CN110290093A - The SD-WAN network architecture and network-building method, message forwarding method - Google Patents

The SD-WAN network architecture and network-building method, message forwarding method Download PDF

Info

Publication number
CN110290093A
CN110290093A CN201810224343.4A CN201810224343A CN110290093A CN 110290093 A CN110290093 A CN 110290093A CN 201810224343 A CN201810224343 A CN 201810224343A CN 110290093 A CN110290093 A CN 110290093A
Authority
CN
China
Prior art keywords
server
tunnel
client
controller
vpn
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810224343.4A
Other languages
Chinese (zh)
Inventor
董鲁毅
王彬
王仙平
王茜
庞俊英
吕屹
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Layer Peak Network Technology Co ltd
Original Assignee
Hangzhou Da Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Da Technology Co Ltd filed Critical Hangzhou Da Technology Co Ltd
Priority to CN201810224343.4A priority Critical patent/CN110290093A/en
Publication of CN110290093A publication Critical patent/CN110290093A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/02Topology update or discovery
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/164Implementing security features at a particular protocol layer at the network layer

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a kind of SD-WAN network architectures, comprising: the multiple servers connected by internet and the controller being connected with each server;The controller is used to generate the tunnel configuration information between different server, and the tunnel configuration information is handed down to each server.Invention additionally discloses a kind of SD-WAN network-building method and a kind of message forwarding methods based on SD-WAN network.Using the present invention, freely accessing for client may be implemented, avoid client access quantity bottleneck problem, and improve the reliability of network.

Description

The SD-WAN network architecture and network-building method, message forwarding method
Technical field
The present invention relates to fields of communication technology, and in particular to a kind of SD-WAN network architecture and network-building method further relate to one Message forwarding method of the kind based on SD-WAN network.
Background technique
Technology VPN (Virtual Private Network, virtual private networks) mature as one is widely applied Networking interconnection between headquarter of organization and branch, utilizes the existing Internet exportation of tissue, fictionalizes one " specially Line " connects the branch of tissue and general headquarters, forms a big local area network.In order to provide encryption, the certification of data With the anti-tamper function of data, IPSEC (Internet Protocol Security, Internet Protocol Security) association is introduced View.
IPsec is by IETF (Internet Engineering Task Force, Internet engineering task force) The safety standard frame of definition ensures to be maintained secrecy on ip networks and the communication of safety by using the security service of encryption, It provides public and dedicated network end to end security and the service for checking credentials.
Traditional IP Sec VPN is built on the internet, and networking mode is as shown in Figure 1, need to concentrate deployment one in general headquarters High performance vpn gateway server is covered, for providing VPN access service for branch, the performance requirement of this equipment is higher; Each branch disposes the lower vpn gateway client of a performance, for establishing connection with vpn gateway server.Vpn gateway visitor The VPN interface channel of safety is established between family end and vpn gateway server using ipsec technology, VPN interface channel is built On internet.After network establishment, the client built in branch can communicate with each other between the server of general headquarters, client When communicating with each other between end, data packet needs first to be sent to server, then is forwarded to opposite end client by server, as shown in Fig. 2, If the client communication of the client of branch A and branch C, the server of general headquarters can be first sent data packets to, then by server It is forwarded to the client of branch C.
This communication mode needs to build and configure a high performance server in general headquarters, if client terminal quantity compared with It is more, such as in the application scenarios such as chain-supermarket shops, it is very big to the pressure of server end, and to attachable number clients There are bottleneck problems for amount.In addition, since Traditional IP Sec VPN is built on the internet, so network quality is difficult to control, work as because When congestion occurs in special net, IPSec VPN will also result in congestion.
Summary of the invention
One aspect of the present invention provides a kind of SD-WAN network architecture and network-building method, accesses quantity bottleneck to avoid client Problem, and improve the reliability of network transmission.
Another aspect of the present invention also provides a kind of message forwarding method based on SD-WAN network, and that improves message transmissions can By property.
For this purpose, the embodiment of the present invention provides the following technical solutions:
A kind of SD-WAN network architecture, comprising: be connected by multiple servers of internet connection and with each server Controller;
The controller is used to generate the tunnel configuration information between different server, and will be under the tunnel configuration information Issue each server.
Optionally, the tunnel be it is following any one or more: the tunnel VXLAN, gre tunneling, the tunnel MPLS.
Optionally, the method also includes: client, the controller are also used to control the client and build with server Vertical connection.
Optionally, the client is connected by IPsec VPN or L2TP VPN or SSL VPN with server.
Optionally, the controller is also used to provide a user the setting platform for forwarding strategy to be arranged, and will be described Forwarding strategy is handed down to associated server and client in the network.
Optionally, the forwarding strategy is the form of OpenFlow flow table.
A kind of SD-WAN network-building method, which comprises
Each server establishes connection in controller and network, and the server is connected by internet;
The tunnel configuration information between different server is generated, and the tunnel configuration information is handed down to related service Device.
Optionally, the method also includes:
After the controller receives the configuring request of client, generates for the client and connect needed for access server Enter tunnel configuration information;
The incoming tunnel configuration information is handed down to the client, so that the client is according to the incoming tunnel Configuration information and the server establish incoming tunnel.
Optionally, the method also includes:
The controller provides a user forwarding strategy setting platform, puts down so that user logs in the setting by client Forwarding strategy is arranged in platform;
The forwarding strategy is handed down to associated server and client in the network by the controller.
A kind of message forwarding method based on SD-WAN network, the SD-WAN network include: to be connected by internet Multiple servers and the controller being connected with each server are configured with tunnel, the server between the different server On be stored with tunnel configuration information;The described method includes:
Server receives data message;
Forward-path is searched according to the preconfigured forwarding strategy of controller;
The data message is sent to next node by the forward-path.
Optionally, the data message is the user data message that source client is sent by VPN;Or the datagram Text is the user data message that other servers are sent by tunnel.
Optionally, the VPN are as follows: IPsec VPN or L2TP VPN or SSL VPN.
Optionally, the tunnel be it is following any one or more: the tunnel VXLAN, gre tunneling, the tunnel MPLS.
Optionally, described the data message to be sent to next node by the forward-path and include:
The data message is sent to next server by the tunnel on the forward-path;Or
The data message is sent to purpose client by VPN.
Compared with prior art, the invention has the following advantages that
The SD-WAN network architecture provided in an embodiment of the present invention and network-building method, using distributed group net mode, by multiple Server and tunnel composition.Client need to only be accessed any one server by user, realize the client in each place End is freely accessed, and client access quantity bottleneck problem is avoided.In addition, passing through the combination of server and tunnel, one is formed A Overlay (virtualization of superposition) network for supporting distributed access, the tunnel can not only be based on internet, also deposit In the connection of special line form, the reliability of network ensure that.By the centralized control and management of controller, tunnel establishment is realized It unified management with forwarding strategy and issues.
Message forwarding method provided by the invention based on SD-WAN network takes full advantage of SD-WAN network high reliability And client the characteristics of freely accessing, can be provided for user conveniently, the transmission of reliable data.
Detailed description of the invention
Fig. 1 is Traditional IP Sec VPN networking structure schematic diagram;
Fig. 2 is the communication scheme in Traditional IP Sec VPN network between client;
Fig. 3 is the schematic diagram of the SD-WAN network architecture of the embodiment of the present invention;
Fig. 4 is the schematic diagram of client access server of the embodiment of the present invention;
Fig. 5 is the schematic diagram communicated between different user in SD-WAN network of the embodiment of the present invention;
Fig. 6 is the flow chart of SD-WAN network-building method of the embodiment of the present invention;
Fig. 7 is the flow chart of message forwarding method of the embodiment of the present invention based on SD-WAN network;
Fig. 8 is that the present invention is based on the exemplary diagrams of the message of SD-WAN network forwarding.
Specific embodiment
In the following description, numerous specific details are set forth in order to facilitate a full understanding of the present invention.But the present invention can be with Much it is different from other way described herein to implement, those skilled in the art can be without prejudice to intension of the present invention the case where Under do similar popularization, therefore the present invention is not limited to the specific embodiments disclosed below.
Traditional IP Sec VPN there are aiming at the problem that, the embodiment of the present invention provides a kind of SD-WAN (Software- Defined Wide Area Network, software definition wide area network) network architecture, as shown in figure 3, being showing for the network architecture It is intended to.
The network architecture includes: the multiple servers connected by internet and the controller being connected with each server. The controller is used to generate the tunnel configuration information between different server, and the tunnel configuration information is handed down to each phase Close server.In this way, the tunnel of connection different server can be formed, a support is formed by these servers and corresponding tunnel Overlay (virtualization of superposition) network of distribution access, can be used as backbone network.
It should be noted that controller can generate a plurality of tunnel configuration information, tunnel configuration information master for each server Include:
(1) source server IP address is used to specify using which physical interface is the data packet in this tunnel use;
(2) port information, the sub-interface blurred out on physical interface, being used to specify this tunnel should specifically connect from which son Mouth is sent out;Using the port information, can make to create a plurality of tunnel on a physical interface;
(3) destination server IP address, it is specified to be sent using the data packet in this tunnel to which opposite end server.
The tunnel is virtual channel, in practical applications, can not only be based on internet, but also be also based on VXLAN (Virtual eXtensible LAN, expansible virtual LAN), GRE (Generic Routing Encapsulation, Generic Routing Encapsulation), MPLS (Multi-Protocol Label Switching, multi-protocols mark Label exchange) etc. networks corresponding tunnel is known as convenience: the tunnel VXLAN, gre tunneling, the tunnel MPLS, these Tunnel uses the connection of special line form, ensure that the reliability of network.
Based on this network architecture, client need to only be accessed any one server by user, as shown in Fig. 4.Tool Body, after client is connected to network, configuring request can be sent to controller;Controller receives the configuring request of client Afterwards, incoming tunnel configuration information needed for generating access server for the client;It will be under the incoming tunnel configuration information The client is issued, the client establishes incoming tunnel according to the incoming tunnel configuration information and the server.? In practical application, client can by IPsec VPN or L2TP (Layer Two Tunneling Protocol, second Layer channel protocol) VPN or SSL (Secure Sockets Layer, Secure Socket Layer) VPN be connected with server.Controller The main information for being handed down to client includes the IP address of given server, so that client is built using the IP address with server Vertical tunnel connection, such as ipsec tunnel
As it can be seen that this network architecture realizes freely accessing for the client in each place in which can be convenient, and avoid Client accesses quantity bottleneck problem.
In addition, user can also be set by client access controller using the setting platform that controller is supplied to user Personalized forwarding strategy is set, and the forwarding strategy is handed down to associated server and client in network.The forwarding Form of the strategy for OpenFlow flow table, the IP address information including multipair source to destination, and point out that each pair of address should Toward which direction forwarding, further include source incoming tunnel, it is intermediate need by backbone tunnel and the letter such as destination incoming tunnel Breath.Further, it may also include speed-limiting messages in the forwarding strategy, to limit the tunnel bandwidth of every forward-path occupancy. Certainly, according to the actual application, the forwarding strategy can by user flexibility be set, this embodiment of the present invention is not limited It is fixed.
Incoming end server is in the data packet for forwarding source client to transmit, according to the OpenFlow flow of controller configuration Data packet is transmitted to destination server by corresponding backbone tunnel by table;After destination server receives data packet, by data Packet sends purpose client to by the channel IPSec VPN.
For example, branch A needs are communicated with branch C, then branch A is connected by client with server 11 shown in Fig. 5, it will User data sends server 1 to by the channel IPSec VPN, and server 1 is according to the preconfigured OpenFlow flow of controller Table, selects optimal tunnel 21 as forward-path 21, sends user data to server 12 by tunnel 21;Server 12 is received To after data packet, the client for the branch C being connected with server 12 is transferred to by the channel IPSec VPN.
Correspondingly, the present invention also provides a kind of SD-WAN network-building methods, as shown in fig. 6, be the flow chart of this method, including Following steps:
Step 601, controller establishes connection with each server in network, and the server passes through internet and connects;
Step 602, the tunnel configuration information between different server is generated, and the tunnel configuration information is handed down to phase Close server.
The tunnel can be the tunnel VXLAN, gre tunneling, the tunnel MPLS.
Further, in another embodiment of the method for the present invention, the also controllable client of the controller is built with server Vertical connection.Specifically, after the controller receives the configuring request of client, access server institute is generated for the client The incoming tunnel configuration information needed;The incoming tunnel configuration information is handed down to the client, so that the client root Incoming tunnel is established according to the incoming tunnel configuration information and the server.
In another embodiment of the method for the present invention, it can comprise the further steps of:
The controller provides a user forwarding strategy setting platform, puts down so that user logs in the setting by client Forwarding strategy is arranged in platform;
The forwarding strategy is handed down to associated server and client in the network by the controller.
The forwarding strategy can use the form of OpenFlow flow table.
The SD-WAN network that method through the embodiment of the present invention is set up can make client freedom, easily access net Network, and do not limited by access quantity.In addition, being not only restricted to internet, therefore Path selection since backbone network type is abundant It is more flexible, when congestion occurs for network, it can flexibly switch route, substantially increase network quality.For example, user can shift to an earlier date A plurality of strategy is set, and every strategy includes complete incoming tunnel information and backbone tunnel information.These strategies are with primary and standby Form exists, and the same time only has a strategy and come into force, when in a strategy incoming tunnel or backbone tunnel go out It is now abnormal, it can be rapidly switched in the strategy of health.
Correspondingly, the embodiment of the present invention also provides a kind of message forwarding method based on SD-WAN network, the SD-WAN Network includes: the multiple servers connected by internet and the controller being connected with each server, the different server Between be configured with tunnel, be stored with tunnel configuration information on the server.
As shown in fig. 7, being that the present invention is based on the flow charts of the message forwarding method of SD-WAN network, comprising the following steps:
Step 701, server receives data message.
The data message is the user data message that client is sent by VPN, or passes through tunnel for other servers The user data message that road is sent.The VPN may is that IPsec VPN or L2TP VPN or SSL VPN.
Step 702, forward-path is searched according to the preconfigured forwarding strategy of controller.
The forwarding strategy is to first pass through controller in advance by user to configure, and specifically, the controller provides a user Interface is arranged in forwarding strategy, so that forwarding strategy is arranged by the interface in user;The controller will be under the forwarding strategy Issue each server in the network and each client.
Certainly, if matched according to the forwarding strategy less than forward-path, the data message is abandoned.
Step 703, the data message is sent to next node by the forward-path.
The next node can be the server in SD-WAN network, be also possible to the visitor being connected with current server Family end.Correspondingly, the server can be sent down to the data message by the backbone tunnel on the forward-path One server;Or purpose client to is sent the data message by VPN, that is, incoming tunnel.
The backbone tunnel be it is following any one or more: the tunnel VXLAN, gre tunneling, the tunnel MPLS.The access Tunnel can be IPsec VPN or L2TP VPN or SSL VPN.
Below with reference to example shown in Fig. 8 to the present invention is based on the message forwarding methods of SD-WAN network to do further specifically It is bright.
Referring to Fig. 8, the equipment for accessing the equipment 172.16.0.100/16 and access client C of customer end A 192.168.1.100/24 it is communicated, process is as follows:
1) equipment 172.16.0.100/16 sends user's message to customer end A, and format is as follows:
IP head User's message
Wherein, IP include: user source address 172.16.0.100/16 and destination address 192.168.1.100/24.
It 2), first can be according to the source destination address in the message, matching controller after customer end A receives above-mentioned user's message The forwarding strategy issued, the forwarding strategy being matched to are as follows:
172.16.0.0/16via 192.168.1.0/24gre1
The forwarding strategy is routing sheet form, which shows that the outlet of this message is gre1 mouthfuls, the i.e. end of server A Mouthful;
Above-mentioned user's message is encapsulated as incoming tunnel message by customer end A, and in this embodiment, incoming tunnel uses GRE Data are first distributed into GRE packet by the encapsulation format of Over IPSEC, be then distributed into IPSEC packet again.Access after encapsulation Tunnel packet format is as follows:
Outer layer IP head ESP head Tunnel IP head GRE head Internal layer IP head User's message
Wherein, internal layer IP source address 172.16.0.100/16 and destination address 192.168.1.100/ including user 24;
Tunnel IP includes the source IP address of gre tunneling, purpose IP address;
Outer layer IP include the source IP address of ipsec tunnel, purpose IP address;
ESP (Encapsulating Security Payloads, encapsulating security payload (esp)) head is for existing to IP agreement Data integrity metric, origin authentication, encryption and anti-replay attack are carried out in transmission process;
The GRE protocol types including upper layer (protocol type of user's message), such as Ipv4.Ipv6.
Above-mentioned incoming tunnel message is sent to server A by customer end A.
3) after server A receives the message that customer end A transmits, first can decapsulate user's message, then according to control It is as follows to be matched to specified strategy for the forwarding strategy that device issues:
Nw_src=172.16.0.0/16, nw_dst=192.168.1.0/24actions=load:0xda- > NXM_ NX_TUN_ID[],output:1
Server A is encapsulated as backbone tunnel packet according to the forwarding strategy, by user's message, in this embodiment, backbone tunnel Using the encapsulation format of MAC-in-UDP, the backbone tunnel packet format after encapsulation is as follows:
Wherein, outer layer IP include the source IP address in the tunnel VXLAN, purpose IP address;
UDP include source destination port, UDP length;
VXLAN include VXLAN ID.
Server A sends the above-mentioned message after encapsulation to destination server C by the tunnel VXLAN.
4) after server C receives above-mentioned message, decapsulate user's message.According to the source of user therein, destination address, The strategy that a controller issues is matched, as follows:
172.16.0.0/16 via 192.169.1.0/24 dev gre2
The forwarding strategy points out that above-mentioned message should be sent out from gre2 mouthfuls;
User's message is encapsulated as the incoming tunnel information of server C to client C by server C, will by incoming tunnel Message is sent to client C.
5) after client C receives message, message is decapsulated, according to the destination address of user, message is sent to target and is set Standby 192.168.1.100/24.
As it can be seen that the message forwarding method provided by the invention based on SD-WAN network, it is high to take full advantage of SD-WAN network The characteristics of reliability and client freely access can provide convenience, the transmission of reliable data for user.Moreover, because can be with Forwarding strategy is freely configured, therefore the flow of client no longer has to pass through general headquarters, can be forwarded according to optimal road configuration diameter, greatly Network delay is reduced greatly.
Although the present invention is disclosed as above with preferred embodiment, it is not for limiting the present invention, any this field skill Art personnel without departing from the spirit and scope of the present invention, can make possible variation and modification, therefore guarantor of the invention Shield range should be subject to the range that the claims in the present invention are defined.
In a typical configuration, calculating equipment includes one or more processors (CPU), input/output interface, net Network interface and memory.
Memory may include the non-volatile memory in computer-readable medium, random access memory (RAM) and/ Or the forms such as Nonvolatile memory, such as read-only memory (ROM) or flash memory (flash RAM).Memory is computer-readable medium Example.
1, computer-readable medium can be by any side including permanent and non-permanent, removable and non-removable media Method or technology realize that information stores.Information can be computer readable instructions, data structure, the module of program or other numbers According to.The example of the storage medium of computer includes, but are not limited to phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other kinds of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory techniques, CD-ROM are read-only Memory (CD-ROM), digital versatile disc (DVD) or other optical storage, magnetic cassettes, tape magnetic disk storage or Other magnetic storage devices or any other non-transmission medium, can be accessed by a computing device information using storage.According to Herein defines, and computer-readable medium does not include non-temporary computer readable media (transitory media), such as modulates Data-signal and carrier wave.
2, it will be understood by those skilled in the art that embodiments herein can provide as the production of method, system or computer program Product.Therefore, complete hardware embodiment, complete software embodiment or embodiment combining software and hardware aspects can be used in the application Form.It can be used moreover, the application can be used in the computer that one or more wherein includes computer usable program code The computer program product implemented on storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) Form.

Claims (14)

1. a kind of SD-WAN network architecture characterized by comprising by internet connect multiple servers and with it is each The connected controller of server;
The controller is used to generate the tunnel configuration information between different server, and the tunnel configuration information is handed down to Each server.
2. the SD-WAN network architecture according to claim 1, which is characterized in that the tunnel be it is following any one or it is more Kind: the tunnel VXLAN, gre tunneling, the tunnel MPLS.
3. the SD-WAN network architecture according to claim 1, which is characterized in that further include: client, the controller is also Connection is established for controlling the client and server.
4. the SD-WAN network architecture according to claim 3, which is characterized in that the client by IPsec VPN or Person L2TP VPN or SSL VPN are connected with server.
5. the SD-WAN network architecture according to claim 4, which is characterized in that the controller is also used to provide a user For the setting platform of forwarding strategy to be arranged, and the forwarding strategy is handed down to associated server and client in the network End.
6. the SD-WAN network architecture according to claim 5, which is characterized in that the forwarding strategy is OpenFlow flow table Form.
7. a kind of SD-WAN network-building method, which is characterized in that the described method includes:
Each server establishes connection in controller and network, and the server is connected by internet;
The tunnel configuration information between different server is generated, and the tunnel configuration information is handed down to associated server.
8. SD-WAN network-building method according to claim 7, which is characterized in that the method also includes:
After the controller receives the configuring request of client, access tunnel needed for generating access server for the client Road configuration information;
The incoming tunnel configuration information is handed down to the client, so that the client is configured according to the incoming tunnel Information and the server establish incoming tunnel.
9. SD-WAN network-building method according to claim 8, which is characterized in that the method also includes:
The controller provides a user forwarding strategy setting platform, sets so that user logs in the setting platform by client Set forwarding strategy;
The forwarding strategy is handed down to associated server and client in the network by the controller.
10. a kind of message forwarding method based on SD-WAN network, which is characterized in that the SD-WAN network include: pass through because Spy nets the multiple servers connected and the controller being connected with each server, is configured with tunnel between the different server, Tunnel configuration information is stored on the server;The described method includes:
Server receives data message;
Forward-path is searched according to the preconfigured forwarding strategy of controller;
The data message is sent to next node by the forward-path.
11. according to the method described in claim 10, it is characterized in that,
The data message is the user data message that source client is sent by VPN;Or
The data message is the user data message that other servers are sent by tunnel.
12. according to the method for claim 11, which is characterized in that the VPN are as follows: IPsec VPN or L2TP VPN or Person SSL VPN.
13. according to the method for claim 11, which is characterized in that the tunnel be it is following any one or more: VXLAN Tunnel, gre tunneling, the tunnel MPLS.
14. method according to any one of claims 10 to 13, which is characterized in that described that the data message is passed through institute It states forward-path and sends next node to and include:
The data message is sent to next server by the tunnel on the forward-path;Or
The data message is sent to purpose client by VPN.
CN201810224343.4A 2018-03-19 2018-03-19 The SD-WAN network architecture and network-building method, message forwarding method Pending CN110290093A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810224343.4A CN110290093A (en) 2018-03-19 2018-03-19 The SD-WAN network architecture and network-building method, message forwarding method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810224343.4A CN110290093A (en) 2018-03-19 2018-03-19 The SD-WAN network architecture and network-building method, message forwarding method

Publications (1)

Publication Number Publication Date
CN110290093A true CN110290093A (en) 2019-09-27

Family

ID=68000807

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810224343.4A Pending CN110290093A (en) 2018-03-19 2018-03-19 The SD-WAN network architecture and network-building method, message forwarding method

Country Status (1)

Country Link
CN (1) CN110290093A (en)

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111130885A (en) * 2019-12-25 2020-05-08 深信服科技股份有限公司 Network communication method, device, equipment and storage medium
CN111245699A (en) * 2020-01-15 2020-06-05 广州华多网络科技有限公司 Remote communication service control method, server and client
CN111654399A (en) * 2020-06-08 2020-09-11 奇安信科技集团股份有限公司 Networking method, device and equipment based on SD-WAN and storage medium
CN112040170A (en) * 2020-09-11 2020-12-04 国泰新点软件股份有限公司 Remote off-site bid evaluation system based on 5G
CN112671811A (en) * 2021-03-18 2021-04-16 观脉科技(北京)有限公司 Network access method and equipment
CN113411245A (en) * 2021-06-30 2021-09-17 北京天融信网络安全技术有限公司 IPSec tunnel network configuration method, IPSec tunnel network configuration device, electronic equipment and storage medium
CN113472625A (en) * 2021-06-29 2021-10-01 中国电信股份有限公司 Transparent bridging method, system, equipment and storage medium based on mobile internet
CN113518104A (en) * 2021-03-11 2021-10-19 网宿科技股份有限公司 Data message processing method, transfer equipment and system
CN113595894A (en) * 2021-07-28 2021-11-02 海尔数字科技(青岛)有限公司 Communication method, device, equipment and medium between service nodes and client nodes
US11296947B2 (en) 2020-06-29 2022-04-05 Star2Star Communications, LLC SD-WAN device, system, and network
CN114640626A (en) * 2020-12-01 2022-06-17 中国联合网络通信集团有限公司 Communication system and method based on software defined wide area network SD-WAN
CN115348211A (en) * 2022-07-04 2022-11-15 深圳市高德信通信股份有限公司 Method for processing a computational task using network nodes available on a network process
CN115529206A (en) * 2022-09-30 2022-12-27 上海地面通信息网络股份有限公司 Remote and mobile office cooperative control system and access method based on dial-up cloud VPN

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101599883A (en) * 2008-07-02 2009-12-09 上海恩际恩网络科技有限公司 A kind of safe transmission network system framework based on overlay network
CN103873379A (en) * 2012-12-18 2014-06-18 中国科学院声学研究所 Distributed route destroy-resistant strategy collocation method and system based on overlay network
CN104917682A (en) * 2014-03-14 2015-09-16 杭州华三通信技术有限公司 Overlay network configuration method and device
CN105282003A (en) * 2014-06-20 2016-01-27 中国电信股份有限公司 Tunnel establishing method and system, tunnel controller and virtual switch
CN105681102A (en) * 2016-03-01 2016-06-15 上海斐讯数据通信技术有限公司 Behavioral strategy method and system based on SDN
CN106412880A (en) * 2015-07-29 2017-02-15 中国科学院沈阳自动化研究所 Wireless mesh safety hierarchical transmission method based on SDN
CN106411820A (en) * 2015-07-29 2017-02-15 中国科学院沈阳自动化研究所 Industrial communication flow transmission safety control method based on SDN architecture
US20170295130A1 (en) * 2016-04-07 2017-10-12 Cisco Technology, Inc. Control plane based technique for handling multi-destination traffic in overlay networks
US20180013670A1 (en) * 2015-05-27 2018-01-11 Cisco Technology, Inc. Operations, administration and management (oam) in overlay data center environments

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101599883A (en) * 2008-07-02 2009-12-09 上海恩际恩网络科技有限公司 A kind of safe transmission network system framework based on overlay network
CN103873379A (en) * 2012-12-18 2014-06-18 中国科学院声学研究所 Distributed route destroy-resistant strategy collocation method and system based on overlay network
CN104917682A (en) * 2014-03-14 2015-09-16 杭州华三通信技术有限公司 Overlay network configuration method and device
CN105282003A (en) * 2014-06-20 2016-01-27 中国电信股份有限公司 Tunnel establishing method and system, tunnel controller and virtual switch
US20180013670A1 (en) * 2015-05-27 2018-01-11 Cisco Technology, Inc. Operations, administration and management (oam) in overlay data center environments
CN106412880A (en) * 2015-07-29 2017-02-15 中国科学院沈阳自动化研究所 Wireless mesh safety hierarchical transmission method based on SDN
CN106411820A (en) * 2015-07-29 2017-02-15 中国科学院沈阳自动化研究所 Industrial communication flow transmission safety control method based on SDN architecture
CN105681102A (en) * 2016-03-01 2016-06-15 上海斐讯数据通信技术有限公司 Behavioral strategy method and system based on SDN
US20170295130A1 (en) * 2016-04-07 2017-10-12 Cisco Technology, Inc. Control plane based technique for handling multi-destination traffic in overlay networks

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111130885A (en) * 2019-12-25 2020-05-08 深信服科技股份有限公司 Network communication method, device, equipment and storage medium
CN111245699A (en) * 2020-01-15 2020-06-05 广州华多网络科技有限公司 Remote communication service control method, server and client
CN111245699B (en) * 2020-01-15 2021-08-17 广州华多网络科技有限公司 Remote communication service control method, server and client
CN111654399A (en) * 2020-06-08 2020-09-11 奇安信科技集团股份有限公司 Networking method, device and equipment based on SD-WAN and storage medium
CN111654399B (en) * 2020-06-08 2022-10-18 奇安信科技集团股份有限公司 Networking method, device, equipment and storage medium based on SD-WAN
US11296947B2 (en) 2020-06-29 2022-04-05 Star2Star Communications, LLC SD-WAN device, system, and network
CN112040170A (en) * 2020-09-11 2020-12-04 国泰新点软件股份有限公司 Remote off-site bid evaluation system based on 5G
CN114640626B (en) * 2020-12-01 2023-07-18 中国联合网络通信集团有限公司 Communication system and method based on software defined wide area network SD-WAN
CN114640626A (en) * 2020-12-01 2022-06-17 中国联合网络通信集团有限公司 Communication system and method based on software defined wide area network SD-WAN
CN113518104A (en) * 2021-03-11 2021-10-19 网宿科技股份有限公司 Data message processing method, transfer equipment and system
CN112671811B (en) * 2021-03-18 2021-12-28 观脉科技(北京)有限公司 Network access method and equipment
CN112671811A (en) * 2021-03-18 2021-04-16 观脉科技(北京)有限公司 Network access method and equipment
CN113472625A (en) * 2021-06-29 2021-10-01 中国电信股份有限公司 Transparent bridging method, system, equipment and storage medium based on mobile internet
CN113472625B (en) * 2021-06-29 2022-11-25 中国电信股份有限公司 Transparent bridging method, system, equipment and storage medium based on mobile internet
CN113411245A (en) * 2021-06-30 2021-09-17 北京天融信网络安全技术有限公司 IPSec tunnel network configuration method, IPSec tunnel network configuration device, electronic equipment and storage medium
CN113595894A (en) * 2021-07-28 2021-11-02 海尔数字科技(青岛)有限公司 Communication method, device, equipment and medium between service nodes and client nodes
CN115348211A (en) * 2022-07-04 2022-11-15 深圳市高德信通信股份有限公司 Method for processing a computational task using network nodes available on a network process
CN115348211B (en) * 2022-07-04 2024-03-19 深圳市高德信通信股份有限公司 Method for processing computing tasks using available network nodes
CN115529206A (en) * 2022-09-30 2022-12-27 上海地面通信息网络股份有限公司 Remote and mobile office cooperative control system and access method based on dial-up cloud VPN

Similar Documents

Publication Publication Date Title
CN110290093A (en) The SD-WAN network architecture and network-building method, message forwarding method
US9871766B2 (en) Secure path determination between devices
US7643488B2 (en) Method and apparatus for supporting multiple customer provisioned IPSec VPNs
EP2579544B1 (en) Methods and apparatus for a scalable network with efficient link utilization
EP3151509B1 (en) Enhanced evpn mac route advertisement having mac (l2) level authentication, security and policy control
US7373660B1 (en) Methods and apparatus to distribute policy information
US7486659B1 (en) Method and apparatus for exchanging routing information between virtual private network sites
US9973469B2 (en) MAC (L2) level authentication, security and policy control
US20130173788A1 (en) Network access apparatus
US20050147104A1 (en) Apparatus and method for multihop MPLS/IP/ATM/frame relay/ethernet pseudo-wire
CN103905284B (en) A kind of flow load sharing method and apparatus based on EVI networks
CN110324159B (en) Link configuration method, controller and storage medium
CN102694738B (en) Virtual private network (VPN) gateway and method for forwarding messages at VPN gateway
EP3151477B1 (en) Fast path content delivery over metro access networks
CN108512755B (en) Method and device for learning routing information
WO2022142905A1 (en) Packet forwarding method and apparatus, and network system
CN109246016A (en) Message processing method and device across VXLAN
Dayananda et al. Architecture for inter-cloud services using IPsec VPN
CN113472913A (en) Communication method and device
WO2019041332A1 (en) Method and system for optimizing transmission of acceleration network
CN112910791B (en) Diversion system and method thereof
CN107689881A (en) Message processing method and device
US10848414B1 (en) Methods and apparatus for a scalable network with efficient link utilization
CN214799524U (en) Flow guiding system
CN112910790B (en) Diversion system and method thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20200324

Address after: 200040 room 1013, No. 250, JIANGCHANG Third Road, Jing'an District, Shanghai

Applicant after: Shanghai layer peak Network Technology Co.,Ltd.

Address before: 310012 506, room 4, 998 West Wen Yi Road, Wuchang Street, Yuhang District, Hangzhou, Zhejiang.

Applicant before: HANGZHOU DAHU TECHNOLOGY Co.,Ltd.

TA01 Transfer of patent application right
RJ01 Rejection of invention patent application after publication

Application publication date: 20190927

RJ01 Rejection of invention patent application after publication