CN106713100B - A kind of method, CPE and convergence device for establishing tunnel automatically - Google Patents
A kind of method, CPE and convergence device for establishing tunnel automatically Download PDFInfo
- Publication number
- CN106713100B CN106713100B CN201510790045.8A CN201510790045A CN106713100B CN 106713100 B CN106713100 B CN 106713100B CN 201510790045 A CN201510790045 A CN 201510790045A CN 106713100 B CN106713100 B CN 106713100B
- Authority
- CN
- China
- Prior art keywords
- tunnel
- cpe
- address
- identifier
- configuration parameters
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Small-Scale Networks (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Description
技术领域technical field
本发明涉及通信领域,尤其涉及一种自动建立隧道的方法、用户终端设备(Customer Premise Equipment,简称CPE)及汇聚设备。The present invention relates to the communication field, in particular to a method for automatically establishing a tunnel, a customer premise equipment (Customer Premise Equipment, CPE for short) and a converging device.
背景技术Background technique
隧道技术(Tunneling)是一种通过互联网的基础设施在网络之间传递数据的方式。隧道传递的数据可以是不同协议的数据帧或包。隧道协议将其它协议的数据帧或数据包重新封装然后通过隧道发送,新的帧头提供路由信息,以便通过互联网传递被封装的负载数据。在以太网中,隧道技术包括:二层隧道协议(Layer 2Tunneling Protocol,简称L2TP),通用路由封装(Generic Routing Encapsulation,简称GRE),使用通用路由封装的虚拟网络(Network Virtualization using Generic Routing Encapsulation,简称NVGRE),虚拟扩展局域网(Virtual Extensible LAN,简称VXLAN)等。CPE可以为多个终端提供网络接入服务,企业用户通过CPE可以十分方便地将企业网络中的终端连入互联网。Tunneling is a method of transmitting data between networks through the Internet infrastructure. The data transmitted by the tunnel can be data frames or packets of different protocols. The tunneling protocol re-encapsulates data frames or data packets of other protocols and then sends them through the tunnel. The new frame header provides routing information so that the encapsulated payload data can be transmitted through the Internet. In Ethernet, tunneling technologies include: Layer 2 Tunneling Protocol (L2TP for short), Generic Routing Encapsulation (GRE for short), and Network Virtualization using Generic Routing Encapsulation (GRE for short). NVGRE), Virtual Extended LAN (Virtual Extensible LAN, VXLAN for short), etc. CPE can provide network access services for multiple terminals, and enterprise users can easily connect terminals in the enterprise network to the Internet through CPE.
现有建立隧道技术中,网络配置人员需要为CPE和汇聚设备(例如路由器)分别设置隧道地址与媒体访问控制(Media Access Control,简称MAC)地址(或网际协议(Internet Protocol,简称IP)地址)之间的映射关系。举例来说,网络配置人员分别为CPE和汇聚设备设置隧道地址以及隧道协议,CPE与汇聚设备进行点对点协议(Point to PointProtocol,简称PPP)协商,进行PPP信息交换,从而获取隧道的配置变量,如IP地址,加密或压缩等,CPE可以根据隧道配置变量建立与汇聚设备的隧道连接,用户可以通过该隧道将以太网二层报文透传到汇聚设备。In the existing tunnel establishment technology, the network configuration personnel need to set the tunnel address and the Media Access Control (MAC for short) address (or Internet Protocol (IP) address for short) respectively for the CPE and the aggregation device (such as a router). mapping relationship between them. For example, the network configuration personnel set the tunnel address and tunnel protocol for the CPE and the aggregation device respectively, and the CPE and the aggregation device perform Point to Point Protocol (PPP) negotiation and exchange PPP information to obtain tunnel configuration variables, such as IP address, encryption or compression, etc., the CPE can establish a tunnel connection with the aggregation device according to the tunnel configuration variables, and the user can transparently transmit the Ethernet layer 2 packets to the aggregation device through the tunnel.
在实际应用中,一般需要通过多个CPE建立企业网络,在CPE及汇聚设备之间建立或维护的隧道时,都需要人工进行配置和调试,因此建立隧道的效率低,成本较高。In practical applications, it is generally necessary to establish an enterprise network through multiple CPEs. When establishing or maintaining tunnels between CPEs and aggregation devices, manual configuration and debugging are required. Therefore, the efficiency of tunnel establishment is low and the cost is high.
发明内容Contents of the invention
本申请提供了一种自动建立隧道的方法、CPE以及汇聚设备,能够自动建立CPE和汇聚设备之间的隧道,无需人工进行配置和调试,提高了配置隧道的效率并降低了配置隧道的成本。The present application provides a method for automatically establishing a tunnel, a CPE and a convergence device, which can automatically establish a tunnel between the CPE and the convergence device without manual configuration and debugging, which improves the efficiency of configuring the tunnel and reduces the cost of configuring the tunnel.
第一方面,提供了一种自动建立隧道的方法,包括:In the first aspect, a method for automatically establishing a tunnel is provided, including:
CPE向汇聚设备发送PPP连接请求以建立与汇聚设备之间的PPP连接,接收汇聚设备通过PPP连接发送的隧道配置参数,根据隧道配置参数建立与汇聚设备的隧道。The CPE sends a PPP connection request to the aggregation device to establish a PPP connection with the aggregation device, receives the tunnel configuration parameters sent by the aggregation device through the PPP connection, and establishes a tunnel with the aggregation device according to the tunnel configuration parameters.
这样,CPE通过PPP连接可以获得汇聚设备反馈的隧道配置参数,自动配置隧道配置参数,建立与汇聚设备的隧道连接,无需人工进行配置和调试,提高了配置隧道的效率。In this way, the CPE can obtain the tunnel configuration parameters fed back by the aggregation device through the PPP connection, automatically configure the tunnel configuration parameters, and establish a tunnel connection with the aggregation device without manual configuration and debugging, which improves the efficiency of tunnel configuration.
结合第一方面,在第一方面的第一种实现方式中,CPE根据隧道配置参数建立与汇聚设备的隧道包括:若隧道配置参数包括L2TP标识,则CPE向汇聚设备发送BCP请求,以使得汇聚设备根据BCP请求建立与CPE之间的L2TP隧道。With reference to the first aspect, in the first implementation manner of the first aspect, the establishment of the tunnel between the CPE and the convergence device according to the tunnel configuration parameters includes: if the tunnel configuration parameters include the L2TP identifier, the CPE sends a BCP request to the convergence device so that the convergence The device establishes an L2TP tunnel with the CPE according to the BCP request.
这样,通过L2TP标识,就可以在CPE与汇聚设备间自动配置并建立起L2TP隧道。In this way, the L2TP tunnel can be automatically configured and established between the CPE and the aggregation device through the L2TP identifier.
结合第一方面,在第一方面的第二种实现方式中,隧道配置参数中的隧道类型参数包括隧道类型标识、网络层的第一网际协议IP地址以及第二IP地址;With reference to the first aspect, in the second implementation manner of the first aspect, the tunnel type parameter in the tunnel configuration parameter includes a tunnel type identifier, a first IP address of the network layer, and a second IP address;
CPE根据第一IP地址确定隧道的源地址,并根据第二IP地址确定隧道的目的地址,第一IP地址与CPE对应,第二IP地址与汇聚设备对应,隧道与隧道类型标识对应;The CPE determines the source address of the tunnel according to the first IP address, and determines the destination address of the tunnel according to the second IP address, the first IP address corresponds to the CPE, the second IP address corresponds to the aggregation device, and the tunnel corresponds to the tunnel type identifier;
CPE将局域网接口与隧道的隧道接口进行绑定。The CPE binds the LAN interface to the tunnel interface of the tunnel.
结合第一方面的第二种实现方式,在第一方面的第三种实现方式中,In combination with the second implementation of the first aspect, in the third implementation of the first aspect,
当隧道类型标识为GRE标识时,隧道为GRE隧道;When the tunnel type identifier is GRE identifier, the tunnel is a GRE tunnel;
当隧道类型标识为NVGRE标识时,隧道为NVGRE隧道;When the tunnel type identifier is NVGRE identifier, the tunnel is an NVGRE tunnel;
当隧道类型标识为VXLAN标识时,隧道为VXLAN隧道。When the tunnel type is identified as VXLAN, the tunnel is a VXLAN tunnel.
这样,通过在隧道类型参数中的隧道类型标识,CPE的IP地址和汇聚设备的IP地址,就可以在CPE与汇聚设备间自动配置并建立起与隧道类型标识对应的隧道。In this way, through the tunnel type identifier in the tunnel type parameter, the IP address of the CPE and the IP address of the convergence device, a tunnel corresponding to the tunnel type identifier can be automatically configured and established between the CPE and the convergence device.
第二方面提供一种自动建立隧道的方法,包括:The second aspect provides a method for automatically establishing a tunnel, including:
汇聚设备接收CPE发送的PPP连接请求,根据PPP连接请求建立与CPE之间的PPP连接,获取隧道配置参数,通过PPP连接将隧道配置参数发送给CPE,根据隧道配置参数建立与CPE的隧道。The aggregation device receives the PPP connection request sent by the CPE, establishes a PPP connection with the CPE according to the PPP connection request, obtains the tunnel configuration parameters, sends the tunnel configuration parameters to the CPE through the PPP connection, and establishes a tunnel with the CPE according to the tunnel configuration parameters.
这样,汇聚设备通过PPP连接可以将隧道配置参数发送给CPE,自动配置隧道配置参数,建立与CPE的隧道连接,无需人工进行配置和调试,提高了配置隧道的效率。In this way, the aggregation device can send the tunnel configuration parameters to the CPE through the PPP connection, automatically configure the tunnel configuration parameters, and establish a tunnel connection with the CPE without manual configuration and debugging, which improves the efficiency of tunnel configuration.
结合第二方面,在第二方面的第一种实现方式中,汇聚设备根据隧道配置参数建立与CPE的隧道包括:With reference to the second aspect, in the first implementation manner of the second aspect, the aggregation device establishes a tunnel with the CPE according to tunnel configuration parameters including:
若隧道配置参数包括L2TP标识,则汇聚设备接收CPE发送的BCP请求,根据BCP请求建立与CPE的L2TP隧道。这样,通过L2TP标识,就可以在CPE与汇聚设备间自动配置并建立起L2TP隧道。If the tunnel configuration parameters include the L2TP identifier, the converging device receives the BCP request sent by the CPE, and establishes an L2TP tunnel with the CPE according to the BCP request. In this way, the L2TP tunnel can be automatically configured and established between the CPE and the aggregation device through the L2TP identifier.
结合的第二方面,在第二方面的第二种实现方式中,隧道配置参数包括隧道类型标识、网络层的第一IP地址以及第二IP地址;In the second aspect of the combination, in the second implementation of the second aspect, the tunnel configuration parameters include a tunnel type identifier, a first IP address of the network layer, and a second IP address;
汇聚设备根据隧道配置参数建立与CPE的隧道包括:The aggregation device establishes a tunnel with the CPE according to the tunnel configuration parameters, including:
汇聚设备根据第二IP地址确定隧道的源地址,并根据第一IP地址确定隧道的目的地址,第一IP地址与CPE对应,第二IP地址与汇聚设备对应,隧道与隧道类型标识对应。The convergence device determines the source address of the tunnel according to the second IP address, and determines the destination address of the tunnel according to the first IP address, the first IP address corresponds to the CPE, the second IP address corresponds to the convergence device, and the tunnel corresponds to the tunnel type identifier.
结合的第二方面的第二种实现方式,在第二方面的第三种实现方式中,In the second implementation of the second aspect of the combination, in the third implementation of the second aspect,
当隧道类型标识为GRE标识时,隧道为GRE隧道;When the tunnel type identifier is GRE identifier, the tunnel is a GRE tunnel;
当隧道类型标识为NVGRE标识时,隧道为NVGRE隧道;When the tunnel type identifier is NVGRE identifier, the tunnel is an NVGRE tunnel;
当隧道类型标识为VXLAN标识时,隧道为VXLAN隧道。When the tunnel type is identified as VXLAN, the tunnel is a VXLAN tunnel.
这样,通过在隧道类型参数中的隧道类型标识,CPE的IP地址和汇聚设备的IP地址,就可以在CPE与汇聚设备间自动配置并建立起与隧道类型标识对应的隧道。In this way, through the tunnel type identifier in the tunnel type parameter, the IP address of the CPE and the IP address of the convergence device, a tunnel corresponding to the tunnel type identifier can be automatically configured and established between the CPE and the convergence device.
结合第二方面,或第二方面的以上实现方式,在第二方面的第三种实现方式中,在汇聚设备根据隧道配置参数建立与CPE的隧道之后,所述方法还包括:With reference to the second aspect, or the above implementation manner of the second aspect, in the third implementation manner of the second aspect, after the aggregation device establishes a tunnel with the CPE according to the tunnel configuration parameters, the method further includes:
汇聚设备获取参数修改指示,根据参数修改指示断开与CPE连接的隧道,参数修改指示用于修改隧道配置参数。The aggregation device obtains the parameter modification instruction, disconnects the tunnel connected to the CPE according to the parameter modification instruction, and the parameter modification instruction is used to modify the tunnel configuration parameters.
结合第二方面的第三种实现方式,在第二方面的第四种实现方式中,参数修改指示用于指示隧道配置参数从第一隧道配置参数修改为第二隧道配置参数,汇聚设备根据参数修改指示断开与CPE连接的第一隧道之后包括:汇聚设备根据参数修改指示获取第二隧道配置参数,向CPE发送重协商请求,以使得CPE向汇聚设备发起获取隧道配置参数的请求;With reference to the third implementation of the second aspect, in the fourth implementation of the second aspect, the parameter modification indication is used to instruct the tunnel configuration parameter to be modified from the first tunnel configuration parameter to the second tunnel configuration parameter, and the convergence device according to the parameter After modifying the instruction to disconnect the first tunnel connected to the CPE, it includes: the aggregation device obtains the second tunnel configuration parameters according to the parameter modification instruction, and sends a renegotiation request to the CPE, so that the CPE initiates a request to the aggregation device to obtain the tunnel configuration parameters;
汇聚设备向CPE发送第二隧道配置参数,以使得CPE根据第二隧道配置参数建立与汇聚设备的隧道。The convergence device sends the second tunnel configuration parameters to the CPE, so that the CPE establishes a tunnel with the convergence device according to the second tunnel configuration parameters.
这样,汇聚设备修改隧道配置参数之后,CPE就可以自动获取修改后的隧道配置参数,并建立与汇聚设备的隧道,无需人工在CPE上重新配置隧道参数,提高了配置隧道的效率。In this way, after the aggregation device modifies the tunnel configuration parameters, the CPE can automatically obtain the modified tunnel configuration parameters and establish a tunnel with the aggregation device without manually reconfiguring the tunnel parameters on the CPE, which improves the efficiency of tunnel configuration.
另一种可能的实现方式中,汇聚设备存储至少两种隧道配置参数,每种隧道配置参数与至少一个L2TP组对应。In another possible implementation manner, the convergence device stores at least two tunnel configuration parameters, and each tunnel configuration parameter corresponds to at least one L2TP group.
第三方面,提供一种CPE,具有实现上述自动建立隧道的方法中CPE行为的功能。功能可以通过硬件实现,也可以通过硬件执行相应的软件实现。硬件或软件包括一个或多个与上述功能相对应的模块。In a third aspect, a CPE is provided, which has a function of implementing the behavior of the CPE in the above method for automatically establishing a tunnel. The functions may be implemented by hardware, or may be implemented by executing corresponding software through hardware. Hardware or software includes one or more modules corresponding to the above-mentioned functions.
一种可能的实现方式中,所述CPE包括发送器、接收器和处理器;其中,In a possible implementation manner, the CPE includes a transmitter, a receiver, and a processor; wherein,
发送器,用于向汇聚设备发送PPP连接请求以建立与汇聚设备之间的PPP连接;A sender, configured to send a PPP connection request to the aggregation device to establish a PPP connection with the aggregation device;
接收器,用于接收汇聚设备通过PPP连接发送的隧道配置参数;The receiver is configured to receive the tunnel configuration parameters sent by the aggregation device through the PPP connection;
处理器,用于根据隧道配置参数建立与汇聚设备的隧道。The processor is configured to establish a tunnel with the aggregation device according to tunnel configuration parameters.
另一种可能的实现方式中,所述CPE包括:In another possible implementation manner, the CPE includes:
建立PPP连接模块,用于向汇聚设备发送PPP连接请求以建立与汇聚设备之间的PPP连接;Establishing a PPP connection module, configured to send a PPP connection request to the aggregation device to establish a PPP connection with the aggregation device;
接收模块,用于接收汇聚设备通过PPP连接发送的隧道配置参数;The receiving module is used to receive the tunnel configuration parameters sent by the aggregation device through the PPP connection;
建立隧道模块,用于根据隧道配置参数建立与汇聚设备的隧道。The tunnel establishment module is used to establish a tunnel with the aggregation device according to the tunnel configuration parameters.
第四方面,提供一种汇聚设备,汇聚设备具有实现上述自动建立隧道的方法中汇聚设备行为的功能。功能可以通过硬件实现,也可以通过硬件执行相应的软件实现。硬件或软件包括一个或多个与上述功能相对应的模块。In a fourth aspect, a converging device is provided, and the converging device has a function of realizing the behavior of the converging device in the above method for automatically establishing a tunnel. The functions may be implemented by hardware, or may be implemented by executing corresponding software through hardware. Hardware or software includes one or more modules corresponding to the above-mentioned functions.
一种可能的实现方式中,所述汇聚设备包括发送器、接收器和处理器,其中,In a possible implementation manner, the aggregation device includes a transmitter, a receiver, and a processor, where,
接收器,用于接收CPE发送的PPP连接请求,根据PPP连接请求建立与CPE之间的PPP连接;The receiver is used to receive the PPP connection request sent by the CPE, and establish a PPP connection with the CPE according to the PPP connection request;
处理器,用于获取隧道配置参数;A processor, configured to acquire tunnel configuration parameters;
发送器,用于通过PPP连接将隧道配置参数发送给CPE;The sender is used to send the tunnel configuration parameters to the CPE through the PPP connection;
处理器,还用于根据隧道配置参数建立与CPE的隧道。The processor is further configured to establish a tunnel with the CPE according to tunnel configuration parameters.
另一种可能的实现方式中,所述汇聚设备包括:In another possible implementation manner, the converging device includes:
连接建立模块,用于接收CPE发送的PPP连接请求,根据PPP连接请求建立与CPE之间的PPP连接;A connection establishment module, configured to receive a PPP connection request sent by the CPE, and establish a PPP connection with the CPE according to the PPP connection request;
获取模块,用于获取隧道配置参数;An acquisition module, configured to acquire tunnel configuration parameters;
发送模块,用于通过PPP连接将隧道配置参数发送给CPE;A sending module, configured to send the tunnel configuration parameters to the CPE through the PPP connection;
隧道建立模块,还用于根据隧道配置参数建立与CPE的隧道。The tunnel establishment module is also used to establish a tunnel with the CPE according to tunnel configuration parameters.
本申请提供的技术方案,CPE向汇聚设备发送PPP连接请求,和汇聚设备建立PPP连接,汇聚设备通过PPP连接向CPE发送隧道配置参数,CPE根据隧道配置参数对自身进行配置,CPE可以根据汇聚设备反馈的隧道配置参数自动建立与汇聚设备的隧道连接,无需人工进行配置和调试,提高了配置隧道的效率,并降低了配置隧道的成本。In the technical solution provided by this application, the CPE sends a PPP connection request to the aggregation device and establishes a PPP connection with the aggregation device. The aggregation device sends tunnel configuration parameters to the CPE through the PPP connection. The CPE configures itself according to the tunnel configuration parameters. The tunnel configuration parameters fed back automatically establish a tunnel connection with the aggregation device without manual configuration and debugging, which improves the efficiency of tunnel configuration and reduces the cost of tunnel configuration.
附图说明Description of drawings
图1为本发明实施例中自动建立隧道的方法的一个流程示意图;FIG. 1 is a schematic flow diagram of a method for automatically establishing a tunnel in an embodiment of the present invention;
图2为LCP报文中隧道配置参数的格式示意图;FIG. 2 is a schematic diagram of the format of the tunnel configuration parameters in the LCP message;
图3为本发明实施例中自动建立隧道的方法的另一个流程示意图;FIG. 3 is another schematic flowchart of a method for automatically establishing a tunnel in an embodiment of the present invention;
图4为本发明实施例中自动建立隧道的方法的又一个流程示意图;FIG. 4 is another schematic flowchart of a method for automatically establishing a tunnel in an embodiment of the present invention;
图5为本发明实施例中CPE的一个结构示意图;FIG. 5 is a schematic structural diagram of a CPE in an embodiment of the present invention;
图6为本发明实施例中CPE的另一个结构示意图;Fig. 6 is another schematic structural diagram of the CPE in the embodiment of the present invention;
图7为本发明实施例中汇聚设备的一个结构示意图;FIG. 7 is a schematic structural diagram of a converging device in an embodiment of the present invention;
图8为本发明实施例中汇聚设备的另一个结构示意图;FIG. 8 is another schematic structural diagram of a converging device in an embodiment of the present invention;
图9为本发明实施例中汇聚设备的又一个结构示意图。FIG. 9 is another schematic structural diagram of a converging device in an embodiment of the present invention.
具体实施方式Detailed ways
为便于理解,下面先对本申请中的专业术语进行介绍:For ease of understanding, the technical terms in this application are firstly introduced below:
二层隧道协议(Layer 2Tunneling Protocol,简称L2TP)是一种工业标准的Internet隧道协议,可以整合多协议拨号服务至现有的互联网服务提供商。允许第二层终端点和PPP终点处于不同的由包交换网络相互连接的设备。L2TP是一个基于UDP的数据链路层协议。其报文分为数据消息和控制消息两类,数据消息用于传输PPP帧,该帧作为L2TP报文的数据区。L2TP不保证数据消息的可靠传输,若数据消息丢失,不予重传,不支持对数据消息的流量控制和拥塞控制。控制消息用以建立、维护和终止控制连接及会话,L2TP确保控制消息可靠传输,并支持对控制消息的流量控制和拥塞控制。Layer 2 Tunneling Protocol (L2TP for short) is an industry-standard Internet tunneling protocol that can integrate multi-protocol dial-up services to existing Internet service providers. Allows the Layer 2 termination point and the PPP termination point to be in different devices interconnected by a packet-switched network. L2TP is a UDP-based data link layer protocol. The message is divided into two types: data message and control message. The data message is used to transmit the PPP frame, which is used as the data area of the L2TP message. L2TP does not guarantee the reliable transmission of data messages. If a data message is lost, it will not be retransmitted. It does not support flow control and congestion control for data messages. Control messages are used to establish, maintain and terminate control connections and sessions. L2TP ensures reliable transmission of control messages and supports flow control and congestion control of control messages.
点对点协议(Point to Point Protocol,简称PPP)是一种用来同步调制连接的数据链路层协议,定义了多协议跨越第二层进行点对点链接的一个封装机制。The Point to Point Protocol (PPP for short) is a data link layer protocol used for synchronous modulation connections, and defines an encapsulation mechanism for multi-protocol crossing the second layer for point-to-point links.
在企业分支的CPE和企业总部的汇聚设备之间建立隧道,需要网络配置人员在企业分支的CPE上设置隧道的源地址和目的地址,当网络中以及隧道协议,因此效率较低,成本较高。同时,如果CPE的上行IP地址是动态IP地址,由于上行IP地址会变化,远程网管无法识别此IP地址,因此无法对该CPE进行远程配置。To establish a tunnel between the CPE of the enterprise branch and the aggregation device of the enterprise headquarters, the network configuration personnel need to set the source address and destination address of the tunnel on the CPE of the enterprise branch. When the tunnel protocol is used in the network, the efficiency is low and the cost is high. . At the same time, if the uplink IP address of the CPE is a dynamic IP address, the remote network management cannot recognize the IP address because the uplink IP address will change, so the CPE cannot be remotely configured.
为提高建立隧道的效率,本申请提供了一种自动建立隧道的方法,请参阅图1,所述方法包括:In order to improve the efficiency of tunnel establishment, this application provides a method for automatically establishing tunnels, please refer to Figure 1, the method includes:
S101、CPE向汇聚设备发送PPP连接请求以建立与汇聚设备之间的PPP连接;S101. The CPE sends a PPP connection request to the aggregation device to establish a PPP connection with the aggregation device;
本实施例中,汇聚设备是指连接接入层和核心层的网络设备,可以是路由器,宽带远程接入服务器(Broadband Remote Access Server,简称BRAS),宽带网络网关控制设备(Broadband Network Gateway,简称BNG),网关或防火墙,具体此处不作限定。In this embodiment, the aggregation device refers to the network device connecting the access layer and the core layer, and may be a router, a broadband remote access server (Broadband Remote Access Server, BRAS for short), or a broadband network gateway control device (Broadband Network Gateway, for short BNG), gateway or firewall, which is not limited here.
CPE想要建立与汇聚设备之间的隧道连接时,CPE向自动配置服务器(Auto-Configuration Server,简称ACS)发送CPE标识,自动配置服务器可以根据CPE标识获取拨号配置参数,并将拨号配置参数发送给CPE,CPE接收拨号配置参数之后,根据拨号配置参数与汇聚设备进行PPP协商,该PPP协商包括L2TP协商以及链路控制协议(Link ControlProtocol,简称LCP)协商。在LCP协商过程中,汇聚设备会向CPE发送LCP报文。其中,CPE标识可以是设备序列号(Serial Number,简称SN)。When the CPE wants to establish a tunnel connection with the aggregation device, the CPE sends the CPE ID to the Auto-Configuration Server (ACS for short), and the Auto-Configuration Server can obtain the dial-up configuration parameters according to the CPE ID, and send the dial-up configuration parameters to To the CPE, after receiving the dial-up configuration parameters, the CPE performs PPP negotiation with the convergence device according to the dial-up configuration parameters. The PPP negotiation includes L2TP negotiation and Link Control Protocol (Link Control Protocol, LCP for short) negotiation. During the LCP negotiation process, the aggregation device sends LCP packets to the CPE. Wherein, the CPE identifier may be a device serial number (Serial Number, SN for short).
需要说明的是,本发明中的CPE在发送CPE标识之前,CPE已配置CPE设备启动文件,可以是由厂家预置;或在启动CPE后,CPE通过CPE广域网管理协议(CPE WAN ManagementProtocol,简称CWMP)从ACS获取并配置CPE设备启动文件。It should be noted that, before the CPE in the present invention sends the CPE identification, the CPE has been configured with a CPE device startup file, which may be preset by the manufacturer; or after starting the CPE, the CPE passes the CPE WAN Management Protocol (CPE WAN Management Protocol, referred to as CWMP ) Obtain and configure the CPE device startup file from the ACS.
S102、CPE接收汇聚设备通过PPP连接发送的隧道配置参数;S102. The CPE receives the tunnel configuration parameters sent by the aggregation device through the PPP connection;
其中,LCP报文携带有隧道配置参数,CPE与汇聚设备进行PPP协商的LCP协商阶段时,CPE可以通过PPP连接获取LCP报文携带的隧道配置参数。Wherein, the LCP message carries the tunnel configuration parameters, and when the CPE and the aggregation device perform the LCP negotiation phase of the PPP negotiation, the CPE can obtain the tunnel configuration parameters carried in the LCP message through the PPP connection.
请参阅图2,下面对隧道配置参数的格式进行详细介绍:Please refer to Figure 2, the format of the tunnel configuration parameters is introduced in detail below:
PPP报文包括标志、地址、控制、协议、信息、帧检验序列等字段,在实际应用中,可以分别采用Flag、Address、Control、Protocol、Information、帧检验序列(Frame CheckSequence,简称FCS)等字段表示,其中,在PPP报文的头部和尾部均设有Flag字段,Flag、Address、Control字段分别为8bits,Protocol字段为8bits或16bits,FCS字段为16bits,Information字段用于存储LCP报文;The PPP message includes fields such as flag, address, control, protocol, information, and frame check sequence. In practical applications, fields such as Flag, Address, Control, Protocol, Information, and Frame Check Sequence (FCS for short) can be used respectively. Indicates that, wherein, the header and tail of the PPP message are provided with a Flag field, the Flag, Address, and Control fields are 8 bits respectively, the Protocol field is 8 bits or 16 bits, the FCS field is 16 bits, and the Information field is used to store the LCP message;
LCP报文包括编码、编号、长度、数据等字段,在实际应用中,可以分别采用Code、Identifier、Length、Data字段表示,其中,Code字段和Identifier字段为8bits,Length字段为16bits,编号为0x01至0xB的Code字段已被占用,编号为0x0C至0x0F的Code字段所对应的LCP报文可用于存储隧道配置参数。需要说明的是,在LCP报文的Data字段可以存储两个以上的隧道配置参数,具体数量此处不做限定。The LCP message includes code, number, length, data and other fields. In practical applications, it can be represented by Code, Identifier, Length, and Data fields respectively. Among them, the Code field and Identifier field are 8bits, the Length field is 16bits, and the number is 0x01 The Code fields from 0xB to 0xB are occupied, and the LCP packets corresponding to the Code fields from 0x0C to 0x0F can be used to store tunnel configuration parameters. It should be noted that more than two tunnel configuration parameters can be stored in the Data field of the LCP message, and the specific number is not limited here.
隧道配置参数包括类型、长度、内容等,在实际应用中可以分别采用Type、Length、Data字段表示,也可以称为类型(Type),长度(Length),值(Value)其中,Type、Length字段分别为8bits,Type字段用于存储隧道类型,Length字段用于标识隧道配置参数的长度,Data字段用于存储隧道配置参数,例如IP地址。可以理解的是,隧道配置参数的格式符合隧道协议标准。Tunnel configuration parameters include type, length, content, etc., which can be represented by Type, Length, and Data fields in practical applications, and can also be called Type (Type), Length (Length), and Value (Value). Among them, the Type, Length fields They are 8 bits respectively. The Type field is used to store the tunnel type, the Length field is used to identify the length of the tunnel configuration parameters, and the Data field is used to store the tunnel configuration parameters, such as an IP address. It can be understood that the format of the tunnel configuration parameter conforms to the tunnel protocol standard.
S103、CPE根据隧道配置参数建立与汇聚设备的隧道。S103. The CPE establishes a tunnel with the aggregation device according to the tunnel configuration parameters.
CPE可以根据隧道配置参数建立与汇聚设备的隧道,建立隧道具体过程可以包括如下实现方式:The CPE can establish a tunnel with the aggregation device according to the tunnel configuration parameters. The specific process of establishing the tunnel can include the following implementation methods:
一、隧道配置参数包括L2TP标识:1. Tunnel configuration parameters include L2TP identifier:
若隧道配置参数包括L2TP标识时,则CPE向汇聚设备发送桥接控制协议(BridgeControl Protocol,简称BCP)请求,以使得汇聚设备根据BCP请求建立与CPE之间的L2TP隧道。If the tunnel configuration parameters include the L2TP identifier, the CPE sends a Bridge Control Protocol (BCP) request to the convergence device, so that the convergence device establishes an L2TP tunnel with the CPE according to the BCP request.
具体的,当隧道配置参数包括L2TP标识时,表明CPE可以与汇聚设备建立L2TP隧道,当CPE获取上述隧道配置参数之后,向汇聚设备发送BCP请求,汇聚设备接收BCP请求之后,汇聚设备与CPE进行BCP协商,协商通过后,二者之间的L2TP隧道就建立完成。Specifically, when the tunnel configuration parameters include the L2TP identifier, it indicates that the CPE can establish an L2TP tunnel with the aggregation device. After the CPE obtains the above tunnel configuration parameters, it sends a BCP request to the aggregation device. After the aggregation device receives the BCP request, the aggregation device communicates with the CPE. After the BCP negotiation is passed, the L2TP tunnel between the two is established.
二、隧道配置参数包括GRE标识、网络层的第一IP地址以及第二IP地址:2. Tunnel configuration parameters include the GRE identifier, the first IP address and the second IP address of the network layer:
若隧道配置参数中的隧道类型参数包括GRE标识、网络层的第一IP地址以及第二IP地址,则CPE根据第一IP地址确定GRE隧道的源地址,并根据第二IP地址确定GRE隧道的目的地址,第一IP地址与CPE对应,第二IP地址与汇聚设备对应;CPE将局域网接口与GRE隧道的隧道接口进行绑定。If the tunnel type parameter in the tunnel configuration parameters includes the GRE identifier, the first IP address of the network layer, and the second IP address, the CPE determines the source address of the GRE tunnel according to the first IP address, and determines the source address of the GRE tunnel according to the second IP address. For the destination address, the first IP address corresponds to the CPE, and the second IP address corresponds to the aggregation device; the CPE binds the LAN interface to the tunnel interface of the GRE tunnel.
具体的,局域网(Local Area Network,简称LAN)接口是指连接用户设备的网络设备接口,广域网(Wide Area Network interface,简称WAN)接口是指连接公网的网络设备接口。Specifically, a local area network (LAN for short) interface refers to a network device interface connected to a user device, and a wide area network (Wide Area Network interface, WAN for short) interface refers to a network device interface connected to a public network.
若隧道配置参数中的隧道类型参数为GRE标识时,表明CPE可以建立与汇聚设备之间的GRE隧道。当CPE获取上述隧道配置参数之后,CPE将网络层的第一IP地址设置为GRE隧道的源地址,将网络层的第二IP地址设置GRE隧道的目的地址,并将局域网接口与GRE隧道的隧道接口进行绑定,从而建立GRE隧道。其中,第二IP地址由L2TP源地址得到。If the tunnel type parameter in the tunnel configuration parameter is a GRE identifier, it indicates that the CPE can establish a GRE tunnel with the convergence device. After the CPE obtains the above tunnel configuration parameters, the CPE sets the first IP address of the network layer as the source address of the GRE tunnel, sets the second IP address of the network layer as the destination address of the GRE tunnel, and sets the Interfaces are bound to establish a GRE tunnel. Wherein, the second IP address is obtained from the L2TP source address.
可以理解的是,隧道接口是逻辑接口,将局域网接口与隧道接口绑定之后,就建立了私网IP到公网IP的映射关系,数据报文通过局域网接口时,CPE可以将数据报文加上用于封装的报文头,通过公网,发送到隧道的目的地址指定的对端。It can be understood that the tunnel interface is a logical interface. After the LAN interface is bound to the tunnel interface, the mapping relationship between the private network IP and the public network IP is established. When the data packet passes through the LAN interface, the CPE can add the data packet to the The packet header used for encapsulation is sent to the opposite end specified by the destination address of the tunnel through the public network.
三、隧道配置参数包括NVGRE标识、网络层的第一IP地址以及第二IP地址:3. Tunnel configuration parameters include NVGRE logo, the first IP address and the second IP address of the network layer:
若隧道配置参数包括NVGRE标识、网络层的第一IP地址以及第二IP地址,则CPE根据第一IP地址确定NVGRE隧道的源地址,并根据第二IP地址确定NVGRE隧道的目的地址,第一IP地址与CPE对应,第二IP地址与汇聚设备对应;CPE将局域网接口与NVGRE隧道的隧道接口进行绑定。If the tunnel configuration parameters include the NVGRE identifier, the first IP address of the network layer, and the second IP address, the CPE determines the source address of the NVGRE tunnel according to the first IP address, and determines the destination address of the NVGRE tunnel according to the second IP address. The IP address corresponds to the CPE, and the second IP address corresponds to the convergence device; the CPE binds the LAN interface to the tunnel interface of the NVGRE tunnel.
具体的,若隧道配置参数包括NVGRE标识,表明CPE可以与汇聚设备建立NVGRE隧道,CPE将网络层的第一IP地址设置为NVGRE隧道的源地址,将网络层的第二IP地址设置为NVGRE隧道的目的地址,并将局域网接口与NVGRE隧道的隧道接口进行绑定,从而建立NVGRE隧道。其中,NVGRE标识可以是虚拟子网标识(Virtual Subnet ID,简称VSID)。Specifically, if the tunnel configuration parameters include the NVGRE identifier, it indicates that the CPE can establish an NVGRE tunnel with the aggregation device, and the CPE sets the first IP address of the network layer as the source address of the NVGRE tunnel, and sets the second IP address of the network layer as the NVGRE tunnel destination address, and bind the LAN interface to the tunnel interface of the NVGRE tunnel to establish the NVGRE tunnel. Wherein, the NVGRE identifier may be a virtual subnet identifier (Virtual Subnet ID, VSID for short).
四、隧道配置参数包括VXLAN标识、网络层的第一IP地址以及第二IP地址:4. Tunnel configuration parameters include the VXLAN identifier, the first IP address and the second IP address of the network layer:
若隧道配置参数包括VXLAN标识、网络层的第一IP地址以及第二IP地址,则CPE根据第一IP地址确定VXLAN隧道的源地址,并根据第二IP地址确定VXLAN隧道的目的地址,第一IP地址与CPE对应,第二IP地址与汇聚设备对应;CPE将局域网接口与VXLAN隧道的隧道接口进行绑定。If the tunnel configuration parameters include the VXLAN identifier, the first IP address of the network layer, and the second IP address, the CPE determines the source address of the VXLAN tunnel based on the first IP address, and determines the destination address of the VXLAN tunnel based on the second IP address. The IP address corresponds to the CPE, and the second IP address corresponds to the convergence device; the CPE binds the LAN interface to the tunnel interface of the VXLAN tunnel.
具体的,若隧道配置参数包括VXLAN标识,表明CPE可以与汇聚设备建立VXLAN隧道,当CPE获取上述隧道配置参数之后,CPE将网络层的第一IP地址设置为VXLAN隧道的源地址,将网络层的第二IP地址设置VXLAN隧道的目的地址,并将局域网接口与VXLAN隧道的隧道接口进行绑定,从而建立VXLAN隧道。Specifically, if the tunnel configuration parameters include the VXLAN identifier, it indicates that the CPE can establish a VXLAN tunnel with the aggregation device. After the CPE obtains the above tunnel configuration parameters, the CPE sets the first IP address of the network layer as the The second IP address of the VXLAN tunnel is used to set the destination address of the VXLAN tunnel, and the LAN interface is bound to the tunnel interface of the VXLAN tunnel, thereby establishing the VXLAN tunnel.
需要说明的是,在CPE建立与汇聚设备的隧道之后,PPP和L2TP可以作为该隧道的管理通道。另外,CPE和汇聚设备还可以在管理通道和/或二层over三层隧道的里外层叠加Internet协议安全性(Internet Protocol Security,简称IPSec),以提升管理通道和以太报文的安全性。It should be noted that after the CPE establishes the tunnel with the convergence device, PPP and L2TP can be used as the tunnel management channel. In addition, the CPE and aggregation device can also superimpose Internet Protocol Security (IPSec for short) on the inner and outer layers of the management channel and/or Layer 2 over Layer 3 tunnels to improve the security of the management channel and Ethernet packets.
可以理解的是,由于CPE主动向汇聚设备进行拨号,即使CPE的上行IP地址为动态IP地址,汇聚设备也可以确定CPE的上行IP地址,从而识别CPE,进而对CPE进行隧道配置。It can be understood that since the CPE actively dials to the aggregation device, even if the CPE's uplink IP address is a dynamic IP address, the aggregation device can determine the CPE's uplink IP address, thereby identifying the CPE, and then configure the tunnel for the CPE.
在实际应用中,隧道配置由CPE以及汇聚设备共同配置完成,下面从汇聚设备侧对本申请提供的自动建立隧道的方法进行详细介绍,请参阅图3,所述方法包括:In practical applications, the tunnel configuration is jointly configured by the CPE and the aggregation device. The method for automatically establishing a tunnel provided by this application is described in detail below from the aggregation device side. Please refer to Figure 3. The method includes:
S301、汇聚设备接收CPE发送的PPP连接请求,根据PPP连接请求建立与CPE之间的PPP连接;S301. The aggregation device receives the PPP connection request sent by the CPE, and establishes a PPP connection with the CPE according to the PPP connection request;
本实施例中,当CPE获取拨号配置参数之后,CPE向汇聚设备发送PPP连接请求,汇聚设备与CPE建立PPP连接,并与CPE开始进行PPP协商,PPP协商过程包括L2TP协商以及LCP协商。其中,汇聚设备与图1所示实施例中的汇聚设备相似,此处不再赘述。In this embodiment, after the CPE obtains the dial-up configuration parameters, the CPE sends a PPP connection request to the aggregation device, the aggregation device establishes a PPP connection with the CPE, and starts PPP negotiation with the CPE. The PPP negotiation process includes L2TP negotiation and LCP negotiation. Wherein, the converging device is similar to the converging device in the embodiment shown in FIG. 1 , and will not be repeated here.
S302、汇聚设备获取隧道配置参数;S302. The aggregation device acquires tunnel configuration parameters;
其中,LCP报文包括隧道配置参数,当汇聚设备与CPE进行LCP协商时,汇聚设备可以获取LCP报文以及LCP报文中的隧道配置参数。Wherein, the LCP message includes tunnel configuration parameters. When the convergence device performs LCP negotiation with the CPE, the convergence device can obtain the LCP message and the tunnel configuration parameters in the LCP message.
S303、汇聚设备通过PPP连接将隧道配置参数发送给CPE;S303. The aggregation device sends the tunnel configuration parameters to the CPE through the PPP connection;
汇聚设备获取携带有隧道配置参数的LCP报文之后,汇聚设备通过PPP连接将隧道配置参数发送给CPE。After the aggregation device obtains the LCP message carrying the tunnel configuration parameters, the aggregation device sends the tunnel configuration parameters to the CPE through the PPP connection.
S304、汇聚设备根据隧道配置参数建立与CPE的隧道。S304. The aggregation device establishes a tunnel with the CPE according to the tunnel configuration parameters.
汇聚设备可以根据隧道配置参数建立与CPE的隧道,建立隧道的具体过程可以包括如下实现方式:The aggregation device can establish a tunnel with the CPE according to the tunnel configuration parameters. The specific process of establishing the tunnel can include the following implementation methods:
一、隧道配置参数包括L2TP标识:1. Tunnel configuration parameters include L2TP identifier:
若隧道配置参数包括L2TP标识,则汇聚设备接收CPE发送的BCP请求;汇聚设备根据BCP请求建立与CPE的L2TP隧道。If the tunnel configuration parameters include the L2TP identifier, the convergence device receives the BCP request sent by the CPE; the convergence device establishes an L2TP tunnel with the CPE according to the BCP request.
具体的,隧道配置参数包括L2TP标识,当CPE向汇聚设备发送BCP请求之后,汇聚设备与CPE进行BCP协商,协商通过后,二者之间的L2TP隧道就建立完成。Specifically, the tunnel configuration parameters include the L2TP identifier. After the CPE sends a BCP request to the aggregation device, the aggregation device and the CPE perform BCP negotiation. After the negotiation is passed, the L2TP tunnel between the two is established.
二、隧道配置参数包括GRE标识、网络层的第一IP地址以及第二IP地址:2. Tunnel configuration parameters include the GRE identifier, the first IP address and the second IP address of the network layer:
若隧道配置参数包括GRE标识、网络层的第一IP地址以及第二IP地址,则汇聚设备根据第二IP地址确定GRE隧道的源地址,并根据第一IP地址确定GRE隧道的目的地址,第一IP地址与CPE对应,第二IP地址与汇聚设备对应。If the tunnel configuration parameters include the GRE identifier, the first IP address of the network layer, and the second IP address, the aggregation device determines the source address of the GRE tunnel according to the second IP address, and determines the destination address of the GRE tunnel according to the first IP address. One IP address corresponds to the CPE, and the second IP address corresponds to the convergence device.
具体的,若隧道配置参数的隧道类型参数为GRE标识,表明汇聚设备可以与CPE建立GRE隧道。汇聚设备将网络层的第二IP地址设置为GRE隧道的源地址,将网络层的第一IP地址设置GRE隧道的目的地址。其中,第二IP地址由L2TP源地址得到。当GRE隧道建立之后,汇聚设备可以通过GRE隧道接收CPE发送的二层ETH报文,对该二层ETH报文解封装之后,发送给运营商侧边缘路由设备。Specifically, if the tunnel type parameter of the tunnel configuration parameter is a GRE identifier, it indicates that the convergence device can establish a GRE tunnel with the CPE. The convergence device sets the second IP address of the network layer as the source address of the GRE tunnel, and sets the first IP address of the network layer as the destination address of the GRE tunnel. Wherein, the second IP address is obtained from the L2TP source address. After the GRE tunnel is established, the aggregation device can receive the Layer 2 ETH packet sent by the CPE through the GRE tunnel, decapsulate the Layer 2 ETH packet, and send it to the carrier-side edge routing device.
三、隧道配置参数包括NVGRE标识、网络层的第一IP地址以及第二IP地址:3. Tunnel configuration parameters include NVGRE logo, the first IP address and the second IP address of the network layer:
若隧道配置参数包括NVGRE标识、网络层的第一IP地址以及第二IP地址,则汇聚设备根据第二IP地址确定NVGRE隧道的源地址,并根据第一IP地址确定NVGRE隧道的目的地址,第一IP地址与CPE对应,第二IP地址与汇聚设备对应。If the tunnel configuration parameters include the NVGRE identifier, the first IP address of the network layer, and the second IP address, the aggregation device determines the source address of the NVGRE tunnel according to the second IP address, and determines the destination address of the NVGRE tunnel according to the first IP address. One IP address corresponds to the CPE, and the second IP address corresponds to the convergence device.
具体的,若隧道配置参数的隧道类型参数为NVGRE标识,表明汇聚设备可以与CPE建立NVGRE隧道。汇聚设备将网络层的第二IP地址设置为NVGRE隧道的源地址,将网络层的第一IP地址设置NVGRE隧道的目的地址。其中,NVGRE标识可以是VSID。Specifically, if the tunnel type parameter of the tunnel configuration parameter is an NVGRE identifier, it indicates that the aggregation device can establish an NVGRE tunnel with the CPE. The aggregation device sets the second IP address of the network layer as the source address of the NVGRE tunnel, and sets the first IP address of the network layer as the destination address of the NVGRE tunnel. Wherein, the NVGRE identifier may be a VSID.
四、隧道配置参数包括VXLAN标识、网络层的第一IP地址以及第二IP地址:4. Tunnel configuration parameters include the VXLAN identifier, the first IP address and the second IP address of the network layer:
若隧道配置参数包括VXLAN标识、网络层的第一IP地址以及第二IP地址,则汇聚设备根据第二IP地址确定VXLAN的源地址,并根据第一IP地址确定VXLAN隧道的目的地址,第一IP地址与CPE对应,第二IP地址与汇聚设备对应。If the tunnel configuration parameters include the VXLAN identifier, the first IP address of the network layer, and the second IP address, the aggregation device determines the source address of the VXLAN according to the second IP address, and determines the destination address of the VXLAN tunnel according to the first IP address. The IP address corresponds to the CPE, and the second IP address corresponds to the aggregation device.
具体的,若隧道配置参数的隧道类型参数为VXLAN标识,表明汇聚设备可以与CPE建立VXLAN隧道。汇聚设备将网络层的第二IP地址设置为VXLAN隧道的源地址,将网络层的第一IP地址设置VXLAN隧道的目的地址。Specifically, if the tunnel type parameter of the tunnel configuration parameter is a VXLAN identifier, it indicates that the aggregation device can establish a VXLAN tunnel with the CPE. The aggregation device sets the second IP address of the network layer as the source address of the VXLAN tunnel, and sets the first IP address of the network layer as the destination address of the VXLAN tunnel.
可选的,汇聚设备根据隧道配置参数建立与CPE的隧道之后包括:汇聚设备获取参数修改指示,参数修改指示用于修改隧道配置参数;汇聚设备根据参数修改指示断开与CPE连接的隧道。Optionally, after the converging device establishes the tunnel with the CPE according to the tunnel configuration parameters, the steps include: the converging device obtains a parameter modification instruction, and the parameter modification instruction is used to modify the tunnel configuration parameters; the converging device disconnects the tunnel connected to the CPE according to the parameter modification instruction.
具体的,当汇聚设备中的隧道配置参数被修改时,汇聚设备可以获取参数修改指示,并根据汇聚设备可以断开与CPE之间的隧道连接,并断开在隧道中的会话连接。Specifically, when the tunnel configuration parameters in the aggregation device are modified, the aggregation device can obtain the parameter modification instruction, and according to the aggregation device, can disconnect the tunnel connection with the CPE, and disconnect the session connection in the tunnel.
进一步的,参数修改指示用于指示隧道配置参数从第一隧道配置参数修改为第二隧道配置参数,汇聚设备根据参数修改指示断开与CPE的隧道连接之后包括:汇聚设备根据参数修改指示获取第二隧道配置参数;汇聚设备向CPE发送重协商请求,以使得CPE向汇聚设备发起获取隧道配置参数的请求;汇聚设备向CPE发送第二隧道配置参数,以使得CPE根据第二隧道配置参数建立与汇聚设备的隧道。Further, the parameter modification instruction is used to instruct the tunnel configuration parameter to be modified from the first tunnel configuration parameter to the second tunnel configuration parameter, and after the aggregation device disconnects the tunnel connection with the CPE according to the parameter modification instruction includes: the aggregation device obtains the second tunnel configuration parameter according to the parameter modification instruction. Two tunnel configuration parameters; the convergence device sends a renegotiation request to the CPE, so that the CPE initiates a request to obtain the tunnel configuration parameters to the convergence device; the convergence device sends the second tunnel configuration parameter to the CPE, so that the CPE establishes a connection with Aggregation device tunnels.
具体的,当隧道配置参数从第一隧道配置参数修改为第二隧道配置参数时,汇聚设备向CPE发送PPP重协商请求,CPE根据该重协商请求,触发图1所示实施例中建立隧道流程,在汇聚设备与CPE之间建立第二隧道,第二隧道与所示第二隧道配置参数对应。Specifically, when the tunnel configuration parameters are modified from the first tunnel configuration parameters to the second tunnel configuration parameters, the aggregation device sends a PPP renegotiation request to the CPE, and the CPE triggers the tunnel establishment process in the embodiment shown in Figure 1 according to the renegotiation request , to establish a second tunnel between the aggregation device and the CPE, where the second tunnel corresponds to the shown second tunnel configuration parameters.
下面对在实际应用中可能出现汇聚设备与不同CPE建立不同类型的隧道的情况进行介绍:The following is an introduction to the situation that the aggregation device may establish different types of tunnels with different CPEs in practical applications:
可选的,汇聚设备存储至少两种隧道配置参数,每种隧道配置参数与至少一个L2TP组对应。Optionally, the converging device stores at least two tunnel configuration parameters, and each tunnel configuration parameter corresponds to at least one L2TP group.
具体的,汇聚设备存储有至少两种隧道配置参数,当多个CPE向汇聚设备发起L2TP协商时,要求建立不同类型隧道时,汇聚设备可以建立多个L2TP组,每个L2TP组对应一个隧道,通过L2TP组将隧道配置参数分发给各CPE,并分别建立与各CPE之间的隧道。Specifically, the aggregation device stores at least two tunnel configuration parameters. When multiple CPEs initiate L2TP negotiation to the aggregation device and require the establishment of different types of tunnels, the aggregation device can establish multiple L2TP groups, and each L2TP group corresponds to a tunnel. Distribute the tunnel configuration parameters to each CPE through the L2TP group, and establish tunnels with each CPE respectively.
可选的,汇聚设备包括网络地址转换(Network Address Translation,简称NAT)设备。Optionally, the converging device includes a network address translation (Network Address Translation, NAT for short) device.
在实际应用中,由于L2TP隧道和VXLAN隧道可以较好的支持NAT,因此当汇聚设备中包含NAT设备时,汇聚设备获取的隧道配置参数可以为L2TP隧道标识,或VXLAN隧道标识,第一IP地址以及第二IP地址,以使得汇聚设备可以与CPE建立L2TP隧道和VXLAN隧道。In practical applications, since L2TP tunnels and VXLAN tunnels can better support NAT, when the aggregation device includes a NAT device, the tunnel configuration parameters obtained by the aggregation device can be the L2TP tunnel ID, or the VXLAN tunnel ID, the first IP address And the second IP address, so that the aggregation device can establish an L2TP tunnel and a VXLAN tunnel with the CPE.
需要说明的是,由于GRE封装没有传输层端口,不能进行网络端口地址转换(Network Address Port Translation,简称NAPT)转换,因此不能直接与CPE侧的隧道地址匹配,需要通过VPN嵌套来实现NAT穿越,因此当汇聚设备包括NAT设备时,可以不存储GRE隧道配置参数。It should be noted that since GRE encapsulation has no transport layer port, it cannot perform Network Address Port Translation (NAPT) conversion, so it cannot directly match the tunnel address on the CPE side, and needs to implement NAT traversal through VPN nesting , so when the convergence device includes a NAT device, the GRE tunnel configuration parameters may not be stored.
下面对CPE和汇聚设备的交互过程进行介绍,请参阅图4,本发明实施例中自动建立隧道的方法包括:The following is an introduction to the interaction process between the CPE and the aggregation device. Please refer to FIG. 4. The method for automatically establishing a tunnel in the embodiment of the present invention includes:
CPE向汇聚设备发送PPP连接请求,汇聚设备接收CPE发送的PPP连接请求,根据PPP连接请求建立与CPE之间的PPP连接;The CPE sends a PPP connection request to the aggregation device, and the aggregation device receives the PPP connection request sent by the CPE, and establishes a PPP connection with the CPE according to the PPP connection request;
汇聚设备获取隧道配置参数,根据隧道配置参数建立与CPE的隧道;The aggregation device obtains the tunnel configuration parameters, and establishes a tunnel with the CPE according to the tunnel configuration parameters;
汇聚设备通过PPP连接将隧道配置参数发送给CPE,CPE接收汇聚设备通过PPP连接发送的隧道配置参数,根据隧道配置参数建立与汇聚设备的隧道。The aggregation device sends the tunnel configuration parameters to the CPE through the PPP connection, and the CPE receives the tunnel configuration parameters sent by the aggregation device through the PPP connection, and establishes a tunnel with the aggregation device according to the tunnel configuration parameters.
本实施例中,CPE和汇聚设备之间建立隧道的具体实施过程可以参阅图1和图3所示实施例,此处不再赘述。In this embodiment, the specific implementation process of establishing a tunnel between the CPE and the converging device can refer to the embodiments shown in FIG. 1 and FIG. 3 , and will not be repeated here.
为便于理解,下面以一具体应用场景对本发明实施例中自动建立隧道的方法进行详细说明:For ease of understanding, the method for automatically establishing a tunnel in the embodiment of the present invention is described in detail below with a specific application scenario:
汇聚设备以路由器为例,当企业分支的用户想要和企业总部建立通信隧道,用户通过CPE1向企业总部的自动配置服务器上报设备信息,设备序列号以M01为例,自动配置服务器获取拨号配置参数后,根据M01将拨号配置参数发送给CPE1,CPE1与路由器进行PPP协商,建立PPP链路,路由器将隧道配置参数发送给CPE1,假定路由器的IP地址为192.168.1.2,CPE1的IP地址为192.168.1.10;The aggregation device takes a router as an example. When a user of an enterprise branch wants to establish a communication tunnel with the enterprise headquarters, the user reports device information to the automatic configuration server of the enterprise headquarters through CPE1. The serial number of the device is M01 as an example, and the automatic configuration server obtains the dial-up configuration parameters. Afterwards, send the dial-up configuration parameters to CPE1 according to M01, CPE1 conducts PPP negotiation with the router, establishes a PPP link, and the router sends the tunnel configuration parameters to CPE1, assuming that the IP address of the router is 192.168.1.2, and the IP address of CPE1 is 192.168. 1.10;
当隧道配置参数包括L2TP标识,则CPE1向路由器发送BCP连接请求,路由器与CPE进行BCP协商,协商通过后建立L2TP隧道;When the tunnel configuration parameters include the L2TP identifier, CPE1 sends a BCP connection request to the router, and the router conducts BCP negotiation with the CPE, and establishes an L2TP tunnel after the negotiation is passed;
当隧道配置参数包括GRE标识、‘192.168.1.10’、‘192.168.1.2’,CPE将‘192.168.1.10’作为GRE隧道的源地址,并将局域网接口和‘192.168.1.10’进行绑定,将‘192.168.1.2’作为GRE的目的地址;路由器将‘192.168.1.2’作为GRE隧道的源地址,将‘192.168.1.10’作为GRE隧道的目的地址;When the tunnel configuration parameters include the GRE identifier, '192.168.1.10', '192.168.1.2', the CPE uses '192.168.1.10' as the source address of the GRE tunnel, binds the LAN interface to '192.168.1.10', and sets ' 192.168.1.2' as the destination address of GRE; the router uses '192.168.1.2' as the source address of the GRE tunnel, and '192.168.1.10' as the destination address of the GRE tunnel;
当隧道配置参数包括VSID、‘192.168.1.10’,‘192.168.1.2’,CPE将‘192.168.1.10’作为NVGRE隧道的源地址,并将局域网接口和‘192.168.1.10’进行绑定,将‘192.168.1.2’作为NVGRE的目的地址;路由器将‘192.168.1.2’作为GRE隧道的源地址,将‘192.168.1.10’作为GRE隧道的目的地址;When the tunnel configuration parameters include VSID, '192.168.1.10', '192.168.1.2', the CPE uses '192.168.1.10' as the source address of the NVGRE tunnel, binds the LAN interface to '192.168.1.10', and sets '192.168 .1.2' as the destination address of NVGRE; the router uses '192.168.1.2' as the source address of the GRE tunnel, and uses '192.168.1.10' as the destination address of the GRE tunnel;
当隧道配置参数包括VNI,‘192.168.1.10’,‘192.168.1.12’CPE将‘192.168.1.10’作为VXLAN隧道的源地址,并将局域网接口和‘192.168.1.10’进行绑定,将‘192.168.1.2’作为VXLAN隧道的目的地址;路由器将‘192.168.1.2’作为VXLAN隧道的源地址,将‘192.168.1.10’作为VXLAN隧道的目的地址;When the tunnel configuration parameters include VNI, '192.168.1.10', '192.168.1.12' CPE uses '192.168.1.10' as the source address of the VXLAN tunnel, and binds the LAN interface to '192.168.1.10', sets '192.168. 1.2' as the destination address of the VXLAN tunnel; the router uses '192.168.1.2' as the source address of the VXLAN tunnel, and '192.168.1.10' as the destination address of the VXLAN tunnel;
当企业分支还包括CPE2、CPE3或其他CPE时,CPE2和CPE3建立隧道的过程与CPE1建立隧道的过程相似,此处不再赘述。CPE可以自动从路由器获取隧道配置参数,并建立与路由器的隧道,节省了网络配置人员配置隧道的实施过程,当需要为很多用户配置隧道时,可以极大地提高建立隧道的效率。When the enterprise branch also includes CPE2, CPE3, or other CPEs, the process of establishing a tunnel between CPE2 and CPE3 is similar to the process of establishing a tunnel with CPE1, and details are not repeated here. The CPE can automatically obtain tunnel configuration parameters from the router and establish a tunnel with the router, which saves the implementation process of network configuration personnel configuring tunnels. When tunnels need to be configured for many users, the efficiency of tunnel establishment can be greatly improved.
基于本申请上述提供的自动建立隧道的方法,请参阅图5,本申请提供一种CPE,用于实现图1和图4所示的自动建立隧道的方法,所述CPE包括:Based on the method for automatically establishing a tunnel provided above in this application, please refer to FIG. 5. This application provides a CPE for implementing the method for automatically establishing a tunnel shown in FIGS. 1 and 4, and the CPE includes:
建立PPP连接模块501,用于根据拨号配置参数向汇聚设备发送PPP连接请求以建立与汇聚设备之间的PPP连接;Establishing a PPP connection module 501, configured to send a PPP connection request to the aggregation device to establish a PPP connection with the aggregation device according to the dial-up configuration parameters;
接收模块502,用于接收汇聚设备通过PPP连接发送的隧道配置参数;A receiving module 502, configured to receive tunnel configuration parameters sent by the aggregation device through the PPP connection;
建立隧道模块503,用于根据隧道配置参数建立与汇聚设备的隧道。The tunnel establishment module 503 is configured to establish a tunnel with the aggregation device according to tunnel configuration parameters.
可选的,建立隧道模块503具体用于若隧道配置参数包括二层隧道协议L2TP标识,则向汇聚设备发送BCP请求,以使得汇聚设备根据BCP请求建立与CPE之间的L2TP隧道。Optionally, the tunnel establishment module 503 is specifically configured to send a BCP request to the convergence device if the tunnel configuration parameters include the L2TP identifier, so that the convergence device establishes an L2TP tunnel with the CPE according to the BCP request.
可选的,建立隧道模块503具体用于若隧道配置参数中的隧道类型参数包括GRE标识、网络层的第一IP地址以及第二IP地址,则CPE根据第一IP地址确定GRE隧道的源地址,并根据第二IP地址确定GRE隧道的目的地址,第一IP地址与CPE对应,第二IP地址与汇聚设备对应,将局域网接口与GRE隧道的隧道接口进行绑定。Optionally, the tunnel establishment module 503 is specifically configured to determine the source address of the GRE tunnel according to the first IP address if the tunnel type parameter in the tunnel configuration parameter includes the GRE identifier, the first IP address of the network layer, and the second IP address , and determine the destination address of the GRE tunnel according to the second IP address, the first IP address corresponds to the CPE, the second IP address corresponds to the aggregation device, and binds the LAN interface to the tunnel interface of the GRE tunnel.
可选的,建立隧道模块503具体用于若隧道配置参数包括NVGRE标识、网络层的第一IP地址以及第二IP地址,则根据第一IP地址确定NVGRE隧道的源地址,并根据第二IP地址确定NVGRE隧道的目的地址,第一IP地址与CPE对应,第二IP地址与汇聚设备对应,将局域网接口与NVGRE隧道的隧道接口进行绑定。Optionally, the tunnel establishment module 503 is specifically configured to determine the source address of the NVGRE tunnel according to the first IP address if the tunnel configuration parameters include the NVGRE identifier, the first IP address of the network layer, and the second IP address, and determine the source address of the NVGRE tunnel according to the second IP The address determines the destination address of the NVGRE tunnel, the first IP address corresponds to the CPE, the second IP address corresponds to the aggregation device, and the LAN interface is bound to the tunnel interface of the NVGRE tunnel.
可选的,建立隧道模块503具体用于若隧道配置参数包括VXLAN标识、网络层的第一IP地址以及第二IP地址,则根据第一IP地址确定VXLAN隧道的源地址,并根据第二IP地址确定VXLAN隧道的目的地址,第一IP地址与CPE对应,第二IP地址与汇聚设备对应,将局域网接口与VXLAN隧道的隧道接口进行绑定。Optionally, the tunnel establishment module 503 is specifically configured to determine the source address of the VXLAN tunnel according to the first IP address if the tunnel configuration parameters include the VXLAN identifier, the first IP address of the network layer, and the second IP address, and determine the source address of the VXLAN tunnel according to the second IP The address determines the destination address of the VXLAN tunnel, the first IP address corresponds to the CPE, the second IP address corresponds to the aggregation device, and the LAN interface is bound to the tunnel interface of the VXLAN tunnel.
在实际应用中,CPE还包括发送模块,建立PPP连接模块501、建立隧道模块502可以通过中央处理器,或特定集成电路(Application Specific Integrated Circuit,简称ASIC)实现,接收模块502和发送模块可以分别通过接收器和发送器实现,或集成了接收功能和发送功能的收发器实现。In practical applications, the CPE also includes a sending module. The PPP connection establishment module 501 and the tunnel establishment module 502 can be implemented by a central processing unit or a specific integrated circuit (Application Specific Integrated Circuit, referred to as ASIC). The receiving module 502 and the sending module can be respectively Realized by a receiver and a transmitter, or a transceiver that integrates a receive function and a transmit function.
可选的,CPE包括NAT设备。Optionally, the CPE includes a NAT device.
基于本申请上述提供的自动建立隧道的方法,本申请提供一种CPE600,用于实现本申请图1和图4所示的自动建立隧道的方法中CPE的功能,如图6所示,CPE600包括处理器601,发送器602和接收器603,其中,处理器601,发送器602和接收器603之间通过总线604相互连接。Based on the method for automatically establishing a tunnel provided in this application, this application provides a CPE600, which is used to realize the function of the CPE in the method for automatically establishing a tunnel shown in Figure 1 and Figure 4 of this application, as shown in Figure 6, CPE600 includes A processor 601 , a transmitter 602 and a receiver 603 , where the processor 601 , the transmitter 602 and the receiver 603 are connected to each other through a bus 604 .
发送器602,用于向汇聚设备发送PPP连接请求以建立与汇聚设备之间的PPP连接;The sender 602 is configured to send a PPP connection request to the aggregation device to establish a PPP connection with the aggregation device;
接收器603,用于接收汇聚设备通过PPP连接发送的隧道配置参数;Receiver 603, configured to receive tunnel configuration parameters sent by the aggregation device through the PPP connection;
处理器601,用于根据隧道配置参数建立与汇聚设备的隧道。Processor 601, configured to establish a tunnel with the convergence device according to tunnel configuration parameters.
处理器601可以是通用处理器,包括中央处理器(Central Processing Unit,简称CPU)、网络处理器(Network Processor,简称NP)等;还可以是数字信号处理器(DigitalSignal Processing,简称DSP)、专用集成电路(Application Specific IntegratedCircuit,简称ASIC)、现场可编程门阵列(Field-Programmable Gate Array,简称FPGA)或者其他可编程逻辑器件等。The processor 601 can be a general-purpose processor, including a central processing unit (Central Processing Unit, referred to as CPU), a network processor (Network Processor, referred to as NP), etc.; it can also be a digital signal processor (Digital Signal Processing, referred to as DSP), dedicated Integrated circuit (Application Specific Integrated Circuit, referred to as ASIC), field programmable gate array (Field-Programmable Gate Array, referred to as FPGA) or other programmable logic devices.
处理器601为CPU时,CPE600还可以包括:存储器605,用于存储程序。具体地,程序可以包括程序代码,程序代码包括计算机操作指令。存储器605可能包含随机存取存储器(random access memory,简称RAM),也可能还包括非易失性存储器(non-volatilememory),例如至少一个磁盘存储器。处理器601执行存储器605中存储的程序代码,实现上述功能。When the processor 601 is a CPU, the CPE 600 may further include: a memory 605, configured to store programs. Specifically, the program may include program code, and the program code includes computer operation instructions. The memory 605 may include a random access memory (random access memory, RAM for short), and may also include a non-volatile memory (non-volatile memory), such as at least one disk memory. The processor 601 executes the program codes stored in the memory 605 to realize the above functions.
可选的,处理器601具体用于若隧道配置参数包括L2TP标识,则向汇聚设备发送BCP请求,以使得汇聚设备根据BCP请求建立与CPE之间的L2TP隧道。Optionally, the processor 601 is specifically configured to send a BCP request to the convergence device if the tunnel configuration parameter includes the L2TP identifier, so that the convergence device establishes an L2TP tunnel with the CPE according to the BCP request.
可选的,处理器601具体还用于当隧道配置参数中的隧道类型参数包括隧道类型标识、网络层的第一IP地址以及第二IP地址时,根据第一IP地址确定隧道的源地址,并根据第二IP地址确定隧道的目的地址,将局域网接口与隧道的隧道接口进行绑定,第一IP地址与CPE对应,第二IP地址与汇聚设备对应,隧道与隧道类型对应。具体地,Optionally, the processor 601 is further configured to determine the source address of the tunnel according to the first IP address when the tunnel type parameter in the tunnel configuration parameter includes the tunnel type identifier, the first IP address of the network layer, and the second IP address, The destination address of the tunnel is determined according to the second IP address, and the LAN interface is bound to the tunnel interface of the tunnel. The first IP address corresponds to the CPE, the second IP address corresponds to the convergence device, and the tunnel corresponds to the tunnel type. specifically,
当隧道类型标识为GRE标识时,隧道为GRE隧道;When the tunnel type identifier is GRE identifier, the tunnel is a GRE tunnel;
当隧道类型标识为NVGRE标识时,隧道为NVGRE隧道;When the tunnel type identifier is NVGRE identifier, the tunnel is an NVGRE tunnel;
当隧道类型标识为VXLAN标识时,隧道为VXLAN隧道。When the tunnel type is identified as VXLAN, the tunnel is a VXLAN tunnel.
基于本申请上述提供的自动建立隧道的方法,请参阅图7,本申请提供一种汇聚设备,用于实现本申请图3和图4所示的自动建立隧道的方法中汇聚设备的功能,所述汇聚设备包括:Based on the method for automatically establishing tunnels provided above in this application, please refer to FIG. 7. This application provides a convergence device for realizing the functions of the convergence device in the methods for automatically establishing tunnels shown in FIGS. 3 and 4 of this application. The aggregation equipment mentioned above includes:
连接建立模块701,还用于接收CPE发送的PPP连接请求,根据PPP连接请求建立与CPE之间的PPP连接;The connection establishment module 701 is also configured to receive a PPP connection request sent by the CPE, and establish a PPP connection with the CPE according to the PPP connection request;
获取模块702,用于获取隧道配置参数;An acquisition module 702, configured to acquire tunnel configuration parameters;
发送模块703,还用于通过PPP连接将隧道配置参数发送给CPE;The sending module 703 is also configured to send the tunnel configuration parameters to the CPE through the PPP connection;
隧道建立模块704,用于根据隧道配置参数建立与CPE的隧道。A tunnel establishment module 704, configured to establish a tunnel with the CPE according to tunnel configuration parameters.
可选的,隧道建立模块704具体用于若隧道配置参数包括L2TP标识,则接收CPE发送的BCP请求,根据BCP请求建立与CPE的L2TP隧道。Optionally, the tunnel establishment module 704 is specifically configured to receive a BCP request sent by the CPE if the tunnel configuration parameter includes an L2TP identifier, and establish an L2TP tunnel with the CPE according to the BCP request.
可选的,隧道建立模块704具体用于若隧道配置参数包括GRE标识、网络层的第一IP地址以及第二IP地址,则根据第二IP地址确定GRE隧道的源地址,并根据第一IP地址确定GRE隧道的目的地址,第一IP地址与CPE对应,第二IP地址与汇聚设备对应。Optionally, the tunnel establishment module 704 is specifically configured to determine the source address of the GRE tunnel according to the second IP address if the tunnel configuration parameters include the GRE identifier, the first IP address of the network layer, and the second IP address, and determine the source address of the GRE tunnel according to the first IP The address determines the destination address of the GRE tunnel, the first IP address corresponds to the CPE, and the second IP address corresponds to the aggregation device.
可选的,隧道建立模块704具体用于若隧道配置参数包括NVGRE标识、网络层的第一IP地址以及第二IP地址,则根据第二IP地址确定NVGRE隧道的源地址,并根据第一IP地址确定NVGRE隧道的目的地址,第一IP地址与CPE对应,第二IP地址与汇聚设备对应。Optionally, the tunnel establishment module 704 is specifically configured to determine the source address of the NVGRE tunnel according to the second IP address if the tunnel configuration parameters include the NVGRE identifier, the first IP address of the network layer, and the second IP address, and determine the source address of the NVGRE tunnel according to the first IP The address determines the destination address of the NVGRE tunnel, the first IP address corresponds to the CPE, and the second IP address corresponds to the aggregation device.
可选的,隧道建立模块704具体用于若隧道配置参数包括VXLAN标识、网络层的第一IP地址以及第二IP地址,则根据第二IP地址确定VXLAN的源地址,并根据第一IP地址确定VXLAN隧道的目的地址,第一IP地址与CPE对应,第二IP地址与汇聚设备对应。Optionally, the tunnel establishment module 704 is specifically configured to determine the source address of VXLAN according to the second IP address if the tunnel configuration parameters include the VXLAN identifier, the first IP address of the network layer, and the second IP address, and determine the source address of the VXLAN according to the first IP address. Determine the destination address of the VXLAN tunnel. The first IP address corresponds to the CPE, and the second IP address corresponds to the aggregation device.
可选的,获取模块702,还用于获取参数修改指示,参数修改指示用于修改隧道配置参数;根据参数修改指示断开与CPE连接的隧道。Optionally, the acquiring module 702 is further configured to acquire a parameter modification indication, and the parameter modification indication is used to modify tunnel configuration parameters; disconnect the tunnel connected to the CPE according to the parameter modification indication.
可选的,获取模块702,还用于当参数修改指示用于指示隧道配置参数从第一隧道配置参数修改为第二隧道配置参数时,根据参数修改指示获取第二隧道配置参数;Optionally, the acquiring module 702 is also configured to acquire the second tunnel configuration parameter according to the parameter modification indication when the parameter modification indication is used to indicate that the tunnel configuration parameter is modified from the first tunnel configuration parameter to the second tunnel configuration parameter;
发送模块703,还用于向CPE发送重协商请求,以使得CPE向汇聚设备发起获取隧道配置参数的请求;The sending module 703 is also configured to send a renegotiation request to the CPE, so that the CPE initiates a request to the convergence device to obtain tunnel configuration parameters;
发送模块703,还用于向CPE发送第二隧道配置参数,以使得CPE根据第二隧道配置参数建立与汇聚设备的隧道。The sending module 703 is further configured to send the second tunnel configuration parameters to the CPE, so that the CPE establishes a tunnel with the aggregation device according to the second tunnel configuration parameters.
可选的,如图8所示,汇聚设备700还包括:Optionally, as shown in FIG. 8, the converging device 700 further includes:
存储模块801,用于存储至少两种隧道配置参数,每种隧道配置参数与至少一个L2TP组对应。The storage module 801 is configured to store at least two tunnel configuration parameters, each tunnel configuration parameter corresponding to at least one L2TP group.
可选的,汇聚设备700包括NAT设备。Optionally, the convergence device 700 includes a NAT device.
在实际应用中,汇聚设备还包括接收模块,连接建立模块701、获取模块702、隧道建立模块704可以通过中央处理器,或ASIC实现,接收模块和发送模块703可以分别通过接收器和发送器实现,或集成了接收功能和发送功能的收发器实现,存储模块801可以通过存储器实现。In practical applications, the aggregation device also includes a receiving module, the connection establishment module 701, the acquisition module 702, and the tunnel establishment module 704 can be realized by a central processing unit or an ASIC, and the receiving module and the sending module 703 can be realized by a receiver and a transmitter respectively , or implemented by a transceiver integrating a receiving function and a sending function, and the storage module 801 may be implemented by a memory.
为便于理解,下面以一具体应用场景对本发明实施例中CPE与汇聚设备中各模块之间的交互进行详细说明:For ease of understanding, the interaction between the CPE and each module in the converging device in the embodiment of the present invention is described in detail below in a specific application scenario:
汇聚设备以路由器为例,当企业分支的用户想要和企业总部建立通信隧道,建立PPP连接模块501与连接建立模块701进行PPP协商,建立PPP链路,获取模块702获取隧道配置参数,发送模块703将隧道配置参数发送给接收模块502,假定汇聚设备的IP地址为192.168.1.2,CPE1的IP地址为192.168.1.10;The aggregation device takes a router as an example. When a user of an enterprise branch wants to establish a communication tunnel with the enterprise headquarters, the establishment of a PPP connection module 501 performs PPP negotiation with the connection establishment module 701 to establish a PPP link. The acquisition module 702 acquires tunnel configuration parameters, and the transmission module 703 sends the tunnel configuration parameters to the receiving module 502, assuming that the IP address of the aggregation device is 192.168.1.2, and the IP address of CPE1 is 192.168.1.10;
当隧道配置参数包括L2TP标识,则建立隧道模块503向汇聚设备发送BCP连接请求,隧道建立模块704与建立隧道模块503进行BCP协商,协商通过后建立L2TP隧道;When the tunnel configuration parameters include the L2TP identifier, the tunnel establishment module 503 sends a BCP connection request to the aggregation device, the tunnel establishment module 704 performs BCP negotiation with the tunnel establishment module 503, and the L2TP tunnel is established after the negotiation is passed;
当隧道配置参数包括GRE标识、‘192.168.1.10’、‘192.168.1.2’,建立隧道模块503将‘192.168.1.10’作为GRE隧道的源地址,并将局域网接口和‘192.168.1.10’进行绑定,将‘192.168.1.2’作为GRE的目的地址;隧道建立模块704将‘192.168.1.2’作为GRE隧道的源地址,将‘192.168.1.10’作为GRE隧道的目的地址;When the tunnel configuration parameters include GRE identifier, '192.168.1.10', '192.168.1.2', the tunnel establishment module 503 uses '192.168.1.10' as the source address of the GRE tunnel, and binds the LAN interface to '192.168.1.10' , using '192.168.1.2' as the destination address of GRE; the tunnel establishment module 704 uses '192.168.1.2' as the source address of the GRE tunnel, and uses '192.168.1.10' as the destination address of the GRE tunnel;
当隧道配置参数包括VSID、‘192.168.1.10’,‘192.168.1.2’,建立隧道模块503将‘192.168.1.10’作为NVGRE隧道的源地址,并将局域网接口和‘192.168.1.10’进行绑定,将‘192.168.1.2’作为NVGRE的目的地址;隧道建立模块704将‘192.168.1.2’作为GRE隧道的源地址,将‘192.168.1.10’作为GRE隧道的目的地址;When the tunnel configuration parameters include VSID, '192.168.1.10', '192.168.1.2', the tunnel establishment module 503 uses '192.168.1.10' as the source address of the NVGRE tunnel, and binds the LAN interface to '192.168.1.10', Use '192.168.1.2' as the destination address of NVGRE; the tunnel establishment module 704 uses '192.168.1.2' as the source address of the GRE tunnel, and uses '192.168.1.10' as the destination address of the GRE tunnel;
当隧道配置参数包括VNI,‘192.168.1.10’,‘192.168.1.12’,建立隧道模块503将‘192.168.1.10’作为VXLAN隧道的源地址,并将局域网接口和‘192.168.1.10’进行绑定,将‘192.168.1.2’作为VXLAN隧道的目的地址;隧道建立模块704将‘192.168.1.2’作为VXLAN隧道的源地址,将‘192.168.1.10’作为VXLAN隧道的目的地址。When the tunnel configuration parameters include VNI, '192.168.1.10', '192.168.1.12', the tunnel establishment module 503 uses '192.168.1.10' as the source address of the VXLAN tunnel, and binds the LAN interface to '192.168.1.10', Use '192.168.1.2' as the destination address of the VXLAN tunnel; the tunnel establishment module 704 uses '192.168.1.2' as the source address of the VXLAN tunnel, and '192.168.1.10' as the destination address of the VXLAN tunnel.
基于本申请提供的自动建立隧道的方法,本申请提供一种汇聚设备,用于实现本申请图3和图4所示的自动建立隧道的方法中汇聚设备的功能,如图9所示,汇聚设备900包括处理器901,发送器902和接收器903,其中,处理器901,发送器902和接收器903之间通过总线904相互连接。Based on the method for automatically establishing tunnels provided by this application, this application provides a converging device for realizing the functions of the converging device in the method for automatically establishing tunnels shown in Figure 3 and Figure 4 of this application, as shown in Figure 9, the converging The device 900 includes a processor 901 , a transmitter 902 and a receiver 903 , where the processor 901 , the transmitter 902 and the receiver 903 are connected to each other through a bus 904 .
接收器903,用于接收CPE发送的PPP连接请求,根据PPP连接请求建立与CPE之间的PPP连接;The receiver 903 is configured to receive the PPP connection request sent by the CPE, and establish a PPP connection with the CPE according to the PPP connection request;
处理器901,用于获取隧道配置参数;Processor 901, configured to acquire tunnel configuration parameters;
发送器902,用于通过PPP连接将隧道配置参数发送给CPE;The sender 902 is configured to send the tunnel configuration parameters to the CPE through the PPP connection;
处理器901,还用于根据隧道配置参数建立与CPE的隧道。The processor 901 is further configured to establish a tunnel with the CPE according to tunnel configuration parameters.
处理器901可以是通用处理器,包括中央处理器、网络处理器等;还可以是数字信号处理器、专用集成电路、现场可编程门阵列或者其他可编程逻辑器件等。The processor 901 may be a general processor, including a central processing unit, a network processor, etc.; it may also be a digital signal processor, an application specific integrated circuit, a field programmable gate array, or other programmable logic devices.
处理器901为CPU时,汇聚设备900还可以包括:存储器905,用于存储程序。具体地,程序可以包括程序代码,程序代码包括计算机操作指令。存储器905可能包含随机存取存储器,也可能还包括非易失性存储器,例如至少一个磁盘存储器。处理器901执行存储器905中存储的程序代码,实现上述功能。When the processor 901 is a CPU, the converging device 900 may further include: a memory 905, configured to store programs. Specifically, the program may include program code, and the program code includes computer operation instructions. The memory 905 may include a random access memory, and may also include a non-volatile memory, such as at least one disk memory. The processor 901 executes the program codes stored in the memory 905 to realize the above functions.
可选的,处理器901具体用于若隧道配置参数包括L2TP标识,则用于接收CPE发送的BCP请求,根据BCP请求建立与CPE的L2TP隧道。Optionally, the processor 901 is specifically configured to, if the tunnel configuration parameter includes an L2TP identifier, receive a BCP request sent by the CPE, and establish an L2TP tunnel with the CPE according to the BCP request.
可选的,处理器901具体用于若隧道配置参数包括GRE标识、网络层的第一网际协议IP地址以及第二IP地址,则根据第二IP地址确定GRE隧道的源地址,并根据第一IP地址确定GRE隧道的目的地址,第一IP地址与CPE对应,第二IP地址与汇聚设备对应。Optionally, the processor 901 is specifically configured to determine the source address of the GRE tunnel according to the second IP address if the tunnel configuration parameters include the GRE identifier, the first IP address of the network layer, and the second IP address, and determine the source address of the GRE tunnel according to the first IP address. The IP address determines the destination address of the GRE tunnel, the first IP address corresponds to the CPE, and the second IP address corresponds to the convergence device.
可选的,处理器901具体用于若隧道配置参数包括NVGRE标识、网络层的第一IP地址以及第二IP地址,则根据第二IP地址确定NVGRE隧道的源地址,并根据第一IP地址确定NVGRE隧道的目的地址,第一IP地址与CPE对应,第二IP地址与汇聚设备对应。Optionally, the processor 901 is specifically configured to determine the source address of the NVGRE tunnel according to the second IP address if the tunnel configuration parameters include the NVGRE identifier, the first IP address of the network layer, and the second IP address, and determine the source address of the NVGRE tunnel according to the first IP address Determine the destination address of the NVGRE tunnel, the first IP address corresponds to the CPE, and the second IP address corresponds to the aggregation device.
可选的,处理器901具体用于若隧道配置参数包括VXLAN标识、网络层的第一IP地址以及第二IP地址,则根据第二IP地址确定VXLAN的源地址,并根据第一IP地址确定VXLAN隧道的目的地址,第一IP地址与CPE对应,第二IP地址与汇聚设备对应。Optionally, the processor 901 is specifically configured to determine the source address of the VXLAN according to the second IP address if the tunnel configuration parameters include the VXLAN identifier, the first IP address of the network layer, and the second IP address, and determine the For the destination address of the VXLAN tunnel, the first IP address corresponds to the CPE, and the second IP address corresponds to the aggregation device.
可选的,处理器901还用于获取参数修改指示,参数修改指示用于修改隧道配置参数,根据参数修改指示断开与CPE连接的隧道。Optionally, the processor 901 is further configured to acquire a parameter modification instruction, where the parameter modification instruction is used to modify tunnel configuration parameters, and disconnect the tunnel connected to the CPE according to the parameter modification instruction.
可选的,处理器901具体用于当参数修改指示用于指示隧道配置参数从第一隧道配置参数修改为第二隧道配置参数时,根据参数修改指示获取第二隧道配置参数;Optionally, the processor 901 is specifically configured to obtain the second tunnel configuration parameter according to the parameter modification instruction when the parameter modification instruction is used to indicate that the tunnel configuration parameter is modified from the first tunnel configuration parameter to the second tunnel configuration parameter;
发送器902,还用于向CPE发送重协商请求,以使得CPE向汇聚设备发起获取隧道配置参数的请求;The sender 902 is further configured to send a renegotiation request to the CPE, so that the CPE initiates a request to the convergence device to acquire tunnel configuration parameters;
发送器902,还用于向CPE发送第二隧道配置参数,以使得CPE根据第二隧道配置参数建立与汇聚设备的隧道。The sender 902 is further configured to send the second tunnel configuration parameters to the CPE, so that the CPE establishes a tunnel with the convergence device according to the second tunnel configuration parameters.
可选的,存储器905存储至少两种隧道配置参数,每种隧道配置参数与至少一个L2TP组对应。Optionally, the memory 905 stores at least two tunnel configuration parameters, and each tunnel configuration parameter corresponds to at least one L2TP group.
在本申请所提供的几个实施例中,应该理解到,所揭露的系统,装置和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。In the several embodiments provided in this application, it should be understood that the disclosed system, device and method can be implemented in other ways. For example, the device embodiments described above are only illustrative. For example, the division of the units is only a logical function division. In actual implementation, there may be other division methods. For example, multiple units or components can be combined or May be integrated into another system, or some features may be ignored, or not implemented. In another point, the mutual coupling or direct coupling or communication connection shown or discussed may be through some interfaces, and the indirect coupling or communication connection of devices or units may be in electrical, mechanical or other forms.
所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place, or may be distributed to multiple network units. Part or all of the units can be selected according to actual needs to achieve the purpose of the solution of this embodiment.
另外,在本发明各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。In addition, each functional unit in each embodiment of the present invention may be integrated into one processing unit, each unit may exist separately physically, or two or more units may be integrated into one unit. The above-mentioned integrated units can be implemented in the form of hardware or in the form of software functional units.
所述集成的单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的全部或部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本发明各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,Read-OnlyMemory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质。If the integrated unit is realized in the form of a software function unit and sold or used as an independent product, it can be stored in a computer-readable storage medium. Based on such an understanding, the essence of the technical solution of the present invention or the part that contributes to the prior art or all or part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium , including several instructions to make a computer device (which may be a personal computer, a server, or a network device, etc.) execute all or part of the steps of the method described in each embodiment of the present invention. The aforementioned storage medium includes: U disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disk or optical disk, and other media that can store program codes.
以上所述,以上实施例仅用以说明本发明的技术方案,而非对其限制;尽管参照前述实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本发明各实施例技术方案的范围。As mentioned above, the above embodiments are only used to illustrate the technical solutions of the present invention, rather than to limit them; although the present invention has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that: it can still understand the foregoing The technical solutions recorded in each embodiment are modified, or some of the technical features are replaced equivalently; and these modifications or replacements do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.
Claims (20)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510790045.8A CN106713100B (en) | 2015-11-17 | 2015-11-17 | A kind of method, CPE and convergence device for establishing tunnel automatically |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510790045.8A CN106713100B (en) | 2015-11-17 | 2015-11-17 | A kind of method, CPE and convergence device for establishing tunnel automatically |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106713100A CN106713100A (en) | 2017-05-24 |
| CN106713100B true CN106713100B (en) | 2019-11-29 |
Family
ID=58933344
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510790045.8A Active CN106713100B (en) | 2015-11-17 | 2015-11-17 | A kind of method, CPE and convergence device for establishing tunnel automatically |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106713100B (en) |
Families Citing this family (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111182016B (en) * | 2018-11-12 | 2022-12-27 | 中移(杭州)信息技术有限公司 | PPPoE dialing message transmission method and device |
| CN111262715B (en) | 2018-11-30 | 2021-04-02 | 贵州白山云科技股份有限公司 | Virtual intranet acceleration method and system and computer equipment |
| CN109743244A (en) * | 2019-03-21 | 2019-05-10 | 山东华辰泰尔信息科技股份有限公司 | A kind of system and method for realizing that high speed interconnects based on SDN and NFV technology |
| CN110572817B (en) * | 2019-07-30 | 2021-01-12 | 华为技术有限公司 | Communication method and electronic equipment |
| CN110768891A (en) * | 2019-11-04 | 2020-02-07 | 盛科网络(苏州)有限公司 | Chip implementation method and device for DCI tunnel isolation based on VxLAN |
| WO2021259110A1 (en) * | 2020-06-22 | 2021-12-30 | 中兴通讯股份有限公司 | Method for configuration and management of map-e tunnel, apparatus, server and storage medium |
| CN111726367B (en) * | 2020-06-30 | 2022-11-11 | 锐捷网络股份有限公司 | Method, device, system and equipment for binding access of Customer Premises Equipment (CPE) |
| CN111884904B (en) * | 2020-07-23 | 2021-09-24 | 中盈优创资讯科技有限公司 | Method and device for dynamically managing vxlan tunnel based on equipment configuration |
| CN112187611B (en) * | 2020-09-30 | 2022-03-25 | 瑞斯康达科技发展股份有限公司 | Method, storage medium and device for establishing service tunnel |
| CN114513387A (en) * | 2020-11-17 | 2022-05-17 | 中国移动通信有限公司研究院 | A kind of tunnel establishment method, apparatus and equipment |
| CN114928474A (en) * | 2022-04-24 | 2022-08-19 | 北京天融信网络安全技术有限公司 | Method and system for IPsec automatic negotiation network access with resource and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1980174A (en) * | 2005-12-08 | 2007-06-13 | 华为技术有限公司 | Method and system for inter connecting wide-band wireless network and wired network |
| CN101227415A (en) * | 2008-02-04 | 2008-07-23 | 华为技术有限公司 | Multi business resource allocation method, system, gateway equipment and authentication server |
| CN101686180A (en) * | 2008-09-28 | 2010-03-31 | 华为技术有限公司 | Data transmission method, network node and data transmission system |
| CN101729534A (en) * | 2009-05-31 | 2010-06-09 | 中兴通讯股份有限公司 | Network access device, system and method based on PPPoE |
-
2015
- 2015-11-17 CN CN201510790045.8A patent/CN106713100B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1980174A (en) * | 2005-12-08 | 2007-06-13 | 华为技术有限公司 | Method and system for inter connecting wide-band wireless network and wired network |
| CN101227415A (en) * | 2008-02-04 | 2008-07-23 | 华为技术有限公司 | Multi business resource allocation method, system, gateway equipment and authentication server |
| CN101686180A (en) * | 2008-09-28 | 2010-03-31 | 华为技术有限公司 | Data transmission method, network node and data transmission system |
| CN101729534A (en) * | 2009-05-31 | 2010-06-09 | 中兴通讯股份有限公司 | Network access device, system and method based on PPPoE |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106713100A (en) | 2017-05-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106713100B (en) | A kind of method, CPE and convergence device for establishing tunnel automatically | |
| US10122574B2 (en) | Methods and apparatus for a common control protocol for wired and wireless nodes | |
| US11184842B2 (en) | Conveying non-access stratum messages over ethernet | |
| US20160113006A1 (en) | Methods and apparatus for controlling wireless access points | |
| US11824685B2 (en) | Method for implementing GRE tunnel, access point and gateway | |
| US10581735B2 (en) | Packet processing method and apparatus | |
| WO2012023977A2 (en) | Method and system for layer-2 pseudo-wire rapid-deployment service over unknown internet protocol networks | |
| WO2016180020A1 (en) | Message processing method, device and system | |
| CN112422397B (en) | Service forwarding method and communication device | |
| WO2015100585A1 (en) | Fiber-to-the-distribution point device and communication method therefor | |
| WO2022267875A1 (en) | Packet transmission method and related device | |
| WO2022007749A1 (en) | Data transmission method and apparatus | |
| WO2023046006A1 (en) | Network transmission method and device | |
| EP3294006B1 (en) | Multilink-based data transmission method and device | |
| RU2687217C1 (en) | Method of preventing fragmentation of tcp/ip packets when using vpls in a packet switched network | |
| CN114500162A (en) | SD-WAN (secure digital-to-Wide area network) system and data forwarding method | |
| CN115396171A (en) | Message transmission method, message transmission channel establishment method and device | |
| CN115460140A (en) | Network intercommunication method and device | |
| CN115460138A (en) | Network interworking method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |