CN-122001459-A - Optical bypass protection system supporting SRv6

Abstract

The application discloses an optical bypass protection system supporting SRv < 6 >, which comprises a protection control module, a switching module and an optical bypass side SRv < 6 > information adding module, wherein the protection control module is used for monitoring the running state of a bypass protection system, the switching module is used for switching between a main path channel and a bypass channel under the control of the protection control module, the main path channel flows through the protection system, the bypass channel is positioned in the optical bypass protection system, the optical bypass side SRv < 6 > information adding module is deployed on the bypass channel and used for carrying out segment routing encapsulation on received messages, and when the switching module is switched to the bypass channel, the optical bypass side SRv < 6 > information adding module is used for reconstructing a destination address of the SRv < 6 > TE message into a segment identification address by constructing SRv TE messages. By using the scheme of the application, the destination address of the SRv TE message is reconstructed into the segment identification address, so that the message reinjected to the main network is decoupled from the original destination IP address logically.

Inventors

• LI HAOCAI
• HE YE
• WAN HAIXIN
• ZHANG SHITONG

Assignees

• 中国大唐集团数字科技有限公司

Dates

Publication Date

20260508

Application Date

20251231

Claims (10)

1. 1. An optical bypass protection system supporting SRv, comprising: The protection control module is used for monitoring the operation state of the bypass protection system; the switching module is used for switching between a main channel and a bypass channel under the control of the protection control module, the main channel flows through the protection system, and the bypass channel is positioned in the optical bypass protection system; An optical bypass side SRv information adding module, which is deployed on the bypass channel and is used for performing segment routing encapsulation on the received message; When the switching module switches to the bypass channel, the optical bypass side SRv information adding module reconstructs the destination address of the SRv TE message into a segment identification address by constructing a SRv TE message.
2. 2. The optical bypass protection system supporting SRv's 6 of claim 1, wherein the optical bypass side SRv information addition module includes: The photoelectric conversion unit is used for converting the input flow to be processed from an optical signal to an optical signal input by an electric signal and converting the optical signal input by the electric signal to an electric signal message; The segment routing information processing unit is electrically connected with the photoelectric conversion unit and is used for carrying out SRv encapsulation on the electric signal message to construct a SRv TE message conforming to the IP in IP format; and the electro-optical conversion unit is electrically connected with the segment routing information processing unit and is used for restoring the packaged message into an optical signal.
3. 3. The optical bypass protection system supporting SRv's 6 as recited in claim 2, further comprising: The protection side receiving and transmitting interface group comprises a first receiving interface R1, a first transmitting interface T1, a second receiving interface R2 and a second transmitting interface T2, and is used for realizing optical connection with the protection system; The network side receiving and transmitting interface group comprises a third transmitting interface T3, a third receiving interface R3, a fourth transmitting interface T4 and a fourth receiving interface R4, and is used for realizing optical connection with a main network; The branching component comprises a first branching device and a second branching device and is used for synchronously outputting downlink traffic received from a main network to the protection side transceiver interface group and the optical bypass side SRv information adding module; The input end of the first branching unit is connected with a third receiving interface R3, and the output end of the first branching unit is respectively connected with a first transmitting interface T1 and the photoelectric conversion unit; the input end of the second branching unit is connected to the fourth receiving interface R4, and the output end of the second branching unit is connected to the second transmitting interface T2 and the electro-optical conversion unit respectively.
4. 4. The optical bypass protection system supporting SRv as recited in claim 3, wherein the switching module includes a first optical switch and a second optical switch; The input end of the first optical switch is respectively connected with the photoelectric conversion unit and the first receiving interface R1, and the output end of the first optical switch is connected with the third transmitting interface T3; the input end of the second optical switch is respectively connected with the electro-optical conversion unit and the second receiving interface R2, and the output end of the second optical switch is connected with the fourth transmitting interface T4.
5. 5. The optical bypass protection system supporting SRv's 6 according to claim 2, wherein the SRv TE message structure constructed by the segment routing information processing unit includes: an outer IPv6 base header, the outer IPv6 base header containing a segment identification address that points to a next hop SRv node; a segmented routing header comprising a list of segments for path planning; and the inner layer message load is an original flow message which reserves an original destination address.
6. 6. The optical bypass protection system supporting SRv as recited in claim 5, wherein said segment identification address comprises: a route locator for identifying a routable address segment of a target node in the primary network; the function symbol is used for defining actions executed by the target node after receiving the message; and the parameter section is used for carrying auxiliary information required by executing the action.
7. 7. The optical bypass protection system supporting SRv as defined in claim 5, wherein the segment routing information processing unit, when constructing SRv TE message, sets a next header field of an outer IPv6 base header to a protocol specific value indicating that the segment routing header is subsequently encapsulated, and sets a routing type field of the segment routing header to a specific protocol value indicating a segment routing type.
8. 8. The optical bypass protection system supporting SRv or 6 according to claim 6, wherein the SRv TE message structure constructed by the segment routing information processing unit further includes a destination option header, and the next header field value of the segment routing header is set to identify and point to the destination option header.
9. 9. The optical bypass protection system supporting SRv as defined in claim 5, wherein the inner layer packet payload is an IPv4 packet or an IPv6 packet.
10. 10. The optical bypass protection system supporting SRv ' 6 according to claim 1, wherein the optical bypass side SRv ' 6 information adding module dynamically generates the SRv TE message according to a traffic engineering policy, and realizes transparent transmission of reinjection traffic to non-SRv 6 nodes in the path through an IPv6 endophytic attribute of SRv ' 6.

Description

Optical bypass protection system supporting SRv6 Technical Field The present application relates generally to the field of communication network security protection. More particularly, the present application relates to an optical bypass protection system supporting SRv. Background Segment Routing (SR) is a packet forwarding mechanism based on the source Routing concept, and as an implementation manner of Software Defined Network (SDN) technology, the SR is gradually replacing the conventional SDN mechanism based on OpenFlow. The SR technique is characterized in that a source node dynamically defines a forwarding path of a data packet, path information is encapsulated in a message header, and nodes in a network forward according to a segment list (SEGMENT LIST) in the message header. The technique distributes segment identities using IGP/BGP as a control plane protocol and supports MPLS (SR-MPLS) or IPv6 (SRv 6) as forwarding planes. Compared with the traditional network, SRv6 utilizes the endogenous attribute of IPv6, an intermediate network node is not required to maintain the global state, and the intermediate node can forward only by supporting the standard IPv6 protocol, so that the complexity and the dependence of network upgrading are greatly reduced. In the field of network security protection, traffic is usually required to be drained to a protection system (such as DDoS cleaning equipment) for cleaning, and the cleaned traffic is required to be reinjected to a protected network. The prior art proposal proposes to utilize SRv technology to carry out flow reinjection, namely, a protection system adds SRv section identification of a router close to a protected network in the cleaned flow, and guides the flow reinjection. Because SRv6 is compatible with common IPv6 forwarding, routers in the middle of the reinjection link do not need to be fully upgraded to support SRv, and network upgrading complexity is reduced. However, to improve the reliability of the system, the protection system typically bypasses the optical Bypass Switch (Bypass Switch). When the protection system has faults such as abnormal heartbeat, power failure, deadlock and the like, the optical bypass protection device can switch the main path channel to the bypass channel so as to ensure the connectivity of the link. However, the existing conventional optical bypass protection device only provides optical path switching at a physical level, does not support SRv functions, and cannot add SRv segments of routing information in a message like a protection system. When the protection system fails (such as power failure and deadlock) to cause the flow to switch to the bypass channel, the conventional device cannot add SRv sections of identification to the message like the protection system. At this time, only the original protected user IP is still reserved in the traffic data as the destination address, so that the main network router forwards the traffic to the protection system side again according to the destination IP after receiving the traffic, thereby causing serious routing loop problem and causing network communication failure. In view of this, it is desirable to provide an optical bypass protection scheme supporting SRv to solve the routing loop problem after bypass switching. Disclosure of Invention To address at least one or more of the technical problems mentioned above, the present application proposes, in various aspects, an optical bypass protection scheme supporting SRv. In a first aspect, the application provides an optical bypass protection system supporting SRv a 6, which comprises a protection control module for monitoring an operation state of a bypass protection system, a switching module for switching between a main path and a bypass path under the control of the protection control module, wherein the main path flows through the protection system, the bypass path is positioned in the optical bypass protection system, an optical bypass side SRv information adding module is disposed on the bypass path and is used for performing segment routing encapsulation on a received message, and when the switching module is switched to the bypass path, the optical bypass side SRv information adding module reconstructs a destination address of the SRv TE message into a segment identification address by constructing SRv TE message. In some embodiments, the optical bypass side SRv information adding module includes a photoelectric conversion unit for converting an input flow to be processed from an optical signal to an electrical signal message, a segment routing information processing unit electrically connected to the photoelectric conversion unit for SRv encapsulation of the electrical signal message to construct a SRv TE message conforming to an IP in IP format, and an electro-optical conversion unit electrically connected to the segment routing information processing unit for reducing the encapsulated message to an optical sig