This application claims priority to Indian Patent Application No. 202241042358, entitled “USING VPN-IP ADDRESS FAMILY FOR NON-VPN ROUTES,” and filed on Jul. 25, 2022. The entire content of the above-referenced application is expressly incorporated herein by reference.
A network device, such as a provider edge (PE) network device, can include a global routing and forwarding table and one or more virtual routing and forwarding tables (VRFs). Each VRF can be associated with a virtual private network (VPN). Accordingly, the network device can support routing non-VPN traffic (e.g., using the global routing and forwarding table) and VPN traffic (e.g., using the one or more VRFs), even in scenarios of overlapping addresses.
In some implementations, a method includes determining, by a first network device, a route distinguisher (RD) and a route target (RT) associated with an address prefix that is to be included in a global routing and forwarding table; and sending, by the first network device, an advertisement that includes the address prefix, the RD, and the RT, wherein: the RT indicates that the address prefix is to be included in a global routing and forwarding table of a receiving network device.
In some implementations, a non-transitory computer-readable medium storing a set of instructions includes one or more instructions that, when executed by one or more processors of a network device, cause the network device to: receive an advertisement that includes an address prefix, an RD, and an RT, wherein: the RT indicates that the address prefix is to be included in a global routing and forwarding table of the network device; and determine, based on the RT, that the address prefix is to be stored in the global routing and forwarding table of the network device.
In some implementations, a first network device includes one or more memories; and one or more processors to: send, to a second network device, an advertisement that includes an RD and an RT, wherein: the RT indicates that an address prefix of the advertisement is to be included in a global routing and forwarding table of the second network device.
The following detailed description of example implementations refers to the accompanying drawings. The same reference numbers in different drawings may identify the same or similar elements.
In many cases, an advertising network device (e.g., a PE network device) advertises a route associated with another network device (e.g., a customer edge (CE) network device) by sending an advertisement to a receiving network device (e.g., another PE network device). The advertisement typically includes an address prefix associated with the other network device. When the other network device is associated with a VPN, the advertisement may additionally include an RD and an RT to distinguish overlapping route prefixes and to control distribution and importation of route prefixes to a VRF (e.g., that is associated with the VPN) of the receiving network device. When the other network device is not associated with a VPN, the advertisement may include only the address prefix, which is imported into a global routing and forwarding table of the receiving network device. Accordingly, information that can distinguish different paths for non-VPN traffic to or from the receiving network device is not conveyed to the receiving network device via the advertisement.
This prevents the use of a single forward selection (SFS) functionality for global table multicast (GTM) (e.g., that uses border gateway protocol (BGP) multicast virtual private network (MVPN) procedures associated with the global routing and forwarding table). Further, MVPN fast failover procedures cannot be used for GTM (e.g., because egress PE network devices cannot originate different C-multicast A-D routes targeted at redundant ingress PE network devices). Consequently, a receiving network device (e.g., a PE network device) is not able to provide as robust and efficient a functionality for non-VPN traffic as it is able to provide for VPN traffic. This results in the receiving network device (as well as other PE network devices) not providing a desired routing performance for non-VPN traffic and/or utilizing computing resources (e.g., processing resources, memory resources, communication resources, and/or power resources, among other examples) to perform other routing processes and techniques to provide workarounds of the SFS functionality and MVPN fast failover procedures. Moreover, in a unicast only context, multiple paths to a CE network device for non-VPN traffic can be advertised, which often results in multiple copies of the same path being stored in global routing and forwarding tables of PE network devices. This causes further consumption of computing resources of the PE network devices.
Some implementations described herein are directed to a first PE network device sending a first advertisement to a second PE network device. The first advertisement includes a non-VPN address prefix (e.g., associated with a CE device or another device), an RD, and an RT. The second PE network device determines that the address prefix is not a VPN address prefix (e.g., based on the RT) and therefore stores the address prefix in a global routing and forwarding table (rather than a virtual routing and forwarding table for a VPN). Further, the first PE network device may send a second advertisement to the second PE network device that includes a VPN address prefix (e.g., associated with a same, or different, CE device that is associated with a VPN), an RD, and an RT. The second PE network device determines that the address prefix is a VPN address prefix (e.g., based on the RT) and therefore stores the address prefix in a virtual routing and forwarding table (e.g., that is associated with the VPN). Additionally, the first PE network device may send a third advertisement to the second PE network device that includes only a non-VPN address prefix (e.g., without an RD and an RT). The second PE network device determines that the address prefix is not a VPN address prefix (e.g., based on the third advertisement not including an RD and an RT) and therefore stores the address prefix in the global routing and forwarding table.
In this way, the first PE network device is able to advertise, to the second PE network device via the first advertisement, information that can distinguish different paths for non-VPN traffic to or from the second PE network device. This enables the use of the SFS for GTM by the second PE network device, as well as other PE network devices that receive the first advertisement. This also enables use of MVPN fast failover procedures by the second PE network device and the other PE network devices (e.g., because egress PE network devices are able to originate different C-multicast A-D routes targeted at redundant ingress PE network devices). Therefore, the second PE network device and the other PE network devices are able to provide a robust and efficient functionality for non-VPN traffic (e.g., that is the same as, or similar to, that provided for VPN traffic). Accordingly, the second PE network device, and the other PE network devices, provide a desired routing performance for non-VPN traffic and therefore consumption of computing resources (e.g., processing resources, memory resources, communication resources, and/or power resources, among other examples) to perform other routing processes and techniques (e.g., to provide workarounds of the SFS functionality and MVPN fast failover procedures) is reduced or eliminated. Further, in a unicast-only context, a need to advertise multiple paths to a CE network device is reduced or eliminated, which further reduces utilization of computing resources that would otherwise be used to generate and maintain copies of the multiple paths.
Additionally, the first PE network device is able to advertise multiple types of advertisements (e.g., two different types of non-VPN advertisements and another type of VPN advertisement), and the second PE network device is able to receive and process the multiple types of advertisements (e.g., by storing information in a particular type of advertisement in a routing and forwarding table that corresponds to the particular type). In this way, the first PE network device and the second PE network device are each able to provide functionalities that are not otherwise able to be provided by typical PE network devices. Accordingly, the first PE network device and the second PE network device are able to provide improved advertising, routing, and other networking performances (e.g., related to SFS for GTM, MVPN fast failover procedures, and/or other procedures) that cannot otherwise be provided by typical PE network devices.
As shown in
The first advertisement may be associated with a route of the CE network device CE A. For example, the first advertisement message may include an address prefix associated with the CE network device CE A. Accordingly, the address prefix may not be a VPN address prefix (e.g., because the CE network device CE A is not associated with a VPN).
The PE network device PE 1 may determine an RD and/or an RT associated with the address prefix and may additionally include the RD and/or the RT in the first advertisement. The RD may be a universally unique identifier (UUID), or another type of identifier, and/or may indicate that the address prefix is not a VPN address prefix. The RT may indicate that the address prefix is to be included in a global routing forwarding table (e.g., not a virtual routing and forwarding table associated with a VPN) of a PE network device that receives the first advertisement (e.g., of the PE network device PE 2, as shown in
As shown by reference number 104, the PE network device PE 2 may store the address prefix of the first advertisement in a global routing and forwarding table of the PE network device PE 2 (e.g., that is, or is included in, a data structure of the PE network device PE 2). For example, the PE network device PE 2 may process (e.g., parse and/or read) the first advertisement to identify the address prefix, the RD, the RT, and/or the label included in the first advertisement. The PE network device PE 2 may determine, based on the RD and/or the RT, that the address prefix is not a VPN address prefix and/or that the address prefix is to be included in a global routing and forwarding table. The PE network device PE 2 may thereby determine that the address prefix is to be stored in the global routing and forwarding table of the PE network device PE 2. Accordingly, the PE network device PE 2 may store the address prefix in the global routing and forwarding table of the PE network device PE 2. In some implementations, the PE network device PE 2 may also store the RD, the RT, and/or the label with the address prefix in the global routing and forwarding table (e.g., in an entry of the global routing and forwarding table).
As shown in
The second advertisement may be associated with a route of the CE network device CE B. For example, the second advertisement message may include an address prefix associated with the CE network device CE B. Accordingly, the address prefix may be a VPN address prefix (e.g., because the CE network device CE B is associated with a VPN).
The PE network device PE 1 may determine an RD and/or an RT associated with the address prefix and may additionally include the RD and/or the RT in the second advertisement. The RD may be a UUID, or another type of identifier, and/or may indicate that the address prefix is a VPN address prefix. The RT may indicate that the address prefix is to be included in a virtual routing and forwarding table associated with a VPN (e.g., the VPN associated with the CE network device CE B) of a PE network device that receives the second advertisement (e.g., of the PE network device PE 2, as shown in
As shown by reference number 108, the PE network device PE 2 may store the address prefix of the second advertisement in a virtual routing and forwarding table of the PE network device PE 2 (e.g., that is, or is included in, a data structure of the PE network device PE 2). For example, the PE network device PE 2 may process (e.g., parse and/or read) the second advertisement to identify the address prefix, the RD, and/or the RT included in the second advertisement. The PE network device PE 2 may determine, based on the RD and/or the RT, that the address prefix is a VPN address prefix and/or that the address prefix is to be included in a virtual routing and forwarding table associated with a VPN (e.g., that is associated with the CE network device CE B). The PE network device PE 2 may thereby determine that the address prefix is to be stored in the virtual routing and forwarding table of the PE network device PE 2 that is associated with the VPN. Accordingly, the PE network device PE 2 may store the address prefix in the virtual routing and forwarding table. In some implementations, the PE network device PE 2 may also store the RD, and/or the RT with the address prefix in the virtual routing and forwarding table (e.g., in an entry of the virtual routing and forwarding table).
As shown in
The third advertisement may be associated with a route of the CE network device CE C. For example, the third advertisement message may include an address prefix associated with the CE network device CE C. Accordingly, the address prefix may not be a VPN address prefix (e.g., because the CE network device CE C is not associated with a VPN). In some implementations, the PE network device PE 1 may refrain from determining an RD and/or an RT associated with the address prefix. Accordingly, the PE network device PE 1 may refrain from including an RD and/or an RT in the third advertisement.
As shown by reference number 112, the PE network device PE 2 may store the address prefix of the third advertisement in the global routing and forwarding table of the PE network device PE 2. For example, the PE network device PE 2 may process (e.g., parse and/or read) the third advertisement to identify the address prefix included in the third advertisement. The PE network device PE 2 may determine, such as based on the third advertisement not including an RD and/or an RT, that the address prefix is not a VPN address prefix and/or that the address prefix is to be included in a global routing and forwarding table. The PE network device PE 2 may thereby determine that the address prefix is to be stored in the global routing and forwarding table of the PE network device PE 2. Accordingly, the PE network device PE 2 may store the address prefix in the global routing and forwarding table of the PE network device PE 2 (e.g., in an entry of the global routing and forwarding table).
As indicated above,
A CE network device 210 includes one or more devices capable of generating, sending, receiving, processing, storing, routing, and/or providing traffic (e.g., VPN traffic and/or non-VPN traffic) in a manner described herein. For example, a CE network device 210 may include a firewall, a gateway, a switch, a hub, a bridge, a reverse proxy, a server (e.g., a proxy server), a security device, an intrusion detection device, a load balancer, or a similar type of device. Additionally, or alternatively, a CE network device 210 may include a router, such as a label switching router (LSR), a label edge router (LER), an ingress router, an egress router, a provider router (e.g., a provider edge router or a provider core router), a virtual router, or another type of router. In some implementations, a CE network device 210 may include a mobile phone (e.g., a smart phone or a radiotelephone), a laptop computer, a tablet computer, a desktop computer, a handheld computer, or a similar type of device. A CE network device 210 may be connected to a PE network device 220 via a link (e.g., an uplink) of the PE network device 220. In some implementations, a CE network device 210 may transmit traffic (e.g., VPN traffic and/or non-VPN traffic) to a PE network device 220 and receive traffic from the PE network device 220, as described elsewhere herein. A CE network device 210 may be a physical device implemented within a housing, such as a chassis. In some implementations, a CE network device 210 may be a virtual device implemented by one or more computer devices of a cloud computing environment or a data center.
A PE network device 220 includes one or more devices capable of receiving, processing, storing, routing, and/or providing traffic (e.g., VPN traffic and/or non-VPN traffic) in a manner described herein. For example, a PE network device 220 may include a firewall, a gateway, a switch, a hub, a bridge, a reverse proxy, a server (e.g., a proxy server), a security device, an intrusion detection device, a load balancer, or a similar type of device. Additionally, or alternatively, a PE network device 220 may include a router, such as an LSR, an LER, an ingress router, an egress router, a provider router (e.g., a provider edge router or a provider core router), a virtual router, or another type of router. In some implementations, a PE network device 220 may include a link that connects the PE network device 220 to a CE network device 210. In some implementations, the PE network device 220 may transmit traffic between the CE network device 210 and the network 230, as described elsewhere herein. APE network device 220 may be a physical device implemented within a housing, such as a chassis. In some implementations, a PE network device 220 may be a virtual device implemented by one or more computer devices of a cloud computing environment or a data center.
Network 230 includes one or more wired and/or wireless networks. For example, network 230 may include a packet switched network, a cellular network (e.g., a fifth generation (5G) network, a fourth generation (4G) network, such as a long-term evolution (LTE) network, a third generation (3G) network, a code division multiple access (CDMA) network), a public land mobile network (PLMN), a local area network (LAN), a wide area network (WAN), a metropolitan area network (MAN), a telephone network (e.g., the Public Switched Telephone Network (PSTN)), a private network, an ad hoc network, an intranet, the Internet, a fiber optic-based network, a cloud computing network, or the like, and/or a combination of these or other types of networks.
The number and arrangement of devices and networks shown in
The bus 310 may include one or more components that enable wired and/or wireless communication among the components of the device 300. The bus 310 may couple together two or more components of
The memory 330 may include volatile and/or nonvolatile memory. For example, the memory 330 may include random access memory (RAM), read only memory (ROM), a hard disk drive, and/or another type of memory (e.g., a flash memory, a magnetic memory, and/or an optical memory). The memory 330 may include internal memory (e.g., RAM, ROM, or a hard disk drive) and/or removable memory (e.g., removable via a universal serial bus connection). The memory 330 may be a non-transitory computer-readable medium. The memory 330 may store information, one or more instructions, and/or software (e.g., one or more software applications) related to the operation of the device 300. In some implementations, the memory 330 may include one or more memories that are coupled (e.g., communicatively coupled) to one or more processors (e.g., processor 320), such as via the bus 310. Communicative coupling between a processor 320 and a memory 330 may enable the processor 320 to read and/or process information stored in the memory 330 and/or to store information in the memory 330.
The input component 340 may enable the device 300 to receive input, such as user input and/or sensed input. For example, the input component 340 may include a touch screen, a keyboard, a keypad, a mouse, a button, a microphone, a switch, a sensor, a global positioning system sensor, an accelerometer, a gyroscope, and/or an actuator. The output component 350 may enable the device 300 to provide output, such as via a display, a speaker, and/or a light-emitting diode. The communication component 360 may enable the device 300 to communicate with other devices via a wired connection and/or a wireless connection. For example, the communication component 360 may include a receiver, a transmitter, a transceiver, a modem, a network interface card, and/or an antenna.
The device 300 may perform one or more operations or processes described herein. For example, a non-transitory computer-readable medium (e.g., memory 330) may store a set of instructions (e.g., one or more instructions or code) for execution by the processor 320. The processor 320 may execute the set of instructions to perform one or more operations or processes described herein. In some implementations, execution of the set of instructions, by one or more processors 320, causes the one or more processors 320 and/or the device 300 to perform one or more operations or processes described herein. In some implementations, hardwired circuitry may be used instead of or in combination with the instructions to perform one or more operations or processes described herein. Additionally, or alternatively, the processor 320 may be configured to perform one or more operations or processes described herein. Thus, implementations described herein are not limited to any specific combination of hardware circuitry and software.
The number and arrangement of components shown in
Input component 410 may be one or more points of attachment for physical links and may be one or more points of entry for incoming traffic, such as packets. Input component 410 may process incoming traffic, such as by performing data link layer encapsulation or decapsulation. In some implementations, input component 410 may transmit and/or receive packets. In some implementations, input component 410 may include an input line card that includes one or more packet processing components (e.g., in the form of integrated circuits), such as one or more interface cards (IFCs), packet forwarding components, line card controller components, input ports, processors, memories, and/or input queues. In some implementations, device 400 may include one or more input components 410.
Switching component 420 may interconnect input components 410 with output components 430. In some implementations, switching component 420 may be implemented via one or more crossbars, via busses, and/or with shared memories. The shared memories may act as temporary buffers to store packets from input components 410 before the packets are eventually scheduled for delivery to output components 430. In some implementations, switching component 420 may enable input components 410, output components 430, and/or controller 440 to communicate with one another.
Output component 430 may store packets and may schedule packets for transmission on output physical links. Output component 430 may support data link layer encapsulation or decapsulation, and/or a variety of higher-level protocols. In some implementations, output component 430 may transmit packets and/or receive packets. In some implementations, output component 430 may include an output line card that includes one or more packet processing components (e.g., in the form of integrated circuits), such as one or more IFCs, packet forwarding components, line card controller components, output ports, processors, memories, and/or output queues. In some implementations, device 400 may include one or more output components 430. In some implementations, input component 410 and output component 430 may be implemented by the same set of components (e.g., and input/output component may be a combination of input component 410 and output component 430).
Controller 440 includes a processor in the form of, for example, a CPU, a graphics processing unit (GPU), an accelerated processing unit (APU), a microprocessor, a microcontroller, a digital signal processor (DSP), a field-programmable gate array (FPGA), an application-specific integrated circuit (ASIC), and/or another type of processor. The processor is implemented in hardware, firmware, or a combination of hardware and software. In some implementations, controller 440 may include one or more processors that can be programmed to perform a function.
In some implementations, controller 440 may include a RAM, a ROM, and/or another type of dynamic or static storage device (e.g., a flash memory, a magnetic memory, an optical memory, etc.) that stores information and/or instructions for use by controller 440.
In some implementations, controller 440 may communicate with other devices, networks, and/or systems connected to device 400 to exchange information regarding network topology. Controller 440 may create routing tables based on the network topology information, may create forwarding tables based on the routing tables, and may forward the forwarding tables to input components 410 and/or output components 430. Input components 410 and/or output components 430 may use the forwarding tables to perform route lookups for incoming and/or outgoing packets.
Controller 440 may perform one or more processes described herein. Controller 440 may perform these processes in response to executing software instructions stored by a non-transitory computer-readable medium. A computer-readable medium is defined herein as a non-transitory memory device. A memory device includes memory space within a single physical storage device or memory space spread across multiple physical storage devices.
Software instructions may be read into a memory and/or storage component associated with controller 440 from another computer-readable medium or from another device via a communication interface. When executed, software instructions stored in a memory and/or storage component associated with controller 440 may cause controller 440 to perform one or more processes described herein. Additionally, or alternatively, hardwired circuitry may be used in place of or in combination with software instructions to perform one or more processes described herein. Thus, implementations described herein are not limited to any specific combination of hardware circuitry and software.
The number and arrangement of components shown in
As shown in
As further shown in
Process 500 may include additional implementations, such as any single implementation or any combination of implementations described below and/or in connection with one or more other processes described elsewhere herein.
In a first implementation, sending the advertisement is to permit the receiving network device to store, based on the RD and the RT, the address prefix in the global routing and forwarding table of the receiving network device.
In a second implementation, alone or in combination with the first implementation, the advertisement further includes a label.
In a third implementation, alone or in combination with one or more of the first and second implementations, process 500 includes sending, to the receiving network device, another advertisement that includes another address prefix, another RD, and another RT, wherein the other RT indicates that the other address prefix is to be included a virtual routing and forwarding table of the receiving network device.
In a fourth implementation, alone or in combination with one or more of the first through third implementations, sending the other advertisement is to permit the receiving network device to store, based on the other RD and the other RT, the other address prefix in the virtual routing and forwarding table of the receiving network device.
In a fifth implementation, alone or in combination with one or more of the first through fourth implementations, process 500 includes sending, to the receiving network device, another advertisement that includes another address prefix, wherein the other advertisement does not include an RD and does not include an RT.
In a sixth implementation, alone or in combination with one or more of the first through fifth implementations, sending the other advertisement is to permit the receiving network device to store, based on the other advertisement, the other address prefix in the global routing and forwarding table of the third network device.
Although
As shown in
As further shown in
Process 600 may include additional implementations, such as any single implementation or any combination of implementations described below and/or in connection with one or more other processes described elsewhere herein.
In a first implementation, process 600 includes storing, based on determining that the address prefix is to be stored, the address prefix in the global routing and forwarding table of the network device.
In a second implementation, alone or in combination with the first implementation, the advertisement further includes a label.
In a third implementation, alone or in combination with one or more of the first and second implementations, process 600 includes receiving another advertisement that includes another address prefix, another RD, and another RT, wherein the other RT indicates that the other address prefix is to be included a virtual routing and forwarding table of the network device.
In a fourth implementation, alone or in combination with one or more of the first through third implementations, process 600 includes storing, based on the other RT, the other address prefix, in the virtual routing and forwarding table of the network device.
In a fifth implementation, alone or in combination with one or more of the first through fourth implementations, process 600 includes receiving another advertisement that includes another address prefix, wherein the other advertisement does not include an RD and does not include an RT.
In a sixth implementation, alone or in combination with one or more of the first through fifth implementations, process 600 includes storing the other address prefix in the global routing and forwarding table of the network device.
Although
The foregoing disclosure provides illustration and description, but is not intended to be exhaustive or to limit the implementations to the precise forms disclosed. Modifications and variations may be made in light of the above disclosure or may be acquired from practice of the implementations.
As used herein, traffic or content may include a set of packets. A packet may refer to a communication structure for communicating information, such as a protocol data unit (PDU), a service data unit (SDU), a network packet, a datagram, a segment, a message, a block, a frame (e.g., an Ethernet frame), a portion of any of the above, and/or another type of formatted or unformatted unit of data capable of being transmitted via a network.
As used herein, the term “component” is intended to be broadly construed as hardware, firmware, or a combination of hardware and software. It will be apparent that systems and/or methods described herein may be implemented in different forms of hardware, firmware, and/or a combination of hardware and software. The actual specialized control hardware or software code used to implement these systems and/or methods is not limiting of the implementations. Thus, the operation and behavior of the systems and/or methods are described herein without reference to specific software code—it being understood that software and hardware can be used to implement the systems and/or methods based on the description herein.
Even though particular combinations of features are recited in the claims and/or disclosed in the specification, these combinations are not intended to limit the disclosure of various implementations. In fact, many of these features may be combined in ways not specifically recited in the claims and/or disclosed in the specification. Although each dependent claim listed below may directly depend on only one claim, the disclosure of various implementations includes each dependent claim in combination with every other claim in the claim set. As used herein, a phrase referring to “at least one of” a list of items refers to any combination of those items, including single members. As an example, “at least one of: a, b, or c” is intended to cover a, b, c, a-b, a-c, b-c, and a-b-c, as well as any combination with multiple of the same item.
No element, act, or instruction used herein should be construed as critical or essential unless explicitly described as such. Also, as used herein, the articles “a” and “an” are intended to include one or more items, and may be used interchangeably with “one or more.” Further, as used herein, the article “the” is intended to include one or more items referenced in connection with the article “the” and may be used interchangeably with “the one or more.” Furthermore, as used herein, the term “set” is intended to include one or more items (e.g., related items, unrelated items, or a combination of related and unrelated items), and may be used interchangeably with “one or more.” Where only one item is intended, the phrase “only one” or similar language is used. Also, as used herein, the terms “has,” “have,” “having,” or the like are intended to be open-ended terms. Further, the phrase “based on” is intended to mean “based, at least in part, on” unless explicitly stated otherwise. Also, as used herein, the term “or” is intended to be inclusive when used in a series and may be used interchangeably with “and/or,” unless explicitly stated otherwise (e.g., if used in combination with “either” or “only one of”).
Number | Date | Country | Kind |
---|---|---|---|
202241042358 | Jul 2022 | IN | national |