[go: up one dir, main page]

CN108881013B - Method and system for controlling gateway mode, SDN controller and access device - Google Patents

Method and system for controlling gateway mode, SDN controller and access device Download PDF

Info

Publication number
CN108881013B
CN108881013B CN201810713493.1A CN201810713493A CN108881013B CN 108881013 B CN108881013 B CN 108881013B CN 201810713493 A CN201810713493 A CN 201810713493A CN 108881013 B CN108881013 B CN 108881013B
Authority
CN
China
Prior art keywords
access equipment
virtual router
gateway
mode
layer forwarding
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810713493.1A
Other languages
Chinese (zh)
Other versions
CN108881013A (en
Inventor
樊超
王海
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
New H3C Information Technologies Co Ltd
Original Assignee
Hangzhou H3C Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou H3C Technologies Co Ltd filed Critical Hangzhou H3C Technologies Co Ltd
Priority to CN201810713493.1A priority Critical patent/CN108881013B/en
Publication of CN108881013A publication Critical patent/CN108881013A/en
Application granted granted Critical
Publication of CN108881013B publication Critical patent/CN108881013B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/58Association of routers
    • H04L45/586Association of routers of virtual routers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/66Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0631Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/38Flow based routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • H04L45/745Address table lookup; Address filtering

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The disclosure provides a method and a system for controlling a gateway mode, an SDN controller and an access device, and relates to the technical field of internet. The SDN controller monitors upper limit alarm information and alarm release information of access equipment; if the upper limit alarm information is received, transferring the three-layer forwarding configuration information of the virtual router on the access equipment to a border gateway so as to switch the access equipment from a gateway mode to a non-gateway mode; and if the alarm release information is received, recovering the three-layer forwarding configuration information of the virtual router corresponding to the access equipment from the border gateway to the access equipment so as to switch the access equipment from the non-gateway mode to the gateway mode. By the aid of the technology, the forwarding process of the three-layer cross-network-segment flow is effectively guaranteed, and the overall data forwarding performance is improved.

Description

Method and system for controlling gateway mode, SDN controller and access device
Technical Field
The present disclosure relates to the field of internet technologies, and in particular, to a method and a system for controlling a gateway mode, an SDN controller, and an access device.
Background
An EVPN (Ethernet Virtual Private Network) is a two-layer VPN technology, where a control plane uses MP-BGP (multi-Protocol-Border Gateway Protocol) to announce EVPN routing information, and a data plane uses VXLAN (Virtual eXtensible local area Network) encapsulation to forward a packet. When physical sites of tenants are dispersed at different positions, the EVPN can provide two-layer interconnection for the same subnet of the same tenant; meanwhile, three-layer interconnection can be provided for different subnets of the same tenant through the EVPN gateway, and three-layer interconnection with an external network is provided for the tenant.
The EVPN networking structure is generally applied to a data center, and a distributed gateway networking mode can be adopted.
In a distributed gateway networking mode, when the EVPN access equipment works in a gateway mode, the EVPN access equipment and the EVPN border gateway can both forward three-layer cross-network-segment traffic, so that the three-layer cross-network-segment traffic can be forwarded according to an optimal path, and meanwhile, the traffic forwarding pressure of the EVPN border gateway can be relieved. However, when the EVPN Access device works in the gateway mode, gateway-related configuration needs to be added, such as VPN (Virtual Private Network) configuration information, VSI-IF (Virtual Switch Interface), gateway IP address, and the like, which may occupy limited ACL (Access Control List) resources of the EVPN Access device, and IF there are many Virtual machines on line in the EVPN, it may not be ensured that the EVPN Access device has sufficient resource storage and forwarding entries, thereby affecting data forwarding performance.
Disclosure of Invention
In view of this, an object of the present disclosure is to provide a method, a system, an SDN controller, and an access device for controlling a gateway mode, which may dynamically adjust a working mode of the access device according to a resource occupation condition of the access device, so as to improve data forwarding performance.
In order to achieve the above purpose, the technical scheme adopted by the disclosure is as follows:
in a first aspect, the present disclosure provides a method for controlling a gateway mode, where the method is applied to an SDN controller, and the method includes:
monitoring alarm information of access equipment, wherein the alarm information comprises upper limit alarm information and alarm release information, the upper limit alarm information is sent when the access equipment is in a gateway mode and detects that the two-layer forwarding resource occupation reaches an upper limit value, and the lower limit alarm information is sent when the access equipment is in a non-gateway mode and detects that the two-layer forwarding resource occupation is lower than a lower limit value;
if the upper limit alarm information is received, transferring the three-layer forwarding configuration information of the virtual router corresponding to the access equipment to a border gateway so as to switch the access equipment from a gateway mode to a non-gateway mode;
and if the alarm release information is received, recovering the three-layer forwarding configuration information of the virtual router from the border gateway to the access equipment so as to switch the access equipment from a non-gateway mode to a gateway mode.
In a second aspect, the present disclosure provides a method for controlling a gateway mode, where the method is applied to an access device, and the method includes:
detecting the occupation condition of the two-layer forwarding resources;
sending alarm information to an SDN controller according to the occupation condition; the alarm information comprises upper limit alarm information and alarm release information, wherein the upper limit alarm information is sent when the access equipment detects that the occupation of the two-layer forwarding resources reaches an upper limit value when being in a gateway mode, and the alarm release information is sent when the access equipment detects that the occupation of the two-layer forwarding resources is lower than a lower limit value when being in a non-gateway mode;
if a virtual router deletion notification sent by an SDN controller is received, deleting three-layer forwarding configuration information of a corresponding virtual router according to the virtual router deletion notification;
and if receiving a virtual router configuration notification sent by the SDN controller, configuring three-layer forwarding configuration information of a corresponding virtual router according to the virtual router configuration notification, and sending a free ARP message.
In a third aspect, the present disclosure provides an SDN controller comprising a first processor and a first memory connected to the first processor; the first memory stores machine executable instructions executable by the first processor to perform the method of the first aspect.
In a fourth aspect, the present disclosure provides an access device comprising a second processor and a second memory connected to the second processor; the second memory stores machine executable instructions executable by the second processor to perform the method of the second aspect.
In a fifth aspect, the present disclosure provides a system for controlling gateway mode, including the SDN controller of the third aspect, the access device of the fourth aspect, and a border gateway;
the border gateway is used for deleting three-layer forwarding configuration information of a corresponding virtual router according to a virtual router deletion notification when the virtual router deletion notification sent by an SDN controller is received; when receiving a virtual router configuration notification sent by an SDN controller, configuring three-layer forwarding configuration information of a corresponding virtual router according to the virtual router configuration notification, and sending a free ARP message.
According to the method and the system for controlling the gateway mode, the SDN controller and the access device, the SDN controller monitors the upper limit alarm information and the alarm release information of the access device; dynamically controlling the access equipment to be reasonably switched between a gateway mode and a non-gateway mode, and if upper limit alarm information is received, transferring the three-layer forwarding configuration information of the virtual router corresponding to the access equipment to a border gateway so as to switch the access equipment from the gateway mode to the non-gateway mode; and if the alarm release information is received, recovering the three-layer forwarding configuration information of the virtual router on the access equipment to the access equipment from the border gateway so as to switch the access equipment from the non-gateway mode to the gateway mode. By the aid of the technology, the forwarding process of the three-layer cross-network-segment flow is effectively guaranteed, and the overall data forwarding performance is improved.
Additional features and advantages of the disclosure will be set forth in the description which follows, or in part may be learned by the practice of the above-described techniques of the disclosure, or may be learned by practice of the disclosure.
In order to make the aforementioned and other objects, features and advantages of the present invention comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the embodiments of the present disclosure or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present disclosure, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a schematic application environment diagram of a method for controlling a gateway mode according to an embodiment of the present disclosure;
fig. 2 is a flowchart of a method for controlling a gateway mode according to an embodiment of the present disclosure;
fig. 3 is a flowchart of another method for controlling a gateway mode according to an embodiment of the present disclosure;
fig. 4 is an interaction diagram of a method for controlling a gateway mode according to an embodiment of the present disclosure;
fig. 5 is a block diagram illustrating an apparatus for controlling a gateway mode according to an embodiment of the present disclosure;
fig. 6 is a block diagram of another apparatus for controlling a gateway mode according to an embodiment of the present disclosure;
fig. 7 is a block diagram of another apparatus for controlling a gateway mode according to an embodiment of the present disclosure;
fig. 8 is a block diagram of a system for controlling a gateway mode according to an embodiment of the present disclosure.
Detailed Description
To make the objects, technical solutions and advantages of the embodiments of the present disclosure more apparent, the embodiments of the present disclosure will be described clearly and completely with reference to the accompanying drawings, and it is to be understood that the described embodiments are some, but not all embodiments of the present disclosure. All other embodiments, which can be derived by one of ordinary skill in the art from the embodiments disclosed herein without making any creative effort, shall fall within the protection scope of the present disclosure.
The method and apparatus for controlling a gateway mode according to the embodiments of the present disclosure may be applied to, but are not limited to, an EVPN networking structure, and fig. 1 shows a schematic diagram of the EVPN networking structure, where a VTEP (VXLAN Tunnel End Point ) is an edge device of an EVPN. VTEP1 and VTEP2 in fig. 1 are EVPN access devices (also referred to as Leaf devices), and VTEP3 is an EVPN border gateway (also referred to as border devices). And the EVPN access devices are connected with each other, and the EVPN access devices and the EVPN border gateway are connected through VXLAN tunnels. In fig. 1 VTEP1 is connected to a first station S1 and VTEP2 is connected to a second station S2.
The configuration information of the access devices corresponding to S1 and S2 and the virtual machines in S1 and S2 in this embodiment is shown in table 1:
TABLE 1
Figure BDA0001716910030000051
The VM1 and VM4 belong to the same subnet, the VTEP1 associates the three-layer interface connected to the local site or the ethernet server instance with the VSI, and the VXLAN created in the VSI of the VTEP1 is the VXLAN to which the message received through the three-layer interface belongs. In this embodiment, the VTEP1 takes an example where a three-layer interface that receives a message sent by the VM1 corresponds to VXLAN10, a three-layer interface that receives a message sent by the VM2 corresponds to VXLAN20, and a three-layer interface that receives a message sent by the VM3 corresponds to VXLAN 30; the following description will be given, by way of example, of VTEP2, in which a three-layer interface that receives a message sent by VM4 corresponds to VXLAN10, a three-layer interface that receives a message sent by VM5 corresponds to VXLAN20, and a three-layer interface that corresponds to VXLAN30, respectively, and sends messages to VM 6.
An SDN (Software Defined Network) is a novel Network architecture, and the core idea is to separate a control layer and a forwarding layer of a Network device, and to perform centralized and flexible control on Network traffic through an SDN controller, thereby providing a good platform for innovation of a core Network and application. The VTEP (including the EVPN access device and the EVPN border gateway) in fig. 1 is communicatively connected to an SDN controller (this connection relationship is not illustrated in fig. 1), and the SDN controller serves as a virtualization management platform for EVPN and provides a network management deployment window for EVPN to a user, where the network management deployment window may be implemented by a cloud platform.
The SDN controller receives configuration information and/or operation instructions related to functions of network creation, subnet assignment, router creation, router management, and the like of a user through the cloud platform, and then manages physical devices or virtual devices in the EVPN according to the received configuration information and/or operation instructions, for example: the SDN controller configures VPN configuration information of the EVPN access equipment, and can also configure a three-layer unloading function on the EVPN access equipment, namely, a virtual router is configured on the EVPN access equipment, so that three-layer forwarding of cross-network segment flow in the EVPN is realized.
The EVPN networking architecture shown in fig. 1 may operate in a centralized gateway networking mode or a distributed gateway networking mode.
In the centralized gateway networking mode, both VTEP1 and VTEP2 operate in a non-gateway mode and are used only as layer two switches for forwarding layer two traffic between devices within the same subnet. While VTEP3 is used as a centralized gateway, taking the configuration example shown in table 1, the configuration corresponding to VTEP3 is shown in table 2:
TABLE 2
Figure BDA0001716910030000061
Figure BDA0001716910030000071
In the networking stage, virtual routers (VRouter) can be configured on VTEP3 according to VXLAN configured in current networking, each VRouter corresponds to one VSI interface and one VXLAN network, and an IP address of the VSI interface is used as a gateway IP address of a virtual machine in the corresponding VXLAN network. And each VSI interface will be bound to a VPN instance. Therefore, each virtual router can independently forward the message under the VPN instance bound with the virtual router. The three-layer cross-network segment traffic received by VTEP1 and VTEP2 and the traffic sent to the external network are required to be offloaded and forwarded through VTEP 3.
The following describes a two-layer forwarding process by taking an example that the VM1 sends a message to the VM4 in a centralized gateway networking mode, specifically as follows:
(1) the VM1 learns the MAC address of the VM4 through the ARP message;
(2) the VM1 sends a data message, where the source MAC address of the message is MAC1 of VM1, and the destination MAC address is MAC4 of VM 4.
(3) The data message firstly arrives at VTEP1, VTEP1 searches the matched table entry in the MAC address table of VSI-10 according to the destination MAC address, and the output interface corresponding to the message is VXLAN tunnel between VTEP1 and VTEP 2. The VTEP1 encapsulates the packet according to the VXLAN protocol, and then sends the encapsulated packet to the VTEP2 through the VXLAN tunnel corresponding to the egress interface. The encapsulated packet carries a VXLAN network identifier.
(4) The VTEP2 receives the encapsulated message, determines that the message belongs to VXLAN10 according to the VXLAN network identifier in the message, decapsulates the received message, searches for a MAC address table corresponding to VXLAN10 in VTEP2, and sends the decapsulated message to VM4 through the found egress interface.
In the following, taking an example that the VM1 sends a message to the VM5 in the centralized gateway networking mode, a three-layer forwarding process across network segments is described as follows:
(1) the VM1 determines that a message sent to the VM5 is a cross-network segment message according to the IP address of the VM5, and learns the MAC address corresponding to the IP address of the gateway through the ARP message;
(2) the VM1 sends a data message, wherein the source MAC address of the message is the MAC1 of the VM1, and the destination MAC address is the MAC address corresponding to the gateway IP address; the source IP address is the IP address of VM1 and the destination IP address is the IP address of VM 5.
(3) The data message firstly arrives at VTEP1, VTEP1 searches the matched table entry in the MAC address table of VSI-10 according to the destination IP address, and the output interface corresponding to the message is VXLAN tunnel between VTEP1 and VTEP 3. The VTEP1 encapsulates the message and then sends the message to VTEP 3;
(4) after receiving the encapsulated message, VTEP3 decapsulates the message, determines that the interface is a VXLAN tunnel between VTEP3 and VTEP2 by looking up the host routing table according to the destination IP address, and sends the VXLAN tunnel to VTEP2, and VTEP2 sends the message to VM 5.
In the distributed gateway networking mode, VTEP1 and VTEP2 operate in the gateway mode, and VTEP1 and VTEP2 also configure a virtual router (VRouter) based on VSI and VXLAN, and the specific configuration is the same as that of VTEP3, which is not described herein again. In the networking mode, if the VM1 sends a message to the VM5, the VM1 sends the message to the VTEP1, the VTEP1 judges that the VXLAN network to which the message belongs is VXLAN20, searches an outgoing interface corresponding to VXLAN20 in a host routing table in the VTEP1, sends the message to the VTEP2 through the outgoing interface, and forwards the message to the VM5 through the VTEP 2.
Considering that the three-layer cross-network-segment traffic needs to be forwarded through the border gateway in the centralized networking mode, the traffic forwarding pressure of the border gateway is large; in the distributed networking mode, if there are many online virtual machines, the occupation of two-layer forwarding resources on the access device is large, which may cause the two-layer forwarding resources configured by the access device to be exhausted, and the data forwarding performance cannot be guaranteed. In order to more reasonably utilize network resources and improve data forwarding performance, the embodiments of the present disclosure provide a method, a system, an SDN controller, and an access device for controlling a gateway mode, which may dynamically control the access device to reasonably switch between a gateway mode and a non-gateway mode according to a resource occupation condition of the access device.
Fig. 2 shows a flowchart of a method for controlling gateway mode, which is applied to an SDN controller, and includes the following steps:
step S202, an SDN controller monitors alarm information of access equipment, wherein the alarm information comprises upper limit alarm information and alarm release information, and the upper limit alarm information is sent when the access equipment is in a gateway mode and detects that the occupation of a two-layer forwarding resource reaches an upper limit value; the lower limit alarm information is sent when the access equipment detects that the occupation of the second-layer forwarding resources is lower than a lower limit value when the access equipment is in a non-gateway mode;
the layer two forwarding resource may include a resource occupied by related information for implementing layer two forwarding, such as a MAC forwarding table and/or a VSI resource, and the VSI resource may include related information such as a VPN routing table.
Step S204, if the SDN controller receives the upper limit alarm information, transferring the three-layer forwarding configuration information of the virtual router corresponding to the access device to a border gateway, so that the access device is switched from a gateway mode to a non-gateway mode.
For example, if VXLAN to which a virtual machine on the access device 1 belongs includes VXLAN1 and VXLAN2, the access device 1 will be configured with vruter 1 corresponding to VXLAN1 and vruter 2 corresponding to VXLAN2 in advance. The three-tier forwarding configuration information of each virtual router may include: VPN configuration information, VSI-IF and gateway IP address, etc.
And when receiving the three-layer forwarding configuration information of the virtual router sent by the SDN controller, the border gateway configures the three-layer forwarding configuration information of the virtual router and sends a free ARP message. The border gateway can configure information such as VPN configuration information, VSI-IF (virtual private network interface-intermediate frequency) and gateway IP (Internet protocol) addresses corresponding to the virtual router by configuring three layers of forwarding configuration information of the virtual router, and then, by sending a free ARP (Address resolution protocol) message, each device in the current networking can obtain the gateway MAC address corresponding to the gateway IP address according to the free ARP message, so that when a user device sends a message to the corresponding gateway, the message originally sent to the access device is sent to the border gateway, namely, the border gateway takes over the gateway function originally on the access device.
Step S206, if the SDN controller receives the alarm release information, restoring the three-layer forwarding configuration information of the virtual router corresponding to the access device from the border gateway to the access device, so as to switch the access device from the non-gateway mode to the gateway mode.
The SDN controller receives the alarm release information, and can search the VXLAN corresponding to the access equipment according to the identifier of the access equipment carried by the alarm release information, so as to obtain the virtual router corresponding to the access equipment and the three-layer forwarding configuration information of the virtual router.
The three-layer forwarding configuration information is restored to the access device by the border gateway, and specifically, a virtual router deletion notification may be sent to the border gateway by the SDN controller, where the virtual router deletion notification may carry a virtual router identifier, so that after receiving the virtual router deletion notification, the border gateway deletes the three-layer forwarding configuration information corresponding to the virtual router identifier according to the virtual router deletion notification. In addition, the SDN controller may further send a virtual router configuration notification to the access device corresponding to the virtual router identifier, where the virtual router configuration notification may carry three-layer forwarding configuration information of the virtual router, receive the three-layer forwarding configuration information in the access device configuration notification of the virtual router configuration notification, and send a free ARP packet.
By the method, the SDN controller can receive the upper limit alarm information reported by the access equipment when the access equipment is in a gateway mode and the two-layer forwarding resource occupation reaches the upper limit value, receive the alarm cancellation information when the access equipment is in a non-gateway mode and the two-layer forwarding resource occupation is lower than the lower limit value, and further transfer the three-layer forwarding configuration information of the virtual router on the access equipment to the boundary gateway when the upper limit alarm information is received; and when receiving the alarm release information, restoring the three-layer forwarding configuration information of the virtual router on the access equipment to the access equipment from the border gateway.
The processing mode of the three-layer forwarding configuration information can control the access equipment to be switched from the gateway mode to the non-gateway mode when the two-layer forwarding resources of the access equipment actually occupy a large amount, thereby ensuring the forwarding performance of the two-layer forwarding service and reducing the packet loss rate. When the two-layer forwarding resources of the access equipment actually occupy less, the access equipment is controlled to be switched from the non-gateway mode to the gateway mode, so that the three-layer cross-network-segment flow reaching the access equipment is forwarded according to the optimal path, the time delay of the three-layer cross-network-segment flow in the forwarding process is reduced, and the data forwarding performance is further improved.
The above method is described by taking an SDN controller applied to EVPN as an example. In the EVPN networking structure, the access device may specifically be a Leaf device, the border gateway may specifically be a border device, and the SDN controller is in communication connection with the access device and the border gateway. In the EVPN networking construction process, an SDN controller receives network logic resource configuration information created by a user through a cloud platform, wherein the network logic resource configuration information comprises three-layer forwarding configuration information of a virtual router, and the three-layer forwarding configuration information comprises: VPN configuration information, VSI-IF, gateway IP address, etc.; the network logic resource configuration information further includes network (related addresses of external network devices docked by the IP core network, etc.) and subnet (configuration information of subnets of each device in the IP core network, such as subnet configuration information of core devices, edge devices, servers, and virtual machines, etc.); the user can also add software and hardware requirement information or model information of the access equipment through the cloud platform.
Taking the SDN controller to execute the above method as an example, the above method includes the following steps:
(1) and monitoring alarm information of the access equipment by the SDN controller. Wherein, the alarm information comprises upper limit alarm information and alarm release information.
When the access device is in the gateway mode, reporting upper limit alarm information to the SDN controller if the two-layer forwarding resource occupation reaches an upper limit value, and when the access device is in the gateway mode, reporting alarm release information to the SDN controller if the two-layer forwarding resource occupation is lower than a lower limit value. The upper limit value and the lower limit value may be configured in advance or may be dynamically adjusted.
In one implementation, the upper limit value and the lower limit value may be determined based on a current resource mode of the access device and a total amount of resources, where the total amount of resources may refer to a total amount of resources configured by the network device for forwarding the service, and include a sum of relevant resources such as a MAC forwarding table, a host routing table, and a VPN routing table.
Generally, the resource modes are preconfigured according to the device roles, for example, for the core switching device, and the access device, the capabilities of the traffic carried by the access device are different, so that the SDN controller, when initially configuring the resource modes for the device, generally configures different resource modes for the device according to the device roles.
In each resource mode, the proportion of the total amount of the resources occupied by each resource is determined, so that the maximum value of the total amount of the resources occupied by the two-layer forwarding resources in the resource mode can be known by knowing the total amount of the resources of the access equipment and the current resource mode of the access equipment, and the upper limit value and the lower limit value corresponding to the two-layer forwarding resources in the resource mode are calculated. In specific implementation, one of the resource patterns may be selected as the current resource allocation manner, for example, 5 patterns shown in table 3:
TABLE 3
Figure BDA0001716910030000121
Table 3 is only an indicated MAC forwarding table and a host routing table, which are part of the total resources of the access device, and other resource tables 3 are not indicated one by one, because the proportion of each resource occupying the total resources is determined in each resource mode, the upper limit value and the lower limit value of the trigger alarm information in the access device are values related to the resource mode. In the method provided by the implementation, the resource mode can be flexibly changed when the access device is in the non-gateway mode and the gateway mode, so that the upper limit value and the lower limit value under each resource mode can be dynamically calculated in advance by configuring the percentage of the two-layer forwarding resources during specific implementation without configuring the upper limit value and the lower limit value corresponding to the two-layer forwarding resources under each resource mode one by one, and the implementation process is simplified. For example, the SDN controller may first obtain an upper limit percentage and a lower limit percentage, for example, a user configured percentage from a cloud platform, or a user configured percentage received locally at the SDN controller, or a pre-configured default percentage from a system; calculating the maximum value occupied by the two-layer forwarding resources according to the current resource mode and the total resource amount of the access equipment, wherein the total resource amount is 100K, the proportion of the total resource amount occupied by the two-layer forwarding resources in the current resource mode is 30%, and the maximum value occupied by the two-layer forwarding resources is 100 Kx 30% — 30K; then multiplying the maximum value by the upper limit percentage to obtain the upper limit value occupied by the second-layer forwarding resource; and multiplying the maximum value by the lower limit percentage to obtain the lower limit value occupied by the two-layer forwarding resource.
For simplicity of description, the resource pattern shown in table 4 is taken as an example for explanation:
TABLE 4
Figure BDA0001716910030000131
For example, if the access device is currently a distributed gateway and the resource pattern is a, the upper limit value: 10K 80% ═ 8K, lower limit: 10K 30% ═ 3K. Wherein 80% is the upper limit percentage and 30% is the lower limit percentage. Description of the drawings: under the scene, if the usage amount (also called occupancy) of the MAC forwarding table exceeds 8K, a critical event, namely sending the upper limit alarm information, is generated, and if the usage amount is lower than 3K, a normal event, namely sending the alarm release information, is generated.
It is understood that the upper limit and the lower limit of the two-layer forwarding resource occupation may also be directly set. For example, the SDN controller may also display the access device model and the resource mode to the user through the cloud platform, and the user may forward an upper limit value and a lower limit value occupied by the resource in the second layer in different resource modes set by the cloud platform. And the SDN controller issues an upper limit value and a lower limit value occupied by the two-layer forwarding resources to the access equipment. And after receiving the upper limit value and the lower limit value issued by the SDN controller, the access equipment continuously monitors whether the two-layer forwarding resources meet the alarm threshold according to the upper limit value and the lower limit value.
Taking the example that the two-layer forwarding resource is specifically an MAC forwarding table, if the number of virtual machines accessed through the access device increases continuously, the content in the MAC forwarding table of the access device increases continuously, the storage space occupied by the MAC forwarding table increases gradually, and the storage space may reach an upper limit value. If the virtual machine accessed through the access device is reduced, the storage space occupied by the MAC forwarding table may be reduced to be lower than the lower limit value. When the access equipment is in a gateway mode, monitoring whether the two-layer forwarding resource reaches an upper limit value, and if the two-layer forwarding resource reaches the upper limit value, reporting upper limit alarm information to an SDN controller; and when the access equipment is in a gateway mode, monitoring whether the two-layer forwarding resource is lower than a lower limit value, and if the two-layer forwarding resource is lower than the lower limit value, reporting alarm release information to the SDN controller.
(2) And if the SDN controller receives the upper limit alarm information, transferring the three-layer forwarding configuration information of the virtual router on the access equipment to the border gateway so as to switch the access equipment from a gateway mode to a non-gateway mode and enable the border gateway to take over the gateway corresponding to the access equipment.
As one implementation, transferring the three-tier forwarding configuration information of the virtual router on the access device to the border gateway may include:
(1) the virtual router corresponding to the access equipment is checked in the pre-established configuration information, and other access equipment related to the virtual router is searched in the pre-established configuration information; the pre-established configuration information may be established at a networking stage, and the configuration information records: the identification of each access device, a virtual router configured for the access device, a VXLAN corresponding to the virtual router, a virtual router corresponding to the VXLAN, other route forwarding information and the like; therefore, the virtual router corresponding to the access device can be found in the pre-established configuration information according to the identifier of the access device. Since the access device corresponding to each virtual router is not necessarily unique, the other access devices corresponding to the identifier of the virtual router are searched in the pre-established configuration information, and the other access devices are also configured with the virtual router.
(2) Sending a virtual router deletion notification to the access equipment and the searched other access equipment so that the access equipment receiving the deletion notification deletes the three-layer forwarding configuration information of the virtual router; (3) and sending the three-layer forwarding configuration information of the virtual router to a border gateway so that the border gateway configures the three-layer forwarding configuration information and sends a free ARP message.
The access device receiving the free ARP message records an access interface of the free ARP message and a gateway MAC address corresponding to the gateway IP address so as to search a next hop address for a subsequent service message forwarded across networks. The detailed process of sending the gratuitous ARP message may refer to other related technologies, and is not described herein again.
Still taking the EVPN networking structure shown in fig. 1 as an example for explanation, a vRouter may be understood as that routers are virtually distributed in a distributed manner among different VTEP devices. In the description of this embodiment, if vruter 1 is distributed and configured on VTEP1 and VTEP2 in a distributed manner, vruter 1 configured on VTEP1 and vruter 1 configured on VTEP2 described in this embodiment are not distinguished by different vruter serial numbers. The vruter 1 configured on VTEP1 and the vruter 1 configured on VTEP2 may be used to forward a packet under the same VPN instance.
The SDN controller receives upper limit alarm information sent by the access equipment, determines that the equipment is VTEP1 according to the identifier of the access equipment, and searches for two corresponding vRouters of VTEP1 in pre-established configuration information, wherein the two corresponding vRouters are vRouter1 and vRouter 2. And searching for other access devices associated with the vruter 1 or vruter 2 in the configuration information. For example, VTEP2 is also configured with vruter 1, it is determined that the access device associated with vRouter1 also has VTEP 2. If VTEP4 also has vRouer2 configured thereon, then the other access devices associated with VTEP1 also include VTEP 2. VTEP1 is notified to delete configuration information for vruter 1 and vruter 2, and VTEP2 is notified to delete three-tier forwarding configuration information for vRouter 1. The three-tier forwarding configuration information for vRouter1 and vRouter2 is sent to VTEP3 (i.e., border gateway). After receiving the three-layer forwarding configuration information of the vRouter1 and the vRouter2, the VTEP3 configures a gateway and sends a gratuitous ARP message. After that, VTEP1 is switched from gateway mode to non-gateway mode.
Meanwhile, the SDN controller can control the access equipment reporting the upper limit alarm information to switch to a new resource mode. Wherein, the proportion of the two-layer forwarding resource occupation under the new resource mode is larger than that under the current resource mode. For example, if the current resource mode of the VTEP1 is mode 3, the switched new resource mode may be mode 0, mode 1, or mode 2, and by switching the resource modes, the maximum value of the storage space that the MAC forwarding table may occupy may be increased, so as to ensure that the data of the virtual machine can be forwarded normally. After the SDN controller controls the access device to switch to a new resource mode, the SDN controller can re-determine the upper limit value and the lower limit value of the triggering alarm information according to the maximum value occupied by the two-layer forwarding resources in the new resource mode, and send the newly determined upper limit value and the newly determined lower limit value to the access device, so that the access device monitors the occupation condition of the two-layer forwarding resources according to the new upper limit value and the new lower limit value, and determines whether to send the alarm information to the SDN controller. (3) And if the SDN controller receives the alarm release information, recovering the three-layer forwarding configuration information of the virtual router on the access equipment from the EVPN boundary gateway to the EVPN access equipment so as to switch the access equipment from a non-gateway mode to a gateway mode and remove the gateway corresponding to the access equipment by the boundary gateway.
The SDN controller receives alarm removing information sent by access equipment, checks a virtual router corresponding to the access equipment in pre-established configuration information, and searches other access equipment related to the virtual router; informing the border gateway to delete the three-layer forwarding configuration information of the virtual router; and sending a virtual router configuration notice to the access equipment and the searched other access equipment, so that the access equipment receiving the configuration notice configures the three-layer forwarding configuration information of the virtual router, and sends a free ARP message.
For example, upon receiving the alarm release information sent by VTEP1, the SDN controller determines that VTEP1 is configured with vruter 1 and vruter 2 according to the VXLAN network connected to VTEP 1. Other EVPN access devices configured with either vRouter1 or vRouter2 are found assuming that vRouter1 is configured on VTEP 2. Sending the new configuration information of vRouter1 and vRouter2 to VTEP1, sending the new configuration information of vRouter2 to VTEP2, enabling VTEP1 to set the new configuration information of vRouter1 and vRouter2, and enabling VTEP2 to set the new configuration information of vRouter 1. Then notifying VTEP3 of the configuration information of vruter 1 and vruter 2 saved before deletion and notifying VTEP2 of the configuration information of vruter 1 saved before deletion; the new configuration information and the previous configuration information are three-layer forwarding configuration information, and after the interfaces corresponding to vruter 1 and vruter 2 of VTEP1 are powered on, a first gratuitous ARP message corresponding to vRouter1 and a second gratuitous ARP message corresponding to vruter 2 are sent. Similarly, after the interface corresponding to the vruter 1 on VTEP2 is powered on, the gratuitous ARP packet corresponding to vruter 1 is also sent.
Through the above process, when the resource actually occupied by the MAC forwarding table is large, for example, when the resource actually occupied by the MAC forwarding table is greater than the upper limit value, the VTEP1 switches the gateway mode to the non-gateway mode, which can ensure the forwarding performance of the two-layer forwarding service and reduce the packet loss rate. When the resources actually occupied by the MAC forwarding table are small, for example, the resources actually occupied by the MAC forwarding table are lower than a lower limit value, the VTEP1 is switched from the non-gateway mode to the gateway mode, so that the three-layer cross-network segment traffic reaching the VTEP1 can be forwarded according to an optimal path, and the time delay of the three-layer cross-network segment traffic in the forwarding process is reduced.
Optionally, the SDN controller receives an alarm release message sent by the access device, and may control the access device to switch to a next resource mode, where a ratio occupied by a two-layer forwarding resource in the next resource mode is smaller than a ratio occupied by a two-layer forwarding resource in a current resource mode.
Through the method, when the gateway is switched, the relevant configuration is issued based on the vruter on the alarm device, and it is assumed that there are vruter 1 and vruter 2 on the alarm device VTEP a and vruter 1 and vruter 3 on the normal device VTEP B, and at this time, the positions of the vruter 1 and vruter 2 corresponding to the gateway need to be switched, and the switching process of the positions of the gateways is the transfer process of the three-layer forwarding configuration information of the virtual router, which is not described herein again, but the position of the gateway corresponding to the vruter 3 on the VTEP B remains unchanged.
Assume that the IP address of VM1 is: 192.168.100.1, the gateway IP address of VM1 is 192.168.100.254, and the IP address of internal interface 1 of VLAN1 of the corresponding vRouter is 192.168.100.254/24. If this IP address is deployed on the EVPN access device, the deployment process may be referred to as a triple-layer configuration of vRouter, if the IP address of internal interface 2 on the EVPN access device that also has VLAN2 is: 192.168.200.254/24 (and belongs to the same VPN as VLAN internal interface 1, i.e. the same vRouter), which is connected to VM2, and VM2 has an IP address of 192.168.200.1, VM1 can cross-network access to VM2 of VLAN2 through its own gateway, i.e. interface 1.
If the gateway IP address is deployed on the border gateway, the cross-network segment traffic of the access equipment cannot be processed, and the cross-network segment traffic can only be forwarded to the border gateway through the gateway MAC address by two layers, and then is forwarded by three layers through the border gateway.
Corresponding to the above embodiments, fig. 3 shows a flowchart of another method for controlling gateway mode, which may be applied to an access device of EVPN, which is in communication connection with an SDN controller and a border gateway. The method comprises the following steps:
step S302, the access device detects the occupation situation of the two-layer forwarding resource.
After receiving an upper limit value and a lower limit value occupied by a two-layer forwarding resource issued by an SDN controller, an access device continuously monitors the occupation condition of the two-layer forwarding resource, and the method specifically includes the following steps: when the access equipment is in a gateway mode, monitoring whether the two-layer forwarding resource reaches an upper limit value; and when the access equipment is in a non-gateway mode, monitoring whether the two-layer forwarding resource is lower than a lower limit value.
And step S304, the access device sends alarm information to the SDN controller according to the occupation condition of the two-layer forwarding resources.
Wherein, the alarm information comprises upper limit alarm information and alarm release information. The upper limit alarm information is sent when the access equipment is in a gateway mode and detects that the occupation of the two-layer forwarding resource reaches an upper limit value; the alarm release information is sent when the access device detects that the occupation of the two-layer forwarding resource is lower than the lower limit value when the access device is in the non-gateway mode.
Step S306, if a virtual router deletion notification sent by the SDN controller is received, deleting the three-tier forwarding configuration information of the corresponding virtual router according to the virtual router deletion notification.
If the alarm information sent by the access device is the upper limit alarm information, a virtual router deletion notification sent by the SDN controller is subsequently received, where the notification may include an identifier of the virtual router, so that the access device deletes three-layer forwarding configuration information of the virtual router, so that the access device is switched from a gateway mode to a non-gateway mode, and the deleted three-layer forwarding configuration information may include routing information in a host routing table, and the like. When the access equipment receives the free ARP message sent by the border gateway, the routing information is updated according to the free ARP message.
And when the access equipment receives a control instruction for switching the resource mode, which is sent by the SDN controller, switching to a new resource mode. Wherein, the proportion of the two-layer forwarding resource occupation under the new resource mode is larger than that under the current resource mode.
Step S308, if receiving a virtual router configuration notification sent by the SDN controller, configuring three-layer forwarding configuration information of a corresponding virtual router according to the virtual router configuration notification, and sending a gratuitous ARP packet.
If the alarm information sent by the access equipment is alarm release information, the three-layer forwarding configuration information of the virtual router issued by the SDN controller is received subsequently, and a free ARP message is sent, so that routing updating is carried out on the border gateway and other access equipment based on the free ARP message, and the access equipment is switched from a non-gateway mode to a gateway mode.
And when the access equipment receives a control instruction for switching the resource mode, which is sent by the SDN controller, switching to the next resource mode. Wherein, the proportion of the two-layer forwarding resource occupation under the next resource mode is smaller than that under the current resource mode.
For easier understanding, the following takes EVPN networking as an example in conjunction with the interaction diagram shown in fig. 4, where an access device is specifically referred to as an EVPN access device, and a border gateway is specifically referred to as an EVPN border gateway, and the working process of the method for controlling a gateway mode provided in the embodiment of the present invention is described in detail. As shown in fig. 4, the process includes:
step S401, the cloud platform issues configuration information, and the specific process may be: a user creates network logic resource configuration information and configuration information such as an upper limit value or an upper limit percentage, a lower limit value or a lower limit percentage occupied by two-layer forwarding resources in EVPN access equipment through a cloud platform. And the cloud platform acquires and issues the configuration information to the SDN controller.
The network logic resource configuration information includes three-layer forwarding configuration information of the virtual router, and the three-layer forwarding configuration information includes: VPN configuration information, VSI-IF and gateway IP address, etc. The network logic resource configuration information also includes network (related addresses of external network devices connected with the IP core network, etc.) and subnet (configuration information of each subnet in the IP core network, such as core devices, edge devices, servers, virtual machines, etc.);
step S402, the EVPN access equipment is on line.
Step S403, the SDN controller issues an upper limit value and a lower limit value. The method specifically comprises the following steps: the SDN controller acquires the current resource mode and the total resource amount of the online EVPN access equipment, and issues an upper limit value and a lower limit value occupied by the two-layer forwarding resources to the EVPN access equipment.
And S404, the EVPN access equipment sends upper limit alarm information.
And after receiving the upper limit value and the lower limit value occupied by the two-layer forwarding resources issued by the SDN controller, the EVPN access equipment continuously detects the occupation condition of the two-layer forwarding resources. When EVPN access equipment is in a gateway mode, detecting whether the two-layer forwarding resource reaches an upper limit value; and if the occupation of the two-layer forwarding resources reaches the upper limit value, the EVPN access equipment sends upper limit alarm information to the SDN controller.
Step S405, the SDN controller and the EVPN access device perform a first mode switching, where the mode switching process is as follows: the method comprises the steps that an SDN controller receives upper limit alarm information sent by EVPN access equipment, and a virtual router corresponding to the EVPN access equipment is checked in pre-established configuration information; searching other access equipment associated with the virtual router in pre-established configuration information; sending a virtual router deletion notification to the EVPN access equipment and other searched EVPN access equipment so that the EVPN access equipment receiving the deletion notification deletes the three-layer forwarding configuration information of the virtual router; and sending the three-layer forwarding configuration information of the virtual router to a border gateway so that the border gateway configures the three-layer forwarding configuration information and sends a free ARP message.
Step S406, the EVPN access equipment sends alarm release information.
And when the EVPN access equipment is in a gateway mode, detecting whether the two-layer forwarding resource is lower than a lower limit value. And if the occupation of the two-layer forwarding resources is lower than the lower limit value, the EVPN access equipment sends alarm release information to the SDN controller.
Step S407, the SDN controller performs a second mode switching with the EVPN access device, where the mode switching process is as follows: the method comprises the steps that an SDN controller receives alarm removing information sent by EVPN access equipment, and a virtual router corresponding to the EVPN access equipment in a gateway mode is checked in pre-established configuration information; searching other EVPN access equipment related to the virtual router in pre-established configuration information; informing the EVPN boundary gateway to delete the three-layer forwarding configuration information of the virtual router; and sending a virtual router configuration notice to the EVPN access equipment and the searched other EVPN access equipment, so that the EVPN access equipment receiving the configuration notice configures the three-layer forwarding configuration information and sends a free ARP message. At this time, the EVPN access equipment is switched from the non-gateway mode to the gateway mode.
In the method for controlling the gateway mode provided by the embodiment of the disclosure, the SDN controller dynamically controls the EVPN access device to reasonably switch between the gateway mode and the non-gateway mode by monitoring the upper limit alarm information and the alarm release information of the EVPN access device, so that when the occupation of the two-layer forwarding resources reaches the upper limit value, the EVPN access device is switched from the gateway mode to the non-gateway mode, and when the occupation of the two-layer forwarding resources is lower than the lower limit value, the EVPN access device is switched from the non-gateway mode to the gateway mode. By the way of dynamically switching the gateway mode, the EVPN access equipment can be maintained in the gateway mode under the scene of less virtual machines in the EVPN, so that the three-layer cross-network-segment flow is forwarded according to the optimal path, and the time delay of the three-layer cross-network-segment flow in the forwarding process is reduced; under the scene that the number of virtual machines in the EVPN is large, the EVPN access equipment is maintained in a non-gateway mode, the three-layer cross-network-segment flow is forwarded through the EVPN border gateway, the forwarding process of the three-layer cross-network-segment flow is effectively guaranteed, and the overall data forwarding performance is improved.
Correspondingly to the method embodiment, the embodiment of the present disclosure further provides a device for controlling a gateway mode, which is applied to an SDN controller, where the SDN controller is in communication connection with an access device and a border gateway. As shown in fig. 5, the apparatus includes:
an alarm information monitoring module 51, configured to monitor alarm information of an access device, where the alarm information includes upper limit alarm information and alarm release information, the upper limit alarm information is sent when the access device is in a gateway mode and detects that two-layer forwarding resource occupancy reaches an upper limit value, and the lower limit alarm information is sent when the access device is in a non-gateway mode and detects that the two-layer forwarding resource occupancy is lower than a lower limit value;
the mode control module 52 is configured to, if the upper limit alarm information is received, transfer the three-layer forwarding configuration information of the virtual router corresponding to the access device to the border gateway, so that the access device is switched from the gateway mode to the non-gateway mode; and if the alarm release information is received, recovering the three-layer forwarding configuration information of the virtual router on the access equipment to the access equipment from the border gateway so as to switch the access equipment from the non-gateway mode to the gateway mode.
Wherein the mode control module 52 is further configured to: if the upper limit alarm information is received, controlling the access equipment to switch to a new resource mode, wherein the proportion occupied by the second-layer forwarding resources in the new resource mode is greater than the proportion occupied by the second-layer forwarding resources in the current resource mode; and if the alarm release information is received, controlling the access equipment to switch to the next resource mode, wherein the proportion occupied by the two-layer forwarding resources in the next resource mode is smaller than that occupied by the two-layer forwarding resources in the current resource mode.
The mode control module 52 may also be configured to: checking a virtual router corresponding to the access equipment in pre-established configuration information; searching other access equipment related to the virtual router in the pre-established configuration information; sending a virtual router deletion notification to the access equipment and the other searched access equipment, so that the access equipment receiving the deletion notification deletes the three-layer forwarding configuration information of the virtual router; and sending the three-layer forwarding configuration information of the virtual router to a border gateway so that the border gateway configures the three-layer forwarding configuration information and sends a free ARP message. The access equipment is also used for checking the virtual router corresponding to the access equipment in the gateway mode in the pre-established configuration information; searching other access equipment related to the virtual router in the pre-established configuration information; notifying the border gateway to delete the three-layer forwarding configuration information of the virtual router; and sending a virtual router configuration notice to the access equipment and the other searched access equipment, so that the access equipment receiving the configuration notice configures the three-layer forwarding configuration information and sends a free ARP message.
Optionally, as shown in fig. 6, the apparatus may further include an alarm information issuing module 61, configured to issue an upper limit value and a lower limit value to the access device according to the current resource mode and the total resource amount of the access device, so that the access device sends alarm information based on the upper limit value and the lower limit value.
The alarm information issuing module 61 may also be configured to: acquiring an upper limit percentage and a lower limit percentage; calculating the maximum value occupied by the two-layer forwarding resources according to the current resource mode and the total amount of resources of the access equipment; multiplying the maximum value by the upper limit percentage to obtain an upper limit value occupied by the second-layer forwarding resource; and multiplying the maximum value by the lower limit percentage to obtain the lower limit value occupied by the two-layer forwarding resource.
The embodiment of the present disclosure also provides an SDN controller, including a first processor and a first memory connected to the first processor; the first memory stores machine executable instructions executable by the first processor to perform the method of fig. 2.
The disclosed embodiment further provides another apparatus for controlling a gateway mode, which is applied to an access device, where the access device is in communication connection with an SDN controller and a border gateway, as shown in fig. 7, the apparatus includes:
a resource occupation monitoring module 71, configured to detect occupation of a second layer forwarding resource;
an alarm information sending module 72, configured to send alarm information to the SDN controller according to an occupation situation; the alarm information comprises upper limit alarm information and alarm release information, wherein the upper limit alarm information is sent when the access equipment detects that the occupation of the two-layer forwarding resources reaches an upper limit value when being in a gateway mode, and the alarm release information is sent when the access equipment detects that the occupation of the two-layer forwarding resources is lower than a lower limit value when being in a non-gateway mode;
a mode switching module 73, configured to receive a virtual router deletion notification sent by an SDN controller, and delete three-tier forwarding configuration information of a corresponding virtual router according to the virtual router deletion notification; and receiving a virtual router configuration notification sent by the SDN controller, configuring three-layer forwarding configuration information of a corresponding virtual router according to the virtual router configuration notification, and sending a free ARP message.
The embodiment of the present disclosure also provides an access device, which includes a second processor and a second memory connected to the second processor; the second memory stores machine executable instructions executable by the second processor which executes the machine executable instructions to implement the method shown in figure 3.
The embodiment of the present disclosure also provides a system for controlling gateway mode, as shown in fig. 8, the system includes an SDN controller 20, an access device 30 connected to the SDN controller 20, a border gateway 40, and a cloud platform 10 (optional). The SDN controller is provided with a device for controlling a gateway mode shown in fig. 5 or fig. 6, and the access device is provided with a device for controlling a gateway mode shown in fig. 7.
The border gateway is used for deleting three-layer forwarding configuration information of a corresponding virtual router according to a virtual router deletion notification when the virtual router deletion notification sent by the SDN controller is received; when receiving a virtual router configuration notification sent by an SDN controller, configuring three-layer forwarding configuration information of a corresponding virtual router according to the virtual router configuration notification, and sending a free ARP message.
The embodiments of the present disclosure also provide a machine-readable storage medium, where the machine-readable storage medium stores machine-executable instructions, and when the machine-executable instructions are called and executed by a processor, the machine-executable instructions cause the processor to implement any one of the above methods for controlling a gateway mode.
The method, system, SDN controller and access device for controlling gateway mode provided in the embodiments of the present disclosure implement the same principles and technical effects as those of the foregoing method embodiments, and for brief description, reference may be made to corresponding contents in the foregoing method embodiments where no part of the device embodiments is mentioned.
In the several embodiments provided in the present disclosure, it should be understood that the disclosed apparatus and method may be implemented in other manners. The apparatus embodiments described above are merely illustrative, and the flowcharts and block diagrams in the figures, for example, illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Finally, it should be noted that: the above-mentioned embodiments are merely specific embodiments of the present disclosure, which are used for illustrating the technical solutions of the present disclosure and not for limiting the same, and the scope of the present disclosure is not limited thereto, and although the present disclosure is described in detail with reference to the foregoing embodiments, those skilled in the art should understand that: any person skilled in the art can modify or easily conceive of the technical solutions described in the foregoing embodiments or equivalent technical features thereof within the technical scope of the present disclosure; such modifications, changes or substitutions do not depart from the spirit and scope of the embodiments of the present disclosure, and should be construed as being included therein. Therefore, the protection scope of the present disclosure shall be subject to the protection scope of the claims.

Claims (10)

1. A method for controlling gateway mode, the method being applied to an SDN controller, the method comprising:
monitoring alarm information of access equipment, wherein the alarm information comprises upper limit alarm information and alarm release information, the upper limit alarm information is sent when the access equipment is in a gateway mode and detects that the two-layer forwarding resource occupation reaches an upper limit value, and the alarm release information is sent when the access equipment is in a non-gateway mode and detects that the two-layer forwarding resource occupation is lower than the lower limit value;
if the upper limit alarm information is received, transferring the three-layer forwarding configuration information of the virtual router corresponding to the access equipment to a border gateway so as to switch the access equipment from a gateway mode to a non-gateway mode;
and if the alarm release information is received, recovering the three-layer forwarding configuration information of the virtual router from the border gateway to the access equipment so as to switch the access equipment from a non-gateway mode to a gateway mode.
2. The method of claim 1, further comprising:
and issuing the upper limit value and the lower limit value to the access equipment according to the current resource mode and the total resource amount of the access equipment so that the access equipment sends the alarm information based on the upper limit value and the lower limit value.
3. The method of claim 2, wherein the step of issuing the upper limit value and the lower limit value to the access device according to the current resource mode and the total amount of resources of the access device comprises:
acquiring an upper limit percentage and a lower limit percentage;
calculating the maximum value occupied by the two-layer forwarding resources according to the current resource mode and the total amount of resources of the access equipment;
multiplying the maximum value by the upper limit percentage to obtain an upper limit value occupied by the second-layer forwarding resource;
and multiplying the maximum value by the lower limit percentage to obtain the lower limit value occupied by the two-layer forwarding resource.
4. The method of claim 3, further comprising:
if the upper limit alarm information is received, controlling the access equipment to switch to a new resource mode, wherein the proportion occupied by the second-layer forwarding resources in the new resource mode is greater than the proportion occupied by the second-layer forwarding resources in the current resource mode;
and if the alarm release information is received, controlling the access equipment to switch to a next resource mode, wherein the proportion occupied by the two-layer forwarding resources in the next resource mode is smaller than the proportion occupied by the two-layer forwarding resources in the current resource mode.
5. The method of claim 1, wherein the step of transferring the three-layer forwarding configuration information of the virtual router corresponding to the access device to the border gateway comprises:
checking a virtual router corresponding to the access equipment in pre-established configuration information;
searching other access equipment related to the virtual router in the pre-established configuration information;
sending a virtual router deletion notification to the access equipment and the other searched access equipment, so that the access equipment receiving the deletion notification deletes the three-layer forwarding configuration information of the virtual router;
and sending the three-layer forwarding configuration information of the virtual router to a border gateway so that the border gateway configures the three-layer forwarding configuration information and sends a free ARP message.
6. The method of claim 1, wherein the step of restoring the three-tier forwarding configuration information of the virtual router from the border gateway to the access device comprises:
checking a virtual router corresponding to the access equipment in a gateway mode in pre-established configuration information;
searching other access equipment related to the virtual router in the pre-established configuration information;
notifying the border gateway to delete the three-layer forwarding configuration information of the virtual router;
and sending a virtual router configuration notice to the access equipment and the other searched access equipment, so that the access equipment receiving the configuration notice configures the three-layer forwarding configuration information and sends a free ARP message.
7. A method for controlling gateway mode, the method is applied to an access device, and the method comprises:
detecting the occupation condition of the two-layer forwarding resources;
sending alarm information to an SDN controller according to the occupation condition; the alarm information comprises upper limit alarm information and alarm release information, wherein the upper limit alarm information is sent when the access equipment detects that the occupation of the two-layer forwarding resources reaches an upper limit value when being in a gateway mode, and the alarm release information is sent when the access equipment detects that the occupation of the two-layer forwarding resources is lower than a lower limit value when being in a non-gateway mode;
if a virtual router deletion notification sent by an SDN controller is received, deleting three-layer forwarding configuration information of a corresponding virtual router according to the virtual router deletion notification;
and if receiving a virtual router configuration notification sent by the SDN controller, configuring three-layer forwarding configuration information of a corresponding virtual router according to the virtual router configuration notification, and sending a free ARP message.
8. An SDN controller comprising a first processor and a first memory coupled to the first processor; the first memory stores machine-executable instructions executable by the first processor to perform the method of any of claims 1 to 6.
9. An access device comprising a second processor and a second memory coupled to the second processor; the second memory stores machine-executable instructions executable by the second processor to perform the method of claim 7.
10. A system for controlling gateway mode, comprising the SDN controller of claim 8, the access device of claim 9, and a border gateway;
the border gateway is used for deleting three-layer forwarding configuration information of a corresponding virtual router according to a virtual router deletion notification when the virtual router deletion notification sent by an SDN controller is received; when receiving a virtual router configuration notification sent by an SDN controller, configuring three-layer forwarding configuration information of a corresponding virtual router according to the virtual router configuration notification, and sending a free ARP message.
CN201810713493.1A 2018-06-29 2018-06-29 Method and system for controlling gateway mode, SDN controller and access device Active CN108881013B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810713493.1A CN108881013B (en) 2018-06-29 2018-06-29 Method and system for controlling gateway mode, SDN controller and access device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810713493.1A CN108881013B (en) 2018-06-29 2018-06-29 Method and system for controlling gateway mode, SDN controller and access device

Publications (2)

Publication Number Publication Date
CN108881013A CN108881013A (en) 2018-11-23
CN108881013B true CN108881013B (en) 2021-05-07

Family

ID=64296736

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810713493.1A Active CN108881013B (en) 2018-06-29 2018-06-29 Method and system for controlling gateway mode, SDN controller and access device

Country Status (1)

Country Link
CN (1) CN108881013B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109729019B (en) * 2018-12-28 2022-05-31 新华三技术有限公司 Speed limiting method and device for special line service in EVPN (Ethernet virtual private network) networking
CN113676409B (en) * 2021-08-16 2023-04-18 北京全路通信信号研究设计院集团有限公司 Message forwarding method and device, electronic equipment and storage medium
CN114466447B (en) * 2021-12-15 2023-08-11 四川天邑康和通信股份有限公司 Cloud management end management system based on WiFi6 router
CN114268568B (en) * 2021-12-22 2023-08-25 快云信息科技有限公司 Network traffic monitoring method, device and equipment

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101702689A (en) * 2009-11-30 2010-05-05 迈普通信技术股份有限公司 Transmission control method with balanced multicast service data load and access device thereof
CN102055647A (en) * 2009-11-03 2011-05-11 中兴通讯股份有限公司 Three-layer virtual private network (VPN) access method and system
US8166187B2 (en) * 2009-01-28 2012-04-24 Cisco Technology, Inc. Distributed IP gateway based on sharing a MAC address and IP address concurrently between a first network switching device and a second network switching device
CN105099922A (en) * 2015-06-18 2015-11-25 杭州华三通信技术有限公司 Cross-VXLAN (Virtual eXtensible Local Area Network) data message forwarding method and device
CN105612508A (en) * 2013-10-11 2016-05-25 华为技术有限公司 Systems and methods for signal brokering in distributed evolved packet core (epc) network architectures
CN107846342A (en) * 2016-09-20 2018-03-27 华为技术有限公司 A kind of retransmission method, equipment and the system of VXLAN messages

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8166187B2 (en) * 2009-01-28 2012-04-24 Cisco Technology, Inc. Distributed IP gateway based on sharing a MAC address and IP address concurrently between a first network switching device and a second network switching device
CN102055647A (en) * 2009-11-03 2011-05-11 中兴通讯股份有限公司 Three-layer virtual private network (VPN) access method and system
CN101702689A (en) * 2009-11-30 2010-05-05 迈普通信技术股份有限公司 Transmission control method with balanced multicast service data load and access device thereof
CN105612508A (en) * 2013-10-11 2016-05-25 华为技术有限公司 Systems and methods for signal brokering in distributed evolved packet core (epc) network architectures
CN105099922A (en) * 2015-06-18 2015-11-25 杭州华三通信技术有限公司 Cross-VXLAN (Virtual eXtensible Local Area Network) data message forwarding method and device
CN107846342A (en) * 2016-09-20 2018-03-27 华为技术有限公司 A kind of retransmission method, equipment and the system of VXLAN messages

Also Published As

Publication number Publication date
CN108881013A (en) 2018-11-23

Similar Documents

Publication Publication Date Title
US10666561B2 (en) Virtual machine migration
US10116559B2 (en) Operations, administration and management (OAM) in overlay data center environments
EP3091696B1 (en) Method and device for implementing virtual machine communication
EP2806601B1 (en) Tunnels between virtual machines
CN108881013B (en) Method and system for controlling gateway mode, SDN controller and access device
US9100213B1 (en) Synchronizing VPLS gateway MAC addresses
EP3509253A1 (en) Inter-cloud communication method and related device, inter-cloud communication configuration method and related device
CN107948041B (en) Method and equipment for constructing VXLAN centralized multi-active gateway
US20170264496A1 (en) Method and device for information processing
CN109660442B (en) Method and device for multicast replication in Overlay network
WO2022001669A1 (en) Method for establishing vxlan tunnel, and related device
WO2016066119A1 (en) Deployment of virtual extensible local area network
CN104335531A (en) Implementing pvlans in a large-scale distributed virtual switch
WO2007077998A1 (en) Communication system, communication method, node, and node program
EP3937436B1 (en) Packet forwarding method and apparatus
CN107666442B (en) A kind of virtual network controls method and apparatus based on software defined network SDN
US12068955B2 (en) Method for controlling traffic forwarding, device, and system
WO2022017099A1 (en) Communication method, cp device, and nat device
George et al. A brief overview of vxlan evpn
CN112671811B (en) Network access method and equipment
EP3902211B1 (en) Packet forwarding method and network device
CN113037883A (en) Method and device for updating MAC address table entries
CN117880097A (en) Cloud tenant EIP migration method, device, computer equipment and storage medium
CN113992571B (en) Multipath service convergence method, device and storage medium in SDN network
CN112953832A (en) Method and device for processing MAC address table items

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20230616

Address after: 310052 11th Floor, 466 Changhe Road, Binjiang District, Hangzhou City, Zhejiang Province

Patentee after: H3C INFORMATION TECHNOLOGY Co.,Ltd.

Address before: 310052 Changhe Road, Binjiang District, Hangzhou, Zhejiang Province, No. 466

Patentee before: NEW H3C TECHNOLOGIES Co.,Ltd.