a first virtual edge device NVE1 supporting a first tunnel type, and a second virtual edge device NVE2 supporting a second tunnel type.

如图4所示,所述转换网关包括报文接收模块、目的可达确定模块和封装转发模块。As shown in FIG. 4, the conversion gateway includes a message receiving module, a destination reachability determining module, and a package forwarding module.

当NVE1连接的第一主机需要向NVE2连接的第二主机发送数据报文时,报文接收模块接收NVE1对所述数据报文进行封装而得到并发送的第一封装报文,目的可达确定模块对所述第一封装报文进行解封装,并确定用来到达所述第二主机的主机可达信息,并且封装转发模块根据用来到达所述第二主机的主机可达信息,对解封装后得到的所述数据报文进行再次封装,得到第二封装报文,并发送至NVE2。When the first host connected to the NVE1 needs to send a data packet to the second host connected to the NVE2, the packet receiving module receives the first encapsulated packet obtained by the NVE1 to encapsulate and send the data packet, and the destination can be determined. The module decapsulates the first encapsulated packet, and determines host reachability information used to reach the second host, and the encapsulation forwarding module solves the solution according to the reachability information of the host used to reach the second host. The data packet obtained after the encapsulation is re-encapsulated to obtain a second encapsulated packet and sent to the NVE2.

上述报文接收模块、目的可达确定模块和封装转发模块的功能可由处理器和存储器实现。进一步说,本公开实施例还可以提供一种多类型层叠虚拟网互连的设备,包括处理器以及与所述处理器耦接的存储器,所述存储器上存储有可在所述处理器上运行的计算机程序, 所述计算机程序被所述处理器执行时,所述处理器执行根据本公开各实施例的多类型的层叠虚拟网络互连的方法。The functions of the packet receiving module, the destination reachability determining module, and the package forwarding module may be implemented by a processor and a memory. Further, embodiments of the present disclosure may further provide an apparatus for interconnecting multiple types of cascading virtual networks, including a processor and a memory coupled to the processor, where the memory is stored to be run on the processor A computer program that, when executed by the processor, performs a method of multi-type cascading virtual network interconnections in accordance with various embodiments of the present disclosure.

图5是根据本公开实施例的多类型的层叠虚拟网络互连的控制协议流程图。根据本公开实施例,层叠虚拟网络包括用于报文转发的转换网关和支持不同隧道类型的多个虚拟边缘设备(Network Virtualization Edge,NVE)。5 is a flow diagram of a control protocol for multiple types of cascading virtual network interconnections in accordance with an embodiment of the disclosure. According to an embodiment of the present disclosure, a cascading virtual network includes a translation gateway for message forwarding and a plurality of virtual edge devices (NVEs) supporting different tunnel types.

如图5所示,该控制协议流程可以包括步骤S201至S203。As shown in FIG. 5, the control protocol flow may include steps S201 to S203.

在步骤S201,将用来到达每个NVE连接的主机的主机可达信息发送至所述层叠虚拟网络。In step S201, host reachability information for the host that arrives at each NVE connection is sent to the cascading virtual network.

对于集中式控制方式,在执行步骤S201时,每个NVE将用来到达其连接的主机的所述主机可达信息发送至所述层叠虚拟网络中的集中控制器。For the centralized control mode, when performing step S201, each NVE sends the host reachability information for reaching the host to which it is connected to the centralized controller in the cascaded virtual network.

对于分布式控制方式,在执行步骤S201时,每个NVE将用来到达其连接的主机的所述主机可达信息发送至所述层叠虚拟网络中的其他NVE。For the distributed control mode, when performing step S201, each NVE sends the host reachability information used to reach its connected host to other NVEs in the cascading virtual network.

主机可达信息可以包括NVE连接的主机的地址、NVE的地址、NVE所在的虚拟网络的标识、NVE支持的隧道类型、以及元数据类型中的至少一个。The host reachability information may include at least one of an address of the host to which the NVE is connected, an address of the NVE, an identifier of the virtual network where the NVE is located, a tunnel type supported by the NVE, and a metadata type.

在步骤S202,将用来到达转换网关的网关可达信息发送至所述层叠虚拟网络。At step S202, gateway reachability information for reaching the translation gateway is sent to the cascading virtual network.

对于集中式控制方式,在执行步骤S202时,转换网关将用来到达自身的网关可达信息发送至所述层叠虚拟网络中的集中控制器。For the centralized control mode, when performing step S202, the conversion gateway sends the gateway reachability information used to reach itself to the centralized controller in the cascading virtual network.

对于分布式控制方式,在执行步骤S202时,转换网关将用来到达自身的网关可达信息发送至所述层叠虚拟网络中的每个NVE。For the distributed control mode, when performing step S202, the switching gateway sends the gateway reachability information used to reach itself to each NVE in the cascading virtual network.

网关可达信息可以包括转换网关的地址、转换网关所在的虚拟网络的标识、以及转换网关支持的隧道类型中的至少一个。The gateway reachability information may include at least one of an address of the conversion gateway, an identifier of the virtual network in which the conversion gateway is located, and a tunnel type supported by the conversion gateway.

在步骤S203,利用用来到达每个NVE连接的主机的主机可达信息和用来到达转换网关的网关可达信息,对在各个主机间需要交互的数据报文进行封装和发送。In step S203, the data reachable information between the hosts is encapsulated and transmitted by using the host reachability information of the host used to reach each NVE connection and the gateway reachability information used to reach the conversion gateway.

对于集中式控制方式,在执行步骤S203时:集中控制器根据收 到的用来达到每个NVE连接的主机的主机可达信息和用来到达转换网关的网关可达信息,为每个NVE连接的主机确定用来经由转换网关到达其它NVE连接的主机的主机可达信息,并发送给每个NVE;每个NVE可以根据用来经由转换网关到达其它NVE连接的主机的主机可达信息,对发往所述其它虚拟边缘设备连接的主机的数据报文进行封装,并发送给转换网关;集中控制器将收到的用来到达每个NVE连接的主机的主机可达信息发送至转换网关;以及转换网关根据收到的用来到达每个所述虚拟边缘设备连接的主机的主机可达信息,生成主机可达信息表,并根据所述主机可达信息表,对每个NVE发送的封装后的数据报文解封装后重新进行封装,并转发至所述其它NVE。For the centralized control mode, when performing step S203: the centralized controller connects to each NVE according to the host reachability information of the host used to reach each NVE connection and the gateway reachability information used to reach the conversion gateway. The host determines the host reachability information of the host used to reach other NVE connections via the translation gateway and sends it to each NVE; each NVE can be based on the host reachability information of the host used to reach other NVE connections via the translation gateway, The data packet sent to the host connected to the other virtual edge device is encapsulated and sent to the translation gateway; the centralized controller sends the received host reachability information of the host used to reach each NVE connection to the translation gateway; And the conversion gateway generates a host reachability information table according to the received host reachability information of the host connected to each of the virtual edge devices, and sends the package to each NVE according to the host reachability information table. After the data packet is decapsulated, it is re-encapsulated and forwarded to the other NVE.

用来经由转换网关到达其它NVE连接的主机的主机可达信息可以包括第一隧道类型和转换网关的地址。The host reachability information used to reach the hosts of other NVE connections via the translation gateway may include the first tunnel type and the address of the translation gateway.

对于分布式控制方式,在执行步骤S203时:每个NVE根据收到的用来到达其它NVE连接的主机的主机可达信息,生成其它主机可达信息表,并根据所述其它主机可达信息表,对发往其它NVE连接的主机的数据报文进行封装,并发送给转换网关;以及转换网关根据收到的用来到达每个NVE连接的主机的主机可达信息,生成主机可达信息表,并根据所述主机可达信息表,对每个NVE发送的封装后的数据报文解封装后重新进行封装,并转发至所述其它NVE。For the distributed control mode, when performing step S203: each NVE generates another host reachability information table according to the host reachability information of the host used to reach the other NVE connection, and according to the other host reachability information The data packet of the host sent to the other NVE connection is encapsulated and sent to the conversion gateway; and the conversion gateway generates the host reachability information according to the host reachability information of the host used to reach each NVE connection. The encapsulated data packet sent by each NVE is decapsulated and then re-encapsulated and forwarded to the other NVEs according to the host reachability information table.

本公开实施例还提供一种多类型的层叠虚拟网络互连的系统,包括转换网关、支持第一隧道类型的NVE1和支持第二隧道类型的NVE2,其中,当NVE1连接的第一主机需要向NVE2连接的第二主机发送数据报文时,NVE1根据用来经由所述转换网关到达NVE2的主机可达信息,对所述数据报文进行封装,得到第一封装报文,并发送至转换网关,转换网关对所述第一封装报文进行解封装,并确定用来到达所述第二主机的主机可达信息,并且根据用来到达所述第二主机的主机可达信息,对解封装后得到的所述数据报文进行再次封装,得到第二封装报文,并发送至NVE2,并且NVE2在对所述第二封装报文进行解封装后发送至所述第二主机。The embodiment of the present disclosure further provides a system for interconnecting multiple types of cascading virtual networks, including a conversion gateway, an NVE1 supporting a first tunnel type, and an NVE2 supporting a second tunnel type, wherein when the first host connected by the NVE1 needs to When the second host connected to the NVE2 sends a data packet, the NVE1 encapsulates the data packet according to the reachability information of the host that is used to reach the NVE2 through the translation gateway, and obtains the first encapsulated packet and sends the packet to the translation gateway. The switching gateway decapsulates the first encapsulated packet, and determines host reachability information used to reach the second host, and decapsulates according to the reachability information of the host used to reach the second host. The obtained data packet is re-encapsulated to obtain a second encapsulated packet, and is sent to the NVE2, and the NVE2 sends the second encapsulated packet to the second host after decapsulating the second encapsulated packet.

根据本公开实施例的系统利用本公开实施例提供的控制协议和 转发流程,可以连通支持不同隧道类型的NVE,从而实现两个NVE连接的主机之间的报文交互。The system according to the embodiment of the present disclosure can communicate with the NVEs supporting different tunnel types by using the control protocol and the forwarding process provided by the embodiments of the present disclosure, so as to implement packet exchange between the two NVE-connected hosts.

图6是根据本公开实施例的主机接入层叠虚拟网络的示意图。6 is a schematic diagram of a host accessing a cascading virtual network in accordance with an embodiment of the present disclosure.

如图6所示,为了提供多种层叠虚拟网络技术之间的互连互通能力,本公开实施例提供一种实现多种层叠技术互连的具体方案,并给出了数据面和控制面的完整方案。As shown in FIG. 6 , in order to provide interconnection interoperability between multiple cascading virtual network technologies, embodiments of the present disclosure provide a specific scheme for implementing interconnection of multiple cascading technologies, and provide data planes and control planes. Complete program.

对于控制面,层叠虚拟网络的NVE通过控制协议发送各个站点TS的可达信息,以及NVE所具备的隧道能力以及携带元数据的能力。For the control plane, the NVE of the cascading virtual network sends the reachability information of each station TS through the control protocol, and the tunnel capability of the NVE and the ability to carry metadata.

隧道能力是指本网络边缘设备接口所采用的数据报文的封装形式,如VXLAN,GPE、GENEVE等。The tunnel capability refers to the encapsulation format of data packets used by the interface of the edge device of the network, such as VXLAN, GPE, and GENEVE.

携带元数据的能力是指隧道的报文头携带的一些信息,可以是其支持的元数据类型、数量等。对于不能携带元数据的封装,如VXLAN,则控制协议中需指示不支持任何元数据类型。The capability of carrying the metadata refers to some information carried in the packet header of the tunnel, which may be the type and quantity of metadata supported by the tunnel. For packages that cannot carry metadata, such as VXLAN, the control protocol indicates that no metadata type is supported.

控制协议是可以分布式的,也可以使集中式的。Control protocols can be distributed or centralized.

为了实现多种隧道技术的互连互通,在层叠虚拟网络中设置一种转换网关(Transformer NVE,tNVE),可以是专用网关,也可以是特定的层叠虚拟网络边缘设备。当两端需要进行数据通信时,如果两端支持的隧道类型不同,则可以通过这样的转换网关来实现。转换网关tNVE也会作为NVE发送其隧道类型通告和元数据的能力通告可达信息,必要时也可以转发其所连接的其他站点的可达信息。最终由各个NVE根据收到的可达信息、隧道能力以及元数据能力,综合判断目的节点是否可以通过层叠虚拟网络传输。In order to realize interconnection and intercommunication of multiple tunnel technologies, a transformation gateway (Transformer NVE, tNVE) may be set in the cascading virtual network, which may be a dedicated gateway or a specific cascading virtual network edge device. When data communication is required at both ends, if the types of tunnels supported by the two ends are different, it can be implemented by such a conversion gateway. The conversion gateway tNVE also serves as the NVE to send its tunnel type advertisement and metadata capability notification reachability information, and if necessary, can also forward the reachability information of other sites to which it is connected. Finally, each NVE comprehensively determines whether the destination node can be transmitted through the cascading virtual network according to the received reachability information, tunnel capability, and metadata capabilities.

此外,转换网关可以与各个边缘设备分别构成不同的子网,当分属于不同子网的两端需要进行数据通信时,也可以通过这样的转换网关来实现。In addition, the conversion gateway can form different subnets with each edge device. When data communication needs to be performed at two ends of different subnets, it can also be implemented by such a conversion gateway.

转换网关tNVE可以是通过配置指定的,也可以是控制协议在收集所有NVE能力后指定的。转换网关可以是集中式的,也可以使分布地由多个NVE来承担。转换网关tNVE和层叠网关(图中未示出)不同,层叠网关用于不同虚拟网络之间的连通,转换网关用于连通不同隧道。当一站点向另一站点发送报文时,如果两个站点之间不具备相 同的隧道技术,即使在同一个虚拟网络中也无法通信,此时需要通过转换网关tNVE进行交互。转换网关tNVE和层叠网关可以实现在同一设备上。The conversion gateway tNVE can be specified by configuration or by the control protocol after collecting all NVE capabilities. The conversion gateway can be centralized or distributed by multiple NVEs. The conversion gateway tNVE is different from the cascade gateway (not shown), which is used for communication between different virtual networks, and the conversion gateway is used to connect different tunnels. When a site sends a packet to another site, if the two tunnels do not have the same tunneling technology, even if they are in the same virtual network, they cannot communicate. In this case, you need to exchange the gateway tNVE. The conversion gateway tNVE and the cascade gateway can be implemented on the same device.

转换网关tNVE的具体操作包括:转换网关tNVE接收到隧道数据流量后;解隧道封装;对转换网关tNVE内的主机可达信息表进行查表;并根据主机数据流量中的目的地址和虚拟网络ID(VNID)查询可达信息。如果查到了可达信息,则表示目的是可达的,可以根据可达信息表中的隧道信息将报文转到本设备的相应支持该隧道封装的板卡或端口上,并且对数据报文重新封装,重新选择新的可达隧道进行转发,从而保证数据流量能够按照隧道封装进行转发。The specific operation of the conversion gateway tNVE includes: after the conversion gateway tNVE receives the tunnel data traffic; de-tunes the encapsulation; performs a table lookup on the host reachability information table in the conversion gateway tNVE; and according to the destination address and the virtual network ID in the host data traffic (VNID) Query reachable information. If the reachable information is found, the destination is reachable. The packet can be forwarded to the corresponding card or port of the device that supports the tunnel according to the tunnel information in the reachable information table, and the data packet is received. Re-encapsulation, re-select the new reachable tunnel for forwarding, so that data traffic can be forwarded according to the tunnel encapsulation.

集中控制方式的解决方案Centralized control solution

图7是根据本公开实施例的主机接入层叠虚拟网络控制面第一连接示意图。7 is a first connection diagram of a host access cascading virtual network control plane according to an embodiment of the present disclosure.

层叠虚拟网络的各个边缘设备(NVE1至NVE6)通过该网络的控制协议发送其连接的主机的可达信息,其包括主机和网络的地址映射、隧道类型、元数据信息。Each edge device (NVE1 to NVE6) of the cascading virtual network transmits reachability information of the host to which it is connected through the control protocol of the network, including address mapping, tunnel type, and metadata information of the host and the network.

本实施例中,边缘设备NVE1的控制协议中携带的信息如表1所示。In this embodiment, the information carried in the control protocol of the edge device NVE1 is as shown in Table 1.

表1.NVE1的控制协议中携带的信息Table 1. Information carried in the control protocol of NVE1

主机TS地址Host TS address MAC1MAC1 NVE地址NVE address IP1IP1 虚拟网络标识Virtual network identification VNIDxVNIDx 隧道类型Tunnel type VXLAN-GPEVXLAN-GPE 元数据类型Metadata type NULLNULL

由于VXLAN-GPE不支持元数据,因此这里的元数据封装填NULL。Since VXLAN-GPE does not support metadata, the metadata package here is filled with NULL.

边缘设备NVE2发出的控制协议中携带的信息如表2所示。The information carried in the control protocol sent by the edge device NVE2 is shown in Table 2.

表2.NVE2的控制协议中携带的信息Table 2. Information carried in the control protocol of NVE2

主机TS地址Host TS address MAC2MAC2 NVE地址NVE address IP2IP2

虚拟网络标识Virtual network identification VNIDxVNIDx 隧道类型Tunnel type GENEVEGENEVE 元数据类型Metadata type NULLNULL

这里携带的元数据类型是当主机TS作为目的主机时所需要的元数据信息,有些元数据信息是可选的,有些是必选的,这里通过控制协议携带的是和主机TS2通信必须要有的元数据信息,本实施例中没有必须的选项,所以这里也填NULL。The metadata type carried here is the metadata information required when the host TS is the destination host. Some metadata information is optional, and some are mandatory. Here, the control protocol carries the communication with the host TS2. The metadata information, there is no necessary option in this embodiment, so NULL is also filled here.

边缘设备NVE3发出的控制协议中携带的信息如表3所示。The information carried in the control protocol sent by the edge device NVE3 is shown in Table 3.

表3.NVE3的控制协议中携带的信息Table 3. Information carried in the control protocol of NVE3

主机TS地址Host TS address MAC3MAC3 NVE地址NVE address IP3IP3 虚拟网络标识Virtual network identification VNIDxVNIDx 隧道类型Tunnel type GUEGUE 元数据类型Metadata type 安全密钥Security key

同样的道理,转换网关tNVE也会通过控制协议发布自己的隧道封装信息等可达信息,如表4所示。By the same token, the conversion gateway tNVE also publishes its own tunnel encapsulation information and other reachable information through the control protocol, as shown in Table 4.

表4.tNVE的控制协议中携带的信息Table 4. Information carried in the control protocol of tNVE

NVE地址NVE address IPtIPt 虚拟网络标识Virtual network identification VNIDa-VNIDbVNIDa-VNIDb 隧道类型Tunnel type GUE、GENEVE、VXLAN-GPEGUE, GENEVE, VXLAN-GPE

这里的虚拟网络标识是一个VNID的范围。一般来说,转换网关tNVE为了能尽可能多的连通不同的主机,可以属于全部VNID,这里是属于一个VNID范围,即VNIDa-VNIDb。The virtual network identifier here is a range of VNIDs. In general, the conversion gateway tNVE can belong to all VNIDs in order to connect as many different hosts as possible. Here, it belongs to a VNID range, that is, VNIDa-VNIDb.

需要说明的是,转换网关tNVE可以是专用设备,也可以是某个NVE设备担当,可以是该NVE设备将自己配置为转换网关tNVE的角色,也可以是虚拟网络控制实体(Network Virtualization Authority,NVA)将该NVE设备指定为转换网关tNVE的角色。It should be noted that the conversion gateway tNVE may be a dedicated device or an NVE device, and the NVE device may configure itself as a function of converting the gateway tNVE, or may be a virtual network control entity (NVA). The NVE device is designated as the role of the translation gateway tNVE.

在集中控制方案中,各个边缘设备NVE将其连接的主机的可达信息发送给集中控制器(即,NVA),从而集中控制器NVA获得了全 网主机的可达信息。In the centralized control scheme, each edge device NVE sends the reachability information of the connected host to the centralized controller (ie, NVA), so that the centralized controller NVA obtains the reachability information of the entire network host.

当集中控制器NVA收集到这些可达信息之后,根据策略,可以将这些可达信息主动发送给其他的边缘设备NVE(如NVE1,NVE2,NVE3…),也可以根据需要通过层叠虚拟网络发送数据的边缘设备NVE的获得某个主机的可达信息的请求到达后,再将可达信息发送给请求的边缘设备NVE。After the centralized controller NVA collects the reachable information, according to the policy, the reachable information can be actively sent to other edge devices (such as NVE1, NVE2, NVE3, ...), or can be sent through the cascading virtual network as needed. After the edge device NVE obtains the request for the reachability information of a certain host, the reachable information is sent to the requested edge device NVE.

本实施例中,在集中控制器NVA收集了所有主机可达信息后,主动告知各个边缘设备NVE不同主机的可达信息,并且通告的是同一个虚拟网络的主机可达性。In this embodiment, after the centralized controller NVA collects all the host reachability information, it actively informs the reachable information of different hosts of the NVEs of the edge devices, and notifies the host reachability of the same virtual network.

这里以主机TS1发送报文给主机TS2为例详细介绍控制面协议,以及转换网关tNVE是如何实现不同封装技术之间的互通。主机TS1和TS2属于同一个虚拟网络VNIDx,原理上应该能够互通,但是主机TS1由边缘设备NVE1转发只能实现VXLAN-GPE,而主机TS2由边缘设备NVE2转发只能实现GENEVE,所以需要通过转换网关tNVE来实现两者之间的互通。集中控制器NVA能感知到边缘设备NVE1和NVE2之间是无法互通的,因此集中控制器NVA给边缘设备NVE1发送了边缘设备NVE2连接的主机TS2的可达性信息。Here, the host TS1 sends a message to the host TS2 as an example to describe the control plane protocol in detail, and how the conversion gateway tNVE implements interworking between different packaging technologies. Hosts TS1 and TS2 belong to the same virtual network VNIDx. In principle, they should be able to communicate with each other. However, host TS1 can only be forwarded by edge device NVE1 to implement VXLAN-GPE, while host TS2 can only be forwarded by edge device NVE2 to implement GENEVE. tNVE to achieve interoperability between the two. The centralized controller NVA can detect that the edge devices NVE1 and NVE2 cannot communicate with each other. Therefore, the centralized controller NVA sends the reachability information of the host TS2 connected to the edge device NVE2 to the edge device NVE1.

这里集中控制器NVA发给边缘设备NVE1的主机TS2的可达信息如表5所示。The reachability information of the host TS2 sent by the centralized controller NVA to the edge device NVE1 is shown in Table 5.

表5.NVA发给NVE1的TS2的可达信息Table 5. Reachability information of TS2 sent by NVA to NVE1

主机地址Host address MAC2MAC2 NVE地址NVE address IPtIPt 虚拟网络标识Virtual network identification VNIDxVNIDx 隧道类型Tunnel type VXLAN-GPEVXLAN-GPE 元数据类型Metadata type NULLNULL

这里的主机TS2的可达信息和边缘设备NVE2发给集中控制器NVA的基本相同,只是将NVE地址改为了转换网关tNVE的地址,即IPt,并且告诉主机TS1,可以将通过VXLAN-GPE封装的数据报文转发给主机TS2。Here, the reachability information of the host TS2 is basically the same as that of the edge device NVE2 sent to the centralized controller NVA, except that the NVE address is changed to the address of the conversion gateway tNVE, that is, IPt, and the host TS1 is notified to be encapsulated by the VXLAN-GPE. The data message is forwarded to the host TS2.

此外,集中控制器NVA发给转换网关tNVE的主机TS2的可达信 息如表6所示。In addition, the reachable information of the host TS2 sent by the centralized controller NVA to the conversion gateway tNVE is as shown in Table 6.

表6.NVA发给tNVE的TS2的可达信息Table 6. Reachability information of TS2 sent by NVA to tNVE

主机地址Host address MAC2MAC2 NVE地址NVE address IP2IP2 虚拟网络标识Virtual network identification VNIDxVNIDx 隧道类型Tunnel type GENEVEGENEVE 元数据类型Metadata type NULLNULL

可以看到,这里的主机TS2的可达信息和边缘设备NVE2发给集中控制器NVA的相同。转换网关tNVE通过该可达信息知道了,需要通过GENEVE对要发送给主机TS2的数据报文进行封装后再发送到边缘设备NVE2。It can be seen that the reachability information of the host TS2 here is the same as that of the edge device NVE2 sent to the centralized controller NVA. The conversion gateway tNVE is known by the reachability information, and needs to encapsulate the data packet to be sent to the host TS2 through GENEVE and then send it to the edge device NVE2.

至此,转换网关tNVE中存有各个主机可达信息表,如表7所示,通过该主机可达信息表进行相应的报文转发。At this point, the switch gateway tNVE stores each host reachability information table. As shown in Table 7, the host reachable information table is used to forward the corresponding message.

表7.tNVE保存的各个主机的可达信息表Table 7. Reachable information table for each host saved by tNVE

主机地址Host address NVE地址NVE address 虚拟网络标识Virtual network identification 隧道类型Tunnel type 元数据类型Metadata type MAC1MAC1 IP1IP1 VNIDxVNIDx VXLAN-GPEVXLAN-GPE NULLNULL MAC2MAC2 IP2IP2 VNIDxVNIDx GENEVEGENEVE NULLNULL MACxMACx IPxIPx VNIDyVNIDy ……...... ……......

这样,主机TS1发给主机TS2的数据报文按照VXLAN-GPE的封装在层叠虚拟网络中进行转发,随后通过转换网关tNVE查表进行隧道转换后传送到了主机TS2。同理,主机TS2发给主机TS1的数据报文按照GENEVE的封装在层叠虚拟网络中进行转发,随后通过转换网关tNVE查表进行隧道转换后发送到主机TS1,从而通过转换网关tNVE实现了在同一个虚拟网络两者之间的互通。In this way, the data packet sent by the host TS1 to the host TS2 is forwarded in the cascading virtual network according to the encapsulation of the VXLAN-GPE, and then tunneled by the conversion gateway tNVE lookup table and transmitted to the host TS2. Similarly, the data packet sent by the host TS2 to the host TS1 is forwarded in the cascading virtual network according to the encapsulation of the GENEVE, and then tunneled by the conversion gateway tNVE lookup table and then sent to the host TS1, thereby realizing the same through the conversion gateway tNVE. Interworking between two virtual networks.

下面以主机TS1给主机TS3发送数据报文为例进行说明。在此之前,集中控制器NVA同样也需要给边缘设备NVE1发送相关的可达信息,在发送可达信息之前,集中控制器NVA首先要判断一下主机TS1与TS3两者之间是否具有可互通性。在本实施例中,主机TS1和TS3虽然属于同一个虚拟网络,但由于其对元数据的需求不一致,即, 主机TS3是需要有安全密钥的,而主机TS1无法提供这部分元数据,因此判定主机TS1和TS3两者无法直接通信,因此集中控制器NVA不会给边缘设备NVE1和NVE3下发主机TS3和TS1的可达信息。The following takes the host TS1 to send a data packet to the host TS3 as an example for description. Prior to this, the centralized controller NVA also needs to send relevant reachability information to the edge device NVE1. Before sending the reachable information, the centralized controller NVA first needs to judge whether the hosts TS1 and TS3 have interoperability. . In this embodiment, the hosts TS1 and TS3 belong to the same virtual network, but because the requirements for metadata are inconsistent, that is, the host TS3 needs to have a security key, and the host TS1 cannot provide the metadata. It is determined that the hosts TS1 and TS3 cannot communicate directly. Therefore, the centralized controller NVA does not deliver the reachability information of the hosts TS3 and TS1 to the edge devices NVE1 and NVE3.

分布式控制方式的解决方案Distributed control solution

图8是根据本公开实施例的主机接入层叠虚拟网络控制面第二连接示意图。FIG. 8 is a second connection diagram of a host access cascading virtual network control plane according to an embodiment of the present disclosure.

层叠虚拟网络的各个边缘设备(NVE1至NVE6)通过该网络的分布式控制协议向其他边缘设备发送其连接的主机的可达信息,包括了主机和网络的地址映射、隧道类型、元数据信息。Each edge device (NVE1 to NVE6) of the cascading virtual network sends the reachability information of the connected host to other edge devices through the distributed control protocol of the network, including address mapping, tunnel type, and metadata information of the host and the network.

本实施例中,边缘设备NVE1至NVE3的控制协议中携带的信息以及转换网关tNVE的控制协议中携带的信息与参考图7所描述的实施例相同,分别如表8至表11所示。In this embodiment, the information carried in the control protocols of the edge devices NVE1 to NVE3 and the information carried in the control protocol of the switching gateway tNVE are the same as those described with reference to FIG. 7, as shown in Tables 8 to 11, respectively.

表8.NVE1的控制协议中携带的信息Table 8. Information carried in the control protocol of NVE1

主机TS地址Host TS address MAC1MAC1 NVE地址NVE address IP1IP1 虚拟网络标识Virtual network identification VNIDxVNIDx 隧道类型Tunnel type VXLAN-GPEVXLAN-GPE 元数据类型Metadata type NULLNULL

表9.NVE2的控制协议中携带的信息Table 9. Information carried in the control protocol of NVE2

主机TS地址Host TS address MAC2MAC2 NVE地址NVE address IP2IP2 虚拟网络标识Virtual network identification VNIDxVNIDx 隧道类型Tunnel type GENEVEGENEVE 元数据类型Metadata type NULLNULL

表10.NVE3的控制协议中携带的信息Table 10. Information carried in the control protocol of NVE3

主机TS地址Host TS address MAC3MAC3 NVE地址NVE address IP3IP3 虚拟网络标识Virtual network identification VNIDxVNIDx 隧道类型Tunnel type GUEGUE

元数据类型Metadata type 安全密钥Security key

表11.tNVE的控制协议中携带的信息Table 11. Information carried in the control protocol of tNVE

NVE地址NVE address IPtIPt 虚拟网络标识Virtual network identification VNIDa-VNIDbVNIDa-VNIDb 隧道类型Tunnel type GUE、GENEVE、VXLAN-GPEGUE, GENEVE, VXLAN-GPE

在分布式控制方案中,各个边缘设备NVE将其连接的主机的可达信息发送给网络中的其他边缘设备NVE,并且每个边缘设备NVE都会保持其他边缘设备NVE发来的可达信息。从而每个边缘设备NVE都获得了网络中其他主机的可达信息。In the distributed control scheme, each edge device NVE sends the reachability information of the connected host to the other edge devices NVE in the network, and each edge device NVE maintains the reachability information sent by other edge devices NVE. Thus, each edge device NVE obtains reachability information of other hosts in the network.

在本实施例中,边缘设备NVE1获得了其他主机的可达信息,如表12所示。In this embodiment, the edge device NVE1 obtains the reachability information of other hosts, as shown in Table 12.

表12.NVE1获得的其他主机的可达信息Table 12. Reachability information of other hosts obtained by NVE1

Figure PCTCN2019070052-appb-000001
Figure PCTCN2019070052-appb-000001

表12中的“ALL”表示针对所有主机地址或元数据类型。"ALL" in Table 12 indicates for all host addresses or metadata types.

对于主机TS1要发给主机TS2的数据报文,边缘设备NVE1会根据上表的可达信息查找到主机TS2,但由于主机TS2的封装是GENEVE方式,而边缘设备NVE1只支持VXLAN-GPE方式,因此边缘设备NVE1首先会根据这个可达信息表将报文以VXLAN-GPE的方式进行封装,并将外层隧道目的地址设置为IPt(即,转换网关tNVE的地址),随后通过隧道转发给支持VXLAN-GPE的转换网关tNVE。The edge device NVE1 finds the host TS2 according to the reachability information of the above table, but the edge device NVE1 only supports the VXLAN-GPE mode. Therefore, the edge device NVE1 first encapsulates the packet in the VXLAN-GPE manner according to the reachability information table, and sets the destination address of the outer tunnel to IPt (that is, the address of the translation gateway tNVE), and then forwards the support through the tunnel. VXLAN-GPE conversion gateway tNVE.

对于转换网关tNVE来说,也会获取网络中其他主机设备的主机可达信息表,如表13所示。For the conversion gateway tNVE, the host reachability information table of other host devices in the network is also obtained, as shown in Table 13.

表13.tNVE获得的主机的可达信息Table 13. Reachability information for hosts obtained by tNVE

主机地址Host address NVE地址NVE address 虚拟网络标识Virtual network identification 隧道类型Tunnel type 元数据类型Metadata type

MAC1MAC1 IP1IP1 VNIDxVNIDx VXLAN-GPEVXLAN-GPE NULLNULL MAC2MAC2 IP2IP2 VNIDxVNIDx GENEVEGENEVE NULLNULL MAC3MAC3 IP3IP3 VNIDxVNIDx GUEGUE 安全秘钥Security key ……...... ……...... ……...... ……...... ……......

转换网关tNVE通过VXLAN-GPE隧道收到了来自主机TS1要发送到主机TS2的数据报文后,对数据报文解封装,查找上面的可达信息表,找到主机TS2的主机地址MAC2后,将报文转发到支持GENEVE的板卡或端口上,重新对该报文进行GENEVE的封装,并通过GENEVE的隧道转发给主机TS2。The conversion gateway tNVE receives the data packet from the host TS1 to be sent to the host TS2 through the VXLAN-GPE tunnel, decapsulates the data packet, finds the above reachable information table, and finds the host address MAC2 of the host TS2. The packet is forwarded to the GENEVE-enabled board or port, and the packet is encapsulated by GENEVE and forwarded to the host TS2 through the GENEVE tunnel.

同理,主机TS2发给主机TS1的数据报文也可以通过转换网关tNVE发送到主机TS1,从而通过转换网关tNVE实现了在同一个虚拟网络两者之间的互通。Similarly, the data packet sent by the host TS2 to the host TS1 can also be sent to the host TS1 through the conversion gateway tNVE, thereby implementing interworking between the same virtual network through the conversion gateway tNVE.

综上所述,本公开的实施例具有以下技术效果:In summary, the embodiments of the present disclosure have the following technical effects:

本公开实施例能够将不同的隧道技术接入层叠虚拟网络中,实现了多种隧道之间的互联互通,可以提高网络的可用性和可扩展性。The embodiments of the present disclosure can access different tunnel technologies into the cascading virtual network, implement interconnection and intercommunication between multiple tunnels, and improve network availability and scalability.

尽管上文对本公开进行了详细说明,但是本公开不限于此,本技术领域技术人员可以根据本公开的原理进行各种修改。因此,凡按照本公开原理所作的修改,都应当理解为落入本公开的保护范围。Although the present disclosure has been described in detail above, the present disclosure is not limited thereto, and various modifications may be made by those skilled in the art in accordance with the principles of the present disclosure. Therefore, modifications made in accordance with the principles of the present disclosure are to be understood as falling within the scope of the present disclosure.

Claims (20)

一种多类型的层叠虚拟网络互连的方法,所述层叠虚拟网络包括转换网关、支持第一隧道类型的第一虚拟边缘设备和支持第二隧道类型的第二虚拟边缘设备,所述方法包括:A method of multi-layered cascading virtual network interconnection, the cascading virtual network comprising a switching gateway, a first virtual edge device supporting a first tunnel type, and a second virtual edge device supporting a second tunnel type, the method comprising : 当所述第一虚拟边缘设备连接的第一主机需要向所述第二虚拟边缘设备连接的第二主机发送数据报文时,所述第一虚拟边缘设备对所述数据报文进行封装,得到第一封装报文,并发送至所述转换网关;When the first host connected to the first virtual edge device needs to send a data packet to the second host connected to the second virtual edge device, the first virtual edge device encapsulates the data packet to obtain Transmitting the packet to the first gateway and sending the packet to the conversion gateway; 所述转换网关在对所述第一封装报文进行解封装后,确定用来到达所述第二主机的主机可达信息;After the decapsulation of the first encapsulated packet, the conversion gateway determines the reachability information of the host used to reach the second host. 所述转换网关根据用来到达所述第二主机的主机可达信息,对解封装后得到的所述数据报文进行再次封装,得到第二封装报文,并发送至所述第二虚拟边缘设备;以及The switching gateway re-encapsulates the data packet obtained after decapsulation according to the reachability information of the host that is used to reach the second host, and obtains a second encapsulated packet, and sends the packet to the second virtual edge. Equipment; 所述第二虚拟边缘设备在对所述第二封装报文进行解封装后发送至所述第二主机。The second virtual edge device sends the second encapsulated packet to the second host after decapsulating the second encapsulated packet. 根据权利要求1所述的方法,其中,所述层叠虚拟网络还包括集中控制器,并且在所述第一虚拟边缘设备对所述数据报文进行封装,得到第一封装报文,并发送至所述转换网关的步骤之前,所述方法还包括:The method of claim 1, wherein the cascading virtual network further comprises a centralized controller, and the data packet is encapsulated by the first virtual edge device to obtain a first encapsulated message and sent to the Before the step of converting the gateway, the method further includes: 所述集中控制器接收所述第一虚拟边缘设备发送的用来到达所述第一主机的主机可达信息、所述第二虚拟边缘设备发送的用来到达所述第二主机的主机可达信息和所述转换网关发送的用来到达所述转换网关的网关可达信息;The centralized controller receives the host reachability information sent by the first virtual edge device to reach the first host, and the host sent by the second virtual edge device to reach the second host is reachable. Information and gateway reachability information sent by the conversion gateway to reach the conversion gateway; 所述集中控制器将收到的用来到达所述第二主机的主机可达信息发送至所述转换网关;以及The centralized controller sends the received host reachability information for reaching the second host to the translation gateway; 所述集中控制器根据用来到达所述第二主机的主机可达信息和用来到达所述转换网关的网关可达信息,生成用来经由所述转换网关到达所述第二主机的主机可达信息,并发送至所述第一虚拟边缘设备。The centralized controller generates a host for reaching the second host via the conversion gateway according to host reachability information used to reach the second host and gateway reachability information used to reach the conversion gateway. The information is reached and sent to the first virtual edge device. 根据权利要求1所述的方法,其中,在所述第一虚拟边缘设备对所述数据报文进行封装,得到第一封装报文,并发送至所述转换网关的步骤之前,所述方法还包括:The method according to claim 1, wherein before the step of encapsulating the data packet by the first virtual edge device to obtain a first encapsulated message and transmitting the packet to the conversion gateway, the method further include: 所述转换网关将网关可达信息发送至所述第一虚拟边缘设备,并接收所述第一虚拟边缘设备发送的用来到达所述第一主机的主机可达信息;以及/或者The switching gateway sends the gateway reachability information to the first virtual edge device, and receives host reachability information sent by the first virtual edge device to reach the first host; and/or 所述转换网关将网关可达信息发送至所述第二虚拟边缘设备,并接收所述第二虚拟边缘设备发送的用来到达所述第二主机的主机可达信息;以及/或者The switching gateway sends the gateway reachability information to the second virtual edge device, and receives host reachability information sent by the second virtual edge device to reach the second host; and/or 所述第二虚拟边缘设备将用来到达所述第二主机的主机可达信息发送至所述第一虚拟边缘设备,并接收所述第一虚拟边缘设备发送的用来到达所述第一主机的主机可达信息。The second virtual edge device sends the host reachability information used to reach the second host to the first virtual edge device, and receives the sent by the first virtual edge device to reach the first host Host reachable information. 根据权利要求3所述的方法,其中,在所述第一虚拟边缘设备对所述数据报文进行封装,得到第一封装报文,并发送至所述转换网关的步骤之前,所述方法还包括:The method according to claim 3, wherein before the step of encapsulating the data packet by the first virtual edge device to obtain a first encapsulated message and transmitting the packet to the translation gateway, the method further include: 所述第一虚拟边缘设备根据接收的所述网关可达信息和用来到达所述第二主机的主机可达信息,确定用来经由所述转换网关到达所述第二主机的主机可达信息。The first virtual edge device determines, according to the received gateway reachability information and host reachability information used to reach the second host, host reachability information used to reach the second host via the translation gateway. . 根据权利要求2至4中任一项所述的方法,其中,The method according to any one of claims 2 to 4, wherein 用来到达所述第一主机的主机可达信息包括下列中的至少之一:所述第一主机的地址、所述第一虚拟边缘设备的地址、所述第一虚拟边缘设备所在的虚拟网络的标识、所述第一隧道类型、以及所述第一主机携带元数据的信息;The host reachability information used to reach the first host includes at least one of the following: an address of the first host, an address of the first virtual edge device, and a virtual network where the first virtual edge device is located The identifier, the first tunnel type, and information about the first host carrying metadata; 用来到达所述第二主机的主机可达信息包括下列中的至少之一:所述第二主机的地址、所述第二虚拟边缘设备的地址、所述第二虚拟边缘设备所在的虚拟网络的标识、所述第二隧道类型、以及所述第二主机携带元数据的信息;并且The host reachability information used to reach the second host includes at least one of the following: an address of the second host, an address of the second virtual edge device, and a virtual network where the second virtual edge device is located Identification, the second tunnel type, and information about the second host carrying metadata; 用来到达所述转换网关的网关可达信息包括下列中的至少之一: 所述转换网关的地址、所述转换网关所在的虚拟网络的标识、以及所述转换网关支持的隧道类型。The gateway reachability information used to reach the translation gateway includes at least one of the following: an address of the translation gateway, an identifier of a virtual network in which the translation gateway is located, and a tunnel type supported by the conversion gateway. 根据权利要求2或4所述的方法,其中,所述第一虚拟边缘设备对所述数据报文进行封装的步骤包括:The method according to claim 2 or 4, wherein the step of encapsulating the data packet by the first virtual edge device comprises: 所述第一虚拟边缘设备根据用来经由所述转换网关到达所述第二主机的主机可达信息,对所述数据报文进行封装,得到所述第一封装报文。The first virtual edge device encapsulates the data packet according to the host reachability information used to reach the second host by using the switching gateway, to obtain the first encapsulated packet. 根据权利要求1至4中任一项所述的方法,其中,所述转换网关在对所述第一封装报文进行解封装后,确定用来到达所述第二主机的主机可达信息的步骤包括:The method according to any one of claims 1 to 4, wherein after the decapsulation of the first encapsulated packet, the conversion gateway determines the reachability information of the host used to reach the second host. The steps include: 所述转换网关根据解封装得到的所述数据报文携带的目的地址和/或虚拟网络标识,查询用来到达所述第二主机的主机可达信息。The conversion gateway queries the host reachability information used to reach the second host according to the destination address and/or the virtual network identifier carried in the data packet obtained by the decapsulation. 根据权利要求5所述的方法,其中,所述转换网关根据用来到达所述第二主机的主机可达信息,对解封装后得到的所述数据报文进行再次封装,得到第二封装报文的步骤包括:The method of claim 5, wherein the conversion gateway re-encapsulates the data packet obtained after decapsulation according to the host reachability information used to reach the second host, to obtain a second encapsulation report. The steps of the text include: 所述转换网关根据用来到达所述第二主机的主机可达信息,确定用于封装所述数据报文的第二隧道类型;以及Determining, by the conversion gateway, a second tunnel type for encapsulating the data packet according to host reachability information used to reach the second host; 所述转换网关根据所述第二隧道类型,对所述数据报文进行封装,得到所述第二封装报文。The switching gateway encapsulates the data packet according to the second tunnel type to obtain the second encapsulated packet. 一种多类型的层叠虚拟网络互连的方法,所述层叠虚拟网络包括用于报文转发的转换网关和支持不同隧道类型的多个虚拟边缘设备,所述方法包括:A multi-type method for cascading virtual network interconnections, the cascading virtual network comprising a translation gateway for message forwarding and a plurality of virtual edge devices supporting different tunnel types, the method comprising: 将用来到达每个所述虚拟边缘设备连接的主机的主机可达信息发送至所述层叠虚拟网络;Sending host reachability information for the host connected to each of the virtual edge device connections to the cascading virtual network; 将用来到达所述转换网关的网关可达信息发送至所述层叠虚拟网络;以及Transmitting gateway reachability information for reaching the translation gateway to the cascading virtual network; 利用用来到达每个所述虚拟边缘设备连接的主机的主机可达信息和用来到达所述转换网关的网关可达信息,对在各个主机间需要交互的数据报文进行封装和发送。Data packets that need to be exchanged between the hosts are encapsulated and sent by the host reachability information of the host used to reach the connection of each of the virtual edge devices and the gateway reachability information used to reach the conversion gateway. 根据权利要求9所述的方法,其中,所述层叠虚拟网络还包括集中控制器,并且将用来到达每个所述虚拟边缘设备连接的主机的主机可达信息发送至所述层叠虚拟网络的步骤包括:The method of claim 9, wherein the cascading virtual network further comprises a centralized controller, and transmitting host reachability information for reaching a host of each of the virtual edge device connections to the cascading virtual network The steps include: 每个所述虚拟边缘设备将用来到达其连接的主机的所述主机可达信息发送至所述集中控制器。Each of the virtual edge devices sends the host reachability information to reach the host to which it is connected to the centralized controller. 根据权利要求9所述的方法,其中,将用来到达每个所述虚拟边缘设备连接的主机的主机可达信息发送至所述层叠虚拟网络的步骤包括:The method of claim 9, wherein the step of transmitting host reachability information for the host to each of the virtual edge device connections to the cascading virtual network comprises: 每个所述虚拟边缘设备将用来到达其连接的主机的所述主机可达信息发送至所述层叠虚拟网络中的其他虚拟边缘设备和所述转换网关。Each of the virtual edge devices sends the host reachability information used to reach its connected host to other virtual edge devices and the translation gateway in the cascading virtual network. 根据权利要求10或11所述的方法,其中,所述主机可达信息包括下列中的至少之一:所述虚拟边缘设备连接的主机的地址、所述虚拟边缘设备的地址、所述虚拟边缘设备所在的虚拟网络的标识、所述虚拟边缘设备支持的隧道类型、以及元数据类型。The method according to claim 10 or 11, wherein the host reachability information comprises at least one of: an address of a host to which the virtual edge device is connected, an address of the virtual edge device, the virtual edge The ID of the virtual network where the device resides, the tunnel type supported by the virtual edge device, and the metadata type. 根据权利要求10所述的方法,其中,将用来到达所述转换网关的网关可达信息发送至所述层叠虚拟网络的步骤包括:The method of claim 10, wherein the step of transmitting gateway reachability information for reaching the translation gateway to the cascading virtual network comprises: 所述转换网关将所述网关可达信息发送至所述集中控制器或每个所述虚拟边缘设备。The conversion gateway sends the gateway reachability information to the centralized controller or each of the virtual edge devices. 根据权利要求11所述的方法,其中,将用来到达所述转换网关的网关可达信息发送至所述层叠虚拟网络的步骤包括:The method of claim 11, wherein the step of transmitting gateway reachability information for reaching the translation gateway to the cascading virtual network comprises: 所述转换网关将所述网关可达信息发送至所述层叠虚拟网络中 的每个所述虚拟边缘设备。The conversion gateway transmits the gateway reachability information to each of the virtual edge devices in the cascading virtual network. 根据权利要求13或14所述的方法,其中,所述网关可达信息包括下列中的至少之一:所述转换网关的地址、所述转换网关所在的虚拟网络的标识、以及所述转换网关支持的隧道类型。The method according to claim 13 or 14, wherein the gateway reachability information comprises at least one of: an address of the translation gateway, an identifier of a virtual network in which the translation gateway is located, and the conversion gateway The type of tunnel supported. 根据权利要求13所述的方法,其中,利用用来到达每个所述虚拟边缘设备连接的主机的主机可达信息和用来到达所述转换网关的网关可达信息,对在各个主机间需要交互的数据报文进行封装和发送的步骤包括:The method according to claim 13, wherein the host reachability information used to reach the host connected to each of the virtual edge devices and the gateway reachability information used to reach the conversion gateway are required for each host The steps of encapsulating and sending the interactive data packet include: 所述集中控制器根据收到的用来达到每个所述虚拟边缘设备连接的主机的主机可达信息和用来到达所述转换网关的网关可达信息,为每个所述虚拟边缘设备连接的主机确定用来经由所述转换网关到达其它虚拟边缘设备连接的主机的主机可达信息,并发送给每个所述虚拟边缘设备;The centralized controller connects to each of the virtual edge devices according to the received host reachability information of the host used to reach each virtual edge device connection and the gateway reachability information used to reach the translation gateway. Hosts determine host reachability information for hosts connected to other virtual edge devices via the translation gateway, and send to each of the virtual edge devices; 每个所述虚拟边缘设备根据用来经由所述转换网关到达其它虚拟边缘设备连接的主机的主机可达信息,对发往所述其它虚拟边缘设备连接的主机的数据报文进行封装,并发送给所述转换网关;Each of the virtual edge devices encapsulates and sends a data packet to a host connected to the other virtual edge device according to host reachability information of a host that is used to connect to the other virtual edge device via the translation gateway. Giving the conversion gateway; 所述集中控制器将收到的用来到达每个所述虚拟边缘设备连接的主机的主机可达信息发送至所述转换网关。The centralized controller sends host reachability information received to the host connected to each of the virtual edge devices to the translation gateway. 根据权利要求14所述的方法,其中,所述利用用来到达每个所述虚拟边缘设备连接的主机的主机可达信息和用来到达所述转换网关的网关可达信息,对在各个主机间需要交互的数据报文进行封装和发送的步骤包括:The method of claim 14, wherein said utilizing host reachability information for reaching a host of each of said virtual edge device connections and gateway reachability information for reaching said translation gateway are for each host The steps of encapsulating and sending data packets that need to be exchanged include: 每个所述虚拟边缘设备根据收到的用来到达其它虚拟边缘设备连接的主机的主机可达信息,生成其它主机可达信息表,并根据所述其它主机可达信息表,对发往其它虚拟边缘设备连接的主机的数据报文进行封装,并发送给所述转换网关。Each of the virtual edge devices generates another host reachability information table according to the host reachability information of the host that is used to reach the connection of the other virtual edge device, and sends the other host reachability information table according to the other host reachability information table. The data packet of the host connected to the virtual edge device is encapsulated and sent to the translation gateway. 根据权利要求16或17所述的方法,其中,The method according to claim 16 or 17, wherein 所述转换网关根据收到的用来到达每个所述虚拟边缘设备连接的主机的主机可达信息,生成主机可达信息表,并根据所述主机可达信息表,对每个所述虚拟边缘设备发送的封装后的数据报文解封装后重新进行封装,并转发至所述其它虚拟边缘设备。The conversion gateway generates a host reachability information table according to the received host reachability information of the host connected to each virtual edge device, and according to the host reachability information table, each of the virtual The encapsulated data packet sent by the edge device is decapsulated and then re-encapsulated and forwarded to the other virtual edge device. 一种多类型的层叠虚拟网络互连的转换网关,所述层叠虚拟网络包括所述转换网关、支持第一隧道类型的第一虚拟边缘设备和支持第二隧道类型的第二虚拟边缘设备,所述转换网关包括报文接收模块、目的可达确定模块和封装转发模块,其中,A multi-type cascading virtual network interconnection conversion gateway, the cascading virtual network comprising the conversion gateway, a first virtual edge device supporting a first tunnel type, and a second virtual edge device supporting a second tunnel type, The conversion gateway includes a message receiving module, a destination reachability determining module, and a package forwarding module, where 当所述第一虚拟边缘设备连接的第一主机需要向所述第二虚拟边缘设备连接的第二主机发送数据报文时,所述报文接收模块接收所述第一虚拟边缘设备对所述数据报文进行封装而得到并发送的第一封装报文,When the first host connected to the first virtual edge device needs to send a data packet to the second host connected to the second virtual edge device, the packet receiving module receives the first virtual edge device to the The first encapsulated packet obtained and sent by the data packet is encapsulated, 所述目的可达确定模块对所述第一封装报文进行解封装,并确定用来到达所述第二主机的主机可达信息,并且The destination reachable determining module decapsulates the first encapsulated packet, and determines host reachability information used to reach the second host, and 所述封装转发模块根据用来到达所述第二主机的主机可达信息,对解封装后得到的所述数据报文进行再次封装,得到第二封装报文,并发送至所述第二虚拟边缘设备。The encapsulating and forwarding module re-encapsulates the data packet obtained after decapsulation according to the reachability information of the host that is used to reach the second host, and obtains a second encapsulated packet, and sends the packet to the second virtual Edge device. 一种多类型的层叠虚拟网络互连的系统,包括转换网关、支持第一隧道类型的第一虚拟边缘设备和支持第二隧道类型的第二虚拟边缘设备,其中,A system for interconnecting multiple types of cascading virtual networks, including a switching gateway, a first virtual edge device supporting a first tunnel type, and a second virtual edge device supporting a second tunnel type, wherein 当所述第一虚拟边缘设备连接的第一主机需要向所述第二虚拟边缘设备连接的第二主机发送数据报文时,所述第一虚拟边缘设备根据用来经由所述转换网关到达所述第二主机的主机可达信息,对所述数据报文进行封装,得到第一封装报文,并发送至所述转换网关,When the first host connected to the first virtual edge device needs to send a data packet to the second host connected to the second virtual edge device, the first virtual edge device is used to arrive through the conversion gateway. Decoding the host of the second host, encapsulating the data packet, and obtaining the first encapsulated packet, and sending the packet to the conversion gateway. 所述转换网关对所述第一封装报文进行解封装,并确定用来到达所述第二主机的主机可达信息,并且根据用来到达所述第二主机的主机可达信息,对解封装后得到的所述数据报文进行再次封装,得到 第二封装报文,并发送至所述第二虚拟边缘设备,并且The switching gateway decapsulates the first encapsulated packet, and determines host reachability information used to reach the second host, and according to the reachability information of the host used to reach the second host, The data packet obtained by the encapsulation is re-encapsulated to obtain a second encapsulated packet, and sent to the second virtual edge device, and 所述第二虚拟边缘设备在对所述第二封装报文进行解封装后发送至所述第二主机。The second virtual edge device sends the second encapsulated packet to the second host after decapsulating the second encapsulated packet.
PCT/CN2019/070052 2018-01-03 2019-01-02 Method, device, and system for multi-type network virtualization overlay interconnection Ceased WO2019134637A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201810003669.4A CN109995640A (en) 2018-01-03 2018-01-03 A method, device and system for interconnecting multiple types of stacked nets
CN201810003669.4 2018-01-03

Publications (1)

Publication Number Publication Date
WO2019134637A1 true WO2019134637A1 (en) 2019-07-11

Family

ID=67128503

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/070052 Ceased WO2019134637A1 (en) 2018-01-03 2019-01-02 Method, device, and system for multi-type network virtualization overlay interconnection

Country Status (2)

Country Link
CN (1) CN109995640A (en)
WO (1) WO2019134637A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112468353A (en) * 2019-09-09 2021-03-09 华为数字技术(苏州)有限公司 Network accessibility detection method and device
CN113973045A (en) * 2020-07-24 2022-01-25 中移(苏州)软件技术有限公司 Message transmission method and device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103166929A (en) * 2011-12-15 2013-06-19 华为技术有限公司 Media playing method and device
US20140372582A1 (en) * 2013-06-12 2014-12-18 Dell Products L.P. Systems and methods for providing vlan-independent gateways in a network virtualization overlay implementation
CN104869042A (en) * 2014-02-20 2015-08-26 华为技术有限公司 Message forwarding method and message forwarding device
CN106134133A (en) * 2014-03-06 2016-11-16 Abb瑞士股份有限公司 Tunnel passes through WAN time-critical message between substation

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101977250B (en) * 2010-10-29 2013-02-27 清华大学 Tunnel selection method in optimization of mutual access between hosts under dual-stack access of edge network
US9143582B2 (en) * 2013-03-08 2015-09-22 International Business Machines Corporation Interoperability for distributed overlay virtual environments
CN103200069B (en) * 2013-03-29 2016-01-27 华为技术有限公司 A kind of method and apparatus of Message processing

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103166929A (en) * 2011-12-15 2013-06-19 华为技术有限公司 Media playing method and device
US20140372582A1 (en) * 2013-06-12 2014-12-18 Dell Products L.P. Systems and methods for providing vlan-independent gateways in a network virtualization overlay implementation
CN104869042A (en) * 2014-02-20 2015-08-26 华为技术有限公司 Message forwarding method and message forwarding device
CN106134133A (en) * 2014-03-06 2016-11-16 Abb瑞士股份有限公司 Tunnel passes through WAN time-critical message between substation

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112468353A (en) * 2019-09-09 2021-03-09 华为数字技术(苏州)有限公司 Network accessibility detection method and device
CN112468353B (en) * 2019-09-09 2023-11-21 华为数字技术(苏州)有限公司 Network reachability detection method and device
CN113973045A (en) * 2020-07-24 2022-01-25 中移(苏州)软件技术有限公司 Message transmission method and device
CN113973045B (en) * 2020-07-24 2024-02-23 中移(苏州)软件技术有限公司 Message transmission method and device

Also Published As

Publication number Publication date
CN109995640A (en) 2019-07-09

Similar Documents

Publication Publication Date Title
CN109660443B (en) SDN-based physical device and virtual network communication method and system
US20220038308A1 (en) Enabling access to dedicated resources in a virtual network using top of rack switches
CN106713103B (en) Method and system for virtual and physical network integration
CN104350714B (en) A kind of message forwarding method and VxLAN gateways
US10063470B2 (en) Data center network system based on software-defined network and packet forwarding method, address resolution method, routing controller thereof
US10205657B2 (en) Packet forwarding in data center network
TWI449380B (en) Data center network system and packet transmission method thereof
JP5792894B2 (en) Port expansion topology information acquisition method, system, control bridge, and uplink port processing method and system
CN105591916B (en) A kind of message transmitting method and device
CN103685006A (en) Packet forwarding method for edge device and edge device
US20130232492A1 (en) Method and system for realizing virtual machine mobility
CN102316030B (en) Method for realizing two-layer internetworking of data center and device
CN107948086A (en) A kind of data packet sending method, device and mixed cloud network system
CN110213148B (en) Data transmission method, system and device
CN106559511A (en) Cloud system, high in the clouds public service system and the exchanging visit method for cloud system
WO2009132594A1 (en) Method and system for forwarding data among private networks
JP2019521619A (en) Packet forwarding
CN111404797B (en) Control method, SDN controller, SDN access point, SDN gateway and CE
CN113660164A (en) A message forwarding method and network device
CN115189920A (en) Cross-network domain communication method and related device
CN106453023B (en) It is a kind of for physical equipment and the communication means of virtual network, equipment and system
CN105264837B (en) A data message transmission system, transmission method and device
US11523443B2 (en) Extraction, conversion, and transmission of user packet from encapsulated packet
WO2016107269A1 (en) Device and method for data transmission in virtual extensible local area network
WO2019134637A1 (en) Method, device, and system for multi-type network virtualization overlay interconnection

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19735696

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 16/11/2020)

122 Ep: pct application non-entry in european phase

Ref document number: 19735696

Country of ref document: EP

Kind code of ref document: A1