CN102098202A - Virtual private topology control method, device and system - Google Patents
Virtual private topology control method, device and system Download PDFInfo
- Publication number
- CN102098202A CN102098202A CN 200910254342 CN200910254342A CN102098202A CN 102098202 A CN102098202 A CN 102098202A CN 200910254342 CN200910254342 CN 200910254342 CN 200910254342 A CN200910254342 A CN 200910254342A CN 102098202 A CN102098202 A CN 102098202A
- Authority
- CN
- China
- Prior art keywords
- message
- access control
- address
- described message
- mac
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 64
- 230000005540 biological transmission Effects 0.000 claims description 30
- 230000000295 complement effect Effects 0.000 claims description 17
- 238000004891 communication Methods 0.000 abstract description 3
- 238000001914 filtration Methods 0.000 description 9
- 238000005516 engineering process Methods 0.000 description 5
- 239000000203 mixture Substances 0.000 description 4
- 238000005538 encapsulation Methods 0.000 description 2
- 239000002699 waste material Substances 0.000 description 2
- 238000004220 aggregation Methods 0.000 description 1
- 230000002776 aggregation Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 239000012467 final product Substances 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
Images
Landscapes
- Small-Scale Networks (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the invention relates to the field of communication, and discloses a virtual private topology control method, a virtual private topology control device and a virtual private topology control system. The method comprises the following steps of: receiving a message transmitted by customer edge equipment, wherein the message comprises a source media access control (MAC) address and a destination MAC address of the message; when an out port of the message corresponds to a pseudo wire, determining whether to send the message out according to the source MAC address and the destination MAC address in the message and an operation matching table of the message; and if the message is determined to be sent out, sending the message to operator edge equipment at the destination end of the message. The method, the device and the system are mainly used in a process of the virtual private topology control, and can realize the virtual private topology control and simultaneously avoid sending an unnecessary message into a network, thereby saving network sources.
Description
Technical field
The present invention relates to the communications field, relate in particular to a kind of Virtual Private Network topology control method, Apparatus and system.
Background technology
Traditional local area network (LAN) couples together main frame with shared medium, but some wishes that the main frame of forming local area network (LAN) is distributed in different regions, and these different regions are to connect by WAN (Wide Area Network, wide area network).For the site hosts that a group is distributed in different regions couples together, produced the demand of utilizing WAN to come a virtual local area network (LAN).VPN (Virtual Private Network, Virtual Private Network) technology proposes thereupon.VPLS (Virtual Private LAN Service, the private virtual lan business) be exactly to utilize the common share communication network that the business of virtual ethernet local area network is provided, be a kind of at MPLS (Multi ProtocolLabel Switching, multiprotocol label switching) provides similar LAN (Local Area Network on the network, local area network (LAN)) a kind of business, the point while access network that it can make the user disperse from a plurality of geographical position, visit mutually is just as these points directly are linked on the LAN.
The VPLS technology can be provided at L2VPN (the Layer 2 Virtual PrivateNetwork on the shared Wide Area Network, Layer 2 virtual private network) business, but all provide PE (the Provider Edge of same VPN the VPLS specification requirement, provider edge equipment) node PW (Pseudo Wire, pseudo-line) couples together entirely, and further develop along with vpn service at present, the website that belongs to a VPN does not need to communicate to connect with all other website.This VPLS technology is applied in the metropolitan area networking, and some access nodes only need link to each other with aggregation node, and does not need between the access node to connect.In addition, from network itself, the full connection takies more connection resource, increases maintenance cost.For broadcasting packet, when interconnection PE number was N, a PE need duplicate N-1 time message before transmission, causes and duplicates time delay.
Adopt L bit scheme to address the above problem at present, this L bit scheme is specially: as source end PE (Provider Edge, when provider edge equipment) message of transmission PW encapsulation is to destination PE, carry a CW (control word in the PW encapsulation, control word), whether a bit is arranged among the CW, be called L bit, indicating message source is from a leaf (leaf) port.If message is from a leaf port, then L bit set.After destination PE received message, according to the attribute of the destination interface of L bit and message, decision sent and still abandons this message.Wherein, Virtual Private Network has certain transmission rule when message transmission, described transmission rule is: attribute is CE (the Customer Edge of leaf (leaf), customer edge devices) port, can only be that the CE port of root (root) is connected with attribute, attribute is the CE port of root, can be connected with the CE port of any attribute.Therefore after described destination PE receives message, need be according to the attribute of the destination interface of L bit and message, decision sends and still abandons this message.For example, if message from a leaf port, and the destination interface of described message also is a leaf port, then destination PE will receive packet loss.
State in realization in the process of virtual private net topology control, the inventor finds that there are the following problems at least in the prior art: because whether the PE of the indeterminate eye end of PE of the source end of transmission message exists root (root) port.When there is not the root port in the message destination, and the message source port is when also being a leaf port, and message can abandon at purpose PE, but this message still transmits in network, causes waste of network resources.In the practical application, the root port number is less, and more PE has only the leaf port case, and the situation of this kind waste Internet resources is more outstanding.
Summary of the invention
Technical problem to be solved by this invention is to provide a kind of Virtual Private Network topology control method, Apparatus and system, can avoid unnecessary message to send in the network when realization is controlled the virtual private net topology, saves Internet resources.
For solving the problems of the technologies described above, embodiments of the invention adopt following technical scheme:
A kind of Virtual Private Network topology control method comprises:
Receive the message that customer edge devices sends, comprise the source MAC and the target MAC (Media Access Control) address of message in the described message;
When the corresponding pseudo-line of the outbound port of described message, determine whether described message is sent according to the source MAC in the described message, target MAC (Media Access Control) address and to the operation matching list of message;
If determine described message is sent, then described message sent to the provider edge equipment of message destination.
A kind of Virtual Private Network topology control method comprises:
Receive the message of the provider edge equipment transmission of message source end, comprise the source MAC and the target MAC (Media Access Control) address of message in the described message;
Determine described message not to be sent to corresponding purpose customer edge devices according to the source MAC in the described message, target MAC (Media Access Control) address and descending Access Control List (ACL), described descending Access Control List (ACL) comprises: message source MAC Address, message target MAC (Media Access Control) address and to the operation of matching message;
If determine described message is sent, then described message sent to corresponding purpose customer edge devices.
A kind of message source end provider edge equipment comprises:
The message receiving element is used to receive the message that customer edge devices sends, and comprises the source MAC and the target MAC (Media Access Control) address of message in the described message;
First determining unit is used for when the corresponding pseudo-line of the outbound port of described message, determines whether described message is sent according to the source MAC in the described message, target MAC (Media Access Control) address and to the operation matching list of message;
Transmitting element is used for described message being sent to the provider edge equipment of message destination when described determining unit is determined described message sent.
A kind of message destination provider edge equipment comprises:
The message receiving element is used to receive the message that the provider edge equipment of message source end sends, and comprises the source MAC and the target MAC (Media Access Control) address of message in the described message;
Determining unit, the source MAC, target MAC (Media Access Control) address and the descending Access Control List (ACL) that are used for according to described message determine described message not to be sent to corresponding purpose customer edge devices, and described descending Access Control List (ACL) comprises: message source MAC Address, message target MAC (Media Access Control) address and to the operation of matching message;
Transmitting element is used for when described determining unit is determined described message sent described message being sent to corresponding purpose customer edge devices.
A kind of virtual private net topology control system comprises:
Message source end provider edge equipment is used to receive the message that customer edge devices sends, and comprises the source MAC and the target MAC (Media Access Control) address of message in the described message; When the corresponding pseudo-line of the outbound port of described message, determine whether described message is sent according to the source MAC in the described message, target MAC (Media Access Control) address and up Access Control List (ACL); If determine described message is sent, then described message sent to the provider edge equipment of message destination;
Message destination provider edge equipment is used to receive the message that the provider edge equipment of message source end sends, and comprises the source MAC and the target MAC (Media Access Control) address of message in the described message; Determine described message not to be sent to corresponding purpose customer edge devices according to the source MAC in the described message, target MAC (Media Access Control) address and descending Access Control List (ACL), described descending Access Control List (ACL) comprises: message source MAC Address, message target MAC (Media Access Control) address and to the operation of matching message; If determine described message is sent, then described message sent to corresponding purpose customer edge devices.
A kind of virtual private net topology control system comprises:
Message source end provider edge equipment is used to receive the message that customer edge devices sends, and comprises the source MAC and the target MAC (Media Access Control) address of message in the described message; When the corresponding pseudo-line of the outbound port of described message, determine whether described message is sent according to the source MAC in the described message, target MAC (Media Access Control) address and filter table; If determine described message is sent, then described message is sent to the provider edge equipment of message destination, carry indication information in the described message, be used to indicate the attribute of described message source end customer edge devices;
Message destination provider edge equipment is used to receive the message that the provider edge equipment of message source end sends, and carries indication information in the described message, is used to indicate the attribute of described message source end customer edge devices; Determine whether described message is sent according to described indication information and message destination provider edge equipment port attribute; If determine described message is sent, then described message sent to corresponding purpose customer edge devices.
In the technical solution of the present invention, when pseudo-line of outbound port correspondence of the message that receives, determine whether described message is sent according to the source MAC in the described message, target MAC (Media Access Control) address and to the operation matching list of message, if determine described message is sent, then described message sent to the provider edge equipment of message destination; Technical solution of the present invention is before sending to destination with message, according to the operation matching list that is provided with described message is mated filtration earlier to message, when definite described message can send, just described message is sent, avoid unnecessary message to send in the network, saved Internet resources; And owing to described message is being mated in the process of filtration, only the message that can send sends to corresponding port, promptly only sets up virtual link for the message that can send in the transmission course of message, thereby realizes the control to the virtual private net topology.
Description of drawings
In order to be illustrated more clearly in the embodiment of the invention or technical scheme of the prior art, to do to introduce simply to the accompanying drawing of required use in embodiment or the description of the Prior Art below, apparently, accompanying drawing in describing below only is some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is the flow chart of Virtual Private Network topology control method in the embodiment of the invention 1;
Fig. 2 is the composition frame chart of message source end provider edge equipment in the embodiment of the invention 1;
Fig. 3 is the flow chart of message source end Virtual Private Network topology control method in the embodiment of the invention 2;
Fig. 4 is a Virtual Private Network topological structure schematic diagram in the embodiment of the invention 2 and 3;
Fig. 5 is the flow chart of message destination Virtual Private Network topology control method in the embodiment of the invention 2;
Fig. 6 is the composition frame chart of message source end provider edge equipment in the embodiment of the invention 2;
Fig. 7 is the composition frame chart of message destination provider edge equipment in the embodiment of the invention 2;
Fig. 8 is the flow chart of message source end Virtual Private Network topology control method in the embodiment of the invention 3;
Fig. 9 is the composition frame chart of message source end provider edge equipment in the embodiment of the invention 3.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the invention, the technical scheme in the embodiment of the invention is clearly and completely described, obviously, described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that is obtained under the creative work prerequisite.
The embodiment of the invention provides a kind of Virtual Private Network topology control method, and as shown in Figure 1, this method comprises:
101, receive the message that customer edge devices sends, comprise the source MAC and the target MAC (Media Access Control) address of message in the described message.
102, when the corresponding pseudo-line of the outbound port of described message, determine whether described message is sent according to the source MAC in the described message, target MAC (Media Access Control) address and to the operation matching list of message.
Wherein, described operation matching list to message comprises: up Access Control List (ACL) or filter table; Described up Access Control List (ACL) comprises the pseudo-line of message source MAC Address, purpose, message target MAC (Media Access Control) address and to the operation of matching message; Described filter table comprises the far-end provider edge equipment port attribute of the pseudo-line of message source port attribute, purpose, the pseudo-line of purpose and to the operation of matching message.
When described operation matching list to message is up Access Control List (ACL), described according to the source MAC in the described message, target MAC (Media Access Control) address and to the operation matching list of message determine whether with described message send for: determine whether described message is sent according to the source MAC in the described message, target MAC (Media Access Control) address and described up Access Control List (ACL); When described operation matching list to message is filter table, at first need to obtain the message source port attribute corresponding with described message source MAC Address according to mac address learning table, and the pseudo-line far-end of the purpose corresponding with described message target MAC (Media Access Control) address provider edge equipment port attribute; And the far-end provider edge equipment port attribute of corresponding message source port attribute, purpose puppet line in the far-end provider edge equipment port attribute of the pseudo-line of the described message source port attribute that obtains, purpose and the described filter table is mated described according to the source MAC in the described message, target MAC (Media Access Control) address and to the operation matching list of message, determine whether with described message send for: determine whether described message is sent according to the source MAC in the described message, target MAC (Media Access Control) address and described filter table.
103, if determine described message is sent, then described message is sent to the provider edge equipment of message destination.
Wherein, described when described message is sent to the provider edge equipment of message destination when determining according to described up access control list described message sent, comprise described message source MAC Address and message target MAC (Media Access Control) address in the described message; When described message being sent according to described filter table is definite, it is described when described message is sent to the provider edge equipment of message destination, comprise described message source MAC Address in the described message, message target MAC (Media Access Control) address and indication information, described indication information is used to indicate the attribute of described message source end customer edge devices port, described port attribute, be meant the topological attribute of customer edge devices in Virtual Private Network that port connects, described topological attribute comprises root attribute and leaf attribute, be that described message source end customer edge devices port is that root (root) port still is leaf (leaf) port, described port can be physical port, also can be logic port.
The embodiment of the invention provides a kind of message source end provider edge equipment, and as shown in Figure 2, this equipment comprises: message receiving element 201, first determining unit 202 and transmitting element 203.
When described operation matching list to message is filter table, at first need to obtain the message source port attribute corresponding with described message source MAC Address according to mac address learning table, and the pseudo-line far-end of the purpose corresponding with described message target MAC (Media Access Control) address provider edge equipment port attribute; And the far-end provider edge equipment port attribute of corresponding message source port attribute, purpose puppet line in the far-end provider edge equipment port attribute of the pseudo-line of the described message source port attribute that obtains, purpose and the described filter table mated, determine whether described message is sent.
Transmitting element 203 is used for described message being sent to the provider edge equipment of message destination when described first determining unit 202 is determined described message sent.
In the embodiment of the invention, when pseudo-line of outbound port correspondence of the message that receives, determine whether described message is sent according to the source MAC in the described message, target MAC (Media Access Control) address and to the operation matching list of message, if determine described message is sent, then described message sent to the provider edge equipment of message destination; The embodiment of the invention is before sending to destination with message, according to the operation matching list that is provided with described message is mated filtration earlier to message, when definite described message can send, just described message is sent, avoid unnecessary message to send in the network, saved Internet resources; And owing to described message is being mated in the process of filtration, only the message that can send sends to corresponding port, promptly only sets up virtual link for the message that can send in the transmission course of message, thereby realizes the control to the virtual private net topology.
Embodiment 2
The embodiment of the invention provides a kind of Virtual Private Network topology control method, this method is the Virtual Private Network topology control method of message source end, be specially PE (the Provider Edge of message source end, provider edge equipment) according to up ACL (Access Control List, Access Control List (ACL)) determines whether Virtual Private Network topology control method that message is sent, as shown in Figure 3, this method comprises:
When implementing the embodiment of the invention, at first need to be provided with up ACL table, after described up ACL table is set, when the PE of message source end receives CE (Customer Edge, customer edge devices) message of Fa Songing, and the outbound port of judging described message is PW (Pseudo Wire, pseudo-line) time, the PE of described message source end determines whether described message is sent according to the up ACL table of the message source MAC Address that comprises in the described message and message target MAC (Media Access Control) address and described setting, when determining described message to be sent, the PE of message source end just sends described message.The embodiment of the invention will be in conjunction with the concrete Virtual Private Network topology control method of setting forth described message source end of Fig. 4, and for convenience, the PE of described message source end is set to PE1, and the PE of described message destination is set to PE2.As shown in Figure 4, by PE1, PE2 forms a L2VPN, is a MPLS network between PE1 and the PE2, connects by PW12 respectively for A, B, C, E, five CE websites of F.Existing A and F port are the root ports, and the connection of requirement is, the root port, i.e. and A, F can be communicated with other all of the port, and the leaf port, i.e. B, C can not be communicated with between the E.Also have PE3 also to have the CE website to belong to this L2VPN in addition, all CE that PE3 connects are leaf nodes.
301, receive the message that PE2 sends, comprise the MAC Address of root (root) customer edge devices in the customer edge devices that PE2 connects in the described message.
302, after the MAC Address that receives the root customer edge devices that described PE2 comprises, according to the MAC Address of described customer edge devices with pre-set rule described up ACL table is set.Described up ACL table comprises message source MAC Address (S-MAC), the pseudo-line (T-PW) of purpose, message target MAC (Media Access Control) address (D-MAC) and to the operation of matching message.
Wherein, the described rule that pre-sets is: attribute is the CE port of leaf (leaf), can only be that the CE port of root (root) is connected with attribute, and attribute is the CE port of root, can be connected with the CE port of any attribute.
Up ACL table is set in conjunction with Fig. 4 according to above-mentioned preset rules, the up ACL table of setting is specifically as shown in table 1:
| S-MAC | T-PW | D-MAC | Operation |
| MAC-A | any | any | send |
| any | PW12 | MAC-F | send |
| any | PW12 | multicast | send |
| any | any | any | discard |
Table 1
303, receive the message that customer edge devices sends, comprise the source MAC and the target MAC (Media Access Control) address of message in the described message.Sending message with C to F in the embodiment of the invention is example, specifically sets forth the Virtual Private Network topology control method.
304, judge corresponding port that pseudo-line still is a message source end provider edge equipment of outbound port of described message according to the mac learning table; If when judging the corresponding pseudo-line of the outbound port of described message, execution in step 305; If judge when the outbound port of described message is the port of message source end provider edge equipment execution in step 308.
305, corresponding message source MAC Address and target MAC (Media Access Control) address in described message source MAC Address, target MAC (Media Access Control) address and the described ACL table are mated.
The message source MAC Address is MAC-C in the embodiment of the invention, the message target MAC (Media Access Control) address is MAC-F, source MAC and target MAC (Media Access Control) address in described message source MAC Address MAC-C and message target MAC (Media Access Control) address MAC-F and the table 1 are mated, then in table 1, obtain occurrence, i.e. (a S-MAC, T-PW, D-MAC, operation) be (any, PW12, MAC-F, send).
306, determine whether described message is sent according to the operation to matching message in the occurrence that is complementary with described message source MAC Address and target MAC (Media Access Control) address, described operation to matching message comprises and sends or abandon.If determine described message is sent, then execution in step 307; Otherwise with described packet loss.
Wherein, the operation to matching message in the occurrence that described basis and described message source MAC Address and target MAC (Media Access Control) address are complementary determines whether described message sent specifically and comprises: if described to matching message be operating as send (transmission) time, described message is sent to the PE2 of described message destination, if it is described when being operating as of matching message abandoned, with described packet loss, do not send described message to the PE2 of described message destination.
In the present embodiment, the occurrence that the message from C to F obtains in ACL table for (any, PW12, MAC-F, send) since in the described occurrence to the send that is operating as of matching message, then determine described message to be sent execution in step 307.
307, described message is sent to the provider edge equipment of message destination, in the embodiment of the invention described message from C to F is sent to PE2, process finishes.
308, according to the attribute of the inbound port of described message and the attribute of described outbound port, the port of determining described message is transmitted to corresponding message source end provider edge equipment is still with described packet loss, and carries out corresponding operation, and process finishes.
Wherein, according to the attribute of the inbound port of described message and the attribute of described outbound port, determine that the port that described message is transmitted to corresponding message source end provider edge equipment still is specially described packet loss: the attribute that obtains the message source CE port corresponding with described message source MAC Address according to mac address learning table, and the attribute of the message purpose CE port of described message target MAC (Media Access Control) address correspondence, according to the attribute of described message source CE port and the attribute of described message purpose CE port, and the Virtual Private Network transmission rule is determined described message is sent to corresponding C E port still with described packet loss.
The embodiment of the invention also provides a kind of Virtual Private Network topology control method, this method is the Virtual Private Network topology control method of message destination, be specially when the provider edge equipment of message source end sends message according to described message source MAC Address, target MAC (Media Access Control) address and descending Access Control List (ACL) are definite, the Virtual Private Network topology control method of message destination, as shown in Figure 5, this method comprises:
When implementing the embodiment of the invention, at first need to be provided with descending ACL table, after described descending ACL table is set, when the PE of message destination receives the message that the PE of message source end sends, the PE of described message destination determines whether described message is sent according to the descending ACL table of the message source MAC Address that comprises in the described message and message target MAC (Media Access Control) address and described setting, when determining described message to be sent, the PE of message destination just sends described message.Therefore when implementing the embodiment of the invention, described descending ACL table need be set earlier.
401, receive the message that described message source end provider edge equipment sends, comprise the MAC Address of the root customer edge devices in the customer edge devices that message source end provider edge equipment connected in the described message.
Wherein, concrete described message can adopt LDP (tag distribution protocol) expansion (RFC5036), but inventive embodiments does not limit this; The expansion of described LDP (RFC5036) is as carrying described indication information for expansion LDPnotify message or hello message in PW status TLV.The definition of message format is not an emphasis of the present invention, and those skilled in the art does not need creative work to define.
402, after the MAC Address that receives described customer edge devices, according to the MAC Address of described customer edge devices with pre-set rule described descending Access Control List (ACL) is set.Described descending ACL comprises message source MAC Address (S-MAC), message target MAC (Media Access Control) address (D-MAC) and to the operation of matching message.
Wherein, the described rule that pre-sets is: attribute is the CE port of leaf (leaf), can only be that the CE port of root (root) is connected with attribute, and attribute is the CE port of root, can be connected with the CE port of any attribute.According to above-mentioned preset rules and in conjunction with Fig. 4, descending ACL table is set, the descending ACL table of setting is specifically as shown in table 2:
| S-MAC | D-MAC | Operation |
| MAC-A | any | continue |
| any | multicast | Send?to?protF |
| any | MAC-F | continue |
| any | any | discard |
Table 2
403, when the provider edge equipment PE of message source end when the PE of described message destination sends described message, the PE of described message destination receives the message that the PE of message source end sends, and comprises the source MAC and the target MAC (Media Access Control) address of message in the described message.
404, determine described message not to be sent to corresponding purpose customer edge devices according to the source MAC in the described message, target MAC (Media Access Control) address and described descending ACL table.If determine described message is sent to corresponding purpose customer edge devices, then execution in step 405; Otherwise with described packet loss.
Wherein, describedly determine that according to the source MAC in the described message, target MAC (Media Access Control) address and descending Access Control List (ACL) described message not being sent to corresponding purpose customer edge devices comprises: message source MAC Address and target MAC (Media Access Control) address mated during described message source MAC Address, target MAC (Media Access Control) address were shown with described descending ACL; Occurrence as if obtaining being complementary with described message source MAC Address and target MAC (Media Access Control) address then determines whether described message is sent according to the operation to matching message in the described occurrence, and described operation to matching message comprises transmission or abandons.
Wherein, the operation to matching message in the occurrence that described basis and described message source MAC Address and target MAC (Media Access Control) address are complementary determines whether described message sent specifically and comprises: if described to matching message be operating as continue (continuation) time, described message is sent to corresponding purpose customer edge devices, and the purpose customer edge of described correspondence is determined according to mac address learning table by described PE; If described to matching message be operating as discard (abandoning) time, with described packet loss, the purpose customer edge devices to correspondence does not send described message.
405, described message is sent to corresponding purpose customer edge devices, process finishes.
At said method embodiment, the embodiment of the invention also provides a kind of message source end provider edge equipment, as shown in Figure 6, this message source end provider edge equipment comprises: the energy 201, first determining unit 202, transmitting element 203, the first message sink unit 204, first that message receives are provided with unit 205, judging unit 206 and second determining unit 207.
The first message sink unit 204 is used to receive the message that described message destination provider edge equipment (PE) sends, and comprises the MAC Address of the root customer edge devices in the customer edge devices that message destination provider edge equipment connected in the described message; After the MAC Address that receives described customer edge devices, first is provided with unit 205, is used for according to the MAC Address of described customer edge devices and pre-sets rule described up access control list (ACL) is set.Described up ACL table comprises message source MAC Address (S-MAC), the pseudo-line (T-PW) of purpose, message target MAC (Media Access Control) address (D-MAC) and to the operation of matching message.
Wherein, the described rule that pre-sets is: attribute is the CE port of leaf (leaf), can only be that the CE port of root (root) is connected with attribute, and attribute is the CE port of root, can be connected with the CE port of any attribute.
When CE (Customer Edge, customer edge devices) when the PE of message source end sends message, message receiving element 201 is used to receive the message that CE sends, and comprises the source MAC and the target MAC (Media Access Control) address of message in the described message; After receiving described message, judging unit 205 is used for judging that according to the mac learning table outbound port of described message is the port of pseudo-line or message source end provider edge equipment; When described judging unit 205 is judged pseudo-line of outbound port correspondence of described message, first determining unit 202, the source MAC, target MAC (Media Access Control) address and the described up ACL table that are used for according to described message determine whether described message is sent; When described first determining unit 202 was determined described message sent, transmitting element 203 was used for described message is sent to the PE of message destination.
When described judging unit 205 judges that the outbound port of described message is the port of message source end provider edge equipment, second determining unit 207, be used for according to the attribute of the inbound port of described message and the attribute of described outbound port, determine described message is transmitted to the port of corresponding message source end provider edge equipment still with described packet loss; Wherein, according to the attribute of the inbound port of described message and the attribute of described outbound port, determine that the port that described message is transmitted to corresponding message source end provider edge equipment still is specially described packet loss: the attribute that obtains the message source CE port corresponding with described message source MAC Address according to mac address learning table, and the attribute of the message purpose CE port of described message target MAC (Media Access Control) address correspondence, according to the attribute of described message source CE port and the attribute of described message purpose CE port, and the Virtual Private Network transmission rule is determined described message is sent to corresponding C E port still with described packet loss.
Wherein, described first determining unit 202 comprises: first matching module 2021 and first determination module 2022.
Wherein, the operation to matching message in the occurrence that described basis and described message source MAC Address and target MAC (Media Access Control) address are complementary determines whether described message sent specifically and comprises: if described when being operating as of matching message sent, described message is sent to the PE of described message destination, if it is described when being operating as of matching message abandoned, with described packet loss, do not send described message to the PE of described message destination.
At said method, the embodiment of the invention provides a kind of message destination provider edge equipment, as shown in Figure 7, this message destination provider edge equipment comprises: message sink unit 61, unit 62, message receiving element 63, determining unit 64 and transmitting element 65 are set.
When the provider edge equipment (PE) of message source end to described message destination to PE when sending described message, message receiving element 63 is used to receive the message that the PE of message source end sends, and comprises the source MAC and the target MAC (Media Access Control) address of message in the described message; After receiving described message, determining unit 64, the source MAC, target MAC (Media Access Control) address and the descending Access Control List (ACL) that are used for according to described message determine described message not to be sent to corresponding purpose CE, and described descending Access Control List (ACL) comprises: message source MAC Address, message target MAC (Media Access Control) address and to the operation of matching message; Wherein, describedly determine that according to the source MAC in the described message, target MAC (Media Access Control) address and descending Access Control List (ACL) described message not being sent to corresponding purpose customer edge devices comprises: message source MAC Address and target MAC (Media Access Control) address mated during described message source MAC Address, target MAC (Media Access Control) address were shown with described descending ACL; Occurrence as if obtaining being complementary with described message source MAC Address and target MAC (Media Access Control) address then determines whether described message is sent according to the operation to matching message in the described occurrence, and described operation to matching message comprises transmission or abandons.
Wherein, the operation to matching message in the occurrence that described basis and described message source MAC Address and target MAC (Media Access Control) address are complementary determines whether described message sent specifically and comprises: if described when being operating as of matching message continued, described message is sent to corresponding purpose customer edge devices, and described correspondence is that the purpose subscriber equipment has described PE to determine according to mac address learning table; If described when being operating as of matching message abandoned, with described packet loss, the purpose customer edge devices to correspondence does not send described message.
Transmitting element 65 is used for when described determining unit 64 is determined described message sent described message being sent to corresponding purpose customer edge devices.
The embodiment of the invention also provides a kind of virtual private net topology control system, and this system comprises: message source end provider edge equipment and message destination provider edge equipment.
Message source end provider edge equipment is used to receive the message that customer edge devices sends, and comprises the source MAC and the target MAC (Media Access Control) address of message in the described message; When the corresponding pseudo-line of the outbound port of described message, determine whether described message is sent according to the source MAC in the described message, target MAC (Media Access Control) address and up Access Control List (ACL); If determine described message is sent, then described message sent to the provider edge equipment of message destination.
Message destination provider edge equipment is used to receive the message that the provider edge equipment of message source end sends, and comprises the source MAC and the target MAC (Media Access Control) address of message in the described message; Determine described message not to be sent to corresponding purpose customer edge devices according to the source MAC in the described message, target MAC (Media Access Control) address and descending Access Control List (ACL), described descending Access Control List (ACL) comprises: message source MAC Address, message target MAC (Media Access Control) address and to the operation of matching message; If determine described message is sent, then described message sent to corresponding purpose customer edge devices.
In the embodiment of the invention, when the message that receives, at first determine other ports of the PE that the corresponding pseudo-line of outbound port of described message still is the message source end according to mac address learning table, when determining pseudo-line of outbound port correspondence of described message, determine whether described message is sent according to the source MAC in the described message, target MAC (Media Access Control) address and up ACL table, if determine described message is sent, then described message sent to the provider edge equipment of message destination.The embodiment of the invention is before sending to destination with message, according to the up ACL table that is provided with described message is mated filtration earlier, when definite described message can send, just described message is sent, avoid unnecessary message to send in the network, saved Internet resources; And owing to described message is being mated in the process of filtration, only the message that can send sends to corresponding port, promptly only sets up virtual link for the message that can send in the transmission course of message, thereby realizes the control to the virtual private net topology.
And, after described message destination provider edge equipment receives message source end provider edge equipment transmission message, according to default descending ACL table the described message that receives is further filtered, when determining the described message that receives to be sent, just described message is sent to corresponding purpose customer edge devices.
Embodiment 3
The embodiment of the invention provides a kind of Virtual Private Network topology control method, this method is the Virtual Private Network topology control method of message source end, be specially PE (the Provider Edge of message source end, provider edge equipment) determines whether Virtual Private Network topology control method that message is sent according to filter table, as shown in Figure 8, this method comprises:
When implementing the embodiment of the invention, at first need to be provided with filter table, after described filter table is set, when the PE of message source end receives CE (Customer Edge, customer edge devices) message of Fa Songing, and the outbound port of judging described message is PW (Pseudo Wire, pseudo-line) time, the PE of described message source end determines whether described message is sent according to the filter table of the message source MAC Address that comprises in the described message and message target MAC (Media Access Control) address and described setting, when determining described message to be sent, the PE of message source end just sends described message.The embodiment of the invention will be in conjunction with the concrete Virtual Private Network topology control method of setting forth described message source end of Fig. 4, and for convenience, the PE of described message source end is set to PE1, and the PE of described message destination is set to PE2.
701, receive the message that PE2 sends, contain in the described message and comprise indication information, be used to indicate the far-end provider edge equipment port attribute of the pseudo-line of purpose, whether comprise the root customer edge devices in the customer edge devices that promptly described message destination provider edge equipment is connected.
Wherein, described port attribute is meant the topological attribute of customer edge devices in Virtual Private Network that port connects, and described topological attribute comprises root attribute and leaf attribute.Described port can be physical port, also can be logic port.
702, after receiving described indication information, according to described indication information with pre-set rule filter table is set.Described filter table comprises the far-end provider edge equipment port attribute (PW far-end attribute) of the pseudo-line (T-PW) of message source port attribute (S-PORT), purpose, the pseudo-line of purpose and to the operation of matching message.
Wherein, the described rule that pre-sets is: attribute is the CE port of leaf (leaf), can only be that the CE port of root (root) is connected with attribute, and attribute is the CE port of root, can be connected with the CE port of any attribute.According to above-mentioned preset rules and in conjunction with Fig. 4, filter table is set, the filter table of setting is specifically as shown in table 3:
| S-PORT | T-PW | PW far-end attribute | Operation |
| any | PW12 | root | send |
| leaf | PW13 | leaf | discard |
| root | PW13 | leaf | send |
Table 3
703, receive the message that customer edge devices sends, comprise the source MAC and the target MAC (Media Access Control) address of message in the described message.
704, judge corresponding port that pseudo-line still is a message source end provider edge equipment of outbound port of described message according to the mac learning table; If when judging the corresponding pseudo-line of the outbound port of described message, execution in step 705; If judge when the outbound port of described message is the port of message source end provider edge equipment execution in step 709.
705, obtain the message source port attribute corresponding according to mac address learning table with described message source MAC Address, and the pseudo-line far-end of the purpose corresponding with described message target MAC (Media Access Control) address provider edge equipment port attribute.
706, the far-end provider edge equipment port attribute with corresponding message source port attribute, purpose puppet line in the far-end provider edge equipment port attribute of the pseudo-line of the described message source port attribute that obtains, purpose and the described filter table mates.
707, the operation in the occurrence that is complementary according to far-end provider edge equipment port attribute to matching message with the pseudo-line of the described message source port attribute that obtains, purpose, determine whether described message is sent, described operation to matching message comprises transmission or abandons.If determine described message is sent, then execution in step 708; Otherwise with described packet loss.
Wherein, operation in the occurrence that the far-end provider edge equipment port attribute of described basis and the described message source port attribute that obtains, the pseudo-line of purpose is complementary to matching message, determine whether described message sent specifically and comprise: if described to matching message be operating as send (transmission) time, described message is sent to the provider edge equipment of described message destination, if it is described when being operating as of matching message abandoned, with described packet loss, the provider edge equipment to described message destination does not send described message.
708, described message is sent to the provider edge equipment of message destination, comprise indication information in the described message information, be used to indicate the attribute of described message source port, process finishes.
Wherein, in the step 701, when PE2 sends to PE1, the information that contains in the message has two kinds of situations, if one PW only is a VSI (VPLS Service Instance, centrex service example) service, then specifically the information of carrying comprises PW sign and above-mentioned indication information; If one PW is a plurality of VSI services, then the information of carrying comprises the PW sign, VSI sign and above-mentioned indication information.If sending message transmits by PW, and the unique corresponding VSI of this PW, then which VSI can judge by informed source PW pipeline be to receiving terminal, then only need carry above indication information gets final product, the embodiment of the invention does not limit this, determines as the case may be in the specific implementation to use which kind of mode to transmit.
Wherein, described message can adopt the expansion of LDP (tag distribution protocol), the embodiment of the invention does not limit this, and the expansion of described employing LDP can be carried described indication information for expansion LDP notify message or hello message in PW status TLV.The definition of message format is not an emphasis of the present invention, and those skilled in the art does not need creative work to define.
709, according to the attribute of the inbound port of described message and the attribute of described outbound port, the port of determining described message is transmitted to corresponding message source end provider edge equipment is still with described packet loss, and carries out corresponding operation, terminal procedure.
Wherein, according to the attribute of the inbound port of described message and the attribute of described outbound port, determine that the port that described message is transmitted to corresponding message source end provider edge equipment still is specially described packet loss: the attribute that obtains the message source CE port corresponding with described message source MAC Address according to mac address learning table, and the attribute of the message purpose CE port of described message target MAC (Media Access Control) address correspondence, according to the attribute of described message source CE port and the attribute of described message purpose CE port, and the Virtual Private Network transmission rule is determined described message is sent to corresponding C E port still with described packet loss.
In the embodiment of the invention when adopting said method to the message that sends PE place at the message source end, after the filtration by described filter table, when determining described message to be sent to the PE of described message destination, can adopt existing L bit scheme, promptly when the PE to the message destination sends message, carry indication information in described message, be used to indicate the attribute of described message source end CE port, promptly described CE port still is the root port for the leaf port; After the PE of described message destination receives described message, PE port attribute according to described indication information and message destination, determine whether described message is sent, and when determining described message sent, determine the purpose CE that described message will be sent to according to mac address learning table, and carry out corresponding operation, and the embodiment of the invention is not given unnecessary details at this, and specific implementation can adopt existing program of the prior art.
At said method embodiment, the embodiment of the invention also provides a kind of message source end provider edge equipment, as shown in Figure 9, this message source end provider edge equipment comprises: message receiving element 201, first determining unit 202, transmitting element 203, the second message sink unit 208, second are provided with unit 209, judging unit 206 and second determining unit 207.
The second message sink unit 208, be used to receive the message that described message destination provider edge equipment sends, comprise indication information in the described message, be used to indicate the far-end provider edge equipment port attribute of the pseudo-line of purpose, whether comprise the root customer edge devices in the customer edge devices that promptly described message destination provider edge equipment is connected; After receiving described indication information, second is provided with unit 209, is used for according to described indication information and pre-sets rule described filter table is set.Described filter table comprises the far-end provider edge equipment port attribute of the pseudo-line of message source port attribute, purpose, the pseudo-line of purpose and to the operation of matching message.Wherein, described port attribute is meant the topological attribute of customer edge devices in Virtual Private Network that port connects, and described topological attribute comprises root attribute and leaf attribute.Described port can be physical port, also can be logic port.
Wherein, the described rule that pre-sets is: attribute is the CE port of leaf (leaf), can only be that the CE port of root (root) is connected with attribute, and attribute is the CE port of root, can be connected with the CE port of any attribute.
As CE (Customer Edge, customer edge devices) when the PE of message source end sends message, message receiving element 201, be used to receive the message that CE sends, the source MAC and the target MAC (Media Access Control) address that comprise message in the described message, after receiving described message, judging unit 206 is used for judging according to the mac learning table corresponding port that pseudo-line still is a message source end provider edge equipment of outbound port of described message; When described judging unit 206 is judged pseudo-line of outbound port correspondence of described message, described first determining unit 202, the source MAC, target MAC (Media Access Control) address and the described filter table that are used for according to described message determine whether described message is sent; When described first determining unit 202 was determined described message sent, transmitting element 203 was used for described message is sent to the PE of message destination.
When described judging unit 206 judges that the outbound port of described message is the port of message source end provider edge equipment, second determining unit 207, be used for according to the attribute of the inbound port of described message and the attribute of described outbound port, determine described message is transmitted to the port of corresponding message source end provider edge equipment, still with described packet loss; Wherein, according to the attribute of the inbound port of described message and the attribute of described outbound port, determine described message is transmitted to the port of corresponding message source end provider edge equipment, still described packet loss is specially: the attribute that obtains the message source CE port corresponding according to mac address learning table with described message source MAC Address, and the attribute of the message purpose CE port of described message target MAC (Media Access Control) address correspondence, according to the attribute of described message source CE port and the attribute of described message purpose CE port, and the Virtual Private Network transmission rule is determined described message is sent to corresponding C E port still with described packet loss.
Wherein, described first determining unit 202 comprises: acquisition module 2023, second matching module 2024 and second determination module 2025.
Acquisition module 2023 is used for obtaining the message source port attribute corresponding with described message source MAC Address according to mac address learning table, and the pseudo-line far-end of the purpose corresponding with described message target MAC (Media Access Control) address provider edge equipment port attribute; Second matching module 2024, the far-end provider edge equipment port attribute of the message source port attribute that is used for described acquisition module 2023 is obtained, the pseudo-line of purpose mates with the far-end provider edge equipment port attribute of the corresponding message source port attribute of described filter table, purpose puppet line; When described second matching module 2024 obtains occurrence that the far-end provider edge equipment port attribute with the pseudo-line of the described message source port attribute that obtains, purpose is complementary, second determination module 2025, be used for determining whether described message is sent according to the operation to matching message of described occurrence, described operation to matching message comprises transmission or abandons.Wherein, the operation to matching message in the occurrence that described basis and described message source MAC Address and target MAC (Media Access Control) address are complementary determines whether described message sent specifically and comprises: if described when being operating as of matching message sent, described message is sent to the PE of described message destination, if it is described when being operating as of matching message abandoned, with described packet loss, do not send described message to the PE of described message destination.
At the foregoing description, the embodiment of the invention provides a kind of virtual private net topology control system, and this system comprises: message source end provider edge equipment and message destination provider edge equipment.
Message source end provider edge equipment is used to receive the message that customer edge devices sends, and comprises the source MAC and the target MAC (Media Access Control) address of message in the described message; When the corresponding pseudo-line of the outbound port of described message, determine whether described message is sent according to the source MAC in the described message, target MAC (Media Access Control) address and filter table; If determine described message is sent, then described message is sent to the provider edge equipment of message destination, carry indication information in the described message, be used to indicate described message source port attribute.Wherein, described port attribute is meant the topological attribute of customer edge devices in Virtual Private Network that port connects, and described topological attribute comprises root attribute and leaf attribute.Described port can be physical port, also can be logic port.
Message destination provider edge equipment is used to receive the message that the provider edge equipment of message source end sends, and carries indication information in the described message, is used to indicate described message source port attribute; Determine whether described message is sent according to described indication information and message destination provider edge equipment port attribute; If determine described message is sent, then described message sent to corresponding purpose customer edge devices.
In the embodiment of the invention, when the message that receives, at first determine other ports of the PE that the corresponding pseudo-line of outbound port of described message still is the message source end according to mac address learning table, when determining pseudo-line of outbound port correspondence of described message, filter table according to the source MAC in the described message, target MAC (Media Access Control) address and setting determines whether described message is sent, if determine described message is sent, then described message sent to the provider edge equipment of message destination.The embodiment of the invention is before sending to destination with message, according to the filter table that is provided with described message is mated filtration earlier, when definite described message can send, just described message is sent, avoid unnecessary message to send in the network, saved Internet resources; And owing to described message is being mated in the process of filtration, only the message that can send sends to corresponding port, promptly only sets up virtual link for the message that can send in the transmission course of message, thereby realizes the control to the virtual private net topology.
Through the above description of the embodiments, the those skilled in the art can be well understood to the present invention and can realize by the mode that software adds essential common hardware, can certainly pass through hardware, but the former is better execution mode under a lot of situation.Based on such understanding, the part that technical scheme of the present invention contributes to prior art in essence in other words can embody with the form of software product, this computer software product is stored in the storage medium that can read, floppy disk as computer, hard disk or CD etc., comprise some instructions with so that computer equipment (can be personal computer, server, the perhaps network equipment etc.) carry out the described method of each embodiment of the present invention.
The above; only be the specific embodiment of the present invention, but protection scope of the present invention is not limited thereto, anyly is familiar with those skilled in the art in the technical scope that the present invention discloses; can expect easily changing or replacing, all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of described claim.
Claims (23)
1. a Virtual Private Network topology control method is characterized in that, comprising:
Receive the message that customer edge devices sends, comprise the source MAC and the target MAC (Media Access Control) address of message in the described message;
When the corresponding pseudo-line of the outbound port of described message, determine whether described message is sent according to the source MAC in the described message, target MAC (Media Access Control) address and to the operation matching list of message;
If determine described message is sent, then described message sent to the provider edge equipment of message destination.
2. method according to claim 1 is characterized in that, described operation matching list to message comprises:
Up Access Control List (ACL), described up Access Control List (ACL) comprise the pseudo-line of message source MAC Address, purpose, message target MAC (Media Access Control) address and to the operation of matching message; Perhaps
Filter table, described filter table comprise the far-end provider edge equipment port attribute of the pseudo-line of message source port attribute, purpose, the pseudo-line of purpose and to the operation of matching message.
3. method according to claim 2, it is characterized in that, when described operation matching list to message is up Access Control List (ACL), described determine whether described message sent according to the source MAC in the described message, target MAC (Media Access Control) address and to the operation matching list of message comprise:
Corresponding message source MAC Address and target MAC (Media Access Control) address in described message source MAC Address, target MAC (Media Access Control) address and the described up Access Control List (ACL) are mated;
Determine whether described message is sent according to the operation to matching message in the occurrence that is complementary with described message source MAC Address and target MAC (Media Access Control) address, described operation to matching message comprises and sends or abandon.
4. method according to claim 3 is characterized in that, before message source MAC Address and target MAC (Media Access Control) address mated in described message source MAC Address, target MAC (Media Access Control) address and described up Access Control List (ACL), this method also comprised:
Receive the message that described message destination provider edge equipment sends, comprise the MAC Address of the root customer edge devices in the customer edge devices that message destination provider edge equipment connected in the described message;
According to the MAC Address of described customer edge devices with pre-set rule described up Access Control List (ACL) is set.
5. method according to claim 2, it is characterized in that, when described operation matching list to message is filter table, described determine whether described message sent according to the source MAC in the described message, target MAC (Media Access Control) address and to the operation matching list of message comprise:
Obtain the message source port attribute corresponding according to mac address learning table with described message source MAC Address, and the pseudo-line far-end of the purpose corresponding with described message target MAC (Media Access Control) address provider edge equipment port attribute;
The far-end provider edge equipment port attribute of corresponding message source port attribute, purpose puppet line in the far-end provider edge equipment port attribute of the pseudo-line of the described message source port attribute that obtains, purpose and the described filter table is mated;
If obtain the occurrence that the far-end provider edge equipment port attribute with the pseudo-line of the described message source port attribute that obtains, purpose is complementary, then determine whether described message is sent according to the operation to matching message in the described occurrence, described operation to matching message comprises transmission or abandons.
6. method according to claim 5, it is characterized in that, before the far-end provider edge equipment port attribute with corresponding message source port attribute, purpose puppet line in the far-end provider edge equipment port attribute of the pseudo-line of the described message source port attribute that obtains, purpose and the described filter table mated, this method also comprised:
Receive the message that described message destination provider edge equipment sends, comprise indication information in the described message, be used to indicate the far-end provider edge equipment port attribute of the pseudo-line of purpose, whether comprise the root customer edge devices in the customer edge devices that promptly described message destination provider edge equipment is connected;
According to described indication information with pre-set rule described filter table is set.
7. method according to claim 1 is characterized in that, behind the message that receives the customer edge devices transmission, this method also comprises:
Judge corresponding port that pseudo-line still is a message source end provider edge equipment of outbound port of described message according to the mac learning table;
When the corresponding pseudo-line of the outbound port of judging described message, carry out describedly determining whether described message is sent according to the source MAC in the described message, target MAC (Media Access Control) address and to the operation matching list of message;
When the outbound port of judging described message is the port of message source end provider edge equipment, then, determine described message is transmitted to the port of corresponding message source end provider edge equipment still with described packet loss according to the attribute of the inbound port of described message and the attribute of described outbound port.
8. according to each described method in claim 2 or 5 to 7, it is characterized in that described port attribute is meant the topological attribute of customer edge devices in Virtual Private Network that port connects, described topological attribute comprises root attribute and leaf attribute.
9. a Virtual Private Network topology control method is characterized in that, comprising:
Receive the message of the provider edge equipment transmission of message source end, comprise the source MAC and the target MAC (Media Access Control) address of message in the described message;
Determine described message not to be sent to corresponding purpose customer edge devices according to the source MAC in the described message, target MAC (Media Access Control) address and descending Access Control List (ACL), described descending Access Control List (ACL) comprises: message source MAC Address, message target MAC (Media Access Control) address and to the operation of matching message;
If determine described message is sent, then described message sent to the corresponding client edge device.
10. method according to claim 9 is characterized in that, describedly determines that according to the source MAC in the described message, target MAC (Media Access Control) address and descending Access Control List (ACL) described message not being sent to corresponding purpose customer edge devices comprises:
Message source MAC Address and target MAC (Media Access Control) address in described message source MAC Address, target MAC (Media Access Control) address and the described descending Access Control List (ACL) are mated;
Occurrence as if obtaining being complementary with described message source MAC Address and target MAC (Media Access Control) address then determines whether described message is sent according to the operation to matching message in the described occurrence, and described operation to matching message comprises transmission or abandons.
11. method according to claim 9, it is characterized in that, determine described message not to be sent to corresponding purpose customer edge devices according to the source MAC in the described message, target MAC (Media Access Control) address and descending Access Control List (ACL) before, this method also comprises:
Receive the message that described message source end provider edge equipment sends, comprise the MAC Address of the root customer edge devices in the customer edge devices that message source end provider edge equipment connected in the described message;
According to the MAC Address of described customer edge devices with pre-set rule described descending Access Control List (ACL) is set.
12. a message source end provider edge equipment is characterized in that, comprising:
The message receiving element is used to receive the message that customer edge devices sends, and comprises the source MAC and the target MAC (Media Access Control) address of message in the described message;
First determining unit is used for when the corresponding pseudo-line of the outbound port of described message, determines whether described message is sent according to the source MAC in the described message, target MAC (Media Access Control) address and to the operation matching list of message;
Transmitting element is used for described message being sent to the provider edge equipment of message destination when described determining unit is determined described message sent.
13. message source end provider edge equipment according to claim 12 is characterized in that, described operation matching list to message comprises:
Up Access Control List (ACL), described up Access Control List (ACL) comprise the pseudo-line of message source MAC Address, purpose, message target MAC (Media Access Control) address and to the operation of matching message; Perhaps
Filter table, described filter table comprise the far-end provider edge equipment port attribute of the pseudo-line of message source port attribute, purpose, the pseudo-line of purpose and to the operation of matching message.
14. message source end provider edge equipment according to claim 12 is characterized in that, described first determining unit comprises:
First matching module, be used for when described operation matching list to message is up Access Control List (ACL), corresponding message source MAC Address and target MAC (Media Access Control) address in described message source MAC Address, target MAC (Media Access Control) address and the described up Access Control List (ACL) are mated;
First determination module, be used for when the occurrence that described first matching module obtains being complementary with described message source MAC Address and target MAC (Media Access Control) address, determine whether described message is sent according to the operation to matching message in the described occurrence, described operation to matching message comprises transmission or abandons.
15. message source end provider edge equipment according to claim 12 is characterized in that, described first determining unit comprises:
Acquisition module, be used for when described operation matching list to message is filter table, obtain the message source port attribute corresponding according to mac address learning table with described message source MAC Address, and the pseudo-line far-end of the purpose corresponding with described message target MAC (Media Access Control) address provider edge equipment port attribute;
Second matching module, the far-end provider edge equipment port attribute of the message source port attribute that is used for described acquisition module is obtained, the pseudo-line of purpose mates with the far-end provider edge equipment port attribute of the corresponding message source port attribute of described filter table, purpose puppet line;
Second determination module, be used for when described second matching module obtains occurrence that the far-end provider edge equipment port attribute with the pseudo-line of the described message source port attribute that obtains, purpose is complementary, determine whether described message is sent according to the operation to matching message in the described occurrence, described operation to matching message comprises transmission or abandons.
16. message source end provider edge equipment according to claim 12 is characterized in that this equipment also comprises:
The first message sink unit, be used for before described message source MAC Address, target MAC (Media Access Control) address are mated with described up Access Control List (ACL) message source MAC Address and target MAC (Media Access Control) address, receive the message that described message destination provider edge equipment sends, comprise the MAC Address of the root customer edge devices in the customer edge devices that message destination provider edge equipment connected in the described message;
First is provided with the unit, is used for according to the MAC Address of described customer edge devices and pre-sets rule described up Access Control List (ACL) is set.
17. message source end provider edge equipment according to claim 12 is characterized in that this equipment also comprises:
The second message sink unit, be used at attribute the described message source port that obtains, the attribute of corresponding message source end customer edge devices in the far-end provider edge equipment port attribute of the pseudo-line of purpose and the described filter table, before the far-end provider edge equipment port attribute of the pseudo-line of purpose mates, receive the message that described message destination provider edge equipment sends, comprise indication information in the described message, be used for indicating remote provider edge equipment port attribute, whether comprise the root customer edge devices in the customer edge devices that promptly described far-end provider edge equipment is connected;
Second is provided with the unit, is used for according to described indication information and pre-sets rule described filter table is set.
18. message source end provider edge equipment according to claim 12 is characterized in that this equipment also comprises:
Judging unit is used for after described message receiving element receives the message of customer edge devices transmission, judges corresponding port that pseudo-line still is a message source end provider edge equipment of outbound port of described message according to the mac learning table;
Described first determining unit is used for, when described judging unit is judged the corresponding pseudo-line of the outbound port of described message, carry out describedly determining whether described message is sent according to the source MAC in the described message, target MAC (Media Access Control) address and to the operation matching list of message;
Second determining unit, be used for when described judging unit judges that the outbound port of described message is the port of message source end provider edge equipment, according to the attribute of the inbound port of described message and the attribute of described outbound port, determine described message is transmitted to the port of corresponding message source end provider edge equipment still with described packet loss.
19. according to claim 13 or 15 or 17 or 18 described message source end provider edge equipments, it is characterized in that, described port attribute is meant the topological attribute of customer edge devices in Virtual Private Network that port connects, and described topological attribute comprises root attribute and leaf attribute.
20. a message destination provider edge equipment is characterized in that, comprising:
The message receiving element is used to receive the message that the provider edge equipment of message source end sends, and comprises the source MAC and the target MAC (Media Access Control) address of message in the described message;
Determining unit, the source MAC, target MAC (Media Access Control) address and the descending Access Control List (ACL) that are used for according to described message determine described message not to be sent to corresponding purpose customer edge devices, and described descending Access Control List (ACL) comprises: message source MAC Address, message target MAC (Media Access Control) address and to the operation of matching message;
Transmitting element is used for when described determining unit is determined described message sent described message being sent to corresponding purpose customer edge devices.
21. message destination provider edge equipment according to claim 20 is characterized in that this equipment also comprises:
The message sink unit, be used for before described determining unit is determined described message not to be sent to corresponding purpose customer edge devices according to source MAC, target MAC (Media Access Control) address and the descending Access Control List (ACL) of described message, receive the message that described message source end provider edge equipment sends, comprise the MAC Address of the root customer edge devices in the customer edge devices that message source end provider edge equipment connected in the described message;
The unit is set, is used for according to the MAC Address of described customer edge devices and pre-sets rule described descending Access Control List (ACL) is set.
22. a virtual private net topology control system is characterized in that, comprising:
Message source end provider edge equipment is used to receive the message that customer edge devices sends, and comprises the source MAC and the target MAC (Media Access Control) address of message in the described message; When the corresponding pseudo-line of the outbound port of described message, determine whether described message is sent according to the source MAC in the described message, target MAC (Media Access Control) address and up Access Control List (ACL); If determine described message is sent, then described message sent to the provider edge equipment of message destination;
Message destination provider edge equipment is used to receive the message that the provider edge equipment of message source end sends, and comprises the source MAC and the target MAC (Media Access Control) address of message in the described message; Determine described message not to be sent to corresponding purpose customer edge devices according to the source MAC in the described message, target MAC (Media Access Control) address and descending Access Control List (ACL), described descending Access Control List (ACL) comprises: message source MAC Address, message target MAC (Media Access Control) address and to the operation of matching message; If determine described message is sent, then described message sent to corresponding purpose customer edge devices.
23. a virtual private net topology control system is characterized in that, comprising:
Message source end provider edge equipment is used to receive the message that customer edge devices sends, and comprises the source MAC and the target MAC (Media Access Control) address of message in the described message; When the corresponding pseudo-line of the outbound port of described message, determine whether described message is sent according to the source MAC in the described message, target MAC (Media Access Control) address and filter table; If determine described message is sent, then described message is sent to the provider edge equipment of message destination, carry indication information in the described message, be used to indicate the attribute of described message source end customer edge devices;
Message destination provider edge equipment is used to receive the message that the provider edge equipment of message source end sends, and carries indication information in the described message, is used to indicate the attribute of described message source end customer edge devices; Determine whether described message is sent according to described indication information and message destination provider edge equipment port attribute; If determine described message is sent, then described message sent to corresponding purpose customer edge devices.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200910254342 CN102098202B (en) | 2009-12-11 | 2009-12-11 | Virtual private topology control method, device and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200910254342 CN102098202B (en) | 2009-12-11 | 2009-12-11 | Virtual private topology control method, device and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102098202A true CN102098202A (en) | 2011-06-15 |
| CN102098202B CN102098202B (en) | 2013-08-07 |
Family
ID=44131076
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200910254342 Active CN102098202B (en) | 2009-12-11 | 2009-12-11 | Virtual private topology control method, device and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102098202B (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102594791A (en) * | 2011-12-15 | 2012-07-18 | 江苏亿通高科技股份有限公司 | Implementation method of multimedia over Coax Alliance (MoCA) system frame filtering |
| CN102946353A (en) * | 2012-11-08 | 2013-02-27 | 中兴通讯股份有限公司 | Virtual private local area network service network message forwarding method and edge device |
| CN103441951A (en) * | 2013-08-19 | 2013-12-11 | 南京邮电大学 | Data package processing optimization method based on network card drive |
| CN103621024A (en) * | 2011-06-29 | 2014-03-05 | 瑞典爱立信有限公司 | E-tree using two pseudowires between edge routers with enhanced forwarding methods and systems |
| CN103685007A (en) * | 2012-08-31 | 2014-03-26 | 杭州华三通信技术有限公司 | Method for MAC address learning during packet forwarding of edge devices and edge device |
| CN104869055A (en) * | 2014-02-20 | 2015-08-26 | 中兴通讯股份有限公司 | Data forwarding method and data forwarding device |
| CN105847300A (en) * | 2016-05-30 | 2016-08-10 | 北京琵琶行科技有限公司 | Method and device for visualizing topological structure of enterprise network boundary equipment |
| CN102201999B (en) * | 2011-06-13 | 2017-09-22 | 中兴通讯股份有限公司 | A kind of method and system for realizing multicast service load sharing |
| CN111614560A (en) * | 2020-05-25 | 2020-09-01 | 山东汇贸电子口岸有限公司 | Distributed dynamic routing method |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101197760B (en) * | 2006-12-05 | 2010-09-29 | 中兴通讯股份有限公司 | User grouping intercommunication/isolation device in virtual special network service |
| CN101378354B (en) * | 2007-08-28 | 2010-12-08 | 华为技术有限公司 | Method and device for forwarding multicast message |
-
2009
- 2009-12-11 CN CN 200910254342 patent/CN102098202B/en active Active
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102201999B (en) * | 2011-06-13 | 2017-09-22 | 中兴通讯股份有限公司 | A kind of method and system for realizing multicast service load sharing |
| CN103621024B (en) * | 2011-06-29 | 2016-10-19 | 瑞典爱立信有限公司 | There is the Ethernet tree using two kinds of pseudo-wires between edge router strengthening retransmission method and system |
| CN103621024A (en) * | 2011-06-29 | 2014-03-05 | 瑞典爱立信有限公司 | E-tree using two pseudowires between edge routers with enhanced forwarding methods and systems |
| CN103621025A (en) * | 2011-06-29 | 2014-03-05 | 瑞典爱立信有限公司 | E-tree using two pseudowires between edge routers with enhanced learning methods and systems |
| CN103621025B (en) * | 2011-06-29 | 2016-08-17 | 瑞典爱立信有限公司 | There is the Ethernet tree using two kinds of pseudo-wires between edge router strengthening learning method and system |
| CN102594791A (en) * | 2011-12-15 | 2012-07-18 | 江苏亿通高科技股份有限公司 | Implementation method of multimedia over Coax Alliance (MoCA) system frame filtering |
| CN103685007A (en) * | 2012-08-31 | 2014-03-26 | 杭州华三通信技术有限公司 | Method for MAC address learning during packet forwarding of edge devices and edge device |
| CN103685007B (en) * | 2012-08-31 | 2016-11-16 | 杭州华三通信技术有限公司 | A kind of mac learning method when edge device message forwards and edge device |
| CN102946353A (en) * | 2012-11-08 | 2013-02-27 | 中兴通讯股份有限公司 | Virtual private local area network service network message forwarding method and edge device |
| CN103441951A (en) * | 2013-08-19 | 2013-12-11 | 南京邮电大学 | Data package processing optimization method based on network card drive |
| CN104869055A (en) * | 2014-02-20 | 2015-08-26 | 中兴通讯股份有限公司 | Data forwarding method and data forwarding device |
| CN104869055B (en) * | 2014-02-20 | 2019-11-05 | 南京中兴软件有限责任公司 | A kind of data forwarding method and device |
| CN105847300A (en) * | 2016-05-30 | 2016-08-10 | 北京琵琶行科技有限公司 | Method and device for visualizing topological structure of enterprise network boundary equipment |
| CN111614560A (en) * | 2020-05-25 | 2020-09-01 | 山东汇贸电子口岸有限公司 | Distributed dynamic routing method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102098202B (en) | 2013-08-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102098202B (en) | Virtual private topology control method, device and system | |
| CN108696440B (en) | Method for multicast load balancing in multi-homing EVPN network and provider edge router | |
| CN102035729B (en) | Multicast data forwarding method | |
| CN101047636B (en) | Method and system for end-to-end pseudo-line simulation virtual leased line access virtual special network | |
| US20150146727A1 (en) | Forwarding Packets and PE Devices in VPLS | |
| JP2021530912A (en) | Network slice control method and device, computer readable storage medium | |
| CN100531138C (en) | Operator's boundary notes, virtual special LAN service communication method and system | |
| EP2991284B1 (en) | Method and device used in ethernet virtual private network | |
| CN103326940A (en) | Method for forwarding message in network and edge device of operator | |
| CN110050445A (en) | Send and receive the method, apparatus and system of message | |
| CN102932499A (en) | Method and device for learning media access control (MAC) addresses in virtual private lan service (VPLS) networks | |
| CN103795630B (en) | The message transmitting method and device of a kind of label exchange network | |
| CN102238057B (en) | Ethernet-tree realization method, system, device and network equipment | |
| US8675658B2 (en) | Using multiple IGMP queriers in a layer 2 network | |
| CN102055647A (en) | Three-layer virtual private network (VPN) access method and system | |
| CN101719834B (en) | Method and system for realizing virtual private multicast service protection | |
| CN103326915A (en) | Method, device and system for achieving three-layer VPN | |
| EP3396897B1 (en) | Multicast load balancing in multihoming evpn networks | |
| WO2021093463A1 (en) | Packet forwarding method, first network device, and first device group | |
| CN103209125B (en) | A kind of transmission method of label information and equipment | |
| CN102724126A (en) | Method, device and equipment for forwarding Ethernet tree (E-tree) service message | |
| US20110222541A1 (en) | Network System, Edge Node, and Relay Node | |
| CN102238040B (en) | Method for monitoring CE (Customer Edge router) and routing device | |
| CN104753754A (en) | Method and apparatus for transmitting messages | |
| CN101719857A (en) | Asymmetric PW-based VPLS network access method and asymmetric PW-based VPLS network access system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20170719 Address after: 510640 Guangdong City, Tianhe District Province, No. five, road, public education building, unit 371-1, unit 2401 Patentee after: GUANGDONG GAOHANG INTELLECTUAL PROPERTY OPERATION Co.,Ltd. Address before: 518129 headquarters building of Bantian HUAWEI base, Longgang District, Guangdong, Shenzhen Patentee before: HUAWEI TECHNOLOGIES Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20171226 Address after: 200082 Shanghai city Yangpu District Yixian Road No. 25 room 307K Patentee after: Shanghai source Hui Information Polytron Technologies Inc. Address before: 510640 Guangdong City, Tianhe District Province, No. five, road, public education building, unit 371-1, unit 2401 Patentee before: GUANGDONG GAOHANG INTELLECTUAL PROPERTY OPERATION Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: Virtual Private Network Topology Control Methods, Devices, and Systems Granted publication date: 20130807 Pledgee: Huangpu Sub branch of Bank of Shanghai Co.,Ltd. Pledgor: Shanghai source Hui Information Polytron Technologies Inc. Registration number: Y2024310000052 |
|
| PE01 | Entry into force of the registration of the contract for pledge of patent right |