CN106161225A - For processing method, the Apparatus and system of VXLAN message - Google Patents
For processing method, the Apparatus and system of VXLAN message Download PDFInfo
- Publication number
- CN106161225A CN106161225A CN201510127449.9A CN201510127449A CN106161225A CN 106161225 A CN106161225 A CN 106161225A CN 201510127449 A CN201510127449 A CN 201510127449A CN 106161225 A CN106161225 A CN 106161225A
- Authority
- CN
- China
- Prior art keywords
- header
- encapsulated
- vni
- message
- router
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
本申请提供了一种用于处理VXLAN报文的方法、装置及系统,有助于不同的数据中心间的路由器获得VNI。该方法中,第一路由器接收VTEP发送的VXLAN报文,所述VXLAN报文包括VNI;所述第一路由器根据所述VXLAN报文,获得封装后的报文,所述封装后的报文是对所述VXLAN报文进行IPsec-ESP封装后获得的报文,所述封装后的报文包括IP头、所述VNI、ESP头和加密的所述VXLAN报文,所述VNI封装于所述IP头和所述ESP头之间;所述第一路由器向第二路由器发送所述封装后的报文。
The present application provides a method, device and system for processing VXLAN packets, which are helpful for routers between different data centers to obtain VNI. In this method, the first router receives the VXLAN message sent by the VTEP, and the VXLAN message includes a VNI; the first router obtains an encapsulated message according to the VXLAN message, and the encapsulated message is A message obtained after performing IPsec-ESP encapsulation on the VXLAN message, the encapsulated message includes an IP header, the VNI, an ESP header, and the encrypted VXLAN message, and the VNI is encapsulated in the Between the IP header and the ESP header; the first router sends the encapsulated message to the second router.
Description
技术领域 technical field
本发明涉及通信技术,尤其涉及一种用于处理虚拟可扩展局域网(英文全称:Virtual Extensible Local Area Network,英文缩写:VXLAN)报文的方法、装置及系统。 The present invention relates to communication technology, in particular to a method, device and system for processing Virtual Extensible Local Area Network (English full name: Virtual Extensible Local Area Network, English abbreviation: VXLAN) messages.
背景技术 Background technique
VXLAN可应用于数据中心内部,使虚拟机可以在互相连通的三层网络范围内迁移,而不需要改变互联网协议(英文全称:Internet Protocol,英文缩写:IP)地址和媒体接入控制(英文全称:Media Access Control,英文缩写:MAC)地址,保证业务的连续性。互联网协议安全性(英文全称:Internet Protocol Security,英文缩写:IPSec)协议可通过使用加密的安全服务来确保在IP网络上进行保密而安全的通讯。封装安全载荷(英文全称:Encapsulating Security Payload,英文缩写:ESP)协议是IPsec协议中的一种主要协议,IPsec-ESP可应用于不同的数据中心(英文全称:Data Center,英文缩写:DC)间通信的场景。 VXLAN can be applied inside the data center, so that virtual machines can migrate within the interconnected three-tier network without changing the Internet Protocol (English full name: Internet Protocol, English abbreviation: IP) address and media access control (English full name : Media Access Control, English abbreviation: MAC) address, to ensure business continuity. Internet Protocol Security (English full name: Internet Protocol Security, English abbreviation: IPSec) protocol can ensure confidential and secure communication on the IP network by using encrypted security services. Encapsulating Security Payload (English full name: Encapsulating Security Payload, English abbreviation: ESP) protocol is a main protocol in the IPsec protocol, and IPsec-ESP can be applied to different data centers (English full name: Data Center, English abbreviation: DC) communication scene.
在不同的DC间通信场景中,比如在DC1和DC2间通信的场景中,属于DC1的第一路由器可接收属于DC1的虚拟隧道端点(英文全称:virtual tunnel end point,英文缩写:VTEP)发送的VXLAN报文。第一路由器对接收到的VXLAN报文进行IPsec-ESP封装,获得IPsec-ESP报文。IPsec-ESP报文包括加密后的VXLAN报文、封装于加密后的VXLAN报文外的ESP头以及封装于ESP头外的IP头。IP头包括源IP地址和目的IP地址,源IP地址为第一路由器的IP地址,目的IP地址为第二路由器的IP地址。第二路由器属于DC2。第一路由器向第二路由器发送IPsec-ESP报文。 In different communication scenarios between DCs, for example, in the communication scenario between DC1 and DC2, the first router belonging to DC1 can receive the information sent by the virtual tunnel end point (full English name: virtual tunnel end point, English abbreviation: VTEP) belonging to DC1. VXLAN packets. The first router performs IPsec-ESP encapsulation on the received VXLAN message to obtain the IPsec-ESP message. An IPsec-ESP packet includes an encrypted VXLAN packet, an ESP header encapsulated outside the encrypted VXLAN packet, and an IP header encapsulated outside the ESP header. The IP header includes a source IP address and a destination IP address, the source IP address is the IP address of the first router, and the destination IP address is the IP address of the second router. The second router belongs to DC2. The first router sends the IPsec-ESP packet to the second router.
位于第一路由器和第二路由器之间的路由器可转发IPsec-ESP报文,但是,位于第一路由器和第二路由器间的传输路径上的路由器无法感知IPsec-ESP报文中VXLAN报文所包括的与VXLAN相关的信息,比如VXLAN网络标识(英文全称:VXLAN Network Identifier,英文缩写:VNI),进而无法进行负载分担等业务处理。 The router between the first router and the second router can forward the IPsec-ESP packet, but the router on the transmission path between the first router and the second router cannot perceive the IPsec-ESP packet included in the VXLAN packet. VXLAN-related information, such as VXLAN network identifier (English full name: VXLAN Network Identifier, English abbreviation: VNI), and thus cannot perform load sharing and other service processing.
发明内容 Contents of the invention
有鉴于此,本发明实施例提供了一种用于处理VXLAN报文的方法、装置及系统,有助于不同的数据中心间的路由器获得VNI。 In view of this, embodiments of the present invention provide a method, device and system for processing VXLAN packets, which help routers between different data centers obtain VNIs.
本发明实施例提供的技术方案如下。 The technical solutions provided by the embodiments of the present invention are as follows.
第一方面,提供了一种用于处理VXLAN报文的方法,包括: In the first aspect, a method for processing VXLAN packets is provided, including:
第一路由器接收VTEP发送的VXLAN报文,所述VXLAN报文包括VNI; The first router receives the VXLAN packet sent by the VTEP, and the VXLAN packet includes a VNI;
所述第一路由器根据所述VXLAN报文,获得封装后的报文,所述封装后的报文是对所述VXLAN报文进行IPsec-ESP封装后获得的报文,所述封装后的报文包括IP头、所述VNI、ESP头和加密的所述VXLAN报文,所述VNI封装于所述IP头和所述ESP头之间; The first router obtains an encapsulated message according to the VXLAN message, the encapsulated message is a message obtained after performing IPsec-ESP encapsulation on the VXLAN message, and the encapsulated message The text includes an IP header, the VNI, the ESP header and the encrypted VXLAN message, and the VNI is encapsulated between the IP header and the ESP header;
所述第一路由器向第二路由器发送所述封装后的报文。 The first router sends the encapsulated packet to the second router.
在第一方面的第一种可能的实现方式中,所述IP头包括第一标识信息,所述第一标识信息用于标识所述封装后的报文携带有所述VNI。 In a first possible implementation manner of the first aspect, the IP header includes first identification information, where the first identification information is used to identify that the encapsulated packet carries the VNI.
结合上述第一方面,还提供了第一方面的第二种可能的实现方式,所述封装后的报文还包括封装于所述IP头与所述VNI之间的用户数据包协议(英文全称:User Datagram Protocol,英文缩写:UDP)头,所述UDP头为来自所述VTEP的所述VXLAN报文所包括的UDP头; In combination with the first aspect above, a second possible implementation of the first aspect is also provided, wherein the encapsulated message further includes a User Data Packet Protocol (English full name) encapsulated between the IP header and the VNI : User Datagram Protocol, English abbreviation: UDP) header, the UDP header is the UDP header included in the VXLAN message from the VTEP;
所述IP头包括第一标识信息,所述第一标识信息用于标识所述封装后的报文携带有所述UDP头,所述封装于所述IP头与所述VNI之间的UDP头包括第二标识信息,所述第二标识信息用于标识所述封装后的报文携带有所述VNI。 The IP header includes first identification information, the first identification information is used to identify that the encapsulated message carries the UDP header, and the UDP header encapsulated between the IP header and the VNI Include second identification information, where the second identification information is used to identify that the encapsulated packet carries the VNI.
第二方面,提供了一种用于处理VXLAN报文的方法,包括: In a second aspect, a method for processing VXLAN packets is provided, including:
第二路由器接收第一路由器发送的封装后的报文,所述封装后的报文是对来自VTEP的VXLAN报文进行IPsec-ESP封装后获得的报文,所述封装后的报文包括IP头、VNI、ESP头和加密的所述VXLAN报文,所述VNI封装于所述IP头和所述ESP头之间; The second router receives the encapsulated message sent by the first router, the encapsulated message is a message obtained after IPsec-ESP encapsulation of the VXLAN message from the VTEP, and the encapsulated message includes IP header, VNI, ESP header and the encrypted VXLAN message, the VNI is encapsulated between the IP header and the ESP header;
所述第二路由器从所述封装后的报文获得所述VNI。 The second router obtains the VNI from the encapsulated packet.
在第二方面的第一种可能的实现方式中,所述IP头包括第一标识信息,所述第一标识信息用于标识所述封装后的报文携带有所述VNI,所述第二路由器从所述封装后的报文获得所述VNI包括: In a first possible implementation manner of the second aspect, the IP header includes first identification information, and the first identification information is used to identify that the encapsulated packet carries the VNI, and the second Obtaining the VNI by the router from the encapsulated message includes:
所述第二路由器根据所述IP头包括的所述第一标识信息,确定所述封装后的报文包括所述VNI; The second router determines, according to the first identification information included in the IP header, that the encapsulated packet includes the VNI;
所述第二路由器从所述IP头和所述ESP头之间获得所述VNI。 The second router obtains the VNI from between the IP header and the ESP header.
结合上述第二方面,还提供了第二方面的第二种可能的实现方式,所述封装后的报文还包括封装于所述IP头与所述VNI之间的UDP头,所述UDP头为来自所述VTEP的所述VXLAN报文包括的UDP头,所述IP头包括第一标识信息,所述第一标识信息用于标识所述封装后的报文携带有所述UDP头,所述封装于所述IP头与所述VNI之间的UDP头包括第二标识信息,所述第二标识信息用于标识所述封装后的报文携带有所述VNI; In combination with the second aspect above, a second possible implementation of the second aspect is also provided, the encapsulated message further includes a UDP header encapsulated between the IP header and the VNI, and the UDP header is the UDP header included in the VXLAN message from the VTEP, the IP header includes first identification information, and the first identification information is used to identify that the encapsulated message carries the UDP header, so The UDP header encapsulated between the IP header and the VNI includes second identification information, and the second identification information is used to identify that the encapsulated message carries the VNI;
所述第二路由器从所述封装后的报文获得所述VNI包括: Obtaining the VNI from the encapsulated packet by the second router includes:
所述第二路由器根据所述IP头包括的所述第一标识信息,获得封装于所述IP头与所述VNI之间的UDP头; The second router obtains the UDP header encapsulated between the IP header and the VNI according to the first identification information included in the IP header;
所述第二路由器根据封装于所述IP头与所述VNI之间的UDP头包括的所述第二标识信息,确定所述封装后的报文包括所述VNI; The second router determines that the encapsulated message includes the VNI according to the second identification information included in the UDP header encapsulated between the IP header and the VNI;
所述第二路由器从所述IP头和所述ESP头之间获得所述VNI。 The second router obtains the VNI from between the IP header and the ESP header.
第三方面,提供了第一路由器,包括: In a third aspect, a first router is provided, including:
接收单元,用于接收VTEP发送的VXLAN报文,所述VXLAN报文包括VNI; A receiving unit, configured to receive a VXLAN packet sent by the VTEP, where the VXLAN packet includes a VNI;
处理单元,用于根据所述VXLAN报文,获得封装后的报文,所述封装后的报文是对所述VXLAN报文进行IPsec-ESP封装后获得的报文,所述封装后的报文包括IP头、所述VNI、ESP头和加密的所述VXLAN报文,所述VNI封装于所述IP头和所述ESP头之间; A processing unit, configured to obtain an encapsulated message according to the VXLAN message, the encapsulated message is a message obtained after performing IPsec-ESP encapsulation on the VXLAN message, and the encapsulated message The text includes an IP header, the VNI, the ESP header and the encrypted VXLAN message, and the VNI is encapsulated between the IP header and the ESP header;
发送单元,用于向第二路由器发送所述封装后的报文。 A sending unit, configured to send the encapsulated message to the second router.
在第三方面的第一种可能的实现方式中,所述IP头包括第一标识信息,所述第一标识信息用于标识所述封装后的报文携带有所述VNI。 In a first possible implementation manner of the third aspect, the IP header includes first identification information, where the first identification information is used to identify that the encapsulated packet carries the VNI.
结合上述第三方面,还提供了第三方面的第二种可能的实现方式,所述封装后的报文还包括封装于所述IP头与所述VNI之间的UDP头,所述UDP头为来自所述VTEP的所述VXLAN报文所包括的UDP头; In combination with the third aspect above, a second possible implementation of the third aspect is also provided, the encapsulated message further includes a UDP header encapsulated between the IP header and the VNI, and the UDP header A UDP header included in the VXLAN message from the VTEP;
所述IP头包括第一标识信息,所述第一标识信息用于标识所述封装后的报文携带有所述UDP头,所述封装于所述IP头与所述VNI之间的UDP头包括第二标识信息,所述第二标识信息用于标识所述封装后的报文携带有所述VNI。 The IP header includes first identification information, the first identification information is used to identify that the encapsulated message carries the UDP header, and the UDP header encapsulated between the IP header and the VNI Include second identification information, where the second identification information is used to identify that the encapsulated packet carries the VNI.
第四方面,提供了第二路由器,包括: In a fourth aspect, a second router is provided, including:
接收单元,用于接收第一路由器发送的封装后的报文,所述封装后的报文是对来自VTEP的所述VXLAN报文进行IPsec-ESP封装后获得的报文,所述封装后的报文包括IP头、VNI、ESP头和加密的所述VXLAN报文,所述VNI封装于所述IP头和所述ESP头之间; The receiving unit is configured to receive the encapsulated message sent by the first router, the encapsulated message is a message obtained after IPsec-ESP encapsulation of the VXLAN message from the VTEP, the encapsulated The message includes an IP header, a VNI, an ESP header and the encrypted VXLAN message, and the VNI is encapsulated between the IP header and the ESP header;
处理单元,用于从所述封装后的报文获得所述VNI。 A processing unit, configured to obtain the VNI from the encapsulated packet.
在第四方面的第一种可能的实现方式中,所述IP头包括第一标识信息,所述第一标识信息用于标识所述封装后的报文携带有所述VNI; In a first possible implementation manner of the fourth aspect, the IP header includes first identification information, and the first identification information is used to identify that the encapsulated packet carries the VNI;
所述处理单元具体用于根据所述IP头包括的所述第一标识信息,确定所述封装后的报文包括所述VNI; The processing unit is specifically configured to determine that the encapsulated packet includes the VNI according to the first identification information included in the IP header;
所述处理单元具体用于从所述IP头和所述ESP头之间获得所述VNI。 The processing unit is specifically configured to obtain the VNI from between the IP header and the ESP header.
结合上述第四方面,还提供了第四方面的第二种可能的实现方式,所述封装后的报文还包括封装于所述IP头与所述VNI之间的UDP头,所述UDP头为来自所述VTEP的所述VXLAN报文包括的UDP头,所述IP头包括第一标识信息,所述第一标识信息用于标识所述封装后的报文携带有所述UDP头,所述封装于所述IP头与所述VNI之间的UDP头包括第二标识信息,所述第二标识信息用于标识所述封装后的报文携带有所述VNI; In combination with the fourth aspect above, a second possible implementation of the fourth aspect is also provided, the encapsulated message further includes a UDP header encapsulated between the IP header and the VNI, and the UDP header is the UDP header included in the VXLAN message from the VTEP, the IP header includes first identification information, and the first identification information is used to identify that the encapsulated message carries the UDP header, so The UDP header encapsulated between the IP header and the VNI includes second identification information, and the second identification information is used to identify that the encapsulated message carries the VNI;
所述处理单元具体用于根据所述IP头包括的所述第一标识信息,获得封装于所述IP头与所述VNI之间的UDP头; The processing unit is specifically configured to obtain a UDP header encapsulated between the IP header and the VNI according to the first identification information included in the IP header;
所述处理单元具体用于根据封装于所述IP头与所述VNI之间的UDP头包括的所述第二标识信息,确定所述封装后的报文包括所述VNI; The processing unit is specifically configured to determine that the encapsulated message includes the VNI according to the second identification information included in the UDP header encapsulated between the IP header and the VNI;
所述处理单元具体用于从所述IP头和所述ESP头之间获得所述VNI。 The processing unit is specifically configured to obtain the VNI from between the IP header and the ESP header.
第五方面,提供了用于处理VXLAN报文的系统,包括: In the fifth aspect, a system for processing VXLAN packets is provided, including:
上述第三方面或第三方面的任意一种可能的实现方式所提供的第一路 由器和上述第四方面或第四方面的任意一种可能的实现方式所提供的第二路由器。 The first router provided in the third aspect or any possible implementation of the third aspect, and the second router provided in the fourth aspect or any possible implementation of the fourth aspect.
通过上述方案,本发明实施例提供的用于处理VXLAN报文的方法、装置及系统中,第一路由器对VTEP发送的VXLAN报文进行IPsec-ESP封装,获得封装后的报文。所述第一路由器将所述VTEP发送的所述VXLAN报文包括的VNI封装于所述封装后的报文包括的IP头和ESP头之间。所述第一路由器向第二路由器发送所述封装后的报文。所述第二路由器从所述封装后的报文中获得封装于IP头和ESP头之间的VNI。这样,位于不同的数据中心间的路由器,比如第二路由器,可从接收到的封装后的报文中获得VNI。 Through the above solutions, in the method, device and system for processing VXLAN packets provided by the embodiments of the present invention, the first router performs IPsec-ESP encapsulation on the VXLAN packets sent by the VTEP to obtain the encapsulated packets. The first router encapsulates the VNI included in the VXLAN packet sent by the VTEP between the IP header and the ESP header included in the encapsulated packet. The first router sends the encapsulated packet to the second router. The second router obtains the VNI encapsulated between the IP header and the ESP header from the encapsulated packet. In this way, routers located between different data centers, such as the second router, can obtain the VNI from the received encapsulated message.
附图说明 Description of drawings
为了更清楚地说明本发明实施例或现有技术中的方案,下面将对实施例中所需要使用的附图作一简单地介绍,显而易见地,下面描述中的附图是本发明的一些实施例,对于本领域普通技术人员而言,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。 In order to more clearly illustrate the embodiments of the present invention or the solutions in the prior art, the following will briefly introduce the accompanying drawings used in the embodiments. Obviously, the accompanying drawings in the following description are some implementations of the present invention For example, those skilled in the art can also obtain other drawings based on these drawings without creative work.
图1为本发明第一实施例提供的用于处理VXLAN报文的方法流程图; FIG. 1 is a flowchart of a method for processing VXLAN packets provided in the first embodiment of the present invention;
图2为本发明第二实施例提供的用于处理VXLAN报文的方法流程图; FIG. 2 is a flowchart of a method for processing VXLAN packets provided by the second embodiment of the present invention;
图3a为本发明实施例提供的一种封装后的报文的示意图; FIG. 3a is a schematic diagram of an encapsulated message provided by an embodiment of the present invention;
图3b为本发明实施例提供的另一种封装后的报文的示意图; FIG. 3b is a schematic diagram of another encapsulated message provided by an embodiment of the present invention;
图4a为本发明实施例提供的一种封装后的报文的示意图; FIG. 4a is a schematic diagram of an encapsulated message provided by an embodiment of the present invention;
图4b为本发明实施例提供的另一种封装后的报文的示意图; FIG. 4b is a schematic diagram of another encapsulated message provided by an embodiment of the present invention;
图5为本发明实施例提供的封装后的报文包括的IP头的示意图; FIG. 5 is a schematic diagram of an IP header included in an encapsulated message provided by an embodiment of the present invention;
图6为本发明实施例提供的封装后的报文包括的UDP头的示意图; FIG. 6 is a schematic diagram of a UDP header included in an encapsulated message provided by an embodiment of the present invention;
图7为本发明实施例提供的第一路由器的结构示意图; FIG. 7 is a schematic structural diagram of a first router provided by an embodiment of the present invention;
图8为本发明另一实施例提供的第一路由器的结构示意图; FIG. 8 is a schematic structural diagram of a first router provided by another embodiment of the present invention;
图9为本发明实施例提供的第二路由器的结构示意图; FIG. 9 is a schematic structural diagram of a second router provided by an embodiment of the present invention;
图10为本发明另一实施例提供的第二路由器的结构图示意图; FIG. 10 is a schematic structural diagram of a second router provided by another embodiment of the present invention;
图11为本发明实施例提供的用于处理VXLAN报文的系统的结构示意图。 FIG. 11 is a schematic structural diagram of a system for processing VXLAN packets provided by an embodiment of the present invention.
具体实施方式 detailed description
为使本发明实施例的目的、技术方案和优点更加清楚,下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整的描述,显然,所描述的实施例是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动的前提下所获得的所有其他实施例,都属于本发明保护的范围。 In order to make the purpose, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention. Obviously, the described embodiments It is a part of embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.
图1为本发明第一实施例提供的用于处理VXLAN报文的方法的流程图。本发明第一实施例是从第一路由器的角度,对用于处理VXLAN报文的方法进行说明。所述第一路由器可以是运营商边缘(英文全称:provider edge,英文缩写:PE)设备。下面结合图1,对本发明第一实施例提供的用于处理VXLAN报文的方法进行说明。 Fig. 1 is a flowchart of a method for processing VXLAN packets provided by the first embodiment of the present invention. The first embodiment of the present invention describes the method for processing VXLAN packets from the perspective of the first router. The first router may be a provider edge (English full name: provider edge, English abbreviation: PE) device. The method for processing VXLAN packets provided by the first embodiment of the present invention will be described below with reference to FIG. 1 .
S102,第一路由器接收VTEP发送的VXLAN报文,所述VXLAN报文包括VNI。 S102. The first router receives the VXLAN packet sent by the VTEP, where the VXLAN packet includes the VNI.
举例说明,在不同的DC之间通信场景中,第一路由器可以属于DC1。DC1中的VTEP可将虚拟机(英文全称:virtual machine,英文缩写:VM)发送的业务报文进行VXLAN封装,获得VXLAN报文。DC1中的VTEP所获得的VXLAN报文包括VNI。DC1中的VTEP所获得的VXLAN报文需要发送至另一DC中的VM,比如DC2中的VM。第一路由器可接收DC1 中的VTEP发送的VXLAN报文。其中,VNI可用于区分不同的VXLAN。比如:一个VNI可用于标识一个租户。 For example, in a communication scenario between different DCs, the first router may belong to DC1. The VTEP in DC1 can perform VXLAN encapsulation on service packets sent by a virtual machine (English full name: virtual machine, English abbreviation: VM) to obtain VXLAN packets. The VXLAN packet obtained by the VTEP in DC1 includes the VNI. The VXLAN packet obtained by the VTEP in DC1 needs to be sent to a VM in another DC, such as a VM in DC2. The first router can receive the VXLAN packet sent by the VTEP in DC1. Among them, VNI can be used to distinguish different VXLANs. For example: a VNI can be used to identify a tenant.
S104,所述第一路由器根据所述VXLAN报文,获得封装后的报文,所述封装后的报文是对所述VXLAN报文进行IPsec-ESP封装后获得的报文,所述封装后的报文包括IP头、所述VNI、ESP头和加密的所述VXLAN报文,所述VNI封装于所述IP头和所述ESP头之间。 S104. According to the VXLAN message, the first router obtains an encapsulated message, where the encapsulated message is a message obtained after performing IPsec-ESP encapsulation on the VXLAN message, and the encapsulated The packet includes an IP header, the VNI, an ESP header, and the encrypted VXLAN packet, and the VNI is encapsulated between the IP header and the ESP header.
举例说明,所述第一路由器可将VXLAN报文包括的VNI插入所述封装后的报文包括的所述IP头和所述ESP头之间。 For example, the first router may insert the VNI included in the VXLAN packet between the IP header and the ESP header included in the encapsulated packet.
举例说明,所述第一路由器根据所述VXLAN报文,获得封装后的报文包括:所述第一路由器从所述VXLAN报文获得所述VNI;所述第一路由器对所述VXLAN报文进行IPsec-ESP封装,获得IPsec-ESP封装报文,所述IPsec-ESP封装报文包括加密的VXLAN报文、封装于加密的VXLAN报文外的ESP头和封装于ESP头外的IP头;所述第一路由器将所述VNI插入IPsec-ESP封装报文包括的IP头和所述ESP头之间,获得所述封装后的报文。所述封装后的报文可以为图3a或图3b所示的报文。图3a所示的报文为采用传输(英文名称为transport)模式发送的封装后的报文。图3a所示的报文包括的IP头可采用图5所示的结构。图3b所示的报文为采用隧道(英文名称为tunnel)模式发送的封装后的报文。图3b所示的报文中包括的内网IP头为VTEP向第一路由器发送的VXLAN报文包括的IP头。图3b所示的报文包括的IP头可采用图5所示的结构。图3a和图3b中加密的VXLAN报文是VTEP发送的VXLAN经加密后获得的报文,在此不再对加密的VXLAN报文包括的内容进行赘述。 For example, the first router obtaining the encapsulated message according to the VXLAN message includes: the first router obtaining the VNI from the VXLAN message; Carry out IPsec-ESP encapsulation, obtain IPsec-ESP encapsulation message, described IPsec-ESP encapsulation message comprises the VXLAN message of encryption, the ESP header encapsulated outside the VXLAN message of encryption and the IP header encapsulated outside the ESP header; The first router inserts the VNI between the IP header included in the IPsec-ESP encapsulated message and the ESP header, to obtain the encapsulated message. The encapsulated message may be the message shown in Fig. 3a or Fig. 3b. The message shown in FIG. 3a is an encapsulated message sent in a transport (English name is transport) mode. The IP header included in the packet shown in FIG. 3a may adopt the structure shown in FIG. 5 . The message shown in FIG. 3b is an encapsulated message sent in a tunnel (English name is tunnel) mode. The intranet IP header included in the message shown in FIG. 3b is the IP header included in the VXLAN message sent by the VTEP to the first router. The IP header included in the packet shown in FIG. 3b may adopt the structure shown in FIG. 5 . The encrypted VXLAN message in Figure 3a and Figure 3b is a message obtained by encrypting the VXLAN sent by the VTEP, and the content included in the encrypted VXLAN message will not be repeated here.
举例说明,所述第一路由器根据所述VXLAN报文,获得封装后的报文 包括:所述第一路由器从所述VXLAN报文获得所述VNI;所述第一路由器对所述VXLAN报文进行加密,获得加密后的VXLAN报文;所述第一路由器在所述加密后的VXLAN报文外逐层封装所述ESP头、所述VNI和所述IP头。所述封装后的报文可以为图3a或图3b所示的报文。 For example, the first router obtaining the encapsulated message according to the VXLAN message includes: the first router obtaining the VNI from the VXLAN message; Encrypt to obtain an encrypted VXLAN message; the first router encapsulates the ESP header, the VNI, and the IP header layer by layer outside the encrypted VXLAN message. The encapsulated message may be the message shown in Fig. 3a or Fig. 3b.
可选地,所述封装后的报文包括的IP头还可包括第一标识信息,所述第一标识信息用于标识所述封装后的报文携带有所述VNI。 Optionally, the IP header included in the encapsulated packet may further include first identification information, where the first identification information is used to identify that the encapsulated packet carries the VNI.
举例说明,若图3a或图3b的封装后的报文包括的IP头采用图5所示的IP头。所示第一标识信息可以携带于图5所示的IP头中的协议号字段。在本实施例中图5所示的IP头中的协议号字段可用于表示IP头后的报文类型,例如将所述协议号字段定义为“ESP/VXLAN”,用以标明IP头后的报文类型为封装了VXLAN头的ESP报文。其中,封装了VXLAN头的ESP报文可以是在ESP报文外封装包含VNI的VXLAN头,还可以是在ESP报文外封装了所述VNI。所述第一路由器可在所述ESP头和所述IP头之间增加所述VNI后,对所述IP头包含的信息进行更新。如图5所示的IP头,所述第一路由器可在所述ESP头和所述IP头之间增加了所述VNI后,对IP头包括的协议号字段、总长度字段和头部校验和字段进行更新,使得增加了所述VNI的封装后的报文满足格式要求。 For example, if the IP header included in the encapsulated message in FIG. 3a or FIG. 3b adopts the IP header shown in FIG. 5 . The shown first identification information may be carried in the protocol number field in the IP header shown in FIG. 5 . In this embodiment, the protocol number field in the IP header shown in Figure 5 can be used to indicate the packet type after the IP header, for example, the protocol number field is defined as "ESP/VXLAN" to indicate the IP header. The packet type is an ESP packet encapsulated with a VXLAN header. Wherein, the ESP message encapsulating the VXLAN header may encapsulate the VXLAN header including the VNI outside the ESP message, or encapsulate the VNI outside the ESP message. The first router may update the information contained in the IP header after adding the VNI between the ESP header and the IP header. IP header shown in Figure 5, after the first router can add the VNI between the ESP header and the IP header, the IP header includes the protocol number field, the total length field, and the header checksum. The checksum field is updated so that the encapsulated message with the added VNI meets the format requirements.
可选地,所述第一路由器可从来自VTEP的VXLAN报文中获得VXLAN头,所述VXLAN头包括所述VNI。所述第一路由器将VXLAN报文包括的VXLAN头封装于所述IP头和所述ESP头之间,获得封装后的报文。这样,所述第一路由器可无需从来自VTEP的VXLAN报文中识别并获取VNI,有助于简化操作。所述第一路由器获得包括VXLAN头的封装后的报文的方法与上述获得包括VNI的封装后的报文的方法相同,在此不 再赘述。 Optionally, the first router may obtain a VXLAN header from a VXLAN packet from the VTEP, where the VXLAN header includes the VNI. The first router encapsulates the VXLAN header included in the VXLAN packet between the IP header and the ESP header to obtain the encapsulated packet. In this way, the first router does not need to identify and obtain the VNI from the VXLAN message from the VTEP, which helps to simplify operations. The method for the first router to obtain the encapsulated message including the VXLAN header is the same as the above method for obtaining the encapsulated message including the VNI, and will not be repeated here.
S106,所述第一路由器向第二路由器发送所述封装后的报文。 S106. The first router sends the encapsulated packet to the second router.
举例说明,所述第二路由器为不同的DC之间的路由器。比如所述第一路由器属于DC1,第三路由器属于DC2。所述封装后的报文为需要由DC1的第一路由器发送至DC2的第三路由器的报文。所述第二路由器为处于DC1和DC2之间的传输网络中的路由器。 For example, the second router is a router between different DCs. For example, the first router belongs to DC1, and the third router belongs to DC2. The encapsulated message is a message that needs to be sent by the first router of DC1 to the third router of DC2. The second router is a router in the transmission network between DC1 and DC2.
举例说明,若所述封装后的报文为transport模式发送的报文,则所述封装后的报文包括的IP头中的目的IP地址是第三路由器的IP地址。若所述封装后的报文为tunnel模式发送的报文,则所述封装后的报文包括的IP头中的目的IP地址为隧道的目的地址,所述隧道的目的地址为第三路由器的IP地址。 For example, if the encapsulated packet is a packet sent in transport mode, the destination IP address in the IP header included in the encapsulated packet is the IP address of the third router. If the encapsulated message is a message sent in tunnel mode, the destination IP address in the IP header included in the encapsulated message is the destination address of the tunnel, and the destination address of the tunnel is the third router's IP address.
举例说明,所述第一路由器上可预先配置了第一对应关系,所述第一对应关系包括所述VNI和第三路由器的IP地址。所述第一路由器可根据所述第一对应关系和所述VNI,获得所述第三路由器的IP地址。所述第一路由器可将所述第三路由器的IP地址作为所述封装后的报文中的IP头包括的目的IP地址。 For example, a first correspondence may be pre-configured on the first router, and the first correspondence includes the VNI and the IP address of the third router. The first router may obtain the IP address of the third router according to the first correspondence and the VNI. The first router may use the IP address of the third router as the destination IP address included in the IP header in the encapsulated packet.
举例说明,所述第一路由器上可预先配置了第二对应关系,所述第二对应关系包括地址信息和第三路由器的IP地址。所述地址信息可以是VTEP发送的VXLAN报文包括的源IP地址、目的IP地址、源MAC地址和目的MAC地址中的任意一个或任意组合。 For example, the first router may be pre-configured with a second correspondence, and the second correspondence includes address information and the IP address of the third router. The address information may be any one or any combination of the source IP address, destination IP address, source MAC address and destination MAC address included in the VXLAN packet sent by the VTEP.
以DC1和DC2之间需要进行通信的场景为例,DC1中的第一路由器获得所述封装后的报文后,依据IP头包括的目的IP地址,向DC2中的第三路由器发送所述封装后的报文。所述封装后的报文中IP头包括的目的IP地址为DC2中的第三路由器的IP地址。DC1中的第一路由器和DC2中的第三路由 器间包括有第二路由器,也就是说,DC1中的第一路由器和DC2中的第三路由器之间的路径上包括第二路由器。第二路由器可以为能够获得所述封装后的报文携带的所述VNI的路由器。DC1中的第一路由器向DC2中的第三路由器发送所述封装后的报文,所述封装后的报文会沿所述第一路由器至所述第三路由器间的路径转发至所述第二路由器。 Taking the scenario where communication between DC1 and DC2 is required as an example, after obtaining the encapsulated message, the first router in DC1 sends the encapsulated message to the third router in DC2 according to the destination IP address included in the IP header. subsequent message. The destination IP address included in the IP header in the encapsulated message is the IP address of the third router in DC2. The second router is included between the first router in DC1 and the third router in DC2, that is, the path between the first router in DC1 and the third router in DC2 includes the second router. The second router may be a router capable of obtaining the VNI carried in the encapsulated packet. The first router in DC1 sends the encapsulated message to the third router in DC2, and the encapsulated message will be forwarded to the third router along the path between the first router and the third router. Two routers.
本发明实施例提供的用于处理VXLAN报文的方法中,第一路由器根据VXLAN报文和所述VXLAN报文中的VNI获得封装后的报文,所述封装后的报文包括的IP头和ESP头之间封装有所述VNI。第一路由器向第二路由器发送所述封装后的报文,有助于所述第二路由器根据所述封装后的报文中携带的所述VNI进行进一步地业务处理,比如负载分担等业务处理,有助于提高网络运行效率。 In the method for processing a VXLAN message provided by the embodiment of the present invention, the first router obtains the encapsulated message according to the VXLAN message and the VNI in the VXLAN message, and the IP header included in the encapsulated message The VNI is encapsulated between the ESP header and the ESP header. The first router sends the encapsulated message to the second router, which helps the second router perform further service processing according to the VNI carried in the encapsulated message, such as load sharing and other service processing , which helps to improve network operation efficiency.
基于本发明第一实施例提供的用于处理VXLAN报文的方法,本发明另一实施例提供了用于处理VXLAN报文的方法。本发明另一实施例提供的的方法与本发明第一实施例提供的方法不同之处在于:所述第一路由器还可将VXLAN报文包括的UDP头插入所述封装后的报文包括的所述IP头和所述VNI之间。即本发明另一实施例提供的方法包括的S104与本发明第一实施例提供的方法中的S104不同,在此对不同之处进行说明,其它内容可参看本发明第一实施例提供的方法中的相应内容。 Based on the method for processing VXLAN packets provided in the first embodiment of the present invention, another embodiment of the present invention provides a method for processing VXLAN packets. The method provided by another embodiment of the present invention is different from the method provided by the first embodiment of the present invention in that: the first router can also insert the UDP header included in the VXLAN message into the UDP header included in the encapsulated message between the IP header and the VNI. That is, S104 included in the method provided by another embodiment of the present invention is different from S104 in the method provided by the first embodiment of the present invention, and the difference will be described here. For other content, please refer to the method provided by the first embodiment of the present invention corresponding content in .
举例说明,S104中,所述第一路由器根据所述VXLAN报文,获得封装后的报文包括:所述第一路由器从所述VXLAN报文获得所述VNI和所述UDP头;所述第一路由器对所述VXLAN报文进行IPsec-ESP封装,获得IPsec-ESP封装报文,所述IPsec-ESP封装报文包括加密的VXLAN报文、封装于加密的VXLAN报文外的ESP头和封装于ESP头外的IP头;所述第 一路由器将所述VNI和UDP头插入IPsec-ESP封装报文包括的IP头和所述ESP头之间,获得所述封装后的报文。所述封装后的报文可以为图4a或图4b所示的报文。图4a所示的报文为采用transport模式发送的封装后的报文。图4a所示的报文包括的IP头可采用图5所示的结构,图4a所示的报文包括的UDP头可采用图6所示的结构。图4b所示的报文为采用tunnel模式发送的封装后的报文。图4b所示的报文中包括的内网IP头为VTEP向第一路由器发送的VXLAN报文包括的IP头。图4b所示的报文包括的IP头可采用图5所示的结构,图4b所示的报文包括的UDP头可采用图6所示的结构。图4a和图4b中加密的VXLAN报文是VTEP发送的VXLAN经加密后获得的报文,在此不再对加密的VXLAN报文包括的内容进行赘述。 For example, in S104, obtaining the encapsulated message by the first router according to the VXLAN message includes: the first router obtains the VNI and the UDP header from the VXLAN message; A router performs IPsec-ESP encapsulation on the VXLAN message to obtain an IPsec-ESP encapsulated message. The IPsec-ESP encapsulated message includes an encrypted VXLAN message, an ESP header encapsulated outside the encrypted VXLAN message, and an encapsulation An IP header outside the ESP header; the first router inserts the VNI and UDP headers between the IP header included in the IPsec-ESP encapsulated message and the ESP header, to obtain the encapsulated message. The encapsulated message may be the message shown in Fig. 4a or Fig. 4b. The message shown in FIG. 4a is an encapsulated message sent in transport mode. The IP header included in the packet shown in FIG. 4a may adopt the structure shown in FIG. 5 , and the UDP header included in the packet shown in FIG. 4a may adopt the structure shown in FIG. 6 . The message shown in FIG. 4b is an encapsulated message sent in tunnel mode. The intranet IP header included in the message shown in FIG. 4b is the IP header included in the VXLAN message sent by the VTEP to the first router. The IP header included in the packet shown in FIG. 4b may adopt the structure shown in FIG. 5 , and the UDP header included in the packet shown in FIG. 4b may adopt the structure shown in FIG. 6 . The encrypted VXLAN message in Figure 4a and Figure 4b is a message obtained by encrypting the VXLAN message sent by the VTEP, and the content included in the encrypted VXLAN message will not be repeated here.
举例说明,S104中,所述第一路由器根据所述VXLAN报文,获得封装后的报文包括:所述第一路由器从所述VXLAN报文获得所述VNI和所述UDP头;所述第一路由器对所述VXLAN报文进行加密,获得加密后的VXLAN报文;所述第一路由器在所述加密后的VXLAN报文外逐层封装所述ESP头、所述VNI、所述UDP头和所述IP头。所述封装后的报文可以为图4a或图4b所示的报文。 For example, in S104, obtaining the encapsulated message by the first router according to the VXLAN message includes: the first router obtains the VNI and the UDP header from the VXLAN message; A router encrypts the VXLAN message to obtain the encrypted VXLAN message; the first router encapsulates the ESP header, the VNI, and the UDP header layer by layer outside the encrypted VXLAN message and the IP header. The encapsulated message may be the message shown in Fig. 4a or Fig. 4b.
举例说明,所述封装后的报文包括的IP头还可包括第一标识信息,所述第一标识信息用于标识所述封装后的报文携带有所述UDP头,所述封装于所述IP头与所述VNI之间的UDP头包括第二标识信息,所述第二标识信息用于标识所述封装后的报文携带有所述VNI。 For example, the IP header included in the encapsulated message may also include first identification information, the first identification information is used to identify that the encapsulated message carries the UDP header, and the encapsulated The UDP header between the IP header and the VNI includes second identification information, and the second identification information is used to identify that the encapsulated packet carries the VNI.
举例说明,若图4a或图4b的封装后的报文包括的IP头采用图5所示的IP头。所示第一标识信息可以携带于图5所示的IP头中的协议号字段。 在本实施例中,图5所示的IP头中的协议号字段可定义为UDP,用于表示IP头后携带了UDP头。所述第一路由器可在所述ESP头和所述IP头之间增加所述VNI和所述UDP头后,对所述IP头包含的信息进行更新。如图5所示的IP头,所述第一路由器可在所述ESP头和所述IP头之间增加了所述VNI和所述UDP头后,对IP头包括的协议号字段、总长度字段和头部校验和字段进行更新,以便携带了所述VNI和所述UDP头的封装后的报文满足格式要求。图6所示的UDP头中的目的端口号可用来携带所述第二标识信息。图6所示的UDP头中的目的端口号为ESP/VXLAN端口号,即ESP/VXLAN端口号用来标识UDP头后携带了VNI。如果UDP头后携带的是包含了VNI的VXLAN头,图6所示的UDP头中的目的端口号为ESP/VXLAN端口号,即ESP/VXLAN端口号用来标识UDP头后携带了封装有VXLAN头的ESP报文。图6所示的报文包括的UDP头中包括“UDP校验和”字段。如果图5所示的报文包括的IP头已设置了“头部校验和”,则图6所示的报文包括的UDP头中的“UDP校验和”可以设置为0。 For example, if the IP header included in the encapsulated message in FIG. 4a or FIG. 4b adopts the IP header shown in FIG. 5 . The shown first identification information may be carried in the protocol number field in the IP header shown in FIG. 5 . In this embodiment, the protocol number field in the IP header shown in FIG. 5 can be defined as UDP, which is used to indicate that the UDP header is carried after the IP header. The first router may update the information contained in the IP header after adding the VNI and the UDP header between the ESP header and the IP header. The IP header shown in Figure 5, after the first router can add the VNI and the UDP header between the ESP header and the IP header, the IP header includes the protocol number field, the total length field and the header checksum field are updated, so that the encapsulated message carrying the VNI and the UDP header meets the format requirements. The destination port number in the UDP header shown in FIG. 6 may be used to carry the second identification information. The destination port number in the UDP header shown in Figure 6 is the ESP/VXLAN port number, that is, the ESP/VXLAN port number is used to identify the VNI carried behind the UDP header. If the UDP header carries a VXLAN header that includes VNI, the destination port number in the UDP header shown in Figure 6 is the ESP/VXLAN port number, that is, the ESP/VXLAN port number is used to identify the UDP header that carries the VXLAN header. header of the ESP packet. The UDP header included in the message shown in FIG. 6 includes a "UDP checksum" field. If the IP header included in the message shown in FIG. 5 has been set with a “header checksum”, then the “UDP checksum” in the UDP header included in the message shown in FIG. 6 can be set to 0.
举例说明,DC1的第一路由器和DC2的第三路由器间可包括多条路径。所述多条路径上的每条路径可包括一台或多台路由器。所述封装后的报文包括的UDP头中的源端口号和所述封装后的报文包括的五元组信息可用来从所述多条路径中确定一条用来转发所述封装后的报文的路径。 For example, multiple paths may be included between the first router of DC1 and the third router of DC2. Each path on the plurality of paths may include one or more routers. The source port number in the UDP header included in the encapsulated message and the quintuple information included in the encapsulated message can be used to determine one of the multiple paths for forwarding the encapsulated message. path of the text.
图2为本发明第二实施例的用于处理VXLAN报文的方法的流程图。本发明第二实施例是从第二路由器的角度,对本发明实施例提供的用于处理VXLAN报文的方法进行说明。所述第二路由器可以是运营商(英文全称:provider,英文缩写:P)设备。下面结合图2,对本发明第二实施例的用于处理VXLAN报文的方法进行具体说明。 Fig. 2 is a flowchart of a method for processing VXLAN packets according to a second embodiment of the present invention. The second embodiment of the present invention describes the method for processing VXLAN packets provided by the embodiment of the present invention from the perspective of the second router. The second router may be an operator (English full name: provider, English abbreviation: P) device. The method for processing VXLAN packets according to the second embodiment of the present invention will be described in detail below with reference to FIG. 2 .
S202,第二路由器接收第一路由器发送的封装后的报文,所述封装后的报文是对来自VTEP的VXLAN报文进行IPsec-ESP封装后获得的报文,所述封装后的报文包括IP头、VNI、ESP头和加密的所述VXLAN报文,所述VNI封装于所述IP头和所述ESP头之间。 S202. The second router receives the encapsulated message sent by the first router, the encapsulated message is a message obtained after IPsec-ESP encapsulation of the VXLAN message from the VTEP, and the encapsulated message It includes an IP header, a VNI, an ESP header and the encrypted VXLAN message, and the VNI is encapsulated between the IP header and the ESP header.
举例说明,所述第二路由器处于DC1的第一路由器和DC2的第三路由器之间的路径上,所述第二路由器接收到所述第一路由器向所述第三路由器发送的封装后的报文。所述封装后的报文与本发明第一实施例中的封装后的报文相同,在此不再赘述。 For example, the second router is on a path between the first router of DC1 and the third router of DC2, and the second router receives the encapsulated message sent by the first router to the third router. arts. The encapsulated message is the same as the encapsulated message in the first embodiment of the present invention, and will not be repeated here.
可选地,所述封装后的报文包括的IP头还携带了第一标识信息,所述第一标识信息用于标识所述封装后的报文携带了所述VNI。若所述封装后的报文包括封装于所述IP头和所述ESP头的VXLAN头,所述VXLAN头包括所述VNI,则所述第一标识信息可以用于标识所述封装后的报文携带了所述VXLAN头。 Optionally, the IP header included in the encapsulated message further carries first identification information, and the first identification information is used to identify that the encapsulated message carries the VNI. If the encapsulated message includes a VXLAN header encapsulated in the IP header and the ESP header, and the VXLAN header includes the VNI, the first identification information may be used to identify the encapsulated message The text carries the VXLAN header.
举例说明,所述第二路由器接收到的封装后的报文可以是图3a或图3b所示的报文,在此不再对具体结构进行赘述。 For example, the encapsulated packet received by the second router may be the packet shown in FIG. 3a or FIG. 3b , and the specific structure will not be repeated here.
S204,所述第二路由器从所述封装后的报文获得所述VNI。 S204. The second router obtains the VNI from the encapsulated packet.
举例说明,所述第二路由器从所述封装后的报文获得所述VNI包括:所述第二路由器可根据所述封装后的报文的IP头中携带的第一标识信息,确定所述封装后的报文携带所述VNI;所述第二路由器从所述封装后的报文的IP头后获得所述封装后的报文携带的VNI。 For example, obtaining the VNI from the encapsulated message by the second router includes: the second router may determine the VNI according to the first identification information carried in the IP header of the encapsulated message. The encapsulated message carries the VNI; the second router obtains the VNI carried in the encapsulated message from the IP header of the encapsulated message.
举例说明,所述第二路由器可利用获得的VNI,对所述封装后的报文进行业务处理,例如Qos、负载分担等业务处理。VNI用于区分不同的VXLAN。所述第二路由器可通过所述VNI,确定所述封装后的报文包括的 VXLAN报文所属的租户。所述第二路由器可存储有VNI与租户的映射关系表。所述第二路由器可根据所述封装后的报文携带的VNI以及所述映射关系表,对所述封装后的报文进行负载分担操作,在此不再对具体的操作过程进行赘述。 For example, the second router may use the obtained VNI to perform service processing on the encapsulated message, such as Qos, load sharing and other service processing. VNI is used to distinguish different VXLANs. The second router may determine, through the VNI, the tenant to which the VXLAN packet included in the encapsulated packet belongs. The second router may store a mapping relationship table between VNIs and tenants. The second router may perform a load sharing operation on the encapsulated message according to the VNI carried in the encapsulated message and the mapping relationship table, and the specific operation process will not be repeated here.
本发明实施例提供的用于处理VXLAN报文的方法中,封装后的报文包括的VNI封装于IP头和ESP头之间,第二路由器可以在接收到封装后的报文后,对所述封装后的报文携带的VNI进行识别。所述第二路由器可从所述封装后的报文中获得所述VNI。这样,所述第二路由器可以利用获得的所述VNI进行进一步的业务处理,有助于提高网络运行效率。 In the method for processing the VXLAN message provided by the embodiment of the present invention, the VNI included in the encapsulated message is encapsulated between the IP header and the ESP header, and the second router may, after receiving the encapsulated message, Identify the VNI carried in the encapsulated packet. The second router may obtain the VNI from the encapsulated packet. In this way, the second router can use the obtained VNI to perform further service processing, which helps to improve network operation efficiency.
在本发明第二实施例提供的用于处理VXLAN报文的方法的基础上,本发明的另一实施例提供了用于处理VXLAN报文的方法。本发明的另一实施例提供的方法中,所述第二路由器接收到的封装后的报文包括封装于IP头和ESP头之间的VNI和UDP头,或者所述第二路由器接收到的封装后的报文包括封装于IP头和ESP头之间的VXLAN头和UDP头,所述VXLAN头包括所述VNI。本发明另一实施例提供的方法与本发明第二实施例提供的方法不同之处在于S204,下面仅对不同之处进行说明,对于相同的内容可参见本发明第二实施例提供的方法中的相应内容。 On the basis of the method for processing VXLAN packets provided in the second embodiment of the present invention, another embodiment of the present invention provides a method for processing VXLAN packets. In the method provided by another embodiment of the present invention, the encapsulated packet received by the second router includes a VNI and UDP header encapsulated between the IP header and the ESP header, or the packet received by the second router The encapsulated message includes a VXLAN header and a UDP header encapsulated between the IP header and the ESP header, and the VXLAN header includes the VNI. The difference between the method provided by another embodiment of the present invention and the method provided by the second embodiment of the present invention lies in S204, and only the differences will be described below. For the same content, please refer to the method provided by the second embodiment of the present invention corresponding content.
S202中,所述第二路由器接收到的封装后的报文包括IP头、UDP头、VNI、ESP头和加密的VXLAN报文。所述第二路由器接收到的封装后的报文可以是图4a或图4b所示的报文,在此不再对具体结构进行赘述。在该实施例中,所述封装后的报文的IP头可携带第一标识信息,所述第一标识信息用于标识所述封装后的报文携带有所述UDP头,所述UDP头为VTEP向第一路由器发送的VXLAN报文携带的UDP头。所述封装于所述IP头与 所述VNI之间的UDP头包括第二标识信息,所述第二标识信息用于标识所述封装后的报文携带有所述VNI。由于所述VNI通常会携带在VTEP向所述第一路由器发送的VXLAN报文中,若所述封装后的报文包括封装于所述IP头和所述ESP头中的VXLAN头和UDP头,则所述第二标识信息可用于标识所述封装后的报文携带有VXLAN头。 In S202, the encapsulated packet received by the second router includes an IP header, a UDP header, a VNI, an ESP header, and an encrypted VXLAN packet. The encapsulated message received by the second router may be the message shown in Figure 4a or Figure 4b, and the specific structure will not be repeated here. In this embodiment, the IP header of the encapsulated message may carry first identification information, and the first identification information is used to identify that the encapsulated message carries the UDP header, and the UDP header Indicates the UDP header carried in the VXLAN packet sent by the VTEP to the first router. The UDP header encapsulated between the IP header and the VNI includes second identification information, and the second identification information is used to identify that the encapsulated message carries the VNI. Since the VNI is usually carried in the VXLAN packet sent by the VTEP to the first router, if the encapsulated packet includes a VXLAN header and a UDP header encapsulated in the IP header and the ESP header, Then the second identification information may be used to identify that the encapsulated packet carries a VXLAN header.
举例说明,S204中,所述第二路由器从所述封装后的报文获得所述VNI包括:所述第二路由器从所述封装后的报文的IP头,获得所述IP头携带的第一标识信息;所述第二路由器根据所述第一标识信息,获得所述封装后的报文包括的位于所述IP头后的UDP头;所述第二路由器根据所述UDP头包括的目的端口号,确定所述封装后的报文携带所述VNI;所述第二路由器从所述封装后的报文的UDP头后获得所述VNI。如果所述封装后的报文的VNI携带于VXLAN头中,所述VXLAN头封装于所述封装后的报文的UDP头和ESP头之间,则所述第二路由器可从所述封装后的报文的UDP头后获得所述VXLAN头,从所述VXLAN头获得所述VNI。 For example, in S204, the second router obtaining the VNI from the encapsulated message includes: the second router obtaining the first VNI carried by the IP header from the IP header of the encapsulated message. One identification information; the second router obtains the UDP header included in the encapsulated message according to the first identification information; the second router obtains the UDP header included in the IP header according to the purpose The port number is used to determine that the encapsulated message carries the VNI; the second router obtains the VNI from the UDP header of the encapsulated message. If the VNI of the encapsulated message is carried in the VXLAN header, and the VXLAN header is encapsulated between the UDP header and the ESP header of the encapsulated message, then the second router can obtain from the encapsulated The VXLAN header is obtained after the UDP header of the packet, and the VNI is obtained from the VXLAN header.
DC2中的第三路由器接收到来自第一路由器的封装后的报文,即经第二路由器转发的封装后的报文,所述第三路由器可对所述封装后的报文进行处理,获得VXLAN报文。 The third router in DC2 receives the encapsulated message from the first router, that is, the encapsulated message forwarded by the second router, and the third router can process the encapsulated message to obtain VXLAN packets.
举例说明,若所述封装后的报文包括封装于IP头和ESP头的VNI,则所述第三路由器可对所述封装后的报文进行处理,获得VXLAN报文包括:所述第三路由器可移除所述封装后的报文包括的封装于IP头和ESP头的VNI;所述第三路由器将移除VNI后获得的报文中的IP头进行更新,获得所述VXLAN报文。所述VXLAN报文为DC2中的VTEP能够识别的报文。其中,所述第三路由器将移除VNI后获得的报文中的IP头进行更新可以包 括:所述第三路由器对移除VNI后获得的报文中的IP头的总长度字段、协议号字段和头部校验和字段进行更新,以便所述VXLAN报文能够被DC2中的VTEP识别和/或处理。 For example, if the encapsulated message includes a VNI encapsulated in an IP header and an ESP header, then the third router may process the encapsulated message to obtain a VXLAN message including: the third The router can remove the VNI encapsulated in the IP header and the ESP header included in the encapsulated message; the third router will update the IP header in the message obtained after removing the VNI to obtain the VXLAN message . The VXLAN packet is a packet that can be identified by the VTEP in DC2. Wherein, the third router updating the IP header in the message obtained after removing the VNI may include: the third router updating the total length field and the protocol number of the IP header in the message obtained after removing the VNI field and header checksum field, so that the VXLAN packet can be identified and/or processed by the VTEP in DC2.
举例说明,若所述封装后的报文包括封装于IP头和ESP头的VNI和UEP头,则所述第三路由器可对所述封装后的报文进行处理,获得VXLAN报文包括:所述第三路由器可移除所述封装后的报文包括的封装于IP头和ESP头的VNI和UDP头;所述第三路由器将移除VNI和UDP头后获得的报文中的IP头进行更新,获得所述VXLAN报文。所述VXLAN报文为DC2中的VTEP能够识别的报文。其中,所述第三路由器将移除VNI和UDP头后获得的报文中的IP头进行更新可以包括:所述第三路由器对移除VNI和UDP头后获得的报文中的IP头的总长度字段、协议号字段和头部校验和字段进行更新,以便所述VXLAN报文能够被DC2中的VTEP识别和/或处理。 For example, if the encapsulated message includes a VNI and a UEP header encapsulated in an IP header and an ESP header, then the third router may process the encapsulated message to obtain a VXLAN message including: The third router can remove the VNI and UDP header encapsulated in the IP header and the ESP header included in the encapsulated message; the third router will remove the IP header in the message obtained after the VNI and UDP header Perform an update to obtain the VXLAN message. The VXLAN packet is a packet that can be identified by the VTEP in DC2. Wherein, the third router updating the IP header in the message obtained after removing the VNI and UDP header may include: the third router updating the IP header in the message obtained after removing the VNI and UDP header The total length field, the protocol number field and the header checksum field are updated, so that the VXLAN packet can be identified and/or processed by the VTEP in DC2.
图7为本发明实施例提供的第一路由器的结构示意图。图7对应的第一路由器可以执行图1对应的实施例提供的方法。图7对应的第一路由器可以是图2对应的实施例中的第一路由器。本发明实施例提供的第一路由器包括接收单元702、处理单元704和发送单元706。 FIG. 7 is a schematic structural diagram of a first router provided by an embodiment of the present invention. The first router corresponding to FIG. 7 may execute the method provided in the embodiment corresponding to FIG. 1 . The first router corresponding to FIG. 7 may be the first router in the embodiment corresponding to FIG. 2 . The first router provided in this embodiment of the present invention includes a receiving unit 702 , a processing unit 704 and a sending unit 706 .
所述接收单元702用于接收VTEP发送的VXLAN报文,所述VXLAN报文包括VNI。 The receiving unit 702 is configured to receive a VXLAN packet sent by a VTEP, and the VXLAN packet includes a VNI.
所述处理单元704用于根据所述VXLAN报文,获得封装后的报文,所述封装后的报文是对所述VXLAN报文进行IPsec-ESP封装后获得的报文,所述封装后的报文包括IP头、所述VNI、ESP头和加密的所述VXLAN报文,所述VNI封装于所述IP头和所述ESP头之间。 The processing unit 704 is configured to obtain an encapsulated message according to the VXLAN message, the encapsulated message is a message obtained after performing IPsec-ESP encapsulation on the VXLAN message, and the encapsulated message The packet includes an IP header, the VNI, an ESP header, and the encrypted VXLAN packet, and the VNI is encapsulated between the IP header and the ESP header.
所述发送单元706用于向第二路由器发送所述封装后的报文。 The sending unit 706 is configured to send the encapsulated packet to the second router.
可选地,所述IP头包括第一标识信息,所述第一标识信息用于标识所述封装后的报文携带有所述VNI。 Optionally, the IP header includes first identification information, where the first identification information is used to identify that the encapsulated packet carries the VNI.
可选地,所述封装后的报文还包括封装于所述IP头与所述VNI之间的UDP头,所述UDP头为来自所述VTEP的所述VXLAN报文所包括的UDP头,所述IP头包括第一标识信息,所述第一标识信息用于标识所述封装后的报文携带有所述UDP头,所述封装于所述IP头与所述VNI之间的UDP头包括第二标识信息,所述第二标识信息用于标识所述封装后的报文携带有所述VNI。 Optionally, the encapsulated message further includes a UDP header encapsulated between the IP header and the VNI, where the UDP header is the UDP header included in the VXLAN message from the VTEP, The IP header includes first identification information, the first identification information is used to identify that the encapsulated message carries the UDP header, and the UDP header encapsulated between the IP header and the VNI Include second identification information, where the second identification information is used to identify that the encapsulated packet carries the VNI.
本发明实施例提供的第一路由器中,处理单元根据VXLAN报文和所述VXLAN报文中的VNI获得封装后的报文,所述封装后的报文包括的IP头和ESP头之间封装有所述VNI。发送单元向第二路由器发送所述封装后的报文,有助于所述第二路由器根据所述封装后的报文中携带的所述VNI进行进一步地业务处理,比如负载分担等业务处理,有助于提高网络运行效率。 In the first router provided by the embodiment of the present invention, the processing unit obtains the encapsulated message according to the VXLAN message and the VNI in the VXLAN message, and the IP header included in the encapsulated message and the ESP header are encapsulated There is said VNI. The sending unit sends the encapsulated message to the second router, which helps the second router perform further service processing according to the VNI carried in the encapsulated message, such as load sharing and other service processing, It helps to improve network operation efficiency.
图8为本发明另一实施例提供的第一路由器的结构示意图。所述第一路由器可执行图1对应的实施例提供的方法。所述第一路由器可为图2对应的实施例中的第一路由器。本发明实施例提供的第一路由器包括处理器801、存储器802、接口803和总线804。其中,接口803可以通过无线或有线的方式实现,例如接口803可为网络接口卡(英文全称:Network Interface Card,英文缩写:NIC)或其它用于实现通信的元件。所述处理器801、所述存储器802、所述接口803可通过所述总线804连接。 Fig. 8 is a schematic structural diagram of a first router provided by another embodiment of the present invention. The first router may execute the method provided in the embodiment corresponding to FIG. 1 . The first router may be the first router in the embodiment corresponding to FIG. 2 . The first router provided in this embodiment of the present invention includes a processor 801 , a memory 802 , an interface 803 and a bus 804 . Wherein, the interface 803 may be implemented in a wireless or wired manner, for example, the interface 803 may be a network interface card (English full name: Network Interface Card, English abbreviation: NIC) or other components for realizing communication. The processor 801 , the memory 802 , and the interface 803 may be connected through the bus 804 .
所述存储器802用于存储程序代码。可选地,所述程序代码可以包括操作系统程序和应用程序。 The memory 802 is used to store program codes. Optionally, the program code may include operating system programs and application programs.
所述处理器801根据从所述存储器802中读取的程序所包括的可执行指令,执行如下操作。 The processor 801 performs the following operations according to the executable instructions included in the program read from the memory 802 .
所述处理器801通过所述接口803,接收VTEP发送的VXLAN报文,所述VXLAN报文包括VXLAN网络标识符VNI;所述处理器801根据所述VXLAN报文,获得封装后的报文,所述封装后的报文是对所述VXLAN报文进行IPsec-ESP封装后获得的报文,所述封装后的报文包括IP头、所述VNI、ESP头和加密的所述VXLAN报文,所述VNI封装于所述IP头和所述ESP头之间;所述处理器801通过所述接口803,向第二路由器发送所述封装后的报文。 The processor 801 receives the VXLAN message sent by the VTEP through the interface 803, the VXLAN message includes a VXLAN network identifier VNI; the processor 801 obtains the encapsulated message according to the VXLAN message, The encapsulated message is a message obtained after IPsec-ESP encapsulation of the VXLAN message, and the encapsulated message includes an IP header, the VNI, an ESP header, and the encrypted VXLAN message , the VNI is encapsulated between the IP header and the ESP header; the processor 801 sends the encapsulated packet to the second router through the interface 803 .
可选地,所述IP头包括第一标识信息,所述第一标识信息用于标识所述封装后的报文携带有所述VNI。 Optionally, the IP header includes first identification information, where the first identification information is used to identify that the encapsulated packet carries the VNI.
可选地,所述封装后的报文还包括封装于所述IP头与所述VNI之间的UDP头,所述UDP头为来自所述VTEP的所述VXLAN报文所包括的UDP头,所述IP头包括第一标识信息,所述第一标识信息用于标识所述封装后的报文携带有所述UDP头,所述封装于所述IP头与所述VNI之间的UDP头包括第二标识信息,所述第二标识信息用于标识所述封装后的报文携带有所述VNI。 Optionally, the encapsulated message further includes a UDP header encapsulated between the IP header and the VNI, where the UDP header is the UDP header included in the VXLAN message from the VTEP, The IP header includes first identification information, the first identification information is used to identify that the encapsulated message carries the UDP header, and the UDP header encapsulated between the IP header and the VNI Include second identification information, where the second identification information is used to identify that the encapsulated packet carries the VNI.
本发明实施例提供的第一路由器中,处理器801根据VXLAN报文和所述VXLAN报文中的VNI获得封装后的报文,所述封装后的报文包括的IP头和ESP头之间封装有所述VNI。处理器801通过接口803,向第二路由器发送所述封装后的报文,有助于所述第二路由器根据所述封装后的报文中携带的所述VNI进行进一步地业务处理,比如负载分担等业务处理,有助于提高网络运行效率。 In the first router provided in the embodiment of the present invention, the processor 801 obtains the encapsulated message according to the VXLAN message and the VNI in the VXLAN message, and the encapsulated message includes the IP header and the ESP header. Packaged with the VNI. The processor 801 sends the encapsulated message to the second router through the interface 803, which helps the second router perform further service processing according to the VNI carried in the encapsulated message, such as load Sharing and other business processing helps to improve network operation efficiency.
图9为本发明实施例提供的第二路由器的结构示意图。图9所示的第二路由器可执行图2对应的实施例提供的方法。图9所示的第二路由器可以为图1对应的实施例中的第二路由器。本发明实施例提供的第二路由器包括接收单元902和处理单元904。 FIG. 9 is a schematic structural diagram of a second router provided by an embodiment of the present invention. The second router shown in FIG. 9 may execute the method provided in the embodiment corresponding to FIG. 2 . The second router shown in FIG. 9 may be the second router in the embodiment corresponding to FIG. 1 . The second router provided in this embodiment of the present invention includes a receiving unit 902 and a processing unit 904 .
所述接收单元902用于接收第一路由器发送的封装后的报文。所述封装后的报文是对来自VTEP的所述VXLAN报文进行IPsec-ESP封装后获得的报文,所述封装后的报文包括IP头、VNI、ESP头和加密的所述VXLAN报文,所述VNI封装于所述IP头和所述ESP头之间。 The receiving unit 902 is configured to receive the encapsulated message sent by the first router. The encapsulated message is a message obtained after IPsec-ESP encapsulation of the VXLAN message from the VTEP, and the encapsulated message includes an IP header, VNI, ESP header and encrypted VXLAN message In the text, the VNI is encapsulated between the IP header and the ESP header.
所述处理单元904用于从所述封装后的报文获得所述VNI。 The processing unit 904 is configured to obtain the VNI from the encapsulated packet.
举例说明,若所述IP头包括第一标识信息,所述第一标识信息用于标识所述封装后的报文携带有所述VNI,则所述处理单元904具体用于根据所述IP头包括的所述第一标识信息,确定所述封装后的报文包括所述VNI;所述处理单元904具体用于从所述IP头和所述ESP头之间获得所述VNI。 For example, if the IP header includes first identification information, and the first identification information is used to identify that the encapsulated packet carries the VNI, the processing unit 904 is specifically configured to The included first identification information determines that the encapsulated packet includes the VNI; the processing unit 904 is specifically configured to obtain the VNI from between the IP header and the ESP header.
举例说明,若所述封装后的报文还包括封装于所述IP头与所述VNI之间的UDP头,所述UDP头为来自所述VTEP的所述VXLAN报文包括的UDP头,所述IP头包括第一标识信息,所述第一标识信息用于标识所述封装后的报文携带有所述UDP头,所述封装于所述IP头与所述VNI之间的UDP头包括第二标识信息,所述第二标识信息用于标识所述封装后的报文携带有所述VNI,则所述处理单元904具体用于根据所述IP头包括的所述第一标识信息,获得封装于所述IP头与所述VNI之间的UDP头;所述处理单元904具体用于根据封装于所述IP头与所述VNI之间的UDP头包括的所述第二标识信息,确定所述封装后的报文包括所述VNI;所述处理单元904具体用于从所述IP头和所述ESP头之间获得所述VNI。 For example, if the encapsulated message also includes a UDP header encapsulated between the IP header and the VNI, and the UDP header is the UDP header included in the VXLAN message from the VTEP, the The IP header includes first identification information, the first identification information is used to identify that the encapsulated message carries the UDP header, and the UDP header encapsulated between the IP header and the VNI includes second identification information, where the second identification information is used to identify that the encapsulated packet carries the VNI, and the processing unit 904 is specifically configured to, according to the first identification information included in the IP header, Obtaining the UDP header encapsulated between the IP header and the VNI; the processing unit 904 is specifically configured to, according to the second identification information included in the UDP header encapsulated between the IP header and the VNI, It is determined that the encapsulated packet includes the VNI; the processing unit 904 is specifically configured to obtain the VNI from between the IP header and the ESP header.
本发明实施例提供的第二路由器中,封装后的报文包括的VNI封装于IP头和ESP头之间,处理单元904可以在接收到封装后的报文后,对所述封装后的报文携带的VNI进行识别。所述处理单元904可从所述封装后的报文中获得所述VNI。这样,所述第二路由器可以利用获得的所述VNI进行进一步的业务处理,有助于提高网络运行效率。 In the second router provided by the embodiment of the present invention, the VNI included in the encapsulated message is encapsulated between the IP header and the ESP header, and the processing unit 904 may process the encapsulated message after receiving the encapsulated message. The VNI carried in the file is identified. The processing unit 904 may obtain the VNI from the encapsulated packet. In this way, the second router can use the obtained VNI to perform further service processing, which helps to improve network operation efficiency.
图10为本发明另一实施例提供的第二路由器结构示意图。所述第二路由器可以执行图2对应的实施例提供的方法。所述第二路由器可以为1对应的实施例中的第二路由器。本发明实施例提供的第二路由器包括:处理器1001、存储器1002、接口1003和总线1004。其中,接口1003可以通过无线或有线的方式实现,比如NIC或其它用于实现通信的元件。所述处理器1001、所述存储器1002、所述接口1003通过所述总线1004连接。 FIG. 10 is a schematic structural diagram of a second router provided by another embodiment of the present invention. The second router may execute the method provided in the embodiment corresponding to FIG. 2 . The second router may be the second router in the embodiment corresponding to 1. The second router provided in this embodiment of the present invention includes: a processor 1001 , a memory 1002 , an interface 1003 and a bus 1004 . Wherein, the interface 1003 may be implemented in a wireless or wired manner, such as a NIC or other components for implementing communication. The processor 1001 , the memory 1002 , and the interface 1003 are connected through the bus 1004 .
所述存储器1002用于存储程序代码。可选的,程序代码可以包括操作系统程序和应用程序。 The memory 1002 is used to store program codes. Optionally, the program code may include operating system programs and application programs.
所述处理器1001根据从所述存储器1002中读取的程序所包括的可执行指令,执行如下操作。 The processor 1001 performs the following operations according to the executable instructions included in the program read from the memory 1002 .
所述处理器1001通过所述接口1003,接收第一路由器发送的封装后的报文。所述封装后的报文是对来自VTEP的所述VXLAN报文进行IPsec-ESP封装后获得的报文,所述封装后的报文包括IP头、VNI、ESP头和加密的所述VXLAN报文,所述VNI封装于所述IP头和所述ESP头之间;所述处理器1001从所述封装后的报文获得所述VNI。 The processor 1001 receives the encapsulated packet sent by the first router through the interface 1003 . The encapsulated message is a message obtained after IPsec-ESP encapsulation of the VXLAN message from the VTEP, and the encapsulated message includes an IP header, VNI, ESP header and encrypted VXLAN message In the packet, the VNI is encapsulated between the IP header and the ESP header; the processor 1001 obtains the VNI from the encapsulated packet.
举例说明,若所述IP头包括第一标识信息,所述第一标识信息用于标识所述封装后的报文携带有所述VNI,则所述处理器1001根据所述IP头包括的所述第一标识信息,确定所述封装后的报文包括所述VNI;所述处 理器1001从所述IP头和所述ESP头之间获得所述VNI。 For example, if the IP header includes first identification information, and the first identification information is used to identify that the encapsulated packet carries the VNI, then the processor 1001 The first identification information is used to determine that the encapsulated packet includes the VNI; the processor 1001 obtains the VNI from between the IP header and the ESP header.
举例说明,若所述封装后的报文还包括封装于所述IP头与所述VNI之间的UDP头,所述UDP头为来自所述VTEP的所述VXLAN报文包括的UDP头,所述IP头包括第一标识信息,所述第一标识信息用于标识所述封装后的报文携带有所述UDP头,所述封装于所述IP头与所述VNI之间的UDP头包括第二标识信息,所述第二标识信息用于标识所述封装后的报文携带有所述VNI,则所述处理器1001根据所述IP头包括的所述第一标识信息,获得封装于所述IP头与所述VNI之间的UDP头;所述处理器1001根据封装于所述IP头与所述VNI之间的UDP头包括的所述第二标识信息,确定所述封装后的报文包括所述VNI;所述处理器1001从所述IP头和所述ESP头之间获得所述VNI。 For example, if the encapsulated message also includes a UDP header encapsulated between the IP header and the VNI, and the UDP header is the UDP header included in the VXLAN message from the VTEP, the The IP header includes first identification information, the first identification information is used to identify that the encapsulated message carries the UDP header, and the UDP header encapsulated between the IP header and the VNI includes The second identification information, where the second identification information is used to identify that the encapsulated message carries the VNI, then the processor 1001 obtains the packaged packet according to the first identification information included in the IP header. the UDP header between the IP header and the VNI; the processor 1001 determines the encapsulated UDP header according to the second identification information included in the UDP header encapsulated between the IP header and the VNI The packet includes the VNI; the processor 1001 obtains the VNI from between the IP header and the ESP header.
本发明实施例提供的第二路由器中,封装后的报文包括的VNI封装于IP头和ESP头之间,处理器1001可以在接收到封装后的报文后,对所述封装后的报文携带的VNI进行识别。所述处理器1001可从所述封装后的报文中获得所述VNI。这样,所述第二路由器可以利用获得的所述VNI进行进一步的业务处理,有助于提高网络运行效率。 In the second router provided in the embodiment of the present invention, the VNI included in the encapsulated message is encapsulated between the IP header and the ESP header, and the processor 1001 may, after receiving the encapsulated message, process the encapsulated message The VNI carried in the file is identified. The processor 1001 may obtain the VNI from the encapsulated packet. In this way, the second router can use the obtained VNI to perform further service processing, which helps to improve network operation efficiency.
图11为本发明实施例提供的用于处理VXLAN报文的系统。本发明实施例提供的系统可以包括前述图7或图8对应的实施例提供的第一路由器和图9或图10对应的实施例提供的第二路由器,在此不再对第一路由器和第二路由器进行赘述。 FIG. 11 is a system for processing VXLAN packets provided by an embodiment of the present invention. The system provided in this embodiment of the present invention may include the first router provided in the embodiment corresponding to FIG. 7 or FIG. 8 and the second router provided in the embodiment corresponding to FIG. 9 or FIG. 10 . The second router will be described in detail.
本领域普通技术人员将会理解,本发明的各个方面、或各个方面的可能实现方式可以被具体实施为系统、方法或者计算机程序产品。因此,本发明的各方面、或各个方面的可能实现方式可以采用完全硬件实施例、完 全软件实施例(包括固件、驻留软件等等),或者组合软件和硬件方面的实施例的形式,在这里都统称为“电路”、“模块”或者“系统”。此外,本发明的各方面、或各个方面的可能实现方式可以采用计算机程序产品的形式,计算机程序产品是指存储在计算机可读介质中的计算机可读程序代码。 Those of ordinary skill in the art will understand that various aspects of the present invention, or possible implementations of various aspects, may be embodied as systems, methods or computer program products. Thus, aspects of the present invention, or possible implementations of various aspects, may take the form of an entirely hardware embodiment, an entirely software embodiment (including firmware, resident software, etc.), or an embodiment combining software and hardware aspects, described in These are collectively referred to herein as "circuits," "modules," or "systems." In addition, aspects of the present invention, or possible implementations of various aspects, may take the form of computer program products, and computer program products refer to computer-readable program codes stored in computer-readable media.
计算机可读介质可以是计算机可读信号介质或者计算机可读存储介质。计算机可读存储介质包含但不限于电子、磁性、光学、电磁、红外或半导体系统、设备或者装置,或者前述的任意适当组合,如随机存取存储器(英文全称:random access memory,英文缩写:RAM)、只读存储器(英文全称:read-only memory,英文缩写:ROM)、可擦除可编程只读存储器((英文全称:erasable programmable read only memory,英文缩写:EPROM)或者快闪存储器)、光纤、便携式只读存储器(英文全称:compact disc read-only memory,英文缩写:CD-ROM)。 The computer readable medium may be a computer readable signal medium or a computer readable storage medium. Computer-readable storage media include but are not limited to electronic, magnetic, optical, electromagnetic, infrared or semiconductor systems, equipment or devices, or any appropriate combination of the foregoing, such as random access memory (English full name: random access memory, English abbreviation: RAM ), read-only memory (English full name: read-only memory, English abbreviation: ROM), erasable programmable read-only memory ((English full name: erasable programmable read only memory, English abbreviation: EPROM) or flash memory), Optical fiber, portable read-only memory (English full name: compact disc read-only memory, English abbreviation: CD-ROM).
计算机中的处理器读取存储在计算机可读介质中的计算机可读程序代码,使得处理器能够执行在流程图中每个步骤、或各步骤的组合中规定的功能动作;生成实施在框图的每一块、或各块的组合中规定的功能动作的装置。 The processor in the computer reads the computer-readable program code stored in the computer-readable medium, so that the processor can execute the functional actions specified in each step in the flow chart, or a combination of steps; A device that performs functional actions specified in each block or a combination of blocks.
计算机可读程序代码可以完全在用户的本地计算机上执行、部分在用户的本地计算机上执行、作为单独的软件包、部分在用户的本地计算机上并且部分在远程计算机上,或者完全在远程计算机或者服务器上执行。也应该注意,在某些替代实施方案中,在流程图中各步骤、或框图中各块所注明的功能可能不按图中注明的顺序发生。例如,依赖于所涉及的功能,接连示出的两个步骤、或两个块实际上可能被大致同时执行,或者这些块 有时候可能被以相反顺序执行。 The computer readable program code may execute entirely on the user's local computer, partly on the user's local computer, as a separate software package, partly on the user's local computer and partly on a remote computer, or entirely on the remote computer or Execute on the server. It should also be noted that, in some alternative implementations, the functions noted at the steps in the flowcharts or blocks in the block diagrams may occur out of the order noted in the figures. For example, two steps, or two blocks shown in succession, may in fact be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved.
显然,本领域的技术人员可以对本发明进行各种改动和变型而不脱离本发明的精神和范围。这样,倘若本发明的这些修改和变型属于本发明权利要求及其等同技术的范围之内,则本发明也意图包含这些改动和变型在内。 Obviously, those skilled in the art can make various changes and modifications to the present invention without departing from the spirit and scope of the present invention. Thus, if these modifications and variations of the present invention fall within the scope of the claims of the present invention and equivalent technologies thereof, the present invention also intends to include these modifications and variations.
Claims (13)
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510127449.9A CN106161225B (en) | 2015-03-23 | 2015-03-23 | Method, device and system for processing VXLAN packets |
| PCT/CN2015/097523 WO2016150205A1 (en) | 2015-03-23 | 2015-12-15 | Method, device and system for processing vxlan message |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510127449.9A CN106161225B (en) | 2015-03-23 | 2015-03-23 | Method, device and system for processing VXLAN packets |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106161225A true CN106161225A (en) | 2016-11-23 |
| CN106161225B CN106161225B (en) | 2019-05-28 |
Family
ID=56977035
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510127449.9A Active CN106161225B (en) | 2015-03-23 | 2015-03-23 | Method, device and system for processing VXLAN packets |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN106161225B (en) |
| WO (1) | WO2016150205A1 (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106878278A (en) * | 2017-01-09 | 2017-06-20 | 新华三技术有限公司 | A kind of message processing method and device |
| CN108111471A (en) * | 2016-11-25 | 2018-06-01 | 中国电信股份有限公司 | Processing method, system and the VTEP of message |
| CN109412922A (en) * | 2017-08-15 | 2019-03-01 | 华为技术有限公司 | A kind of method of transmitting message, forwarding device, controller and system |
| CN109525477A (en) * | 2018-09-30 | 2019-03-26 | 华为技术有限公司 | Communication means, device and system in data center between virtual machine |
| CN115766063A (en) * | 2022-09-26 | 2023-03-07 | 中国电子科技集团公司第三十研究所 | Data transmission method, device, equipment and medium |
| WO2023125993A1 (en) * | 2021-12-31 | 2023-07-06 | 苏州盛科通信股份有限公司 | Tunnel encryption, forwarding and decryption methods and apparatuses |
| CN116800486A (en) * | 2023-06-13 | 2023-09-22 | 中科驭数(北京)科技有限公司 | Cloud network communication method and system |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110912859B (en) * | 2018-09-17 | 2021-12-14 | 华为技术有限公司 | Method for sending message, method for receiving message and network device |
| CN113794616B (en) * | 2021-08-31 | 2023-04-18 | 新华三信息安全技术有限公司 | Message forwarding method and device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103095546A (en) * | 2013-01-28 | 2013-05-08 | 华为技术有限公司 | Method, device and data center network for processing messages |
| WO2014028094A1 (en) * | 2012-08-14 | 2014-02-20 | Vmware, Inc. | Method and system for virtual and physical network integration |
| CN104104747A (en) * | 2014-07-28 | 2014-10-15 | 杭州华三通信技术有限公司 | Method and device for message transmission |
| CN104335532A (en) * | 2012-06-04 | 2015-02-04 | 瑞典爱立信有限公司 | Routing VLAN tagged packets to far end addresses of virtual forwarding instances using separate administrations |
-
2015
- 2015-03-23 CN CN201510127449.9A patent/CN106161225B/en active Active
- 2015-12-15 WO PCT/CN2015/097523 patent/WO2016150205A1/en not_active Ceased
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104335532A (en) * | 2012-06-04 | 2015-02-04 | 瑞典爱立信有限公司 | Routing VLAN tagged packets to far end addresses of virtual forwarding instances using separate administrations |
| WO2014028094A1 (en) * | 2012-08-14 | 2014-02-20 | Vmware, Inc. | Method and system for virtual and physical network integration |
| CN103095546A (en) * | 2013-01-28 | 2013-05-08 | 华为技术有限公司 | Method, device and data center network for processing messages |
| CN104104747A (en) * | 2014-07-28 | 2014-10-15 | 杭州华三通信技术有限公司 | Method and device for message transmission |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108111471A (en) * | 2016-11-25 | 2018-06-01 | 中国电信股份有限公司 | Processing method, system and the VTEP of message |
| CN106878278B (en) * | 2017-01-09 | 2021-06-22 | 新华三技术有限公司 | Message processing method and device |
| CN106878278A (en) * | 2017-01-09 | 2017-06-20 | 新华三技术有限公司 | A kind of message processing method and device |
| CN109412922A (en) * | 2017-08-15 | 2019-03-01 | 华为技术有限公司 | A kind of method of transmitting message, forwarding device, controller and system |
| CN109412922B (en) * | 2017-08-15 | 2021-07-20 | 华为技术有限公司 | Method, forwarding device, controller and system for transmitting message |
| CN109525477A (en) * | 2018-09-30 | 2019-03-26 | 华为技术有限公司 | Communication means, device and system in data center between virtual machine |
| WO2020063528A1 (en) * | 2018-09-30 | 2020-04-02 | 华为技术有限公司 | Method, apparatus and system for communication between virtual machines in data center |
| WO2023125993A1 (en) * | 2021-12-31 | 2023-07-06 | 苏州盛科通信股份有限公司 | Tunnel encryption, forwarding and decryption methods and apparatuses |
| CN116418537A (en) * | 2021-12-31 | 2023-07-11 | 苏州盛科通信股份有限公司 | Tunnel encryption, forwarding and decryption method and device |
| CN116418537B (en) * | 2021-12-31 | 2025-11-25 | 苏州盛科通信股份有限公司 | Tunnel encryption, forwarding, and decryption methods and devices |
| CN115766063A (en) * | 2022-09-26 | 2023-03-07 | 中国电子科技集团公司第三十研究所 | Data transmission method, device, equipment and medium |
| CN115766063B (en) * | 2022-09-26 | 2024-09-27 | 中国电子科技集团公司第三十研究所 | Data transmission method, device, equipment and medium |
| CN116800486A (en) * | 2023-06-13 | 2023-09-22 | 中科驭数(北京)科技有限公司 | Cloud network communication method and system |
| CN116800486B (en) * | 2023-06-13 | 2024-06-07 | 中科驭数(北京)科技有限公司 | Cloud network communication method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2016150205A1 (en) | 2016-09-29 |
| CN106161225B (en) | 2019-05-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US12218924B2 (en) | Segmentation of encrypted segments in networks | |
| CN106161225A (en) | For processing method, the Apparatus and system of VXLAN message | |
| TWI504193B (en) | Method and system for offloading tunnel packets in cloud computing | |
| US10986075B2 (en) | Distributing packets across processing cores | |
| EP3309993A1 (en) | Method, device and system for processing vxlan packet | |
| CN102882789B (en) | A kind of data message processing method, system and equipment | |
| CN105591982B (en) | A kind of method and apparatus of message transmissions | |
| EP3076612A1 (en) | Packet processing method, node and system | |
| CN104993993B (en) | A kind of message processing method, equipment and system | |
| JP5871063B2 (en) | Multi-tenant system, switch, controller, and packet transfer method | |
| CN111385259B (en) | A data transmission method, device, related equipment and storage medium | |
| CN110912859B (en) | Method for sending message, method for receiving message and network device | |
| CN101325557A (en) | A method, system and device for tunnel load sharing | |
| WO2016086670A1 (en) | Vxlan packet transmission method and apparatus, and storage medium | |
| CN106603550A (en) | Network isolation method and network isolation device | |
| CN104579973B (en) | Message forwarding method and device in a kind of Virtual Cluster | |
| CN105471827A (en) | Message transmission method and device | |
| CN112217685A (en) | Tunnel detection method, terminal device, system, computer device and storage medium | |
| CN105592030A (en) | IP message processing method and device | |
| CN105635076A (en) | Media transmission method and device | |
| CN104219160A (en) | Method and device for generating input parameters | |
| EP3389231B1 (en) | Cluster and forwarding method | |
| CN104038403B (en) | Message encapsulating method and device, message de-encapsulation method and device | |
| CN108471374A (en) | The retransmission method and device of data message | |
| CN107231309A (en) | Obtain method, controller and the purpose switching node of SDN the whole network views |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |