WO2008011818A1 - Method of realizing hierarchy-virtual private lan service and network system - Google Patents

Method of realizing hierarchy-virtual private lan service and network system Download PDF

Info

Publication number
WO2008011818A1
WO2008011818A1 PCT/CN2007/070200 CN2007070200W WO2008011818A1 WO 2008011818 A1 WO2008011818 A1 WO 2008011818A1 CN 2007070200 W CN2007070200 W CN 2007070200W WO 2008011818 A1 WO2008011818 A1 WO 2008011818A1
Authority
WO
WIPO (PCT)
Prior art keywords
virtual private
area network
router
autonomous system
network service
Prior art date
Application number
PCT/CN2007/070200
Other languages
French (fr)
Chinese (zh)
Inventor
Guoyi Chen
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Publication of WO2008011818A1 publication Critical patent/WO2008011818A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]

Definitions

  • the present invention relates to the field of communications, and in particular, to a method and network system for implementing a layered virtual private local area network service.
  • IP Internet Protocol
  • the MPLS L2VPN Multiple Protocol Label Switched L2 Virtual Private Network
  • QOS Quality of service
  • Virtual Private LAN Service is a point-to-multipoint application architecture of MPLS L2VPN. It borrows the idea of LAN (Local Area Network) and builds a virtual LAN service using IP/MPLS technology. Provides transparent Ethernet data transmission. From the user's point of view, the operator connects the network around itself like a large switch.
  • the VPLS technology solves the limitation of the traditional switch virtual local area network (VLAN) ID. For example: The switch can only provide 4096 VLAN IDs, and each user needs at least one VLAN ID. These restrictions are applicable to the network. Both scalability and large-scale deployments can cause problems, and the Signalling Transfer Point (STP) protocol needs to be run to prevent network loops and increase the burden on the network.
  • Figure 1 shows the typical network structure of VPLS.
  • Martini VPLS uses the Label Distribution Protocol (LDP) as the signaling for establishing the virtual link (PW, Pseudo Wire).
  • LDP Label Distribution Protocol
  • PW virtual link
  • Pseudo Wire virtual link
  • the automatic discovery mechanism is not defined. , need to be manually configured to complete the discovery of the service provider edge (PE, Provider Edge) router, so there is scalability problem;
  • Kompella VPLS uses Border Gateway Protocol (BGP) as the signaling to establish PW, automatic discovery mechanism Also done with BGP.
  • Border Gateway Protocol BGP
  • a method for implementing a layered virtual private LAN service in the prior art is a Martini VPLS Hierarchy-Virtual Private LAN Service (H-VPLS) scheme, as shown in FIG. 1: All PE routers 10 In a network plane, all PE routers 10 need to establish a full connection, and all user edge (CE, Customer Edge) routers 20 are also directly connected to the PE router 10; or as shown in FIG. 2, the PE router 10 in the backbone network The number is reduced. Some CE routers 20 are connected to the User-facing Provider Edge (UPE) router 12; with this improvement, the full connectivity and signaling overhead of the PE 10 in the backbone network is reduced a lot.
  • UEE User-facing Provider Edge
  • NPE Network core Provider Edge
  • the other NPE routers 11 and the local UPE routers 12 need to be concerned.
  • the UPE router 12 only the CEs directly connected to them are concerned.
  • Router 20 and NPE router 11. The forwarding plane of the VPLS is forwarded through the destination medium access control (MAC) address.
  • MAC medium access control
  • the PE router 10 in the flat network structure shown in FIG. 1 needs to complete forwarding to all CE routers 20 and other PE routers 10, in the network structure shown in FIG. It only needs to be forwarded to a small number of CE routers 20, UPE routers 12 and other NPE routers 11, so that the impact of the "first packet" on the NPE router 11 can be reduced.
  • Martini H-VPLS can only solve the problem of an autonomous system because it is based on LDP, Interior Gateway Protocol (IGP), and PWE3 (Pseudowire Emulation Edge to Edge). Cannot be deployed across autonomous systems; Because there is no automatic discovery mechanism, you need to manually configure it. This requires a lot of manual configuration, which is very unfavorable for maintenance management. Therefore, Martini H-VPLS is not suitable for operators to deploy VPLS on a large scale.
  • IGP Interior Gateway Protocol
  • PWE3 Pseudowire Emulation Edge to Edge
  • H-VPLS scheme of Kompella VPLS uses a route reflector to reduce a large number of PEs.
  • the router has a full mesh problem.
  • all PE routers and the route reflector establish an internal border gateway protocol (IBGP) connection by configuring a route reflector.
  • IBGP internal border gateway protocol
  • ORF outbound route filter
  • RTF Route Target Filter
  • the H-VPLS solution of Kompella VPLS only solves the problem of full mesh of a large number of PE routers, and can limit the distribution of unnecessary routing information. It does not solve the problem that each PE router maintains a large number of PWs and "first packet".
  • the problem of replication that is, each PE router needs to maintain almost all PWs, and the "first packet" needs to be copied to all local CE router interfaces and PW interfaces.
  • the packets broadcasted by the entire network in an AS need to pass through each PW belonging to the VPLS instance.
  • Other ASs send, these PWs may all be mapped to the same physical link, so there are a large number of "repetitive messages, transmitted between ASs, occupying a lot of inter-domain path bandwidth, that is, the communication autonomous system There will be multiple virtual links between them, causing "repetitive messages" to be sent multiple times between autonomous systems.
  • the embodiments of the present invention provide a method and a network system for implementing a layered virtual private local area network service, which can reduce resource waste and improve bandwidth utilization in the file forwarding process.
  • Embodiments of the present invention provide a method for implementing a layered virtual private local area network service, including the steps of: dividing a virtual private local area network service network according to an autonomous system; establishing a network connection between service provider edge routers in each autonomous system, and for each Virtual private LAN service instances establish virtual links between service provider edge routers; between each autonomous system that communicates with each virtual private office The domain network service instance establishes a virtual link; the user edge router uses the established virtual link for communication.
  • the embodiment of the invention provides a network system for implementing a hierarchical virtual private local area network service, where the virtual private local area network service network is divided according to an autonomous system, including:
  • a service provider edge router configured to establish a network connection within each autonomous system, and establish a virtual link for each virtual private local area network service instance
  • An autonomous system border router for establishing a virtual link for each virtual private area network service instance between autonomous systems that communicate;
  • User edge router used to communicate with the established virtual link.
  • the embodiment of the present invention reduces the virtual link by establishing only a virtual link between the service provider edge routers in the autonomous system and establishing only one virtual link between the autonomous systems for each virtual private local area network service instance.
  • FIG. 1 is a typical network structure diagram of a prior art VPLS
  • FIG. 2 is a schematic diagram of a prior art network structure
  • FIG. 3 is a network structure diagram of an embodiment of the present invention.
  • Figure 4 is a flow chart of the first embodiment of the present invention.
  • Figure 5 is a flow chart of a second embodiment of the present invention.
  • Figure 6 is a flow chart of a third embodiment of the present invention.
  • FIG. 7 is a schematic structural diagram of an ASBR in a network system structure according to an embodiment of the present invention.
  • FIG. 8 is a schematic structural diagram of a PE router in a network system structure according to an embodiment of the present invention.
  • the embodiments of the present invention provide a method for implementing a layered virtual private local area network service, which is used to reduce resource waste and improve bandwidth utilization in a message forwarding process.
  • the embodiment of the present invention can implement H-VPLS by using BGP extension.
  • VPLS delivers data traffic between sites in each VPN by establishing a fully-connected PW between PE routers on the IP/MPLS backbone network.
  • the ingress PE Ingress
  • the router receives the data packet and queries the Forwarding Data Base (FDB) table according to the destination MAC address of the packet. If the corresponding entry is found, the data packet is forwarded to the corresponding outgoing interface PE according to the entry.
  • Egress PE Egress PE
  • the Egress PE router receives the data packet sent from the PW, and the corresponding VPLS instance.
  • the corresponding interface is forwarded to the corresponding interface. If the corresponding interface is not found, the VPLS instance is broadcast to all non-PW interfaces and the source MAC address is learned. After receiving the packet, the CE router forwards the packet forwarding process according to the forwarding process described above, and learns the source MAC address. After learning the MAC address, the subsequent data traffic is learned. The MAC address is forwarded as if it were a large switch. At the same time, the VPLS also provides the MAC address aging function. If a MAC address entry is not accessed within a certain period of time, the MAC address entry will be deleted.
  • FIG. 3 it is a structural diagram of a network system for implementing a layered virtual private local area network service according to an embodiment of the present invention.
  • the VPLS network is divided into the first AS 31, the second AS 32, and the third AS 33 according to the AS (Autonomous System); the PE router is classified into an NPE router or a UPE router, an NPE router, or a UPE according to the network level of the AS.
  • the router establishes a network connection in each autonomous system and establishes a virtual link for each VPLS instance.
  • An autonomous system border router (ASBR) is used for each virtual private local area network between the autonomous systems that perform communication.
  • the service instance establishes a virtual link; the CE router uses the established virtual link for communication.
  • ASBR autonomous system border router
  • the first AS 31 is a first-level network
  • the second AS 32 and the third AS 33 are second-level networks.
  • the first ASBR 301 is an ASBR connected to the first AS 31 in the second AS 32.
  • the second ASBR 302 is the ASBR connected to the second AS 32 in the first AS 31; likewise, the third ASBR 303 is the ASBR connected to the third AS 32 in the first AS 31, and the fourth ASBR 304 is the third AS 33 The ASBR connected to the first AS 31.
  • VPN 1 and VPN 2 there are two VPNs, VPN 1 and VPN 2, and their sites are distributed among the above three ASs, among which the first CE router 201, the third CE router 203, the fourth CE router 204, the fifth CE router 205, and the seventh CE Router 207, ninth CE router 209, eleventh CE router 211 belong to VPN1, wherein second CE router 202, sixth CE router 206, eighth CE router 208, tenth CE router 210, twelfth CE router 212, The thirteenth CE router 213 belongs to VPN 2.
  • the first embodiment of the present invention includes the following steps:
  • the VPLS network is divided into autonomous systems.
  • a network connection is established between PE routers in each autonomous system.
  • a virtual link between the PE routers is established for each VPLS instance in the autonomous system, and a virtual link is established for each VPLS instance between the autonomous systems that communicate with each other.
  • the CE router uses the established virtual link for communication.
  • a second embodiment of the present invention includes the following steps:
  • the VPLS network is divided into ASs.
  • a network connection is established between PE routers in each autonomous system.
  • This step more specifically includes:
  • the first ASBR creates network layer reachability information.
  • the second ASBR creates network layer reachability information.
  • the first ASBR allocates a label block according to the created network layer reachability information.
  • the second ASBR allocates a label block according to the created network layer reachability information.
  • the first ASBR sends the network layer reachability information and the label block to the second ASBR.
  • the second ASBR sends the network layer reachability information and the label block to the first ASBR. P4) selecting a label block;
  • the second ASBR selects the corresponding label block as the multi-association of sending data to the first ASBR.
  • the first ASBR selects a corresponding label block as a multi-protocol label switching label that sends data to the second ASBR.
  • the first ASBR receives the routing information sent by the second ASBR, and the second ASBR receives the routing information sent by the first ASBR.
  • the BGP community attribute NO—ADVERTISE is set, so that the received route is no longer sent to any other neighbors.
  • the CE router uses the established virtual link for communication.
  • the second embodiment of the present invention provides an implementation step of establishing only one virtual link for each VPLS instance in the autonomous system.
  • the third embodiment of the present invention includes the following steps:
  • the VPLS network is divided into autonomous systems.
  • a network connection is established between PE routers in each autonomous system.
  • a virtual link between PE routers is established for each VPLS instance in the AS.
  • the network layer reachability information and the label block are sent to the second ASBR.
  • the second ASBR selects a corresponding label block as a multi-protocol label switching label for transmitting data to the first ASBR.
  • the ASBR receives routing information. S9) setting a community attribute;
  • the BGP community attribute NO—ADVERTISE is set, so that the received route is no longer sent to any other neighbors.
  • the UPE router finds the VPLS instance to which it belongs based on the interface connected to the CE router.
  • the FDB table is queried according to the VPLS instance.
  • step S14 determining whether the entry exists in the table, and if yes, proceeding to step S14), if not, proceeding to step S15);
  • the message is broadcast to all interfaces in the instance.
  • the interface that correctly receives the packet is called the correct receiver.
  • the address learning includes receiving feedback from the correct recipient; recording the communication path with the correct recipient and storing it in the FDB table.
  • the FDB table In order to ensure that the FDB table is not too large, it needs to be cleaned up, that is, some entries that have not been used for a long time can be set.
  • the threshold time can be set before the system is run.
  • the FDB table is searched. If the entry is not used, the entry is aged. It can be understood that the retrieval of the FDB table does not necessarily need to be performed after the address learning is completed, or at other times.
  • the third embodiment of the present invention mainly increases the address learning and the steps of aging the entries that are not used for a long period of time compared with the first embodiment and the second embodiment.
  • the ASBR includes at least a receiving unit 71 and a setting unit 72, and may further include an information generating unit 73, a sending unit 74, a selecting unit 75, and Packaging unit 76; wherein:
  • the information generating unit 73 creates network layer reachability information (NLRI) according to the VPLS service instance and divides the packet into the west;
  • NLRI network layer reachability information
  • the message encapsulating unit 76 adds the allocated label to the packet and encapsulates it into a multi-protocol label exchange message;
  • the sending unit 74 sends the NLRI and the label block to the ASBR that communicates with it;
  • Receiving unit 71 receives routing information sent by the ASBR with which it communicates;
  • the setting unit 72 sets the community attribute of the edge gateway protocol
  • the selecting unit 75 selects a corresponding tag from the tag blocks in the routing information according to its own identifier as a multi-protocol label switching tag that transmits data to the ASBR with which it communicates.
  • the PE router includes a first searching unit 81, a second searching unit 82, a forwarding unit 83, and an address learning unit 84, where:
  • the first searching unit 81 queries the VPLS service instance to which the NPE router belongs.
  • the second searching unit 82 performs forwarding of the database table lookup in the instance according to the address carried in the packet;
  • the message forwarding unit 83 is configured to: when the second search unit finds the corresponding entry, forward the packet to the interface specified by the entry; when the second search unit does not find the corresponding entry, it will report The text is broadcast to all interfaces in the instance;
  • the address learning unit 84 is configured to perform address learning when the second search unit does not find the corresponding entry.
  • the address learning unit 84 includes at least a receiving subunit and a recording subunit, and may further include a processing subunit, and a preset subunit.
  • the receiving subunit receives the feedback information of the correct receiving party;
  • the subunit records the communication path with the correct receiver and stores it in the forwarding database table.
  • the preset subunit sets the aging threshold time.
  • the processing subunit aging the forwarding database entries that are not used after the aging threshold time.
  • the first ASBR 301 has a VPLS instance of the autonomous system.
  • the first ASBR 301 has VPLS 1 and VPLS 2.
  • the first ASBR 301 creates two NLRIs according to the two VPLSs, and allocates two different ACLs.
  • the label block, the next hop is the first ASBR 301, and then the two NLRIs are sent to the second ASBR 302.
  • the second ASBR 302 is based on its own VPLS edge device identifier (VE ID, The Vpls Edge Device Identifier selects an appropriate label from the label block as the MPLS label for the second ASBR 302 to send data to the first ASBR 301.
  • VE ID The Vpls Edge Device Identifier
  • the second ASBR 302 also creates two NLRIs, and respectively allocates one label block.
  • the next hop is the second ASBR 302, and then the two NLRIs are sent to the first ASBR 301.
  • the first ASBR 301 After receiving the two NLRIs, the first ASBR 301 also selects the appropriate label according to its own VE ID as the second.
  • the ASBR 302 sends the MPLS label of the data; the same is true for the label distribution process between the third ASBR 303 and the fourth ASBR 304; after receiving these routes, these ASBRs cannot be sent to any other neighbors (through the BGP community). NO- ADVERTISE property can be easily done), so that between the ASBR, for each VPLS instance, only one virtual link.
  • the communication between the CE routers using the established virtual link can be as follows:
  • the first CE router 201 encapsulates the MAC address of the second CE router 202 on the packet to be sent to the second CE router 202 as the destination MAC address, and sends it to the second UPE router 122, the second UPE router.
  • the VPLS instance is found according to the interface connected to the first CE router 201.
  • VPLS 1 searches for the FDB table in the VPLS instance according to the destination MAC address. If the related entry is found, the data is forwarded according to the entry.
  • the packets sent by the PW are tagged with two layers. The inner layer is the private network label and the outer layer is the tunnel label.
  • the source MAC address is learned at the same time.
  • the first ASBR 301 After the data packet arrives at the first ASBR 301, the first ASBR 301 first determines which VPLS instance the data belongs to according to the inner label of the data packet, that is, which VPN; and then performs the destination MAC address lookup in the FDB table of the associated VPLS. If the related entry is found, the data is forwarded to the outbound interface of the entry. Similarly, if it is the first packet, there is usually no related FDB entry, so the data needs to be sent to the VPLS 1 instance. In the case of the first scenario, the second CE router 202 is directly connected to the first ASBR 301. Therefore, when the first ASBR 301 broadcasts to the local interface, the first ASBR 301 is broadcasted to the local interface. The data packet is sent to the second CE router 202;
  • the second CE router 202 After receiving the data packet, the second CE router 202 sends a response packet to the first CE router 201, and the response packet uses the MAC address of the first CE router 201 as the destination MAC address, and sends the data packet to the first ASBR 301;
  • the first ASBR 301 determines the VPLS according to the interface connected to the second CE router 202, and then performs the destination MAC address lookup in the FDB table in the VPLS 1. Since the first ASBR 301 has already performed MAC learning, it should be The FDB entry can be found.
  • the outbound interface corresponding to the entry is the virtual link interface of the first ASBR 301 to the second UPE router 122. At this time, the first ASBR 301 is allocated to the first ASBR by the second UPE router 122.
  • the label of the 301 is used as the inner label of the label stack, and then the tunnel label between the first ASBR 301 and the second UPE router 122 is encapsulated into an MPLS packet and sent to the second UPE router 122 to learn the source MAC address.
  • the second UPE router 122 finds the corresponding VPLS instance according to the inner label: VPLS 1, in the FDB of VPLS 1.
  • the destination MAC address is searched. Since the second UPE router 122 has learned the source MAC address, the corresponding FDB entry should be found.
  • the outbound interface corresponding to the entry is the interface connected to the first CE router 201.
  • the MAC learning is also performed; thus, the bidirectional path between the first CE router 201 and the second CE router 202 is opened, and the first CE router 201 and the second CE router 202 are connected. Data is forwarded on the same switch as the two interfaces in the same VLAN.
  • the communication process is as follows: 1. Referring to FIG. 3, the first packet sent by the first CE router 201 to the third CE router 203 also needs to undergo the communication process in the first case, and the first ASBR 301 is in the second ASBR 302. Before the packet is sent, the label allocated to the first ASBR 301 by the second ASBR 302 in the VPLS 1 is encapsulated into an MPLS packet and then sent to the second ASBR 302. The second ASBR 302 determines the VPLS to which the label belongs. It is VPLS 1; the second ASBR 302 performs MAC address lookup in the FDB table of VPLS 1.
  • the data is forwarded to the corresponding interface; likewise, if it is the first packet, there is usually no related table.
  • the second ASBR 302 broadcasts the data packet to all the local interfaces and the PW interface in the VPLS 1, and performs source MAC address learning at the same time;
  • the third CE router 203 Since the third CE router 203 is connected to the second ASBR 302, after receiving the data packet, the third CE router 203 performs a data packet response, and the responding data packet uses the MAC address of the first CE router 201 as the destination MAC.
  • the second ASBR 302 determines the VPLS to which it belongs according to the interface connected to the third CE router 203, here is VPLS 1; the second ASBR 302 performs MAC address lookup in VPLS 1, due to The second ASBR 302 has previously learned the source MAC address.
  • the second ASBR 302 can find the corresponding entry, and the outbound interface corresponds to the PW of the second ASBR 302 to the first ASBR 301 according to the found entry.
  • the first ASBR 301 is encapsulated with the label allocated by the first ASBR 301 for the second ASBR 302, and then sent to the first ASBR 301.
  • the first ASBR 301 determines the VPLS to which the VPLS belongs according to the label: VPLS 1, An ASBR 301 continues to perform MAC address lookup in VPLS 1.
  • the outbound interface corresponding to the entry is the PW between the first ASBR 301 and the second UPE router 122, and subsequent The forwarding operation is the same as the communication process in the first case described above; thus the first CE router 201 and the second CE router 203 can perform normal communication.
  • the second ASBR 302 broadcasts in the VPLS 1 of the first AS 31, and the first packet is The packet encapsulates the two-layer label and sends it to the third ASBR 303.
  • the third ASBR 303 first determines the VPLS to which it belongs according to the inner label: VPLS 1, and then performs FDB table lookup; if no related entry is found, the third ASBR 303 All local interfaces of VPLS 1 and other autonomy
  • the PW interface between the ASBRs directly connected to the system broadcasts the source MAC address learning.
  • the data is encapsulated on the label of the fourth ASBR 304 for the VPLS 1 to the third ASBR 303, and sent to the fourth ASBR 304.
  • the fourth ASBR The subsequent operations of the 304 are the same as the second ASBR 302 received by the first ASBR 301 in the first case communication process; the final message arrives at the fifth CE router 205, and the PE router and the ASBR along the way source.
  • the MAC address is learned such that the data path between the first CE router 201 and the fifth CE router 205 is formed.
  • the embodiment of the present invention reduces the virtual link by establishing only a virtual link between the service provider edge routers in the autonomous system and establishing only one virtual link between the autonomous systems for each virtual private local area network service instance.
  • the community attribute of the edge gateway protocol is set to prevent the received routing information from being forwarded to other neighbors to reduce the waste of resources.
  • the address learning function can be used to record the forwarding path information of the unknown address. In the process of forwarding the packet, only the first packet packet needs to be broadcasted, and then the packet can be directly forwarded according to the entry, thereby reducing Repeated packet transmission improves the efficiency of packet forwarding.

Abstract

A method of realizing Hierarchy-Virtual Private LAN Service and network system are disclosed to decrease the waste of the resource in the process of message-forwarding and improve the bandwidth usage. The method of realizing Hierarchy-Virtual Private LAN Service includes the following steps: the Virtual Private LAN Service network is divided in accordance with the autonomous system; inside the service Provider Edge routers among the autonomous systems, network connections are established; and aimed at the each case of the Virtual Private LAN Service, the pseudo wires among the service Provider Edge routers are established; to each case of the Virtual Private LAN Service, one pseudo wire is established among the communicating autonomous systems; and the Customer Edge routers use the established pseudo wires to communicate with each other. It can effectively improve the efficiency of route distribution.

Description

一种实现分层虚拟专用局域网服务的方法及网络系统 本申请要求于 2006 年 07 月 14 日提交中国专利局、 申请号为 200610099413.5、 发明名称为 "一种实现分层虚拟专用局域网服务的方法"的中 国专利申请的优先权, 其全部内容通过引用结合在本申请中。  Method and network system for realizing layered virtual private local area network service The application is submitted to the Chinese Patent Office on July 14, 2006, the application number is 200610099413.5, and the invention name is "a method for realizing layered virtual private local area network service" Priority of the Chinese Patent Application, the entire contents of which is incorporated herein by reference.
技术领域 Technical field
本发明涉及通信领域,尤其涉及一种实现分层虚拟专用局域网服务的方法 及网络系统。  The present invention relates to the field of communications, and in particular, to a method and network system for implementing a layered virtual private local area network service.
背景技术 Background technique
随着网际协议(IP, Internet Protocol )网络的不断发展, 网络服务的丰富、 安全、 灵活成为运营商提升自己盈利能力的重要途径。 目前, 很多企业的内部 网络越来越大, 遍布的区域也越来越广; 可能分布在一个城市中的不同城区, 或者分布在不同的城市、甚至遍布全球; 一个企业要将这些遍布各处的网络连 接起来, 就需要网络运营商来为其提供网络连接, 这是因为一个企业不可能自 己建立一张如此庞大的网络。  With the continuous development of the Internet Protocol (IP) network, the richness, security, and flexibility of network services have become an important way for operators to improve their profitability. At present, many companies have more and more internal networks and more and more areas; they may be distributed in different urban areas in a city, or in different cities or even all over the world; The network is connected, and the network operator is required to provide network connectivity. This is because a company cannot build such a large network by itself.
在过去的很长一段时间里,企业通过向电信运营商租赁专线的方式来完成 各处网络之间的连接, 但是这些方式存在投资大、 建设周期长、 可扩展性差等 问题。基于多协议标签交换的二层虚拟专用网( MPLS L2VPN, Multiple Protocol Label Switched L2 Virtual Private Network )提供了一种全新的解决方案, 这种 方案不但可以为用户快速提供各种互连业务,保证网络安全, 而且还能提供服 务质量(QOS, Quality-of-Service )保证。  For a long time in the past, enterprises have completed the connection between various networks by leasing leased lines to telecom operators. However, these methods have problems such as large investment, long construction period, and poor scalability. The MPLS L2VPN (Multiple Protocol Label Switched L2 Virtual Private Network) provides a new solution that not only provides users with various interconnection services but also guarantees the network. Safe, but also provide quality of service (QOS, Quality-of-Service) guarantee.
虚拟专用局域网服务( VPLS, Virtual Private LAN Service )是 MPLS L2VPN 的一种点到多点的应用架构, 借用了局域网 ( LAN , Local Area Network ) 的 思想, 利用 IP/MPLS技术构建一个虚拟的 LAN服务, 提供透明的以太网数据 传输。 在用户看来, 运营商就像一个大的交换机一样, 将自己各处的网络连接 起来。 VPLS技术的提出,解决了传统交换机虚拟局域网( VLAN, Virtual Local Area Network ) ID的限制 , 例如: 交换机只能提供 4096个 VLAN ID, 每个 用户都需要至少一个 VLAN ID, 这些限制对于网络的可扩展性和大规模部署 都会产生问题, 而且还需要运行信令转换点 (STP, Signalling Transfer Point ) 协议来防止网络环路, 增加网络的负担。 图 1是 VPLS的典型网络结构。 Virtual Private LAN Service (VPLS) is a point-to-multipoint application architecture of MPLS L2VPN. It borrows the idea of LAN (Local Area Network) and builds a virtual LAN service using IP/MPLS technology. Provides transparent Ethernet data transmission. From the user's point of view, the operator connects the network around itself like a large switch. The VPLS technology solves the limitation of the traditional switch virtual local area network (VLAN) ID. For example: The switch can only provide 4096 VLAN IDs, and each user needs at least one VLAN ID. These restrictions are applicable to the network. Both scalability and large-scale deployments can cause problems, and the Signalling Transfer Point (STP) protocol needs to be run to prevent network loops and increase the burden on the network. Figure 1 shows the typical network structure of VPLS.
目前有两种实现 VPLS的方案, 即: Martini VPLS和 Kompella VPLS , 这 两种方案的数据转发层面的操作都一样, 只是控制层面的操作不同。  There are two schemes for implementing VPLS, namely: Martini VPLS and Kompella VPLS. The operation of the data forwarding layer is the same for both schemes, but the operation at the control level is different.
Martini VPLS 和 Kompella VPLS 的区别主要体现在信令和发现机制; Martini VPLS釆用标记分配协议( LDP, Label Distribution Protocol )作为建立 虚链路(PW, Pseudo Wire ) 的信令, 没有定义自动发现机制, 需要手工配置 来完成服务提供商边缘(PE, Provider Edge )路由器的发现, 所以有扩展性问 题; Kompella VPLS釆用边界网关协议( BGP, Border Gateway Protocol )作为 建立 PW的信令, 自动发现机制也用 BGP来完成。  The difference between Martini VPLS and Kompella VPLS is mainly reflected in the signaling and discovery mechanism. Martini VPLS uses the Label Distribution Protocol (LDP) as the signaling for establishing the virtual link (PW, Pseudo Wire). The automatic discovery mechanism is not defined. , need to be manually configured to complete the discovery of the service provider edge (PE, Provider Edge) router, so there is scalability problem; Kompella VPLS uses Border Gateway Protocol (BGP) as the signaling to establish PW, automatic discovery mechanism Also done with BGP.
现有技术中一种实现分层虚拟专用局域网服务的方法为 Martini VPLS的 分层虚拟专用局域网( H-VPLS, Hierarchy -Virtual Private LAN Service )方案, 如图 1所示: 所有的 PE路由器 10都在一个网络平面, 所有的 PE路由器 10 都需要建立全连接, 所有用户边缘( CE, Customer Edge )路由器 20也直接连 在 PE路由器 10上; 或者如图 2所示, 骨干网络中的 PE路由器 10数量减少 了,有些 CE路由器 20连到用户侧服务提供商边缘(UPE, User facing-Provider Edge )路由器 12上; 通过这样的改进, 骨干网络中 PE 10的全连接和信令开 销都减少了很多,对于网络核心服务提供商边缘( NPE, Network Provider Edge ) 路由器 11而言,只需要关心其他的 NPE路由器 11和本地的 UPE路由器 12, 对于 UPE路由器 12而言,只关心和其直接相连的 CE路由器 20和 NPE路由 器 11。 VPLS 的转发层面是通过目的媒体接入控制 (MAC, Medium Access Control )地址来进行转发的, 对于未知目的 MAC的数据包, 需要将数据包广 播到所有的接口, 这种未知目的 MAC的报文就叫做 "第一包报文"。 在转发层 面上, 对于"第一包报文", 图 1所示的扁平网络结构中的 PE路由器 10需要 完成向所有 CE路由器 20以及其他 PE路由器 10的转发,图 2所示的网络结 构中只需要向少许的 CE路由器 20、UPE路由器 12以及其他 NPE路由器 11 转发即可, 这样可以减少 "第一包报文 "对 NPE路由器 11的冲击。  A method for implementing a layered virtual private LAN service in the prior art is a Martini VPLS Hierarchy-Virtual Private LAN Service (H-VPLS) scheme, as shown in FIG. 1: All PE routers 10 In a network plane, all PE routers 10 need to establish a full connection, and all user edge (CE, Customer Edge) routers 20 are also directly connected to the PE router 10; or as shown in FIG. 2, the PE router 10 in the backbone network The number is reduced. Some CE routers 20 are connected to the User-facing Provider Edge (UPE) router 12; with this improvement, the full connectivity and signaling overhead of the PE 10 in the backbone network is reduced a lot. For the network core Provider Edge (NPE) router 11, only the other NPE routers 11 and the local UPE routers 12 need to be concerned. For the UPE router 12, only the CEs directly connected to them are concerned. Router 20 and NPE router 11. The forwarding plane of the VPLS is forwarded through the destination medium access control (MAC) address. For the packets of the unknown destination MAC address, the data packet needs to be broadcast to all interfaces. It is called the "first packet". At the forwarding level, for the "first packet", the PE router 10 in the flat network structure shown in FIG. 1 needs to complete forwarding to all CE routers 20 and other PE routers 10, in the network structure shown in FIG. It only needs to be forwarded to a small number of CE routers 20, UPE routers 12 and other NPE routers 11, so that the impact of the "first packet" on the NPE router 11 can be reduced.
但是, Martini H-VPLS方案由于是基于 LDP、内部网关协议( IGP, Interior Gateway Protocol )、 端 j端伪线仿真 ( PWE3 , Pseudowire Emulation Edge to Edge )这些技术, 只能解决一个自治系统的问题, 不能跨自治系统部署; 同时 因为没有自动发现机制, 需要手工配置, 这样就需要大量的手工配置, 非常不 利于维护管理; 所以 Martini H-VPLS是不太适合运营商大规模部署 VPLS的 需求的。 However, the Martini H-VPLS solution can only solve the problem of an autonomous system because it is based on LDP, Interior Gateway Protocol (IGP), and PWE3 (Pseudowire Emulation Edge to Edge). Cannot be deployed across autonomous systems; Because there is no automatic discovery mechanism, you need to manually configure it. This requires a lot of manual configuration, which is very unfavorable for maintenance management. Therefore, Martini H-VPLS is not suitable for operators to deploy VPLS on a large scale.
为了解决上述现有技术的缺陷,现有技术中另一种实现分层虚拟专用局域 网服务的方法为 Kompella VPLS的 H-VPLS方案: 该方案釆用的是通过路由 反射器的办法来减少大量 PE路由器 全网状问题, 即一个自治系统中, 通过 配置路由反射器, 所有的 PE路由器都和路由反射器建立内部边界网关协议 ( IBGP, Internal Border Gateway Protocol )连接。同时通过出路由过滤器( ORF, Outbound Route Filter )来限制不必要路由的分发, 减少一些 PW的建立; 对于 跨自治系统间的路由分发釆用基于约束的路由区分符过滤(RTF, Route Target Filter )机制来限制不需要路由信息的分发; 由于 BGP天生的优势, 可以很好 的解决跨域问题。  In order to solve the above drawbacks of the prior art, another method for implementing the layered virtual private LAN service in the prior art is the H-VPLS scheme of Kompella VPLS: The scheme uses a route reflector to reduce a large number of PEs. The router has a full mesh problem. In an autonomous system, all PE routers and the route reflector establish an internal border gateway protocol (IBGP) connection by configuring a route reflector. At the same time, the outbound route filter (ORF) is used to limit the distribution of unnecessary routes, and some PWs are reduced. For the route distribution between autonomous systems, constraint-based route specifier filtering (RTF, Route Target Filter) is adopted. The mechanism to limit the distribution of routing information is not required; due to the inherent advantages of BGP, cross-domain problems can be well solved.
但是 Kompella VPLS的 H-VPLS方案只解决了大量 PE路由器全网状问题, 以及能限制一些不必要的路由信息的分发问题, 并没有解决每个 PE路由器维 护大量 PW和"第一包报文"复制的问题; 即每个 PE路由器都需要维护几乎所 有的 PW , "第一包报文"需要向所有的本地 CE路由器接口以及 PW接口复制。  However, the H-VPLS solution of Kompella VPLS only solves the problem of full mesh of a large number of PE routers, and can limit the distribution of unnecessary routing information. It does not solve the problem that each PE router maintains a large number of PWs and "first packet". The problem of replication; that is, each PE router needs to maintain almost all PWs, and the "first packet" needs to be copied to all local CE router interfaces and PW interfaces.
此外, 对于虚拟专用网位置 ( VPN Site, Virtual Private Network Site )跨 在不同自治系统(AS, Autonomous System ) 的情况, 一个 AS中全网广播的 报文需要通过属于本 VPLS实例的每一条 PW向其他的 AS发送, 这些 PW可 能全部映射到同一条物理链路上, 这样就有大量的 "重复报文,,在 AS间传送, 占用很多的域间路径带宽,也就是说通信的自治系统之间会有多条虚链路,从 而致使 "重复报文" 在自治系统间多次发送。  In addition, for the case where the virtual private network site (VPN site) is deployed in different autonomous systems (ASs), the packets broadcasted by the entire network in an AS need to pass through each PW belonging to the VPLS instance. Other ASs send, these PWs may all be mapped to the same physical link, so there are a large number of "repetitive messages, transmitted between ASs, occupying a lot of inter-domain path bandwidth, that is, the communication autonomous system There will be multiple virtual links between them, causing "repetitive messages" to be sent multiple times between autonomous systems.
发明内容 Summary of the invention
本发明实施例提供一种实现分层虚拟专用局域网服务的方法及网络系统, 能够减少 文转发过程中的资源浪费以及提高带宽的利用率。  The embodiments of the present invention provide a method and a network system for implementing a layered virtual private local area network service, which can reduce resource waste and improve bandwidth utilization in the file forwarding process.
本发明实施例提供一种实现分层虚拟专用局域网服务的方法, 包括步骤: 将虚拟专用局域网服务网络按自治系统划分;各自治系统内部的服务提供商边 缘路由器之间建立网络连接,并针对每个虚拟专用局域网服务实例建立服务提 供商边缘路由器之间的虚链路;在进行通信的自治系统之间对每个虚拟专用局 域网服务实例建立一条虚链路; 用户边缘路由器利用建立的虚链路进行通信。 本发明实施例提供一种实现分层虚拟专用局域网服务的网络系统,所述虚 拟专用局域网服务网络按自治系统进行划分, 包括: Embodiments of the present invention provide a method for implementing a layered virtual private local area network service, including the steps of: dividing a virtual private local area network service network according to an autonomous system; establishing a network connection between service provider edge routers in each autonomous system, and for each Virtual private LAN service instances establish virtual links between service provider edge routers; between each autonomous system that communicates with each virtual private office The domain network service instance establishes a virtual link; the user edge router uses the established virtual link for communication. The embodiment of the invention provides a network system for implementing a hierarchical virtual private local area network service, where the virtual private local area network service network is divided according to an autonomous system, including:
服务提供商边缘路由器, 用于在各自治系统内部建立网络连接, 并针对每 个虚拟专用局域网服务实例建立虚链路;  a service provider edge router, configured to establish a network connection within each autonomous system, and establish a virtual link for each virtual private local area network service instance;
自治系统边界路由器,用于在进行通信的自治系统之间针对每个虚拟专用 局域网服务实例建立一条虚链路;  An autonomous system border router for establishing a virtual link for each virtual private area network service instance between autonomous systems that communicate;
用户边缘路由器, 用于利用建立的虚链路进行通信。  User edge router, used to communicate with the established virtual link.
本发明实施例通过只建立自治系统内的服务提供商边缘路由器之间的虚 链路,以及在自治系统之间针对每个虚拟专用局域网服务实例只建立一条虚链 路, 从而减少了虚链路的建立复杂度, 同时由于只建立一条虚链路, 自治系统 间的报文不会被多次重复发送, 也提高了自治系统之间带宽的利用率。  The embodiment of the present invention reduces the virtual link by establishing only a virtual link between the service provider edge routers in the autonomous system and establishing only one virtual link between the autonomous systems for each virtual private local area network service instance. The complexity of the establishment, and because only one virtual link is established, the packets between the autonomous systems are not repeatedly sent, which also improves the bandwidth utilization between the autonomous systems.
附图说明 DRAWINGS
图 1是现有技术 VPLS的典型网络结构图;  1 is a typical network structure diagram of a prior art VPLS;
图 2是现有技术网络结构图;  2 is a schematic diagram of a prior art network structure;
图 3是本发明实施例网络结构图;  3 is a network structure diagram of an embodiment of the present invention;
图 4是本发明第一实施例流程图;  Figure 4 is a flow chart of the first embodiment of the present invention;
图 5是本发明第二实施例流程图;  Figure 5 is a flow chart of a second embodiment of the present invention;
图 6是本发明第三实施例流程图;  Figure 6 is a flow chart of a third embodiment of the present invention;
图 7是本发明实施例网络系统结构中 ASBR的结构示意图;  7 is a schematic structural diagram of an ASBR in a network system structure according to an embodiment of the present invention;
图 8是本发明实施例网络系统结构中 PE路由器的结构示意图。  FIG. 8 is a schematic structural diagram of a PE router in a network system structure according to an embodiment of the present invention.
具体实施方式 detailed description
下面结合说明书附图来说明本发明实施例的具体实施方式。  The specific embodiments of the embodiments of the present invention are described below in conjunction with the accompanying drawings.
本发明实施例提供一种实现分层虚拟专用局域网服务的方法,用于减少报 文转发过程中的资源浪费并提高带宽利用率。  The embodiments of the present invention provide a method for implementing a layered virtual private local area network service, which is used to reduce resource waste and improve bandwidth utilization in a message forwarding process.
本发明实施例可利用 BGP扩展实现 H-VPLS。  The embodiment of the present invention can implement H-VPLS by using BGP extension.
VPLS是通过在 IP/MPLS骨干网上各 PE路由器之间建立全连接 PW来传 递各个 VPN中各位置( Site )之间的数据流量; 当各 PE路由器之间的 PW建 成之后, 入接口 PE ( Ingress PE )路由器收到数据包, 根据报文的目的 MAC 地址查询转发数据库( FDB , Forwarding Data Base )表, 如果找到了相应的表 项, 就根据表项将数据包转发到对应的出接口 PE ( Egress PE )路由器; 如果 是未知单播或多播, 则将数据包向本 VPLS实例的所有接口转发, 包括 PW接 口; 同时进行源 MAC地址学习; Egress PE路由器收到从 PW发送过来的数据 包, 在对应的 VPLS实例中根据目的 MAC查找对应的接口, 如果找到对应的 接口, 则转发到相应的接口; 如果没有找到对应的接口, 则在本 VPLS实例内 向所有非 PW接口广播, 同时进行源 MAC地址学习; 当真正的目的 CE路由 器收到报文后, 回应的报文转发流程也是按照上面描述的转发流程进行转发, 同时需进行源 MAC地址的学习; 这样当学到 MAC地址后, 后续的数据流量 就根据学到的 MAC地址进行转发, 就像一个大的交换机一样; 同时 VPLS也 提供 MAC地址的老化功能,即某一 MAC地址项在一定的时间内没有被访问, 则该 MAC地址项就会被删除。 VPLS delivers data traffic between sites in each VPN by establishing a fully-connected PW between PE routers on the IP/MPLS backbone network. After the PW between PEs is completed, the ingress PE (Ingress) The router receives the data packet and queries the Forwarding Data Base (FDB) table according to the destination MAC address of the packet. If the corresponding entry is found, the data packet is forwarded to the corresponding outgoing interface PE according to the entry. Egress PE) router; if If the unicast or multicast is unknown, the data packet is forwarded to all interfaces of the VPLS instance, including the PW interface. The source MAC address learning is performed at the same time. The Egress PE router receives the data packet sent from the PW, and the corresponding VPLS instance. If the corresponding interface is found, the corresponding interface is forwarded to the corresponding interface. If the corresponding interface is not found, the VPLS instance is broadcast to all non-PW interfaces and the source MAC address is learned. After receiving the packet, the CE router forwards the packet forwarding process according to the forwarding process described above, and learns the source MAC address. After learning the MAC address, the subsequent data traffic is learned. The MAC address is forwarded as if it were a large switch. At the same time, the VPLS also provides the MAC address aging function. If a MAC address entry is not accessed within a certain period of time, the MAC address entry will be deleted.
如图 3所示,为本发明实施例一种实现分层虚拟专用局域网服务的网络系 统结构图。 VPLS网络按自治系统 ( AS, Autonomous System )划分为第一 AS 31、第二 AS 32、及第三 AS 33; PE路由器按照所处 AS的网络级别分为 NPE 路由器或 UPE路由器, NPE路由器或 UPE路由器在各自治系统内部建立网络 连接, 并针对每个 VPLS 实例建立虚链路; 自治系统边界路由器 (ASBR, Autonomous System Border Router ),用于在进行通信的自治系统之间针对每个 虚拟专用局域网服务实例建立一条虚链路; CE路由器利用建立的虚链路进行 通信。  As shown in FIG. 3, it is a structural diagram of a network system for implementing a layered virtual private local area network service according to an embodiment of the present invention. The VPLS network is divided into the first AS 31, the second AS 32, and the third AS 33 according to the AS (Autonomous System); the PE router is classified into an NPE router or a UPE router, an NPE router, or a UPE according to the network level of the AS. The router establishes a network connection in each autonomous system and establishes a virtual link for each VPLS instance. An autonomous system border router (ASBR) is used for each virtual private local area network between the autonomous systems that perform communication. The service instance establishes a virtual link; the CE router uses the established virtual link for communication.
在图 3中,第一 AS 31为第一级网络, 第二 AS 32和第三 AS 33为第二级 网络;第一 ASBR 301为第二 AS 32中和第一 AS 31相连的 ASBR,第二 ASBR 302为第一 AS 31中和第二 AS 32相连的 ASBR; 同样, 第三 ASBR 303为第 一 AS 31中和第三 AS 32相连的 ASBR, 第四 ASBR 304为第三 AS 33内和第 一 AS 31相连的 ASBR。假设有两个 VPN, VPN 1和 VPN 2, 其 site分布在上 述三个 AS中, 其中第一 CE路由器 201 , 第三 CE路由器 203 , 第四 CE路由 器 204, 第五 CE路由器 205, 第七 CE路由器 207, 第九 CE路由器 209, 第十一 CE路由器 211属于 VPN1 , 其中第二 CE路由器 202, 第六 CE路由 器 206, 第八 CE路由器 208, 第十 CE路由器 210, 第十二 CE路由器 212, 第十三 CE路由器 213属于 VPN2。  In FIG. 3, the first AS 31 is a first-level network, and the second AS 32 and the third AS 33 are second-level networks. The first ASBR 301 is an ASBR connected to the first AS 31 in the second AS 32. The second ASBR 302 is the ASBR connected to the second AS 32 in the first AS 31; likewise, the third ASBR 303 is the ASBR connected to the third AS 32 in the first AS 31, and the fourth ASBR 304 is the third AS 33 The ASBR connected to the first AS 31. Suppose there are two VPNs, VPN 1 and VPN 2, and their sites are distributed among the above three ASs, among which the first CE router 201, the third CE router 203, the fourth CE router 204, the fifth CE router 205, and the seventh CE Router 207, ninth CE router 209, eleventh CE router 211 belong to VPN1, wherein second CE router 202, sixth CE router 206, eighth CE router 208, tenth CE router 210, twelfth CE router 212, The thirteenth CE router 213 belongs to VPN 2.
下面, 对本发明实施例实现分层虚拟专用局域网服务的方法进行详细描 述: In the following, a detailed description of a method for implementing a layered virtual private local area network service according to an embodiment of the present invention is provided. Description:
请参阅图 4, 本发明第一实施例包括以下步骤:  Referring to FIG. 4, the first embodiment of the present invention includes the following steps:
D1 ) 划分;  D1) division;
其中, 将 VPLS网络按自治系统划分。  The VPLS network is divided into autonomous systems.
D2 )建立网络连接;  D2) establishing a network connection;
其中, 在各自治系统内部的 PE路由器之间建立网络连接。  Among them, a network connection is established between PE routers in each autonomous system.
D3 )建立自治系统内和自治系统之间虚链路;  D3) establishing a virtual link between the autonomous system and the autonomous system;
其中, 在自治系统内对每个 VPLS实例建立 PE路由器之间的虚链路, 并 且在进行通信的自治系统之间对每个 VPLS实例建立一条虚链路。  A virtual link between the PE routers is established for each VPLS instance in the autonomous system, and a virtual link is established for each VPLS instance between the autonomous systems that communicate with each other.
D4 )进行通信。  D4) Communicate.
其中, CE路由器利用建立的虚链路进行通信。  The CE router uses the established virtual link for communication.
请参阅图 5, 本发明第二实施例包括以下步骤:  Referring to FIG. 5, a second embodiment of the present invention includes the following steps:
D1 ) 划分;  D1) division;
其中, 将 VPLS网络按 AS进行划分。  The VPLS network is divided into ASs.
D2 )建立网络连接;  D2) establishing a network connection;
其中, 在各自治系统内部的 PE路由器之间建立网络连接。  Among them, a network connection is established between PE routers in each autonomous system.
D3 )建立自治系统内和自治系统之间虚链路;  D3) establishing a virtual link between the autonomous system and the autonomous system;
该步骤更具体包括:  This step more specifically includes:
P1 )创建网络层可达性信息;  P1) Create network layer reachability information;
其中, 第一 ASBR创建网络层可达性信息。  The first ASBR creates network layer reachability information.
其中, 第二 ASBR创建网络层可达性信息。  The second ASBR creates network layer reachability information.
P2 )分配标签块;  P2) allocating a label block;
其中, 第一 ASBR根据创建的网络层可达性信息分配标签块。  The first ASBR allocates a label block according to the created network layer reachability information.
其中, 第二 ASBR根据创建的网络层可达性信息分配标签块。  The second ASBR allocates a label block according to the created network layer reachability information.
P3 )发送;  P3) send;
其中, 第一 ASBR将网络层可达性信息与标签块发送给第二 ASBR。 其中, 第二 ASBR将网络层可达性信息与标签块发送给第一 ASBR。 P4 )选择标签块;  The first ASBR sends the network layer reachability information and the label block to the second ASBR. The second ASBR sends the network layer reachability information and the label block to the first ASBR. P4) selecting a label block;
其中, 第二 ASBR选择对应的标签块作为向第一 ASBR发送数据的多协 议标签交换标签。 The second ASBR selects the corresponding label block as the multi-association of sending data to the first ASBR. Negotiate label exchange labels.
其中, 第一 ASBR选择对应的标签块作为向第二 ASBR发送数据的多协 议标签交换标签。  The first ASBR selects a corresponding label block as a multi-protocol label switching label that sends data to the second ASBR.
P5 )接收路由信息;  P5) receiving routing information;
其中, 第一 ASBR接收第二 ASBR发来的路由信息, 以及第二 ASBR接 收第一 ASBR发来的路由信息。  The first ASBR receives the routing information sent by the second ASBR, and the second ASBR receives the routing information sent by the first ASBR.
P6 )设置团体属性;  P6) setting community attributes;
其中, 设置 BGP的团体属性 NO— ADVERTISE, 使接收到的路由不再发 给其他任何邻居。  The BGP community attribute NO—ADVERTISE is set, so that the received route is no longer sent to any other neighbors.
D4 )进行通信。  D4) Communicate.
其中, CE路由器利用建立的虚链路进行通信。  The CE router uses the established virtual link for communication.
上述本发明第二实施例提供了自治系统之间对每个 VPLS 实例只建立一 条虚链路的实现步骤。  The second embodiment of the present invention provides an implementation step of establishing only one virtual link for each VPLS instance in the autonomous system.
请参阅图 6, 本发明第三实施例包括以下步骤:  Please refer to FIG. 6. The third embodiment of the present invention includes the following steps:
S1 ) 划分;  S1) division;
其中, 将 VPLS网络按自治系统划分。  The VPLS network is divided into autonomous systems.
52 )建立网络连接;  52) establishing a network connection;
其中, 在各自治系统内部的 PE路由器之间建立网络连接。  Among them, a network connection is established between PE routers in each autonomous system.
53 )建立内部虚链路;  53) Establish an internal virtual link;
其中, 在自治系统内对每个 VPLS实例建立 PE路由器之间的虚链路。 A virtual link between PE routers is established for each VPLS instance in the AS.
54 )创建网络层可达性信息; 54) Create network layer reachability information;
S5 )分配标签块;  S5) allocating a label block;
S6 )发送;  S6) sending;
其中, 将网络层可达性信息与标签块发送给第二 ASBR。  The network layer reachability information and the label block are sent to the second ASBR.
S7 )选择标签块;  S7) selecting a label block;
其中, 第二 ASBR选择对应的标签块作为向第一 ASBR发送数据的多协 议标签交换标签。  The second ASBR selects a corresponding label block as a multi-protocol label switching label for transmitting data to the first ASBR.
S8 )接收路由信息;  S8) receiving routing information;
其中, ASBR接收路由信息。 S9 )设置团体属性; The ASBR receives routing information. S9) setting a community attribute;
其中, 设置 BGP的团体属性 NO— ADVERTISE, 使接收到的路由不再发 给其他任何邻居。  The BGP community attribute NO—ADVERTISE is set, so that the received route is no longer sent to any other neighbors.
S10 )报文发送至 UPE路由器;  S10) the packet is sent to the UPE router;
S11 )查询实例;  S11) query instance;
其中, UPE路由器根据 CE路由器所连接的接口找到所属的 VPLS实例。  The UPE router finds the VPLS instance to which it belongs based on the interface connected to the CE router.
512 )查表;  512) check the table;
其中, 根据 VPLS实例查询 FDB表。  The FDB table is queried according to the VPLS instance.
513 )判断表中是否存在该表项, 若是, 则转向步骤 S14 ), 若否, 则转向 步骤 S15 );  513) determining whether the entry exists in the table, and if yes, proceeding to step S14), if not, proceeding to step S15);
514 )根据表项将报文发送至指定接口;  514) Send the packet to the specified interface according to the entry;
515 )广播;  515) broadcast;
其中, 将报文向所述实例中的所有接口进行广播。  The message is broadcast to all interfaces in the instance.
其中, 正确接收到报文的接口称为正确接收方。  The interface that correctly receives the packet is called the correct receiver.
S16 )进行地址学习;  S16) performing address learning;
其中,地址学习包括接收正确接收方的反馈; 记录与正确接收方的通信路 径并存储于 FDB表中。  The address learning includes receiving feedback from the correct recipient; recording the communication path with the correct recipient and storing it in the FDB table.
为了保证 FDB表不至过于庞大, 需要对其进行清理, 即老化一些长期没 有使用的表项, 可以在系统运行前设置门限时间, 当地址学习完成后对 FDB 表进行检索, 若检索到有超过门限时间没有使用的表项, 则将该表项老化。 可 以理解的是, 对 FDB表的检索不一定需要在地址学习完成之后, 也可以在其 他时间进行。  In order to ensure that the FDB table is not too large, it needs to be cleaned up, that is, some entries that have not been used for a long time can be set. The threshold time can be set before the system is run. When the address learning is completed, the FDB table is searched. If the entry is not used, the entry is aged. It can be understood that the retrieval of the FDB table does not necessarily need to be performed after the address learning is completed, or at other times.
S17 )增加标签;  S17) adding a label;
S18 )封装报文;  S18) encapsulating the message;
S19 ) ASBR将报文转发至接收方;  S19) The ASBR forwards the packet to the receiver.
S20 )接收方回应 ^艮文。  S20) The recipient responds with a message.
由上可知, 本发明第三实施例与第一实施例和第二实施例相比, 主要增加 了地址学习, 以及老化长期不使用的表项的步骤。  As can be seen from the above, the third embodiment of the present invention mainly increases the address learning and the steps of aging the entries that are not used for a long period of time compared with the first embodiment and the second embodiment.
此外需要说明的是,本领域普通技术人员可以理解实现上述实施例方法中 的全部或部分步骤是可以通过程序指令相关的硬件来完成,所述的程序可以存 储于一计算机可读取的存储介质中, 所述的存储介质,如: ROM/RAM、磁碟、 光盘等。 详细描述: In addition, it should be noted that those skilled in the art can understand that the method in the foregoing embodiment is implemented. All or part of the steps may be completed by a program instruction related hardware, and the program may be stored in a computer readable storage medium, such as: ROM/RAM, disk, CD, etc. . A detailed description:
在实现分层虚拟专用局域网服务的网络系统中, 如图 7所示, ASBR至少 包括接收单元 71和设置单元 72, 还可以包括信息产生单元 73、 发送单元 74、 选择单元 75 , 以及 ^艮文封装单元 76; 其中:  In the network system for implementing the layered virtual private local area network service, as shown in FIG. 7, the ASBR includes at least a receiving unit 71 and a setting unit 72, and may further include an information generating unit 73, a sending unit 74, a selecting unit 75, and Packaging unit 76; wherein:
信息产生单元 73 根据 VPLS服务实例创建网络层可达性信息 (NLRI, Network Layer Reachability Information ) 并分西己标签块;  The information generating unit 73 creates network layer reachability information (NLRI) according to the VPLS service instance and divides the packet into the west;
报文封装单元 76给所述报文增加分配的标签, 并将其封装成为多协议标 签交换报文;  The message encapsulating unit 76 adds the allocated label to the packet and encapsulates it into a multi-protocol label exchange message;
发送单元 74将 NLRI与标签块发送给与之通信的 ASBR;  The sending unit 74 sends the NLRI and the label block to the ASBR that communicates with it;
接收单元 71接收与之通信的 ASBR发送的路由信息;  Receiving unit 71 receives routing information sent by the ASBR with which it communicates;
设置单元 72设置边缘网关协议的团体属性;  The setting unit 72 sets the community attribute of the edge gateway protocol;
选择单元 75根据自身的标识符从所述路由信息中的标签块中选择对应的 标签, 作为向与之通信的 ASBR发送数据的多协议标签交换标签。  The selecting unit 75 selects a corresponding tag from the tag blocks in the routing information according to its own identifier as a multi-protocol label switching tag that transmits data to the ASBR with which it communicates.
如图 8所示, 所述 PE路由器包括第一查找单元 81、 第二查找单元 82、 才艮文转发单元 83、 地址学习单元 84, 其中:  As shown in FIG. 8, the PE router includes a first searching unit 81, a second searching unit 82, a forwarding unit 83, and an address learning unit 84, where:
第一查找单元 81查询该 NPE路由器所属的 VPLS服务实例;  The first searching unit 81 queries the VPLS service instance to which the NPE router belongs.
第二查找单元 82根据报文中携带的地址在所述实例中进行转发数据库表 查找;  The second searching unit 82 performs forwarding of the database table lookup in the instance according to the address carried in the packet;
报文转发单元 83 , 用于当所述第二查找单元找到对应表项时, 将报文转 发至该表项所指定的接口; 当所述第二查找单元未找到对应表项时,将报文向 所述实例中的所有接口广播;  The message forwarding unit 83 is configured to: when the second search unit finds the corresponding entry, forward the packet to the interface specified by the entry; when the second search unit does not find the corresponding entry, it will report The text is broadcast to all interfaces in the instance;
地址学习单元 84, 用于当所述第二查找单元未找到对应表项时, 进行地 址的学习。  The address learning unit 84 is configured to perform address learning when the second search unit does not find the corresponding entry.
其中, 地址学习单元 84至少包括接收子单元和记录子单元, 还可以包括 处理子单元, 以及预置子单元。 接收子单元接收正确接收方的反馈信息; 记录 子单元记录与正确接收方的通信路径并存储于转发数据库表中;预置子单元设 置老化门限时间;处理子单元对超过老化门限时间不使用的转发数据库表项进 行老化处理。 The address learning unit 84 includes at least a receiving subunit and a recording subunit, and may further include a processing subunit, and a preset subunit. The receiving subunit receives the feedback information of the correct receiving party; The subunit records the communication path with the correct receiver and stores it in the forwarding database table. The preset subunit sets the aging threshold time. The processing subunit aging the forwarding database entries that are not used after the aging threshold time.
结合图 3的网络结构, 自治系统之间对每个 VPLS实例只建立一条虚链路 的实现过程, 详细阐述如下:  In conjunction with the network structure of Figure 3, the implementation process of establishing only one virtual link for each VPLS instance is described in detail as follows:
第一 ASBR 301上有本自治系统的 VPLS实例,在图 3中即第一 ASBR 301 上有 VPLS 1和 VPLS 2,第一 ASBR 301分别根据这两个 VPLS创建两条 NLRI, 分配两个不同的标签块, 下一跳为第一 ASBR 301 , 然后再将这两条 NLRI发 送给第二 ASBR 302; 第二 ASBR 302收到这两条 NLRI后,根据自己的 VPLS 边缘设备标识符( VE ID , Vpls Edge Device Identifier )从标签块中选出合适的 标签, 作为第二 ASBR 302向第一 ASBR 301发送数据的 MPLS标签; 同理, 第二 ASBR 302 也会创建两条 NLRI, 分别分配一个标签块, 下一跳为第二 ASBR 302, 然后再将这两条 NLRI发送给第一 ASBR 301 , 第一 ASBR 301收 到这两条 NLRI后, 同样根据自己的 VE ID选择合适的标签作为向第二 ASBR 302发送数据的 MPLS标签; 第三 ASBR 303和第四 ASBR 304之间的标签分 发过程也是一样;这些 ASBR在收到这些路由后,不能再发给其他的任何邻居 (通过 BGP的团体属性 NO— ADVERTISE可以很容易做到 ),这样在 ASBR之 间, 针对每个 VPLS实例, 只有一条虚链路。  The first ASBR 301 has a VPLS instance of the autonomous system. In FIG. 3, the first ASBR 301 has VPLS 1 and VPLS 2. The first ASBR 301 creates two NLRIs according to the two VPLSs, and allocates two different ACLs. The label block, the next hop is the first ASBR 301, and then the two NLRIs are sent to the second ASBR 302. After receiving the two NLRIs, the second ASBR 302 is based on its own VPLS edge device identifier (VE ID, The Vpls Edge Device Identifier selects an appropriate label from the label block as the MPLS label for the second ASBR 302 to send data to the first ASBR 301. Similarly, the second ASBR 302 also creates two NLRIs, and respectively allocates one label block. The next hop is the second ASBR 302, and then the two NLRIs are sent to the first ASBR 301. After receiving the two NLRIs, the first ASBR 301 also selects the appropriate label according to its own VE ID as the second. The ASBR 302 sends the MPLS label of the data; the same is true for the label distribution process between the third ASBR 303 and the fourth ASBR 304; after receiving these routes, these ASBRs cannot be sent to any other neighbors (through the BGP community). NO- ADVERTISE property can be easily done), so that between the ASBR, for each VPLS instance, only one virtual link.
此外, CE路由器之间利用建立好的虚链路进行通信可以有以下三种情况, 分别说明如下:  In addition, the communication between the CE routers using the established virtual link can be as follows:
一、 假设发送方 CE路由器与接收方 CE路由器在一个 AS之内的情况, 通信过程说明如下:  I. Assume that the sender CE router and the receiver CE router are in an AS. The communication process is as follows:
1、 请参阅图 3 , 第一 CE路由器 201将要发送给第二 CE路由器 202的 报文封装上第二 CE路由器 202的 MAC地址作为目的 MAC地址, 发送给第 二 UPE路由器 122,第二 UPE路由器 122根据第一 CE路由器 201所连接的 接口找到所属的 VPLS实例: VPLS 1 , 根据目的 MAC地址在这个 VPLS实例 中进行 FDB表查找, 如果找到相关表项, 则根据表项情况, 将数据转发到此 表项所指的接口; 如果是第一个报文, VPLS 1中一般不会存在相关表项, 这 时候, 就需要将此数据包向 VPLS 1中的所有接口广播, 包括 PW接口, 例如 通过 PW发送的报文打上两层标签, 内层为私网标签, 外层为隧道(Tunnel ) 标签; 同时进行源 MAC地址学习; 1. Referring to FIG. 3, the first CE router 201 encapsulates the MAC address of the second CE router 202 on the packet to be sent to the second CE router 202 as the destination MAC address, and sends it to the second UPE router 122, the second UPE router. The VPLS instance is found according to the interface connected to the first CE router 201. VPLS 1 searches for the FDB table in the VPLS instance according to the destination MAC address. If the related entry is found, the data is forwarded according to the entry. The interface specified by this entry; if it is the first packet, there is usually no related entry in VPLS 1. In this case, the packet needs to be broadcast to all interfaces in VPLS 1, including the PW interface. The packets sent by the PW are tagged with two layers. The inner layer is the private network label and the outer layer is the tunnel label. The source MAC address is learned at the same time.
2、 数据包到达第一 ASBR 301后, 第一 ASBR 301首先会根据数据包的 内层标签确定此数据属于哪个 VPLS实例, 即哪个 VPN; 然后在所属的 VPLS 的 FDB表中进行目的 MAC地址查找, 如果找到了相关表项, 则将数据转发 到表项所指的出接口; 同样,如果是第一个报文, 这里一般不会有相关的 FDB 表项, 所以需要将数据向 VPLS 1实例中的所有本地接口以及 ASBR PW接口 转发, 同时进行源 MAC地址学习; 在本方案一情况中, 第二 CE路由器 202 直接连在第一 ASBR 301上, 所以第一 ASBR 301向本地接口广播时, 数据包 就会发送到第二 CE路由器 202;  2. After the data packet arrives at the first ASBR 301, the first ASBR 301 first determines which VPLS instance the data belongs to according to the inner label of the data packet, that is, which VPN; and then performs the destination MAC address lookup in the FDB table of the associated VPLS. If the related entry is found, the data is forwarded to the outbound interface of the entry. Similarly, if it is the first packet, there is usually no related FDB entry, so the data needs to be sent to the VPLS 1 instance. In the case of the first scenario, the second CE router 202 is directly connected to the first ASBR 301. Therefore, when the first ASBR 301 broadcasts to the local interface, the first ASBR 301 is broadcasted to the local interface. The data packet is sent to the second CE router 202;
3、第二 CE路由器 202收到数据包后, 向第一 CE路由器 201回应报文, 回应报文使用第一 CE路由器 201的 MAC地址作为目的 MAC地址, 将数据 包发送给第一 ASBR 301 ; 第一 ASBR 301根据第二 CE路由器 202所连接的 接口确定所在的 VPLS , 然后在 VPLS 1中的 FDB表中进行目的 MAC地址查 找, 由于之前第一 ASBR 301已经进行了 MAC学习, 所以此时应该能找到相 关的 FDB表项, 表项对应的出接口为第一 ASBR 301到第二 UPE路由器 122 的虚链路接口, 这时第一 ASBR 301就会用第二 UPE路由器 122分配给第一 ASBR 301的标签作为标签栈的内层标签,然后打上第一 ASBR 301和第二 UPE 路由器 122之间的 Tunnel标签, 封装成 MPLS报文发送给第二 UPE路由器 122, 同时进行源 MAC地址学习; 第二 UPE路由器 122收到第一 ASBR 301 发送过来的 MPLS报文后, 根据内层标签找到对应的 VPLS实例: VPLS 1 , 在 VPLS 1的 FDB中用目的 MAC地址进行查找, 由于之前第二 UPE路由器 122已经进行了源 MAC学习,应该能找到对应的 FDB表项, 此表项对应的出 接口为和第一 CE路由器 201相连的接口, 于是报文发送给第一 CE路由器 201 , 同样还是要进行 MAC学习; 这样, 第一 CE路由器 201和第二 CE路由 器 202之间的双向通路就打通了,第一 CE路由器 201和第二 CE路由器 202 如同连在同一个交换机上同一个 VLAN下的两个接口一样进行数据的转发。  After receiving the data packet, the second CE router 202 sends a response packet to the first CE router 201, and the response packet uses the MAC address of the first CE router 201 as the destination MAC address, and sends the data packet to the first ASBR 301; The first ASBR 301 determines the VPLS according to the interface connected to the second CE router 202, and then performs the destination MAC address lookup in the FDB table in the VPLS 1. Since the first ASBR 301 has already performed MAC learning, it should be The FDB entry can be found. The outbound interface corresponding to the entry is the virtual link interface of the first ASBR 301 to the second UPE router 122. At this time, the first ASBR 301 is allocated to the first ASBR by the second UPE router 122. The label of the 301 is used as the inner label of the label stack, and then the tunnel label between the first ASBR 301 and the second UPE router 122 is encapsulated into an MPLS packet and sent to the second UPE router 122 to learn the source MAC address. After receiving the MPLS packet sent by the first ASBR 301, the second UPE router 122 finds the corresponding VPLS instance according to the inner label: VPLS 1, in the FDB of VPLS 1. The destination MAC address is searched. Since the second UPE router 122 has learned the source MAC address, the corresponding FDB entry should be found. The outbound interface corresponding to the entry is the interface connected to the first CE router 201. Sending to the first CE router 201, the MAC learning is also performed; thus, the bidirectional path between the first CE router 201 and the second CE router 202 is opened, and the first CE router 201 and the second CE router 202 are connected. Data is forwarded on the same switch as the two interfaces in the same VLAN.
二、假设发送方 CE路由器与接收方 CE路由器不在一个 AS之内的情况, 通信过程说明如下: 1、 请参阅图 3 , 第一 CE路由器 201发出的到第三 CE路由器 203的第 一包报文, 同样需要经历上述第一种情况中的通信过程, 第一 ASBR 301在向 第二 ASBR 302发送报文前, 需要打上第二 ASBR 302在 VPLS 1 中为第一 ASBR 301分配的标签, 封装成 MPLS报文, 然后发送给第二 ASBR 302, 第 二 ASBR 302根据标签确定所属的 VPLS , 这里是 VPLS 1; 第二 ASBR 302在 VPLS 1的 FDB表中进行 MAC地址查找, 如果找到了相关表项, 则将数据转 发到对应的接口; 同样, 如果是第一包报文, 通常没有相关表项, 第二 ASBR 302就将此数据包向 VPLS 1中的所有本地接口和 PW接口广播, 同时进行源 MAC地址学习; 2. Assuming that the sender CE router and the receiver CE router are not within one AS, the communication process is as follows: 1. Referring to FIG. 3, the first packet sent by the first CE router 201 to the third CE router 203 also needs to undergo the communication process in the first case, and the first ASBR 301 is in the second ASBR 302. Before the packet is sent, the label allocated to the first ASBR 301 by the second ASBR 302 in the VPLS 1 is encapsulated into an MPLS packet and then sent to the second ASBR 302. The second ASBR 302 determines the VPLS to which the label belongs. It is VPLS 1; the second ASBR 302 performs MAC address lookup in the FDB table of VPLS 1. If the related entry is found, the data is forwarded to the corresponding interface; likewise, if it is the first packet, there is usually no related table. The second ASBR 302 broadcasts the data packet to all the local interfaces and the PW interface in the VPLS 1, and performs source MAC address learning at the same time;
2、 由于第三 CE路由器 203就连接在第二 ASBR 302上, 第三 CE路由 器 203 收到数据包后, 进行数据包回应, 回应的数据包使用第一 CE路由器 201的 MAC地址作为目的 MAC, 发送给第二 ASBR 302; 第二 ASBR 302收 到数据后, 根据第三 CE路由器 203所连接的接口确定所属的 VPLS, 这里是 VPLS 1 ;第二 ASBR 302在 VPLS 1中进行 MAC地址查找,由于第二 ASBR 302 之前已经进行过源 MAC地址学习, 这里认为该第二 ASBR 302可以找到对应 的表项, 则根据找到的表项, 出接口对应为第二 ASBR 302到第一 ASBR 301 的 PW, 封装上第一 ASBR 301针对 VPLS 1为第二 ASBR 302分配的标签, 然后发送给第一 ASBR 301 ; 第一 ASBR 301收到此 MPLS报文后, 根据标签 确定所属的 VPLS: 即 VPLS 1 , 第一 ASBR 301继续在 VPLS 1中进行 MAC 查找; 找到相关表项后, 表项对应的出接口为第一 ASBR 301和第二 UPE路 由器 122之间的 PW, 后续的转发操作和上述第一种情况中的通信过程一样; 这样第一 CE路由器 201和第二 CE路由器 203就可以进行正常的通信。  2. Since the third CE router 203 is connected to the second ASBR 302, after receiving the data packet, the third CE router 203 performs a data packet response, and the responding data packet uses the MAC address of the first CE router 201 as the destination MAC. After being received by the second ASBR 302, the second ASBR 302 determines the VPLS to which it belongs according to the interface connected to the third CE router 203, here is VPLS 1; the second ASBR 302 performs MAC address lookup in VPLS 1, due to The second ASBR 302 has previously learned the source MAC address. The second ASBR 302 can find the corresponding entry, and the outbound interface corresponds to the PW of the second ASBR 302 to the first ASBR 301 according to the found entry. The first ASBR 301 is encapsulated with the label allocated by the first ASBR 301 for the second ASBR 302, and then sent to the first ASBR 301. After receiving the MPLS packet, the first ASBR 301 determines the VPLS to which the VPLS belongs according to the label: VPLS 1, An ASBR 301 continues to perform MAC address lookup in VPLS 1. After the related entry is found, the outbound interface corresponding to the entry is the PW between the first ASBR 301 and the second UPE router 122, and subsequent The forwarding operation is the same as the communication process in the first case described above; thus the first CE router 201 and the second CE router 203 can perform normal communication.
三、 可以理解的是, 上述第二种情况还可以进一步扩展为发送方 CE路由 器与接收方 CE路由器的通信要经过多个 AS, 通信过程说明如下:  3. It can be understood that the foregoing second case can be further extended to the fact that the communication between the sender CE router and the receiver CE router passes through multiple ASs, and the communication process is as follows:
请参阅图 3 , 第一 CE路由器 201到第五 CE路由器 205的第一包报文到 第二 ASBR 302之后, 第二 ASBR 302在第一 AS 31的 VPLS 1内进行广播, 并将该第一报文封装两层标签发送到第三 ASBR 303; 第三 ASBR 303首先根 据内层标签确定所属的 VPLS: 即 VPLS 1 , 然后进行 FDB表查找; 如果没有 找到相关表项, 则第三 ASBR 303向 VPLS 1的所有本地接口以及和其他自治 系统直接相连的 ASBR之间的 PW接口广播, 同时进行源 MAC地址学习; 再 将数据封装上第四 ASBR 304针对 VPLS 1给第三 ASBR 303分配的标签, 发 送给第四 ASBR 304; 第四 ASBR 304后续的操作和上述第一种情况通信过程 中第二 ASBR 302收到第一 ASBR 301发送的 ^艮文一样; 最终 4艮文到达第五 CE路由器 205 , 沿途的 PE路由器和 ASBR都进行源 MAC地址学习,这样第 一 CE路由器 201和第五 CE路由器 205之间的数据通路就此形成。 Referring to FIG. 3, after the first packet of the first CE router 201 to the fifth CE router 205 reaches the second ASBR 302, the second ASBR 302 broadcasts in the VPLS 1 of the first AS 31, and the first packet is The packet encapsulates the two-layer label and sends it to the third ASBR 303. The third ASBR 303 first determines the VPLS to which it belongs according to the inner label: VPLS 1, and then performs FDB table lookup; if no related entry is found, the third ASBR 303 All local interfaces of VPLS 1 and other autonomy The PW interface between the ASBRs directly connected to the system broadcasts the source MAC address learning. The data is encapsulated on the label of the fourth ASBR 304 for the VPLS 1 to the third ASBR 303, and sent to the fourth ASBR 304. The fourth ASBR The subsequent operations of the 304 are the same as the second ASBR 302 received by the first ASBR 301 in the first case communication process; the final message arrives at the fifth CE router 205, and the PE router and the ASBR along the way source. The MAC address is learned such that the data path between the first CE router 201 and the fifth CE router 205 is formed.
本发明实施例通过只建立自治系统内的服务提供商边缘路由器之间的虚 链路,以及在自治系统之间针对每个虚拟专用局域网服务实例只建立一条虚链 路, 从而减少了虚链路的建立复杂度, 同时由于只建立一条虚链路, 自治系统 间的报文不会被多次重复发送, 也提高了自治系统之间带宽的利用率。  The embodiment of the present invention reduces the virtual link by establishing only a virtual link between the service provider edge routers in the autonomous system and establishing only one virtual link between the autonomous systems for each virtual private local area network service instance. The complexity of the establishment, and because only one virtual link is established, the packets between the autonomous systems are not repeatedly sent, which also improves the bandwidth utilization between the autonomous systems.
本发明实施例通过在各自治系统边界路由器接收到路由信息之后,设置边 缘网关协议的团体属性以使接收到的路由信息不再被转发给其他邻居,以减少 资源的浪费。  After receiving the routing information by the border routers of the autonomous systems, the community attribute of the edge gateway protocol is set to prevent the received routing information from being forwarded to other neighbors to reduce the waste of resources.
本发明实施例通过地址学习功能, 可以记录未知地址 4艮文的转发路径信 息,在转发报文的过程中只需要对第一包报文进行广播, 以后就可以按照表项 直接转发, 从而减少了重复报文的发送, 提高了报文转发的效率。  In the embodiment of the present invention, the address learning function can be used to record the forwarding path information of the unknown address. In the process of forwarding the packet, only the first packet packet needs to be broadcasted, and then the packet can be directly forwarded according to the entry, thereby reducing Repeated packet transmission improves the efficiency of packet forwarding.
以上对本发明所提供的一种实现分层虚拟专用局域网服务的方法进行了 上实施例的说明只是用于帮助理解本发明的方法及其核心思想; 同时,对于本 领域的一般技术人员,依据本发明的思想,在具体实施方式及应用范围上均会 有改变之处, 综上所述, 本说明书内容不应理解为对本发明的限制。  The foregoing description of the method for implementing the layered virtual private local area network service provided by the present invention is only for helping to understand the method of the present invention and its core idea; meanwhile, for those skilled in the art, according to the present invention The present invention is not limited by the scope of the present invention.

Claims

权 利 要 求 Rights request
1、 一种实现分层虚拟专用局域网服务的方法, 其特征在于, 包括步骤: 将虚拟专用局域网服务网络按自治系统划分;  A method for implementing a layered virtual private local area network service, comprising the steps of: dividing a virtual private local area network service network according to an autonomous system;
各自治系统内部的服务提供商边缘路由器之间建立网络连接,并针对每个 虚拟专用局域网服务实例建立服务提供商边缘路由器之间的虚链路;  Establishing a network connection between service provider edge routers within each autonomous system, and establishing a virtual link between service provider edge routers for each virtual private local area network service instance;
在进行通信的自治系统之间对每个虚拟专用局域网服务实例建立一条虚 链路;  Establishing a virtual link for each virtual private LAN service instance between the autonomous systems that communicate;
用户边缘路由器利用建立的虚链路进行通信。  The user edge router communicates using the established virtual link.
2、 根据权利要求 1所述的实现分层虚拟专用局域网服务的方法, 其特征 在于,所述在进行通信的自治系统之间针对每个虚拟专用局域网服务实例建立 一条虚链路的步骤包括:  2. The method for implementing a layered virtual private area network service according to claim 1, wherein the step of establishing a virtual link for each virtual private area network service instance between the autonomous systems that perform communication comprises:
在进行通信的第一自治系统与第二自治系统中,第一自治系统边界路由器 与第二自治系统边界路由器分别根据虚拟专用局域网服务实例创建网络层可 达性信息并分配标签块;  In the first autonomous system and the second autonomous system that perform communication, the first autonomous system border router and the second autonomous system border router respectively create network layer reachability information according to the virtual private local area network service instance and allocate the label block;
第一自治系统边界路由器将网络层可达性信息与标签块发送给第二自治 系统边界路由器;  The first autonomous system border router sends the network layer reachability information and the label block to the second autonomous system border router;
第二自治系统边界路由器根据自身的标识符从所述标签块中选择对应的 标签作为向第一自治系统边界路由器发送数据的多协议标签交换标签;  The second autonomous system border router selects a corresponding label from the label block according to its own identifier as a multi-protocol label switching label for transmitting data to the first autonomous system border router;
第一自治系统边界路由器与第二自治系统边界路由器分别接收对方发送 的路由信息,设置边缘网关协议的团体属性以使得接收到的路由信息不再被转 发给其他邻居。  The first autonomous system border router and the second autonomous system border router respectively receive the routing information sent by the other party, and set the community attribute of the edge gateway protocol so that the received routing information is no longer forwarded to other neighbors.
3、 根据权利要求 2所述的实现分层虚拟专用局域网服务的方法, 其特征 在于, 所述用户边缘路由器利用建立的虚链路进行通信的步骤包括:  The method for implementing the hierarchical virtual private local area network service according to claim 2, wherein the step of the user edge router communicating by using the established virtual link includes:
第一用户边缘路由器将报文发送给用户侧服务提供商边缘路由器; 用户侧服务提供商边缘路由器将所述报文转发给自治系统边界路由器; 自治系统边界路由器将所述报文转发给第二用户边缘路由器;  The first user edge router sends the message to the user side service provider edge router; the user side service provider edge router forwards the message to the autonomous system border router; the autonomous system border router forwards the message to the second User edge router;
第二用户边缘路由器向第一用户边缘路由器回应报文。  The second user edge router responds to the first user edge router with a message.
4、 根据权利要求 3所述的实现分层虚拟专用局域网服务的方法, 其特征 在于,所述自治系统边界路由器将所述报文转发给第二用户边缘路由器的步骤 包括: The method for implementing a layered virtual private local area network service according to claim 3, wherein the step of forwarding the message by the autonomous system border router to the second user edge router Includes:
自治系统边界路由器给所述报文增加第二自治系统边界路由器在虚拟专 用局域网服务实例中为自治系统边界路由器分配的标签,封装成为多协议标签 交换报文并将其转发给第二自治系统边界路由器。  The autonomous system border router adds a label allocated by the second autonomous system border router to the autonomous system border router in the virtual private local area network service instance, encapsulates the packet into a multi-protocol label switching message, and forwards the packet to the second autonomous system boundary. router.
5、 根据权利要求 3所述的实现分层虚拟专用局域网服务的方法, 其特征 在于,所述用户侧服务提供商边缘路由器将所述报文转发给自治系统边界路由 器的步骤包括:  The method for implementing the layered virtual private area network service according to claim 3, wherein the step of forwarding the message by the user side service provider edge router to the autonomous system border router comprises:
用户侧服务提供商边缘路由器查询所属虚拟专用局域网服务实例; 根据报文中携带的地址在所述实例中进行转发数据库表查找 ,若找到对应 表项, 则将报文转发至该表项所指定的接口; 若未找到对应表项, 则将报文向 所述实例中的所有接口广播, 并进行地址学习。  The user-side service provider edge router queries the virtual private local area network service instance; forwards the database table in the instance according to the address carried in the packet, and if the corresponding entry is found, the packet is forwarded to the specified by the entry. If the corresponding entry is not found, the packet is broadcast to all interfaces in the instance, and address learning is performed.
6、 根据权利要求 5所述的实现分层虚拟专用局域网服务的方法, 其特征 在于, 按照以下步骤进行所述的地址学习:  6. The method for implementing a layered virtual private local area network service according to claim 5, wherein the address learning is performed according to the following steps:
接收正确接收到报文的接口发送的反馈信息;  Receiving feedback information sent by the interface that correctly received the packet;
记录与正确接收到报文的接口的通信路径并存储于转发数据库表中。 The communication path with the interface that received the message correctly is recorded and stored in the forwarding database table.
7、 根据权利要求 6所述的实现分层虚拟专用局域网服务的方法, 其特征 在于,存储在转发数据库表之后进一步包括步骤: 对超过老化门限时间不使用 的转发数据库表项进行老化。 The method for implementing a layered virtual private local area network service according to claim 6, wherein the storing the forwarding database table further comprises the step of: aging the forwarding database entry that is not used after the aging threshold time.
8、 根据权利要求 7所述的实现分层虚拟专用局域网服务的方法, 其特征 在于, 存储在转发数据库表之前进一步包括步骤: 设置老化门限时间。  8. The method for implementing a layered virtual private local area network service according to claim 7, wherein the storing before the forwarding of the database table further comprises the step of: setting an aging threshold time.
9、 根据权利要求 1所述的实现分层虚拟专用局域网服务的方法, 其特征 在于, 所述网络连接是全网状连接, 或者是通过路由反射器方式连接。  The method for implementing a layered virtual private local area network service according to claim 1, wherein the network connection is a full mesh connection or a route reflector connection.
10、 一种实现分层虚拟专用局域网服务的网络系统, 其特征在于, 所述虚 拟专用局域网服务网络按自治系统进行划分, 包括:  A network system for implementing a layered virtual private area network service, wherein the virtual private area network service network is divided according to an autonomous system, including:
服务提供商边缘路由器, 用于在各自治系统内部建立网络连接, 并针对每 个虚拟专用局域网服务实例建立虚链路;  a service provider edge router, configured to establish a network connection within each autonomous system, and establish a virtual link for each virtual private local area network service instance;
自治系统边界路由器,用于在进行通信的自治系统之间针对每个虚拟专用 局域网服务实例建立一条虚链路;  An autonomous system border router for establishing a virtual link for each virtual private area network service instance between autonomous systems that communicate;
用户边缘路由器, 用于利用建立的虚链路进行通信。 User edge router, used to communicate with the established virtual link.
11、 根据权利要求 10所述的实现分层虚拟专用局域网服务的网络系统, 其特征在于, 所述自治系统边界路由器包括: 11. The network system for implementing a layered virtual private area network service according to claim 10, wherein the autonomous system border router comprises:
信息产生单元,用于根据虚拟专用局域网服务实例创建网络层可达性信息 并分配标签块;  An information generating unit, configured to create network layer reachability information according to a virtual private local area network service instance and allocate a label block;
发送单元,用于将所述信息产生单元创建的网络层可达性信息及分配的标 签块发送给与之通信的自治系统边界路由器;  a sending unit, configured to send network layer reachability information created by the information generating unit and the allocated label block to an autonomous system border router that communicates with the same;
选择单元, 用于根据自身的标识符从所述标签块中选择对应的标签,作为 向与之通信的自治系统边界路由器发送数据的多协议标签交换标签;  a selecting unit, configured to select a corresponding label from the label block according to its own identifier, as a multi-protocol label switching label for transmitting data to an autonomous system border router that communicates with the same;
接收单元, 用于接收与之通信的自治系统边界路由器发送的路由信息; 设置单元, 用于设置边缘网关协议的团体属性。  a receiving unit, configured to receive routing information sent by an autonomous system border router that communicates with the setting unit, and a setting unit, configured to set a community attribute of the edge gateway protocol.
12、 根据权利要求 11所述的实现分层虚拟专用局域网服务的网络系统, 其特征在于, 还包括:  The network system for implementing the layered virtual private local area network service according to claim 11, further comprising:
报文封装单元,用于将用做通信的报文增加所述选择单元选择的多协议标 签交换标签, 并将其封装成为多协议标签交换报文,通过所述发送单元发送给 与之通信的自治系统边界路由器。  a message encapsulating unit, configured to add a multi-protocol label switching label selected by the selecting unit to a message used for communication, and encapsulate the packet into a multi-protocol label switching message, and send the message to the communication unit through the sending unit. Autonomous system border router.
13、 根据权利要求 10所述的实现分层虚拟专用局域网服务的网络系统, 其特征在于, 所述服务提供商边缘路由器包括:  13. The network system for implementing a layered virtual private area network service according to claim 10, wherein the service provider edge router comprises:
第一查找单元,用于查询该服务提供商边缘路由器所属的虚拟专用局域网 服务实例;  a first searching unit, configured to query a virtual private local area network service instance to which the service provider edge router belongs;
第二查找单元,用于根据用做通信的报文中携带的地址在所述实例中进行 转发数据库表查找;  a second searching unit, configured to perform a forwarding database table lookup in the instance according to an address carried in a message used for communication;
报文转发单元, 用于当所述第二查找单元找到对应表项时, 将所述报文转 发至该表项所指定的接口; 当所述第二查找单元未找到对应表项时,将所述报 文向所述实例中的所有接口广播;  a packet forwarding unit, configured to: when the second search unit finds the corresponding entry, forward the packet to an interface specified by the entry; when the second search unit does not find the corresponding entry, The message is broadcast to all interfaces in the instance;
地址学习单元, 用于当所述第二查找单元未找到对应表项时, 进行地址的 学习。  The address learning unit is configured to perform address learning when the second search unit does not find the corresponding entry.
14、 根据权利要求 13所述的实现分层虚拟专用局域网服务的网络系统, 其特征在于, 所述地址学习单元包括:  The network system for implementing the layered virtual private local area network service according to claim 13, wherein the address learning unit comprises:
接收子单元, 用于接收正确接收到报文的接口发送的反馈信息; 记录子单元, 用于根据所述接收子单元接收到的反馈信息, 记录与正确接 收到报文的接口的通信路径并存储于转发数据库表中。 a receiving subunit, configured to receive feedback information sent by an interface that correctly receives the packet; And a recording subunit, configured to record, according to the feedback information received by the receiving subunit, a communication path with an interface that correctly receives the message and store the data in a forwarding database table.
15、 根据权利要求 14所述的实现分层虚拟专用局域网服务的网络系统, 其特征在于, 所述地址学习单元还包括:  The network system for implementing the layered virtual private area network service according to claim 14, wherein the address learning unit further comprises:
处理子单元,用于对超过老化门限时间不使用的转发数据库表项进行老化 处理。  The processing sub-unit is used to perform aging processing on forwarding database entries that are not used after the aging threshold time.
16、 根据权利要求 15所述的实现分层虚拟专用局域网服务的网络系统, 其特征在于, 所述地址学习单元还包括:  The network system for implementing the layered virtual private local area network service according to claim 15, wherein the address learning unit further comprises:
预置子单元, 用于设置老化门限时间。  Preset subunit, used to set the aging threshold time.
17、 根据权利要求 10所述的实现分层虚拟专用局域网服务的网络系统, 其特征在于, 所述用户边缘路由器包括:  The network system for implementing a layered virtual private local area network service according to claim 10, wherein the user edge router comprises:
报文发送单元, 用于将报文发送给服务提供商边缘路由器。  A message sending unit, configured to send the message to the service provider edge router.
18、 根据权利要求 10所述的实现分层虚拟专用局域网服务的网络系统, 其特征在于, 所述网络连接是全网状连接, 或者是通过路由反射器方式连接。  18. The network system for implementing a layered virtual private area network service according to claim 10, wherein the network connection is a full mesh connection or is connected by a route reflector.
PCT/CN2007/070200 2006-07-14 2007-06-28 Method of realizing hierarchy-virtual private lan service and network system WO2008011818A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200610099413.5 2006-07-14
CN2006100994135A CN101106507B (en) 2006-07-14 2006-07-14 A method for realizing hierarchical VLAN

Publications (1)

Publication Number Publication Date
WO2008011818A1 true WO2008011818A1 (en) 2008-01-31

Family

ID=38981148

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2007/070200 WO2008011818A1 (en) 2006-07-14 2007-06-28 Method of realizing hierarchy-virtual private lan service and network system

Country Status (2)

Country Link
CN (1) CN101106507B (en)
WO (1) WO2008011818A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114650248A (en) * 2020-12-02 2022-06-21 中国电信股份有限公司 Method and system for processing routing information and boundary router of autonomous system
CN116010130A (en) * 2023-01-30 2023-04-25 中科驭数(北京)科技有限公司 Cross-card link aggregation method, device, equipment and medium for DPU virtual port
CN116010130B (en) * 2023-01-30 2024-04-19 中科驭数(北京)科技有限公司 Cross-card link aggregation method, device, equipment and medium for DPU virtual port

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102347889B (en) * 2010-08-04 2014-08-13 杭州华三通信技术有限公司 Message forwarding method, system and device in H-VPLS (Hierarchical Virtual Private local area network service)
CN103457854B (en) * 2013-09-16 2017-03-08 杭州华三通信技术有限公司 A kind of message forwarding method and equipment
US10015073B2 (en) 2015-02-20 2018-07-03 Cisco Technology, Inc. Automatic optimal route reflector root address assignment to route reflector clients and fast failover in a network environment
CN106856446B (en) * 2015-12-09 2019-12-10 中国电信股份有限公司 Method and system for improving virtual network reliability
CN107040442B (en) * 2015-12-30 2020-07-28 丛林网络公司 Communication method, communication system and cache router of metropolitan area transport network
US10523560B2 (en) * 2017-07-28 2019-12-31 Juniper Networks, Inc. Service level agreement based next-hop selection
CN109818860B (en) * 2017-11-20 2022-04-01 中兴通讯股份有限公司 Method for establishing virtual link, router and storage medium
CN111600795B (en) * 2020-05-26 2023-07-18 新华三信息安全技术有限公司 Virtual edge device establishing method, controller and server
CN113765803B (en) * 2021-08-05 2023-10-24 新华三大数据技术有限公司 Route release method and device and network equipment

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020037010A1 (en) * 2000-09-28 2002-03-28 Nec Corporation MPLS-VPN service network
CN1705307A (en) * 2004-06-03 2005-12-07 华为技术有限公司 Method for implementing VLAN based L2VPN

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003092586A (en) * 2001-09-18 2003-03-28 Fujitsu Ltd Layer 2-vpn relaying system
US20030152075A1 (en) * 2002-02-14 2003-08-14 Hawthorne Austin J. Virtual local area network identifier translation in a packet-based network
US6970464B2 (en) * 2003-04-01 2005-11-29 Cisco Technology, Inc. Method for recursive BGP route updates in MPLS networks

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020037010A1 (en) * 2000-09-28 2002-03-28 Nec Corporation MPLS-VPN service network
CN1705307A (en) * 2004-06-03 2005-12-07 华为技术有限公司 Method for implementing VLAN based L2VPN

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
LI G. ET AL.: "Analysis of the MPLS VPN technology", COMPUTER AND INFORMATION TECHNOLOGY, vol. 14, no. 1, February 2006 (2006-02-01), pages 33 - 37 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114650248A (en) * 2020-12-02 2022-06-21 中国电信股份有限公司 Method and system for processing routing information and boundary router of autonomous system
CN114650248B (en) * 2020-12-02 2023-07-18 中国电信股份有限公司 Processing method and system of routing information and autonomous system boundary router
CN116010130A (en) * 2023-01-30 2023-04-25 中科驭数(北京)科技有限公司 Cross-card link aggregation method, device, equipment and medium for DPU virtual port
CN116010130B (en) * 2023-01-30 2024-04-19 中科驭数(北京)科技有限公司 Cross-card link aggregation method, device, equipment and medium for DPU virtual port

Also Published As

Publication number Publication date
CN101106507A (en) 2008-01-16
CN101106507B (en) 2010-09-08

Similar Documents

Publication Publication Date Title
WO2008011818A1 (en) Method of realizing hierarchy-virtual private lan service and network system
JP4531063B2 (en) System and method for guaranteeing service quality in virtual private network
JP4183379B2 (en) Network and edge router
CN100563190C (en) Realize the method and system of hierarchical virtual private switch service
US7339929B2 (en) Virtual private LAN service using a multicast protocol
US7733876B2 (en) Inter-autonomous-system virtual private network with autodiscovery and connection signaling
EP1816796B1 (en) Bi-directional forwarding in ethernet-based service domains over networks
US20140219135A1 (en) Virtual Private Network Implementation Method and System Based on Traffic Engineering Tunnel
CN100442770C (en) Method for realizing muti-casting in BGP/MPLS VPN
CN102413060B (en) User private line communication method and equipment used in VPLS (Virtual Private LAN (Local Area Network) Service) network
WO2006005260A1 (en) A virtual private network and the method for the control and transmit of the route
EP1811728B2 (en) Method, system and device of traffic management in a multi-protocol label switching network
US20100118882A1 (en) Method, Apparatus, and System For Packet Transmission
WO2005011197A1 (en) Method of multi-port virtual local area network (vlan) supported by multi-protocol label switch (mpls)
WO2009135404A1 (en) Layer two virtual private network cross-domain implementation (l2vpn) method, system and device
WO2010135957A1 (en) Virtual private network message forwarding method and routing label assignment and deletion method thereof
WO2011060667A1 (en) Method and device for link protection in virtual private local area network
WO2006002598A1 (en) A vpn system of a hybrid-site hybrid backbone network and an implementing method thereof
WO2011113340A1 (en) Access method and apparatus for multi-protocol label switching layer 2 virtual private network
WO2007062592A1 (en) A system, a method, and a router device of layer 2 virtual private network for interconnecting point/multi-points and multi-points
WO2014194711A1 (en) Packet processing method, device label processing method, and device
WO2008014723A1 (en) Method and device for implementing vpn based on ipv6 address structure
WO2007112691A1 (en) System, method and network device for vpn customer to access public network
WO2013139159A1 (en) Method for forwarding packet in network and provider edge device
WO2013139270A1 (en) Method, device, and system for implementing layer3 virtual private network

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07764129

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

NENP Non-entry into the national phase

Ref country code: RU

122 Ep: pct application non-entry in european phase

Ref document number: 07764129

Country of ref document: EP

Kind code of ref document: A1