This invention relates to the general field of telecommunications. It more specifically relates to communication methods implemented by entities of a computer system implementing a switching virtual local network, and also the entities and the computer system in question. The invention finds a particularly advantageous, though in no way limiting, application in the context of a small or medium-sized data center, so substantially of a maximum of one hundred machines.
Computer virtualization technology is well-known at present. In its general principle, it consists in creating and executing, on a virtualization platform (currently known as a “host machine”), one or more virtual representations of a computer or of its different resources, such as for example an operating system, a server, an office, a storage system, a network etc. These simulated resources are in all aspects identical to their physical versions located on the client side.
Such a virtualization platform can for example include a plurality of layers, including in particular:
Note that the virtualization technology is not limited to the implementation of virtual machines but also relates, in a manner known per se, to the implementation of sets of containers (also known as “pods”).
Furthermore, virtualization technology can come in several types, such as for example the virtualization of servers and networks, now increasingly in use. This is particularly the case of an increasing number of businesses seeking to concentrate their computer resources in datacenters and thus optimize their virtual computing/processing power, also known by the name “cloud computing”
Also, to support the development of server and network virtualization technology, telecommunications operators have changed their practices. More specifically, these operators until now used physical telecommunications equipment, based on specialized ASIC (Application Specific Integrated Circuit) processors, and physically connected to virtual private networks or VPN) via dedicated interfaces on IP/MPLS routers (IP for Internet Protocol and MPLS for Multi Protocol Label Switching) implementing these VPNs.
Henceforth, said operators are making developments to implement telecommunication services based on Virtual Network Functions or VNFs, which can be more accurately described as software components deployed on virtual machines or on containers in a set of virtualized computer servers. This is for example the case of elementary virtual network functions such as virtual Ethernet bridges (examples: Linux bridge, or else virtual Ethernet switches such as for example OpenVSwitch switches) or else more sophisticated virtual network functions such as mobile network gateways (e.g. Packet Data Network Gateway for 4G mobile networks or User Plane Function for 5G mobile networks).
To connect to a same VLAN (Virtual Local Area Network) Ethernet switching network set up through a datacenter, virtual Ethernet interfaces of VNFs defined over several VPNs of IP/MPLS networks, the solutions deployed until now have the common point of relying on a computer architecture implementing, in each server of the datacenter, a router, known by the name of “PE” (Provider Edge) router, which makes it possible to connect one or more virtual machines, also known as “CE” (Customer Edge) hosts, to the VPNs in question.
Hence, to transport the traffic coming from a source CE host to a destination CE host in an isolated manner in a VPN, the source PE router associated with said source CE host must use a VPN tunnel toward the remote PE router associated with said destination CE host. More specifically, the traffic coming from a source CE host is inserted (encapsulated) into a tunnel by the source PE router, the destination PE router having the function of extracting this traffic from the tunnel so that it can be transmitted to the destination CE host.
Such an implementation, common to solutions of the prior art, has several consequences. Specifically, and firstly, the transmission of traffic through tunnels implies that the source PE router must identify the destination PE router to which the destination CE host is connected. To do this, a switching table associating the addresses of each remote CE host and of the remote PE router attached to this latter is implemented at the level of the source PE router. The result of these considerations is that the source PE router must update the switching table each time a remote host is identified.
Secondly, it is obvious that there is no simple way of inserting (encapsulating) traffic into VPN tunnels, and that not all the solutions that can be implemented are compatible with one another. The result of this is that for a telecommunications operator, a hard limit is placed on the possibility of offering mix-and-match solutions of different service providers within one datacenter.
The end result of the above is that the use of PE routers in servers of a datacenter poses disadvantages in terms of implementation complexity, thus making it difficult to guarantee transfer flow rate performances and also to guarantee fault-free operation. Moreover, this complexity itself incurs a considerable implementation cost which proves incompatible with the current trend towards the concentration of computer resources in datacenters.
This invention has the aim of remedying all or part of the drawbacks of the prior art, particularly those set out above, by proposing a solution which makes it possible to connect interfaces of VNFs defined over several VPNs of IP/MPLS networks to a same Ethernet VLAN switching network of the virtual Ethernet, more simply and less expensively than solutions of the prior art, such as to be able to guarantee transfer flow rate performances and also fault-free operation.
For this purpose, and according to a first aspect, the invention relates to a communication method, the so-called “first method”, implemented by a multiprotocol label switching virtual proxy, the so-called “source proxy”, belonging to a computer system implementing a switching virtual local network, said computer system further including a virtualization management system, a first server wherein said proxy source and a so-called “host source” are connected, a second server wherein a multiprotocol label switching virtual proxy, the so-called “destination proxy” and a host, the so-called “destination host” are connected, said source and destination proxies being connected to the local network and also attached to a communication virtual private network. Said first method includes steps of:
Fundamentally, the first method according to the invention is differentiated from the prior art in that the PE router functions in computer servers are here replaced by proxy functions.
The result of this is that said first method makes it possible to configure the computer system such that the source proxy has for only knowledge, as next hop address, the hardware address of the source host. Since the IP address resolution requests are requests addressed to all the IP hosts over the local virtual switching network, the source proxy can relay them without knowing the hardware address of the destination host. Since the IP address resolution replies are replies addressed to the hardware address of the source host, the source proxy can relay them based solely on the knowledge of the association between the hardware address of the source host and the virtual interface to which it is connected. In this way, the source host is able to retrieve the hardware address of the destination host without approaching the source proxy and by connecting the destination host bearing this next hop IP address to the same switching virtual local network as that to which the interface of the host source is connected.
Said first method moreover makes provision for the tunnel identifier to be identical for all the virtual Ethernet interfaces of VNFs defined on the same private network, which makes it possible to configure this latter a single time per virtual Ethernet interface in the source proxy, at the time of the connection of said source host to said source proxy. Such provisions are particularly advantageous since the tunnel identifier does not depend here on the destination host, thus facilitating the connection of virtual Ethernet interfaces of VNFs defined over several VPNs.
Note that the invention has a particularly advantageous, although in no way limiting, application in the context of a computer system implemented in a datacenter of small or medium size, so substantially one hundred machines maximum, in such a way that Ethernet switches connecting the servers inside the computer system are capable of processing all the Ethernet addresses exposed on the local virtual switching network.
In particular implementations, the first communication method can moreover include one or more of the following features, taken in isolation or in any technical possible combination.
In particular implementations, said first method further includes steps of:
Such provisions allow the source proxy to have the source host passed to the destination proxy as being the source of a VPN tunnel. Reciprocally, the destination proxy is able to have the destination host passed to the source proxy as being the destination of a VPN tunnel. In other words, said source and destination proxies here appear, owing to the invention, as endpoints of a VPN tunnel.
In particular implementations, the tunnel identifier is identical to the identifier of the private network.
In particular implementations, the tunnel identifier is contained in a data table matching the identifier of the private network with said tunnel identifier.
According to a second aspect, the invention relates to a communication method, said “second method”, implemented by a multiprotocol label switching virtual proxy, the so-called “destination proxy”, belonging to a computer system implementing a switching virtual local network, said computer system further including a virtualization management system, a first server wherein a multiprotocol label switching virtual proxy, the so-called “source proxy”, and a host, the so-called “source host”, are connected, a second server wherein said destination proxy and also a so-called “destination host” are connected, said source and destination proxies being connected to the local network and also attached to a communication virtual private network. Said second method includes steps of:
Said second method inherits the same advantages as those mentioned above with reference to said first method.
In particular implementations, the second communication method can further include one or more of the following features, taken in isolation or according to any technically possible combination.
In particular modes of implementation, said second method further includes steps of:
In particular implementations of said first and second methods, a data table containing an identifier used by a proxy is a switching table stored by said proxy.
In particular implementations of said first and second methods, a data table containing an identifier used by a proxy is a switching table stored by a virtual Ethernet bridge to which is connected the host contained in the server hosting said proxy.
According to a third aspect, the invention relates to a computer program including instructions for implementing a first method according to the invention or a second method according to the invention when said program is executed by a computer.
This program can use any programming language, and be in the form of source code, object code, or intermediate code between source code and object code, such as in a partially compiled form, or in any other desirable form.
According to a fourth aspect, the invention relates to an information or recording medium readable by a computer, and on which is recorded a computer program according to the invention.
The information or recording medium can be any entity or device capable of storing the program. For example, the medium can include a storage medium, such as a ROM, for example a CD-ROM or a microelectronic circuit ROM, or else a magnetic recording medium, for example a diskette (floppy disk) or a hard disk.
Moreover, the information or recording medium can be a transmissible medium such as an electrical or optical signal, which can be conveyed via an electrical or optical cable, by radio or by other means. The program according to the invention can in particular be downloaded over a network of Internet type.
Alternatively, the information or recording medium can be an integrated circuit wherein the program is incorporated, the circuit being adapted to be executed or to be used in the execution of the method in question.
According to a fifth aspect, the invention relates to a multiprotocol label switching virtual proxy, the so-called “source proxy”, including means configured to implement a first method according to the invention.
According to a sixth aspect, the invention relates to a multiprotocol label switching virtual proxy, the so-called “destination proxy”, including means configured to implement a second method according to the invention.
According to a seventh aspect, the invention relates to a computer system implementing a switching virtual local network, said computer system including a virtualization management system, a first server wherein a source proxy according to the invention and a so-called “source host” are connected, a second server wherein a destination proxy according to the invention and a host, the so-called “destination host”, are connected, said first and second servers being connected to the local network and also attached to a communication virtual private network.
Other features and advantages of this invention will become apparent from the description given below, with reference to the appended drawings which illustrate an exemplary embodiment therefore without any limitation. In the figures:
In the implementation of
The computer system SI is configured to implement a virtualization of interconnected servers via the virtual network VLAN. For this purpose, and as illustrated in the embodiment of
In this implementation, the computer system SI also includes two computer servers, namely:
Said source PR-S and destination PR-D1 proxies are moreover connected to the local network VLAN.
Although it is considered in
In general, no limitation is attached to the number of servers each including a source proxy/host and to the number of servers each including a destination proxy/host. Of course, neither is any limitation attached to the number of hosts that can be incorporated into a server. For example, a server can host several sources or several destination hosts, or yet again a source host and a destination host, or yet again one or more source hosts and one or more destination hosts.
Finally, no limitation is attached to the number of virtual private networks VPN to which the proxies can be attached. For example, a server may host several source hosts for which a proxy must store in the memory a different identifier for their virtual Ethernet interfaces (here this is an identifier, the so-called “tunnel identifier” as will be described in detail further on).
In accordance with the invention, the source proxy PR-S is configured to carry out processing allowing the source host CE-S to communicate with the destination host CE-D1 within a given communication virtual private network VPN, via the sending of Ethernet frames, and implementing a communication method, the so-called “first method” according to the invention.
The destination proxy PR-D1 is meanwhile configured to carry out processing allowing the destination host CE-D1 to communicate with the source host CE-S within said given virtual private network VPN, via the receipt of Ethernet frames, and implementing a communication method, the so-called “second method” according to the invention.
Note then that for the implementation of said first and second methods, it is considered that said source PR-S and destination PR-D1 proxies are attached to the same given private network VPN such as to allow the source CE-S and destination CE-D1 hosts to communicate with one another.
Conventionally, each host contained in a server is associated with a MAC hardware address and also with an IP address. The way in which a MAC hardware address can be assigned to a host is detailed further on.
Each private virtual network is also associated with an identifier making it possible to distinguish it among other virtual private networks.
For the rest of the description, the notations are used according to which the MAC addresses of the source CE-S and destination CE-D1 hosts are respectively referred to as CE-S MAC@ and CE-D1 MAC@. The notation is also used according to which the IP address of the destination host CE-D1 is referred to as CE-D1 NH@. Finally, the identifier of the virtual private network VPN associated with the source CE-S and destination CE-D1 hosts is meanwhile written VPN-ID.
As illustrated by
The read-only memory 3-S of the source proxy PR-S constitutes a recording medium in accordance with the invention, readable by the processor 1-S and on which is recorded a computer program PROG-S in accordance with the invention, including instructions for executing steps of the first method. The program PROG-S defines functional modules (in this case, these are software modules) of the source proxy PR-S, which rely on or control the hardware elements 1-S to 5-S of the source proxy PR-S previously mentioned, and which particularly comprise:
The communication module 5-S allows the source proxy PR-S to communicate with other entities of the computer system SI, particularly the source host CE-S, the device VNM and the destination proxy PR-D1. It can for example comprise a virtual network card or any other means making it possible to connect to the local network VLAN. Said communication module 5-S particularly incorporates said first, second and third transmitting modules MOD_TX1-S, MOD_TX2-S, MOD_TX3-S and also the receiving module MOD_RX-S.
It should be noted that the tunnel identifier Tunnel-ID corresponds, in this embodiment, to an MPLS label and can be determined in different ways.
Thus, and according to a first exemplary embodiment, the tunnel identifier Tunnel-ID is identical to the identifier VPN-ID of the private network VPN.
According to a second exemplary embodiment, the tunnel identifier Tunnel-ID is contained in a data table matching the identifier VPN-ID of the private network VPN with said tunnel identifier Tunnel-ID. In other words, in this second example, said data table is a table taking as input private network identifiers (including the identifier VPN-ID) and supplying as output tunnel identifiers respectively associated with said private network identifiers.
Said data table for example corresponds to a switching table stored by the source proxy PR-S, or else, alternatively, to a switching table stored by a virtual Ethernet bridge to which is connected the source host CE-S contained in the server SERV-1 hosting said source proxy PR-S.
As illustrated by
The read-only memory 3-D1 of the destination proxy PR-D1 constitutes a recording medium in accordance with the invention, readable by the processor 1-D1 and on which is recorded a computer program PROG-D1 in accordance with the invention, including instructions for executing the steps of the second method. The program PROG-D1 defines functional modules (in this case, these are software modules) of the destination proxy PR-D1, which rely on or control the hardware elements 1-D1 to 5-D1 of the destination proxy PR-D1 previously mentioned, and which particularly comprise:
The communication module 5-D1 allows the destination proxy PR-D1 to communicate with other entities of the computer system SI, in particular the source host CE-S, the device VNM and the source proxy PR-S. It may for example comprise a virtual network card or any other means making it possible to connect to the local network VLAN. Said communication module 5-D1 particularly incorporates said first, second and third transmitting modules MOD_TX1-D1, MOD_TX2-D1, MOD_TX3-D1 and also the receiving module MOD_RX-D1.
It should be noted that, according to dispositions similar to those described above as regards the possibilities of determination of the tunnel identifier Tunnel-ID, the data table used by the checking module MOD_VERIF-D1 can for example correspond to a switched table stored by the destination proxy PR-D1, or yet again to a switching table stored by a virtual Ethernet bridge to which is connected the destination host CE-D1 contained in the server SERV-2 hosting said destination proxy PR-D1.
As illustrated by
On receiving the request REQ1, the device VNM chooses a MAC hardware address for the source host CE-S during a step E20 of said general method. In this implementation, said MAC hardware address is denoted CE-S MAC@, in accordance with the notation previously introduced.
Once the address CE-S MAC@ is chosen, said general method includes a step E30 of transmitting the request REQ1, from the device VNM to the source proxy PR-S. Given that a MAC hardware address has been chosen for the source host CE-S, said request REQ1 now includes a request for association of the hardware address CE-S MAC@ with a tunnel identifier Tunnel-ID associated with the identifier VPN-ID.
According to this implementation, said identifier Tunnel-ID is contained in a data table TAB-S stored by the source proxy PR-S, said table TAB-S matching the VPN-ID of the private network VPN with said tunnel identifier Tunnel-ID.
Following the transmission of said request REQ1 to the source proxy PR-S, the general method includes a step E40 of executing the request REQ1 by the source proxy PR-S. More specifically, said step E40 is implemented by the executing module MOD_EXE-S equipping the source proxy PR-S and is an integral part, in this implementation, of said first method.
Note that once the hardware address CE-S MAC@ is chosen by the device VNM, it is communicated to the device VIM by said device VNM. This is the subject of a step E50 of the general method, as illustrated by
In the implementation illustrated by
Note that the sending of the request is done in accordance with an address resolution protocol “ARP” (Address Resolution Protocol) in the case of IPv4 addresses, or else in accordance with an address resolution protocol “ICMPv6” (Internet Control Message Protocol version 6) in the case of IPv6 addresses, both known to those skilled in the art as hardware address resolution protocols usable within a switching virtual local network VLAN.
Also, on receiving the request REQ2, the source proxy PR-S transmits said request REQ2 to the destination proxy PR-D1 during a step E80 of the general method. More specifically, said step E80 is implemented by the first transmitting module MOD_TX1-S equipping the source proxy PR-S and is an integral part, in this implementation, of said first method.
On receiving the request REQ2, the destination proxy PR-D1 transmits said request REQ2 to the destination host CE-D1 during a step E90 of the general method. More specifically, said step E90 is implemented by a first transmitting module MOD_TX1-D1 equipping the destination proxy PR-D1 and is an integral part, in this implementation, of said second method.
On receiving the request REQ2, the destination host CE-D1 replies to said request REQ2 by transmitting, during a step E100 of the general method, a reply REP_REQ2 to the destination proxy PR-D1, said reply including the hardware address CE-D1 MAC@.
Note that the assignment of the address CE-D1 MAC@ to the destination host can, according to a particular exemplary implementation of the general method (example not shown on
Of course, the fact of considering such an exemplary determination of the address CE-D1 MAC@ constitutes only one variant implementation of the invention. Also, nothing precludes said address CE-D1 MAC@ from being determined prior to the implementation of the general method according to any method known to those skilled in the art.
On receiving said reply REP_REQ2, the destination proxy PR-D1 transmits said reply REP_REQ2 to the source proxy PR-S during a step E110 of the general method. More specifically, said step E110 is implemented by the second transmitting module MOD_TX2-D1 equipping the destination proxy PR-D1 and is an integral part, in this implementation, of said second method.
On receiving said reply REP_REQ2, the source proxy PR-S transmits said reply REP_REQ2 to the source host CE-S during a step E120 of the general method. More specifically, said step E120 is implemented by the second transmitting module MOD_TX2-S equipping the source proxy PR-S and is an integral part, in this implementation, of said first method.
It should be noted that the general method is here described according to an implementation for which the computer system SI includes only a single destination proxy (in this case, it is the destination proxy PR-D1 of
Moreover, in the implementation illustrated by
The source IP address attached to this IP packet is denoted VPN_IP-S@ in
The general method then includes a step E140 of receiving, from the source host CE-S, the frame TRAM_E by the source proxy PR-S. More specifically, said step E140 is implemented by the receiving module MOD_RX-S equipping the source proxy PR-S and is an integral part, in this implementation, of said first method.
On receiving the frame TRAM_E, the source proxy PR-S inserts into said frame TRAM_E, and during a step E150 of the general method, the tunnel identifier Tunnel-ID between the hardware addresses CE-S MAC@, CE-D1 MAC@ and the IP packet. More specifically, said step E150 is implemented by the inserting module MOD_INSERT-S equipping the source proxy PR-S and is an integral part, in this implementation, of said first method.
The insertion of the identifier Tunnel-ID into the frame TRAM_E is symbolized in
Note that if the IP packet encapsulated into the frame TRAM_E is compliant with an IPv6 packet, it can be checked, before inserting the tunnel identifier Tunnel-ID and following a particular exemplary embodiment, that said IP packet does not include a message (request or reply) for resolution of an ICMPv6 address. Such a check is here performed by the inserting module MOD_INSER-S in this special case of implementation.
However, the choice consisting in carrying out such a check only constitutes a variant of implementation of the step E150, and it is of course possible to envision yet other variants.
Specifically, unlike the IP packets, which have the purpose of being transferred by a router from a VLAN to another VLAN, the hardware address resolution messages can only be exchanged inside a switching local network VLAN. Also, for next hop IP addresses of IPv4 type (version 4 of the IP protocol), the messages of the ARP protocol are directly encapsulated on Ethernet and can therefore not come leave a VLAN. However, for next hop IP addresses of IPv6 type (version 6 of the IP protocol), the messages of the ICMPv6 protocol are encapsulated in IP on Ethernet and use specific IPv6 addresses, such as LLA (Link-Local Address) or SNMA (Solicited-Node Multicast Address) the format of which defined in the RFC 4861 standard of the IETF allows them to be easily recognized by the routers to avoid treating them as IP packets. Moreover, IP packets of IPv6 type use different IPv6 addresses, known as GUA (Global Unicast Address) for which the standard format, different from the LLA or SNMA addresses, allows them to be easily recognized by the routers to authorize their transfer to other VLAN than those on which they were received.
In other words, it is possible, following another exemplary implementation and based on the abovementioned considerations, to determine whether or not an IPv6 packet includes an address resolution message, this time by carrying out a check pertaining to the destination address used (LLA and SNMA, or else GUA).
By way of illustration, an example of a check based on the type of destination addresses can consist in checking:
Another example of a check based on the protocol number contained in the IP header can consist in checking:
Once the identifier Tunnel-ID is thus inserted, the frame TRAM_E is transmitted by the source proxy PR-S to the destination proxy PR-D1. This is the subject of a step E160 of the general method, as illustrated in
The general method then includes a step E170 of receiving, from the source proxy PR-S, the frame TRAM_E by the destination proxy PR-D1. More specifically, said step E170 is implemented by the receiving module MOD_RX-D1 equipping the destination proxy PR-D1 and is an integral part, in this implementation, of said second method.
On receiving said frame TRAM_E, the destination proxy PR-D1 checks, during a step E180 of the general method, whether the identifier Tunnel-ID, inserted between said hardware addresses CE-S MAC@, CE-D1 MAC@ and the IP packet, matches an identifier, the so-called “second identifier”, contained in a data table TAB-D1 matching the hardware address CE-D1 MAC@ of the destination host CE-D1 with said second identifier. More specifically, said step E180 is implemented by the checking module MOD_VERIF-S equipping the destination proxy PR-D1 and is an integral part, in this implementation, of said second method.
Note in this implementation, said data table TAB-D1 is stored by the destination proxy PR-D1.
Finally, if the match check between the tunnel identifier Tunnel-ID and said second identifier is positive, the destination proxy PR-D1 removes the identifier Tunnel-ID from the frame TRAM_E during a step E190. More specifically, said step E190 is implemented by the removing module MOD_DELET-D1 equipping the destination proxy PR-D1 and is an integral part, in this implementation, of said second method.
Furthermore, following the removal of the identifier Tunnel-ID, the destination proxy PR-D1 transmits the frame TRAM_E to the destination host CE-D1 during a step E200. More specifically, said step E200 is implemented by the third transmitting module MOD_TX3-D1 equipping the destination proxy PR-D1 and is an integral part, in this implementation, of said second method.
The destination IP address attached to this IP packet is denoted VPN_IP-D1@ in
As can be seen in this
Note that the Ethernet frame TRAM_E can include as an option one or more identifiers of VLAN S-VLAN or C-VLAN type known to those skilled in the art, one or the other of which can serve as identifier to the Ethernet switches to which the computer servers SERV-1 and SERV-2 are connected, to recognize, among others, the frames to be switched within the switching virtual local network VLAN to which the proxies PR-S and PR-D1 can be connected.
Here we are describing in more detail the steps for the transmission of the frame TRAM_E. Thus, when the source host CE-S must transmit an IP packet toward the destination host CE-D1 (more specifically toward a prefix announced by the host CE-D1, this prefix corresponding to the IP address VPN_IP-D1@ mentioned above), the source host CE-S finds, in a routing table stored in its memory, the route to the prefix in question (i.e. said route can therefore be seen as a next hop IP address), then, in a resolution table which it also stores in its memory, the address CE-D1 MAC@ of the destination host CE-D1 associated with the route in question. Said source host CE-S then inserts into the IP packet in the ethernet frame TRAM_E which is then transmitted toward the address CE-D1 MAC@ of the destination host CE-D1 on the corresponding interface.
When the Ethernet frame TRAM_E is received by the virtual Ethernet bridge on the virtual interface to which the source host CE-S is attached, the source proxy PR-S adds the tunnel identifier Tunnel-ID just above the header of the IP packet by changing the IP Ethertype for an MPLS Ethertype in the original Ethernet frame TRAM_E. This latter is then transmitted by the source proxy PR-S on the VLAN associated with the virtual Ethernet bridge on the physical interface of the computer server SERV-2 hosting the destination host CE-D1. The destination proxy PR-D1 checks the consistency of the identifier Tunnel-ID and, in the event of a positive check, removes this identifier Tunnel-ID and transmits the IP packet directly in the frame Ethernet frame TRAM_E to the virtual Ethernet bridge associated with the VLAN, which transfers it toward the destination host CE-D1 through its virtual attachment interface.
In summary, the general method, and therefore particularly said first and second methods, makes it possible to define a transfer plan advantageously making it possible to connect, over the network VLAN set up through the datacenter DC, virtual Ethernet interfaces of virtual network functions defined over a plurality of private networks VPNs.
Moreover, the general method, and therefore in particular said first and second methods, has been described until now, considering the sending and receiving of an IP packet by means of an Ethernet frame, via the steps E130 to E200. It should however be noted that the implementation of these steps is optional, the general method being specifically able to be limited to the steps E10 to E120 alone.
The fact of implementing steps E10 to E120 alone already makes it possible to configure the computer system SI such that the source proxy PR-S has for only knowledge, as the next hop address, the hardware address of the source host CE-S. Since the IP address resolution requests are requests addressed to all the IP hosts on the Ethernet switching network VLAN, the source proxy PR-S can relay them without knowing the hardware address of the destination IP host. Since the IP address resolution replies are replies addressed to the hardware address of the source host CE-S, the source proxy PR-S can relay them based solely on the knowledge of the association between the hardware address of the source host CE-S and the virtual interface to which it is connected. In this way, the source host CE-S is able to find the hardware address CE-D1 MAC@ of the destination host CE-D1 without querying the source proxy PR-S and by connecting the destination host CE-D1 bearing the next hop IP address on the same VLAN as that to which the source host CE-S interface is connected.
Number | Date | Country | Kind |
---|---|---|---|
FR2014054 | Dec 2020 | FR | national |
Filing Document | Filing Date | Country | Kind |
---|---|---|---|
PCT/FR2021/052274 | 12/10/2021 | WO |