阅读说明：本技术 一种报文转发方法及设备 (Message forwarding method and device ) 是由 肖冰 王琮 于 2021-08-05 设计创作，主要内容包括：本申请提供一种报文转发方法及设备。该方法包括：为接收的ARP请求报文所属VXLAN的硬件MAC地址表学习硬件MAC地址表项；为ARP请求报文所属的VXLAN的软件地址解析协议ARP表学习软件ARP表项；基于VXLAN的网关MAC地址生成ARP代理响应报文；生成同步ARP请求报文的发送端IP地址的第一BGP EVPN路由；将软件ARP表项同步为VXLAN的硬件ARP表的硬件ARP表项；根据学习的硬件MAC地址表项的出端口发送ARP代理响应报文；向VXLAN关联的三层虚拟局域专用网VPN实例内每个对端VTEP发送生成的BGP EVPN路由。(The application provides a message forwarding method and device. The method comprises the following steps: learning a hardware MAC address table item for a hardware MAC address table of VXLAN to which a received ARP request message belongs; learning a software Address Resolution Protocol (ARP) table item for a software ARP table of a VXLAN to which the ARP request message belongs; generating an ARP proxy response message based on a gateway MAC address of the VXLAN; generating a first BGP EVPN route of a transmitting end IP address of the synchronous ARP request message; synchronizing the software ARP table entries into hardware ARP table entries of a hardware ARP table of the VXLAN; an ARP proxy response message is sent according to an output port of a learned hardware MAC address table item; the generated BGP EVPN route is sent to each peer VTEP within the three-tier virtual local area private network VPN instance associated with the VXLAN.)

1. A message forwarding method is characterized in that the method comprises the following steps:

determining a VXLAN to which the received first Ethernet data message belongs;

determining that a destination MAC address of the first Ethernet data message is a gateway MAC address of the VXLAN;

in the hardware ARP table of the VXLAN, a hardware ARP table item matching the target IP address of the first Ethernet data message is not found;

if a hardware routing table item matching the destination IP address of the first Ethernet data message is not found in the hardware routing table of the three-layer virtual private network VPN example associated with the VXLAN, generating an ARP request message requesting the destination IP address of the first Ethernet data message;

and encapsulating the generated ARP request message based on a VXLAN tunnel of each opposite end VTEP in a three-layer virtual local area private network VPN example associated with the VXLAN, and sending the ARP request message encapsulated by the VXLAN to each opposite end VTEP.

2. The method of claim 1, further comprising:

determining that the received second Ethernet data message belongs to the VXLAN;

determining that the destination MAC address of the second Ethernet data message is the VXLAN gateway MAC address;

determining that a matching hardware ARP table item of the destination IP address of the second Ethernet data message is searched in a hardware APR table of the VXLAN;

and replacing the target MAC address of the second Ethernet message with the MAC address of the matched hardware ARP table entry, and sending the second Ethernet data message through the output port of the matched hardware ARP table entry.

3. The method of claim 1, further comprising:

determining that the received third Ethernet data message belongs to the VXLAN;

determining that a destination MAC address of the third Ethernet data message is a gateway MAC address of the VXLAN;

determining that a hardware ARP table entry matching the destination IP address of the third Ethernet data message is not found in the hardware ARP table of the VXLAN;

determining a matching hardware routing table item of the destination IP address of the third Ethernet data message in a hardware routing table of a three-layer virtual private network VPN example associated with the VXLAN;

packaging the third Ethernet data message into a VXLAN data message according to the VXLAN tunnel matched with the hardware routing table entry;

and sending the VXLAN data message according to the output port of the VXLAN tunnel.

4. The method of claim 1, wherein prior to determining that the received first ethernet data message belongs to VXLAN, the method further comprises:

learning a hardware MAC address table item for a hardware MAC address table of the VXLAN to which the received ARP request message belongs;

learning a software Address Resolution Protocol (ARP) table item for a software ARP table of the VXLAN to which the received ARP request message belongs;

generating an ARP proxy response message based on the gateway MAC address of the VXLAN; generating a first BGP EVPN route for synchronizing the IP address of the transmitting end of the received ARP request message;

synchronizing the software ARP table entry into a hardware ARP table entry of a hardware ARP table of the VXLAN;

sending the ARP proxy response message according to the output port of the learned hardware MAC address table item;

and sending the generated BGP EVPN route to each opposite end VTEP in the three-layer virtual local area private network VPN example associated with the VXLAN.

5. The method of claim 1, wherein prior to determining that the received first ethernet data message belongs to VXLAN, the method further comprises:

generating a software host routing table entry in a software routing table of the three-layer VPN instance based on a received remote IP address carried by a second BGP EVPN route; wherein VXLAN tunnel connection corresponding to the far-end IP address sends the opposite end VTEP of the second BGP EVPN route;

synchronizing the software host routing table entries to host routing table entries of a hardware routing table of the three-layer VPN instance.

6. The method of claim 1, wherein prior to determining that the received first ethernet data message belongs to VXLAN, the method further comprises:

receiving an ARP request message packaged by VXLAN;

releasing VXLAN encapsulation, and broadcasting an unpackaged ARP request message in a virtual local area network associated with the VXLAN;

receiving an ARP response message;

learning the hardware MAC address table item of the ARP response message for the hardware MAC address table;

learning the software ARP table entry of the ARP response message for the VXLAN software ARP table;

generating a third BGP EVPN route for synchronizing the IP address of the transmitting end of the ARP response message;

synchronizing the software ARP table entry into a hardware ARP table entry of the hardware ARP table;

and sending the generated third BGP EVPN route to each opposite-end VTEP.

7. A message forwarding device, the device comprising:

the hardware receiving module is used for receiving the first Ethernet data message;

a hardware two-layer switching module, configured to determine a VXLAN to which the first ethernet data packet belongs; determining that a destination MAC address of the first Ethernet data message is a gateway MAC address of the VXLAN;

a hardware three-layer switching module, which does not find a hardware ARP table item matching the target IP address of the first Ethernet data message in the hardware ARP table of the VXLAN; if a hardware routing table item matching the destination IP address of the first Ethernet data message is not found in the hardware routing table of the three-layer virtual private network VPN example associated with the VXLAN, generating an ARP request message requesting the destination IP address of the first Ethernet data message; and encapsulating the generated ARP request message based on a VXLAN tunnel of each opposite end VTEP in a three-layer virtual local area private network VPN example associated with the VXLAN, and sending the ARP request message encapsulated by the VXLAN to each opposite end VTEP.

8. The apparatus of claim 7,

the hardware receiving module is further configured to receive a second ethernet data packet;

the hardware two-layer switching module is configured to determine that the received second ethernet data packet belongs to the VXLAN; determining that a destination MAC address of the second Ethernet data packet is the gateway MAC address;

the hardware three-layer switching module is configured to find a matching hardware ARP entry of the destination IP address of the second ethernet data packet in the hardware APR table of the VXLAN; replacing the target MAC address of the second Ethernet message with the MAC address of the matched hardware ARP table entry; and sending the first Ethernet data message through an output port of the matched hardware ARP table entry.

9. The apparatus of claim 7,

the hardware receiving module is used for receiving a third Ethernet data message;

the hardware two-layer switching module is configured to determine that the third ethernet data packet belongs to the VXLAN; determining that a destination MAC address of the third Ethernet data message is a gateway MAC address of the VXLAN;

the hardware three-layer switching module is used for determining that a hardware ARP table entry matching the destination IP address of the third Ethernet data message is not found in a hardware ARP table of the VXLAN; determining a matching hardware routing table item of the destination IP address of the third Ethernet data message in a hardware routing table of a three-layer virtual private network VPN example associated with the VXLAN; packaging the third Ethernet data message into a VXLAN data message according to the VXLAN tunnel matched with the hardware routing table entry; and sending the VXLAN data message according to the output port of the VXLAN tunnel.

10. The apparatus of claim 7, further comprising: a software forwarding control module;

the hardware receiving module is used for receiving the ARP request message

The hardware two-layer switching module is used for learning a hardware MAC address table item for a hardware MAC address table of a VXLAN to which the ARP request message belongs and sending the ARP request message to the software forwarding control module;

the software forwarding control module learns software ARP table items for a software ARP table of the VXLAN to which the ARP request message belongs; generating an ARP proxy response message based on the gateway MAC address of the VXLAN; generating a first BGP EVPN route for synchronizing the IP address of the sending end of the ARP request message; synchronizing the software ARP table entry to a hardware ARP table entry of the hardware ARP table of the VXLAN of the hardware three-layer switching module;

the hardware two-layer exchange module sends the ARP proxy response message according to the output port of the learned hardware MAC address table item;

the hardware three-layer switching module sends the generated BGP EVPN route to each opposite end VTEP in the three-layer virtual local area private network VPN example associated with the VXLAN.

11. The apparatus of claim 10,

the hardware receiving module is further used for receiving a second BGP EVPN route;

the hardware three-layer switching module is further configured to send the second BGP EVPN route to the software forwarding control module;

the software forwarding control module is configured to generate a software host routing table entry in a software routing table of the three-layer VPN instance based on a remote IP address carried by the second BGP EVPN route; wherein VXLAN tunnel connection corresponding to the far-end IP address sends the opposite end VTEP of the second BGP EVPN route; synchronizing the software host routing table entry to a host routing table entry of a hardware routing table of the three-layer VPN instance of the hardware three-layer switching module.

12. The apparatus of claim 10,

the hardware receiving module is used for receiving an ARP request message packaged by VXLAN and receiving an ARP response message;

the hardware two-layer forwarding module is used for removing VXLAN encapsulation from the ARP request message encapsulated by VXLAN, and broadcasting the de-encapsulated ARP request message in a virtual local area network associated with the VXLAN; learning the hardware MAC address table item of the ARP response message for the hardware MAC address table, and sending the ARP response message to the software forwarding module;

the software forwarding module is used for learning the software ARP table entry of the ARP response message for the software ARP table of the VXLAN; generating a third BGP EVPN route for synchronizing the IP address of the transmitting end of the ARP response message; synchronizing the software ARP table entry into a hardware ARP table entry of a hardware ARP table of the VXLAN;

and the hardware three-layer forwarding module sends the generated third BGP EVPN route to each opposite-end VTEP.

Technical Field

The present application relates to communications technologies, and in particular, to an ethernet virtual network switching technology, and in particular, to a method and an apparatus for forwarding a packet.

Background

EVPN (Ethernet Virtual Private Network) is a two-layer Network interconnection technology based on Overlay technology. The EVPN adopts MP-BGP protocol to announce information of reachability, multicast and the like of MAC/IP. EVPN defines a common control plane (control plane) and the data plane (data plane) may use different encapsulation technologies. In the EVPN VXLAN Network, the control layer uses EVPN technology, and the data layer uses VXLAN (Virtual Extended Local Area Network) encapsulation technology.

In EVPN VXLAN networks, each VXLAN Network is also referred to as an EVPN instance, and each VXLAN Network is identified by a VXLAN ID, also known as a VNI (VXLAN Network Identifier). User terminals in different VXLAN networks cannot interwork in two layers. Each VTEP (VXLAN Tunnel End Point ) provides a Virtual Switch Instance VSI (Virtual Switch Instance) of the two-layer switching service for each VXLAN, and the VSI corresponds to VXLAN one-to-one. Different VXLAN networks of the same routing domain are in the same logical three-layer Network, belonging to a VPN (Virtual Private Network) instance identified by a L3 VNI. The different VPN instances are isolated from each other, thereby ensuring isolation between the traffic of the different VPN instances.

Fig. 1 is a schematic diagram of an EVPN VXLAN network; in the existing ARP suppression scheme, VTEP1 establishes an ARP suppression table entry according to a received ARP request message, floods the ARP request message in VXLAN and synchronizes the ARP suppression table entry to VTEP2 and VTEP3 through BGP EVPN. VTEP2 and VTEP3 receive ARP request message that the VXLAN capsulates flooding in VXLAN network, relieve VXLAN and capsulate, broadcast ARP request message in VXLAN's local VLAN. When receiving the ARP response message, VTEP2 establishes ARP suppression list item, sends ARP response to VTEP1 through VXLAN tunnel connected with VTEP1, and synchronizes the ARP suppression list item generated by the device to VTEP1 and VTEP3 through BGP EVPN. The VTEP1 removes the VXLAN message encapsulation of the received VXLAN ARP response message, generates an ARP suppression table item according to the ARP response message and forwards the ARP suppression table item according to the target MAC address. After receiving the ARP request message requesting the same IP address, VTEP1 can proxy the ARP response message according to the local ARP suppression table entry, and does not flood the ARP request in VXLAN. When the number of user terminals accessed to the data center is increased, the number of ARP suppression table entries stored by the VTEP equipment is increased, and hardware table entry resources of an exchange chip of the VTEP equipment are greatly occupied.

Disclosure of Invention

The application aims to provide a message forwarding method and device, which can avoid flooding of ARP request messages in an EVPN VXLAN network and save table entry storage resources.

In order to achieve the above object, the present application provides a packet forwarding method, including: determining a VXLAN to which the received first Ethernet data message belongs; determining that a destination MAC address of the first Ethernet data message is a gateway MAC address of VXLAN; in a hardware ARP table of the VXLAN, a hardware ARP table item matching the target IP address of the first Ethernet data message is not found; in a hardware routing table of a three-layer virtual private network VPN example associated with the VXLAN, a hardware routing table item matching a destination IP address of the first Ethernet data message is not found; generating an ARP request message for requesting a destination IP address of the first Ethernet data message; and sending the ARP request message packaged by the VXLAN to each opposite-end VTEP based on the ARP request message generated by the VXLAN tunnel packaging of each opposite-end VTEP in the three-layer virtual local area private network VPN example associated with the connection of the VXLAN.

In order to achieve the above object, the present application further provides a message forwarding device, including: the hardware receiving module is used for receiving the first Ethernet IP data message; the hardware two-layer switching module is used for determining a VXLAN to which the first Ethernet data message belongs; determining that a destination MAC address of the first Ethernet data message is a gateway MAC address of VXLAN; the hardware three-layer switching module is used for not finding a hardware ARP table item matched with the target IP address of the first Ethernet data message in a hardware ARP table of the VXLAN; in a hardware routing table of a three-layer virtual private network VPN example associated with the VXLAN, a hardware routing table item matching a destination IP address of the first Ethernet data message is not found; generating an ARP request message for requesting a destination IP address of the first Ethernet data message; and sending the ARP request message packaged by the VXLAN to each opposite-end VTEP based on the ARP request message generated by the VXLAN tunnel packaging of each opposite-end VTEP in the three-layer virtual local area private network VPN example associated with the connection of the VXLAN.

The method has the advantages that the CPU of all ARP messages from the terminal of the VTEP equipment serving as the gateway of the EVPN VXLAN network does not perform hard switching, the messages are responded by the gateway local agent and terminated locally, only when the message forwarding cannot find the table item matched with the target IP address, the ARP request message is flooded in the VXLAN network, and the ARP inhibition table item does not need to be learned, so that the bandwidth occupation caused by flooding the ARP request message in the VXLAN network is reduced, and the hardware table item storage resources of the gateway equipment are saved. Because the VXLAN gateway MAC for each VTEP is the same, the terminal does not perceive the change in the gateway when migrating between VTEPs.

Drawings

Fig. 1 is a schematic diagram of a typical EVPN VXLAN network architecture;

fig. 2 is a flowchart of an embodiment of a message forwarding method according to the present application;

fig. 3 is a schematic diagram of a proxy arp request provided in an embodiment of the present application;

fig. 4 is a schematic diagram of a message forwarding device according to the present application.

Detailed Description

A detailed description will be given of a number of examples shown in a number of figures. In the following detailed description, numerous specific details are set forth in order to provide a thorough understanding of the present application. Well-known methods, procedures, components and circuits have not been described in detail so as not to obscure the examples.

The term "including" as that term is used is meant to include, but is not limited to; the term "comprising" means including but not limited to; the terms "above," "within," and "below" include the instant numbers; the terms "greater than" and "less than" mean that the number is not included. The term "based on" means based on at least a portion thereof.

Fig. 1 shows a message forwarding method provided in the present application, where the method includes:

step 101, determining a VXLAN to which a received Ethernet data message belongs;

step 102, determining that the destination MAC address of the Ethernet data message is the gateway MAC address of VXLAN;

103, not finding a hardware ARP table item matched with the destination IP address of the Ethernet data message in a hardware ARP table of the VXLAN;

step 104, hardware routing table items matching the destination IP address of the Ethernet data message are not found in the hardware routing table of the three-layer virtual private network VPN example associated with the VXLAN;

step 105, generating an ARP request message for requesting a destination IP address of the Ethernet data message;

step 106, an ARP request message generated by encapsulating a VXLAN tunnel of each opposite terminal VTEP in a three-layer virtual local area private network VPN instance associated with the connection VXLAN;

and step 107, sending the ARP request message encapsulated by VXLAN to each opposite-end VTEP.

The method has the advantages that the VTEP device serving as the gateway of the EVPN VXLAN network triggers FIB MISS to flood an ARP request message in the VXLAN network by the IP message only when the ARP table entry learned locally and the ARP table entry synchronized remotely do not find a matched ARP table entry, the ARP message from the terminal is responded by a VSI gateway local agent, the CPU is started and does not rotate hard, the network is not flooded in the VXLAN, the ARP suppression table entry does not need to be learned, the bandwidth occupation caused by the flooded ARP request message in the VXLAN network is reduced, and the hardware table entry storage resources of the gateway device are saved.

Fig. 3 is a schematic diagram of a proxy address resolution protocol request according to an embodiment of the present application. In fig. 3, in the EVPN VXLAN network, VTEP1, VTEP2, and VTEP3 are located in the same VXLAN, and VXLAN is associated with other VXLAN networks in the same three-layer VPN example. The VTEP1 is connected with the VTEP2 through a VXLAN tunnel 1; the VTEP2 is connected with the VTEP3 through a VXLAN tunnel 2; VTEP1 and VTEP3 are connected by VXLAN tunnel 3. The gateway virtual interface MAC addresses within VXLAN a configured by VTEP1, VTEP2, VTEP3 are all MAC as, i.e., distributed gateways.

Before the terminal 311 communicates with the terminal 321, determining that the terminal 321 belongs to the same VLAN based on the IP address of the terminal 321, and sending an ARP request message 30 to request the MAC address of the terminal 321; wherein, the IP address of the sending end is IP311, and the MAC address of the sending end is MAC 311; the destination IP address is IP 321.

When receiving the ARP request message 301 from the terminal 311, the VTEP1 identifies ESI according to the received port and/or VLAN, and determines that the received ARP request message belongs to VXLAN a according to VXLAN a bound by the identified ESI.

VTEP1 learns hardware MAC address table entries in the hardware MAC address table of VXLAN a (i.e., the MAC address table where the switch chip performs layer two forwarding) based on the source MAC address and receiving port of the ARP request message.

Different from the prior art, the VTEP1 does not perform hardware forwarding on the received ARP request message, terminates the ARP message at the VTEP, and generates an ARP proxy message through software. The VTEP1 learns the software ARP entry in the software ARP table of VXLAN a, i.e. records the requester IP address and the requester MAC address of the ARP request message in the software ARP entry. The VTEP1 generates an ARP proxy response message 302 based on the gateway MAC address MAC 10 of VXLAN a, i.e. the sending end IP address is IP321 and the sending end MAC address is MAC a; the destination IP address is IP311 and the destination MAC address is MAC 311. VTEP1 generates BGP EVPN routes 303 that synchronize the sender IP address IP311 of ARP request message 301. In this embodiment, a BGP EVPN route of two types using a synchronous MAC address/IP address is used.

VTEP1 synchronizes the software ARP table entries to hardware ARP table entries, and sends ARP response messages 302 according to the egress ports in the hardware MAC address table. VTEP1 sends BGP EVPN routes 303 to the other peers VTEP2 and VTEP3 in the VPN example.

VTEP2 and VTEP3 each receive BGP EVPN route 303 and acquire a three-layer VPN instance from BGP EVPN, VTEP2 records VXLAN tunnel 2, to which host route IP311 is connected to VTEP1, in a routing table of the VPN instance, and VTEP3 records VXLAN tunnel 3, to which host route IP311 is connected to VTEP1, in a routing table of the VPN instance.

As can be seen from fig. 3, the ARP suppression table entry is not required in the present application to suppress flooding of the ARP request packet in the VXLAN network, thereby reducing occupation of hardware forwarding table entries.

Since the ARP response message received by the terminal 311 is sent by the VTEP1 based on the gateway MAC address of VXLAN a, the terminal 311 sends an ethernet data message to the terminal 321, where the destination MAC address is MAC a.

When receiving the ethernet data message from the terminal 311, the VTEP1 identifies ESI, and determines that the received ethernet data message belongs to VXLAN a according to VXLAN bound by the identified ESI.

The VTEP1 determines that the destination MAC address of the Ethernet message is MAC A, searches for a hardware ARP table item according to the destination IP31n address, determines that a matched ARP table item is not found, and searches for a host routing table item matched with the destination IP address in a three-layer routing table of a VPN example associated with VXLAN A.

The VTEP1 determines that a host routing table item matched with the IP321 of the destination IP address is not found, FIB MISS is generated, the CPU generates an ARP request message after receiving the ARP request message, copies one ARP request message for each ESI in the local VLAN, copies one ARP request message for a VXLAN tunnel 1 connected with a VTEP2 in a VPN instance and a VXLAN tunnel 3 connected with a VTEP3 respectively, encapsulates the generated ARP request message of the VXLAN tunnel of each opposite-end VTEP, and sends the ARP request message encapsulated by the VXLAN to each opposite-end VTEP.

The VTEP2 and VTEP3 receive the ARP request message encapsulated by VXLAN, and broadcast the decapsulated ARP request message in VLAN. After receiving the ARP request message, the terminal 321 sends an ARP response message. VTEP2 receives ARP response message; learning the hardware MAC address table item of each ARP response message for the hardware MAC address table; the switching chip does not forward the message, and the switching chip sends the message to the CPU to learn the software ARP table entry of each ARP response message for the software ARP table, and updates the software and hardware ARP table entries. The VTEP2 generates BGP EVPN routes for synchronizing the IP addresses of the sending ends of the received ARP response packets, and the VTEP2 sends the generated BGP EVPN routes to the VTEPs 1 and 3 at the opposite ends, respectively.

VTEP1 and VTEP3 each receive BGP EVPN route 303 and acquire a three-layer VPN instance from BGP EVPN, VTEP1 records VXLAN tunnel 1, to which host route IP321 is connected to VTEP2, in a routing table of the VPN instance, and VTEP3 records VXLAN tunnel 2, to which host route IP321 is connected to VTEP1, in a routing table of the VPN instance.

The VTEP1 performs VXLAN encapsulation on the received ethernet packet according to VXLAN tunnel 1 connected to VTEP2 and recorded in the routing table of the VPN instance as host route IP321, and sends the ethernet packet to VTEP2 through VXLAN tunnel 1 connected to VTEP 2. The VTEP2 receives the data packet encapsulated by VXLAN, removes VXLAN encapsulation, determines that the inner layer ethernet MAC address is the gateway MAC address, performs three-layer forwarding, re-encapsulates the inner layer ethernet packet according to the learned hardware ARP entry, and then sends the re-encapsulated ethernet packet to the terminal 321.

Then, the terminal 31n may request the MAC of the terminal 311 according to the method shown in fig. 3, and the processing method of the VTEP1 receiving the ARP request message from the terminal 31n is the same as the processing method of receiving the ARP request message from the terminal 311, which is not described in detail herein.

Thus, the hardware MAC address table entries of MAC311 and MAC31n have been learned from the hardware MAC address table of VXLAN a in VTEP 1; the hardware ARP entry of VXLAN a has synchronized hardware ARP address entries of IP311 and IP31 n. The host routes for IP321 are recorded in the routing table of the VPN example of VTEP 1.

The hardware MAC address table entry for MAC321 has been learned from the hardware MAC address table for VXLAN a in VTEP 2; the hardware ARP entry for VXLAN a has synchronized the IP321 hardware ARP address entry. Host routing table entries for IP311, IP31n have been recorded in the routing table of the VPN instance of VTEP 2.

Host routing table entries for IP311, IP31n, and IP321 have been recorded in the routing table of the VPN instance of VTEP 3.

When terminal 311 sends an ethernet datagram to terminal 31 n. When receiving the ethernet data message from the terminal 311, the VTEP1 identifies ESI, and determines that the received ethernet data message belongs to VXLAN a according to VXLAN bound by the identified ESI.

VTEP1 determines that the destination MAC address of the ethernet packet is MAC 10, finds a matching hardware ARP entry for destination IP address IP31n in the hardware ARP table of VXLAN a according to destination IP31 n. The VTEP1 modifies the destination MAC address of the ethernet datagram to match the MAC address MAC31n in the hardware ARP entry, and sends the ethernet datagram to the terminal 31n through the egress port of the matching hardware ARP entry.

The VXLAN gateway MAC addresses of VTEP1, VTEP2 and VTEP3 are MAC A, so that the terminal can not sense the change of the gateway when migrating among VTEPs;

fig. 4 is a schematic diagram of a message forwarding device according to the present application. The apparatus 40 comprises: network interface, exchange chip, CPU and memory. The switching chip at least comprises a hardware receiving module, a hardware two-layer switching module and a hardware three-layer forwarding module. The processor executes the software forwarding module by executing processor-executable instructions in the memory. The hardware receiving module is used for receiving the first Ethernet data message; the hardware two-layer switching module is used for determining a VXLAN to which the first Ethernet data message belongs; determining that a destination MAC address of the first Ethernet data message is a gateway MAC address of VXLAN; the hardware three-layer switching module is used for not finding a hardware ARP table item matched with the target IP address of the first Ethernet data message in a hardware ARP table of the VXLAN; in a hardware routing table of a three-layer virtual private network VPN example associated with the VXLAN, a hardware routing table item matching a destination IP address of the first Ethernet data message is not found; generating an ARP request message for requesting a destination IP address of the first Ethernet data message; and sending the ARP request message packaged by the VXLAN to each opposite-end VTEP based on the ARP request message generated by the VXLAN tunnel packaging of each opposite-end VTEP in the three-layer virtual local area private network VPN example associated with the connection of the VXLAN.

The hardware receiving module is also used for receiving a second Ethernet data message; the hardware two-layer switching module is used for determining that the received second Ethernet data message belongs to VXLAN; determining that the destination MAC address of the second Ethernet data message is a gateway MAC address; the hardware three-layer switching module is used for determining that a matching hardware ARP table item of the target IP address of the second Ethernet data message is searched in a hardware APR table of the VXLAN; replacing the target MAC address of the second Ethernet message with the MAC address matched with the hardware ARP table entry; and sending a first Ethernet data message through an output port matched with the hardware ARP table entry.

The hardware receiving module is used for receiving a third Ethernet data message; the hardware two-layer switching module is used for determining that the third Ethernet data message belongs to VXLAN; determining that the destination MAC address of the third Ethernet data message is the gateway MAC address of VXLAN; the hardware three-layer switching module is used for determining that a hardware ARP table item matching the target IP address of the third Ethernet data message is not found in a hardware ARP table of the VXLAN; determining a hardware routing table item matched with a destination IP address of the third Ethernet data message in a hardware routing table of a three-layer virtual private network VPN example associated with the VXLAN; packaging the third Ethernet data message into a VXLAN data message according to the VXLAN tunnel matched with the hardware routing table entry; and sending the VXLAN data message according to the output port of the VXLAN tunnel.

A software forwarding control module; the hardware receiving module is used for receiving the ARP request message; the hardware two-layer switching module is used for learning hardware MAC address table items for a hardware MAC address table of VXLAN to which the ARP request message belongs and sending the ARP request message to the software forwarding control module; the software forwarding control module learns software ARP table items for a software ARP table of a VXLAN to which the ARP request message belongs; generating an ARP proxy response message based on a gateway MAC address of the VXLAN; generating a first BGP EVPN route of a transmitting end IP address of the synchronous ARP request message; synchronizing the software ARP table entry to a hardware ARP table entry of a hardware ARP table of a VXLAN of the hardware three-layer switching module; the hardware two-layer exchange module sends an ARP proxy response message according to the output port of the learned hardware MAC address table entry; and the hardware three-layer switching module is used for sending the generated BGP EVPN route to each opposite end VTEP in a three-layer virtual local area private network VPN example associated with the VXLAN.

The hardware receiving module is also used for receiving a second BGP EVPN route; the hardware three-layer switching module is also used for sending the second BGP EVPN route to the software forwarding control module; the software forwarding control module is used for generating a software host routing table item in a software routing table of the three-layer VPN example based on a remote IP address carried by the second BGP EVPN route; wherein VXLAN tunnel connection corresponding to the far-end IP address sends the opposite end VTEP of the second BGP EVPN route; and synchronizing the software host routing table entries into the host routing table entries of the hardware routing table of the three-layer VPN instance of the hardware three-layer switching module.

The hardware receiving module is used for receiving the ARP request message packaged by the VXLAN and receiving an ARP response message; the hardware two-layer forwarding module is used for removing VXLAN packaging for the ARP request message packaged by VXLAN and broadcasting the unpacked ARP request message in a virtual local area network associated with VXLAN; learning hardware MAC address table items of the ARP response message for the hardware MAC address table, and sending the ARP response message to the software forwarding module; the software forwarding module is used for learning the software ARP table entry of the ARP response message for the software ARP table of the VXLAN; generating a third BGP EVPN route of the IP address of the sending end of the synchronous ARP response message; synchronizing the software ARP table entries into hardware ARP table entries of a hardware ARP table of the VXLAN; and the hardware three-layer forwarding module is used for sending the generated third BGP EVPN route to each opposite-end VTEP.

The present invention is not intended to be limited to the particular embodiments shown and described, but is to be accorded the widest scope consistent with the principles and novel features herein disclosed.