[go: up one dir, main page]

CN114338277A - Method, device, equipment and readable medium for protecting VPN (virtual private network) network node in Anycast scene - Google Patents

Method, device, equipment and readable medium for protecting VPN (virtual private network) network node in Anycast scene Download PDF

Info

Publication number
CN114338277A
CN114338277A CN202111586077.8A CN202111586077A CN114338277A CN 114338277 A CN114338277 A CN 114338277A CN 202111586077 A CN202111586077 A CN 202111586077A CN 114338277 A CN114338277 A CN 114338277A
Authority
CN
China
Prior art keywords
anycast
route
edge router
vpn
designated representative
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111586077.8A
Other languages
Chinese (zh)
Other versions
CN114338277B (en
Inventor
尹远阳
王志中
杨锋
林贵东
王素彬
孙嘉琪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Corp Ltd
Original Assignee
China Telecom Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Corp Ltd filed Critical China Telecom Corp Ltd
Priority to CN202111586077.8A priority Critical patent/CN114338277B/en
Publication of CN114338277A publication Critical patent/CN114338277A/en
Application granted granted Critical
Publication of CN114338277B publication Critical patent/CN114338277B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本公开提供一种Anycast场景下VPN网络节点的保护方法、装置、设备和可读介质,其中,方法包括:根据Anycast地址选取边缘路由器中的一个路由器确定为指定代表边缘路由器;将另一个路由器确定为非指定代表边缘路由器;响应于用户边缘设备发送的路由地址,触发指定代表边缘路由器分配VPN标识;控制指定代表边缘路由器通过BGP向非指定代表边缘路由器通告VPN路由,VPN路由携带有VPN标识;触发非指定代表边缘路由器根据指定代表边缘路由器收到的路由地址和用户边缘设备IP路由生成本地转发表,本地转发表的出向信息对应于用户边缘设备IP路由。通过本公开实施例,P节点不需要维护或感知状态表项,且简化了转发流程。

Figure 202111586077

The present disclosure provides a method, device, device and readable medium for protecting a VPN network node in an Anycast scenario, wherein the method includes: selecting one router among edge routers according to the Anycast address and determining it as a designated representative edge router; determining the other router For the non-designated representative edge router; in response to the routing address sent by the user edge device, trigger the designated representative edge router to assign a VPN identifier; control the designated representative edge router to advertise the VPN route to the non-designated representative edge router through BGP, and the VPN route carries the VPN identifier; Trigger the non-designated representative edge router to generate a local forwarding table according to the routing address received by the designated representative edge router and the IP route of the customer edge device, and the outgoing information of the local forwarding table corresponds to the IP route of the customer edge device. Through the embodiment of the present disclosure, the P node does not need to maintain or perceive the state table entry, and the forwarding process is simplified.

Figure 202111586077

Description

Anycast场景下VPN网络节点的保护方法、装置、设备和可读 介质Protection method, device, device and readable medium for VPN network node in Anycast scenario

技术领域technical field

本公开涉及通信技术领域,具体而言,涉及一种Anycast场景下VPN网络节点的保护方法、装置、设备和可读介质。The present disclosure relates to the field of communication technologies, and in particular, to a method, apparatus, device, and readable medium for protecting a VPN network node in an Anycast scenario.

背景技术Background technique

目前,Ti-LFA FRR(Topology-Independent Loop-free Alternate FRR)技术能为Segment Routing(段路由)隧道提供链路及节点的保护,当某处链路或节点故障时,流量会快速切换到备份路径并继续转发,从而最大程度上避免流量的丢失。At present, the Ti-LFA FRR (Topology-Independent Loop-free Alternate FRR) technology can provide link and node protection for Segment Routing tunnels. When a link or node fails, traffic will quickly switch to the backup path and continue forwarding, thus avoiding the loss of traffic to the greatest extent.

由于云网融合场景下的SR TE/SRv6 Policy是被节点被指定的Node Segment(代码段),因此,无法通过Ti-LFA进行局部保护,导致网络在双PE(Provider Edge,运营商边缘路由器)节点接入场景下,无法实现对VPN业务的保护。Since the SR TE/SRv6 Policy in the cloud-network integration scenario is the Node Segment (code segment) specified by the node, local protection cannot be performed through Ti-LFA, resulting in the network being in dual PE (Provider Edge, operator edge router) In the node access scenario, the VPN service cannot be protected.

在相关技术中,对PE节点的保护方案是先采用镜像标签引导到对应的VPN标签空间中,再在对应的VPN(虚拟专用网络)标签空间中查表转发。In the related art, the protection scheme for the PE node is to first use the mirrored label to guide it into the corresponding VPN label space, and then look up the table and forward in the corresponding VPN (virtual private network) label space.

但是,PE节点需要维护VPN标签空间,且上游P(Provider,运营商骨干路由器)节点需要维护状态表项,整个过程转发处理复杂,不利于大型网络的运维管理。However, the PE node needs to maintain the VPN label space, and the upstream P (Provider, operator backbone router) node needs to maintain the state table entry. The whole process of forwarding processing is complicated, which is not conducive to the operation and maintenance management of large-scale networks.

需要说明的是,在上述背景技术部分公开的信息仅用于加强对本公开的背景的理解,因此可以包括不构成对本领域普通技术人员已知的现有技术的信息。It should be noted that the information disclosed in the above Background section is only for enhancement of understanding of the background of the present disclosure, and therefore may contain information that does not form the prior art that is already known to a person of ordinary skill in the art.

发明内容SUMMARY OF THE INVENTION

本公开的目的在于提供一种Anycast场景下VPN网络节点的保护方法、装置、设备和可读介质,用于至少在一定程度上克服由于相关技术的限制和缺陷而导致的维护状态表项复杂的问题。The purpose of the present disclosure is to provide a protection method, device, device and readable medium for a VPN network node in an Anycast scenario, which are used to at least to a certain extent overcome the complex maintenance status table entries caused by the limitations and defects of the related art. question.

根据本公开实施例的第一方面,提供一种Anycast场景下VPN网络节点的保护方法,包括:根据Anycast地址选取边缘路由器中的一个路由器确定为指定代表边缘路由器;将所述边缘路由器中的另一个路由器确定为非指定代表边缘路由器;响应于用户边缘设备发送的路由地址,触发所述指定代表边缘路由器分配VPN标识;控制所述指定代表边缘路由器通过BGP向所述非指定代表边缘路由器通告VPN路由,所述VPN路由携带有所述VPN标识;触发所述非指定代表边缘路由器根据所述指定代表边缘路由器收到的路由地址和所述用户边缘设备IP路由生成本地转发表,所述本地转发表的出向信息对应于所述用户边缘设备IP路由。According to a first aspect of the embodiments of the present disclosure, there is provided a method for protecting a VPN network node in an Anycast scenario, including: selecting one router among edge routers according to an Anycast address and determining it as a designated representative edge router; A router is determined as a non-designated representative edge router; in response to the routing address sent by the user edge device, triggering the designated representative edge router to assign a VPN identifier; controlling the designated representative edge router to advertise VPN to the non-designated representative edge router through BGP route, the VPN route carries the VPN identifier; triggers the non-designated representative edge router to generate a local forwarding table according to the routing address received by the designated representative edge router and the IP route of the user edge device, and the local forwarding The published outbound information corresponds to the IP route of the user edge device.

在本公开的一种示例性实施例中,根据Anycast地址选取边缘路由器中的一个路由器确定为指定代表边缘路由器包括:确定部署有相同VPN和相同Anycast地址的目标运营商边缘路由器;以VPN为粒度或以路由设备为粒度在所述目标运营商边缘路由器中选举出备选指定代表边缘路由器,在所述备选指定代表边缘路由器上构建Anycast_DR_Route,并确定所述Anycast_DR_Route中的关键字;根据所述关键字对Anycast_DR_Route进行排序;根据所述排序的结果确定所述备选指定代表边缘路由器中的一个为指定代表边缘路由器。In an exemplary embodiment of the present disclosure, selecting one of the edge routers according to the Anycast address and determining it as the designated representative edge router includes: determining a target operator edge router deployed with the same VPN and the same Anycast address; taking the VPN as the granularity Or elect an alternative designated representative edge router in the target operator edge router with routing equipment as the granularity, construct Anycast_DR_Route on the alternative designated representative edge router, and determine the keywords in the Anycast_DR_Route; according to the The keyword sorts Anycast_DR_Route; according to the sorting result, it is determined that one of the alternative designated representative edge routers is the designated representative edge router.

在本公开的一种示例性实施例中,以VPN为粒度或以路由设备为粒度在所述目标运营商边缘路由器中的选举出备选指定代表边缘路由器,在所述备选指定代表边缘路由器上构建Anycast_DR_Route,并确定所述Anycast_DR_Route中的关键字包括:以VPN为粒度选举出所述运营商边缘路由器中的一个作为备选指定代表边缘路由器,在被选举为所述备选指定代表边缘路由器的运营商边缘路由器上构建第一Anycast_DR_Route,并将路由标识和任意播地址作为所述第一Anycast_DR_Route的关键字;或以路由设备为粒度选举出所述运营商边缘路由器中的一个作为所述备选指定代表边缘路由器,在被选举为所述备选指定代表边缘路由器的运营商边缘路由器上构建第二Anycast_DR_Route,并将所述任意播地址作为所述第二Anycast_DR_Route的关键字。In an exemplary embodiment of the present disclosure, an alternative designated representative edge router is elected in the target operator edge router with VPN as granularity or routing device as granularity, and the alternative designated representative edge router Constructing Anycast_DR_Route on the above, and determining the keywords in the Anycast_DR_Route include: electing one of the operator edge routers as an alternative designated representative edge router with VPN as the granularity, and then electing as the alternative designated representative edge router Build the first Anycast_DR_Route on the operator edge router, and use the route identifier and the anycast address as the keywords of the first Anycast_DR_Route; or elect one of the operator edge routers as the standby A designated representative edge router is selected, a second Anycast_DR_Route is constructed on the operator's edge router elected as the alternative designated representative edge router, and the anycast address is used as a key of the second Anycast_DR_Route.

在本公开的一种示例性实施例中,若所述指定代表边缘路由器为ASBR设备,则所述BGP携带有所述Anycast_DR_Route的属性信息,所述属性信息包括IPv6特定扩展群组和类型信息。In an exemplary embodiment of the present disclosure, if the designated representative edge router is an ASBR device, the BGP carries attribute information of the Anycast_DR_Route, and the attribute information includes IPv6 specific extension group and type information.

在本公开的一种示例性实施例中,还包括:所述非指定代表边缘路由器接收到所述VPN路由,确定所述非指定代表边缘路由器携带有所述属性信息的下一跳路由设备的优先级低于未携带有所述属性信息的下一跳路由设备的优先级。In an exemplary embodiment of the present disclosure, the method further includes: the non-designated representative edge router receives the VPN route, and determines the next-hop routing device carrying the attribute information by the non-designated representative edge router. The priority is lower than the priority of the next-hop routing device that does not carry the attribute information.

在本公开的一种示例性实施例中,所述Anycast_DR_Route包括路由标识、地址长度、任意播地址和本端虚拟隧道端口地址。In an exemplary embodiment of the present disclosure, the Anycast_DR_Route includes a route identifier, an address length, an anycast address, and a local virtual tunnel port address.

在本公开的一种示例性实施例中,所述VPN路由的封装格式为VPNv4、VPNv6和EVPNRT5中的一种。In an exemplary embodiment of the present disclosure, the encapsulation format of the VPN route is one of VPNv4, VPNv6, and EVPNRT5.

根据本公开实施例的第二方面,提供一种Anycast场景下VPN网络节点的保护装置,包括:确定模块,设置为根据Anycast地址选取边缘路由器中的一个路由器确定为指定代表边缘路由器;所述确定模块还设置为,将所述边缘路由器中的另一个路由器确定为非指定代表边缘路由器;触发模块,设置为响应于用户边缘设备发送的路由地址,触发所述指定代表边缘路由器分配VPN标识;控制模块,设置为控制所述指定代表边缘路由器通过BGP向所述非指定代表边缘路由器通告VPN路由,所述VPN路由携带有所述VPN标识;所述触发模块还设置为,触发所述非指定代表边缘路由器根据所述指定代表边缘路由器收到的路由地址和所述用户边缘设备IP路由生成本地转发表,所述本地转发表的出向信息对应于所述用户边缘设备IP路由。According to a second aspect of the embodiments of the present disclosure, there is provided a protection device for a VPN network node in an Anycast scenario, including: a determination module configured to select one router in the edge routers according to the Anycast address and determine it as a designated representative edge router; the determining The module is also configured to determine another router in the edge router as a non-designated representative edge router; the triggering module is configured to trigger the designated representative edge router to allocate a VPN identifier in response to the routing address sent by the user edge device; control A module configured to control the designated representative edge router to advertise a VPN route to the non-designated representative edge router through BGP, and the VPN route carries the VPN identifier; the triggering module is also configured to trigger the non-designated representative edge router The edge router generates a local forwarding table according to the routing address received by the designated representative edge router and the IP route of the user edge device, and the outgoing information of the local forwarding table corresponds to the IP route of the user edge device.

根据本公开的第三方面,提供一种电子设备,包括:存储器;以及耦合到所述存储器的处理器,所述处理器被配置为基于存储在所述存储器中的指令,执行如上述任意一项所述的方法。According to a third aspect of the present disclosure, there is provided an electronic device comprising: a memory; and a processor coupled to the memory, the processor configured to execute any one of the above based on instructions stored in the memory method described in item.

根据本公开的第四方面,提供一种计算机可读存储介质,其上存储有程序,该程序被处理器执行时实现如上述任意一项所述的Anycast场景下VPN网络节点的保护方法。According to a fourth aspect of the present disclosure, there is provided a computer-readable storage medium on which a program is stored, and when the program is executed by a processor, implements the method for protecting a VPN network node in an Anycast scenario as described in any one of the above.

本公开实施例,通过根据Anycast地址选取边缘路由器中的一个路由器确定为指定代表边缘路由器,并将另一个路由器确定为非指定代表边缘路由器,触发指定代表边缘路由器分配VPN标识,并通过BGP向非指定代表边缘路由器通告VPN路由,非指定代表边缘路由器根据指定代表边缘路由器收到的路由地址和用户边缘设备IP路由生成本地转发表,本地转发表的出向信息对应于用户边缘设备IP路由,VPN路由不需要生成FRR(Fast Reroute,快速重路由)表项,也不需要部署端到端的BFD(Bidirectional Forwarding Detection,用于检测两个转发点之间故障的网络协议)检测,PE节点故障时VPN路由不需要切换,只要公网的SRv6路由Ti-LFA快速切换或者收敛,流量即可引流到备份PE节点,并正常转发到CE(用户边缘设备)设备,简化了转发流程。In this embodiment of the present disclosure, by selecting one of the edge routers according to the Anycast address and determining it as a designated representative edge router, and determining the other router as a non-designated representative edge router, the designated representative edge router is triggered to assign a VPN identifier, and the non-designated representative edge router is triggered to be assigned a VPN identifier, and the non-designated representative edge router is triggered through BGP. The designated representative edge router advertises VPN routes. The non-designated representative edge router generates a local forwarding table based on the routing address received by the designated representative edge router and the IP route of the customer edge device. The outgoing information in the local forwarding table corresponds to the customer edge device IP route and the VPN route. There is no need to generate FRR (Fast Reroute, fast rerouting) entries, and no need to deploy end-to-end BFD (Bidirectional Forwarding Detection, a network protocol for detecting faults between two forwarding points) detection, VPN routing when PE nodes fail No handover is required. As long as the SRv6 route of the public network Ti-LFA is quickly switched or converged, the traffic can be diverted to the backup PE node and forwarded to the CE (customer edge equipment) device normally, which simplifies the forwarding process.

进一步地,本公开的实施例还可以应用于ASBR(Autonomous System BorderRouter,自治系统边界路由器)设备保护场景,具有较强的适用性。Further, the embodiments of the present disclosure can also be applied to an ASBR (Autonomous System BorderRouter, autonomous system border router) device protection scenario, which has strong applicability.

应当理解的是,以上的一般描述和后文的细节描述仅是示例性和解释性的,并不能限制本公开。It is to be understood that the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the present disclosure.

附图说明Description of drawings

此处的附图被并入说明书中并构成本说明书的一部分,示出了符合本公开的实施例,并与说明书一起用于解释本公开的原理。显而易见地,下面描述中的附图仅仅是本公开的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the disclosure and together with the description serve to explain the principles of the disclosure. Obviously, the drawings in the following description are only some embodiments of the present disclosure, and for those of ordinary skill in the art, other drawings can also be obtained from these drawings without creative effort.

图1示出了本公开的一个示例性实施例中的Anycast场景下VPN网络节点的保护方法的流程图;1 shows a flowchart of a method for protecting a VPN network node in an Anycast scenario in an exemplary embodiment of the present disclosure;

图2示出了本公开的另一个示例性实施例中的Anycast场景下VPN网络节点的保护方法的流程图;2 shows a flowchart of a method for protecting a VPN network node in an Anycast scenario in another exemplary embodiment of the present disclosure;

图3示出了本公开的另一个示例性实施例中的Anycast场景下VPN网络节点的保护方法的流程图;3 shows a flowchart of a method for protecting a VPN network node in an Anycast scenario in another exemplary embodiment of the present disclosure;

图4示出了本公开的另一个示例性实施例中的Anycast场景下VPN网络节点的保护方法的流程图;4 shows a flowchart of a method for protecting a VPN network node in an Anycast scenario in another exemplary embodiment of the present disclosure;

图5示出了本公开的一个示例性实施例中的Anycast场景下VPN网络节点的保护方案的架构示意图;FIG. 5 shows a schematic diagram of the architecture of the protection scheme of the VPN network node in the Anycast scenario in an exemplary embodiment of the present disclosure;

图6示出了本公开的另一个示例性实施例中的Anycast场景下VPN网络节点的保护方案的架构示意图;FIG. 6 shows a schematic diagram of the architecture of the protection scheme of the VPN network node in the Anycast scenario in another exemplary embodiment of the present disclosure;

图7示出了本公开的另一个示例性实施例中的Anycast场景下VPN网络节点的保护方案的架构示意图;FIG. 7 shows a schematic diagram of the architecture of the protection scheme of the VPN network node in the Anycast scenario in another exemplary embodiment of the present disclosure;

图8示出了本公开的另一个示例性实施例中的Anycast场景下VPN网络节点的保护方案的架构示意图;FIG. 8 shows a schematic diagram of the architecture of the protection scheme of the VPN network node in the Anycast scenario in another exemplary embodiment of the present disclosure;

图9示出了本公开的一个示例性实施例中一种Anycast场景下VPN网络节点的保护装置的方框图;9 shows a block diagram of a protection device for a VPN network node in an Anycast scenario in an exemplary embodiment of the present disclosure;

图10示出了本公开的一个示例性实施例中一种电子设备的方框图。FIG. 10 shows a block diagram of an electronic device in an exemplary embodiment of the present disclosure.

具体实施方式Detailed ways

现在将参考附图更全面地描述示例实施方式。然而,示例实施方式能够以多种形式实施,且不应被理解为限于在此阐述的范例;相反,提供这些实施方式使得本公开将更加全面和完整,并将示例实施方式的构思全面地传达给本领域的技术人员。所描述的特征、结构或特性可以以任何合适的方式结合在一个或更多实施方式中。在下面的描述中,提供许多具体细节从而给出对本公开的实施方式的充分理解。然而,本领域技术人员将意识到,可以实践本公开的技术方案而省略所述特定细节中的一个或更多,或者可以采用其它的方法、组元、装置、步骤等。在其它情况下,不详细示出或描述公知技术方案以避免喧宾夺主而使得本公开的各方面变得模糊。Example embodiments will now be described more fully with reference to the accompanying drawings. Example embodiments, however, can be embodied in various forms and should not be construed as limited to the examples set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of example embodiments to those skilled in the art. The described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided in order to give a thorough understanding of the embodiments of the present disclosure. However, those skilled in the art will appreciate that the technical solutions of the present disclosure may be practiced without one or more of the specific details, or other methods, components, devices, steps, etc. may be employed. In other instances, well-known solutions have not been shown or described in detail to avoid obscuring aspects of the present disclosure.

此外,附图仅为本公开的示意性图解,图中相同的附图标记表示相同或类似的部分,因而将省略对它们的重复描述。附图中所示的一些方框图是功能实体,不一定必须与物理或逻辑上独立的实体相对应。可以采用软件形式来实现这些功能实体,或在一个或硬件模块或集成电路中实现这些功能实体,或在不同网络和/或处理器装置和/或微控制器装置中实现这些功能实体。In addition, the drawings are merely schematic illustrations of the present disclosure, and the same reference numerals in the drawings denote the same or similar parts, and thus their repeated descriptions will be omitted. Some of the block diagrams shown in the figures are functional entities that do not necessarily necessarily correspond to physically or logically separate entities. These functional entities may be implemented in software, or in one or a hardware module or integrated circuit, or in different networks and/or processor devices and/or microcontroller devices.

本公开的技术方案涉及到以下重要概念。The technical solutions of the present disclosure involve the following important concepts.

(1)SRV6:通过SR(Segment Routing,段路由)技术在网络中的首节点规划并建立端到端连接的路径,中间节点只需转发、无需维护连接状态,SRV6结合了IPv6(第六代互联网)技术和SR技术,不再需要使用独立的信令协议来为网络中每个节点分发标签,同时,SRv6只需要在原由Ipv6的基础上进行扩展,即可使用Ipv6隧道转发数据而不需要额外使用MPLS(Multi-Protocol Label Switching,多协议标签转换)隧道来进行数据转发。(1) SRV6: Through SR (Segment Routing, segment routing) technology, the first node in the network plans and establishes an end-to-end connection path. The intermediate nodes only need to forward and do not need to maintain the connection state. SRV6 combines IPv6 (sixth generation) Internet) technology and SR technology, it is no longer necessary to use an independent signaling protocol to distribute labels for each node in the network. At the same time, SRv6 only needs to be extended on the basis of the original IPv6, and the IPv6 tunnel can be used to forward data without the need for Additional use of MPLS (Multi-Protocol Label Switching, Multi-Protocol Label Switching) tunnel for data forwarding.

(2)VPN概念中,把整个网络中的路由器分为三类:用户边缘路由器(CE)、运营商边缘路由器(PE)和运营商骨干路由器(P);其中,PE充当IP VPN接入路由器。(2) In the VPN concept, the routers in the entire network are divided into three categories: customer edge routers (CE), carrier edge routers (PE) and carrier backbone routers (P); among them, PE acts as an IP VPN access router .

(2.1)、PE(Provider Edge):即Provide的边缘设备,服务提供商骨干网的边缘路由器,它相当于标签边缘路由器(LER)。PE路由器连接CE路由器和P路由器,是最重要的网络节点。用户的流量通过PE路由器流入用户网络,或者通过PE路由器流到MPLS骨干网。(2.1), PE (Provider Edge): the edge device of Provide, the edge router of the service provider's backbone network, which is equivalent to the label edge router (LER). The PE router connects the CE router and the P router and is the most important network node. The user's traffic flows into the user network through the PE router, or flows to the MPLS backbone network through the PE router.

(2.2)、CE(Customer Edge):用户边缘设备,服务提供商所连接的用户端路由器。CE路由器通过连接一个或多个PE路由器,为用户提供服务接入。CE路由器通常是一台IP路由器,它与连接的PE路由器建立邻接关系。(2.2), CE (Customer Edge): customer edge equipment, the customer end router connected to the service provider. CE routers provide service access for users by connecting to one or more PE routers. A CE router is usually an IP router that establishes an adjacency relationship with the connected PE router.

(3)EVPN:Ethernet VPN,它最开始由RFC7432定义,RFC全拼为BGP MPLS-BasedEthernet VPN,EVPN也被用来传递IP路由信息,作为VXLAN等overlay网络的控制层,用来作为数据中心互联的控制层等。(3) EVPN: Ethernet VPN, which was originally defined by RFC7432. The RFC is spelled BGP MPLS-BasedEthernet VPN. EVPN is also used to transmit IP routing information, as the control layer of overlay networks such as VXLAN, and used as data center interconnection control layer, etc.

(4)BGP:Border Gateway Protocol,边界网关协议,用于在不同的自治系统(AS)之间交换路由信息。当两个AS需要交换路由信息时,每个AS都必须指定一个运行BGP的节点,来代表AS与其他的AS交换路由信息,BGP使用TCP(Transmission Control Protocol传输控制协议)作为传输层协议。(4) BGP: Border Gateway Protocol, which is used to exchange routing information between different autonomous systems (AS). When two ASs need to exchange routing information, each AS must designate a node running BGP to exchange routing information with other ASs on behalf of the AS. BGP uses TCP (Transmission Control Protocol) as the transport layer protocol.

(5)RD:route distinguisher,64bits,用于区分使用相同地址空间的IPv4前缀,增加了RD的IPv4地址称为VPN-IPv4地址(即VPNv4地址)。PE从CE接收到IPv4路由后,转换为全局唯一的VPN-IPv4路由,并在公网上发布。(5) RD: route distinguisher, 64 bits, used to distinguish IPv4 prefixes that use the same address space, and the IPv4 address with RD added is called a VPN-IPv4 address (ie, a VPNv4 address). After the PE receives the IPv4 route from the CE, it converts it into a globally unique VPN-IPv4 route and advertises it on the public network.

(6)RT:Route Target,用来区分VPN customer(客户端),是BGP community(群组)的扩展属性,在VRF中进行配置,其跟在VPNv4前缀后面被一起传递,一条路由可以附加多个RT值。(6) RT: Route Target, used to distinguish VPN customers (clients), is an extended attribute of BGP community (groups), configured in VRF, and transmitted together with the VPNv4 prefix, a route can be attached with multiple RT value.

如图5所示,Anycast场景下VPN网络节点的保护架构包括:两个用户边缘设备分别记作第一用户边缘设备CE1和第二用户边缘设备CE2;四个运营商边缘路由器分别记作第一运营商边缘路由器PE1、第二运营商边缘路由器PE2、第三运营商边缘路由器PE3和第四运营商边缘路由器PE4;两个骨干运营商骨干路由器分别记作第一运营商骨干路由器P1和第二运营商骨干路由器P2。As shown in Figure 5, the protection architecture of the VPN network node in the Anycast scenario includes: two user edge devices are respectively recorded as the first user edge device CE1 and the second user edge device CE2; four operator edge routers are respectively recorded as the first user edge device CE1 and the second user edge device CE2. The carrier edge router PE1, the second carrier edge router PE2, the third carrier edge router PE3 and the fourth carrier edge router PE4; the two backbone carrier backbone routers are respectively recorded as the first carrier backbone router P1 and the second carrier backbone router P1. Carrier backbone router P2.

在本公开的一种示例性实施例中,第一运营商边缘路由器PE1和第二运营商边缘路由器PE2之间实现Anycast1交互。In an exemplary embodiment of the present disclosure, Anycast1 interaction is implemented between the first carrier edge router PE1 and the second carrier edge router PE2.

在本公开的一种示例性实施例中,第三运营商边缘路由器PE3和第四运营商边缘路由器PE4之间实现Anycast3交互。In an exemplary embodiment of the present disclosure, Anycast3 interaction is implemented between the third carrier edge router PE3 and the fourth carrier edge router PE4.

在本公开的一种示例性实施例中,第一运营商骨干路由器P1和第二运营商骨干路由器P2之间实现Anycast2交互。In an exemplary embodiment of the present disclosure, Anycast2 interaction is implemented between the backbone router P1 of the first operator and the backbone router P2 of the second operator.

如图5所示的实施例中,PE节点需要维护多个VPN标签空间,且上游P节点需要维护状态表项,整个过程转发处理复杂,不利于大网运维管理。In the embodiment shown in FIG. 5 , the PE node needs to maintain multiple VPN label spaces, and the upstream P node needs to maintain state table entries. The whole process of forwarding processing is complicated, which is not conducive to large network operation and maintenance management.

下面结合附图1至图10对本公开示例实施方式进行详细说明。Exemplary embodiments of the present disclosure will be described in detail below with reference to FIGS. 1 to 10 .

图1是本公开示例性实施例中Anycast场景下VPN网络节点的保护方法的流程图。FIG. 1 is a flowchart of a method for protecting a VPN network node in an Anycast scenario in an exemplary embodiment of the present disclosure.

参考图1,Anycast场景下VPN网络节点的保护方法可以包括:Referring to FIG. 1, the protection method of the VPN network node in the Anycast scenario may include:

步骤S102,根据Anycast地址选取边缘路由器中的一个路由器确定为指定代表边缘路由器。In step S102, one router in the edge routers is selected according to the Anycast address and determined as the designated representative edge router.

步骤S104,将所述边缘路由器中的另一个路由器确定为非指定代表边缘路由器。Step S104, determining another router in the edge routers as a non-designated representative edge router.

步骤S106,响应于用户边缘设备发送的路由地址,触发所述指定代表边缘路由器分配VPN标识。Step S106, in response to the routing address sent by the user edge device, trigger the designated representative edge router to assign a VPN identifier.

步骤S108,控制所述指定代表边缘路由器通过BGP向所述非指定代表边缘路由器通告VPN路由,所述VPN路由携带有所述VPN标识。Step S108, controlling the designated representative edge router to advertise a VPN route to the non-designated representative edge router through BGP, where the VPN route carries the VPN identifier.

步骤S110,触发所述非指定代表边缘路由器根据所述指定代表边缘路由器收到的路由地址和所述用户边缘设备IP路由生成本地转发表,所述本地转发表的出向信息对应于所述用户边缘设备IP路由。Step S110, triggering the non-designated representative edge router to generate a local forwarding table according to the routing address received by the designated representative edge router and the IP route of the user edge device, and the outgoing information of the local forwarding table corresponds to the user edge. Device IP routing.

本公开实施例,通过根据Anycast地址选取边缘路由器中的一个路由器确定为指定代表边缘路由器,并将另一个路由器确定为非指定代表边缘路由器,触发指定代表边缘路由器分配VPN标识,并通过BGP向非指定代表边缘路由器通告VPN路由,非指定代表边缘路由器根据指定代表边缘路由器收到的路由地址和用户边缘设备IP路由生成本地转发表,本地转发表的出向信息对应于用户边缘设备IP路由,VPN路由不需要生成FRR(Fast Reroute,快速重路由)表项,也不需要部署端到端的BFD(Bidirectional Forwarding Detection,用于检测两个转发点之间故障的网络协议)检测,PE节点故障时VPN路由不需要切换,只要公网的SRv6路由Ti-LFA快速切换或者收敛,流量即可引流到备份PE节点,并正常转发到CE(用户边缘设备)设备,简化了转发流程。In this embodiment of the present disclosure, by selecting one of the edge routers according to the Anycast address and determining it as a designated representative edge router, and determining the other router as a non-designated representative edge router, the designated representative edge router is triggered to assign a VPN identifier, and the non-designated representative edge router is triggered to be assigned a VPN identifier, and the non-designated representative edge router is triggered through BGP. The designated representative edge router advertises VPN routes. The non-designated representative edge router generates a local forwarding table based on the routing address received by the designated representative edge router and the IP route of the customer edge device. The outgoing information in the local forwarding table corresponds to the customer edge device IP route and the VPN route. There is no need to generate FRR (Fast Reroute, fast rerouting) entries, and no need to deploy end-to-end BFD (Bidirectional Forwarding Detection, a network protocol for detecting faults between two forwarding points) detection, VPN routing when PE nodes fail No handover is required. As long as the SRv6 route of the public network Ti-LFA is quickly switched or converged, the traffic can be diverted to the backup PE node and forwarded to the CE (customer edge equipment) device normally, which simplifies the forwarding process.

下面,结合图2至图4对Anycast场景下VPN网络节点的保护方法的各步骤进行详细说明。Below, each step of the protection method of the VPN network node in the Anycast scenario will be described in detail with reference to FIG. 2 to FIG. 4 .

在本公开的一种示例性实施例中,如图2所示,根据Anycast地址选取边缘路由器中的一个路由器确定为指定代表边缘路由器包括:In an exemplary embodiment of the present disclosure, as shown in FIG. 2 , selecting one of the edge routers according to the Anycast address and determining it as the designated representative edge router includes:

步骤S202,确定部署有相同VPN和相同Anycast地址的目标运营商边缘路由器。Step S202: Determine the target operator edge routers deployed with the same VPN and the same Anycast address.

步骤S204,以VPN为粒度或以路由设备为粒度在所述目标运营商边缘路由器中选举出备选指定代表边缘路由器,在所述备选指定代表边缘路由器上构建Anycast_DR_Route,并确定所述Anycast_DR_Route中的关键字。Step S204, electing an alternative designated representative edge router in the target operator edge router with the VPN as the granularity or the routing device as the granularity, constructing Anycast_DR_Route on the alternative designated representative edge router, and determining in the Anycast_DR_Route keyword.

步骤S206,根据所述关键字对Anycast_DR_Route进行排序。Step S206: Sort Anycast_DR_Route according to the keywords.

步骤S208,根据所述排序的结果确定所述备选指定代表边缘路由器中的一个为指定代表边缘路由器。Step S208, according to the result of the sorting, determine that one of the alternative designated representative edge routers is the designated representative edge router.

在本公开的一种示例性实施例中,Anycast_DR_Route包括内容如下表1所示:In an exemplary embodiment of the present disclosure, Anycast_DR_Route includes contents as shown in Table 1 below:

表1 Anycast_DR_RouteTable 1 Anycast_DR_Route

Figure BDA0003421492830000091
Figure BDA0003421492830000091

在本公开的一种示例性实施例中,从部署了相同VPN和Anycast地址的一组设备中选举出DR设备,在PE设备上构造Anycast_DR_Route,“RD”填VPN的RD1,“Anycast IPv6Address”为设备配置的公网Anycast IPv6地址,“Originating Router's IP Address”为能唯一标识PE设备的地址,可以是设备Router-ID,同时携带VPN的RT属性。In an exemplary embodiment of the present disclosure, a DR device is elected from a group of devices deployed with the same VPN and Anycast address, and Anycast_DR_Route is constructed on the PE device, where "RD" fills in the RD1 of the VPN, and "Anycast IPv6Address" is The public network Anycast IPv6 address configured on the device, "Originating Router's IP Address" is the address that can uniquely identify the PE device, which can be the router-ID of the device, and carries the RT attribute of the VPN.

在本公开的一种示例性实施例中,如图3所示,以VPN为粒度或以路由设备为粒度在所述目标运营商边缘路由器中的选举出备选指定代表边缘路由器,在所述备选指定代表边缘路由器上构建Anycast_DR_Route,并确定所述Anycast_DR_Route中的关键字包括:In an exemplary embodiment of the present disclosure, as shown in FIG. 3 , an alternative designated representative edge router is elected in the target operator edge router with VPN as granularity or routing device as granularity. The alternative designation represents the construction of Anycast_DR_Route on the edge router, and determines that the keywords in the Anycast_DR_Route include:

步骤S302,以VPN为粒度选举出所述运营商边缘路由器中的一个作为备选指定代表边缘路由器,在被选举为所述备选指定代表边缘路由器的运营商边缘路由器上构建第一Anycast_DR_Route,并将路由标识和任意播地址作为所述第一Anycast_DR_Route的关键字。Step S302, electing one of the operator edge routers as an alternative designated representative edge router with VPN as the granularity, and constructing a first Anycast_DR_Route on the operator edge router elected as the alternative designated representative edge router, and The route identifier and the anycast address are used as the keywords of the first Anycast_DR_Route.

步骤S304,或以路由设备为粒度选举出所述运营商边缘路由器中的一个作为所述备选指定代表边缘路由器,在被选举为所述备选指定代表边缘路由器的运营商边缘路由器上构建第二Anycast_DR_Route,并将所述任意播地址作为所述第二Anycast_DR_Route的关键字。Step S304, or elect one of the operator edge routers as the alternative designated representative edge router with the routing device as the granularity, and construct the first edge router on the operator edge router elected as the alternative designated representative edge router. Second Anycast_DR_Route, and use the anycast address as the key of the second Anycast_DR_Route.

在本公开的一种示例性实施例中,在图5所示架构的基础上,如图6所示,选举DR设备包括以下实施方式:In an exemplary embodiment of the present disclosure, on the basis of the architecture shown in FIG. 5 , as shown in FIG. 6 , the device for electing a DR includes the following implementations:

(1)在PE3和PE4之间选举出DR设备602,DR设备602负责自动分配VPN SID,非DR设备604作为镜像设备使用VPN SID(Security Identifiers,安全标识符),简称为VPN标识。(1) A DR device 602 is elected between PE3 and PE4. The DR device 602 is responsible for automatically assigning VPN SIDs, and the non-DR devices 604 use VPN SIDs (Security Identifiers) as mirror devices, which are referred to as VPN identifiers for short.

(2)DR设备602PE4收到CE侧路由IP1后通过BGP通告(只传递最优路由路径)L3VPN路由,L3VPN路由可以为封装格式可以为VPNv4、VPNv6和EVPN RT5中的一种,携带自动分配VPN SID。(2) The DR device 602PE4 advertises the L3VPN route through BGP after receiving the CE-side route IP1 (only the optimal routing path is delivered), and the L3VPN route can be encapsulated in one of VPNv4, VPNv6, and EVPN RT5, and carries the automatic distribution VPN. SID.

(3)非DR设备604PE3收到CE侧路由IP1后不需要对外通告,根据收到的PE4收到的路由IP1和CE侧IP1路由生成本地转发表。PE3上IP1的VPN SID和PE4通告的IP1路由的VPNSID相同,例如“Anycast Locator3”,但转发表出向信息(出接口、下一跳等)使用CE侧IP1路由的信息。(3) The non-DR device 604 PE3 does not need to advertise the route IP1 on the CE side after receiving the route IP1, and generates a local forwarding table according to the route IP1 received by the PE4 and the IP1 route on the CE side. The VPN SID of IP1 on PE3 is the same as the VPNSID of the IP1 route advertised by PE4, for example, "Anycast Locator3", but the outgoing information (outbound interface, next hop, etc.) of the forwarding table uses the information of the IP1 route on the CE side.

如图7所示,PE3的loopback1(回环)地址为11::1::1,Anycast IP为10::1:1,VPN1为RD1/RT1。PE4的loopback1(回环)地址为11::2::2,Anycast IP为10::1:1,VPN1为RD1/RT1。As shown in Figure 7, the loopback1 address of PE3 is 11::1::1, the Anycast IP is 10::1:1, and the VPN1 is RD1/RT1. The loopback1 address of PE4 is 11::2::2, the Anycast IP is 10::1:1, and the VPN1 is RD1/RT1.

在本公开的一种示例性实施例中,若所述指定代表边缘路由器为ASBR设备,则所述BGP携带有所述Anycast_DR_Route的属性信息,所述属性信息包括IPv6特定扩展群组和类型信息。In an exemplary embodiment of the present disclosure, if the designated representative edge router is an ASBR device, the BGP carries attribute information of the Anycast_DR_Route, and the attribute information includes IPv6 specific extension group and type information.

在本公开的一种示例性实施例中,Anycast VPN保护机制应用于ASBR设备,可以基于设备选举DR角色,即Anycast_DR_Route路由的RD字段不用填。In an exemplary embodiment of the present disclosure, the Anycast VPN protection mechanism is applied to the ASBR device, and the DR role can be elected based on the device, that is, the RD field of the Anycast_DR_Route route does not need to be filled.

在本公开的一种示例性实施例中,如图4所示,Anycast场景下VPN网络节点的保护方法还包括:In an exemplary embodiment of the present disclosure, as shown in FIG. 4 , the protection method for a VPN network node in the Anycast scenario further includes:

步骤S402,所述非指定代表边缘路由器接收到所述VPN路由,确定所述非指定代表边缘路由器携带有所述属性信息的下一跳路由设备的优先级低于未携带有所述属性信息的下一跳路由设备的优先级。Step S402, the non-designated representative edge router receives the VPN route, and determines that the non-designated representative edge router carries the attribute information The priority of the next-hop routing device that does not carry the attribute information is lower than the priority of the next-hop routing device that does not carry the attribute information. The priority of the next-hop routing device.

在本公开的一种示例性实施例中,如图8所示,非DR设备804收到DR设备802的VPN路由后,携带Anycast_DR属性下一跳优先级低于不带该属性的下一跳,以此保障从PE通告的路由优先生效而不是DR设备02,即在ASBR2(自治系统边界路由器)设备上和ASBR1(自治系统边界路由器)一样也生成了以“Locator2:Fun1”为VPN SID的转发表项。In an exemplary embodiment of the present disclosure, as shown in FIG. 8 , after the non-DR device 804 receives the VPN route of the DR device 802, the priority of the next hop carrying the Anycast_DR attribute is lower than that of the next hop without this attribute , so as to ensure that the route advertised from the PE takes precedence instead of the DR device 02, that is, the ASBR2 (autonomous system border router) device is also generated on the ASBR1 (autonomous system border router) with "Locator2: Fun1" as the VPN SID. Forward the entry.

在本公开的一种示例性实施例中,所述Anycast_DR_Route包括路由标识、地址长度、任意播地址和本端虚拟隧道端口地址。In an exemplary embodiment of the present disclosure, the Anycast_DR_Route includes a route identifier, an address length, an anycast address, and a local virtual tunnel port address.

在本公开的一种示例性实施例中,所述VPN路由的封装格式为VPNv4、VPNv6和EVPNRT5中的一种。In an exemplary embodiment of the present disclosure, the encapsulation format of the VPN route is one of VPNv4, VPNv6, and EVPNRT5.

在本公开的一种示例性实施例中,BGP VPNv4、VPNv6和EVPN RT5路由按照设备的DR角色决定是否自动分配本地的VPN SID,只有DR设备自动分配VPN SID,并往BGP邻居通告路由。通告时携带新增的可传递Anycast_DR_Route属性,Anycast_DR_Route属性为BGPIPv6-Address-Specific Extended Community(特定扩展群组)属性。In an exemplary embodiment of the present disclosure, BGP VPNv4, VPNv6, and EVPN RT5 routes determine whether to automatically assign a local VPN SID according to the DR role of the device, and only the DR device automatically assigns the VPN SID and advertises routes to BGP neighbors. The advertisement carries the newly delivered Anycast_DR_Route attribute, and the Anycast_DR_Route attribute is the BGPIPv6-Address-Specific Extended Community (specific extended group) attribute.

在本公开的一种示例性实施例中,Anycast_DR_Route属性定义如下表2所示:In an exemplary embodiment of the present disclosure, the Anycast_DR_Route attribute is defined as shown in Table 2 below:

表2Table 2

Type=0x0012(新增类型)Type=0x0012 (new type) IPv6地址(填IPV6 Anycast地址)IPv6 address (fill in the IPV6 Anycast address)

对应于上述方法实施例,本公开还提供一种Anycast场景下VPN网络节点的保护装置,可以用于执行上述方法实施例。Corresponding to the above method embodiments, the present disclosure further provides a protection device for VPN network nodes in an Anycast scenario, which can be used to execute the above method embodiments.

图9是本公开示例性实施例中一种Anycast场景下VPN网络节点的保护装置的方框图。FIG. 9 is a block diagram of an apparatus for protecting a VPN network node in an Anycast scenario in an exemplary embodiment of the present disclosure.

参考图9,Anycast场景下VPN网络节点的保护装置900可以包括:Referring to FIG. 9 , the protection device 900 of the VPN network node in the Anycast scenario may include:

确定模块902,设置为根据Anycast地址选取边缘路由器中的一个路由器确定为指定代表边缘路由器。The determining module 902 is configured to select one router in the edge routers according to the Anycast address and determine it as the designated representative edge router.

所述确定模块902,设置为将所述边缘路由器中的另一个路由器确定为非指定代表边缘路由器。The determining module 902 is configured to determine another router in the edge routers as a non-designated representative edge router.

触发模块904,设置为响应于用户边缘设备发送的路由地址,触发所述指定代表边缘路由器分配VPN标识。The triggering module 904 is configured to trigger the designated representative edge router to assign the VPN identifier in response to the routing address sent by the user edge device.

控制模块906,设置为控制所述指定代表边缘路由器通过BGP向所述非指定代表边缘路由器通告VPN路由,所述VPN路由携带有所述VPN标识。The control module 906 is configured to control the designated representative edge router to advertise a VPN route to the non-designated representative edge router through BGP, where the VPN route carries the VPN identifier.

所述触发模块904,设置为触发所述非指定代表边缘路由器根据所述指定代表边缘路由器收到的路由地址和所述用户边缘设备IP路由生成本地转发表,所述本地转发表的出向信息对应于所述用户边缘设备IP路由。The triggering module 904 is configured to trigger the non-designated representative edge router to generate a local forwarding table according to the routing address received by the designated representative edge router and the IP route of the user edge device, and the outgoing information of the local forwarding table corresponds to routed to the user edge device IP.

在本公开的一种示例性实施例中,所述确定模块902还用于:确定部署有相同VPN和相同Anycast地址的目标运营商边缘路由器;以VPN为粒度或以路由设备为粒度在所述目标运营商边缘路由器中选举出备选指定代表边缘路由器,在所述备选指定代表边缘路由器上构建Anycast_DR_Route,并确定所述Anycast_DR_Route中的关键字;根据所述关键字对Anycast_DR_Route进行排序;根据所述排序的结果确定所述备选指定代表边缘路由器中的一个为指定代表边缘路由器。In an exemplary embodiment of the present disclosure, the determining module 902 is further configured to: determine the target operator edge router deployed with the same VPN and the same Anycast address; Selecting an alternative designated representative edge router from the target operator's edge router, constructing Anycast_DR_Route on the alternative designated representative edge router, and determining the keywords in the Anycast_DR_Route; sorting the Anycast_DR_Route according to the keywords; The result of the sorting determines that one of the alternative designated representative edge routers is the designated representative edge router.

在本公开的一种示例性实施例中,所述确定模块902还用于:以VPN为粒度选举出所述运营商边缘路由器中的一个作为备选指定代表边缘路由器,在被选举为所述备选指定代表边缘路由器的运营商边缘路由器上构建第一Anycast_DR_Route,并将路由标识和任意播地址作为所述第一Anycast_DR_Route的关键字;或以路由设备为粒度选举出所述运营商边缘路由器中的一个作为所述备选指定代表边缘路由器,在被选举为所述备选指定代表边缘路由器的运营商边缘路由器上构建第二Anycast_DR_Route,并将所述任意播地址作为所述第二Anycast_DR_Route的关键字。In an exemplary embodiment of the present disclosure, the determining module 902 is further configured to: elect one of the operator edge routers as an alternative designated representative edge router with VPN as the granularity, The alternative designation is to construct the first Anycast_DR_Route on the operator edge router representing the edge router, and use the route identifier and the anycast address as the keywords of the first Anycast_DR_Route; or elect the operator edge router with the routing device as granularity as the alternative designated representative edge router, construct a second Anycast_DR_Route on the operator edge router elected as the alternative designated representative edge router, and use the anycast address as the key of the second Anycast_DR_Route Character.

在本公开的一种示例性实施例中,若所述指定代表边缘路由器为ASBR设备,则所述BGP携带有所述Anycast_DR_Route的属性信息,所述属性信息包括IPv6特定扩展群组和类型信息。In an exemplary embodiment of the present disclosure, if the designated representative edge router is an ASBR device, the BGP carries attribute information of the Anycast_DR_Route, and the attribute information includes IPv6 specific extension group and type information.

在本公开的一种示例性实施例中,所述确定模块902还用于:所述非指定代表边缘路由器接收到所述VPN路由,确定所述非指定代表边缘路由器携带有所述属性信息的下一跳路由设备的优先级低于未携带有所述属性信息的下一跳路由设备的优先级。In an exemplary embodiment of the present disclosure, the determining module 902 is further configured to: the non-designated representative edge router receives the VPN route, and determines that the non-designated representative edge router carries the attribute information. The priority of the next-hop routing device is lower than the priority of the next-hop routing device that does not carry the attribute information.

在本公开的一种示例性实施例中,所述Anycast_DR_Route包括路由标识、地址长度、任意播地址和本端虚拟隧道端口地址。In an exemplary embodiment of the present disclosure, the Anycast_DR_Route includes a route identifier, an address length, an anycast address, and a local virtual tunnel port address.

在本公开的一种示例性实施例中,所述VPN路由的封装格式为VPNv4、VPNv6和EVPNRT5中的一种。In an exemplary embodiment of the present disclosure, the encapsulation format of the VPN route is one of VPNv4, VPNv6, and EVPNRT5.

由于Anycast场景下VPN网络节点的保护装置900的各功能已在其对应的方法实施例中予以详细说明,本公开于此不再赘述。Since the functions of the protection device 900 for the VPN network node in the Anycast scenario have been described in detail in the corresponding method embodiments, the present disclosure will not repeat them here.

综上,本公开的实施例公开的Anycast场景下VPN网络节点的保护方案至少具备以下优点:To sum up, the protection solutions for VPN network nodes in the Anycast scenario disclosed by the embodiments of the present disclosure have at least the following advantages:

(1)定义协商机制:对于L3VPN业务或L3EVPN业务而言,PE3和PE4对外通告路由携带相同SRV6 VPN SID,VPN路由通过迭代的公网anycast地址,将VPN流量转发到任一出PE设备都能正确处理。(1) Define the negotiation mechanism: For L3VPN services or L3EVPN services, PE3 and PE4 advertise routes carrying the same SRV6 VPN SID, and VPN routes forward VPN traffic to any outgoing PE device through the iterative public network anycast address. handle it correctly.

(2)对应设备的VPN路由不需要生成和维护FRR表项,也不需要部署端到端的BFD检测。(2) The VPN route of the corresponding device does not need to generate and maintain FRR entries, nor does it need to deploy end-to-end BFD detection.

(3)PE节点故障时VPN路由不需要切换,只要公网的SRV6路由Ti-LFA快速切换或者收敛,流量即可引流到备份PE节点,并正常转发到CE设备。(3) The VPN route does not need to be switched when the PE node fails. As long as the SRV6 route Ti-LFA of the public network is quickly switched or converged, the traffic can be diverted to the backup PE node and forwarded to the CE device normally.

应当注意,尽管在上文详细描述中提及了用于动作执行的设备的若干模块或者单元,但是这种划分并非强制性的。实际上,根据本公开的实施方式,上文描述的两个或更多模块或者单元的特征和功能可以在一个模块或者单元中具体化。反之,上文描述的一个模块或者单元的特征和功能可以进一步划分为由模块或者单元来具体化。It should be noted that although several modules or units of the apparatus for action performance are mentioned in the above detailed description, this division is not mandatory. Indeed, according to embodiments of the present disclosure, the features and functions of two or more modules or units described above may be embodied in one module or unit. Conversely, the features and functions of a module or unit described above may be further divided into modules or units to be embodied.

在本公开的示例性实施例中,还提供了一种能够实现上述方法的电子设备。In an exemplary embodiment of the present disclosure, an electronic device capable of implementing the above method is also provided.

所属技术领域的技术人员能够理解,本发明的各个方面可以实现为系统、方法或程序产品。因此,本发明的各个方面可以具体实现为以下形式,即:完全的硬件实施方式、完全的软件实施方式(包括固件、微代码等),或硬件和软件方面结合的实施方式,这里可以统称为“电路”、“模块”或“系统”。As will be appreciated by one skilled in the art, various aspects of the present invention may be implemented as a system, method or program product. Therefore, various aspects of the present invention can be embodied in the following forms: a complete hardware implementation, a complete software implementation (including firmware, microcode, etc.), or a combination of hardware and software aspects, which may be collectively referred to herein as implementations "circuit", "module" or "system".

下面参照图10来描述根据本发明的这种实施方式的电子设备1000。图10显示的电子设备1000仅仅是一个示例,不应对本发明实施例的功能和使用范围带来任何限制。The electronic device 1000 according to this embodiment of the present invention is described below with reference to FIG. 10 . The electronic device 1000 shown in FIG. 10 is only an example, and should not impose any limitations on the function and scope of use of the embodiments of the present invention.

如图10所示,电子设备1000以通用计算设备的形式表现。电子设备1000的组件可以包括但不限于:上述至少一个处理单元1010、上述至少一个存储单元1020、连接不同系统组件(包括存储单元1020和处理单元1010)的总线1030。As shown in FIG. 10, electronic device 1000 takes the form of a general-purpose computing device. Components of the electronic device 1000 may include, but are not limited to, the above-mentioned at least one processing unit 1010 , the above-mentioned at least one storage unit 1020 , and a bus 1030 connecting different system components (including the storage unit 1020 and the processing unit 1010 ).

其中,所述存储单元存储有程序代码,所述程序代码可以被所述处理单元1010执行,使得所述处理单元1010执行本说明书上述“示例性方法”部分中描述的根据本发明各种示例性实施方式的步骤。例如,所述处理单元1010可以执行如本公开实施例所示的方法。Wherein, the storage unit stores program codes, and the program codes can be executed by the processing unit 1010, so that the processing unit 1010 executes various exemplary methods according to the present invention described in the above-mentioned “Exemplary Methods” section of this specification Implementation steps. For example, the processing unit 1010 may execute the methods shown in the embodiments of the present disclosure.

存储单元1020可以包括易失性存储单元形式的可读介质,例如随机存取存储单元(RAM)10201和/或高速缓存存储单元10202,还可以进一步包括只读存储单元(ROM)10203。The storage unit 1020 may include a readable medium in the form of a volatile storage unit, such as a random access storage unit (RAM) 10201 and/or a cache storage unit 10202 , and may further include a read only storage unit (ROM) 10203 .

存储单元1020还可以包括具有一组(至少一个)程序模块10205的程序/实用工具10204,这样的程序模块10205包括但不限于:操作系统、一个或者应用程序、其它程序模块以及程序数据,这些示例中的每一个或某种组合中可能包括网络环境的实现。The storage unit 1020 may also include a program/utility 10204 having a set (at least one) of program modules 10205, such program modules 10205 including, but not limited to: an operating system, an or application program, other program modules, and program data, examples of which are Each or some combination of these may include an implementation of a network environment.

总线1030可以为表示几类总线结构中的一种或多种,包括存储单元总线或者存储单元控制器、外围总线、图形加速端口、处理单元或者使用多种总线结构中的任意总线结构的局域总线。The bus 1030 may be representative of one or more of several types of bus structures, including a memory cell bus or memory cell controller, a peripheral bus, a graphics acceleration port, a processing unit, or a local area using any of a variety of bus structures bus.

电子设备1000也可以与一个或外部设备1040(例如键盘、指向设备、蓝牙设备等)通信,还可与一个或者使得用户能与该电子设备1000交互的设备通信,和/或与使得该电子设备1000能与一个或其它计算设备进行通信的任何设备(例如路由器、调制解调器等等)通信。这种通信可以通过输入/输出(I/O)接口1050进行。并且,电子设备1000还可以通过网络适配器1060与一个或者网络(例如局域网(LAN),广域网(WAN)和/或公共网络,例如因特网)通信。如图所示,网络适配器1060通过总线1030与电子设备1000的其它模块通信。应当明白,尽管图中未示出,可以结合电子设备1000使用其它硬件和/或软件模块,包括但不限于:微代码、设备驱动器、冗余处理单元、外部磁盘驱动阵列、RAID系统、磁带驱动器以及数据备份存储系统等。The electronic device 1000 may also communicate with one or an external device 1040 (eg, a keyboard, pointing device, Bluetooth device, etc.), a device or a device that enables a user to interact with the electronic device 1000, and/or a device that enables the electronic device 1000 1000 can communicate with any device (eg, router, modem, etc.) that communicates with one or other computing devices. Such communication may occur through input/output (I/O) interface 1050 . Also, the electronic device 1000 may communicate with one or a network (eg, a local area network (LAN), a wide area network (WAN), and/or a public network such as the Internet) through a network adapter 1060 . As shown, network adapter 1060 communicates with other modules of electronic device 1000 via bus 1030 . It should be appreciated that, although not shown, other hardware and/or software modules may be used in conjunction with electronic device 1000, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives and data backup storage systems.

通过以上的实施方式的描述,本领域的技术人员易于理解,这里描述的示例实施方式可以通过软件实现,也可以通过软件结合必要的硬件的方式来实现。因此,根据本公开实施方式的技术方案可以以软件产品的形式体现出来,该软件产品可以存储在一个非易失性存储介质(可以是CD-ROM,U盘,移动硬盘等)中或网络上,包括若干指令以使得一台计算设备(可以是个人计算机、服务器、终端装置、或者网络设备等)执行根据本公开实施方式的方法。From the description of the above embodiments, those skilled in the art can easily understand that the exemplary embodiments described herein may be implemented by software, or may be implemented by software combined with necessary hardware. Therefore, the technical solutions according to the embodiments of the present disclosure may be embodied in the form of software products, and the software products may be stored in a non-volatile storage medium (which may be CD-ROM, U disk, mobile hard disk, etc.) or on the network , including several instructions to cause a computing device (which may be a personal computer, a server, a terminal device, or a network device, etc.) to execute the method according to an embodiment of the present disclosure.

在本公开的示例性实施例中,还提供了一种计算机可读存储介质,其上存储有能够实现本说明书上述方法的程序产品。在一些可能的实施方式中,本发明的各个方面还可以实现为一种程序产品的形式,其包括程序代码,当所述程序产品在终端设备上运行时,所述程序代码用于使所述终端设备执行本说明书上述“示例性方法”部分中描述的根据本发明各种示例性实施方式的步骤。In an exemplary embodiment of the present disclosure, there is also provided a computer-readable storage medium on which a program product capable of implementing the above-described method of the present specification is stored. In some possible implementations, aspects of the present invention can also be implemented in the form of a program product comprising program code for enabling the program product to run on a terminal device The terminal device performs the steps according to various exemplary embodiments of the present invention described in the "Example Method" section above in this specification.

根据本发明的实施方式的用于实现上述方法的程序产品可以采用便携式紧凑盘只读存储器(CD-ROM)并包括程序代码,并可以在终端设备,例如个人电脑上运行。然而,本发明的程序产品不限于此,在本文件中,可读存储介质可以是任何包含或存储程序的有形介质,该程序可以被指令执行系统、装置或者器件使用或者与其结合使用。A program product for implementing the above method according to an embodiment of the present invention may employ a portable compact disc read only memory (CD-ROM) and include program codes, and may run on a terminal device such as a personal computer. However, the program product of the present invention is not limited thereto, and in this document, a readable storage medium may be any tangible medium that contains or stores a program that can be used by or in conjunction with an instruction execution system, apparatus, or device.

所述程序产品可以采用一个或可读介质的任意组合。可读介质可以是可读信号介质或者可读存储介质。可读存储介质例如可以为但不限于电、磁、光、电磁、红外线、或半导体的系统、装置或器件,或者任意以上的组合。可读存储介质的更具体的例子(非穷举的列表)包括:具有一个或导线的电连接、便携式盘、硬盘、随机存取存储器(RAM)、只读存储器(ROM)、可擦式可编程只读存储器(EPROM或闪存)、光纤、便携式紧凑盘只读存储器(CD-ROM)、光存储器件、磁存储器件、或者上述的任意合适的组合。The program product may employ one or any combination of readable media. The readable medium may be a readable signal medium or a readable storage medium. The readable storage medium may be, for example, but not limited to, an electrical, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus or device, or a combination of any of the above. More specific examples (a non-exhaustive list) of readable storage media include: electrical connections with one or wires, portable disks, hard disks, random access memory (RAM), read only memory (ROM), erasable Programmable read only memory (EPROM or flash memory), optical fiber, portable compact disk read only memory (CD-ROM), optical storage devices, magnetic storage devices, or any suitable combination of the above.

计算机可读信号介质可以包括在基带中或者作为载波一部分传播的数据信号,其中承载了可读程序代码。这种传播的数据信号可以采用多种形式,包括但不限于电磁信号、光信号或上述的任意合适的组合。可读信号介质还可以是可读存储介质以外的任何可读介质,该可读介质可以发送、传播或者传输用于由指令执行系统、装置或者器件使用或者与其结合使用的程序。A computer readable signal medium may include a propagated data signal in baseband or as part of a carrier wave with readable program code embodied thereon. Such propagated data signals may take a variety of forms, including but not limited to electromagnetic signals, optical signals, or any suitable combination of the foregoing. A readable signal medium can also be any readable medium, other than a readable storage medium, that can transmit, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device.

可读介质上包含的程序代码可以用任何适当的介质传输,包括但不限于无线、有线、光缆、RF等等,或者上述的任意合适的组合。Program code embodied on a readable medium may be transmitted using any suitable medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.

可以以一种或多种程序设计语言的任意组合来编写用于执行本发明操作的程序代码,所述程序设计语言包括面向对象的程序设计语言—诸如Java、C++等,还包括常规的过程式程序设计语言—诸如“C”语言或类似的程序设计语言。程序代码可以完全地在用户计算设备上执行、部分地在用户设备上执行、作为一个独立的软件包执行、部分在用户计算设备上部分在远程计算设备上执行、或者完全在远程计算设备或服务器上执行。在涉及远程计算设备的情形中,远程计算设备可以通过任意种类的网络,包括局域网(LAN)或广域网(WAN),连接到用户计算设备,或者,可以连接到外部计算设备(例如利用因特网服务提供商来通过因特网连接)。Program code for carrying out operations of the present invention may be written in any combination of one or more programming languages, including object-oriented programming languages—such as Java, C++, etc., as well as conventional procedural Programming Language - such as the "C" language or similar programming language. The program code may execute entirely on the user computing device, partly on the user device, as a stand-alone software package, partly on the user computing device and partly on a remote computing device, or entirely on the remote computing device or server execute on. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a local area network (LAN) or a wide area network (WAN), or may be connected to an external computing device (eg, using an Internet service provider business via an Internet connection).

此外,上述附图仅是根据本发明示例性实施例的方法所包括的处理的示意性说明,而不是限制目的。易于理解,上述附图所示的处理并不表明或限制这些处理的时间顺序。另外,也易于理解,这些处理可以是例如在模块中同步或异步执行的。Furthermore, the above-mentioned figures are merely schematic illustrations of the processes included in the methods according to the exemplary embodiments of the present invention, and are not intended to be limiting. It is easy to understand that the processes shown in the above figures do not indicate or limit the chronological order of these processes. In addition, it is also readily understood that these processes may be performed synchronously or asynchronously, for example, in modules.

本领域技术人员在考虑说明书及实践这里公开的发明后,将容易想到本公开的其它实施方案。本申请旨在涵盖本公开的任何变型、用途或者适应性变化,这些变型、用途或者适应性变化遵循本公开的一般性原理并包括本公开未公开的本技术领域中的公知常识或惯用技术手段。说明书和实施例仅被视为示例性的,本公开的真正范围和构思由权利要求指出。Other embodiments of the present disclosure will readily suggest themselves to those skilled in the art upon consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any variations, uses, or adaptations of the present disclosure that follow the general principles of the present disclosure and include common knowledge or techniques in the technical field not disclosed by the present disclosure . The specification and examples are to be regarded as exemplary only, with the true scope and spirit of the disclosure being indicated by the claims.

Claims (10)

1.一种Anycast场景下VPN网络节点的保护方法,其特征在于,包括:1. the protection method of VPN network node under a kind of Anycast scene, is characterized in that, comprises: 根据Anycast地址选取边缘路由器中的一个路由器确定为指定代表边缘路由器;Select one of the edge routers according to the Anycast address and determine it as the designated representative edge router; 将所述边缘路由器中的另一个路由器确定为非指定代表边缘路由器;determining another router in the edge routers as a non-designated representative edge router; 响应于用户边缘设备发送的路由地址,触发所述指定代表边缘路由器分配VPN标识;In response to the routing address sent by the user edge device, triggering the designation on behalf of the edge router to assign the VPN identifier; 控制所述指定代表边缘路由器通过BGP向所述非指定代表边缘路由器通告VPN路由,所述VPN路由携带有所述VPN标识;Controlling the designated representative edge router to advertise a VPN route to the non-designated representative edge router through BGP, and the VPN route carries the VPN identifier; 触发所述非指定代表边缘路由器根据所述指定代表边缘路由器收到的路由地址和所述用户边缘设备IP路由生成本地转发表,所述本地转发表的出向信息对应于所述用户边缘设备IP路由。Trigger the non-designated representative edge router to generate a local forwarding table according to the routing address received by the designated representative edge router and the IP route of the customer edge device, and the outgoing information of the local forwarding table corresponds to the IP route of the customer edge device . 2.如权利要求1所述的Anycast场景下VPN网络节点的保护方法,其特征在于,根据Anycast地址选取边缘路由器中的一个路由器确定为指定代表边缘路由器包括:2. the protection method of VPN network node under the Anycast scenario as claimed in claim 1, it is characterized in that, according to Anycast address, choose a router in edge router and be determined to be designated to represent edge router and comprise: 确定部署有相同VPN和相同Anycast地址的目标运营商边缘路由器;Identify the target carrier edge routers deployed with the same VPN and the same Anycast address; 以VPN为粒度或以路由设备为粒度在所述目标运营商边缘路由器中选举出备选指定代表边缘路由器,在所述备选指定代表边缘路由器上构建Anycast_DR_Route,并确定所述Anycast_DR_Route中的关键字;Selecting an alternative designated representative edge router in the target operator edge router with VPN as granularity or routing device as granularity, constructing Anycast_DR_Route on the alternative designated representative edge router, and determining the keywords in the Anycast_DR_Route ; 根据所述关键字对Anycast_DR_Route进行排序;Sort Anycast_DR_Route according to the keyword; 根据所述排序的结果确定所述备选指定代表边缘路由器中的一个为指定代表边缘路由器。According to the result of the sorting, one of the alternative designated representative edge routers is determined as the designated representative edge router. 3.如权利要求2所述的Anycast场景下VPN网络节点的保护方法,其特征在于,以VPN为粒度或以路由设备为粒度在所述目标运营商边缘路由器中的选举出备选指定代表边缘路由器,在所述备选指定代表边缘路由器上构建Anycast_DR_Route,并确定所述Anycast_DR_Route中的关键字包括:3. the protection method of VPN network node under the Anycast scenario as claimed in claim 2, it is characterized in that, with VPN as granularity or with routing equipment as granularity in described target operator edge router electing alternative designated representative edge The router constructs Anycast_DR_Route on the alternative designated representative edge router, and determines that the keywords in the Anycast_DR_Route include: 以VPN为粒度选举出所述运营商边缘路由器中的一个作为备选指定代表边缘路由器,在被选举为所述备选指定代表边缘路由器的运营商边缘路由器上构建第一Anycast_DR_Route,并将路由标识和任意播地址作为所述第一Anycast_DR_Route的关键字;With VPN as the granularity, one of the operator edge routers is elected as an alternative designated representative edge router, and the first Anycast_DR_Route is constructed on the operator edge router elected as the alternative designated representative edge router, and the route identifier is used. and anycast address as the keyword of the first Anycast_DR_Route; 或以路由设备为粒度选举出所述运营商边缘路由器中的一个作为所述备选指定代表边缘路由器,在被选举为所述备选指定代表边缘路由器的运营商边缘路由器上构建第二Anycast_DR_Route,并将所述任意播地址作为所述第二Anycast_DR_Route的关键字。Or elect one of the operator edge routers as the alternative designated representative edge router with the routing device as the granularity, and construct a second Anycast_DR_Route on the operator edge router elected as the alternative designated representative edge router, and use the anycast address as the key of the second Anycast_DR_Route. 4.如权利要求2或3所述的Anycast场景下VPN网络节点的保护方法,其特征在于,4. the protection method of VPN network node under the Anycast scenario as claimed in claim 2 or 3, is characterized in that, 若所述指定代表边缘路由器为ASBR设备,则所述BGP携带有所述Anycast_DR_Route的属性信息,所述属性信息包括IPv6特定扩展群组和类型信息。If the designated representative edge router is an ASBR device, the BGP carries attribute information of the Anycast_DR_Route, and the attribute information includes IPv6 specific extension group and type information. 5.如权利要求4所述的Anycast场景下VPN网络节点的保护方法,其特征在于,还包括:5. the protection method of VPN network node under the Anycast scenario as claimed in claim 4, is characterized in that, also comprises: 所述非指定代表边缘路由器接收到所述VPN路由,确定所述非指定代表边缘路由器携带有所述属性信息的下一跳路由设备的优先级低于未携带有所述属性信息的下一跳路由设备的优先级。The non-designated representative edge router receives the VPN route, and determines that the priority of the next-hop routing device that carries the attribute information on the non-designated representative edge router is lower than the next hop that does not carry the attribute information. The priority of the routing device. 6.如权利要求2或3所述的Anycast场景下VPN网络节点的保护方法,其特征在于,6. the protection method of VPN network node under the Anycast scenario as claimed in claim 2 or 3, is characterized in that, 所述Anycast_DR_Route包括路由标识、地址长度、任意播地址和本端虚拟隧道端口地址。The Anycast_DR_Route includes a route identifier, an address length, an anycast address and an address of a local virtual tunnel port. 7.如权利要求1-3中任一项所述的Anycast场景下VPN网络节点的保护方法,其特征在于,7. the protection method of VPN network node under the Anycast scenario as described in any one of claim 1-3, is characterized in that, 所述VPN路由的封装格式为VPNv4、VPNv6和EVPN RT5中的一种。The encapsulation format of the VPN route is one of VPNv4, VPNv6 and EVPN RT5. 8.一种Anycast场景下VPN网络节点的保护装置,其特征在于,包括:8. a protection device for a VPN network node under an Anycast scenario, characterized in that it comprises: 确定模块,设置为根据Anycast地址选取边缘路由器中的一个路由器确定为指定代表边缘路由器;The determining module is set to select a router in the edge routers according to the Anycast address and determine it as the designated representative edge router; 所述确定模块还设置为,将所述边缘路由器中的另一个路由器确定为非指定代表边缘路由器;The determining module is further configured to determine another router in the edge routers as a non-designated representative edge router; 触发模块,设置为响应于用户边缘设备发送的路由地址,触发所述指定代表边缘路由器分配VPN标识;a triggering module, configured to trigger the designated representative edge router to allocate a VPN identifier in response to the routing address sent by the user edge device; 控制模块,设置为控制所述指定代表边缘路由器通过BGP向所述非指定代表边缘路由器通告VPN路由,所述VPN路由携带有所述VPN标识;A control module, configured to control the designated representative edge router to advertise a VPN route to the non-designated representative edge router through BGP, and the VPN route carries the VPN identifier; 所述触发模块还设置为,触发所述非指定代表边缘路由器根据所述指定代表边缘路由器收到的路由地址和所述用户边缘设备IP路由生成本地转发表,所述本地转发表的出向信息对应于所述用户边缘设备IP路由。The triggering module is further configured to trigger the non-designated representative edge router to generate a local forwarding table according to the routing address received by the designated representative edge router and the IP route of the user edge device, and the outgoing information of the local forwarding table corresponds to routed to the user edge device IP. 9.一种电子设备,其特征在于,包括:9. An electronic device, characterized in that, comprising: 存储器;以及memory; and 耦合到所述存储器的处理器,所述处理器被配置为基于存储在所述存储器中的指令,执行如权利要求1-7中任一项所述的Anycast场景下VPN网络节点的保护方法。A processor coupled to the memory, the processor configured to perform the method of protecting a VPN network node in an Anycast scenario according to any one of claims 1-7 based on instructions stored in the memory. 10.一种计算机可读存储介质,其上存储有程序,该程序被处理器执行时实现如权利要求1-7中任一项所述的Anycast场景下VPN网络节点的保护方法。10. A computer-readable storage medium having a program stored thereon, and when the program is executed by a processor, implements the protection method for a VPN network node in an Anycast scenario according to any one of claims 1-7.
CN202111586077.8A 2021-12-20 2021-12-20 Method, device, equipment and readable medium for protecting VPN network nodes in Anycast scenario Active CN114338277B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111586077.8A CN114338277B (en) 2021-12-20 2021-12-20 Method, device, equipment and readable medium for protecting VPN network nodes in Anycast scenario

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111586077.8A CN114338277B (en) 2021-12-20 2021-12-20 Method, device, equipment and readable medium for protecting VPN network nodes in Anycast scenario

Publications (2)

Publication Number Publication Date
CN114338277A true CN114338277A (en) 2022-04-12
CN114338277B CN114338277B (en) 2024-12-13

Family

ID=81055543

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111586077.8A Active CN114338277B (en) 2021-12-20 2021-12-20 Method, device, equipment and readable medium for protecting VPN network nodes in Anycast scenario

Country Status (1)

Country Link
CN (1) CN114338277B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115202824A (en) * 2022-07-28 2022-10-18 济南浪潮数据技术有限公司 Data drainage analysis method and device and computer readable storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070091794A1 (en) * 2005-10-20 2007-04-26 Clarence Filsfils Method of constructing a backup path in an autonomous system
CN107241255A (en) * 2017-06-09 2017-10-10 上海斐讯数据通信技术有限公司 A kind of network merging method and system and router
KR20210037086A (en) * 2019-09-27 2021-04-06 주식회사 다산네트웍솔루션즈 network switching administrating method utilizing virtual anycast node
CN113132235A (en) * 2019-12-31 2021-07-16 中兴通讯股份有限公司 Data message processing method based on virtual circuit and construction method of forwarding table item

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070091794A1 (en) * 2005-10-20 2007-04-26 Clarence Filsfils Method of constructing a backup path in an autonomous system
CN107241255A (en) * 2017-06-09 2017-10-10 上海斐讯数据通信技术有限公司 A kind of network merging method and system and router
KR20210037086A (en) * 2019-09-27 2021-04-06 주식회사 다산네트웍솔루션즈 network switching administrating method utilizing virtual anycast node
CN113132235A (en) * 2019-12-31 2021-07-16 中兴通讯股份有限公司 Data message processing method based on virtual circuit and construction method of forwarding table item

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
王悦, 张丽, 韩志楠, 严伟: "扩展OSPFv3支持的IPv6Anycast选路", 计算机工程, no. 05, 5 May 2005 (2005-05-05) *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115202824A (en) * 2022-07-28 2022-10-18 济南浪潮数据技术有限公司 Data drainage analysis method and device and computer readable storage medium

Also Published As

Publication number Publication date
CN114338277B (en) 2024-12-13

Similar Documents

Publication Publication Date Title
KR102789154B1 (en) Loop collision avoidance in network computing environments
JP4388667B2 (en) Path setting apparatus and method in label switching network
CN102064995B (en) Method and device for link protection in virtual private local area network
US20190089620A1 (en) Selective Route Exporting Using Source Type
CN101636661B (en) Method and apparatus for providing faster convergence for redundant sites
US9100213B1 (en) Synchronizing VPLS gateway MAC addresses
WO2021169258A1 (en) Message forwarding method, routing information publishing method, apparatus and system
US8948049B2 (en) Method and systems for determining path of a virtual connection through a network
US20190372883A1 (en) Method for scalable computer network partitioning
US20230126279A1 (en) Fast reroute for bum traffic in ethernet virtual private networks
US20160366043A1 (en) Dynamic detection of vpn sites
CN116886594A (en) Data transmission method, device, storage medium and electronic equipment
CN113904981B (en) Routing information processing method and device, electronic equipment and storage medium
CN114338277A (en) Method, device, equipment and readable medium for protecting VPN (virtual private network) network node in Anycast scene
CN111147376B (en) Route updating method, device, equipment and medium
CN115460107A (en) Route detection method, device, system and storage medium
KR20250050046A (en) Automated scaling of network topologies using unique identifiers
CN113660151B (en) L2VPN cross-service communication method, device, electronic equipment and readable medium
JP2006019867A (en) Route calculation system
TW202527522A (en) Automated scaling of network topologies using unique identifiers
CN118827338A (en) Gateway disaster recovery switching method, device and electronic equipment
WO2024001553A1 (en) Routing publishing method, electronic device and computer-readable storage medium
Khan et al. Implementing Vpn Over Mpls
CN117499295A (en) A message forwarding method, device, equipment and storage medium
US20130258837A1 (en) Pseudowire extended group actions in a packet switched network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant