Search

CN-122001800-A - Configuration method of shared database, traffic redirection method and related equipment

CN122001800ACN 122001800 ACN122001800 ACN 122001800ACN-122001800-A

Abstract

The application discloses a configuration method, a traffic redirection method and related equipment of a shared database, and belongs to the technical field of communication. The method comprises the steps of determining a Border Gateway Protocol (BGP) message according to policy configuration information in first network equipment, wherein the BGP message comprises a target color mark in the policy configuration information, and sending the BGP message to second network equipment, wherein the BGP message is used for configuring a first shared database of the second network equipment, the first shared database comprises the target color mark, and the target color mark is used for indicating the second network equipment to determine a segmented routing policy of target traffic according to the target color mark when determining that the target traffic is attacked. By the method, configuration consistency among network devices can be ensured, the possibility of human configuration errors is reduced, meanwhile, the forwarding surface of the second network device directly interacts with the first shared database, and the security of process interaction is improved.

Inventors

  • ZHANG JIE
  • LU YIFAN

Assignees

  • 中兴通讯股份有限公司

Dates

Publication Date
20260508
Application Date
20241108

Claims (10)

  1. 1. A method for configuring a shared database, comprising: determining a Border Gateway Protocol (BGP) message according to policy configuration information in first network equipment, wherein the BGP message comprises a target color mark in the policy configuration information; and sending the BGP message to a second network device, wherein the BGP message is used for configuring a first shared database of the second network device, the first shared database comprises the target color mark, and the target color mark is used for indicating the second network device to determine the segmented routing strategy of the target flow according to the target color mark when determining that the target flow is attacked.
  2. 2. The method of claim 1, wherein the BGP message further includes an escape identifier in the policy configuration information; The first shared database comprises the escape identifier, and the escape identifier is used for indicating the second network equipment to determine the escape strategy of the target flow based on the path segment identifier corresponding to the escape identifier under the condition that the second network equipment determines that the segmented routing strategy is invalid and the escape identifier is a preset identifier.
  3. 3. The method of claim 1, further comprising, prior to said determining a border gateway protocol BGP message based on policy configuration information in the first network device: configuring a second shared database of the first network device in response to the entered configuration information; And determining policy configuration information in the first network equipment according to the table items in the second shared database.
  4. 4. A method according to claim 3, wherein said determining policy configuration information in said first network device from entries in said second shared database comprises: Acquiring a data entry change notification message, wherein the data entry change notification message is used for indicating that data in the second shared database is changed; and determining policy configuration information in the first network equipment according to the table items in the second shared database after the data change.
  5. 5. A method of traffic redirection, comprising: In response to determining that the target traffic is attacked, the second network device determines a segment routing strategy of the target traffic according to a target color mark matched with the target traffic in a first shared database, wherein the first shared database is configured according to a Border Gateway Protocol (BGP) message sent by the first network device; And redirecting the target traffic to a first transmission path indicated by the segment routing policy.
  6. 6. The method of claim 5, wherein the first shared database further includes escape identifiers, and wherein after determining the segment routing policy for the target traffic based on the target color labels in the first shared database that match the target traffic, further comprises: Determining an escape strategy of the target flow based on a path segment identifier corresponding to the escape identifier under the condition that the segment routing strategy is determined to be invalid and the escape identifier is a preset identifier; redirecting the target flow to a second transmission path indicated by the escape strategy.
  7. 7. The method of claim 6, further comprising, after said redirecting said target flow to said escape policy indicated second transmission path: And redirecting the target flow to a first transmission path indicated by the segment routing policy under the condition that the segment routing policy is determined to be effective in recovery.
  8. 8. A network device comprising a processor and a memory storing a program or instructions executable on the processor, which when executed by the processor, implement the steps of the method of any one of claims 1 to 7.
  9. 9. A computer readable storage medium, characterized in that it stores thereon a program or instructions, which when executed by a processor, implement the steps of the method according to any of claims 1 to 7.
  10. 10. A computer program product comprising a computer program stored on a non-transitory computer readable storage medium, the computer program comprising program instructions which, when executed by a computer, cause the computer to perform the steps of the method of any of claims 1 to 7.

Description

Configuration method of shared database, traffic redirection method and related equipment Technical Field The embodiment of the application relates to the technical field of communication, in particular to a configuration method, a traffic redirection method and related equipment of a shared database. Background Traffic redirection is typically used to redirect certain types of network traffic from one path or network node to another. When the target network device is attacked, the attack traffic can be redirected to other paths or node transmissions to maintain the security and normal operation of the network. However, when traffic is redirected, each network device on the target network device and the redirect path needs to be manually configured, and configuration inconsistencies or errors easily occur. Disclosure of Invention The embodiment of the application provides a configuration method, a traffic redirection method and related equipment for a shared database, which are used for at least solving the problems that the related traffic redirection method needs to configure each piece of network equipment on a target network equipment and a redirection path and is easy to cause inconsistent configuration or configuration errors. In a first aspect, an embodiment of the present application provides a method for configuring a shared database, including determining, according to policy configuration information in a first network device, a border gateway protocol BGP message, where the BGP message includes a target color label in the policy configuration information, and sending the BGP message to a second network device, where the BGP message is used to configure the first shared database of the second network device, and the first shared database includes the target color label, where the target color label is used to indicate that the second network device determines, when determining that a target traffic is attacked, a segment routing policy of the target traffic according to the target color label. In a second aspect, an embodiment of the present application provides a traffic redirection method, where in response to determining that a target traffic is attacked, a second network device determines a segment routing policy of the target traffic according to a target color label matched with the target traffic in a first shared database, the first shared database is configured according to a border gateway protocol BGP message sent by the first network device, and redirects the target traffic to a first transmission path indicated by the segment routing policy. In a third aspect, embodiments of the present application provide a network device comprising a processor and a memory storing a program or instructions executable on the processor, which when executed by the processor, implement the steps of the method according to the first or second aspect. In a fourth aspect, an embodiment of the present application provides a computer readable storage medium, wherein a program or instructions are stored on the computer readable storage medium, which when executed by a processor, implement the steps of the method according to the first or second aspect. In a fifth aspect, embodiments of the present application provide a computer program product comprising a computer program stored on a non-transitory computer readable storage medium, the computer program comprising program instructions which, when executed by a computer, cause the computer to perform the steps of the method as described in the first or second aspect above. In the embodiment of the application, a Border Gateway Protocol (BGP) message is determined according to policy configuration information in first network equipment, the BGP message comprises a target color mark in the policy configuration information, the BGP message is transmitted to second network equipment, the BGP message is used for configuring a first shared database of the second network equipment, the first shared database comprises the target color mark, and the target color mark is used for indicating the second network equipment to determine the segmented routing policy of the target flow according to the target color mark when determining that the target flow is attacked. In this way, the configuration consistency between the network devices can be ensured by configuring the first shared database of the second network device with the BGP message carrying the target color mark, the possibility of human configuration errors is reduced, and meanwhile, the forwarding surface of the second network device directly interacts with the first shared database, thereby being beneficial to improving the security of process interaction. It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application as claimed. Drawings The accompanying drawings, which are incorporated in a