CN107547351B - Address allocation method and device - Google Patents
Address allocation method and device Download PDFInfo
- Publication number
- CN107547351B CN107547351B CN201710686367.7A CN201710686367A CN107547351B CN 107547351 B CN107547351 B CN 107547351B CN 201710686367 A CN201710686367 A CN 201710686367A CN 107547351 B CN107547351 B CN 107547351B
- Authority
- CN
- China
- Prior art keywords
- user
- address
- dhcp message
- controller
- area network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
The disclosure relates to an address allocation method and apparatus. Wherein, the method comprises the following steps: the controller receives a first DHCP message sent by gateway equipment through a VXLAN tunnel, wherein the first DHCP message carries the identity information of the user; the controller inquires whether a first IP address corresponding to the user is stored locally or not according to the identity information; and if the query result is yes, the controller replies a second DHCP message to the gateway device through the VXLAN tunnel, wherein the second DHCP message comprises the first IP address, and the second DHCP message is used for indicating the gateway device to allocate the first IP address to the user. The user can remotely access the specific area network through the user and can be allocated with the same IP address from the equipment access inside the specific area network, thereby being beneficial to ensuring the normal communication inside and outside the specific area network.
Description
Technical Field
The present disclosure relates to the field of communications technologies, and in particular, to an address allocation method and apparatus.
Background
VXLAN (Virtual eXtensible Local Area Network) is a two-layer VPN (Virtual Private Network) technology based on IP networks and in the form of "MAC in UDP" encapsulation. VXLAN may provide two-layer interconnection for distributed physical sites based on existing service provider or enterprise IP (Internet Protocol) networks, and may provide service isolation for different tenants.
VXLAN is used primarily in data center networks. VXLAN has the following characteristics:
a. support a large number of tenants: by using the 24-bit identifier, at most 24 power (16777216) VXLANs of 2 can be supported, so that the number of supported tenants is increased on a large scale, and the problem of insufficient resources of the traditional two-layer network VLAN is solved.
b. Easy maintenance: the two-layer network is built based on the IP network, so that the network deployment and maintenance are easier, and the existing IP network technology can be fully utilized, such as load sharing by utilizing equivalent routing. Only the edge device of the IP core network needs to carry out VXLAN processing, and the network intermediate device only needs to forward the message according to the IP header, thereby reducing the difficulty and the cost of network deployment.
The VXLAN technology takes an existing three-layer physical network as an Underlay network, and a virtual two-layer network, namely an Overlay network, is constructed on the Underlay network. The Overlay network realizes the transfer of the second-layer message of the tenant between different sites across a three-layer network by using a three-layer forwarding path provided by the Underlay network through a packaging technology. The Underlay network is transparent to the tenants, and different sites of the same tenant behave as if they are operating in one local area network.
Fig. 1 is a schematic diagram of a typical network model of VXLAN, which, as shown in fig. 1, includes the following parts:
VM (Virtual Machine): multiple virtual machines can be created on one server, and different virtual machines can belong to different VXLANs. Virtual machines belonging to the same VXLAN are in the same logic two-layer network and are communicated with each other in two layers. Two levels of isolation between virtual machines belonging to different VXLANs. VXLAN is identified by VXLAN ID, also known as VNI (VXLAN Network Identifier), which is 24 bits long.
VTEP (VXLAN Tunnel End Point ): edge device of VXLAN. The VXLAN processing is performed on the VTEP, for example, to identify the VXLAN to which the ethernet data frame belongs, to perform two-layer forwarding on the data frame based on the VXLAN, and to encapsulate/decapsulate the packet. The VTEP may be an independent physical device or a Server (Server) where the virtual machine is located.
VXLAN tunnel: a point-to-point logical tunnel between two VTEPs. After encapsulating a VXLAN header, a UDP (User Datagram Protocol) header, and an IP header for a data frame, the VTEP forwards the encapsulated packet to a remote VTEP through a VXLAN tunnel, and the remote VTEP decapsulates the packet.
Core equipment: devices in an IP core network. The core device does not participate in VXLAN processing, and only needs to forward the message in three layers according to the destination IP address of the encapsulated message.
VSI (Virtual Switch Instance): a virtual switching instance on the VTEP provides a two-layer switching service for VXLAN. The VSI can be viewed as a virtual switch on the VTEP that performs layer two forwarding based on VXLAN. The VSI has all the functions of a conventional ethernet switch including: source MAC address learning, MAC address aging, flooding, etc. VSIs correspond one-to-one to VXLANs.
For the user to access the VXLAN service dynamically, the most commonly used scheme at present is to acquire the IP address of the user through a DHCP (Dynamic host configuration Protocol) server. As shown in fig. 2, for a campus, user a performs authentication access after being authenticated on-line by portsec (port Security) inside the campus, and performs authentication access by SSLVPN (secure Socket Layer VPN) outside the campus. In both cases, the IP address is acquired by the DHCP server.
Fig. 2 is a diagram of a prior art implementation of VXLAN. As shown in fig. 2, subscriber a has dynamic access from inside the campus via VXLAN and from outside the campus via VPN. At present, the DHCP server can distribute IP addresses of different network segments for the two access modes, and the IP addresses are used for ensuring the intercommunication of the business inside and outside the park.
Disclosure of Invention
In view of this, the present disclosure provides an address allocation method and apparatus.
According to an aspect of the present disclosure, there is provided an address allocation method, including:
a controller receives a first DHCP message sent by gateway equipment through a virtual extensible local area network (VXLAN) tunnel, wherein the first DHCP message is sent by the gateway equipment when a user remotely accesses a specific area network through the gateway equipment, the first DHCP message carries identity information of the user, and the VXLAN tunnel is a tunnel between the controller and the gateway equipment;
the controller inquires whether a first IP address corresponding to the user is stored locally or not according to the identity information;
and if the query result is yes, the controller replies a second DHCP message to the gateway device through the VXLAN tunnel, wherein the second DHCP message comprises the first IP address, and the second DHCP message is used for indicating the gateway device to allocate the first IP address to the user.
According to another aspect of the present disclosure, there is provided an address allocation method including:
the method comprises the steps that a gateway device sends a first DHCP message to a controller through a VXLAN tunnel, wherein the first DHCP message is sent by the gateway device when a user remotely accesses a specific area network through the gateway device, the first DHCP message carries identity information of the user, and the VXLAN tunnel is a tunnel between the controller and the gateway device;
the gateway equipment receives a second DHCP message replied by the controller through the VXLAN tunnel, wherein the second DHCP message comprises an IP address corresponding to the user;
and the gateway equipment allocates the IP address corresponding to the user.
According to another aspect of the present disclosure, there is provided an address allocation apparatus including:
a first receiving module, configured to receive a first DHCP message sent by a gateway device through a virtual extensible local area network VXLAN tunnel, where the first DHCP message is sent by the gateway device when a user remotely accesses a specific area network through the first DHCP message, the first DHCP message carries identity information of the user, and the VXLAN tunnel is a tunnel between the controller and the gateway device;
the query module is used for querying whether a first IP address corresponding to the user is stored locally or not according to the identity information;
and the first sending module is configured to reply a second DHCP message to the gateway device through the VXLAN tunnel if the query result is yes, where the second DHCP message includes the first IP address, and the second DHCP message is used to instruct the gateway device to allocate the first IP address to the user.
According to another aspect of the present disclosure, there is provided an address allocation apparatus including:
a third sending module, configured to send a first DHCP message to a controller through a VXLAN tunnel, where the first DHCP message is sent by the gateway device when a user remotely accesses a specific area network through the third sending module, the first DHCP message carries identity information of the user, and the VXLAN tunnel is a tunnel between the controller and the gateway device;
a second receiving module, configured to receive, through the VXLAN tunnel, a second DHCP message replied by the controller, where the second DHCP message includes an IP address corresponding to the user;
and the first allocation module is used for allocating the IP address corresponding to the user.
Through the address allocation method and the address allocation device, a user can remotely access the specific area network through the user and can allocate the same IP address from the equipment access inside the specific area network, and normal communication inside and outside the specific area network is favorably ensured. Furthermore, the method is beneficial to binding the user with the IP address and migrating the access right of the user along with the IP address. In addition, the user IP and the security domain of the user do not need to be redistributed according to different access places of the user.
Other features and aspects of the present disclosure will become apparent from the following detailed description of exemplary embodiments, which proceeds with reference to the accompanying drawings.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate exemplary embodiments, features, and aspects of the disclosure and, together with the description, serve to explain the principles of the disclosure.
Fig. 1 is a schematic diagram of a typical network model of VXLAN.
Fig. 2 is a diagram of a prior art implementation of VXLAN.
Fig. 3 shows a flow chart of an address assignment method according to an embodiment of the present disclosure.
Fig. 4 shows another flowchart of an address assignment method according to an embodiment of the present disclosure.
Fig. 5 shows a flowchart of an address assignment method according to another embodiment of the present disclosure.
Fig. 6 illustrates another flowchart of an address assignment method according to another embodiment of the present disclosure.
Fig. 7 is a schematic diagram illustrating an application scenario in an address allocation method according to an embodiment of the present disclosure.
Fig. 8 illustrates a flow chart of an address assignment method according to another embodiment of the present disclosure.
Fig. 9 is a schematic structural diagram of an address assignment device according to an embodiment of the present disclosure.
Fig. 10 is a schematic structural diagram of an address allocation apparatus according to an embodiment of the present disclosure.
Fig. 11 is a schematic structural diagram of an address assignment device according to another embodiment of the present disclosure.
Fig. 12 is a schematic structural diagram of an address assignment device according to another embodiment of the present disclosure.
Detailed Description
Various exemplary embodiments, features and aspects of the present disclosure will be described in detail below with reference to the accompanying drawings. In the drawings, like reference numbers can indicate functionally identical or similar elements. While the various aspects of the embodiments are presented in drawings, the drawings are not necessarily drawn to scale unless specifically indicated.
The word "exemplary" is used exclusively herein to mean "serving as an example, embodiment, or illustration. Any embodiment described herein as "exemplary" is not necessarily to be construed as preferred or advantageous over other embodiments.
Furthermore, in the following detailed description, numerous specific details are set forth in order to provide a better understanding of the present disclosure. It will be understood by those skilled in the art that the present disclosure may be practiced without some of these specific details. In some instances, methods, means, elements and circuits that are well known to those skilled in the art have not been described in detail so as not to obscure the present disclosure.
In the implementation scheme of fig. 2, for EVPN (Ethernet VPN ) networking, if an IP address of a user accessing a specific area network (e.g. a campus) from outside and an IP address of the user accessing from inside belong to different IP addresses of the same network segment, since the SPINE device can only issue a network segment route, an external network route conflicts with an internal host route, and a problem of communication failure (e.g. communication failure in and out of the campus) occurs. For example, when the user a accesses the VPN GW, the IP address allocated to the user a by the DHCP server is 10.1.1.10. When the user A logs in from the LEAF equipment in the campus, the IP address which is allocated to the user by the DHCP server is 10.1.1.11. These two addresses belong to different IP addresses of the same network segment. The spin device will only select the 32-bit host internal route 10.1.1.11 for forwarding and will not select the 24-bit extranet route 10.1.1.10 for forwarding. This may prevent user a from communicating properly both on and off the campus.
In the embodiment of the disclosure, the DHCP server can allocate IP addresses according to users to ensure that the same user logs in through one IP address no matter inside or outside the campus, thereby ensuring normal communication of the user in and outside the campus.
Fig. 3 shows a flow chart of an address assignment method according to an embodiment of the present disclosure. As shown in fig. 3, the method may be applied to a controller, and the method may include:
301, a controller receives a first DHCP message sent by a gateway device through a VXLAN tunnel, where the first DHCP message is sent by the gateway device when a user remotely accesses a specific area network through the controller, the first DHCP message carries identity information of the user, and the VXLAN tunnel is a tunnel between the controller and the gateway device;
In the disclosed embodiment, the gateway device may be a VPN-enabled gateway device, such as the VPNGW in fig. 2.
In one possible implementation manner, as shown in fig. 4, in step 400, when the user accesses through a device in a specific area network, the DHCP server is requested to allocate an unused IP address to the user, and the controller takes the IP address allocated to the user accessing through the device in the specific area network as the first IP address and records a first corresponding relationship between the user and the first IP address.
Further, in step 401, a VXLAN tunnel may be established between the controller and the gateway device. Wherein, the VXLAN tunnel between the controller and the gateway device can enable the controller and the gateway device to directly communicate. And the VXLAN tunnel can be used as a special tunnel for initiating the local IP address query, after the controller receives the DHCP message from the VXLAN tunnel, the controller initiates the local query first, and whether the IP address corresponding to the user exists is searched locally in the controller.
And, a special VXLAN network identifier may be set on top of the spin device and the VPN GW. In a possible implementation manner, the first DHCP message further includes a VXLAN network identifier for indicating that the subscriber performs a VPN access service; the VXLAN network identifier is used for indicating the controller to distribute a first IP address which is locally stored and corresponds to the user for the user. After receiving the first DHCP message from the VXLAN tunnel, the controller acquires the special VXLAN network identifier from the first DHCP message, and may initiate local query first.
In a possible implementation manner, as shown in fig. 4, in step 402, if the query result in step 302 is negative, the controller requests the DHCP server to allocate an unused second IP address to the subscriber, and replies a third DHCP message to the gateway device through the VXLAN tunnel, where the third DHCP message includes the second IP address, and the third DHCP message is used to instruct the gateway device to allocate the second IP address to the subscriber.
In a possible implementation manner, the controller records a second corresponding relationship between the user and a second IP address, so that when the user accesses through a device in a specific area network, the controller can allocate the second IP address to the user according to the second corresponding relationship.
As shown in fig. 7, the devices in the specific area network may include a root device (spin device), a LEAF device (LEAF device), and the like. The spin device may also be referred to as a backbone device, a root node, or the like. LEAF devices may also be referred to as access devices, dynamic access points, LEAF nodes, and the like. In addition, the DHCP server may be a stand-alone device or may be integrated into the controller.
For example, when a user a first logs on from a device inside the campus, such as a LEAF device, the user accesses a controller (Director) through a spin device connected to the LEAF device. The Director can authenticate the user A and allocate an unused IP address to the authenticated user A through a DHCP protocol. And records a first correspondence between user a and the first IP address assigned thereto. For example, a first correspondence between the account information, login name, and the like of the user and the first IP address is recorded. And, a special VXLAN tunnel between Director and VPN GW can be established. For example, a VXLAN network identifier, such as VIN 65535, is set on top of the spin device and the VPNGW to indicate that the user is conducting VPN access services.
If the user a subsequently accesses the campus remotely by itself, for example, logs in from the VPN GW, the received VPN packet may be terminated after the VPN GW authenticates the user. Then, the VPN GW re-encapsulates the DHCP VXLAN encapsulation message (an example of the first DHCP message) based on the special VXLAN tunnel, which includes the VIN 65535. After receiving the message with the VIN 65535, the Director searches whether the first corresponding relationship of the user A is stored locally. And if so, acquiring a first IP address corresponding to the user A from the first corresponding relation of the user A.
If the Director locally stores the first IP address corresponding to the user a, the Director sends a DHCP offer message (an example of a second DHCP message) with the VIN 65535 and the first IP address corresponding to the user a to the VPN GW. If the Director does not have the first IP address corresponding to the user a locally, the Director requests the DHCP server to allocate an unused IP address (second IP address) to the user a. And then sends a DHCP offer message with the VIN 65535 and the second IP address to the VPN GW. After receiving the DHCP offer message, the VPN GW allocates the second IP address to the subscriber S.
In addition, the Director may also locally save the second corresponding relationship between the user a and the second IP address. Subsequently, if the user a logs on from the LEAF device in the campus, the controller may first locally search whether the second corresponding relationship of the user a is stored. If so, the controller allocates a second IP address corresponding to the user A through a DHCP supply message. If not, the controller requests the DHCP server to allocate an unused IP address for user A.
After the VPN GW may assign an IP address to the user, the VPN GW may issue a host address (or referred to as a host route) corresponding to the IP address to the spin device through a routing protocol. After receiving the host address, the spin device may issue the host address to each LEAF device via the EVPN. The LEAF device receiving the host address can directly generate a forwarding table entry corresponding to the host address, and the forwarding table entry points to the SPINE device. Wherein the VPN GW may set the migratable extended community attribute in the host address to 0 to represent the highest priority community attribute. After receiving the community attribute host address with the highest priority, the SPINE device issues the host address to each LEAF device through the EVPN.
If the LEAF device receiving the host address already has a forwarding table entry of the local IP address identical to the network segment of the host address, and the forwarding table entry does not point to the spin device, the route of the user can be synchronized on the LEAF device. Specifically, the local IP address on the LEAF device may be compared with the value of the migratable extended community attribute of the received host address, and the forwarding table entry of the address with the smaller value of the migratable extended community attribute in the two may be issued to the forwarding plane. If the values of the attributes of the migratable extended community are the same, the forwarding table entry of the address of the later LEAF device can be preferentially validated.
In this embodiment, setting the attribute of the migratable extended community in the host address is merely an example, and other ways may be used to generate the forwarding table entry. For example, if a forwarding table entry of a local IP address identical to the network segment of the host address already exists on the LEAF device receiving the host address, the forwarding table entry may be deleted, and then the received host address is used to regenerate the corresponding forwarding table entry.
According to the address allocation method, the user can remotely access the specific area network through the user and can allocate the same IP address from the equipment access inside the specific area network, and normal communication between the inside and the outside of the specific area network is guaranteed. Furthermore, the method is beneficial to binding the user with the IP address and migrating the access right of the user along with the IP address. The IP address of the user and the security domain of the user do not need to be redistributed according to different access places of the user.
Fig. 5 shows a flowchart of an address assignment method according to another embodiment of the present disclosure. As shown in fig. 5, the method may be applied to a gateway device, and the method may include:
In a possible implementation manner, the IP address corresponding to the user includes a first IP address or a second IP address; the first IP address is an IP address distributed for the user by the controller according to a first corresponding relation stored locally when the user remotely accesses a specific area network by the user; and the second IP address is an IP address which is not used and is allocated to the user by the controller requesting a DHCP server when the user remotely accesses a specific area network by the user.
In a possible implementation manner, the first DHCP message further includes a VXLAN network identifier for indicating that the subscriber performs a VPN access service; the VXLAN network identifier is used for indicating the controller to distribute a first IP address which is locally stored and corresponds to the user for the user.
As shown in fig. 6, in step 601, a gateway device issues an IP address allocated to the user to a first device in a particular area network, and the first device issues the IP address allocated to the user to each second device, so as to generate a forwarding table entry corresponding to the IP address allocated to the user on the second device.
For example, as shown in fig. 7, the gateway device issues an IP address allocated to the user a to a first device, for example, a spin device, through a routing protocol, and the spin device issues the IP address allocated to the user a to each LEAF device through an EVPN, so as to generate a forwarding table entry corresponding to the IP address allocated to the user a on the LEAF device. Wherein the gateway device may set the migratable extended community attribute in the IP address assigned for user a to the highest priority, e.g. to 0.
And if the forwarding table item of the local IP address (of the received host address) on the LEAF equipment, which is the same as the IP address allocated to the user A, does not point to the SPINE equipment, comparing the local IP address with the value of the attribute of the migratable extended community of the IP address allocated to the user. And sending the forwarding table entry of the address with the smaller value of the attribute of the migratable extended community to the forwarding plane. And if the values of the attributes of the migratable extended community are the same, the forwarding table entry of the address of the LEAF equipment is preferentially validated.
In addition, as shown in fig. 6, in step 602, when detecting that the user goes offline from the VPN, the gateway device instructs the first device to issue, to each second device, a BGP (border gateway protocol) routing message for revoking the EVPN synchronous route. As shown in fig. 7, after the VPN GW notifies the spin device that the user a goes offline, the spin device may issue a BGP routing message to all EVPN remote neighbors (e.g., LEAF devices connected to the spin device) to withdraw EVPN synchronous routing.
Fig. 7 is a schematic diagram illustrating an application scenario in an address allocation method according to an embodiment of the present disclosure. As shown in fig. 7, in the present disclosure, an interaction mechanism is newly added, and a terminating operation of access user authentication is performed on an access gateway device (i.e., VPN GW) of the SSLVPN. And meanwhile, the acquisition of the DHCP address is carried out at the local gateway. The SSLVPN and the Director (controller) are connected by establishing a special VXLAN tunnel, and can directly apply for an address from the DHCP server. If the login of the user A is done on the inside of the previous park, the login information of the user A exists on a Director (a controller). At this time, when the SSLVPN access user responds with the IP address logged in the campus and performs VXLAN encapsulation on the IP address at the same time, a special mark is made at the header of the DHCPVXLAN encapsulation message (for example, the VNI is set to 65535). When receiving the IP address in the DHCP VXLAN encapsulation message marked specially, the VPN GW sends a host route of the IP address to the internal network of the park through the EVPN protocol, and normal communication inside and outside the park is ensured.
Fig. 8 illustrates a flow chart of an address assignment method according to another embodiment of the present disclosure. As shown in fig. 8, in conjunction with fig. 7, the address allocation method may include:
in step 801, after the user a gets online inside the campus, the directory is accessed through a VXLAN dynamic access point (e.g. LEAF device), and an IP address, e.g. 100.1.1.2/32, is obtained from a DHCP server (which may be integrated in the directory). And meanwhile, the Director can record the corresponding relation between the user A and the IP address allocated to the user A.
After user a above the VPN GW assigns IP addresses 100.1.1.2/32 (also referred to as host addresses, host routes, etc.), step 805, the addresses 100.1.1.2/32 are issued to the spin device via a routing protocol. The address is also the IP address assigned by the Director to the VPN access user. So when the spin device receives the address, it issues the address (32-bit host route) directly through EVPN. Meanwhile, since the address is a route issued to the external network, the migratable extensible community attribute of the address may be set to 0 in the EVPN, which is the highest priority community attribute. The VPN GW may set the migratable extended community attribute of the address to 0, and then send the migratable extended community attribute to the spin device.
The address allocation method of the embodiment adds a function of dynamically accessing the VXLAN networking DHCP by the VPN user to acquire the IP address, and adds a function of binding the Director to the user and the allocated IP address. The method provides possibility for allocating the same IP address allocation when the same user accesses VXLAN networking in different modes. Therefore, under the condition that VXLAN/EVPN is dynamically accessed to the networking, the users can be distributed with the same IP address inside and outside the park, the binding of the users and the IP addresses is facilitated, and the access authority of the users can migrate along with the IP addresses. The user IP and the security domain of the user do not need to be redistributed according to different access places of the user. In the address allocation method of this embodiment, the spin device issues the IP address allocated to the VPN access user to the LEAF device through the EVPN, and adds a function of the EVPN to insert a host route to the EVPN for the VPN access user. In addition, in the address allocation method of this embodiment, the forwarding table entry of the local IP address that is the same as the received IP address is updated on the LEAF device, and a function of synchronizing the forwarding table entries of the VPN access user and the intranet that are the same as each other by the EVPN is added. Therefore, normal communication of the internal network and the external network of the VXLAN networking is guaranteed.
Fig. 9 is a schematic structural diagram of an address assignment device according to an embodiment of the present disclosure. As shown in fig. 9, the address assigning means may include:
a first receiving module 11, configured to receive a first DHCP message sent by a gateway device through a virtual extensible local area network VXLAN tunnel, where the first DHCP message is sent by the gateway device when a user remotely accesses a specific area network through the first DHCP message, the first DHCP message carries identity information of the user, and the VXLAN tunnel is a tunnel between the controller and the gateway device;
the query module 13 is configured to query whether a first IP address corresponding to the user is locally stored according to the identity information;
a first sending module 15, configured to reply a second DHCP message to the gateway device through the VXLAN tunnel if the query result is yes, where the second DHCP message includes the first IP address, and the second DHCP message is used to instruct the gateway device to allocate the first IP address to the user.
In one possible implementation, as shown in fig. 10, the apparatus may further include:
a second sending module 21, configured to, if the query result is negative, request a DHCP server to allocate an unused second IP address to the user, and reply a third DHCP message to the gateway device through the VXLAN tunnel, where the third DHCP message includes the second IP address, and the third DHCP message is used to instruct the gateway device to allocate the second IP address to the user, and record a second corresponding relationship between the user and the second IP address, so that when the user accesses through a device in a specific area network, the second IP address can be allocated to the user according to the second corresponding relationship.
In one possible implementation, as shown in fig. 10, the apparatus may further include:
a request module 22, configured to request the DHCP server to allocate an unused IP address to the subscriber when the subscriber accesses through a device in a particular area network;
a recording module 23, configured to use an IP address allocated to the user accessing through a device in a specific area network as the first IP address, and record a first corresponding relationship between the user and the first IP address.
In a possible implementation manner, the first DHCP message further includes a VXLAN network identifier for indicating that the subscriber performs a VPN access service; the VXLAN network identifier is used for indicating the controller to distribute a first IP address which is locally stored and corresponds to the user for the user.
Fig. 11 is a schematic structural diagram of an address assignment device according to another embodiment of the present disclosure. As shown in fig. 11, the address assigning means may include:
a third sending module 31, configured to send a first DHCP message to a controller through a VXLAN tunnel, where the first DHCP message is sent by the gateway device when a user remotely accesses a specific area network through the first DHCP message, the first DHCP message carries identity information of the user, and the VXLAN tunnel is a tunnel between the controller and the gateway device;
a second receiving module 33, configured to receive, through the VXLAN tunnel, a second DHCP message replied by the controller, where the second DHCP message includes an IP address corresponding to the user;
and the first allocating module 35 is configured to allocate the IP address corresponding to the user.
In a possible implementation manner, the IP address corresponding to the user includes a first IP address or a second IP address; the first IP address is an IP address distributed for the user by the controller according to a first corresponding relation stored locally when the user remotely accesses a specific area network by the user; and the second IP address is an IP address which is not used and is allocated to the user by the controller requesting a DHCP server when the user remotely accesses a specific area network by the user.
In one possible implementation, the VXLAN network identifier is used to instruct the controller to assign a first IP address corresponding to the user, which is locally stored, to the user.
In one possible implementation, as shown in fig. 12, the apparatus may further include:
a third receiving module 41, configured to receive a second DHCP message from the controller through the VXLAN tunnel, where the second DHCP message includes that the controller requests the DHCP server to allocate an unused IP address to the user when the user accesses through a device in a particular area network;
a second allocating module 43, configured to allocate the second IP address to the user.
In one possible implementation, as shown in fig. 12, the apparatus may further include:
an issuing module 45, configured to issue an IP address allocated to the user to a first device in a particular area network, and the first device issues the IP address allocated to the user to each second device, so as to generate a forwarding entry corresponding to the IP address allocated to the user on the second device.
In one possible implementation, as shown in fig. 12, the apparatus may further include:
a revoking module 49, configured to, when detecting that the user goes offline from the VPN, instruct the first device to issue, to each second device, a BGP routing message for revoking the EVPN synchronous routing.
With regard to the apparatuses in the above embodiments, the specific manner in which the respective modules perform operations has been described in detail in the embodiments related to the method, and will not be elaborated here.
By adopting the address allocation device of the embodiment of the disclosure, the same IP address can be allocated by the remote access of the device in the specific area network and the access of the device in the specific area network, which is beneficial to ensuring the normal communication between the inside and the outside of the specific area network. Furthermore, the method is beneficial to binding the user with the IP address and migrating the access right of the user along with the IP address. The IP address of the user and the security domain of the user do not need to be redistributed according to different access places of the user.
Having described embodiments of the present disclosure, the foregoing description is intended to be exemplary, not exhaustive, and not limited to the disclosed embodiments. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the described embodiments. The terms used herein were chosen in order to best explain the principles of the embodiments, the practical application, or technical improvements to the techniques in the marketplace, or to enable others of ordinary skill in the art to understand the embodiments disclosed herein.
Claims (16)
1. An address allocation method, comprising:
a controller receives a first DHCP message sent by gateway equipment through a virtual extensible local area network (VXLAN) tunnel, wherein the first DHCP message is sent by the gateway equipment when a user remotely accesses a specific area network through the gateway equipment, the first DHCP message carries identity information of the user, and the VXLAN tunnel is a tunnel between the controller and the gateway equipment;
the controller inquires whether a first IP address corresponding to the user is stored locally or not according to the identity information;
if the query result is yes, the controller replies a second DHCP message to the gateway device through the VXLAN tunnel, wherein the second DHCP message comprises the first IP address, and the second DHCP message is used for indicating the gateway device to allocate the first IP address to the user;
the first IP address is issued by the gateway device to a first device in a specific area network; and the first equipment issues the forwarding table to each second equipment so as to generate a forwarding table corresponding to the first IP address allocated to the user on the second equipment.
2. The method of claim 1, further comprising:
and under the condition that the query result is no, the controller requests a DHCP server to allocate an unused second IP address for the user, and replies a third DHCP message to the gateway device through the VXLAN tunnel, wherein the third DHCP message comprises the second IP address, and is used for indicating the gateway device to allocate the second IP address to the user, and recording a second corresponding relation between the user and the second IP address, so that when the user accesses through a device in a specific area network, the controller can allocate the second IP address to the user according to the second corresponding relation.
3. The method of claim 1, further comprising:
when the user accesses the network through the equipment in the specific area network, the controller requests a DHCP server to allocate an unused IP address to the user, the controller takes the IP address allocated to the user accessed through the equipment in the specific area network as the first IP address, and records a first corresponding relation between the user and the first IP address.
4. The method according to any one of claims 1 to 3,
the first DHCP message also comprises a VXLAN network identifier used for representing the VPN access service of the user;
the VXLAN network identifier is used for indicating the controller to distribute a first IP address which is locally stored and corresponds to the user for the user.
5. An address allocation method, comprising:
the method comprises the steps that a gateway device sends a first DHCP message to a controller through a VXLAN tunnel, wherein the first DHCP message is sent by the gateway device when a user remotely accesses a specific area network through the gateway device, the first DHCP message carries identity information of the user, and the VXLAN tunnel is a tunnel between the controller and the gateway device;
the gateway equipment receives a second DHCP message replied by the controller through the VXLAN tunnel, wherein the second DHCP message comprises an IP address corresponding to the user;
the gateway equipment allocates the IP address corresponding to the user;
the gateway device issues the IP address allocated to the user to a first device in a specific area network, and the first device issues the IP address allocated to the user to each second device, so as to generate a forwarding table entry corresponding to the IP address allocated to the user on the second device.
6. The method of claim 5, wherein the IP address corresponding to the user comprises a first IP address or a second IP address;
the first IP address is an IP address distributed for the user by the controller according to a first corresponding relation stored locally when the user remotely accesses a specific area network by the user;
and the second IP address is an IP address which is not used and is allocated to the user by the controller requesting a DHCP server when the user remotely accesses a specific area network by the user.
7. The method according to claim 5 or 6, wherein the first DHCP message further comprises VXLAN network identifier for indicating the user to perform VPN access service;
the VXLAN network identifier is used for indicating the controller to distribute a first IP address which is locally stored and corresponds to the user for the user.
8. The method of claim 5 or 6, further comprising:
and the gateway equipment indicates the first equipment to issue BGP routing information for canceling EVPN synchronous routing to each second equipment under the condition of detecting that the user is offline from the VPN.
9. An address assignment device, comprising:
the system comprises a first receiving module and a second receiving module, wherein the first receiving module is used for receiving a first DHCP message sent by gateway equipment through a VXLAN tunnel of a virtual extensible local area network, the first DHCP message is sent by the gateway equipment when a user remotely accesses a specific area network through the first receiving module, the first DHCP message carries identity information of the user, and the VXLAN tunnel is a tunnel between a controller and the gateway equipment;
the query module is used for querying whether a first IP address corresponding to the user is stored locally or not according to the identity information;
a first sending module, configured to reply a second DHCP message to the gateway device through the VXLAN tunnel if the query result is yes, where the second DHCP message includes the first IP address, and the second DHCP message is used to instruct the gateway device to allocate the first IP address to the user; the first IP address is issued by the gateway device to a first device in a specific area network; and the first equipment issues the forwarding table to each second equipment so as to generate a forwarding table corresponding to the first IP address allocated to the user on the second equipment.
10. The apparatus of claim 9, further comprising:
and a second sending module, configured to, if the query result is negative, request a DHCP server to allocate an unused second IP address to the user, and reply a third DHCP message to the gateway device through the VXLAN tunnel, where the third DHCP message includes the second IP address, and the third DHCP message is used to instruct the gateway device to allocate the second IP address to the user, and record a second correspondence between the user and the second IP address, so that when the user accesses through a device in a specific area network, the second IP address can be allocated to the user according to the second correspondence.
11. The apparatus of claim 9, further comprising:
the request module is used for requesting a DHCP server to allocate an unused IP address for the user under the condition that the user accesses through equipment in a specific area network;
and the recording module is used for taking the IP address distributed to the user accessed through the equipment in the specific area network as the first IP address and recording the first corresponding relation between the user and the first IP address.
12. The apparatus according to any one of claims 9 to 11,
the first DHCP message also comprises a VXLAN network identifier used for representing the VPN access service of the user;
the VXLAN network identifier is used for indicating the controller to distribute a first IP address which is locally stored and corresponds to the user for the user.
13. An address assignment device, comprising:
a third sending module, configured to send a first DHCP message to a controller through a VXLAN tunnel, where the first DHCP message is sent by a gateway device when a user remotely accesses a specific area network through the first DHCP message, the first DHCP message carries identity information of the user, and the VXLAN tunnel is a tunnel between the controller and the gateway device;
a second receiving module, configured to receive, through the VXLAN tunnel, a second DHCP message replied by the controller, where the second DHCP message includes an IP address corresponding to the user;
the first allocation module is used for allocating the IP address corresponding to the user;
the issuing module is configured to issue the IP address allocated to the user to a first device in a particular area network, and the first device issues the IP address allocated to the user to each second device, so as to generate a forwarding entry corresponding to the IP address allocated to the user on the second device.
14. The apparatus of claim 13, wherein the IP address corresponding to the user comprises a first IP address or a second IP address;
the first IP address is an IP address distributed for the user by the controller according to a first corresponding relation stored locally when the user remotely accesses a specific area network by the user;
and the second IP address is an IP address which is not used and is allocated to the user by the controller requesting a DHCP server when the user remotely accesses a specific area network by the user.
15. The apparatus according to claim 13 or 14, wherein the first DHCP message further includes a VXLAN network identifier for indicating that the subscriber performs VPN access service;
the VXLAN network identifier is used for indicating the controller to distribute a first IP address which is locally stored and corresponds to the user for the user.
16. The apparatus of claim 13 or 14, further comprising:
and the revocation module is used for indicating the first equipment to issue BGP routing information for revoking EVPN synchronous routing to each second equipment under the condition that the user is detected to be offline from the VPN.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710686367.7A CN107547351B (en) | 2017-08-11 | 2017-08-11 | Address allocation method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710686367.7A CN107547351B (en) | 2017-08-11 | 2017-08-11 | Address allocation method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107547351A CN107547351A (en) | 2018-01-05 |
| CN107547351B true CN107547351B (en) | 2020-07-07 |
Family
ID=60970259
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710686367.7A Active CN107547351B (en) | 2017-08-11 | 2017-08-11 | Address allocation method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107547351B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109921944B (en) * | 2019-03-21 | 2021-12-14 | 青岛铁木真软件技术有限公司 | Network boundary control method and device for industrial internet |
| CN110601881B (en) * | 2019-09-04 | 2021-10-22 | 厦门网宿有限公司 | Two-layer private network system, configuration method and equipment |
| CN115665033A (en) * | 2021-07-07 | 2023-01-31 | 中兴通讯股份有限公司 | Cross-device link aggregation message processing method, system, switch and storage medium |
| CN113595847B (en) * | 2021-07-21 | 2023-04-07 | 上海淇玥信息技术有限公司 | Remote access method, system, device and medium |
| CN113765904B (en) * | 2021-08-26 | 2023-03-31 | 新华三大数据技术有限公司 | Authentication method and device |
| CN113885307A (en) * | 2021-10-12 | 2022-01-04 | 广东安朴电力技术有限公司 | SVG parallel machine redundancy control method, SVG control method and SVG control system |
| CN117201135B (en) * | 2023-09-11 | 2024-06-21 | 合芯科技有限公司 | Service following method, device, computer equipment and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105592062A (en) * | 2015-10-28 | 2016-05-18 | 杭州华三通信技术有限公司 | Method and device for remaining IP address unchanged |
| CN105763671A (en) * | 2016-04-27 | 2016-07-13 | 杭州华三通信技术有限公司 | IP address distribution method and apparatus |
| CN106059888A (en) * | 2016-07-29 | 2016-10-26 | 浪潮(北京)电子信息产业有限公司 | IP (Internet Protocol) address assignment method and device based on open network operating system |
| CN106302861A (en) * | 2016-09-27 | 2017-01-04 | 杭州华三通信技术有限公司 | A kind of address distribution method and device |
| CN107094110A (en) * | 2017-04-19 | 2017-08-25 | 新华三技术有限公司 | A kind of DHCP message retransmission method and device |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9634934B2 (en) * | 2015-05-08 | 2017-04-25 | Cisco Technology, Inc. | Dynamic host configuration protocol relay in a multipod fabric |
-
2017
- 2017-08-11 CN CN201710686367.7A patent/CN107547351B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105592062A (en) * | 2015-10-28 | 2016-05-18 | 杭州华三通信技术有限公司 | Method and device for remaining IP address unchanged |
| CN105763671A (en) * | 2016-04-27 | 2016-07-13 | 杭州华三通信技术有限公司 | IP address distribution method and apparatus |
| CN106059888A (en) * | 2016-07-29 | 2016-10-26 | 浪潮(北京)电子信息产业有限公司 | IP (Internet Protocol) address assignment method and device based on open network operating system |
| CN106302861A (en) * | 2016-09-27 | 2017-01-04 | 杭州华三通信技术有限公司 | A kind of address distribution method and device |
| CN107094110A (en) * | 2017-04-19 | 2017-08-25 | 新华三技术有限公司 | A kind of DHCP message retransmission method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107547351A (en) | 2018-01-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107547351B (en) | Address allocation method and device | |
| JP6648308B2 (en) | Packet transmission | |
| US9485147B2 (en) | Method and device thereof for automatically finding and configuring virtual network | |
| EP2491684B1 (en) | Method and apparatus for transparent cloud computing with a virtualized network infrastructure | |
| US11895092B2 (en) | Network access controller operation | |
| CN106559292B (en) | Broadband access method and device | |
| EP3461072B1 (en) | Access control in a vxlan | |
| CN107241454B (en) | A kind of method, apparatus that realizing address administration, aaa server and SDN controller | |
| WO2018019299A1 (en) | Virtual broadband access method, controller, and system | |
| US12021699B2 (en) | Software defined access fabric without subnet restriction to a virtual network | |
| CN103379010A (en) | Virtual network achieving method and system | |
| EP3108643B1 (en) | Ipoe dual-stack subscriber for routed residential gateway configuration | |
| JP2008193231A (en) | Terminal belonging switching system | |
| CN114556868B (en) | Private subnetworks for virtual private network VPN clients | |
| WO2015196755A1 (en) | Address allocation method in subscriber identifier and locator separation network, and access service router | |
| US20230283589A1 (en) | Synchronizing dynamic host configuration protocol snoop information | |
| EP3108642B1 (en) | Ipoe dual-stack subscriber for bridged residential gateway configuration | |
| CN113438333B (en) | Network address allocation method, device and equipment | |
| JP2004312482A (en) | Network system, method and program for setting in-network identifier, access identification information management device, its program, network connecting point, and record medium | |
| CN102480403A (en) | Method, equipment and system for providing virtual private network service | |
| CN108123943B (en) | Information verification method and device | |
| CN108306807B (en) | Account opening management method and device | |
| US20230006998A1 (en) | Management of private networks over multiple local networks | |
| CN113328942B (en) | Configuration issuing method and device and computer equipment | |
| US7912072B1 (en) | Communication with a remote device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |