[go: up one dir, main page]

CN103200069B - A kind of method and apparatus of Message processing - Google Patents

A kind of method and apparatus of Message processing Download PDF

Info

Publication number
CN103200069B
CN103200069B CN201310107847.5A CN201310107847A CN103200069B CN 103200069 B CN103200069 B CN 103200069B CN 201310107847 A CN201310107847 A CN 201310107847A CN 103200069 B CN103200069 B CN 103200069B
Authority
CN
China
Prior art keywords
gateway
message
packet
network
unit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201310107847.5A
Other languages
Chinese (zh)
Other versions
CN103200069A (en
Inventor
郝卫国
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN201310107847.5A priority Critical patent/CN103200069B/en
Publication of CN103200069A publication Critical patent/CN103200069A/en
Application granted granted Critical
Publication of CN103200069B publication Critical patent/CN103200069B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

提供了一种报文处理的方法和设备,涉及通信技术领域。NVO3网络中设置网关代理,NVO3网络中的网关与网关代理连接,使用该网关代理来提供传统二层报文的封装技术和NVO3的封装技术,以实现在不改变原有网关的硬件配置的情况下,实现NVO3技术。

Provided are a message processing method and device, relating to the technical field of communications. A gateway agent is set in the NVO3 network, and the gateway in the NVO3 network is connected to the gateway agent. The gateway agent is used to provide the encapsulation technology of the traditional layer 2 message and the encapsulation technology of NVO3, so as to realize the situation without changing the hardware configuration of the original gateway. Next, realize NVO3 technology.

Description

一种报文处理的方法和设备Method and device for message processing

技术领域technical field

本发明涉及通信技术领域,尤其涉及一种报文处理的方法和设备。The present invention relates to the technical field of communications, in particular to a method and device for message processing.

背景技术Background technique

在数据中心中,服务器的虚拟化应用越来越广泛,在服务器虚拟化之后,每个物理服务器可以支持多个VM(VirtualMachine,虚拟机),每个VM独立运行自己的操作系统、中间件以及应用程序。为了提高数据中心硬件资源使用效率以及业务的可靠性,需要允许VM在数据中心内部进行自由迁移。In the data center, server virtualization is more and more widely used. After server virtualization, each physical server can support multiple VMs (Virtual Machines, virtual machines), and each VM independently runs its own operating system, middleware and application. In order to improve the utilization efficiency of data center hardware resources and service reliability, it is necessary to allow free migration of VMs within the data center.

利用服务器的虚拟化技术,同一个物理数据中心可以为不同租户提供服务器托管等业务。租户是数据中心资源的使用者,对应一个虚拟网络或多个虚拟网络的管理实体。不同租户可以属于不同的公司或不同部门,为了确保租户的数据安全,不同租户之间需要通过虚拟网络进行流量隔离,这就要求数据中心内部物理网络能够划分为不同的虚拟网络。Using server virtualization technology, the same physical data center can provide services such as server hosting for different tenants. A tenant is a user of data center resources, corresponding to a virtual network or a management entity of multiple virtual networks. Different tenants can belong to different companies or different departments. In order to ensure the data security of tenants, traffic between different tenants needs to be isolated through virtual networks. This requires that the internal physical network of the data center can be divided into different virtual networks.

为了实现VM在数据中心内部进行自由迁移以及数据中心内部物理网络中不同虚拟网络的划分,现有技术中提供了NVO3(NetworkVirtualizationoverLayer3,三层网络虚拟化)技术,通过MacInIP的隧道封装,使VM实现跨IP网络的迁移,迁移之后IP地址不改变。举例来说,Mac(MediaAccessControl,媒体接入控制)InIP(InternetProtocol,互联网协议)具体可以为MacInUDP(UserDatagramProtocol,用户数据报协议),或MacInGRE(GenericRoutingEncapsulation,通用路由封装),或MacInTCP(TransmissionControlProtocol,传输控制协议)。NVO3的报文封装中包含租户标识,租户ID标识为24bit(位),因此最多能够支持16M的租户,能够满足云计算时代多租户数目的需求。该技术的工作原理包括:从VM发出的报文,由第一跳网络设备查找MAC转发表。如果到达目的VM需要跨越IP网络,则需要由所述第一跳网络设备进行NVO3封装。封装后的报文头部中的目的IP地址是NVO3远端隧道的目的IP地址。报文从所述第一跳网络设备发出之后,剩余网络设备按照外层目的IP地址进行逐跳转发,不关心内部承载的载荷。到达目的设备之后,进行解封装,然后发往目的VM。第一跳网络设备可以为传统的交换机、路由器或服务器中的VS(VirtualSwitch,虚拟交换机)。另外通过在三层IP头和原始二层报文之间增加VNID(VirtualNetworkIdentifier,虚拟网络标识)来标识租户。每一个VNID对应一个二层广播域。不同二层广播域的流量相互隔离。In order to realize the free migration of VMs in the data center and the division of different virtual networks in the physical network of the data center, NVO3 (NetworkVirtualizationoverLayer3, three-layer network virtualization) technology is provided in the existing technology, and the VM is realized through MacInIP tunnel encapsulation. For migration across IP networks, the IP address does not change after migration. For example, Mac (MediaAccessControl, Media Access Control) InIP (InternetProtocol, Internet Protocol) can specifically be MacInUDP (UserDatagramProtocol, User Datagram Protocol), or MacInGRE (GenericRoutingEncapsulation, general routing encapsulation), or MacInTCP (TransmissionControlProtocol, transmission control protocol). NVO3's message encapsulation contains tenant identification, and the tenant ID identification is 24bit (bit), so it can support up to 16M tenants, which can meet the needs of multi-tenant numbers in the cloud computing era. The working principle of this technology includes: the packet sent from the VM is searched by the first-hop network device for the MAC forwarding table. If the destination VM needs to cross the IP network, the first-hop network device needs to perform NVO3 encapsulation. The destination IP address in the encapsulated message header is the destination IP address of the NVO3 remote tunnel. After the message is sent from the first-hop network device, the remaining network devices forward it hop-by-hop according to the outer destination IP address, regardless of the internal load. After arriving at the destination device, it is decapsulated and sent to the destination VM. The first-hop network device may be a traditional switch, a router, or a VS (Virtual Switch, virtual switch) in a server. In addition, the tenant is identified by adding a VNID (VirtualNetworkIdentifier, virtual network identifier) between the layer-3 IP header and the original layer-2 message. Each VNID corresponds to a Layer 2 broadcast domain. Traffic in different Layer 2 broadcast domains is isolated from each other.

虚拟网络可以使用VXLAN(VirtualExtensibleLocalAreaNetwork,虚拟的扩展局域网)、NVGRE(NetworkVirtualizationusingGenericRoutingEncapsulation,使用通用路由封装的网络虚拟化)、STT(StatelessTransportTunneling,无状态传输隧道)中的任何一种技术来构建。NVO3封装可以为VXLAN封装、NVGRE封装、STT封装中的任何一种,下面以VXLAN为例进行说明。对于VM发出的报文进行封装,以及对封装后的报文进行解封装时使用的是VXLAN技术,该VXLAN技术不同于一般的二层桥接网络中使用的VLAN技术,也不同于三层网络使用的以太网技术。而现有技术中的网关仅支持VLAN技术和以太网技术,无法实现VXLAN技术,也就是说,必须要更新网关的硬件配置才能实现NVO3技术,成本高。The virtual network can be constructed using any of the technologies in VXLAN (VirtualExtensibleLocalAreaNetwork, virtual extended local area network), NVGRE (NetworkVirtualizationusingGenericRoutingEncapsulation, network virtualization using generic routing encapsulation), and STT (StatelessTransportTunneling, stateless transmission tunnel). The NVO3 encapsulation can be any of VXLAN encapsulation, NVGRE encapsulation, and STT encapsulation. The following uses VXLAN as an example for illustration. The VXLAN technology is used to encapsulate the packets sent by the VM and to decapsulate the encapsulated packets. This VXLAN technology is different from the VLAN technology used in the general Layer 2 bridged network, and also different from the VLAN technology used in the Layer 3 network. Ethernet technology. However, the gateway in the prior art only supports the VLAN technology and the Ethernet technology, and cannot realize the VXLAN technology. That is to say, the hardware configuration of the gateway must be updated to realize the NVO3 technology, and the cost is high.

发明内容Contents of the invention

本发明的实施例提供一种报文处理的方法、网关代理和NVE,用于解决现有技术中更新网关的硬件配置才能实现NVO3技术的问题,从而降低成本。Embodiments of the present invention provide a message processing method, gateway agent and NVE, which are used to solve the problem in the prior art that the NVO3 technology can only be realized by updating the hardware configuration of the gateway, thereby reducing costs.

为达到上述目的,本发明的实施例根据如下技术方案:In order to achieve the above object, embodiments of the present invention are according to the following technical solutions:

第一方面,本实施例提供了一种数据报文处理的方法,应用于三层网络虚拟化NVO3网络中,所述NVO3网络中设置有网关,所述NVO3网络通过所述网关与外部网络互通,所述NVO3网络中还设置有网关代理,所述网关代理与所述网关连接,所述方法包括:In the first aspect, this embodiment provides a method for processing data packets, which is applied to a three-layer network virtualization NVO3 network, where a gateway is set in the NVO3 network, and the NVO3 network communicates with external networks through the gateway , the NVO3 network is also provided with a gateway agent, the gateway agent is connected with the gateway, and the method includes:

所述网关代理接收所述网关发送的第一报文,其中所述第一报文为根据第一封装标识封装的报文;The gateway agent receives the first message sent by the gateway, wherein the first message is a message encapsulated according to the first encapsulation identifier;

如果所述第一报文为数据报文,所述网关代理对所述第一报文进行解封装,得到第二报文和所述第一封装标识;If the first message is a data message, the gateway agent decapsulates the first message to obtain a second message and the first encapsulation identifier;

所述网关代理根据所述第一封装标识,通过查找虚拟网络标识VNID与虚拟局域网标识VLANID的映射关系获得所述第一封装标识对应的第二封装标识;其中当所述第一封装标识为VNID时,所述第二封装标识为VLANID,当所述第一封装标识为VLANID时,所述第二封装标识为VNID;According to the first encapsulation identifier, the gateway agent obtains the second encapsulation identifier corresponding to the first encapsulation identifier by looking up the mapping relationship between the virtual network identifier VNID and the virtual local area network identifier VLANID; wherein when the first encapsulation identifier is VNID , the second encapsulation identifier is VLANID, and when the first encapsulation identifier is VLANID, the second encapsulation identifier is VNID;

根据所述第二封装标识对所述第二报文进行封装以形成第三报文;Encapsulating the second packet according to the second encapsulation identifier to form a third packet;

将所述第三报文发送给所述网关。Send the third packet to the gateway.

结合第一方面,在第一种可能的实现方式中,如果所述第一报文为ARP(AddressResolutionProtocol,地址解析协议)请求报文,所述网关代理采用与所述第一报文为数据报文时相同的方式处理所述第一报文。In combination with the first aspect, in a first possible implementation manner, if the first message is an ARP (Address Resolution Protocol, address resolution protocol) request message, the gateway agent adopts the first message as a datagram The first packet is processed in the same manner as the first packet.

结合第一方面,在第二种可能的实现方式中,如果所述第一报文为ARP请求报文,所述第二报文为ARP请求报文,所述方法还包括:With reference to the first aspect, in a second possible implementation, if the first message is an ARP request message, and the second message is an ARP request message, the method further includes:

所述网关代理通过查找ARP表获得所述第二报文请求的媒体接入控制MAC地址,其中,所述网关代理存储所述ARP表;The gateway agent obtains the media access control MAC address requested by the second message by searching the ARP table, wherein the gateway agent stores the ARP table;

所述网关代理根据所述MAC地址,生成第一ARP应答报文;The gateway agent generates a first ARP response message according to the MAC address;

所述网关代理根据所述第一封装标识,对所述第一ARP应答报文进行封装以形成第四报文;The gateway agent encapsulates the first ARP response message according to the first encapsulation identifier to form a fourth message;

所述网关代理根据与所述第一封装标识对应的MAC转发信息,将所述第四报文发送给所述网关。The gateway agent sends the fourth packet to the gateway according to the MAC forwarding information corresponding to the first encapsulation identifier.

结合第一方面的第二种可能的实现方式,在第三种可能的实现方式中,在所述网关代理通过查找所述ARP表获得所述第二报文请求的MAC地址之前,还包括:所述网关代理判断所述网关是否为主用网关;With reference to the second possible implementation of the first aspect, in the third possible implementation, before the gateway agent obtains the MAC address requested by the second message by searching the ARP table, the method further includes: The gateway agent determines whether the gateway is an active gateway;

所述网关代理通过查找所述ARP表获得所述第二报文请求的MAC地址的操作在确定所述网关是主用网关时执行。The operation of the gateway proxy obtaining the MAC address requested by the second packet by searching the ARP table is performed when it is determined that the gateway is the active gateway.

结合第一方面或第一方面的前三种可能的实现方式中的任意一种,在第四种可能的实现方式中,所述NVO3网络还包括服务器,所述服务器包括网络虚拟化边缘NVE,所述NVE用于管理所述服务器内的虚拟机,所述方法还包括:In combination with the first aspect or any one of the first three possible implementations of the first aspect, in a fourth possible implementation, the NVO3 network further includes a server, and the server includes a network virtualization edge NVE, The NVE is used to manage virtual machines in the server, and the method also includes:

所述NVE接收虚拟机发送的第五报文;The NVE receives the fifth message sent by the virtual machine;

当所述第五报文为ARP请求报文时,通过查找所述NVE存储的ARP表获得所述第五报文请求的MAC地址;When the fifth message is an ARP request message, obtain the MAC address requested by the fifth message by searching the ARP table stored in the NVE;

若查找到所述第五报文请求的MAC地址,所述NVE将查找到的MAC地址携带在第二ARP应答报文中发送给所述虚拟机;If the MAC address requested by the fifth message is found, the NVE carries the found MAC address in the second ARP response message and sends it to the virtual machine;

若未查找到所述第五报文请求的MAC地址,则根据所述虚拟机对应的VNID,对所述第五报文进行封装以获得第六报文,并将所述第六报文发送至所述网关。If the MAC address requested by the fifth message is not found, then according to the VNID corresponding to the virtual machine, the fifth message is encapsulated to obtain a sixth message, and the sixth message is sent to the gateway.

第二方面,本实施例还提供了一种网关代理,应用于三层网络虚拟化NVO3网络中,所述网关代理与网关连接,所述NVO3网络通过所述网关与外部网络互通,所述网关代理包括:In the second aspect, this embodiment also provides a gateway agent, which is applied in a three-layer network virtualization NVO3 network, the gateway agent is connected to a gateway, and the NVO3 network communicates with an external network through the gateway, and the gateway Agents include:

接收单元,用于接收所述网关发送的第一报文,其中所述第一报文为根据第一封装标识封装的报文;A receiving unit, configured to receive the first message sent by the gateway, where the first message is a message encapsulated according to the first encapsulation identifier;

解封装单元,当所述第一报文为数据报文时,用于对所述接收单元接收到的所述第一报文进行解封装,得到第二报文和所述第一封装标识;A decapsulating unit, configured to decapsulate the first message received by the receiving unit when the first message is a data message, to obtain a second message and the first encapsulation identifier;

查找单元,用于根据所述第一封装标识查找VNID与VLANID的映射关系以获得对应的第二封装标识;其中当所述第一封装标识为VNID时,所述第二封装标识为VLANID,当所述第一封装标识为VLANID时,所述第二封装标识为VNID;A search unit, configured to search for a mapping relationship between VNID and VLANID according to the first encapsulation identifier to obtain a corresponding second encapsulation identifier; wherein when the first encapsulation identifier is VNID, the second encapsulation identifier is VLANID, when When the first encapsulation identifier is VLANID, the second encapsulation identifier is VNID;

封装单元,用于根据所述查找单元查找到的所述第二封装标识对所述第二报文进行封装以形成第三报文;An encapsulation unit, configured to encapsulate the second packet according to the second encapsulation identifier found by the search unit to form a third packet;

发送单元,用于将所述第三报文发送给所述网关。a sending unit, configured to send the third message to the gateway.

结合第二方面,在第一种可能的实现方式中,如果所述第一报文为地址解析协议ARP请求报文,所述解封装单元、所述查找单元、所述封装单元和所述发送单元采用与所述第一报文为数据报文时相同的方式处理所述第一报文。With reference to the second aspect, in a first possible implementation manner, if the first message is an address resolution protocol ARP request message, the decapsulation unit, the search unit, the encapsulation unit, and the sending The unit processes the first packet in the same manner as when the first packet is a data packet.

结合第二方面,在第二种可能的实现方式中,如果所述第一报文是ARP请求报文,则所述第二报文是ARP请求报文,所述网关代理还包括:存储单元,用于存储ARP表;In conjunction with the second aspect, in a second possible implementation, if the first message is an ARP request message, then the second message is an ARP request message, and the gateway proxy further includes: a storage unit , used to store the ARP table;

所述查找单元,还用于在所述第二报文为ARP请求报文时,从所述存储单元存储的ARP表中查找所述第二报文请求的MAC地址;The search unit is further configured to search the MAC address requested by the second message from the ARP table stored in the storage unit when the second message is an ARP request message;

所述网关代理还包括生成单元,用于根据所述查找单元查找到的MAC地址,生成第一ARP应答报文;The gateway agent also includes a generation unit, configured to generate a first ARP response message according to the MAC address found by the search unit;

所述封装单元,还用于根据所述第一封装标识,对所述生成单元生成的所述第一ARP应答报文进行封装以形成第四报文;The encapsulating unit is further configured to encapsulate the first ARP response message generated by the generating unit according to the first encapsulation identifier to form a fourth message;

所述发送单元,还用于根据与所述第一封装标识对应的MAC转发信息,将所述第四报文发送给所述网关。The sending unit is further configured to send the fourth message to the gateway according to the MAC forwarding information corresponding to the first encapsulation identifier.

结合第二方面的第二种可能的实现方式,在第三种可能的实现方式中,该网关代理还包括判断单元,用于判断所述网关是否为主用网关;With reference to the second possible implementation of the second aspect, in a third possible implementation, the gateway proxy further includes a judging unit, configured to judge whether the gateway is the active gateway;

所述查找单元,具体用于在所述判断单元确定所述网关是主用网关时,从所述存储单元存储的ARP表中查找所述第二报文请求的MAC地址。The searching unit is specifically configured to search the MAC address requested by the second message from the ARP table stored in the storage unit when the judging unit determines that the gateway is the active gateway.

第三方面,本实施例还提供了一种NVE,所述NVE应用于三层网络虚拟化NVO3网络中,所述NVO3网络中设置有服务器和网关,所述NVO3网络通过所述网关与外部网络互通,所述网关连接网关代理,所述NVE位于所述服务器中,所述NVE用于管理所述服务器内的虚拟机,所述NVE包括:In a third aspect, this embodiment also provides a kind of NVE, and the NVE is applied in a three-layer network virtualization NVO3 network, a server and a gateway are arranged in the NVO3 network, and the NVO3 network communicates with the external network through the gateway Intercommunication, the gateway is connected to a gateway agent, the NVE is located in the server, and the NVE is used to manage virtual machines in the server, and the NVE includes:

存储单元,用于保存ARP表;A storage unit for saving the ARP table;

接收单元,用于接收虚拟机发送的第五报文;a receiving unit, configured to receive the fifth message sent by the virtual machine;

查找单元,用于在所述接收单元接收的所述第五报文为ARP请求报文时,从所述存储单元存储的所述ARP表中查找所述第五报文请求的MAC地址;A search unit, configured to search the MAC address requested by the fifth message from the ARP table stored in the storage unit when the fifth message received by the receiving unit is an ARP request message;

发送单元,用于在所述查找单元查找到所述第五报文请求的MAC地址时,将查找到的MAC地址携带在ARP应答报文中发送给所述虚拟机;还用于在所述查找单元未查找到所述第五报文请求的MAC地址时,根据所述虚拟机对应的VNID对所述第五报文进行封装以得到第六报文,并将所述第六报文发送至网关。A sending unit, configured to carry the found MAC address in an ARP response message and send it to the virtual machine when the search unit finds the MAC address requested by the fifth message; When the search unit does not find the MAC address requested by the fifth message, it encapsulates the fifth message according to the VNID corresponding to the virtual machine to obtain a sixth message, and sends the sixth message to the gateway.

本发明实施例提供了一种报文处理的方法、网关代理以及网络虚拟化边缘,在NOV3网络中配置网关代理,网关代理与网关连接。使用该网关代理对网关发送至NOV3网络内部的网络设备的报文进行NVO3封装,对NOV3网络内部的网络设备发送到网关的报文进行NOV3解封装,使得网关在不支持NVO3封装和解封装技术的情况下,仍能够处理NOV3网络与外部网络互通的报文,从而使得在不改变现有网络中网关的硬件配置的情况下,实现NVO3技术。The embodiment of the present invention provides a message processing method, a gateway agent and a network virtualization edge, the gateway agent is configured in the NOV3 network, and the gateway agent is connected to the gateway. Use the gateway agent to NVO3 encapsulate the message sent by the gateway to the network device inside the NOV3 network, and perform NOV3 decapsulation on the message sent to the gateway by the network device inside the NOV3 network, so that the gateway does not support NVO3 encapsulation and decapsulation technology Under the circumstances, it can still process the messages between the NOV3 network and the external network, so that the NVO3 technology can be realized without changing the hardware configuration of the gateway in the existing network.

附图说明Description of drawings

为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the following will briefly introduce the drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are only These are some embodiments of the present invention. Those skilled in the art can also obtain other drawings based on these drawings without creative work.

图1为本发明实施例中的一种NVO3网络的组成框图;Fig. 1 is the composition block diagram of a kind of NVO3 network in the embodiment of the present invention;

图2为本发明实施例中的一种报文处理的方法流程图;FIG. 2 is a flow chart of a method for message processing in an embodiment of the present invention;

图3为本发明实施例中的另一种报文处理的方法流程图;FIG. 3 is a flow chart of another message processing method in an embodiment of the present invention;

图4为本发明实施例中的另一种报文处理的方法流程图;FIG. 4 is a flow chart of another message processing method in an embodiment of the present invention;

图5为本发明实施例中的另一种报文处理的方法流程图;FIG. 5 is a flow chart of another message processing method in an embodiment of the present invention;

图6为本发明实施例中的另一种报文处理的方法流程图;FIG. 6 is a flow chart of another message processing method in an embodiment of the present invention;

图7为本发明实施例中的另一种报文处理的方法流程图;FIG. 7 is a flow chart of another message processing method in an embodiment of the present invention;

图8为本发明实施例中的一种网关代理的组成框图;FIG. 8 is a block diagram of a gateway agent in an embodiment of the present invention;

图9为本发明实施例中的另一种网关代理的组成框图;Fig. 9 is a composition block diagram of another gateway agent in the embodiment of the present invention;

图10为本发明实施例中的另一种网关代理的组成框图;FIG. 10 is a composition block diagram of another gateway proxy in the embodiment of the present invention;

图11为本发明实施例中的一种NVE的组成框图;FIG. 11 is a block diagram of an NVE in an embodiment of the present invention;

图12为本发明实施例提供的另一种网关代理的组成框图;Fig. 12 is a composition block diagram of another gateway proxy provided by the embodiment of the present invention;

图13为本发明实施例提供的另一种NVE的组成框图。Fig. 13 is a composition block diagram of another NVE provided by an embodiment of the present invention.

具体实施方式detailed description

下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of the present invention.

本发明实施例提供的技术方案可应用于NVO3网络,该NVO3网络可以包括服务器和网关。可选地,服务器可以包括NVE(networkvirtualizationedge,网络虚拟化边缘)。NVE作为实现基于overlay技术的网络虚拟化的边缘逻辑实体,可以隐藏租户的真实地址(比如MAC和/或IP地址),能够进行NVO3报文的封装和解封装。举例来说,服务器可通过由接入交换机和核心交换机组成的NVO3网络连接到网关,服务器内运行一个或多个虚拟机,在同一个服务器内的虚拟机由该服务器内的NVE统一管理。所述网关可以不支持NVO3封装技术,所述NVO3网络通过所述网关与外部网络互通。在该NVO3网络中,网关与网关代理连接。举例来说,网关与网关代理可以直接连接。可选地,网关与网关代理可以通过二层网络连接。该网关代理上配置VNID和VLANID的映射关系来表示,该网关代理可实现以太封装与以太解封装、以及NOV3封装与NOV3解封装。The technical solution provided by the embodiment of the present invention can be applied to the NVO3 network, and the NVO3 network can include a server and a gateway. Optionally, the server may include NVE (network virtualization edge, network virtualization edge). As an edge logic entity implementing network virtualization based on overlay technology, NVE can hide the real address (such as MAC and/or IP address) of tenants, and can encapsulate and decapsulate NVO3 packets. For example, a server can be connected to the gateway through an NVO3 network composed of access switches and core switches. One or more virtual machines run in the server, and the virtual machines in the same server are managed by the NVE in the server. The gateway may not support the NVO3 encapsulation technology, and the NVO3 network communicates with external networks through the gateway. In this NVO3 network, gateways are connected with gateway agents. For example, gateways and gateway agents can be connected directly. Optionally, the gateway and the gateway proxy can be connected through a layer-2 network. The mapping relationship between VNID and VLANID is configured on the gateway proxy to indicate that the gateway proxy can implement Ethernet encapsulation and Ethernet decapsulation, as well as NOV3 encapsulation and NOV3 decapsulation.

NVO3封装可以为VXLAN封装、NVGRE封装、STT封装中的任何一种,下面以VXLAN为例进行说明。例如,参照图1所示,该网络架构包括有一个网关,该网关与网关代理连接。该网关连接着外部网络和两个核心交换机。NVO3网络包括两个核心交换机和四个接入交换机。每个接入交换机都连接有一个服务器,分别为服务器1-服务器4,每个服务器中运行有两个虚拟机,其中虚拟机VM1、VM3、VM5、VM7属于vxlan1,虚拟机VM2、VM4、VM6、VM8属于vxlan2。The NVO3 encapsulation can be any of VXLAN encapsulation, NVGRE encapsulation, and STT encapsulation. The following uses VXLAN as an example for illustration. For example, as shown in FIG. 1 , the network architecture includes a gateway, and the gateway is connected with a gateway agent. The gateway connects the external network and the two core switches. The NVO3 network includes two core switches and four access switches. Each access switch is connected to a server, namely server 1-server 4, and each server runs two virtual machines, among which virtual machines VM1, VM3, VM5, and VM7 belong to vxlan1, and virtual machines VM2, VM4, and VM6 , VM8 belongs to vxlan2.

基于上述如图1所示的网络,本发明实施例提供了一种报文处理的方法,如图2所示,该方法包括下述操作。Based on the above network as shown in FIG. 1 , an embodiment of the present invention provides a method for packet processing. As shown in FIG. 2 , the method includes the following operations.

201、网关代理接收网关发送的第一报文。201. The gateway agent receives the first packet sent by the gateway.

其中,所述第一报文为根据第一封装标识封装的报文。可选地,所述第一报文可以是数据报文,或者是ARP请求报文,或者是其他请求报文。所述第一封装标识可以是VNID或VLANID。Wherein, the first packet is a packet encapsulated according to the first encapsulation identifier. Optionally, the first packet may be a data packet, or an ARP request packet, or other request packets. The first encapsulation identifier may be a VNID or a VLANID.

其中,一个VNID对应于一个二层广播域,对不同租户的流量进行隔离。属于同一个虚拟网络实例(virtualnetworkinstance,VNI)的不同虚拟机可以具有相同的VNID。Among them, a VNID corresponds to a Layer 2 broadcast domain, which isolates the traffic of different tenants. Different virtual machines belonging to the same virtual network instance (virtual network instance, VNI) may have the same VNID.

所述网关发送至网关代理的第一报文可以是网关主动发起的报文,也可以是其他网络设备经由网关向网关代理发送的报文。The first message sent by the gateway to the gateway agent may be a message initiated by the gateway, or may be a message sent by other network devices to the gateway agent via the gateway.

202、网关代理对所述第一报文进行解封装,得到第二报文和第一封装标识。202. The gateway agent decapsulates the first packet to obtain the second packet and the first encapsulation identifier.

其中,如果第一报文是经过以太封装的报文,网关代理使用以太解封装来获取第二报文以及VLANID。如果第一报文是经过NVO3封装的报文,网关代理使用VXLAN解封装来获取第二报文以及VNID。Wherein, if the first packet is an Ethernet-encapsulated packet, the gateway agent uses Ethernet decapsulation to obtain the second packet and the VLAN ID. If the first message is a message encapsulated by NVO3, the gateway proxy uses VXLAN decapsulation to obtain the second message and the VNID.

VXLAN封装技术为NVO3封装技术中的一种,其封装格式如下表1所示。The VXLAN encapsulation technology is one of the NVO3 encapsulation technologies, and its encapsulation format is shown in Table 1 below.

表1Table 1

其中,隧道的源IP地址:NVE的IP地址。Wherein, the source IP address of the tunnel: the IP address of the NVE.

隧道的目的IP地址:对于单播来说,是对端NVE的IP地址;对于组播来说,是组播组地址。VXLANID和组播组地址一一对应。The destination IP address of the tunnel: for unicast, it is the IP address of the peer NVE; for multicast, it is the multicast group address. There is a one-to-one correspondence between VXLAN ID and multicast group address.

外层目的MAC地址:使用外层隧道进行IP转发时的下一跳MAC地址,报文在NVO3网络中转发时,外层目的MAC地址逐跳改变。Outer layer destination MAC address: the next hop MAC address when using the outer layer tunnel for IP forwarding. When the packet is forwarded in the NVO3 network, the outer layer destination MAC address changes hop by hop.

外层源MAC地址:使用外层隧道进行IP转发时的源MAC地址,报文在NVO3网络中转发时,外层源MAC地址逐跳改变。Outer layer source MAC address: The source MAC address when using the outer layer tunnel for IP forwarding. When the packet is forwarded in the NVO3 network, the outer layer source MAC address changes hop by hop.

VXLANID:就是VNID。VXLANID: It is VNID.

203、网关代理根据所述第一封装标识查找VNID与VLANID的映射关系以获得所述第一封装标识对应的第二封装标识。203. The gateway agent searches for a mapping relationship between a VNID and a VLANID according to the first encapsulation identifier to obtain a second encapsulation identifier corresponding to the first encapsulation identifier.

其中,当所述第一封装标识为VNID时,所述第二封装标识为VLANID,当所述第一封装标识为VLANID时,所述第二封装标识为VNID。Wherein, when the first encapsulation identifier is VNID, the second encapsulation identifier is VLANID, and when the first encapsulation identifier is VLANID, the second encapsulation identifier is VNID.

其中,所述VNID与VLANID映射关系可以预先配置在网关代理中,用于表示VXLAN与VLAN之间的对应关系。Wherein, the mapping relationship between the VNID and the VLANID may be pre-configured in the gateway agent to indicate the corresponding relationship between the VXLAN and the VLAN.

204、根据所述第二封装标识对所述第二报文进行封装以得到第三报文,并将所述第三报文发送给所述网关。204. Encapsulate the second packet according to the second encapsulation identifier to obtain a third packet, and send the third packet to the gateway.

举例来说,当网关收到vxlan网络内的服务器发来的NOV3报文时,网关发送给网关代理的第一报文是NOV3报文。网关代理对所述第一报文发送进行vxlan解封装。可选地,当网关收到来自vxlan网络外的设备的报文时,网关将所述第一报文发送网关代理,网关代理对所述第一报文进行以太解封装和vxlan封装。因此,vxlan网络外的设备可以与vxlan网络内的设备通信。For example, when the gateway receives the NOV3 message sent by the server in the vxlan network, the first message sent by the gateway to the gateway agent is the NOV3 message. The gateway agent performs vxlan decapsulation on sending the first message. Optionally, when the gateway receives a message from a device outside the vxlan network, the gateway sends the first message to a gateway agent, and the gateway agent performs Ethernet decapsulation and vxlan encapsulation on the first message. Therefore, devices outside the vxlan network can communicate with devices inside the vxlan network.

本发明实施例提供了一种报文处理的方法,NOV3网络中设置网关代理,网关代理与网关连接。该网关代理对网关发送至NOV3网络内的网络设备的报文进行NVO3封装,对NOV3网络内的网络设备发送到网关的报文进行NOV3网络解封装,使得网关在不支持NVO3封装技术的情况下,仍能够处理来自NOV3网络或者发往NOV3网络的报文,从而使得在不改变现有网络中网关的硬件配置的情况下,实现NVO3技术。The embodiment of the present invention provides a message processing method. A gateway agent is set in the NOV3 network, and the gateway agent is connected to the gateway. The gateway agent performs NVO3 encapsulation on the message sent by the gateway to the network device in the NOV3 network, and performs NOV3 network decapsulation on the message sent by the network device in the NOV3 network to the gateway, so that the gateway does not support NVO3 encapsulation technology. , can still process messages from or to the NOV3 network, so that the NVO3 technology can be realized without changing the hardware configuration of the gateway in the existing network.

在上述如图2所示的技术方案中,当网关接收到来自服务器的ARP请求报文时,网关将该ARP请求报文发送给网关代理。此时,上述第一报文为该ARP请求报文,网关代理对该ARP请求报文进行NOV3解封装,然后发给网关。网关生成ARPreply(应答)报文,将ARPreply报文经过所述网关代理发送回所述服务器。在这种情况下,本发明实施例还提供了一种报文处理的方法,网关代理提供ARPproxy(代理),可以减轻网关应答ARP请求的压力,如图3所示,该方法,包括:In the technical solution shown in FIG. 2 above, when the gateway receives the ARP request message from the server, the gateway sends the ARP request message to the gateway agent. At this time, the above-mentioned first message is the ARP request message, and the gateway proxy performs NOV3 decapsulation on the ARP request message, and then sends it to the gateway. The gateway generates an ARPreply (response) message, and sends the ARPreply message back to the server via the gateway agent. In this case, the embodiment of the present invention also provides a method for message processing. The gateway agent provides ARPproxy (agent), which can alleviate the pressure on the gateway to answer the ARP request. As shown in Figure 3, the method includes:

301、当所述第二报文为ARP请求报文时,所述网关代理通过查找所述网关代理存储的ARP表获得所述第二报文请求的MAC地址。301. When the second packet is an ARP request packet, the gateway agent obtains the MAC address requested by the second packet by searching an ARP table stored by the gateway agent.

其中,所述网关代理确定所述第二报文是否为ARP请求报文的方法可以参照网关的判断方法,例如,通过所述第二报文对应的网关接口的MAC地址来判断。Wherein, the method for the gateway agent to determine whether the second packet is an ARP request packet may refer to the judgment method of the gateway, for example, judge by the MAC address of the gateway interface corresponding to the second packet.

其中,所述ARP表可以是在网关代理上预先设置好的。或者,网关代理通过侦听经所述网关代理转发的ARP报文来学习得到所述ARP表。Wherein, the ARP table may be preset on the gateway agent. Or, the gateway agent learns to obtain the ARP table by listening to the ARP message forwarded by the gateway agent.

302、所述网关代理根据获得的MAC地址,生成第一ARP应答报文。302. The gateway agent generates a first ARP response packet according to the obtained MAC address.

303、所述网关代理根据所述第一封装标识,对所述第一ARP应答报文进行封装以形成第四报文。303. The gateway agent encapsulates the first ARP response packet according to the first encapsulation identifier to form a fourth packet.

304、所述网关代理根据与所述第一封装标识对应的MAC转发信息,将所述第四报文发送给所述网关。304. The gateway agent sends the fourth packet to the gateway according to the MAC forwarding information corresponding to the first encapsulation identifier.

举例来说,在本实施例中,所述网关代理进行应答的ARP请求报文可以是服务器中的虚拟机发送的用于请求网关MAC地址的请求报文,也可以是网关发送的请求vxlan内的网络设备MAC地址的请求报文。For example, in this embodiment, the ARP request message that the gateway agent responds to can be a request message sent by a virtual machine in the server to request the MAC address of the gateway, or a request message sent by the gateway in the vxlan The request packet of the MAC address of the network device.

可选地,当网关代理无法进行应答时,仍需要结合步骤203至204所述的技术方案,网关代理处理所述ARP请求报文,然后发给网关,由网关进行ARP应答。Optionally, when the gateway proxy fails to respond, it is still necessary to combine the technical solutions described in steps 203 to 204, the gateway proxy processes the ARP request message, and then sends it to the gateway, which then performs an ARP response.

在本实施例中,网关代理保存ARP表,实现应答网关发来的ARP请求报文的功能,从而在网关代理能够进行ARP响应时,代替网关发送ARP应答报文,从而可以减轻网关应答ARP请求报文的压力,同时,也可以减少网关与网关代理之间的报文交互,可以节省网关与网关代理之间的带宽。In this embodiment, the gateway agent saves the ARP table and realizes the function of responding to the ARP request message sent by the gateway, so that when the gateway agent can perform an ARP response, it replaces the gateway to send the ARP response message, thereby reducing the need for the gateway to answer the ARP request. At the same time, it can also reduce the message interaction between the gateway and the gateway agent, and can save the bandwidth between the gateway and the gateway agent.

举例来说,为了保证NVO3网络的业务可靠性,可设置有两个网关,一个为主用网关,一个为备用网关,与主用网关相连的网关代理提供ARPproxy的功能。图4所示的方法包括401-405。For example, in order to ensure the service reliability of the NVO3 network, two gateways can be set up, one is the active gateway and the other is the standby gateway, and the gateway proxy connected to the active gateway provides the function of ARPproxy. The method shown in FIG. 4 includes 401-405.

401、所述网关代理判断所述网关是否为主用网关。若确定所述网关是主用网关,则执行所述402。若确定所述网关是备用网关,则不作响应。402-405的操作与图3所示实施例中的301-304相同,此处不再赘述。401. The gateway agent determines whether the gateway is an active gateway. If it is determined that the gateway is the active gateway, then step 402 is performed. If it is determined that the gateway is a standby gateway, no response is made. The operations of 402-405 are the same as those of 301-304 in the embodiment shown in FIG. 3 , and will not be repeated here.

其中,所述判断所述网关是否为主用网关可通过侦听VRRP(VirtualRouterRedundancyProtocol,虚拟路由器冗余协议)报文,并从所述VRRP报文指示的网关工作状态来确定哪个网关为主用网关。Wherein, the judging whether the gateway is an active gateway can be performed by listening to a VRRP (VirtualRouterRedundancyProtocol, virtual router redundancy protocol) message, and determining which gateway is an active gateway from the working state of the gateway indicated by the VRRP message .

可选地,本发明实施例还提供了一种报文处理的方法,以减轻网关代理或者网关应答ARP请求报文的负担,图5所示的方法,可由服务器中的NVE实现,包括:Optionally, the embodiment of the present invention also provides a method for message processing, so as to reduce the burden of the gateway proxy or the gateway to respond to the ARP request message. The method shown in FIG. 5 can be implemented by the NVE in the server, including:

502、服务器中的NVE接收虚拟机发送的第五报文。502. The NVE in the server receives the fifth packet sent by the virtual machine.

504、当所述第五报文为ARP请求报文时,通过查找所述NVE存储的ARP表获得所述第五报文请求的MAC地址。若查找到所述第五报文请求的MAC地址,则执行506。若未查找到所述第五报文请求的MAC地址,则执行508。504. When the fifth packet is an ARP request packet, obtain the MAC address requested by the fifth packet by searching the ARP table stored in the NVE. If the MAC address requested by the fifth packet is found, go to step 506. If the MAC address requested by the fifth packet is not found, go to step 508.

其中,所述NVE建立ARP表的方法以及查找的方法与网关代理的相关方法相同。此处不再赘述。Wherein, the method for establishing the ARP table and the searching method of the NVE are the same as the relevant methods of the gateway agent. I won't repeat them here.

506、所述服务器中的NVE将查找到的MAC地址携带在第二ARP应答报文中发送给所述虚拟机。506. The NVE in the server sends the found MAC address in a second ARP response packet to the virtual machine.

508、所述服务器中的NVE根据所述虚拟机对应的VNID,对所述第五报文进行封装以得到第六报文,并将所述第六报文发送至网关。508. The NVE in the server encapsulates the fifth packet to obtain a sixth packet according to the VNID corresponding to the virtual machine, and sends the sixth packet to the gateway.

在本实施例中,服务器的NVE可以对ARP请求报文进行应答。NVE无法应答时,将ARP请求报文发送至网关。网关可以将ARP请求发送给网关代理,以便网关代理进行代答;或者由网关代理处理后转发至网关,由网关应答,这种方案可以进一步降低网关和网关代理应答ARP请求的负担,也可以减少网络中ARP报文的数量。In this embodiment, the NVE of the server can respond to the ARP request message. When the NVE fails to respond, it sends the ARP request message to the gateway. The gateway can send the ARP request to the gateway agent so that the gateway agent can answer it; or it can be processed by the gateway agent and then forwarded to the gateway for the gateway to answer. Number of ARP packets on the network.

结合如图1所示的网络架构,本发明实施例以VM1发送到外部网络的报文的转发流程以及外部网络的设备发送到VM1的报文的转发流程为例,具体说明本发明实施例提供的技术方案。In combination with the network architecture shown in FIG. 1 , the embodiment of the present invention takes the forwarding process of the message sent by VM1 to the external network and the forwarding process of the message sent by the device of the external network to VM1 as an example, and specifically describes that the embodiment of the present invention provides technical solutions.

以NOV3网络采用VXLAN技术为例,图6示出了VM1发送到外部网络的报文的转发流程,包括:Taking the NOV3 network using VXLAN technology as an example, Figure 6 shows the forwarding process of the message sent by VM1 to the external network, including:

601、VM1发送ARP请求报文给服务器1的NVE1,所述ARP请求报文中携带VLANID;601. VM1 sends an ARP request message to NVE1 of server 1, and the ARP request message carries a VLAN ID;

602、NVE1根据所述VLANID确定对应的VNID,对ARP请求报文进行VXLAN封装。602. NVE1 determines a corresponding VNID according to the VLAN ID, and performs VXLAN encapsulation on the ARP request message.

其中,进行VXLAN封装时使用VXLAN1的VNID,并且外层目的IP地址为所述VNID对应的组播IP地址,源IP地址为服务器1的IP地址。Wherein, the VNID of VXLAN1 is used for VXLAN encapsulation, and the outer destination IP address is the multicast IP address corresponding to the VNID, and the source IP address is the IP address of server 1.

603、NVE1将封装后的ARP请求报文发送至网关。603. NVE1 sends the encapsulated ARP request message to the gateway.

604、网关根据所述外层目的IP地址查找组播转发表项,将组播报文送往所述网关连接的网关代理。604. The gateway searches for a multicast forwarding entry according to the outer destination IP address, and sends the multicast packet to a gateway proxy connected to the gateway.

605、网关代理进行VXLAN解封装,得到ARP请求报文以及VNID。605. The gateway agent decapsulates the VXLAN to obtain the ARP request message and the VNID.

606、网关代理根据VNID查找VNID与VLANID的映射关系以获得对应的VLANID。606. The gateway agent searches for the mapping relationship between the VNID and the VLANID according to the VNID to obtain the corresponding VLANID.

607、网关代理根据对应的VLANID对ARP请求报文进行以太封装。607. The gateway agent performs Ethernet encapsulation on the ARP request packet according to the corresponding VLANID.

608、网关代理将经过以太封装的ARP请求报文发送给网关。608. The gateway proxy sends the Ethernet-encapsulated ARP request message to the gateway.

609、网关对以太封装的ARP请求报文进行以太解封装,确定接收到的报文为ARP请求报文。609. The gateway performs Ethernet decapsulation on the Ethernet-encapsulated ARP request message, and determines that the received message is an ARP request message.

610、网关生成ARP应答报文,并进行以太封装。所述ARP应答报文的目的IP地址为VM1的IP地址。610. The gateway generates an ARP response message and performs Ethernet encapsulation. The destination IP address of the ARP reply message is the IP address of VM1.

611、网关将封装的ARP应答报文发送给网关代理。611. The gateway sends the encapsulated ARP response packet to the gateway agent.

612、网关代理对接收到的ARP应答报文进行以太解封装,得到ARP应答报文和VLANID。612. The gateway agent performs Ethernet decapsulation on the received ARP reply message to obtain the ARP reply message and the VLAN ID.

613、网关代理根据VLANID查找对应的VNID。613. The gateway agent searches for a corresponding VNID according to the VLANID.

614、网关代理根据VNID和VM1的MAC地址查找MAC转发表,对ARP应答报文进行VXLAN封装。所述封装的ARP应答报文的目的IP地址为NVE1的IP地址。614. The gateway agent searches the MAC forwarding table according to the VNID and the MAC address of VM1, and performs VXLAN encapsulation on the ARP response message. The destination IP address of the encapsulated ARP response message is the IP address of NVE1.

615、网关代理通过三层网络发送给NVE1。615. The gateway proxy sends to NVE1 through the three-layer network.

所述NVE1对所述封装的ARP应答报文进行VXLAN解封装,然后将解封装后的ARP应答报文转发给VM1。The NVE1 performs VXLAN decapsulation on the encapsulated ARP response message, and then forwards the decapsulated ARP response message to VM1.

在此之后,来自VM1的单播流量就可以送往网关了。其他的VM也可以使用相同流程发送报文。After this, unicast traffic from VM1 can be sent to the gateway. Other VMs can also use the same process to send packets.

如图7所示的vxlan网络外的设备发送到vxlan网络内的VM1的报文转发流程,包括:As shown in Figure 7, the packet forwarding process sent by a device outside the vxlan network to VM1 in the vxlan network includes:

701、网关接收vxlan网络外的设备发来的报文,网关根据ARP表对该报文进行以太封装得到第一报文。701. The gateway receives a packet sent by a device outside the vxlan network, and the gateway performs Ethernet encapsulation on the packet according to the ARP table to obtain a first packet.

702、网关将所述第一报文发送给网关代理。702. The gateway sends the first packet to a gateway proxy.

703、网关代理对接收到的第一报文进行以太解封装,得到第二报文和VLANID。703. The gateway agent performs Ethernet decapsulation on the received first packet to obtain the second packet and the VLAN ID.

704、网关代理根据VLANID查找VLANID与VLANID的映射关系以获得对应的VNID。704. The gateway agent searches for a mapping relationship between VLANIDs and VLANIDs according to the VLANID to obtain a corresponding VNID.

705、网关代理根据VNID和VNID对应的虚拟网络内的MAC转发表,对所述第二报文进行VXLAN封装以得到第三报文。705. The gateway agent performs VXLAN encapsulation on the second packet according to the VNID and the MAC forwarding table in the virtual network corresponding to the VNID to obtain a third packet.

706、网关代理将所述第三报文发送给网关;网关通过三层网络转发所述第三报文给NVE1。706. The gateway agent sends the third packet to the gateway; the gateway forwards the third packet to NVE1 through the three-layer network.

707、NVE1判断所述第三报文的目的IP为自身,UDP端口号为特殊的端口号,对所述第三报文进行VXLAN解封装以得到第四报文。707. NVE1 judges that the destination IP of the third packet is itself, and the UDP port number is a special port number, and performs VXLAN decapsulation on the third packet to obtain a fourth packet.

708、NVE1根据所述第四报文的目的MAC地址查找VNID对应的虚拟网络的MAC转发表,将所述第四报文发送至VM1。708. NVE1 searches the MAC forwarding table of the virtual network corresponding to the VNID according to the destination MAC address of the fourth packet, and sends the fourth packet to VM1.

本发明实施例还提供了一种网关代理,应用于NVO3网络中,所述网关代理与网关连接,所述NVO3网络通过所述网关与外部网络互通。如图8所示,所述网关代理800包括:The embodiment of the present invention also provides a gateway agent, which is applied in the NVO3 network, the gateway agent is connected to the gateway, and the NVO3 network communicates with the external network through the gateway. As shown in Figure 8, the gateway agent 800 includes:

接收单元801,用于接收所述网关发送的第一报文,其中所述第一报文为根据第一封装标识封装的报文。The receiving unit 801 is configured to receive the first packet sent by the gateway, where the first packet is a packet encapsulated according to the first encapsulation identifier.

解封装单元802,当所述第一报文为数据报文时,用于对所述接收单元801接收到的所述第一报文进行解封装,得到第二报文和所述第一封装标识。A decapsulation unit 802, configured to decapsulate the first packet received by the receiving unit 801 when the first packet is a data packet, to obtain a second packet and the first packet logo.

查找单元803,用于根据所述第一封装标识查找VNID与VLANID的映射关系以获得所述第一封装标识对应的第二封装标识;其中当所述第一封装标识为VNID时,所述第二封装标识为VLANID,当所述第一封装标识为VLANID时,所述第二封装标识为VNID。A search unit 803, configured to search for a mapping relationship between a VNID and a VLANID according to the first encapsulation identifier to obtain a second encapsulation identifier corresponding to the first encapsulation identifier; wherein when the first encapsulation identifier is a VNID, the second The second encapsulation identifier is VLANID, and when the first encapsulation identifier is VLANID, the second encapsulation identifier is VNID.

封装单元804,用于根据所述查找单元803查找到的第二封装标识对所述第二报文进行封装以得到第三报文。The encapsulating unit 804 is configured to encapsulate the second packet according to the second encapsulation identifier found by the searching unit 803 to obtain a third packet.

发送单元806,用于将所述第三报文发送给所述网关。A sending unit 806, configured to send the third packet to the gateway.

可选地,如果所述第一报文为地址解析协议ARP请求报文,所述解封装单元802、所述查找单元803、所述封装单元804和所述发送单元806采用与所述第一报文为数据报文时相同的方式处理所述第一报文。Optionally, if the first message is an address resolution protocol ARP request message, the decapsulation unit 802, the search unit 803, the encapsulation unit 804 and the sending unit 806 use the same method as the first The first packet is processed in the same manner as when the packet is a data packet.

可选地,如果所述第一报文是ARP请求报文,则所述第二报文是ARP请求报文。图9所示的网关代理900还包括:存储单元908:用于保存ARP表。举例来说,所述存储单元908还可以用于保存VNID与VLANID的映射关系。Optionally, if the first packet is an ARP request packet, then the second packet is an ARP request packet. The gateway proxy 900 shown in FIG. 9 further includes: a storage unit 908 : used to save the ARP table. For example, the storage unit 908 may also be used to store the mapping relationship between VNID and VLANID.

所述查找单元803,还用于在所述第二报文为ARP请求报文时,从所述存储单元908存储的所述ARP表中查找所述第二报文请求的MAC地址。The search unit 803 is further configured to search the MAC address requested by the second message from the ARP table stored in the storage unit 908 when the second message is an ARP request message.

所述网关代理还包括:生成单元905,用于根据所述查找单元803查找到的MAC地址,生成第一ARP应答报文。The gateway agent further includes: a generating unit 905, configured to generate a first ARP response message according to the MAC address found by the searching unit 803.

所述封装单元804,还用于根据所述第一封装标识,对所述生成单元905生成的第一ARP应答报文进行封装以形成第四报文。The encapsulating unit 804 is further configured to encapsulate the first ARP response packet generated by the generating unit 905 according to the first encapsulation identifier to form a fourth packet.

所述发送单元806,还用于根据与所述第一封装标识对应的MAC转发信息,将所述第四报文发送给所述网关。The sending unit 806 is further configured to send the fourth packet to the gateway according to the MAC forwarding information corresponding to the first encapsulation identifier.

可选地,图10所示的网关代理1000,还包括:Optionally, the gateway proxy 1000 shown in Figure 10 also includes:

判断单元1007,用于判断所述网关是否为主用网关。A judging unit 1007, configured to judge whether the gateway is an active gateway.

所述查找单元803,具体用于在所述判断单元1007确定所述网关是主用网关时,从所述存储单元908存储的ARP表中查找所述ARP请求报文请求的MAC地址。The searching unit 803 is specifically configured to search the MAC address requested by the ARP request message from the ARP table stored in the storage unit 908 when the judging unit 1007 determines that the gateway is the active gateway.

本发明实施例还提供了一种NVE,应用于NVO3网络中,所述NVO3网络中设置有服务器和网关。所述NVO3网络通过所述网关与外部网络互通。所述网关与网关代理连接。所述NVE位于所述服务器中。所述NVE用于管理所述服务器内的虚拟机,如图11所示,NVE1l00包括:The embodiment of the present invention also provides an NVE, which is applied in the NVO3 network, and the NVO3 network is provided with a server and a gateway. The NVO3 network communicates with external networks through the gateway. The gateway is connected with a gateway agent. The NVE is located in the server. The NVE is used to manage the virtual machines in the server, as shown in Figure 11, NVE1100 includes:

存储单元1104,用于保存ARP表。The storage unit 1104 is configured to save the ARP table.

接收单元1101,用于接收虚拟机发送的第五报文。The receiving unit 1101 is configured to receive the fifth packet sent by the virtual machine.

查找单元1102,用于在所述接收单元1101接收的第五报文为ARP请求报文时,从所述存储单元1104存储的所述ARP表中查找所述第五报文请求的MAC地址。The searching unit 1102 is configured to, when the fifth packet received by the receiving unit 1101 is an ARP request packet, search the MAC address requested by the fifth packet from the ARP table stored in the storage unit 1104 .

发送单元1103,用于在所述查找单元1102查找到所述第五报文请求的MAC地址时,则将查找到的MAC地址携带在ARP应答报文中发送给所述虚拟机;还用于在所述查找单元1102未查找到所述第五报文请求的MAC地址时,则根据所述虚拟机对应的VNID对所述第五报文进行封装以得到第六报文,并将所述第六报文发送至网关。The sending unit 1103 is configured to, when the searching unit 1102 finds the MAC address requested by the fifth message, carry the found MAC address in the ARP response message and send it to the virtual machine; When the search unit 1102 does not find the MAC address requested by the fifth message, it encapsulates the fifth message according to the VNID corresponding to the virtual machine to obtain a sixth message, and sends the The sixth packet is sent to the gateway.

本发明实施例还提供了一种服务器,包括图11所示的NVE1100。The embodiment of the present invention also provides a server, including the NVE1100 shown in FIG. 11 .

本发明实施例提供了一种网关代理和NVE。NOV3网络中的网关与网关代理连接,并使用该网关代理对网关发送至NOV3网络内的网络设备的报文进行NVO3封装,对NOV3网络内的设备发送到网关的报文进行NOV3解封装,使得网关在不支持NVO3封装技术的情况下,仍能够处理NOV3网络与外部网络互通的报文,从而使得在不改变现有网络中网关的硬件配置的情况下,实现NVO3技术。The embodiment of the present invention provides a gateway proxy and NVE. The gateway in the NOV3 network is connected to the gateway agent, and uses the gateway agent to perform NVO3 encapsulation on the message sent by the gateway to the network device in the NOV3 network, and to perform NOV3 decapsulation on the message sent to the gateway by the device in the NOV3 network, so that In the case that the gateway does not support the NVO3 encapsulation technology, it can still process the messages between the NOV3 network and the external network, so that the NVO3 technology can be realized without changing the hardware configuration of the gateway in the existing network.

本发明实施例提供了一种网关代理,应用于三层网络虚拟化NVO3网络中,所述NVO3网络中设置有网关。NVO3网络通过所述网关与外部网络互通。所述网关与网关代理连接。图12所示的网关代理1200包括输入输出电路1201、处理器1202和存储器1203。所述存储器1203被配置存储代码,并被配置存储VNID与VLANID的映射关系。所述处理器1202用于读取所述代码以实现上述方法实施例中由网关代理实现的方法流程。所述输入输出电路1201、所述处理器1202和所述存储器1203通过总线进行通信。The embodiment of the present invention provides a gateway proxy, which is applied to a three-layer network virtualization NVO3 network, and a gateway is set in the NVO3 network. The NVO3 network communicates with the external network through the gateway. The gateway is connected with a gateway agent. The gateway agent 1200 shown in FIG. 12 includes an input-output circuit 1201 , a processor 1202 and a memory 1203 . The memory 1203 is configured to store codes, and is configured to store a mapping relationship between a VNID and a VLANID. The processor 1202 is configured to read the code to implement the method flow implemented by the gateway agent in the above method embodiment. The input-output circuit 1201, the processor 1202 and the memory 1203 communicate through a bus.

所述输入输出电路1201,用于接收网关发送的第一报文,其中所述第一报文为根据第一封装标识进行封装的报文。The input and output circuit 1201 is configured to receive a first packet sent by a gateway, wherein the first packet is a packet encapsulated according to a first encapsulation identifier.

所述处理器1202,当所述第一报文是数据报文时,用于对所述第一报文进行解封装,得到第二报文和第一封装标识;根据所述第一封装标识查找VNID与VLANID的映射关系以获得所述第一封装标识对应的第二封装标识;其中当所述第一封装标识为VNID时,所述第二封装标识为VLANID,当所述第一封装标识为VLANID时,所述第二封装标识为VNID;根据所述第二封装标识对所述第二报文进行封装以得到第三报文。所述输入输出电路还用于将所述第三报文发送给网关。The processor 1202, when the first packet is a data packet, is configured to decapsulate the first packet to obtain a second packet and a first encapsulation identifier; according to the first encapsulation identifier Find the mapping relationship between VNID and VLANID to obtain the second encapsulation identifier corresponding to the first encapsulation identifier; wherein when the first encapsulation identifier is VNID, the second encapsulation identifier is VLANID, and when the first encapsulation identifier is When it is a VLAN ID, the second encapsulation identifier is a VNID; and the second packet is encapsulated according to the second encapsulation identifier to obtain a third packet. The input-output circuit is also used to send the third message to the gateway.

可选地,所述处理器1202,还用于当所述第二报文为ARP请求报文时,从所述存储器1203存储的ARP表中查找所述第二报文请求的MAC地址;根据查找到的MAC地址,生成第一ARP应答报文;根据所述第一封装标识,对所述第一ARP应答报文进行封装以得到第四报文;根据与所述第一封装标识对应的MAC转发信息,将所述第四报文发送给所述网关。Optionally, the processor 1202 is further configured to, when the second message is an ARP request message, search for the MAC address requested by the second message from the ARP table stored in the memory 1203; Generate a first ARP response packet based on the found MAC address; encapsulate the first ARP response packet according to the first encapsulation identifier to obtain a fourth packet; The MAC forwards information, and sends the fourth packet to the gateway.

所述存储器1203,还用于存储ARP表和MAC转发信息。The memory 1203 is also used to store the ARP table and MAC forwarding information.

可选地,所述处理器1201,还用于在所述存储器1203存储的ARP表中查找所述ARP请求报文请求的MAC地址之前,判断所述网关是否为主用网关;若确定所述网关是主用网关,则执行所述从所述存储器1203存储的ARP表中查找所述第二报文请求的MAC地址的操作。Optionally, the processor 1201 is further configured to determine whether the gateway is an active gateway before looking up the MAC address requested by the ARP request message in the ARP table stored in the memory 1203; if it is determined that the If the gateway is the active gateway, the operation of searching the MAC address requested by the second message from the ARP table stored in the memory 1203 is performed.

本发明实施例提供了一种NVE,应用于NVO3网络中,所述NVO3网络中设置有服务器和网关。所述NVO3网络通过所述网关与外部网络互通。所述网关与网关代理连接。所述NVE位于所述服务器中,所述NVE用于管理所述服务器内的虚拟机。图13所示的NVE1300包括处理器1301、存储器1302和发送机1303,所述存储器1302被配置存储代码,所述处理器1301用于读取所述代码以实现上述方法实施例中由NVE实现的方法流程。举例来说,所述处理器1301、存储器1302和发送接收器1303通过总线进行通信。An embodiment of the present invention provides an NVE, which is applied to an NVO3 network, and a server and a gateway are set in the NVO3 network. The NVO3 network communicates with external networks through the gateway. The gateway is connected with a gateway agent. The NVE is located in the server, and the NVE is used to manage virtual machines in the server. The NVE 1300 shown in Figure 13 includes a processor 1301, a memory 1302, and a transmitter 1303, the memory 1302 is configured to store codes, and the processor 1301 is used to read the codes to realize the implementation by the NVE in the above method embodiments method flow. For example, the processor 1301, the memory 1302, and the transceiver 1303 communicate through a bus.

所述发送接收器1303,用于接收虚拟机发送的第五报文;The sender and receiver 1303 are configured to receive the fifth message sent by the virtual machine;

所述处理器1301用于当所述第五报文为ARP请求报文时,从存储器1302存储的ARP表中查找所述第五报文请求的MAC地址;若查找到所述第五报文请求的MAC地址,则控制所述发送接收器1303将查找到的MAC地址携带在ARP应答报文中发送给所述虚拟机;若未查找到所述第五报文请求的MAC地址,则根据所述虚拟机对应的VNID,对所述第五报文进行封装以得到第六报文。The processor 1301 is configured to search the MAC address requested by the fifth message from the ARP table stored in the memory 1302 when the fifth message is an ARP request message; if the fifth message is found Requested MAC address, then control the sending and receiving receiver 1303 to carry the found MAC address in the ARP response message and send it to the virtual machine; if the MAC address requested by the fifth message is not found, then according to The VNID corresponding to the virtual machine encapsulates the fifth packet to obtain a sixth packet.

所述发送接收器1303还用于将所述第六报文发送至网关。The transceiver 1303 is further configured to send the sixth packet to the gateway.

所述存储器1302,还用于存储所述ARP表。The memory 1302 is also used to store the ARP table.

本发明实施例提供了一种网关代理和NVE,所述网关代理与网关连接。该网关代理对网关发送至NOV3网络内的网络设备的报文进行NVO3封装,对NOV3网络内的网络设备发送到网关的报文进行NOV3解封装,使得网关在不支持NVO3封装技术的情况下,仍能够处理NOV3网络与外部网络互通的报文,从而使得在不改变现有网络中网关的硬件配置的情况下,实现NVO3技术。The embodiment of the present invention provides a gateway agent and NVE, and the gateway agent is connected with a gateway. The gateway agent performs NVO3 encapsulation on the message sent by the gateway to the network device in the NOV3 network, and performs NOV3 decapsulation on the message sent to the gateway by the network device in the NOV3 network, so that the gateway does not support the NVO3 encapsulation technology. It can still process the messages between the NOV3 network and the external network, so that the NVO3 technology can be realized without changing the hardware configuration of the gateway in the existing network.

通过以上的实施方式的描述,所属领域的技术人员可以清楚地了解到本发明可借助软件加必需的硬件的方式来实现,当然也可以通过硬件来实现。基于这样的理解,本发明的技术方案的全部或者部分可以以软件产品的形式体现出来,该计算机软件产品存储在可读取的存储介质中,如计算机的软盘,硬盘或光盘等,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本发明各个实施例所述的方法。Through the above description of the implementation manners, those skilled in the art can clearly understand that the present invention can be implemented by means of software plus necessary hardware, and of course can also be implemented by hardware. Based on this understanding, all or part of the technical solutions of the present invention can be embodied in the form of software products, which are stored in readable storage media, such as computer floppy disks, hard disks or optical disks, etc., including several instructions It is used to make a computer device (which may be a personal computer, a server, or a network device, etc.) execute the methods described in various embodiments of the present invention.

以上所述,仅为本发明的具体实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的技术范围内,可轻易想到变化或替换,都应涵盖在本发明的保护范围之内。因此,本发明的保护范围应以所述权利要求的保护范围为准。The above is only a specific embodiment of the present invention, but the scope of protection of the present invention is not limited thereto. Anyone skilled in the art can easily think of changes or substitutions within the technical scope disclosed in the present invention. Should be covered within the protection scope of the present invention. Therefore, the protection scope of the present invention should be determined by the protection scope of the claims.

Claims (10)

1.一种报文处理的方法,应用于三层网络虚拟化NVO3网络中,所述NVO3网络中设置有网关,所述NVO3网络通过所述网关与外部网络互通,其特征在于,所述NVO3网络中还设置有网关代理,所述网关代理与所述网关连接,所述方法包括:1. A method for message processing, applied in a three-layer network virtualization NVO3 network, a gateway is provided in the NVO3 network, and the NVO3 network communicates with an external network through the gateway, it is characterized in that the NVO3 A gateway agent is also provided in the network, and the gateway agent is connected to the gateway, and the method includes: 所述网关代理接收所述网关发送的第一报文,其中所述第一报文为根据第一封装标识封装的报文;The gateway agent receives the first message sent by the gateway, wherein the first message is a message encapsulated according to the first encapsulation identifier; 如果所述第一报文为数据报文,所述网关代理对所述第一报文进行解封装,得到第二报文和所述第一封装标识;If the first message is a data message, the gateway agent decapsulates the first message to obtain a second message and the first encapsulation identifier; 所述网关代理根据所述第一封装标识,通过查找虚拟网络标识VNID与虚拟局域网标识VLANID的映射关系获得所述第一封装标识对应的第二封装标识;其中当所述第一封装标识为VNID时,所述第二封装标识为VLANID,当所述第一封装标识为VLANID时,所述第二封装标识为VNID;According to the first encapsulation identifier, the gateway agent obtains the second encapsulation identifier corresponding to the first encapsulation identifier by looking up the mapping relationship between the virtual network identifier VNID and the virtual local area network identifier VLANID; wherein when the first encapsulation identifier is VNID , the second encapsulation identifier is VLANID, and when the first encapsulation identifier is VLANID, the second encapsulation identifier is VNID; 根据所述第二封装标识对所述第二报文进行封装以形成第三报文;Encapsulating the second packet according to the second encapsulation identifier to form a third packet; 将所述第三报文发送给所述网关。Send the third packet to the gateway. 2.根据权利要求1所述的方法,其特征在于,如果所述第一报文为地址解析协议ARP请求报文,所述网关代理采用与所述第一报文为数据报文时相同的方式处理所述第一报文。2. The method according to claim 1, wherein, if the first message is an Address Resolution Protocol (ARP) request message, the gateway agent adopts the same method as when the first message is a data message. The first packet is processed in a manner. 3.根据权利要求1所述的方法,其特征在于,如果所述第一报文为ARP请求报文,所述第二报文为ARP请求报文,所述方法还包括:3. The method according to claim 1, wherein if the first message is an ARP request message, and the second message is an ARP request message, the method further comprises: 所述网关代理通过查找ARP表获得所述第二报文请求的媒体接入控制MAC地址,其中,所述网关代理存储所述ARP表;The gateway agent obtains the media access control MAC address requested by the second message by searching the ARP table, wherein the gateway agent stores the ARP table; 所述网关代理根据所述MAC地址,生成第一ARP应答报文;The gateway agent generates a first ARP response message according to the MAC address; 所述网关代理根据所述第一封装标识,对所述第一ARP应答报文进行封装以形成第四报文;The gateway agent encapsulates the first ARP response message according to the first encapsulation identifier to form a fourth message; 所述网关代理根据与所述第一封装标识对应的MAC转发信息,将所述第四报文发送给所述网关。The gateway agent sends the fourth packet to the gateway according to the MAC forwarding information corresponding to the first encapsulation identifier. 4.根据权利要求3所述的方法,其特征在于,在所述网关代理通过查找所述ARP表获得所述第二报文请求的MAC地址之前,还包括:所述网关代理判断所述网关是否为主用网关;4. The method according to claim 3, wherein, before the gateway agent obtains the MAC address requested by the second message by searching the ARP table, further comprising: the gateway agent judging that the gateway Whether it is the active gateway; 所述网关代理通过查找所述ARP表获得所述第二报文请求的MAC地址的操作在确定所述网关是主用网关时执行。The operation of the gateway proxy obtaining the MAC address requested by the second packet by searching the ARP table is performed when it is determined that the gateway is the active gateway. 5.根据权利要求1-4任意一项所述的方法,所述NVO3网络还包括服务器,所述服务器包括网络虚拟化边缘NVE,所述NVE用于管理所述服务器内的虚拟机,其特征在于,所述方法还包括:5. The method according to any one of claims 1-4, the NVO3 network also includes a server, the server includes a network virtualization edge NVE, and the NVE is used to manage virtual machines in the server, wherein In that, the method also includes: 所述NVE接收虚拟机发送的第五报文;The NVE receives the fifth message sent by the virtual machine; 当所述第五报文为ARP请求报文时,通过查找所述NVE存储的ARP表获得所述第五报文请求的MAC地址;When the fifth message is an ARP request message, obtain the MAC address requested by the fifth message by searching the ARP table stored in the NVE; 若查找到所述第五报文请求的MAC地址,所述NVE将查找到的MAC地址携带在第二ARP应答报文中发送给所述虚拟机;If the MAC address requested by the fifth message is found, the NVE carries the found MAC address in the second ARP response message and sends it to the virtual machine; 若未查找到所述第五报文请求的MAC地址,则根据所述虚拟机对应的VNID,对所述第五报文进行封装以获得第六报文,并将所述第六报文发送至所述网关。If the MAC address requested by the fifth message is not found, then according to the VNID corresponding to the virtual machine, the fifth message is encapsulated to obtain a sixth message, and the sixth message is sent to the gateway. 6.一种网关代理,应用于三层网络虚拟化NVO3网络中,其特征在于,所述网关代理与网关连接,所述NVO3网络通过所述网关与外部网络互通,所述网关代理包括:6. a gateway agent, applied in three-layer network virtualization NVO3 network, it is characterized in that, described gateway agent is connected with gateway, and described NVO3 network communicates with external network by described gateway, and described gateway agent comprises: 接收单元,用于接收所述网关发送的第一报文,其中所述第一报文为根据第一封装标识封装的报文;A receiving unit, configured to receive the first message sent by the gateway, where the first message is a message encapsulated according to the first encapsulation identifier; 解封装单元,当所述第一报文为数据报文时,用于对所述接收单元接收到的所述第一报文进行解封装,得到第二报文和所述第一封装标识;A decapsulating unit, configured to decapsulate the first message received by the receiving unit when the first message is a data message, to obtain a second message and the first encapsulation identifier; 查找单元,用于根据所述第一封装标识查找虚拟网络标识VNID与VLANID的映射关系以获得对应的第二封装标识;其中当所述第一封装标识为VNID时,所述第二封装标识为VLANID,当所述第一封装标识为VLANID时,所述第二封装标识为VNID;A search unit, configured to search for a mapping relationship between a virtual network identifier VNID and a VLANID according to the first encapsulation identifier to obtain a corresponding second encapsulation identifier; wherein when the first encapsulation identifier is VNID, the second encapsulation identifier is VLANID, when the first encapsulation identifier is VLANID, the second encapsulation identifier is VNID; 封装单元,用于根据所述查找单元查找到的所述第二封装标识对所述第二报文进行封装以形成第三报文;An encapsulation unit, configured to encapsulate the second packet according to the second encapsulation identifier found by the search unit to form a third packet; 发送单元,用于将所述第三报文发送给所述网关。a sending unit, configured to send the third message to the gateway. 7.根据权利要求6所述的网关代理,其特征在于,如果所述第一报文为地址解析协议ARP请求报文,所述解封装单元、所述查找单元、所述封装单元和所述发送单元采用与所述第一报文为数据报文时相同的方式处理所述第一报文。7. The gateway agent according to claim 6, wherein if the first message is an address resolution protocol (ARP) request message, the decapsulation unit, the search unit, the encapsulation unit and the The sending unit processes the first packet in the same manner as when the first packet is a data packet. 8.根据权利要求6所述的网关代理,其特征在于,如果所述第一报文是ARP请求报文,则所述第二报文是ARP请求报文,所述网关代理还包括:存储单元,用于存储ARP表;8. The gateway agent according to claim 6, wherein if the first message is an ARP request message, then the second message is an ARP request message, and the gateway agent also includes: storing unit, used to store the ARP table; 所述查找单元,还用于在所述第二报文为ARP请求报文时,从所述存储单元存储的ARP表中查找所述第二报文请求的MAC地址;The search unit is further configured to search the MAC address requested by the second message from the ARP table stored in the storage unit when the second message is an ARP request message; 所述网关代理还包括生成单元,用于根据所述查找单元查找到的MAC地址,生成第一ARP应答报文;The gateway agent also includes a generation unit, configured to generate a first ARP response message according to the MAC address found by the search unit; 所述封装单元,还用于根据所述第一封装标识,对所述生成单元生成的所述第一ARP应答报文进行封装以形成第四报文;The encapsulating unit is further configured to encapsulate the first ARP response message generated by the generating unit according to the first encapsulation identifier to form a fourth message; 所述发送单元,还用于根据与所述第一封装标识对应的MAC转发信息,将所述第四报文发送给所述网关。The sending unit is further configured to send the fourth message to the gateway according to the MAC forwarding information corresponding to the first encapsulation identifier. 9.根据权利要求8所述的网关代理,其特征在于,还包括判断单元,用于判断所述网关是否为主用网关;9. The gateway agent according to claim 8, further comprising a judging unit for judging whether the gateway is an active gateway; 所述查找单元,具体用于在所述判断单元确定所述网关是主用网关时,从所述存储单元存储的ARP表中查找所述第二报文请求的MAC地址。The searching unit is specifically configured to search the MAC address requested by the second message from the ARP table stored in the storage unit when the judging unit determines that the gateway is the active gateway. 10.一种网络虚拟边缘NVE,其特征在于,所述NVE应用于三层网络虚拟化NVO3网络中,所述NVO3网络中设置有服务器和网关,所述NVO3网络通过所述网关与外部网络互通,所述网关连接网关代理,所述NVE位于所述服务器中,所述NVE用于管理所述服务器内的虚拟机,所述NVE包括:10. A network virtual edge NVE, characterized in that the NVE is applied to a three-layer network virtualization NVO3 network, a server and a gateway are arranged in the NVO3 network, and the NVO3 network communicates with an external network through the gateway , the gateway is connected to a gateway proxy, the NVE is located in the server, and the NVE is used to manage virtual machines in the server, and the NVE includes: 存储单元,用于保存地址解析协议ARP表;The storage unit is used to save the address resolution protocol ARP table; 接收单元,用于接收虚拟机发送的第五报文;a receiving unit, configured to receive the fifth message sent by the virtual machine; 查找单元,用于在所述接收单元接收的所述第五报文为ARP请求报文时,从所述存储单元存储的所述ARP表中查找所述第五报文请求的MAC地址;A search unit, configured to search the MAC address requested by the fifth message from the ARP table stored in the storage unit when the fifth message received by the receiving unit is an ARP request message; 发送单元,用于在所述查找单元查找到所述第五报文请求的MAC地址时,将查找到的MAC地址携带在ARP应答报文中发送给所述虚拟机;还用于在所述查找单元未查找到所述第五报文请求的MAC地址时,根据所述虚拟机对应的虚拟网络标识VNID对所述第五报文进行封装以得到第六报文,并将所述第六报文发送至网关。A sending unit, configured to carry the found MAC address in an ARP response message and send it to the virtual machine when the search unit finds the MAC address requested by the fifth message; When the search unit does not find the MAC address requested by the fifth packet, it encapsulates the fifth packet according to the virtual network identifier VNID corresponding to the virtual machine to obtain a sixth packet, and sends the sixth packet The message is sent to the gateway.
CN201310107847.5A 2013-03-29 2013-03-29 A kind of method and apparatus of Message processing Active CN103200069B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310107847.5A CN103200069B (en) 2013-03-29 2013-03-29 A kind of method and apparatus of Message processing

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310107847.5A CN103200069B (en) 2013-03-29 2013-03-29 A kind of method and apparatus of Message processing

Publications (2)

Publication Number Publication Date
CN103200069A CN103200069A (en) 2013-07-10
CN103200069B true CN103200069B (en) 2016-01-27

Family

ID=48722433

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310107847.5A Active CN103200069B (en) 2013-03-29 2013-03-29 A kind of method and apparatus of Message processing

Country Status (1)

Country Link
CN (1) CN103200069B (en)

Families Citing this family (46)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104348726B (en) * 2013-08-02 2018-12-11 新华三技术有限公司 Message forwarding method and device
CN104426680B (en) * 2013-09-03 2018-03-16 华为技术有限公司 Data transmission method, device and system
CN104601427B (en) * 2013-10-31 2018-03-06 新华三技术有限公司 Message forwarding method and device in data center network
CN103647853B (en) * 2013-12-04 2018-07-03 华为技术有限公司 One kind sends ARP file transmitting methods, VTEP and VxLAN controllers in VxLAN
CN104702476B (en) * 2013-12-05 2018-07-31 华为技术有限公司 Message processing method based on distributed network gate and network virtualization marginal point
CN104702708B (en) * 2013-12-06 2018-04-27 华为技术有限公司 Obtain method, equipment, system and the network virtualization endpoint of ARP information
CN105122776B (en) * 2014-01-20 2019-01-18 华为技术有限公司 Address acquiring method and network virtualization edge device
CN104869042B (en) * 2014-02-20 2018-07-13 华为技术有限公司 Message forwarding method and device
CN105453513B (en) * 2014-05-30 2018-10-12 华为技术有限公司 Message forwarding method, forwarding-table item delivery method and the network equipment
CN105227421B (en) * 2014-07-03 2018-11-09 新华三技术有限公司 Message processing method and device in a kind of stacking network
CN104301446B (en) * 2014-08-08 2019-04-09 新华三技术有限公司 A kind of message processing method, switch device and system
CN105450690B (en) 2014-08-21 2019-02-22 国际商业机器公司 Hypervisor execution method and virtual machine management system
CN104158718B (en) * 2014-08-25 2017-06-13 新华三技术有限公司 A kind of message processing method and device
CN105490995B (en) * 2014-09-30 2018-04-20 国际商业机器公司 A kind of method and apparatus that NVE E-Packets in NVO3 networks
CN104518940B (en) 2014-10-27 2017-12-29 华为技术有限公司 Realize the method and apparatus to be communicated between NVO3 networks and MPLS network
CN105634899A (en) * 2014-10-29 2016-06-01 中兴通讯股份有限公司 Method and system for providing virtual network service
CN104301232B (en) * 2014-10-29 2017-10-03 新华三技术有限公司 Message forwarding method and device in a kind of transparent interconnection of lots of links internet
CN104378300B (en) * 2014-11-27 2018-04-03 盛科网络(苏州)有限公司 A kind of processing method for realizing Vxlan two-layer retransmitting tables in the chips
CN104410560A (en) * 2014-11-27 2015-03-11 盛科网络(苏州)有限公司 Method for realizing BUM packet forwarding through NVGRE unicast
CN106209637B (en) 2015-05-04 2019-07-05 新华三技术有限公司 From virtual expansible local area network to the message forwarding method and equipment of virtual LAN
CN106209554B (en) 2015-05-04 2019-12-13 新华三技术有限公司 Message forwarding method and device across virtual scalable local area network
CN106209689B (en) * 2015-05-04 2019-06-14 新华三技术有限公司 Multicast data packet forwarding method and apparatus from VXLAN to VLAN
CN106209638B (en) 2015-05-04 2019-07-12 新华三技术有限公司 From virtual LAN to the message forwarding method and equipment of virtual expansible local area network
CN106209648B (en) * 2015-05-04 2019-06-14 新华三技术有限公司 Multicast data packet forwarding method and apparatus across virtual expansible local area network
CN106209636B (en) 2015-05-04 2019-08-02 新华三技术有限公司 Multicast data packet forwarding method and apparatus from VLAN to VXLAN
US9916174B2 (en) 2015-05-27 2018-03-13 International Business Machines Corporation Updating networks having virtual machines with migration information
CN106341298B (en) * 2015-07-06 2019-03-22 中兴通讯股份有限公司 File transmitting method and device
CN105306335B (en) * 2015-11-11 2019-10-22 杭州数梦工场科技有限公司 The retransmission method and device of message
CN106817291A (en) * 2015-11-30 2017-06-09 中兴通讯股份有限公司 VXLAN realizes device and its method of work
CN107342925B (en) * 2016-04-29 2020-03-06 新华三技术有限公司 A message transmission method and device
CN107404436A (en) * 2016-05-19 2017-11-28 华为技术有限公司 Communication means and device for virtual expansible LAN
CN106209616B (en) * 2016-07-06 2020-11-06 新华三技术有限公司 Flooding inhibition method and device
CN106130867B (en) * 2016-08-30 2019-06-14 锐捷网络股份有限公司 Virtual machine communication method and device across data center
CN108011801B (en) * 2016-11-01 2020-12-04 阿里巴巴集团控股有限公司 Method, apparatus, device and system for data transmission
CN108270591B (en) * 2016-12-30 2021-06-01 华为技术有限公司 A method of configuring network equipment and related equipment
CN106789540B (en) * 2017-01-25 2019-11-29 北京华为数字技术有限公司 A kind of gateway deployment method and apparatus
CN109995640A (en) * 2018-01-03 2019-07-09 中兴通讯股份有限公司 A method, device and system for interconnecting multiple types of stacked nets
CN110633127A (en) 2018-06-25 2019-12-31 华为技术有限公司 A data processing method and related equipment
CN109257265B (en) * 2018-08-10 2021-04-20 锐捷网络股份有限公司 Flooding suppression method, VXLAN bridge, gateway and system
CN109246016B (en) * 2018-11-27 2021-01-26 杭州迪普科技股份有限公司 Cross-VXLAN message processing method and device
CN110062057A (en) * 2018-12-18 2019-07-26 华为技术有限公司 The proxy gateway and communication means of message are handled for hot-backup system
CN110535747B (en) * 2019-09-09 2021-11-02 杭州迪普信息技术有限公司 Message processing device and method
CN113542441B (en) * 2020-04-20 2023-02-17 亚信科技(中国)有限公司 Communication processing method and device
CN111585863B (en) * 2020-06-11 2022-03-01 国家计算机网络与信息安全管理中心 Virtual extensible local area network message processing device and data processing method
CN115150314B (en) * 2021-03-31 2023-08-25 腾讯科技(深圳)有限公司 Method and device for transmitting data packets across network domains, storage medium and electronic equipment
CN118612015B (en) * 2024-08-08 2024-10-29 北京志凌海纳科技股份有限公司 A centralized multifunctional VPC gateway data plane implementation method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2252096A1 (en) * 2009-05-14 2010-11-17 Avaya Inc. Unifying local and mobility network identifiers
CN102938794A (en) * 2012-11-14 2013-02-20 华为技术有限公司 Address resolution protocol (ARP) message forwarding method, exchanger and controller
CN102970227A (en) * 2012-11-12 2013-03-13 盛科网络(苏州)有限公司 Method and device for achieving virtual extensible local area network (VXLAN) message transmitting in application specific integrated circuit (ASIC)

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2252096A1 (en) * 2009-05-14 2010-11-17 Avaya Inc. Unifying local and mobility network identifiers
CN102970227A (en) * 2012-11-12 2013-03-13 盛科网络(苏州)有限公司 Method and device for achieving virtual extensible local area network (VXLAN) message transmitting in application specific integrated circuit (ASIC)
CN102938794A (en) * 2012-11-14 2013-02-20 华为技术有限公司 Address resolution protocol (ARP) message forwarding method, exchanger and controller

Also Published As

Publication number Publication date
CN103200069A (en) 2013-07-10

Similar Documents

Publication Publication Date Title
CN103200069B (en) A kind of method and apparatus of Message processing
US11765000B2 (en) Method and system for virtual and physical network integration
US11546288B2 (en) Techniques for managing software defined networking controller in-band communications in a data center network
US10116559B2 (en) Operations, administration and management (OAM) in overlay data center environments
KR102054338B1 (en) Routing vlan tagged packets to far end addresses of virtual forwarding instances using separate administrations
CN104350714B (en) A kind of message forwarding method and VxLAN gateways
EP2853066B1 (en) Layer-3 overlay gateways
CN103905283B (en) Communication means and device based on expansible VLAN
CN106612224B (en) Message forwarding method and device applied to VXLAN
CN105591916B (en) A kind of message transmitting method and device
CN106101023B (en) A kind of VPLS message processing method and equipment
CN105763512A (en) SDN virtual network communication method and device
CN104869042A (en) Message forwarding method and message forwarding device
CN106209638A (en) From VLAN to the message forwarding method of virtual expansible LAN and equipment
CN111371666A (en) Method, device and system for processing message
WO2017036384A1 (en) Provider edge device and data forwarding method
CN103379187A (en) Data processing method and gateway network element

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant