CN117499295A - A message forwarding method, device, equipment and storage medium - Google Patents

Abstract

The invention discloses a message forwarding method, a message forwarding device, message forwarding equipment and a storage medium. The method comprises the following steps: receiving a target message, wherein the target message comprises: a target IP address and an instance identifier; inquiring a routing table according to the target IP address and the instance identifier to obtain a private network next-hop table; inquiring a private network next hop table to obtain an IP tunnel table and a target public network next hop group table; querying an IP tunnel table to obtain a VPNSID and a source IP address; inquiring a next hop group table of the target public network to obtain a target switching identifier; updating the target message according to the VPNSID, the source IP address and the target switching identifier to obtain an updated target message; according to the target switching identification, a target output port is determined, and the updated target message is output from the target output port.

Description

A message forwarding method, device, equipment and storage medium

Technical field

The embodiments of the present invention relate to the field of communication technology, and in particular, to a message forwarding method, device, equipment and storage medium.

Background technique

The core idea of SRV6 (Segment Routing over IPv6, Internet Protocol version 6 segment routing) is to cut the message forwarding path into different segments, and then assign SID (Segment Identifier, segment identifier) to identify them so as to guide them by segments. Message forwarding.

SRV6 TE Policy is a tunnel traffic diversion technology developed on SRV6 technology, which introduces traffic into SRV6 TE tunnels according to a certain policy. The data packet is imported into the SRV6 TE Policy, and the SID list indicates the path and behavior of the data packet.

During the packet forwarding process, in order to avoid the problem that packets cannot be transmitted due to equipment failure in the packet transmission path, Bidirectional Forwarding Detection (BFD) is usually configured on the network edge device. BFD is used to detect the packets in the path. The equipment performs fault detection.

However, each PE device (network-side edge device) will establish paths with multiple other PE devices in the network. In order to ensure that each path can quickly detect faults, PE devices that establish paths between each other need to deploy BFD. Therefore, the number of BFD deployed on each PE device can reach the number of paths established between it and other PE devices, resulting in Each PE device needs to deploy a large number of BFDs. Therefore, a large number of message interactions are required, and there are problems such as message loss, long message interaction time, and poor locability and maintainability of message interaction. In addition, the private network side needs to participate in the entire process of determining the packet sending path. The path switching performance is low, the switching time is long, and it requires a lot of CPU.

Contents of the invention

Embodiments of the present invention provide a message forwarding method, device, equipment and storage medium, which can solve problems such as message loss, long message interaction time, poor message interaction locability and poor maintainability, improve path switching performance, and reduce path switching costs. Switching time and CPU usage.

According to one aspect of the present invention, a message forwarding method is provided, including:

Receive a target message, where the target message includes: a target IP address and an instance identifier;

Query the routing table according to the target IP address and the instance identifier to obtain the private network next hop table;

Query the private network next-hop table to obtain the IP tunnel table and target public network next-hop group table;

Query the IP tunnel table to obtain the VPNSID and source IP address;

Query the next hop group table of the target public network to obtain the target switching identifier;

Update the target message according to the VPNSID, the source IP address and the target switching identifier to obtain an updated target message;

Determine a target egress port according to the target switching identifier, and output the updated target message from the target egress port.

According to another aspect of the present invention, a message forwarding device is provided. The message forwarding device includes:

A target message receiving module, configured to receive a target message, where the target message includes: a target IP address and an instance identifier;

A routing table query module is used to query the routing table according to the target IP address and the instance identifier to obtain the private network next hop table;

The private network next-hop table query module is used to query the private network next-hop table to obtain the IP tunnel table and the target public network next-hop group table;

The IP tunnel table query module is used to query the IP tunnel table and obtain the VPNSID and source IP address;

The target public network next-hop group table query module is used to query the target public network next-hop group table to obtain the target switching identification;

A target message update module, configured to update the target message according to the VPNSID, the source IP address and the target switching identifier, and obtain an updated target message;

A message output module, configured to determine a target egress port according to the target switching identifier, and output the updated target message from the target egress port.

According to another aspect of the present invention, an electronic device is provided, the electronic device including:

at least one processor; and

a memory communicatively connected to the at least one processor; wherein,

The memory stores a computer program that can be executed by the at least one processor, and the computer program is executed by the at least one processor, so that the at least one processor can execute the method described in any embodiment of the present invention. Message forwarding method.

According to another aspect of the present invention, a computer-readable storage medium is provided. The computer-readable storage medium stores computer instructions. The computer instructions are used to enable a processor to implement any embodiment of the present invention when executed. message forwarding method.

The embodiment of the present invention receives the target message, queries the routing table according to the target IP address and instance identifier included in the target message, and obtains the private network next hop table; queries the private network next hop table to obtain the IP tunnel table and the target public network One-hop group table; query the IP tunnel table to obtain the VPNSID and source IP address; query the next-hop group table of the target public network to obtain the target switching identifier; perform all the steps according to the VPNSID, the source IP address and the target switching identifier. The target message is updated to obtain the updated target message; the target egress port is determined according to the target switching identifier, and the updated target message is output from the target egress port, which can solve the problem of message loss and message interaction. There are problems such as long time and poor message interaction locability and maintainability. Since the next hop group table of the target public network includes the target switching identifier, the target switching identifier is used to represent the active and backup switching status. Therefore, the path switching process is only for the public network. side, the private network side is not aware of it, thus improving path switching performance and reducing path switching time and CPU usage.

It should be understood that what is described in this section is not intended to identify key or important features of the embodiments of the invention, nor is it intended to limit the scope of the invention. Other features of the present invention will become easily understood from the following description.

Description of the drawings

In order to explain the technical solutions of the embodiments of the present invention more clearly, the drawings required to be used in the embodiments will be briefly introduced below. It should be understood that the following drawings only show some embodiments of the present invention and therefore do not It should be regarded as a limitation of the scope. For those of ordinary skill in the art, other relevant drawings can be obtained based on these drawings without exerting creative efforts.

Figure 1 is a flow chart of a message forwarding method in an embodiment of the present invention;

Figure 2 is a schematic diagram of the SRV6 Policy HSB networking structure in the embodiment of the present invention;

Figure 3 is a schematic diagram of SRV6 HSB main path forwarding in the embodiment of the present invention;

Figure 4 is a schematic diagram of SRV6 HSB backup path forwarding in the embodiment of the present invention;

Figure 5 is a schematic structural diagram of a message forwarding device in an embodiment of the present invention;

Figure 6 is a schematic structural diagram of an electronic device in an embodiment of the present invention.

Detailed ways

In order to enable those skilled in the art to better understand the solutions of the present invention, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only These are some embodiments of the present invention, rather than all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative efforts should fall within the scope of protection of the present invention.

It should be noted that the terms "first", "second", etc. in the description and claims of the present invention and the above-mentioned drawings are used to distinguish similar objects and are not necessarily used to describe a specific order or sequence. It is to be understood that the data so used are interchangeable under appropriate circumstances so that the embodiments of the invention described herein are capable of being practiced in sequences other than those illustrated or described herein. In addition, the terms "including" and "having" and any variations thereof are intended to cover non-exclusive inclusions, e.g., a process, method, system, product, or apparatus that encompasses a series of steps or units and need not be limited to those explicitly listed. Those steps or elements may instead include other steps or elements not expressly listed or inherent to the process, method, product or apparatus.

It can be understood that before using the technical solutions disclosed in the embodiments of this disclosure, users should be informed of the type, scope of use, usage scenarios, etc. of the personal information involved in this disclosure in an appropriate manner in accordance with relevant laws and regulations and obtain the user's authorization. .

Embodiment 1

Figure 1 is a flow chart of a message forwarding method provided by an embodiment of the present invention. This embodiment can be applied to the situation of message forwarding. The method can be executed by the message forwarding device in the embodiment of the present invention. The device can It is implemented using software and/or hardware, as shown in Figure 1. The method specifically includes the following steps:

S110. Receive a target message, where the target message includes: a target IP address and an instance identifier.

The instance identifier is the instance identifier included in the target message. The instance identifier included in the target message is the identifier of a specific instance that is marked on the target message through the configuration of the interface. It is the forwarding information carried by the target message. .

It should be noted that the target packets entering the edge PE device on the network side include: target IP address and instance identifier. For example, if the interface connecting the PE device and the CE (Customer Edge) device is bound to a VPN instance, then the target packet coming in from this interface will include the instance identifier of the VPN instance bound to the interface. .

Specifically, before receiving the target message, on the control plane: For PE equipment, SRV6 Policy can plan SRV6 Policy candidate paths through IGP protocol, BGP protocol and controller, or manually configure SRV6 Policy candidate paths (that is, including: SID list , egress port, next hop IP address, etc.); for each SRV6 Policy candidate path, a corresponding BFD session is configured. When multiple SRV6 Policy candidate paths are valid, the control plane will select two SRV6 Policy candidate paths according to priority. The primary path and backup path of the SRV6 HSB protection group. The control plane delivers BFD information to the BFD table in the Redis AppDB database. The control plane delivers SRV6 HSB information to the protection group table in the Redis AppDB database. The control plane delivers routing information to the routing collection table in the Redis AppDB database. On the forwarding plane: The forwarding plane subscribes to the BFD table in the database and records the BFD index (that is, the BFD session identifier) and BFD status. The forwarding plane subscribes to the protection group table in the database. The protection group table contains the primary and secondary path information, including: the next hop address of the primary and secondary paths, the egress port identifier, the sidlist (that is, the SID list), and the primary path BFD index. After obtaining the main path BFD index, record the index of the protection group table into the software table corresponding to BFD, and associate the protection group table with BFD information (BFD information includes: BFD session identifier and BFD status). It should be noted that when creating a protection group, the index of the protection group table is recorded in the BFD software table to determine which protection group a specific BFD session detects. When the BFD status changes, it can be directly notified Protection group, switch. The PE device pre-creates table entries on the public network side, and then creates table entries on the private network side, so that the private network side can obtain the public network next-hop group table index when creating table entries. Among them, the table items on the private network side include: routing table, private network next-hop table, and IP tunnel table. The table entries on the public network side include: public network next hop group table, NEXTHOP table, ARP table, L3_INTF table and SRV6_TUNNEL table. The routing table includes: IP address, instance identifier and private network next hop table index. The private network next hop table includes: IP tunnel table index and public network next hop group table index. The IP tunnel table includes :VPNSID and source IP address, the public network next hop group table includes: handover identification, main path next hop table index and backup path next hop table index, the NEXTHOP table includes: main path NEXTHOP table and backup path NEXTHOP table. The main path NEXTHOP table includes: the main path egress port identifier, the main path ARP table index, and the main path SRV6_TUNNEL table index. The main path ARP table includes: the MAC corresponding to the main path next hop address and the main path L3_INTF table index. , the main path L3_INTF table includes: MAC of this device. The backup path NEXTHOP table includes: the backup path egress port identifier, the backup path ARP table index, and the backup path SRV6_TUNNEL table index. The backup path ARP table includes: the MAC corresponding to the next hop address of the backup path and the backup path L3_INTF table index. The backup path L3_INTF table includes: MAC of this device. The main path SRV6_TUNNEL table includes: the public network SIDLIST (i.e., SID0~SIDn) corresponding to the main path, and the backup path SRV6_TUNNEL table includes: the public network SIDLIST (i.e., SID0~SIDn) corresponding to the backup path, where SIDLIST is the segment identifier list, also That is the SID list.

S120: Query the routing table according to the target IP address and the instance identifier to obtain a private network next hop table.

Wherein, the routing table includes: IP address, instance identifier and private network next hop table index. The routing table may be created by: obtaining a routing set related to the current PE device, and adding the IP address, instance identifier, public network identifier of each route in the routing set, the public network identifier to which the route is iterated, and the protection group corresponding to the route. The table index, the VPNSID corresponding to the instance identifier, and the source IP address are stored in the routing collection table in the database. According to the IP address of each route in the routing collection table, the instance identifier, the public network identifier to which the route is iterated, and the protection corresponding to the route The group table index, the VPNSID corresponding to the instance identifier, and the source IP address generate at least one routing table.

Specifically, the method of querying the routing table according to the target IP address and the instance identifier to obtain the private network next hop table may be: querying the routing table according to the target IP address and the instance identifier to obtain the private network next hop table. Skip table index.

S130: Query the private network next hop table to obtain the IP tunnel table and the target public network next hop group table.

Wherein, the private network next hop table includes: IP tunnel table index and target public network next hop group table index. The private network next-hop table can be created by: obtaining a route set related to the current PE device, and adding the IP address, instance ID, public network ID of each route in the route set, the public network ID to which the route is iterated, and the corresponding IP address of the route. The protection group table index, the VP NSID corresponding to the instance ID, and the source IP address are stored in the routing collection table in the database. The IP tunnel table index is generated based on the VPNSID and source IP address corresponding to each route in the routing collection table. According to the routing collection The public network identifier that each route iterates to in the table and the protection group table index corresponding to the route determine the next hop group table index of the target public network.

Specifically, the method of querying the private network next hop table to obtain the IP tunnel table and the target public network next hop group table can be: query the private network next hop table according to the private network next hop table index, and obtain the IP tunnel table index and Target public network next hop group table index.

S140: Query the IP tunnel table to obtain the VPNSID and source IP address.

Wherein, the IP tunnel table includes: VPNSID and source IP address. The VPNSID is the VPNSID corresponding to the VPN instance where the route is located. The source IP address is the source IP address carried by the destination packet when it is forwarded.

Specifically, the method of querying the IP tunnel table to obtain the VPNSID and source IP address may be: querying the IP tunnel table according to the IP tunnel table index to obtain the VPNSID and source IP address.

S150: Query the next hop group table of the target public network to obtain the target switching identifier.

Wherein, the target public network next hop group table includes: a handover identification, a primary path next hop table index and a backup path next hop table index. The switch identifier may be a switch. For example, when the target switch identifier is the first identifier, the main path next hop table is queried; when the target switch identifier is the second identifier, the backup path next hop table is queried.

Specifically, the method of querying the next-hop group table of the target public network to obtain the target switching identifier may be: querying the next-hop group table of the target public network according to the index of the next-hop group table of the target public network to obtain the target switching identifier.

S160: Update the target message according to the VPNSID, the source IP address and the target switching identifier to obtain an updated target message.

Specifically, the target message is updated according to the VPNSID, the source IP address and the target switching identifier. The updated target message may be obtained by: determining the next hop address corresponding to the target switching identifier. MAC, the MAC address of this device, the source IP address, the IP address corresponding to SIDn, VPNSID, and public network SIDLIST; according to the MAC corresponding to the next hop address, the MAC address of this device, the source IP address, the IP address corresponding to SIDn, VPNSID, The public network SIDLIST updates the target message and obtains the updated target message. SIDn is the outermost SID in SIDLIST, which also represents the SID corresponding to the PE next-hop device. It is encapsulated in the message as the destination IP. Medium; the IP address corresponding to SIDn is the destination IP address determined based on SIDn in SIDLIST.

Taking L3VPN as an example, for a route under a certain VPN instance, the format of the packet entering the PE device is:

DMAC1 SMAC1 SIP1 DIP1 Payload;

The format of the packet after passing through SRV6 Polciy is:

DMAC2 SMAC2 SIP2 DIP2 VPNSID SID0 SID1…SID n SIP1DIP1 Payload;

Compared with the ingress packet, the IP address, VPNSID, and public network SIDLIST (i.e., SID0~SIDn) are mainly added to the packet, and the MAC address is replaced.

When working on the main path, packets come out from the egress port of the main path. The MAC corresponding to the next hop address of the main path in DMAC2 can be obtained based on the next hop address of the main path in the protection group table. SMAC2 is the MAC address of this device, which can be found on this device. DIP2 is the IP address corresponding to the main path SIDn, and SIP2 is the SRV6 Policy source IP address configured on this device.

The above information can be obtained directly or indirectly through the information in the protection group table of the database.

When working on the backup path, the packet comes out from the egress port of the backup path. DMAC2 is the MAC corresponding to the next hop address of the backup path, which can be obtained according to the next hop address of the backup path in the SRV6_HSB_TABLE table. SMAC2 is the MAC address of this device, which can be found on this device (the PE device that received the target message). DIP2 is the IP address corresponding to SIDn of the backup path, and SIP2 is the SRV6 Policy source IP address configured on this machine.

The VPNSID corresponds to a specific VPN instance, does not distinguish between active and standby, and is determined before a certain L3VPN route enters the SRV6 forwarding process.

S170: Determine a target egress port according to the target switching identifier, and output the updated target message from the target egress port.

Specifically, the target egress port is determined according to the target switching identifier, and the method of outputting the updated target message from the target egress port may be: if the target switching identifier is the first identifier, query the main path The next hop table obtains the main path egress port identifier, and outputs the updated target message from the target egress port corresponding to the main path egress port identifier; if the target switch identifier is the second identifier, query the backup path The next hop table is used to obtain the backup path egress port identifier, and the updated target message is output from the target egress port corresponding to the backup path egress port identifier.

Optionally, before receiving the target message, it also includes:

When subscribing to the protection group table in the database, a public network next-hop group table corresponding to the protection group table is created according to the protection group table. The public network next-hop group table includes: main path next-hop table index, The next hop table index and handover identification of the backup path.

It should be noted that after the control plane generates the protection group table, it stores the protection group table in the database.

Specifically, the forwarding plane subscribes to changes in the database. When the forwarding plane subscribes to changes in the protection group table in the database, it creates a public network next-hop group table corresponding to the protection group based on the changed protection group.

It should be noted that the public network next-hop group table corresponding to the protection group is created in advance, and then the private network side entries are created based on the public network next-hop group table corresponding to the protection group.

The forwarding plane can obtain the protection group table and BFD table in the database by subscribing to database changes, where the protection group table and BFD table are tables that are stored in the database after being generated by the control plane. The control plane and the forwarding plane interact through the database. Compared with the traditional interaction between the control plane and the forwarding plane through the message interface, the control plane and the forwarding plane are decoupled.

Optionally, before subscribing to the protection group table in the database and creating the public network next-hop group table corresponding to the protection group table based on the protection group table, the following is also included:

Generate at least two SRV6 Policy candidate paths;

Obtain the BFD session corresponding to each SRV6 Policy candidate path;

Determine the BFD status corresponding to each SRV6 Policy candidate path based on the BFD session corresponding to each SRV6 Policy candidate path, and store the BFD status and BFD session ID in the BFD table of the database;

Determine the SRV6 Policy candidate path whose BFD status is the first state as a valid candidate path;

Determine the main path and backup path according to the effective candidate path and the priority of the effective candidate path;

Generate protection groups based on the primary path and backup path;

Store the active and backup information of the protection group in the protection group table of the database, where the active and backup information of the protection group includes: protection group identification, main path egress port identification, main path next hop address, main path SID list , the backup path egress port identification, the backup path next hop address, the backup path SID list, and the main path BFD session index.

The protection group table includes: the next hop address of the primary and secondary paths, the egress port identifier, the sidlist (ie, the SID list), and the BFD session index of the primary path. After obtaining the main path BFD session index, record the index of the protection group table into the software table corresponding to BFD, and associate the protection group with BFD information.

Specifically, the method of generating at least two SRV6 Policy candidate paths may be: static configuration or dynamically generating at least two SRV6 Policy candidate paths through a protocol.

The first state may be an UP state. Specifically, the SRV6Policy candidate path whose BFD state is UP is determined as a valid candidate path.

In a specific example, the control plane can be statically configured or multiple SRV6 Policy candidate paths dynamically generated through the protocol. You can configure an SBFD session or a BFD session for each SRV6 Policy candidate path. SBFD session or BFD session is used to detect path validity. Since SBFD is a type of BFD, it will be referred to as BFD in the following; if the BFD status of a certain SRV6 Policy candidate path is up, the SRV6 Policy candidate path is determined to be a valid candidate path; the main path and path are formed based on the path priority and path validity. Hot-Standby path (hereinafter referred to as backup path for short), the valid candidate path with the highest priority is the primary path, and the valid candidate path with the second highest priority is the backup path. As shown in Figure 2, after both the primary path and the backup path are selected, an SRV6 HSB protection group is generated. When there is and is only one valid candidate path, the SRV6 HSB protection group cannot be formed and a single path is used for forwarding. The control plane stores the BFD status and BFD session identifier in the BFD table of the database, and stores the primary and backup information of the protection group in the protection group table of the database. The forwarding plane subscribes to changes in the database.

Optionally, after subscribing to the protection group table in the database and creating the public network next-hop group table corresponding to the protection group table based on the protection group table, it also includes:

When subscribing to the BFD table in the database, if the BFD state is determined to be the second state according to the BFD table, obtain the target protection group corresponding to the BFD session identifier carried in the BFD table;

Update the handover identification in the public network next hop group table corresponding to the target protection group to the handover identification corresponding to the second state.

Specifically, the forwarding plane subscribes to the BFD table and protection group table in the database.

It should be noted that after creating the public network next hop group table corresponding to the protection group table, if the BFD table in the database is subscribed to change and the BFD status in the BFD table is down, query the BFD session ID and protection group. According to the corresponding relationship, the target protection group corresponding to the BFD session in the BFD state is down is obtained, and the handover identification in the public network next hop group table corresponding to the target protection group is updated to the handover identification corresponding to the second state.

In a specific example, when the forwarding plane subscribes to changes in the BFD information in the database, it will record information such as the BFD session ID and BFD status. The BFD table structure in the database is as follows:

illustrate:

1. BFD_TABLE is the name of the AppDB table, and 100 is the BFD ID, which is used to represent a specific BFD session.

2. State indicates the BFD status, which can be up or down.

The structure of the protection group table is as follows:

illustrate:

1. SRV6_HSB_TABLE is the name of the AppDB table, ab::2 represents the key of the table, which is the bind_sid of SRV6Policy, used to identify a certain group of SRV6 Policy HSB;

2. ifname indicates that the main path egress port name is ens40;

3. nexthop indicates that the next hop address of the main path is 40::73;

4. sidlist is the SID list, indicating that the main path segment SID list is:

100:100::1100:0:0|200:200::2200:0:0, where "|" is used to separate multiple SIDs.

5. backup_ifname, backup_nexthop, and backup_sidlist respectively represent the backup path-related information corresponding to the primary path.

7. bfd_id indicates the BFD session index of the protection group's main path.

When the forwarding plane subscribes to the protection group table in the database, it creates a protection group based on the primary and secondary path information, and associates the protection group with the BFD session index based on the BFD session index in the protection group.

The services iterated to the SRV6 Policy HSB can be one or more of L3VPN/L2VPN/EVPN (hereinafter referred to as Overlay services). For different types and different scales of services, no awareness is required when performing active/standby switching. , greatly improving switching performance. The embodiment of the present invention is described by taking L3VPN iteration to SRV6 Policy HSB as an example. Practical applications include but are not limited to L3VPN, L2VPN, and EVPN.

When it is determined that the main path fails based on the BFD status, the control plane writes the BFD status (down) to the BFD table in the database, and the forwarding plane subscribes to the BFD table. Through the previously recorded BFD session index and the association information of the protection group, it can quickly Perform path switching and switch services to the backup path for forwarding. Directly notifying the forwarding plane through the database reduces the interaction between the control plane and the forwarding plane and shortens the switching time.

After the switchover, if there are multiple candidate paths that can form a new active-standby relationship, the new path information will be updated to the protection group, and at the same time it will switch back to the main path. In this process, all overlay services iterated to the SRV6 Policy HSB will also be updated. No perception is required.

Optional, also includes:

Get the route collection;

Store the IP address, instance ID, public network ID of the route iteration to, the protection group table index corresponding to the route, the VPNSID corresponding to the instance ID, and the source IP address of each route in the route set into the route set table in the database;

Create routing tables, IP tunnel tables, and private network next-hop tables based on the routing set table in the database.

Wherein, the route set is a route set related to the current PE device.

Specifically, the routing table, IP tunnel table, and private network next-hop table can be created based on the route set table in the database by: creating an IP tunnel table based on the VPNSID and source IP address, and creating an IP tunnel table based on the index of the IP tunnel table and the corresponding route. Create a private network next-hop table based on the protection group table index and the public network identifier that the route iterates to, and create a routing table based on the private network next-hop table index, IP address, and instance identifier.

In a specific example, the control plane delivers L3VPN information to the routing set table in the Redis AppDB database. The structure of the routing set table is as follows:

illustrate:

1. ROUTE_TABLE is the name of the AppDB table, and Vrf100:80::/64 is the key of the table, indicating that the L3VPN instance is Vrf100 and the route is 80::/64;

2. Type indicates that the public network to which the route is iterated is SRV6:HSB;

3. srv6key represents the key of the public network srv6 database table corresponding to the route;

4. The iteration that can be found based on type and srv6key is public network SRV6_HSB_TABLE:ab::2;

5. vpnsid indicates the vpnsid corresponding to the L3VPN instance where the route is located;

6. SIP is the source IP address carried by the packet when it is forwarded.

Optionally, update the target message according to the VPNSID, the source IP address and the target switching identifier to obtain an updated target message, including:

If the target switching identifier is the first identifier, query the main path next hop table to obtain the MAC corresponding to the main path next hop address, the device MAC and the main path SID list. According to the VPNSID, the source IP address , update the target message with the MAC corresponding to the next hop address of the main path, the MAC of the local device and the main path SID list, and obtain the updated target message;

If the target switching identifier is the second identifier, the backup path next hop table is queried according to the backup path next hop table index, and the MAC corresponding to the backup path next hop address, the device MAC and the backup path SID list are obtained. The VPNSID, the source IP address, the MAC corresponding to the next hop address of the backup path, the MAC of the local device, and the backup path SID list are used to update the target packet to obtain an updated target packet.

Among them, the target message format is: DMAC1 SMAC1 SIP1 DIP1 Payload;

The updated target message format is: DMAC2 SMAC2 SIP2 DIP2 VPNSID SID0 SID1…SID nSIP1 DIP1 Payload.

Specifically, if the target switching identifier is the first identifier, query the main path next hop table to obtain the main path egress port identifier, the main path ARP table index and the main path SRV6_TUNNEL table index, and query the main path based on the main path ARP table index. Path ARP table, obtain the MAC corresponding to the next hop address of the main path and the main path L3_INTF table index. Query the main path L3_INTF table according to the main path L3_INTF table index to obtain the MAC of the device. Query the main path SRV6_TUNNEL table according to the main path SRV6_TUNNEL table index. Get the main path SID list.

Specifically, if the target switching identifier is the second identifier, the backup path next hop table is queried to obtain the backup path egress port identifier, the backup path ARP table index, and the backup path SRV6_TUNNEL table index, and the backup path is queried according to the backup path ARP table index. Path ARP table, obtain the MAC corresponding to the next hop address of the backup path and the backup path L3_INTF table index. Query the backup path L3_INTF table according to the backup path L3_INTF table index to obtain the MAC of the device. Query the backup path SRV6_TUNNEL table based on the backup path SRV6_TUNNEL table index. Get the backup path SID list.

Optionally, determining a target egress port according to the target switching identifier, and outputting the updated target message from the target egress port includes:

If the target switching identifier is the first identifier, query the main path next hop table to obtain the main path egress port identifier, and output the updated target message from the target egress port corresponding to the main path egress port identifier. ;

If the target switching identifier is the second identifier, query the backup path next hop table to obtain the backup path egress port identifier, and output the updated target message from the target egress port corresponding to the backup path egress port identifier. .

Wherein, the first identification is to determine the main path as the forwarding path, and the second identification is to switch the forwarding path to the backup path.

In a specific example, after the BFD table, protection group table, and route set table are obtained from the database, public network side table entries and private network side table entries can be constructed based on the obtained tables.

As shown in Figure 3, taking L3VPN as an example, the private network side can be L3VPN or EVPN/L2VPN. Regardless of the type of service on the private network side, it can be connected to the public network side through the NHG table index srv6_nhg_idx of the public network next hop group corresponding to the protection group. If the information on the public network side and the private network side changes, you only need to keep the index srv6_nhg_idx of the NHG table unchanged, so that the public and private networks can be unaware of each other and achieve the effect of decoupling the public and private networks.

Private network side table entries include: ROUTE table, NEXTHOP table and IP_TUNNEL table. The ROUTE table is used to find L3VPN routes, and routing information is obtained through the key of the database route collection table. The NEXTHOP table includes: ip_tunnel_idx field and srv6_nhg_idx field. The ip_tunnel_idx field is used to index the IP_TUNNEL table, which is filled with VPNSID and sip. It can be obtained through the database routing collection table. srv6_nhg_idx is used to cascade with the public network and is the index of the public network NHG table. This table is created on the public network side. L3VPN obtains it from the table entry created on the public network side through the key of SRV6_HSB_TABLE.

Public network side: After the forwarding plane obtains the information about the primary and backup paths, it will create forwarding tables related to the primary and backup paths and protection groups. The public network side table entries mainly include NHG (NEXTHOP GROUP) table, NEXTHOP table, ARP table, and L3_INTF table. And the SRV6_TUNNEL table. The information of the main path and the backup path is symmetrical. The forwarding information of the main path and the forwarding information of the backup path are filled in respectively. Taking the main path as an example, the main path egress port port field is filled in the NEXTHOP table, that is, PE1 to PE1 shown in Figure 2. For the egress port of P1, arp_index is used to index the ARP table, srv6_tunnel_idx is used to index the SRV6_TUNNEL table; the ARP table is filled with dmac, which is the DMAC2 in the output message, l3_intf_idx is used to index the L3_INTF table; L3_INTF is filled with smac, that is, SMAC2 in the output message; fill in the SIDLIST information in the SRV6_TUNNEL table, SID0 ~ SID n, SID n is the DIP2 in the output message; NHG has the index of the NEXTHOP table and the switching identifier of the active and backup channels; the BFD table The status is used to guide the working path of NHG. In Figure 3, the BFD status is up, and it is currently working on the main path.

In the above forwarding model, it is necessary to create table entries on the public network side first, and then create table entries on the private network side, so that the private network side can obtain the NHG table index on the public network side when creating table entries.

When control plane BFD detects that the main path is down, it will set the BFD status in the database BFD table to down. As shown in Figure 4, the forwarding plane subscribes to BFD down and notifies the protection group according to the protection group corresponding to the BFD. Switch, switch the forwarding path to the backup path, seal the SIDLIST information of the backup path, DIP2 of the backup path, SMAC2, DMAC2 and other information of the backup path, and forward them out from the egress port of the backup path. Since the entire handover process is performed after the NHG table, even if there are large-capacity overlay services on the private network side iterated to SRV6 HSB, the table entries on the private network side do not need to be sensed, that is, the handover can be completed once, which greatly Improved switching performance and shortened switching time. When the BFD detection period is configured as 3*10ms, carrier-grade switching of <50ms can be achieved.

Optional, also includes:

If the active and backup information of the target protection group is determined to be changed based on the BFD status corresponding to the SRV6 Policy candidate path, update the active and backup information of the target protection group in the protection group table based on the changed active and backup information, and maintain the protection group. The index on the target protection group in the table is unchanged.

Specifically, if it is determined that path A (main path) fails based on the switching identifier in the public network next hop group table of the target protection group, it will switch to path B (standby path), and the target will be determined based on the BFD status corresponding to the SRV6 Policy candidate path. The primary and secondary information of the protection group is changed (path C is discovered), that is, path B is determined as the primary path and path C is determined as the secondary path. The primary and secondary information of the target protection group in the protection group table of the database is updated and maintained. The index of the target protection group in the protection group table remains unchanged.

It should be noted that when the above protection group has new effective active and backup paths, after the control plane generates a new protection group, it will write the new active and backup information into the protection group table in the database, and the forwarding plane will subscribe to the database. Update the information based on changes to the protection group table. When updating the same protection group, the key of the protection group in the database does not change. Only the content of the protection group needs to be updated, that is, the table entries on the primary and backup paths are updated, that is, the public network side table entries in Figure 3 are updated. , the private network side does not need to be aware.

Through the technical solutions disclosed in the embodiments of the present invention, the control plane does not directly interact with the forwarding plane. By subscribing to the database, the BFD table and the protection group table are obtained, and the clear, accurate and stable characteristics of the database storage are used to reduce the problem of interacting with a large number of messages. Problems such as message loss, long message interaction time, and poor locability and maintainability of message interaction; directly subscribing to the BFD table through the forwarding plane can make the forwarding plane quickly sense BFD status changes, reduce internal interactions in the control plane, and achieve It achieves the purpose of fast switching; through the design of public and private network decoupling, public and private network updates do not affect each other, achieving the effect that the private network is not aware of the primary and backup path switching, and the private network is not aware of the protection group update, which can improve switching performance and reduce switching time. and CPU usage.

The technical solution of this embodiment is to receive the target message, query the routing table according to the target IP address and instance identifier included in the target message, and obtain the private network next hop table; query the private network next hop table to obtain the IP tunnel table and target Public network next hop group table; query the IP tunnel table to obtain the VPNSID and source IP address; query the target public network next hop group table to obtain the target switching identifier; switch based on the VPNSID, the source IP address, and the target switching The target message is updated with the identifier to obtain the updated target message; the target egress port is determined based on the target switching identifier, which can solve problems such as message loss, long message interaction time, and poor message interaction locability and maintainability. , since the target public network next hop group table includes the target switching identifier, and the target switching identifier is used to represent the active and backup switching status. Therefore, the path switching process is only for the public network side, and the private network side is not aware of it, thus improving the path switching performance. , reducing path switching time and CPU usage.

Embodiment 2

Figure 5 is a schematic structural diagram of a message forwarding device provided by an embodiment of the present invention. This embodiment can be applied to the situation of message forwarding. The device can be implemented in the form of software and/or hardware. The device can be integrated in any device that provides the message forwarding function. As shown in Figure 5, the message The forwarding device specifically includes: a target message receiving module 210, a routing table query module 220, a private network next hop table query module 230, an IP tunnel table query module 240, a target public network next hop group table query module 250, and a target message Update module 260 and message output module 270.

Wherein, the target message receiving module is used to receive the target message, wherein the target message includes: target IP address and instance identifier;

A routing table query module is used to query the routing table according to the target IP address and the instance identifier to obtain the private network next hop table;

The private network next-hop table query module is used to query the private network next-hop table to obtain the IP tunnel table and the target public network next-hop group table;

The IP tunnel table query module is used to query the IP tunnel table and obtain the VPNSID and source IP address;

The target public network next-hop group table query module is used to query the target public network next-hop group table to obtain the target switching identification;

A target message update module, configured to update the target message according to the VPNSID, the source IP address and the target switching identifier, and obtain an updated target message;

A message output module, configured to determine a target egress port according to the target switching identifier, and output the updated target message from the target egress port.

The above-mentioned products can execute the method provided by any embodiment of the present invention, and have corresponding functional modules and beneficial effects for executing the method.

Embodiment 3

FIG. 6 shows a schematic structural diagram of an electronic device 10 that can be used to implement embodiments of the present invention. Electronic devices are intended to refer to various forms of digital computers, such as laptop computers, desktop computers, workstations, personal digital assistants, servers, blade servers, mainframe computers, and other suitable computers. Electronic devices may also represent various forms of mobile devices, such as personal digital assistants, cellular phones, smart phones, wearable devices (eg, helmets, glasses, watches, etc.), and other similar computing devices. The components shown herein, their connections and relationships, and their functions are examples only and are not intended to limit the implementation of the invention described and/or claimed herein.

As shown in Figure 6, the electronic device 10 includes at least one processor 11, and a memory communicatively connected to the at least one processor 11, such as a read-only memory (ROM) 12, a random access memory (RAM) 13, etc., wherein the memory stores There is a computer program that can be executed by at least one processor. The processor 11 can perform the operation according to the computer program stored in the read-only memory (ROM) 12 or loaded from the storage unit 18 into the random access memory (RAM) 13. Perform various appropriate actions and processing. In the RAM 13, various programs and data required for the operation of the electronic device 10 can also be stored. The processor 11, the ROM 12 and the RAM 13 are connected to each other via the bus 14. An input/output (I/O) interface 15 is also connected to bus 14 .

Multiple components in the electronic device 10 are connected to the I/O interface 15, including: an input unit 16, such as a keyboard, a mouse, etc.; an output unit 17, such as various types of displays, speakers, etc.; a storage unit 18, such as a magnetic disk, an optical disk, etc. etc.; and communication unit 19, such as network card, modem, wireless communication transceiver, etc. The communication unit 19 allows the electronic device 10 to exchange information/data with other devices through computer networks such as the Internet and/or various telecommunications networks.

Processor 11 may be a variety of general and/or special purpose processing components having processing and computing capabilities. Some examples of the processor 11 include, but are not limited to, a central processing unit (CPU), a graphics processing unit (GPU), various dedicated artificial intelligence (AI) computing chips, various processors running machine learning model algorithms, digital signal processing processor (DSP), and any appropriate processor, controller, microcontroller, etc. The processor 11 performs various methods and processes described above, such as the message forwarding method.

In some embodiments, the message forwarding method may be implemented as a computer program, which is tangibly included in a computer-readable storage medium, such as the storage unit 18 . In some embodiments, part or all of the computer program may be loaded and/or installed onto the electronic device 10 via the ROM 12 and/or the communication unit 19 . When the computer program is loaded into the RAM 13 and executed by the processor 11, one or more steps of the message forwarding method described above may be performed. Alternatively, in other embodiments, the processor 11 may be configured to perform the message forwarding method in any other suitable manner (eg, by means of firmware).

Various implementations of the systems and techniques described above may be implemented in digital electronic circuit systems, integrated circuit systems, field programmable gate arrays (FPGAs), application specific integrated circuits (ASICs), application specific standard products (ASSPs), systems on a chip implemented in a system (SOC), load programmable logic device (CPLD), computer hardware, firmware, software, and/or a combination thereof. These various embodiments may include implementation in one or more computer programs executable and/or interpreted on a programmable system including at least one programmable processor, the programmable processor The processor, which may be a special purpose or general purpose programmable processor, may receive data and instructions from a storage system, at least one input device, and at least one output device, and transmit data and instructions to the storage system, the at least one input device, and the at least one output device. An output device.

Computer programs for implementing the methods of the invention may be written in any combination of one or more programming languages. These computer programs may be provided to a processor of a general-purpose computer, a special-purpose computer, or other programmable data processing device, such that the computer program, when executed by the processor, causes the functions/operations specified in the flowcharts and/or block diagrams to be implemented. A computer program may execute entirely on the machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.

In the context of this invention, a computer-readable storage medium may be a tangible medium that may contain or store a computer program for use by or in connection with an instruction execution system, apparatus, or device. Computer-readable storage media may include, but are not limited to, electronic, magnetic, optical, electromagnetic, infrared, or semiconductor systems, devices or devices, or any suitable combination of the foregoing. Alternatively, the computer-readable storage medium may be a machine-readable signal medium. More specific examples of machine-readable storage media would include one or more wire-based electrical connections, laptop disks, hard drives, random access memory (RAM), read only memory (ROM), erasable programmable read only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), optical storage device, magnetic storage device, or any suitable combination of the above.

To provide interaction with a user, the systems and techniques described herein may be implemented on an electronic device having a display device (eg, a CRT (cathode ray tube) or LCD (liquid crystal display)) for displaying information to the user monitor); and a keyboard and pointing device (e.g., a mouse or a trackball) through which a user can provide input to the electronic device. Other kinds of devices may also be used to provide interaction with the user; for example, the feedback provided to the user may be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and may be provided in any form, including Acoustic input, voice input or tactile input) to receive input from the user.

The systems and techniques described herein may be implemented in a computing system that includes back-end components (e.g., as a data server), or a computing system that includes middleware components (e.g., an application server), or a computing system that includes front-end components (e.g., A user's computer having a graphical user interface or web browser through which the user can interact with implementations of the systems and technologies described herein), or including such backend components, middleware components, or any combination of front-end components in a computing system. The components of the system may be interconnected by any form or medium of digital data communication (eg, a communications network). Examples of communication networks include: local area network (LAN), wide area network (WAN), blockchain network, and the Internet.

Computing systems may include clients and servers. Clients and servers are generally remote from each other and typically interact over a communications network. The relationship of client and server is created by computer programs running on corresponding computers and having a client-server relationship with each other. The server can be a cloud server, also known as cloud computing server or cloud host. It is a host product in the cloud computing service system to solve the problems of difficult management and weak business scalability in traditional physical hosts and VPS services. defect.

It should be understood that various forms of the process shown above may be used, with steps reordered, added or deleted. For example, each step described in the present invention can be executed in parallel, sequentially, or in different orders. As long as the desired results of the technical solution of the present invention can be achieved, there is no limitation here.

The above-mentioned specific embodiments do not constitute a limitation on the scope of the present invention. It will be understood by those skilled in the art that various modifications, combinations, sub-combinations and substitutions are possible depending on design requirements and other factors. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present invention shall be included in the protection scope of the present invention.

Claims (11)

1. A message forwarding method, characterized in that it is executed by a network-side edge device. The message forwarding method includes: Receive a target message, where the target message includes: a target IP address and an instance identifier; Query the routing table according to the target IP address and the instance identifier to obtain the private network next hop table; Query the private network next-hop table to obtain the IP tunnel table and target public network next-hop group table; Query the IP tunnel table to obtain the VPNSID and source IP address; Query the next hop group table of the target public network to obtain the target switching identifier; Update the target message according to the VPNSID, the source IP address and the target switching identifier to obtain an updated target message; Determine a target egress port according to the target switching identifier, and output the updated target message from the target egress port. 2. The method according to claim 1, characterized in that, the target message is updated according to the VPNSID, the source IP address and the target switching identifier to obtain an updated target message, including: If the target switching identifier is the first identifier, query the main path next hop table to obtain the MAC corresponding to the main path next hop address, the device MAC and the main path SID list. According to the VPNSID, the source IP address , update the target message with the MAC corresponding to the next hop address of the main path, the MAC of the local device and the main path SID list, and obtain the updated target message; If the target switching identifier is the second identifier, the backup path next hop table is queried according to the backup path next hop table index, and the MAC corresponding to the backup path next hop address, the device MAC and the backup path SID list are obtained. The VPNSID, the source IP address, the MAC corresponding to the next hop address of the backup path, the MAC of the local device, and the backup path SID list are used to update the target packet to obtain an updated target packet. 3. The method according to claim 1, characterized in that determining a target egress port according to the target switching identifier, and outputting the updated target message from the target egress port includes: If the target switching identifier is the first identifier, query the main path next hop table to obtain the main path egress port identifier, and output the updated target message from the target egress port corresponding to the main path egress port identifier. ; If the target switching identifier is the second identifier, query the backup path next hop table to obtain the backup path egress port identifier, and output the updated target message from the target egress port corresponding to the backup path egress port identifier. . 4. The method according to claim 1, characterized in that, before receiving the target message, it further includes: When subscribing to the protection group table in the database, a public network next-hop group table corresponding to the protection group table is created according to the protection group table. The public network next-hop group table includes: main path next-hop table index, The next hop table index and handover identification of the backup path. 5. The method according to claim 4, characterized in that, before subscribing to the protection group table in the database and before creating the public network next hop group table corresponding to the protection group table according to the protection group table, it also includes: Generate at least two SRV6 Policy candidate paths; Obtain the BFD session corresponding to each SRV6 Policy candidate path; Determine the BFD status corresponding to each SRV6 Policy candidate path based on the BFD session corresponding to each SRV6 Policy candidate path, and store the BFD status and BFD session ID in the BFD table of the database; Determine the SRV6 Policy candidate path whose BFD status is the first state as a valid candidate path; Determine the main path and backup path according to the effective candidate path and the priority of the effective candidate path; Generate protection groups based on the primary path and backup path; Store the active and backup information of the protection group in the protection group table of the database, where the active and backup information of the protection group includes: protection group identification, main path egress port identification, main path next hop address, main path SID list , the backup path egress port identification, the backup path next hop address, the backup path SID list, and the main path BFD session index. 6. The method according to claim 5, characterized in that, after subscribing to the protection group table in the database and creating the public network next hop group table corresponding to the protection group table according to the protection group table, it also includes: When subscribing to the BFD table in the database, if the BFD state is determined to be the second state according to the BFD table, obtain the target protection group corresponding to the BFD session identifier carried in the BFD table; Update the handover identification in the public network next hop group table corresponding to the target protection group to the handover identification corresponding to the second state. 7. The method of claim 5, further comprising: Get the route collection; Store the IP address, instance ID, public network ID of the route iteration to, the protection group table index corresponding to the route, the VPNSID corresponding to the instance ID, and the source IP address of each route in the route set into the route set table in the database; Create routing tables, IP tunnel tables, and private network next-hop tables based on the routing set table in the database. 8. The method of claim 1, further comprising: If the active and backup information of the target protection group is determined to be changed based on the BFD status corresponding to the SRV6 Policy candidate path, update the active and backup information of the target protection group in the protection group table based on the changed active and backup information, and maintain the protection group. The index on the target protection group in the table is unchanged. 9. A message forwarding device, characterized in that it is configured in a network-side edge device, and the message forwarding device includes: A target message receiving module, configured to receive a target message, where the target message includes: a target IP address and an instance identifier; A routing table query module is used to query the routing table according to the target IP address and the instance identifier to obtain the private network next hop table; The private network next-hop table query module is used to query the private network next-hop table to obtain the IP tunnel table and the target public network next-hop group table; The IP tunnel table query module is used to query the IP tunnel table and obtain the VPNSID and source IP address; The target public network next-hop group table query module is used to query the target public network next-hop group table to obtain the target switching identification; A target message update module, configured to update the target message according to the VPNSID, the source IP address and the target switching identifier, and obtain an updated target message; A message output module, configured to determine a target egress port according to the target switching identifier, and output the updated target message from the target egress port. 10. An electronic device, characterized in that the electronic device includes: at least one processor; and a memory communicatively connected to the at least one processor; wherein, The memory stores a computer program executable by the at least one processor, the computer program being executed by the at least one processor, so that the at least one processor can execute any one of claims 1-8 Described message forwarding method. 11. A computer-readable storage medium, characterized in that the computer-readable storage medium stores computer instructions, and the computer instructions are used to implement the method of any one of claims 1-8 when executed by a processor. Message forwarding method.