CN103326915A - Method, device and system for achieving three-layer VPN - Google Patents

Method, device and system for achieving three-layer VPN Download PDF

Info

Publication number
CN103326915A
CN103326915A CN201210081768.7A CN201210081768A CN103326915A CN 103326915 A CN103326915 A CN 103326915A CN 201210081768 A CN201210081768 A CN 201210081768A CN 103326915 A CN103326915 A CN 103326915A
Authority
CN
China
Prior art keywords
vpn
equipment
address
multicast
routing protocol
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201210081768.7A
Other languages
Chinese (zh)
Inventor
徐小虎
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN201210081768.7A priority Critical patent/CN103326915A/en
Priority to PCT/CN2013/072915 priority patent/WO2013139270A1/en
Publication of CN103326915A publication Critical patent/CN103326915A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a method, device and system for achieving a three-layer VPN, and relates to the communication technical field. The method, device and system for achieving the three-layer VPN can improve automatic configuration and automatic operation capability of the VPN. The method includes the steps that a first PE device receives a VPN neighbor discovery message sent by a second PE device, the VPN neighbor discovery message is an expanded TLV message with the corresponding IP address, the VPN ID, and the VPN label of the second PE device, according to the corresponding VPN ID of the first PE device and the corresponding VPN ID of the second PE device, whether the second PE device and the first PE device are connected to a same VPN is determined, and when the second PE device and the first PE device are connected to the same VPN, the first PE device and the second PE device conduct routing protocol message interaction in the same VPN. The method, device and system for achieving the three-layer VPN is mainly used in the process of achieving the L3VPN.

Description

Realize method, the equipment and system of three-layer virtual special network
Technical field
The present invention relates to communication technical field, relate in particular to a kind of method, equipment and system of realizing three-layer virtual special network (VPN).
Background technology
VPN (virtual private network) (Virtual Private Network, VPN) is the virtual proprietary network that operator provides to the user by its public network.Geographically VPN member node separated from one another is connected to corresponding operator edge device by client device, forms client's VPN network by the public network of operator.The route that whether participates in the client according to operator edge device is calculated and is transmitted, the implementation of VPN is divided into following two kinds: need operator edge device to participate in the calculating of client's route and three-layer virtual special network (the Layer3 Virtual Private Network of transmission, L3VPN), do not need operator edge device to participate in the calculating of client's route and the two-layer virtual private network (Layer2 Virtual Private Network, L2VPN) of transmission.
In the L3VPN technology, belong between Provider Edge (Provider Edge, the PE) equipment of same VPN by Border Gateway Protocol (Border Gateway Protocol, BGP) message interaction VPN routing iinformation.An Internet protocol (Internet Protocol, IP) address of the VPN ID that on each PE, carries in the human configuration bgp protocol message, VPN label, neighbours' parameter, router etc.Wherein, each VPN is to there being the VPN ID of an overall situation.Each PE equipment distributes the VPN label an of this locality for this VPN in a VPN, is used for data retransmission.PE is mutual between PE by the bgp protocol message that carries above-mentioned VPN parameter information, finishes the deployment of VPN.And the quantity of PE is generally a lot, and the configuration effort of bgp protocol message is corresponding very complicated very also.
Since require to do at each PE node the parameter configuration of large amount of complex in the existing L3VPN plan implementation process, such as the configuration of VPN relevant parameter, and the bgp neighbor parameter configuration etc., cause automation configuration degree lower.
Summary of the invention
Embodiments of the invention provide a kind of method, equipment and system of realizing three-layer virtual special network, can improve automation configuration and the automation operation ability of VPN.
For achieving the above object, embodiments of the invention adopt following technical scheme:
A kind of method that realizes three-layer virtual special network comprises:
The VPN (virtual private network) VPN neighbours that the first Provider Edge PE equipment receives the transmission of the 2nd PE equipment find message, wherein, described VPN neighbours find that message is the type length numerical value TLV message after the expansion, carries described the 2nd PE equipment corresponding IP address, VPN ID and VPN label;
VPN ID and VPN ID corresponding to described two PE equipment corresponding according to a described PE equipment determine whether described the 2nd PE equipment arrives same VPN with a described PE equipment connection;
When described the 2nd PE equipment and a described PE equipment connection during to same VPN, mutual with the routing protocol packet that described the 2nd PE equipment carries out in the described same VPN, generate VPN route forwarding table corresponding to described same VPN, described VPN route forwarding table comprises that the IP address of the VPN ID of described same VPN, described the 2nd PE equipment and described the 2nd PE equipment are the VPN label that described same VPN distributes.
A kind of the first Provider Edge PE equipment comprises:
Neighbours' receiving element, the VPN (virtual private network) VPN neighbours that are used for the transmission of reception the 2nd PE equipment find message; Wherein, described VPN neighbours find that message is the type length numerical value TLV message after the expansion, carries described the 2nd PE equipment corresponding IP address, VPN ID and VPN label;
The network determining unit is used for VPN ID and VPN ID corresponding to described two PE equipment corresponding according to a described PE equipment, determines whether described the 2nd PE equipment arrives same VPN with a described PE equipment connection;
The route interactive unit, be used for when described the 2nd PE equipment arrives same VPN with a described PE equipment connection, mutual with the routing protocol packet that described the 2nd PE equipment carries out in the described same VPN, generate VPN route forwarding table corresponding to described same VPN, wherein said VPN route forwarding table comprises that the IP address of the VPN ID of described same VPN, described the 2nd PE equipment and described the 2nd PE equipment are the VPN label that described same VPN distributes.
A kind of system that realizes three-layer virtual special network comprises: a PE equipment and the 2nd PE equipment;
A described PE equipment, the VPN (virtual private network) VPN neighbours that are used for the transmission of reception the 2nd PE equipment find message, wherein, described VPN neighbours find that message is the type length numerical value TLV message after the expansion, carries described the 2nd PE equipment corresponding IP address, VPN ID and VPN label; VPN ID and VPN ID corresponding to described two PE equipment corresponding according to a described PE equipment determine whether described the 2nd PE equipment arrives same VPN with a described PE equipment connection; When described the 2nd PE equipment and a described PE equipment connection during to same VPN, mutual with the routing protocol packet that described the 2nd PE equipment carries out in the described same VPN, generate VPN route forwarding table corresponding to described same VPN, described VPN route forwarding table comprises that the IP address of the VPN ID of described same VPN, described the 2nd PE equipment and described the 2nd PE equipment are the VPN label that described same VPN distributes.
The method of the realization three-layer virtual special network that the embodiment of the invention provides, equipment and system, increase VPN neighbours by expansion TLV message and found message, VPN ID and VPN label are carried at VPN neighbours to be found in the message, thereby can find that VPN ID in the message determines to belong to a PE equipment PE equipment of same VPN by identification VPN neighbours, and with same VPN in PE equipment to finish routing protocol packet mutual, compared with prior art, can find that automatic discovery of message belongs to the PE equipment of same VPN and finish routing protocol packet mutual by neighbours, remove a large amount of human configuration work from, improved automation configuration and the automation operation ability of VPN.
Description of drawings
In order to be illustrated more clearly in the embodiment of the invention or technical scheme of the prior art, the below will do to introduce simply to the accompanying drawing of required use in embodiment or the description of the Prior Art, apparently, accompanying drawing in the following describes only is some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain according to these accompanying drawings other accompanying drawing.
Fig. 1 is a kind of method flow diagram of realizing three-layer virtual special network in the embodiment of the invention 1;
Fig. 2 is a kind of method flow diagram of realizing three-layer virtual special network in the embodiment of the invention 2;
Fig. 3 is the method flow diagram that the another kind in the embodiment of the invention 2 is realized three-layer virtual special network;
Fig. 4 is the method flow diagram that the another kind in the embodiment of the invention 2 is realized three-layer virtual special network;
Fig. 5 is that a kind of VPN connection of the embodiment of the invention is given an example;
Fig. 6 is that a kind of PE equipment in the embodiment of the invention 3 forms schematic diagram;
Fig. 7 is that another kind the one PE equipment in the embodiment of the invention 3 forms schematic diagram;
Fig. 8 is that another kind the one PE equipment in the embodiment of the invention 3 forms schematic diagram;
Fig. 9 is that another kind the one PE equipment in the embodiment of the invention 3 forms schematic diagram;
Figure 10 is that a kind of system of three-layer virtual special network that realizes in the embodiment of the invention 3 forms schematic diagram.
Embodiment
When realizing L3VPN, Provider Edge (Provider Edge, PE) equipment and client router (Customer Edge Router, CE) need to carry out the mutual of routing iinformation.Route switching between PE and the CE can be adopted static routing, also can adopt routing information protocol (Routing InformationProtocol, RIP), ospf (Open Shortest Path First, OSPF), the dynamic routing protocol such as Intermediate System-to-Intermediate System (Intermediate System to Intermediate System, ISIS) and BGP.Can pass through ospf protocol or ISIS protocol interaction VPN routing iinformation and belong between the PE of same VPN.Operator's router (Provider Router is called for short P) does not need to know the routing iinformation of client VPN network, and this transparency can effectively reduce the burden of P router, improves autgmentability and the professional flexibility of carrying out of network.PE receives after the IP packet that sends over from local CE, search the best route of IP packet rs destination matching addresses by the route forwarding table that VPN is corresponding under this CE, then use multi protocol label exchange (Multiprotocol Label Switching, MPLS) or IP tunnel, this IP packet cross operator MPLS/IP network is sent to down hop PE equipment.
Need to prove, the embodiment of the invention is made improvement mainly for the automation configuration of L3VPN technology, and the VPN that therefore improves hereinafter all refers to L3VPN.
Below in conjunction with the accompanying drawing in the embodiment of the invention, the technical scheme in the embodiment of the invention is clearly and completely described, obviously, described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that obtains under the creative work prerequisite.
Embodiment 1
The embodiment of the invention provides a kind of method that realizes three-layer virtual special network, as shown in Figure 1, comprising:
101, a PE equipment receives the VPN (virtual private network) VPN neighbours that the 2nd PE equipment sends and finds message, wherein, described VPN neighbours find that message is the type length numerical value (Type-Length-Value after the expansion, TLV) message carries described the 2nd PE equipment corresponding IP address, VPN ID and VPN label.
Wherein, VPN neighbours find that message is the TLV message after the expansion, for example, and the TLV message under the ISIS agreement, or the TLV message under the ospf protocol.Concrete, the VPN neighbours under the ISIS agreement find that message is as shown in table 1.
Figure BDA0000146535590000051
Table 1
In table 1, the ISIS TLV after the expansion comprises type of message sign (type), TLV message length (length) and TLV message content (value).The TLV specific type of message sign of definition (type) that can find for being exclusively used in VPN neighbours.When receiving described VPN neighbours and find message, any one PE equipment in the public network just can determine according to the type sign like this purposes of its TLV.The Next-hopaddress field is used for filling in the IP address that these VPN neighbours of transmission find the PE equipment of message.Value comprises VPN ID and the VPN label that writes in pairs.For example, VPN ID can take 32, wherein has 20 with VPN ID, also has in addition 12 as keeping the position.Similarly, the VPN label also can take 32, and wherein 20 is with the VPN label, also has in addition 12 as keeping the position.The length that keeps the position be can adjust as required, according to the needs of filling in of VPN ID or VPN label, full 32 VPN ID or VPN label also can be write.Be understandable that, the concrete division of value field in the practical application scene can be adjusted according to the needs of actual VPN.
Figure BDA0000146535590000061
Table 2
Perhaps, the VPN neighbours under ospf protocol find that message is as shown in table 2.In table 2, the OSPF TLV after the expansion comprises type of message sign (type), TLV message length (length) and TLV message content (value).The TLV specific type of message sign of definition (type) that can find for being exclusively used in VPN neighbours so just can be according to the purposes of definite its TLV of type sign when any one PE equipment in the public network receives described VPN neighbours and finds message.The filling method of Value field can be with reference to the filling method of ISIS TLV, and the embodiment of the invention repeats no more here.
For instance, find to carry in the message VPN ID and the VPN label of a pair of paired existence VPN neighbours.For example, the 2nd PE equipment only is connected to VPN1, and then the 2nd PE equipment VPN ID and the 2nd PE equipment that can find to write in the message VPN1 VPN neighbours is the VPN label that VPN1 distributes.After a PE equipment receives described VPN neighbours and finds message, can find the VPN ID (being VPN ID corresponding to described the 2nd PE equipment) that carries in the message and the VPN ID of a PE equipment according to described VPN neighbours, determine the 2nd PE equipment whether with a PE equipment connection to same VPN.If a PE equipment can be mutual with the routing protocol packet that described the 2nd PE equipment carries out in the same VPN, finishes follow-up VPN configuration flow.Perhaps, also can record VPNID, the 2nd PE equipment that described VPN neighbours find the VPN1 that carries in the message and be VPN label that VPN1 distributes and the IP address of the 2nd PE equipment, so that the follow-up routing protocol packet that carries out is mutual.
Certainly, find also can carry simultaneously in the message many VPN ID to paired existence and VPN label VPN neighbours.For example, the 2nd PE equipment is connected to VPN1 and VPN2 simultaneously, then the 2nd PE equipment can find that the VPN ID that writes VPN1 paired in the message and the 2nd PE equipment are the VPN label that VPN1 distributes VPN neighbours, and the VPN ID of VPN2 and the 2nd PE equipment are the VPN label that VPN2 distributes.After a PE equipment receives described VPN neighbours and finds message, the VPN ID that VPN ID corresponding to the VPN (for example VPN1) that the one PE equipment can be connected and the VPN neighbours that receive find to carry in the message (i.e. the 2nd PE equipment connect VPN ID corresponding to VPN) compares, and determines whether the VPN ID of coupling.The one PE equipment is determined the 2nd PE equipment and a PE equipment connection behind same VPN (VPN1), can be mutual with the routing protocol packet that described the 2nd PE equipment carries out in the same VPN, finish follow-up VPN configuration flow.Perhaps, VPN ID, the 2nd PE equipment that also VPN neighbours can be found the VPN1 that carries in the message is that the VPN label that distributes of VPN1 and the IP address of the 2nd PE are recorded, so that the follow-up routing protocol packet that carries out is mutual.
102, VPN ID and VPN ID corresponding to described two PE equipment corresponding according to a described PE equipment determines whether described the 2nd PE equipment arrives same VPN with a described PE equipment connection.
For instance, before a PE equipment determined with the PE equipment that self is connected to same VPN which to be arranged, a described PE equipment can be distinguished the transmit leg that described VPN neighbours find message by VPN ID and whether belong to same VPN with a described PE equipment.Concrete, VPN is corresponding one by one with VPN ID, and a PE equipment is configured to the member node of one or more VPN in advance, and therefore a PE equipment records has the VPN ID of the affiliated VPN of a described PE equipment.And, send described VPN neighbours find message the 2nd PE equipment this distributed the VPN label as VPN under described the 2nd PE equipment.The one PE equipment receives VPN neighbours find message after, determine that according to the type sign this message is that VPN neighbours find message, and read VPN ID in the value field, compare with the VPN ID of a PE equipment, can determine then whether the 2nd PE equipment and a PE equipment are connected to same VPN.
103, when described the 2nd PE equipment and a described PE equipment connection during to same VPN, mutual with the routing protocol packet that described the 2nd PE equipment carries out in the described same VPN, generate VPN route forwarding table corresponding to described same VPN, described VPN route forwarding table comprises that the IP address of the VPN ID of described same VPN, described the 2nd PE equipment and described the 2nd PE equipment are the VPN label that described same VPN distributes.
For instance, in advance routing iinformation is write described routing protocol packet, and with carrying out alternately with the 2nd PE equipment of a PE equipment connection to same VPN of having determined.Described routing protocol packet is LSA (Link State Advertisement, the LSA) protocol massages under the ospf protocol, or the Link State Protocol Data Unit under the ISIS agreement (Link State PDU, LSP) protocol massages; Wherein, described LSA protocol massages adopts specific purpose multicast ip address, described LSP protocol massages adopts specific purpose multicast media access control (Media Access Control, MAC) address, so that the 2nd PE equipment is received after LSA protocol massages or the LSP protocol massages, according to described specific purpose multicast ip address or specific purpose multicast mac address, identify described routing protocol packet and transmitted to CPU and carry out protocol processes.
The method of the realization three-layer virtual special network that the embodiment of the invention provides, define VPN neighbours by expansion TLV message and found message, VPN ID and VPN label are carried at VPN neighbours to be found in the message, thereby can find that VPN ID in the message determines to belong to a PE equipment PE equipment of same VPN by identification VPN neighbours, and with same VPN in PE equipment to finish routing protocol packet mutual, compare with the technology that needs a large amount of human configuration PE equipment in the prior art, can find that automatic discovery of message belongs to the PE equipment of same VPN and finish routing protocol packet mutual by neighbours, remove a large amount of human configuration work from, improved automation configuration and the automation operation ability of VPN.
Embodiment 2
The embodiment of the invention provides a kind of method that realizes three-layer virtual special network, as shown in Figure 2, comprising:
201, a PE equipment sends VPN neighbours to the 2nd PE equipment and finds message, so as with the two PE device discovery described PE equipment of a described PE equipment connection to same VPN.
For instance, a described PE equipment can be any one the PE equipment among the VPN, for example, as shown in Figure 5, be connected with 3 PE equipment among the VPN1, respectively node A, Node B and node C, take any one PE equipment (node A) wherein as a PE equipment as example, Node B and C are exactly two neighbor nodes that are connected to same VPN with a PE equipment (node A).Node D is a PE equipment in the public network, but is not the PE equipment that is connected to VPN1, is not the neighbor node of node A with regard to VPN1 therefore.Need to prove, the deployment of VPN can overlap, and that is to say the VPN2 member node is comprised node A and D, and therefore node D is the neighbor node of node A for VPN2.All the other nodes in the public network comprise that Node B, C, D all can be used as the 2nd PE equipment.
Wherein, the VPN neighbours that node A sends to all the other nodes in the public network (the 2nd PE equipment) find to comprise in the message VPN label that node A is the VPN1 distribution, described VPN label is unique in same VPN, is used for sign and sends the sender (node A) that these VPN neighbours find message.Described VPN neighbours find also to comprise in the message VPN ID, and described VPN ID is the sign of the VPN that is connected to of node A.For example, node A is that the VPN label that VPN1 distributes is 100, can in VPN neighbours find the value field of message, write the VPN label (100) of VPN ID (VPN1) and node A, so VPN ID and VPN label find in the message it is to exist in pairs neighbours.Be understandable that, find to carry in the message VPN ID and a VPN label that exists in pairs VPN neighbours, also can carry simultaneously VPN ID and the VPN label of a plurality of paired existence.
202, a PE equipment receives the VPN neighbours that the 2nd PE equipment sends and finds message.
Wherein, find that with VPN neighbours described in the step 201 form of message is identical, all the other nodes also can find that message sends the configuration information of VPN to a described PE equipment by VPN neighbours in the public network.Described VPN neighbours find that message is the TLV message after the expansion, carry to send the VPN label that corresponding IP address, VPN ID and the 2nd PE equipment of the 2nd PE equipment that described VPN neighbours find message distributes for its VPN that connects.
203, VPN ID and VPN ID corresponding to described two PE equipment corresponding according to a described PE equipment determines whether described the 2nd PE equipment arrives same VPN with a described PE equipment connection.
For instance, owing to having a plurality of VPN in the public network, VPN neighbours find can carry simultaneously in the message VPN ID and the VPN label of a plurality of paired existence, therefore a described PE equipment just needs analytic message and identifies the VPN information that a described PE equipment is concerned about after receiving VPN neighbours and finding message.Still take Fig. 5 as example, node A (a PE equipment) itself is connected to VPN1, therefore can find the VPN neighbours that receive the VPN ID of identification VPN1 in the message.For example, the VPN neighbours that receive the Node B transmission find therefrom to resolve the VPN ID that obtains VPN1 behind the message, therefore having found to belong to the neighbor node (Node B) of VPN1, is that the VPN label (200) that distributes of VPN1 and the IP address of Node B are recorded with the Node B of correspondence.Perhaps, if when receiving VPN neighbours that the 2nd PE equipment (nodes X) that other and node A be not connected to same VPN sends and finding message, then can't therefrom be resolved to the VPN ID of coupling, thus not with nodes X as neighbor node.
204, the VPN ID that described same VPN is corresponding, described the 2nd PE equipment are that the VPN label of described same VPN distribution and the IP address of described the 2nd PE equipment are recorded in the VPN neighbor list.
For instance, each VPN that a described PE equipment connects can be to there being a VPN neighbor list, the VPN label that can record the IP address of the 2nd PE equipment that belongs to same VPN and distribute for described same VPN in the VPN neighbor list.For example, can record the IP address of Node B and Node B in the VPN neighbor list of node A corresponding to VPN1 is the VPN label 200 that VPN1 distributes, and the IP address of node C and node C are the VPN label 300 that VPN1 distributes.For instance, if node A not only is connected to VPN1 but also be connected to VPN2, then can on node A, generate respectively the VPN neighbor list of two correspondences.
Again for instance, a described PE equipment also can generate a shared VPN neighbor list for a plurality of VPN that described the first equipment connects.In this VPN neighbor list that shares, IP address and the VPN label of the PE equipment that comprises among VPN ID, each VPN of each VPN that the PE equipment that can record connects.For example, node A can be according to the VPN ID of VPN1, and the IP address and the Node B that pick out the Node B that belongs to VPN1 from the VPN neighbor list that shares are the VPN label that VPN1 distributes.
205, the 2nd PE equipment that records in the described VPN neighbor list by point-to-point tunnel sends the first routing protocol packet.
Wherein, described the first routing protocol packet sends after the first tunnel encapsulation, and carrying described the 2nd PE equipment in the first tunnel encapsulation information is the VPN label that described same VPN distributes.Routing protocol packet is for the message of passing on the route accessibility so that each member PE equipment generates the VPN route forwarding table among the same VPN, in service communication according to described VPN route forwarding table find optimal path with business data transmission to down hop PE equipment.
For instance, in described the first tunnel encapsulation information, the VPN tag types of carrying can be set to downstream distributing labels type, so that the 2nd PE equipment is determined the RM of described VPN label.For example, node A will find that by VPN neighbours the Node B that message obtains is the VPN label (200) that VPN1 distributes before, be written in the first tunnel encapsulation information, and be set to the downstream distributing labels, like this after Node B receives described the first routing protocol packet, because Node B has been distributed to VPN1 with 200 before, can determine that just described the first routing protocol packet is the routing protocol packet that belongs to VPN1.
206, receive the secondary route protocol massages that the 2nd PE equipment sends by point-to-point tunnel, determine VPN corresponding to described secondary route protocol massages according to the VPN label that the secondary route protocol massages after the described encapsulation carries.
Wherein, wherein said secondary route protocol massages sends after the second tunnel encapsulation, and carrying a described PE equipment in the second tunnel encapsulation information is the VPN label that described same VPN distributes.
For example, node A (a PE equipment) receives the secondary route protocol massages after the encapsulation that Node B (the 2nd PE equipment) sends by point-to-point tunneling, resolve the VPN label (100) that carries in the second tunnel encapsulation information, determine node A has distributed to which VPN (VPN1) with 100, can determine that just the current secondary route protocol massages that receives is the routing protocol packet that belongs to VPN1.
207, the content according to described secondary route protocol massages generates corresponding VPN route forwarding table.
Wherein, determined then the routing iinformation that carries in the secondary route protocol massages to be recorded VPN under the secondary route protocol massages that a described PE equipment receives by point-to-point tunneling by step 206, generated the VPN route forwarding table.For instance, in the VPN route forwarding table, can comprise the information such as prefix, down hop (the namely IP address of each PE equipment among the described same VPN), in order in professional transmission course, determine optimal path according to described VPN route forwarding table.
For instance, method embodiment illustrated in fig. 2 can also comprise:
208, the VPN route forwarding table according to described same VPN carries out the business transmission.
Wherein, in same VPN, carry out to determine optimal transmission paths according to VPN route forwarding table corresponding to described same VPN in the process of professional transmission, business datum is sent to best down hop PE equipment.
In the another kind of application scenarios of the embodiment of the invention, can be not to carry out routing protocol packet by point-to-point tunneling mutual, but it is mutual to carry out routing protocol packet by the special public network multicast tree of each VPN special use.As shown in Figure 3, the method for the realization three-layer virtual special network that provides of the embodiment of the invention can comprise:
301-304 is identical with step 201-204.
305, Third Road is obtained the first multicast packets by protocol massages encapsulation, and send to other PE equipment on the described special public network multicast tree by special public network multicast tree corresponding to described same VPN.
Wherein, comprise the whole PE equipment that are connected among the described same VPN in the described special public network multicast tree, the destination address of described the first multicast packets is multicast group address corresponding to described special public network multicast tree.Each special public network multicast tree be to there being a multicast group address, and namely same VPN is corresponding to a special public network multicast tree, and corresponding to a multicast group address.
Concrete, the public network multicast tree is operator's multicast tree, the special public network multicast tree is non-polymerization multicast tree, and the sharing public network multicast tree is the polymerization multicast tree.The special public network multicast tree can be by pre-configured, and whole member PE equipment that will belong to same VPN all are arranged to the leaf node of special public network multicast tree.For example, the VPN1 of three member PE equipment (node A, B and C) composition is arranged to a special public network multicast tree 1 should be arranged, the leaf node of special public network multicast tree 1 comprises node A, B and C.When node A was packaged into Third Road the first multicast packets and is passed through 1 transmission of special public network multicast tree by protocol massages, special public network multicast tree 1 can send to Node B and C simultaneously with this first multicast packets.When Node B and C receive described the first multicast packets, resolve the multicast group address that carries in described the first multicast packets, thereby determine that current the first multicast packets that receives belongs to VPN1, then described Third Road is recorded and generated VPN route forwarding table corresponding to VPN1 by the routing iinformation in the protocol massages.
306, receive the second multicast packets that obtains after being encapsulated by the 4th routing protocol packet of described the 2nd PE equipment transmission by special public network multicast tree corresponding to described same VPN, determine corresponding VPN according to the destination address of described the second multicast packets.
Wherein, the destination address of described the second multicast packets is multicast group address corresponding to described special public network multicast tree.The one PE equipment is as the member node of VPN, it also is the leaf node of professional public network multicast tree, therefore can determine which VPN current the 4th routing protocol packet that receives belongs to by the multicast group address that carries in the second multicast packets that receives, thereby write in the corresponding VPN route forwarding table.
307, the content according to described the 4th routing protocol packet generates corresponding VPN route forwarding table.
Wherein, the routing iinformation that carries in the 4th routing protocol packet is recorded, generated VPN route forwarding table corresponding to this VPN.In the VPN route forwarding table, can comprise the information such as IP address (down hop), prefix of each PE equipment that is connected to same VPN, in order in professional transmission course, determine optimal path according to described VPN route forwarding table.
For instance, embodiment illustrated in fig. 3ly can also comprise step 308, identical with step 208.
In the another kind of application scenarios of the embodiment of the invention, also can be mutual by carried out routing protocol packet by the shared sharing public network multicast tree of a plurality of VPN.As shown in Figure 4, the method for the realization three-layer virtual special network that provides of the embodiment of the invention can comprise:
401-404 is identical with step 201-204.
405, the 5th routing protocol packet encapsulation is obtained the 3rd multicast packets, and send to other PE equipment on the described sharing public network multicast tree by the sharing public network multicast tree.
Wherein, carrying a described PE equipment in described the 3rd multicast packets is the VPN label that described same VPN distributes, and the destination address of described the 3rd multicast packets is multicast group address corresponding to described sharing public network multicast tree.Comprise the whole member PE equipment at least two VPN that share described sharing public network multicast tree in the described sharing public network multicast tree, the distribution of VPN label is separate for different VPN, therefore can carry a described PE equipment in described the 3rd multicast packets is the VPN label that described same VPN distributes, and this VPN label is set to the upstream distributing labels.Like this, when other PE equipment in the sharing public network multicast tree receive described the 3rd multicast packets, just the VPN label that carries in the 3rd multicast packets can be processed as the upstream distributing labels.The 2nd PE equipment can determine described VPN label by a described PE devices allocation as the VPN label of which VPN, namely determine VPN corresponding to described VPN label.
406, receive the 4th multicast packets that obtains after being encapsulated by the 6th routing protocol packet of described the 2nd PE equipment transmission by described sharing public network multicast tree, the VPN that carries according to described the 4th multicast packets and the source IP address of described the 4th multicast packets are searched described VPN neighbor list, and label is determined VPN corresponding to described the 6th routing protocol packet.
Wherein, it is the VPN label that described same VPN distributes that described the 4th multicast packets is carried described the 2nd PE equipment, the source IP address of described the 4th multicast packets is the IP address of described the 2nd PE equipment, and the destination address of described the 4th multicast packets is multicast group address corresponding to described sharing public network multicast tree.The VPN tag types that the 2nd PE equipment carried in described the 4th multicast packets before described the 4th multicast packets of transmission is set to upstream distributing labels type, so that a PE equipment is determined the RM of described VPN label.Concrete, can be by the source IP address of the 4th multicast packets and the VPN label that carries, inquiry VPN neighbor list, after finding the clauses and subclauses of all mating with described source IP address and two information of VPN label, which VPN is the clauses and subclauses of determining coupling belong to, just can determine which VPN is current the 4th multicast packets that comprises the 6th routing protocol packet that receives belonged to, thereby write corresponding VPN route forwarding table, so that the service communication in the same VPN.Wherein, the VPN label that records in the VPN neighbor list all is to find the VPN label that upstream PE equipment (for a PE equipment, upstream PE equipment is the 2nd PE equipment) that message obtains distributes for this VPN by VPN neighbours.
407, the content according to described the 6th routing protocol packet generates corresponding VPN route forwarding table.
Wherein, according to the VPN that determines in the step 406, the routing iinformation that carries in the 6th routing protocol packet is recorded, generated VPN route forwarding table corresponding to this VPN.In the VPN route forwarding table, can comprise the information such as prefix, down hop (the namely IP address of each member PE equipment among the described same VPN), in order in professional transmission course, determine optimal path according to described VPN route forwarding table.
For instance, embodiment illustrated in fig. 4ly can also comprise step 408, identical with step 208.
Need to prove, in the embodiment of the invention specific descriptions of part steps can reference example 1 in corresponding content, the embodiment of the invention will be given unnecessary details here no longer one by one.
The method of the realization three-layer virtual special network that the embodiment of the invention provides, increase VPN neighbours by expansion TLV message and found message, VPN ID and VPN label are carried at VPN neighbours to be found in the message, thereby can find that the VPN ID in the message determines to belong to the PE equipment of same VPN by identification VPN neighbours, and with same VPN in PE equipment to finish routing protocol packet mutual, compare with the technology that needs large amount of complex human configuration PE equipment in the prior art, can find that automatic discovery of message belongs to the PE equipment of same VPN and finish routing protocol packet mutual by VPN neighbours, remove a large amount of human configuration work from, improved automation configuration and the automation operation ability of VPN.
Embodiment 3
The embodiment of the invention provides a kind of the first Provider Edge (Provider Edge, PE) equipment, as shown in Figure 6, can comprise: neighbours' receiving element 51, network determining unit 52, route interactive unit 53.
Neighbours' receiving element 51, the VPN (virtual private network) VPN neighbours that are used for the transmission of reception the 2nd PE equipment find message; Wherein, described VPN neighbours find that message is the type length numerical value TLV message after the expansion, carries described the 2nd PE equipment corresponding IP address, VPN ID and VPN label.
Network determining unit 52 is used for VPN ID and VPN ID corresponding to described two PE equipment corresponding according to a described PE equipment, determines whether described the 2nd PE equipment arrives same VPN with a described PE equipment connection.
Route interactive unit 53, be used for when described network determining unit 52 is determined described the 2nd PE equipment and a described PE equipment connection to same VPN, mutual with the routing protocol packet that described the 2nd PE equipment carries out in the described same VPN, generate VPN route forwarding table corresponding to described same VPN, wherein said VPN route forwarding table comprises that the IP address of the VPN ID of described same VPN, described the 2nd PE equipment and described the 2nd PE equipment are the VPN label that described same VPN distributes.
Alternatively, as shown in Figure 7, a PE equipment can also comprise: neighbor list unit 54.
Neighbor list unit 54, be used for after described network determining unit 52 determines that described the 2nd PE equipment and a described PE equipment connection arrive same VPN, the VPN ID that described same VPN is corresponding, described the 2nd PE equipment are that the VPN label of described same VPN distribution and the IP address of described the 2nd PE equipment are recorded in the VPN neighbor list.
Optionally, further, described route interactive unit 53 comprises: the first sending module 531.
The first sending module 531, be used for sending the first routing protocol packet by point-to-point tunnel to described the 2nd PE equipment that described VPN neighbor list records, wherein, described the first routing protocol packet sends after the first tunnel encapsulation, and carrying described the 2nd PE equipment in the first tunnel encapsulation information is the VPN label that described same VPN distributes.
Wherein, the VPN tag types of carrying in described the first tunnel encapsulation information is set to downstream distributing labels type, so that the 2nd PE equipment is determined the RM of described VPN label.
Again for instance, described route interactive unit 53 also comprises: the first receiver module 532, the first generation module 533.
The first receiver module 532, be used for receiving the secondary route protocol massages that described the 2nd PE equipment sends by described point-to-point tunnel, wherein said secondary route protocol massages sends after the second tunnel encapsulation, and carrying a described PE equipment in the second tunnel encapsulation information is the VPN label that described same VPN distributes.
The first generation module 533 is used for determining VPN corresponding to described secondary route protocol massages according to the VPN label that the secondary route protocol massages after the encapsulation carries; Content according to described the second described routing protocol packet generates corresponding VPN route forwarding table.
As shown in Figure 8, in the another kind of application scenarios of the embodiment of the invention, described route interactive unit 53 comprises: the second sending module 534.
The second sending module 534 is used for Third Road is obtained the first multicast packets by the protocol massages encapsulation, and sends to other PE equipment on the described special public network multicast tree by special public network multicast tree corresponding to described same VPN.
Wherein, comprise the whole PE equipment that are connected among the described same VPN in the described special public network multicast tree, the destination address of described the first multicast packets is multicast group address corresponding to described special public network multicast tree.
Further, described route interactive unit 53 also comprises: the second receiver module 535, the second generation module 536.
The second receiver module 535, be used for receiving the second multicast packets that obtains after being encapsulated by the 4th routing protocol packet of described the 2nd PE equipment transmission by special public network multicast tree corresponding to described same VPN, the destination address of wherein said the second multicast packets is multicast group address corresponding to described special public network multicast tree.
The second generation module 536 is used for determining corresponding VPN according to the destination address of described the second multicast packets; Content according to described the 4th routing protocol packet generates corresponding VPN route forwarding table.
As shown in Figure 9, in the another kind of application scenarios of the embodiment of the invention, described route interactive unit 53 comprises: the 3rd sending module 537.
The 3rd sending module 537 is used for the encapsulation of the 5th routing protocol packet is obtained the 3rd multicast packets, and sends to other PE equipment on the described sharing public network multicast tree by the sharing public network multicast tree.Carrying a described PE equipment in wherein said the 3rd multicast packets is the VPN label that described same VPN distributes, and the destination address of described the 3rd multicast packets is multicast group address corresponding to described sharing public network multicast tree.The VPN tag types of carrying in described the 3rd multicast packets is set to upstream distributing labels type, so that the 2nd PE equipment is determined the RM of described VPN label.
Further, described route interactive unit 53 also comprises: the 3rd receiver module 538, the 3rd generates module 539.
The 3rd receiver module 538, be used for receiving the 4th multicast packets that obtains after being encapsulated by the 6th routing protocol packet of described the 2nd PE equipment transmission by described sharing public network multicast tree, it is the VPN label that described same VPN distributes that wherein said the 4th multicast packets is carried described the 2nd PE equipment, the source I P address of described the 4th multicast packets is the IP address of described the 2nd PE equipment, and the destination address of described the 4th multicast packets is multicast group address corresponding to described sharing public network multicast tree.
The 3rd generates module 539, searches described VPN neighbor list for the VPN label that carries according to described the 4th multicast packets and the source IP address of described the 4th multicast packets, determines VPN corresponding to described the 6th routing protocol packet; Content according to described the 6th routing protocol packet generates corresponding VPN route forwarding table.
Need to prove, in embodiment 1-3, described routing protocol packet is the LSA protocol massages of ospf protocol or the LSP protocol massages of ISIS agreement; Wherein, described LSA protocol massages adopts specific purpose multicast ip address, described LSP protocol massages adopts specific purpose multicast mac address, so that described the 2nd PE equipment is received after described LSA protocol massages or the described LSP protocol massages, according to described specific purpose multicast ip address or specific purpose multicast mac address, identify described routing protocol packet and transmitted to CPU and carry out protocol processes.
The embodiment of the invention also provides a kind of system that realizes three-layer virtual special network, as shown in figure 10, comprising: a PE equipment 61 and the 2nd PE equipment 62.
A described PE equipment 61, the VPN neighbours that are used for the transmission of reception the 2nd PE equipment find message, wherein, described VPN neighbours find that message is the type length numerical value TLV message after the expansion, carries IP address, VPN ID and the VPN label of described the 2nd PE equipment 62 correspondences; According to the VPN ID of a described PE equipment 61 correspondences and the VPN ID of described the 2nd PE equipment 62 correspondences, determine whether described the 2nd PE equipment 62 is connected to same VPN with a described PE equipment 61; When described the 2nd PE equipment 62 is connected to same VPN with a described PE equipment 61, mutual with the routing protocol packet that described the 2nd PE equipment 62 carries out in the described same VPN, generate VPN route forwarding table corresponding to described same VPN, described VPN route forwarding table comprises the IP address of the VPN ID of described same VPN, described the 2nd PE equipment 62 and the VPN label that described the 2nd PE equipment 62 distributes for described same VPN.
Need to prove, in the embodiment of the invention specific descriptions of part functional module can reference example 1 and embodiment 2 in corresponding content, the embodiment of the invention will be given unnecessary details here no longer one by one.
The system of the realization three-layer virtual special network that the embodiment of the invention provides and a PE equipment, define VPN neighbours by expansion TLV message and found message, VPN ID and VPN label are carried at VPN neighbours to be found in the message, thereby can find that the VPN ID in the message determines to belong to the PE equipment of same VPN by identification VPN neighbours, and with same VPN in PE equipment to finish routing protocol packet mutual, compare with the technology that needs each PE of human configuration in the prior art, can find that automatic discovery of message belongs to the PE equipment of same VPN and finish routing protocol packet mutual by VPN neighbours, remove a large amount of personnel's workloads from, improved automation configuration and the automation operation ability of VPN.
Through the above description of the embodiments, the those skilled in the art can be well understood to the embodiment of the invention and can realize by the mode that software adds essential common hardware, can certainly pass through hardware, but the former is better execution mode in a lot of situation.Based on such understanding, the part that the technical scheme of the embodiment of the invention contributes to prior art in essence in other words can embody with the form of software product, this computer software product is stored in the storage medium that can read, floppy disk such as computer, hard disk or CD etc., comprise some instructions with so that computer equipment (can be personal computer, server, the perhaps network equipment etc.) carry out the described method of each embodiment of the present invention.
The above; be the specific embodiment of the present invention only, but protection scope of the present invention is not limited to this, anyly is familiar with those skilled in the art in the technical scope that the present invention discloses; can expect easily changing or replacing, all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of described claim.

Claims (19)

1. a method that realizes three-layer virtual special network is characterized in that, comprising:
The VPN (virtual private network) VPN neighbours that the first Provider Edge PE equipment receives the transmission of the 2nd PE equipment find message, wherein, described VPN neighbours find that message is the type length numerical value TLV message after the expansion, carries described the 2nd PE equipment corresponding IP address, VPN ID and VPN label;
VPN ID and VPN ID corresponding to described two PE equipment corresponding according to a described PE equipment determine whether described the 2nd PE equipment arrives same VPN with a described PE equipment connection;
When described the 2nd PE equipment and a described PE equipment connection during to same VPN, mutual with the routing protocol packet that described the 2nd PE equipment carries out in the described same VPN, generate VPN route forwarding table corresponding to described same VPN, described VPN route forwarding table comprises that the IP address of the VPN ID of described same VPN, described the 2nd PE equipment and described the 2nd PE equipment are the VPN label that described same VPN distributes.
2. method according to claim 1 is characterized in that, described determine that described the 2nd PE equipment and a described PE equipment connection arrive same VPN after, also comprise:
The VPN ID that described same VPN is corresponding, described the 2nd PE equipment are that the VPN label of described same VPN distribution and the IP address of described the 2nd PE equipment are recorded in the VPN neighbor list.
3. method according to claim 2 is characterized in that, the routing protocol packet that described and described the 2nd PE equipment carries out in the described same VPN is mutual, comprising:
Described the 2nd PE equipment that records in the described VPN neighbor list by point-to-point tunnel sends the first routing protocol packet, wherein, described the first routing protocol packet sends after the first tunnel encapsulation, and carrying described the 2nd PE equipment in the first tunnel encapsulation information is the VPN label that described same VPN distributes.
4. method according to claim 3 is characterized in that, the routing protocol packet that described and described the 2nd PE equipment carries out in the described same VPN is mutual, also comprises:
Receive the secondary route protocol massages that described the 2nd PE equipment sends by described point-to-point tunnel, wherein said secondary route protocol massages sends after the second tunnel encapsulation, and carrying a described PE equipment in the second tunnel encapsulation information is the VPN label that described same VPN distributes;
Correspondingly, VPN route forwarding table corresponding to the described same VPN of described generation comprises:
Determine VPN corresponding to described secondary route protocol massages according to the VPN label that the secondary route protocol massages after the described encapsulation carries;
Content according to described secondary route protocol massages generates corresponding VPN route forwarding table.
5. method according to claim 1 is characterized in that, the routing protocol packet that described and described the 2nd PE equipment carries out in the described same VPN is mutual, comprising:
Third Road is obtained the first multicast packets by protocol massages encapsulation, and send to other PE equipment on the described special public network multicast tree by special public network multicast tree corresponding to described same VPN; Comprise the whole PE equipment that are connected among the described same VPN in the wherein said special public network multicast tree, the destination address of described the first multicast packets is multicast group address corresponding to described special public network multicast tree.
6. method according to claim 5 is characterized in that, the routing protocol packet that described and described the 2nd PE equipment carries out in the described same VPN is mutual, also comprises:
Receive the second multicast packets that obtains after being encapsulated by the 4th routing protocol packet of described the 2nd PE equipment transmission by special public network multicast tree corresponding to described same VPN, the destination address of described the second multicast packets is multicast group address corresponding to described special public network multicast tree;
Correspondingly, the VPN route forwarding table that the described same VPN of described generation is corresponding comprises:
Destination address according to described the second multicast packets is determined corresponding VPN;
Content according to described the 4th routing protocol packet generates corresponding VPN route forwarding table.
7. method according to claim 2 is characterized in that, the routing protocol packet that described and described the 2nd PE equipment carries out in the described same VPN is mutual, comprising:
The encapsulation of the 5th routing protocol packet is obtained the 3rd multicast packets, and send to other PE equipment on the described sharing public network multicast tree by the sharing public network multicast tree, carrying a described PE equipment in described the 3rd multicast packets is the VPN label that described same VPN distributes, the source IP address of described the 3rd multicast packets is the IP address of a described PE equipment, and the destination address of described the 3rd multicast packets is multicast group address corresponding to described sharing public network multicast tree.
8. method according to claim 7 is characterized in that, the routing protocol packet that described and described the 2nd PE equipment carries out in the described same VPN is mutual, also comprises:
Receive the 4th multicast packets that obtains after being encapsulated by the 6th routing protocol packet of described the 2nd PE equipment transmission by described sharing public network multicast tree, it is the VPN label that described same VPN distributes that described the 4th multicast packets is carried described the 2nd PE equipment, the source IP address of described the 4th multicast packets is the IP address of described the 2nd PE equipment, and the destination address of described the 4th multicast packets is multicast group address corresponding to described sharing public network multicast tree;
Correspondingly, the VPN route forwarding table that the described same VPN of described generation is corresponding comprises:
The VPN label that carries according to described the 4th multicast packets and the source IP address of described the 4th multicast packets are searched described VPN neighbor list, determine VPN corresponding to described the 6th routing protocol packet;
Content according to described the 6th routing protocol packet generates corresponding VPN route forwarding table.
9. method according to claim 1 is characterized in that, described routing protocol packet is LSA LSA protocol massages under the ospf protocol or the Link State Protocol Data Unit LSP protocol massages under the ISIS agreement; Wherein, described LSA protocol massages adopts specific purpose multicast ip address, described LSP protocol massages adopts specific purpose multicast mac address, so that described the 2nd PE equipment is received after described LSA protocol massages or the described LSP protocol massages, according to described specific purpose multicast ip address or specific purpose multicast mac address, identify described routing protocol packet and transmitted to CPU and carry out protocol processes.
10. a Provider Edge PE equipment is characterized in that, comprising:
Neighbours' receiving element, the VPN (virtual private network) VPN neighbours that are used for the transmission of reception the 2nd PE equipment find message; Wherein, described VPN neighbours find that message is the type length numerical value TLV message after the expansion, carries described the 2nd PE equipment corresponding IP address, VPN ID and VPN label;
The network determining unit is used for VPN ID and VPN ID corresponding to described two PE equipment corresponding according to a described PE equipment, determines whether described the 2nd PE equipment arrives same VPN with a described PE equipment connection;
The route interactive unit, be used for when described network determining unit is determined described the 2nd PE equipment and a described PE equipment connection to same VPN, mutual with the routing protocol packet that described the 2nd PE equipment carries out in the described same VPN, generate VPN route forwarding table corresponding to described same VPN, wherein said VPN route forwarding table comprises that the IP address of the VPN ID of described same VPN, described the 2nd PE equipment and described the 2nd PE equipment are the VPN label that described same VPN distributes.
11. a PE equipment according to claim 10 is characterized in that, also comprises:
The neighbor list unit, be used for after described network determining unit determines that described the 2nd PE equipment and a described PE equipment connection arrive same VPN, the VPN ID that described same VPN is corresponding, described the 2nd PE equipment are that the VPN label of described same VPN distribution and the IP address of described the 2nd PE equipment are recorded in the VPN neighbor list.
12. a PE equipment according to claim 11 is characterized in that, described route interactive unit comprises:
The first sending module, be used for sending the first routing protocol packet by point-to-point tunnel to described the 2nd PE equipment that described VPN neighbor list records, wherein, described the first routing protocol packet sends after the first tunnel encapsulation, and carrying described the 2nd PE equipment in the first tunnel encapsulation information is the VPN label that described same VPN distributes.
13. a PE equipment according to claim 12 is characterized in that, described route interactive unit also comprises:
The first receiver module, be used for receiving the secondary route infomational message that described the 2nd PE equipment sends by described point-to-point tunnel, wherein said secondary route protocol massages sends after the second tunnel encapsulation, and carrying a described PE equipment in the second tunnel encapsulation information is the VPN label that described same VPN distributes;
The first generation module is used for determining VPN corresponding to described secondary route protocol massages according to the VPN label that the secondary route protocol massages after the described encapsulation carries; Content according to described secondary route protocol massages generates corresponding VPN route forwarding table.
14. a PE equipment according to claim 10 is characterized in that, described route interactive unit comprises:
The second sending module is used for Third Road is obtained the first multicast packets by the protocol massages encapsulation, and sends to other PE equipment on the described special public network multicast tree by special public network multicast tree corresponding to described same VPN;
Wherein, comprise the whole PE equipment that are connected among the described same VPN in the described special public network multicast tree, the destination address of described the first multicast packets is multicast group address corresponding to described special public network multicast tree.
15. a PE equipment according to claim 14 is characterized in that, described route interactive unit also comprises:
The second receiver module, be used for receiving the second multicast packets that obtains after being encapsulated by the 4th routing iinformation message of described the 2nd PE equipment transmission by special public network multicast tree corresponding to described same VPN, the destination address of wherein said the second multicast packets is multicast group address corresponding to described special public network multicast tree;
The second generation module is used for determining corresponding VPN according to the destination address of described the second multicast packets; Content according to described the 4th routing protocol packet generates corresponding VPN route forwarding table.
16. a PE equipment according to claim 11 is characterized in that, described route interactive unit comprises:
The 3rd sending module is used for the encapsulation of the 5th routing protocol packet is obtained the 3rd multicast packets, and sends to other PE equipment on the described sharing public network multicast tree by the sharing public network multicast tree; Carrying a described PE equipment in wherein said the 3rd multicast packets is the VPN label that described same VPN distributes, the source IP address of described the 3rd multicast packets is the IP address of a described PE equipment, and the destination address of described the 3rd multicast packets is multicast group address corresponding to described sharing public network multicast tree.
17. a PE equipment according to claim 16 is characterized in that, described route interactive unit also comprises:
The 3rd receiver module, be used for receiving the 4th multicast packets that obtains after being encapsulated by the 6th routing protocol packet of described the 2nd PE equipment transmission by described sharing public network multicast tree, it is the VPN label that described same VPN distributes that wherein said the 4th multicast packets is carried described the 2nd PE equipment, the source IP address of described the 4th multicast packets is the IP address of described the 2nd PE equipment, and the destination address of described the 4th multicast packets is multicast group address corresponding to described sharing public network multicast tree;
The 3rd generates module, searches described VPN neighbor list for the VPN label that carries according to described the 4th multicast packets and the source IP address of described the 4th multicast packets, determines VPN corresponding to described the 6th routing protocol packet; Content according to described the 6th routing protocol packet generates corresponding VPN route forwarding table.
18. a PE equipment according to claim 10 is characterized in that, described routing protocol packet is LSA LSA protocol massages under the ospf protocol or the Link State Protocol Data Unit LSP protocol massages under the ISIS agreement; Wherein, described LSA protocol massages adopts specific purpose multicast ip address, described LSP protocol massages adopts specific purpose multicast mac address, so that described the 2nd PE equipment is received after described LSA protocol massages or the described LSP protocol massages, according to described specific purpose multicast ip address or specific purpose multicast mac address, identify described routing protocol packet and transmitted to CPU and carry out protocol processes.
19. a system that realizes three-layer virtual special network is characterized in that, comprising:
As each described PE equipment among the claim 10-18 and as described in the 2nd PE equipment.
CN201210081768.7A 2012-03-23 2012-03-23 Method, device and system for achieving three-layer VPN Pending CN103326915A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201210081768.7A CN103326915A (en) 2012-03-23 2012-03-23 Method, device and system for achieving three-layer VPN
PCT/CN2013/072915 WO2013139270A1 (en) 2012-03-23 2013-03-20 Method, device, and system for implementing layer3 virtual private network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210081768.7A CN103326915A (en) 2012-03-23 2012-03-23 Method, device and system for achieving three-layer VPN

Publications (1)

Publication Number Publication Date
CN103326915A true CN103326915A (en) 2013-09-25

Family

ID=49195455

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210081768.7A Pending CN103326915A (en) 2012-03-23 2012-03-23 Method, device and system for achieving three-layer VPN

Country Status (2)

Country Link
CN (1) CN103326915A (en)
WO (1) WO2013139270A1 (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104486225A (en) * 2014-12-19 2015-04-01 杭州华三通信技术有限公司 Packet forwarding method and packet forwarding equipment applied to TRILL network
CN104618375A (en) * 2015-01-30 2015-05-13 普联技术有限公司 Method and device for discovering network devices
WO2016045557A1 (en) * 2014-09-22 2016-03-31 Hangzhou H3C Technologies Co., Ltd. Network virtualization
CN106572021A (en) * 2015-10-09 2017-04-19 中兴通讯股份有限公司 Method for realizing network virtualization superimposition and network virtualization edge node
WO2018040614A1 (en) * 2016-08-31 2018-03-08 华为技术有限公司 Method, related device, and system for establishing label-switched path for virtual private network
CN111163009A (en) * 2020-02-20 2020-05-15 盛科网络(苏州)有限公司 Method and device for realizing three-layer multicast in port expansion system
US20210167994A1 (en) * 2018-07-13 2021-06-03 Huawei Technologies Co., Ltd. Packet Transmission Method, Apparatus, and system, and Storage Medium

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113765815B (en) * 2020-06-05 2024-03-26 华为技术有限公司 Method, equipment and system for sharing multicast message load
CN114650248B (en) * 2020-12-02 2023-07-18 中国电信股份有限公司 Processing method and system of routing information and autonomous system boundary router

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7386605B2 (en) * 2002-11-05 2008-06-10 Enterasys Networks, Inc. Methods and apparatus for automated edge device configuration in a heterogeneous network
US7447167B2 (en) * 2005-03-28 2008-11-04 Cisco Technology, Inc. Method and apparatus for the creation and maintenance of a self-adjusting repository of service level diagnostics test points for network based VPNs
CN1960299A (en) * 2005-11-04 2007-05-09 中兴通讯股份有限公司 Method of automatic establishing virtual dedicated network topology based on exchange network of multiprotocol tags
US8532095B2 (en) * 2005-11-18 2013-09-10 Cisco Technology, Inc. Techniques configuring customer equipment for network operations from provider edge
CN101834794B (en) * 2010-05-06 2012-09-26 杭州华三通信技术有限公司 Method and device for forwarding message through backbone network

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016045557A1 (en) * 2014-09-22 2016-03-31 Hangzhou H3C Technologies Co., Ltd. Network virtualization
CN104486225A (en) * 2014-12-19 2015-04-01 杭州华三通信技术有限公司 Packet forwarding method and packet forwarding equipment applied to TRILL network
CN104486225B (en) * 2014-12-19 2018-04-20 新华三技术有限公司 Applied to the message forwarding method and equipment in TRILL network
CN104618375A (en) * 2015-01-30 2015-05-13 普联技术有限公司 Method and device for discovering network devices
CN104618375B (en) * 2015-01-30 2018-09-28 普联技术有限公司 A kind of discovery method and device of the network equipment
CN106572021A (en) * 2015-10-09 2017-04-19 中兴通讯股份有限公司 Method for realizing network virtualization superimposition and network virtualization edge node
CN106572021B (en) * 2015-10-09 2021-07-06 中兴通讯股份有限公司 Method for realizing network virtualization superposition and network virtualization edge node
WO2018040614A1 (en) * 2016-08-31 2018-03-08 华为技术有限公司 Method, related device, and system for establishing label-switched path for virtual private network
US20210167994A1 (en) * 2018-07-13 2021-06-03 Huawei Technologies Co., Ltd. Packet Transmission Method, Apparatus, and system, and Storage Medium
US11804985B2 (en) * 2018-07-13 2023-10-31 Huawei Technologies Co., Ltd. Packet transmission method, apparatus, and system, and storage medium
CN111163009A (en) * 2020-02-20 2020-05-15 盛科网络(苏州)有限公司 Method and device for realizing three-layer multicast in port expansion system
CN111163009B (en) * 2020-02-20 2021-06-22 盛科网络(苏州)有限公司 Method and device for realizing three-layer multicast in port expansion system

Also Published As

Publication number Publication date
WO2013139270A1 (en) 2013-09-26

Similar Documents

Publication Publication Date Title
CN103326915A (en) Method, device and system for achieving three-layer VPN
CN107733793B (en) Forwarding table item maintenance method and device
US9509609B2 (en) Forwarding packets and PE devices in VPLS
CN107026796B (en) VPN route notification method, data flow forwarding method and related equipment
CN100550841C (en) Autonomous System Boundary Router, AS Boundary Router route issuing method and Autonomous System Boundary Router, AS Boundary Router
WO2016015497A1 (en) Method, device and system for forwarding packet
WO2015165311A1 (en) Method for transmitting data packet and provider edge device
US9467423B2 (en) Network label allocation method, device, and system
CN102413060B (en) User private line communication method and equipment used in VPLS (Virtual Private LAN (Local Area Network) Service) network
CN102932499A (en) Method and device for learning media access control (MAC) addresses in virtual private lan service (VPLS) networks
CN110050445A (en) Send and receive the method, apparatus and system of message
KR102245989B1 (en) Redundancy Administrating Method for a Virtual Private Network and Network Switching Apparatus with the method implemented on it
US9479420B2 (en) Forwarding a packet in a network
CN103326940A (en) Method for forwarding message in network and edge device of operator
CN103684959A (en) VPN realization method and PE device
CN103746914A (en) Method, device and system for building corresponding relationship between private network label and primary VRF (VPN (virtual private network) routing and forwarding table)
CN103297338B (en) A kind of VPN route advertising method and equipment
CN101621477A (en) Method and device for one-to-many port mirror image
EP2717519B1 (en) Method and apparatus for transferring bootstrap message
WO2017177794A1 (en) Service path establishment method, apparatus and system
CN103220217B (en) A kind of route generating method and equipment
CN102647328A (en) Label distribution method, equipment and system
CN104009919A (en) Message forwarding method and device
CN102724126A (en) Method, device and equipment for forwarding Ethernet tree (E-tree) service message
CN105939262B (en) Label distribution method and device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20130925