JPH09270803A - Virtual network constituting method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To reduce the load of group management in a bridge or an asynchronous transfer mode(ATM) terminal equipment belonging to plural groups. SOLUTION: In this method, bridges BR1-BR4 each connecting to LAN terminal equipments and ATM terminal equipments T11-T14 are connected directly to an ATM network 10, the terminal equipments are grouped and a VLAN is set to the groups, and data communication is conducted between a sender terminal equipment and a terminal equipment whose communication is allowed. In this case, address information and group identification information of the bridges and the ATM terminal equipments are registered in cross reference with each other in a 1st address table in a server VAS/VBS, and with respect to an inquiry of an ATM address of a destination conducted prior to data communication, the server retrieves the 1st address table and returns an acknowledge frame to an equipment making the inquiry, so that the data communication is conducted only between terminal equipments whose communication is allowed.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention builds a virtual LAN virtually grouped between a plurality of terminal devices connected to a trunk network such as an ATM (asynchronous transfer mode) network via a relay device. The present invention relates to a virtual network construction method.

[0002]

[Related Background Art] Conventionally, there is a technology for constructing a LAN in work group units such as a sales department, a development department, and a research department, regardless of the physical configuration such as the position of the terminal device in the network or the wiring between these terminal devices.
For example, “Inrush, Virtual L” described in Nikkei Communication No. 186 (issued on November 21, 1994)
Known as "AN". These LANs are called virtual LANs because they construct a network based on logical grouping.

As means for constructing the above virtual LAN,
Bridge with multiple LAN ports (switching HU
Virtual LAN identifier (hereinafter referred to as “VI”) unique to the work group for each LAN port of the bridge.
There was a method of assigning "D"). However, this method cannot cope with the increase in the number of connected terminal devices.

Therefore, conventionally, by using a LAN emulation standardized by the ATM forum, a terminal device that constitutes a plurality of LANs conforming to the IEEE802.3 or IEEE802.5 standard is connected at high speed via a bridge. Connect to an ATM network and use the above ATM
There has been a method of operating a plurality of ELANs (emulated LANs) constructed on a network by associating a virtual LAN corresponding to the above work group. In this method, an address resolution server or a broadcast server corresponding to each ELAN is provided, and the address resolution server stores the MAC address (physical address) and ATM address of the terminal device or bridge belonging to the corresponding ELAN. Registered in pairs.

In this method, when unicast communication is performed, the terminal device makes a connection to the destination device and enables communication to the destination device by inquiring beforehand about the destination ATM address from the address resolution server. Was there. Also, when performing multicast communication, the frame transferred from the transmission source to the broadcast server is transferred to all terminal devices and bridges belonging to the corresponding ELAN, so that the multicast transfer within the group can be performed. I was going.

[0006]

However, in the above method, the ELAN parameters managed by the terminal device (hereinafter referred to as "ATM terminal device") or bridge directly connected to the ATM network, such as the own station address, the server address, Since the control system timers and counters increase in proportion to the number of groups, there is a problem that the load on the network management increases.

Further, on the network side, it is necessary to add an address resolution server and a broadcast server corresponding to each group, which causes a problem of high manufacturing cost. In addition to the management of these servers, the connections (connection paths of ATM cell switches) leaning between each terminal device side and the server must be managed for each group, which causes a problem that the load on the group management increases. there were.

Further, even if the communication is between physically identical ATM terminal devices and bridges, if the groups are different,
Different connections have to be established each time using signaling processes. Therefore, when there are a plurality of communication paths between the same ATM terminal device and the bridge, it is necessary to perform a determination process as to which path the frames of terminals belonging to a plurality of groups should be transmitted. There was a problem that was complicated.

Further, in transmitting the broadcast frame,
When there are a plurality of communication paths between the same ATM terminal device and bridge, there is a problem that frames may arrive overlappingly on the receiving side. The present invention has been made in view of the above problems, and an object of the present invention is to provide a virtual network construction method capable of reducing the load of group management in bridges or ATM terminal devices belonging to a plurality of groups.

Another object of the present invention is to minimize resources such as an address resolution server and a broadcast server on the network side, and to establish an efficient connection and use a band efficiently. Another object of the present invention is to provide a virtual network construction method capable of maintaining interoperability with an existing terminal device without causing a conventional terminal device to perform special processing.

[0011]

In order to achieve the above object, according to the present invention, a relay device (bridge) having a plurality of ports to which a first terminal device is respectively connected and a bridge function, and a second terminal device are provided. Is directly connected via a trunk network (ATM network), each port of the bridge and the second terminal device are divided into groups to set a virtual network, and between the source terminal device and the terminal device permitted to communicate. In a system that performs data communication, the MAC address and A of the bridge and the second terminal device
Address information of the TM address, at least one group identification information to which the bridge and the second terminal device belong, and bit information indicating that the plurality of first terminal devices to which the belonging group is different from each other are connected ( (A flag) is stored in association with a first address storage unit (first address table) for storing and responding means (a server having the functions of both an address resolution server and a broadcast server) to the ATM network for data communication. In response to the inquiry about the destination ATM address that is made in advance, the server searches the first address table for the group identification information corresponding to the address of the inquired device, and the group to which the inquired device belongs. And communication is allowed between the group to which the inquiry destination device belongs. If only that, the data communication as can be performed between the communication authorized terminal device returns to the apparatus that has performed the inquiry a predetermined response.

According to the present invention, in response to an inquiry about an ATM address of a destination not stored in the first address table, the server transfers the inquiry to the bridge and the second terminal device other than the device that made the inquiry. However, the bridge has a second address table that stores the MAC address of the first terminal device connected to the own device and the group identification information to which each first terminal device belongs in association with each other. In response to the inquiry about the device address, the second address table is searched, and a predetermined response including the group identification information corresponding to the corresponding address is returned to the server.

In claim 5, the inquiring bridge is the AT of the destination obtained by the predetermined response from the server.
A third address table that stores the M address and the group identification information to which the destination belongs in association with the third address table for the destination of the transmission frame from the first terminal device connected to the own device And sends the transmission frame to the ATM network only when communication is permitted between the group to which the destination belongs and the group to which the first terminal device belongs.

In the sixth and ninth aspects, when the server receives the frame to be broadcast, the server determines the group to which the transmission source belongs from the search result of the first address table or the group identifier added to the broadcast frame. Then, only when the communication is permitted between the groups to which the transmission source belongs, the broadcast frame is transferred to the bridge or the second terminal device of the group added to the destination.

In the eighth and twelfth aspects, the relay device searches the second address table for the broadcast frame from the first terminal device connected to the own device, and the group to which the first terminal device belongs. The broadcast frame to which the identification information is added is sent to the server, and for the broadcast frame transferred from the server, the second address table is set based on the group identification information added to the broadcast frame. It retrieves and relays the broadcast frame only to the first terminal device belonging to the group.

[0016]

DESCRIPTION OF THE PREFERRED EMBODIMENTS A virtual network construction method according to the present invention will be described with reference to the drawings of FIGS. FIG.
FIG. 1 is a configuration diagram showing a configuration of an embodiment of a virtual LAN system using a virtual network management method according to the present invention, which is an ATM forum compliant LAN emulation (specification for using existing LAN assets in an ATM environment). Virtual LAN (hereinafter referred to as “VLAN”)
That is) is one example. In the figure, VL
In the AN system, a backbone has a high-speed network such as an ATM network 10 composed of ATM cell switches (not shown), and a plurality of bridges BR1 ...
BR4, ATM terminal devices T11 to T14 and server VAS /
It is configured by directly connecting the VBS to the ATM network 10.

The bridges BR1 to BR4 have ATM network side ports connected to the ATM network 10.
Each has a LAN port on the branch line to which the terminal device is connected, and between the ports of its own device, other bridges and ATMs.
Bridging connection is performed at the MAC layer level between the terminal device and the ATM network side port. Bridge B
R1 to BR4 have a VLAN function, and it is possible to independently set which VLAN each branch LAN port belongs to. At that time, one port has two or more VLs.
It is also possible to set it to belong to AN. Different VLANs are identified on the ATM network 10 as different emulated LANs (ELANs). This allows a VLAN to be built across the bridges BR1 to BR4. In this VLAN function, multicast packets (including broadcast packets) are not transferred between different VLANs.

The bridges BR1 to BR4 accommodate branch lines belonging to a plurality of groups, and each branch line LAN side port 1 to 4 of the bridge BR1 has a terminal device of each branch line LAN (hereinafter referred to as "LAN terminal device"). ) T1-1 to T1-4
However, LAN terminal devices T2-1 and T2-2 are connected to each branch line LAN side port 1 and 2 of the bridge BR2, and LAN terminal devices T3-1 to T3 are connected to each branch line LAN side port 1 to 3 of the bridge BR3.
-3 is each branch line LAN side port 1 to 1 of bridge BR4
LAN terminal devices T4-1 to T4-3 are respectively connected to 3.

In this embodiment, the bridge BR1
.. to BR4 are set with MAC addresses T1 to T4 and ATM addresses A1 to A4, respectively. Also, LAN
Terminal devices T1-1 to T1-4, T2-1, T2-2, T3-1 to T3-3,
For T4-1 to T4-3, the same MAC address as the above symbol T1-
1 to T1-4, T2-1, T2-2, T3-1 to T3-3, T4-1 to T4-3
Are set respectively. Also, the ATM terminal device T11
.. to T14 are directly connected to the ATM network 10 and have the same MAC addresses T11 to T14 and AT as the above symbols.
M addresses A11 to A14 are set.

These terminal devices belong to one of the groups identified by the VID and construct a VLAN group. That is, in this embodiment, the terminal devices T1-1, T2
-1, T4-1, T12, T13 belong to the VLAN whose VID is "VA", and the terminal devices T1-2, T3-1, T4-2, T12, T13 are V
The terminal belongs to the VLAN whose ID is "VB" and the terminal devices T1-3 and T3-
2, T4-3, T11, T13 belong to the VLAN whose VID is "VC", and the terminal devices T1-4, T2-2, T3-3, T13, T14 are V
It is assumed that the ID belongs to the VLAN of "VD". Therefore, the ports of each of the bridges BR1 to BR4 have a configuration corresponding to the VLAN of the group to which the connected terminal device belongs.

The server VAS / VBS is a server having the functions of an address resolution server and a broadcast server, and is directly connected to the ATM network 10. Server VAS / V
As shown in Table 1, the BS accommodates branch LANs belonging to a plurality of groups in association with the MAC addresses and ATM addresses of the bridges BR1 to BR4 and ATM terminal devices T11 to T14 directly connected to the ATM network 10. Flag bit indicating that it is a bridge (BR flag)
And the VLA to which the bridge and ATM terminal device belong
It has a first address table for registering VIDs representing N groups, and has bridges BR1 to BR4 and ATMs.
It is useful for using the terminal devices T11 to T14.

[0022]

[Table 1] It should be noted that in Table 1, + indicated by VID indicates the logical sum of the groups to which the bridges BR1 to BR4 and the ATM terminal devices T11 to T14 belong.

The server VAS / VBS is also a device having a communication function like other terminal devices, and has a predetermined MAC.
Address and ATM address are set. Also,
In this embodiment, a destination device (bridge or A) which is performed by an address resolution request frame prior to data communication.
In response to the inquiry about the ATM address of the TM terminal device), the server VAS / VBS searches the address table and can perform data communication only between the terminal devices (in the embodiment, the terminal devices in the same group) permitted to communicate. As described above, a predetermined response based on the address resolution response frame is returned to the inquiring device.

Further, in the case of the broadcast frame relay processing, the transmission source device (bridge or ATM terminal device) sends data to the server VA.
In response to the broadcast frame transmitted to the S / VBS, the server VAS / VBS searches the first address table and sends the broadcast frame to all bridges and ATM terminal devices belonging to the same VLAN as the transmission source device. Is transmitted to perform broadcast frame transfer within the group. The broadcast frame includes a frame defined by a specific address field such as a multicast frame or a broadcast frame, and an unknown destination (unknown) frame in which the ATM address is not resolved.

As described above, the server VAS / VBS has the ATM connection fixedly established with the bridge and the ATM terminal device so that it can be accessed from any group of VLANs. It should be noted that the address resolution server and the broadcast server may be configured by the server VAS / VBS physically composed of one piece of hardware as described above, or may be distributed on the ATM network 10 and separately connected. good. However, when distributed, the address resolution server and the broadcast server need to have the first address table separately.

The address resolution request frame, address resolution response frame, and broadcast frame in this embodiment are AT
A frame format of AAL5 (ATM adaptation layer 5) frame of LAN emulation standardized by M Forum is used. Regarding the above frame format, a change in the present invention is that the server and the bridge add the VID value to the address resolution request frame and the broadcast frame.

That is, as shown in the frame format of FIG. 2, the VID is set in the CPCS UU field in the CPCS PDU trailer of the AAL5 frame.
Map the values. The CPCS UU field can be used for user-to-user identification, and by using this field, the data such as the MAC address and ATM address of the transmission source or the destination is stored in the C field.
Existing AT without invading PCS PDU payload
Compatibility with the M terminal device can be maintained. In this embodiment, it is not necessary to change the LAN terminal device connected to the branch LAN.

Here, if the virtual LAN system is constructed on a large scale, the number of registration entries in the address table in the server VAS / VBS becomes enormous, and the management load of the server increases. Therefore, the server VAS /
In order to minimize the number of registration entries in the address table in the VBS, the address of the terminal device connected to the branch LAN side port of the bridge is not registered in the above table but locally registered by the table of each bridge. desirable.

In this embodiment, in each of the bridges BR1 to BR4, an address table (hereinafter referred to as "LAN address table") for locally registering the address of the terminal device connected to the branch LAN side port of the own device is used. Shall have. LA of these bridges BR1 to BR4
Since the N address table has the same structure, Table 2 shows an example of the LAN address table of the bridge BR1 as a representative here.

[0030]

[Table 2]

In this LAN address table, the MAC addresses of the terminal devices T1-1 to T1-4 and the branch line LAN side port (LAN) of the bridge BR1 to which the above terminal device is connected.
The PORT number and the VID value of the group to which the terminal device belongs are registered in association with each other.

The bridges BR1 to BR4 are ATM
It has an address table (hereinafter referred to as "ATM address table") for managing destination addresses on the network side. AT of these bridges BR1 to BR4
Since the M address table has the same structure, Table 3 shows an example of the ATM address table of the bridge BR1 as a representative.

[0033]

[Table 3] This ATM address table contains the MA of the destination terminal device.
The C address, the ATM address, the ATM connection VCI established for the destination terminal device, and the VID value of the group to which the terminal device belongs are registered in association with each other.

In the VLAN group, a predetermined management terminal device on the network sends an address table of the server VAS / VBS and an ATM address table of each bridge by means of SNMP (Simple Network Management Protocol) or the like. , VID can be registered / deleted, and the address table can be set accordingly.

Next, the communication operation of the virtual LAN system shown in FIG. 1 will be described with reference to the flowcharts of FIGS. It should be noted that communication between terminal devices is performed between ATM terminal devices, between LAN terminal devices and ATM terminal devices, and between LAN terminals.
It may be performed between terminal devices, and the broadcast frame relay process may be communication from an ATM terminal device or a LAN terminal device. Hereinafter, examples in these cases will be described.

First, as a first embodiment, when communication is performed between ATM terminal devices, for example, from the terminal device T11 to the terminal device T13, the transmission source terminal device T11 performs the communication with the destination terminal device T13 before the destination terminal device T13. It is necessary to know the ATM address of device T13. Therefore, the terminal device T11 uses the source MAC address T11 and the destination MAC address on the ATM connection to the previously established server VAS / VBS.
The address resolution request frame of the terminal device T13 including the address T13 is transmitted.

Upon receiving the address resolution request frame, the server VAS / VBS performs the reception processing operation shown in FIG. That is, the server VAS / VBS searches whether the destination MAC address T13 in the frame is registered in the first address table of Table 1 (step 101). If the destination MAC address is not registered in the first address table, another bridge (when the request source of the frame is a bridge, other bridges, or when the request source is an ATM terminal device, all bridges The address resolution request frame is transferred to the bridge) (step 102), and the reception processing operation ends. In this case, since the destination MAC address T13 is registered in the first address table, the MAC address T13
VID value “VA + VB + VC +” registered corresponding to
"VD" and the request source VID value "VC" are compared (step 1
03), it is determined whether there is a common VID value (step 104).

Here, since there is a common VID value "VC", it is determined that the communication between both terminal devices T11 and T13 is permitted, and then it is determined whether the request source flag bit is set (step). 105). When the flag bit of the request source is set, the corresponding VID is added to the address resolution response frame (step 106), and the address resolution response frame including the ATM address of the destination terminal device is sent to the request source. (Step 107).

In the case of the first embodiment, since the flag bit of the request source is not set, the server VAS / VBS does not add the VID and sets the ATM address A13 of the destination terminal device T13. An address resolution response frame containing the frame is returned to the requesting terminal device T11 (step 107). The terminal device T11 that has received the address resolution response frame can establish an ATM connection to the terminal device T13 by using the ATM address A13 and can transmit data on the ATM connection.

On the other hand, for example, from the terminal device T11 to the terminal device T
When trying to communicate with 12, the server VAS
/ VBS detects that there is no common VID from the search of the first address table in step 104, and therefore determines that communication between both terminal devices is not permitted, and does not return the address resolution response frame. Therefore, the terminal device T
An ATM connection is not established between 11 and T12, and communication cannot be performed.

Next, as a second embodiment, when communication is performed between the LAN terminal device and the ATM terminal device, for example, from the LAN terminal device T1-4 connected to the bridge BR1 to the ATM terminal device T14, from the terminal device T1-4 The bridge BR1 that received the data frame of the
The address resolution request frame of the terminal device T14 is transmitted on the ATM connection to / VBS.

When the address resolution request frame is received, the server VAS / VBS performs the same receiving processing operation as in the first embodiment, searches the first address table, and searches the VID value "VA + VB + VC + VD" of the request source bridge BR1.
And "VD" of the destination terminal device T14 are compared. In the second embodiment, since the common VID value "VD" exists, the server VAS / VBS has the bridge BR1 and the terminal device T14.
Communication of the destination terminal device T14
An address resolution response frame including the M address A14 is returned to the bridge BR1.

When the address resolution response frame is received,
The bridge BR1 registers the ATM address A14 of the destination terminal device T14 and the VID value "VD" in the ATM address table of Table 3 in order to manage the destination address on the ATM network side. Also, the ATM connection V from the obtained ATM address A14 to the terminal device T14
Establish C1-14 and send data on ATM connection VC1-14. The established ATM connection V
C1-14 is also registered in the ATM address table.

As described above, by registering the ATM address and the VID value in the ATM address table, the bridge BR1 is subsequently operated, for example, from the LAN terminal device T1-1 to the ATM.
If a transmission frame to the terminal device T14 is received, A
Since the ATM connection to the TM terminal device T14 has already been established but the destination belongs to a different VLAN group, the bridge BR1 can discard this transmission frame, and thereby useless traffic is not sent to the ATM side. I'm done.

Next, as a third embodiment, when communication is performed between the ATM terminal device and the LAN terminal device, for example, from the ATM terminal device T11 to the LAN terminal device T4-3 connected to the bridge BR4, the transmission source terminal device T11 is , Server VAS / VBS
To the LAN terminal device T4-3, an address resolution request frame is transmitted. Upon receiving the address resolution request frame, the server VAS / VBS performs the same processing as in the above embodiment.
The first address table is searched. However, since the address of the LAN terminal device T4-3 is not registered in the table, the address resolution request frame is sent to other than the request source bridge BR1 connected to the ATM network 10. Transfer to the other bridges BR2 to BR4 (see step 102 in FIG. 3).

The above-mentioned other bridges use the same LAN address table and ATM as the tables shown in Tables 2 and 3.
The bridge, which has an address table, receives the above-mentioned transferred address resolution request frame, searches the LAN address table of its own device, and determines whether or not the destination terminal device is registered. In the third embodiment, the LAN terminal device T that is the inquiry target
Only the bridge BR4 in which the address 4-3 is registered is
The VID value "VC" of the terminal device T4-3 is added to the address resolution response frame including the ATM address A4 of the own device and returned to the server VAS / VBS.

Upon receiving the address resolution response frame, the server VAS / VBS performs the reception processing operation shown in FIG. That is, the server VAS / VBS has the requesting terminal device T11 registered in the first address table.
Is compared with the VID value "VC" of the destination terminal device T4-3 added to the address resolution response frame (step 201), and it is determined whether or not there is a common VID value (step 202). ).

If there is no common VID value, the server VAS / VBS ends the above-mentioned reception processing operation. However, in this third embodiment, since there is a common VID value "VC", both terminal devices. It is judged that the communication is permitted. Then, it is determined whether or not the request source flag bit is set (step 203). Here, the terminal device T11
Since the flag bit of the above is not set, the VID of the address resolution response frame is deleted (step 2
04), the address resolution response frame including the ATM address A4 is returned to the requesting terminal device T11 (step 20).
5).

The terminal device T11 having received the address resolution response frame uses the bridge address BR4 by using the ATM address A4.
Can establish an ATM connection to and send a data frame over the ATM connection.
Further, the bridge BR4 searches the LAN address table of its own device when receiving the above-mentioned data frame, and
The data frame can be relayed to the connected port 3 of the terminal device T4-3.

Next, as a fourth embodiment, between LAN terminal devices, for example, LAN terminal device T1-1 connected to bridge BR1 to LAN terminal device T connected to bridge BR4.
When communicating with 4-1, the bridge BR1 that has received the data frame from the LAN terminal device T1-1 transmits the address resolution request frame of the terminal device T4-1 to the server VAS / VBS, as in the second embodiment. To do.

When the address resolution request frame is received, the server VAS / VBS receives the first address, as in the third embodiment.
Since the address of the LAN terminal device T4-1 is not registered in the address table of, the address resolution request frame is transferred to another bridge. The bridge BR4, which has received the transferred address resolution request frame,
It searches the LAN address table of its own device and
The server VAS by adding the VID value "VA" of the terminal device T4-1 to the address resolution response frame including the TM address A4.
/ Return to VBS.

The server VAS / VBS having received the address resolution response frame, the VID value "VA + V" of the request source bridge BR1 registered in the first address table.
B + VC + VD "is compared with the VID value" VA "of the destination terminal device T4-1 added to the address resolution response frame. In this case, the server VAS / VBS has a common VID
Since the value "VA" exists, it is determined that the communication between the two terminal devices T1-1 and T4-1 is permitted, and the address resolution response frame sent from the bridge BR4 is transferred to the bridge BR1.

Upon receiving the address resolution response frame, the bridge BR1 registers the ATM address A4 corresponding to the destination terminal device T4-1 and the VID value "VA" in the ATM address table. Also, the ATM connection V from the obtained ATM address A4 to the bridge BR4
C1-4 is established, and the data frame received from the terminal device T1-1 is relayed on the ATM connection VC1-4. Note that the established ATM connections VC1-4 are also ATM
Registered in the address table.

The bridge BR4 searches its own LAN address table when receiving the above data frame, and sets L
The data frame can be relayed to the connected port 1 of the AN terminal device T4-1. In addition, once A
Data transmission to the destination terminal device registered in the TM address table can be used unless registration in the table is deleted, and the above procedure for address resolution need not be performed again.

Next, the relay processing operation of the broadcast frame will be described. First, as a fifth embodiment, an ATM terminal device,
For example, when the terminal device T12 transmits a broadcast frame, the transmission source terminal device T12 uses the previously established server VAS.
/ Send the broadcast frame on the ATM connection to VBS. Upon receiving the broadcast frame, the server VAS / VBS performs the relay processing operation shown in FIG. That is, the server VAS / VBS searches the first address table and determines whether the flag bit is set from the source MAC address T12 in the frame (step 301).

Here, when the flag bit is set, the source VID added in the broadcast frame is identified (step 302), but in the fifth embodiment, the flag bit is set. No, so the first
Of the source VID, that is, the VLAN group "VA + VB" to which the terminal device T12 belongs (step 303), and an ATM terminal device or bridge which belongs to these groups and has a common VID is searched (step 304). ). In this embodiment, all the bridges BR1 to BR4 accommodate branch LANs belonging to the "VA" or "VB" group, and in the ATM terminal device, only the terminal device T13 belongs to the above group.

Next, the server VAS / VBS searches the first address table and transfers it to the transfer destination, that is, the bridge B.
It is determined whether the flag bits of R1 to BR4 or the terminal device T13 are set (step 305). Here, the server VAS / VBS, for the bridges BR1 to BR4 in which the flag bit of the table is set, the VID of the source terminal device T12 in the broadcast frame.
"VA + VB" is added and relayed (step 306).
For relaying, a point-to-point ATM connection established beforehand between the server and each bridge may be used, or it may be established beforehand between the server and all bridges in the ATM network. A point-to-multipoint ATM connection may be used (when the latter ATM connection is used, it is always broadcast to all bridges).

Further, the server VAS / VBS, for the terminal device T13 in which the flag bit in the table is cleared, transmits the V of the source terminal device T12 in the broadcast frame.
Relay is performed using a pre-established point-to-point ATM connection without adding the ID "VA + VB". The bridge which has received the relayed broadcast frame searches the LAN address table based on the VID added to the broadcast frame, and transmits the broadcast frame only to the LAN terminal device belonging to the VID. That is, referring to FIG. 1, in the bridge BR1, the terminal devices T1-1 and T1 connected to the branch LAN side ports 1 and 2 are connected.
Only for -2, for the bridge BR2, only for the terminal device T2-1 connected to the branch line LAN side port 1, and for the bridge BR3, for the terminal device T3-1 connected to the branch line LAN side port 1. In addition, in the bridge BR4, the terminal device T4-1, which is connected to the branch LAN side ports 1 and 2,
The broadcast frame is relayed only to T4-2.

Next, as a sixth embodiment, a LAN terminal device,
For example, a LAN terminal device T3-3 connected to the bridge BR3
When the broadcast frame is transmitted by the bridge BR3, the bridge BR3 receiving the broadcast frame searches its own LAN address table, and the branch line L to which the terminal device T3-3 is connected.
Detect VID "VD" of AN. And bridge B
R3 adds the detected VID "VD" to the broadcast frame and sends it to the server VAS / VBS.

When the broadcast frame is received, the server V
As in the fifth embodiment, the AS / VBS detects that the flag bit is set in the first address table and detects the source VID added to the broadcast frame.
From the first address table, the bridges BR1, BR2 and ATM belonging to the group "VD" are recognized from the first address table.
The terminal devices T13 and T14 are identified.

Next, the server VAS / VBS adds the transmission source VID "VD" to the broadcast frame for the bridges BR1 and BR2 in which the flag bit of the first address table is set, and For the terminal devices T13 and T14 whose flag bits in the table are cleared, the broadcast frame is relayed without adding the transmission source VID.

The bridges BR1 and BR2 that have received the relayed broadcast frame search the LAN address table based on the VID added to the broadcast frame,
The broadcast frame is relayed only to the LAN terminal devices T1-4 and T2-2 belonging to the ID. Therefore, in this embodiment, it is possible to connect the ATM terminal devices or bridges belonging to a plurality of groups on the ATM network, and all the ATM terminal devices or bridges on the network are group-managed under the control of the server. For conventional ELAN
Since the number of parameters to be managed on the terminal side is smaller than that of the method using, the load of group management on bridges or ATM terminal devices belonging to a plurality of groups can be reduced.

In this embodiment, a pair of address resolution server and broadcast server are used, and the server and each ATM are used.
Since the management of connections established between terminal devices and bridges becomes easy, resources such as address resolution servers and broadcast servers on the network side should be minimized, and efficient connection establishment and bandwidth use should be ensured. It can be carried out.

Further, in this embodiment, the physically same A
In the case of communication between the TM terminal device and the bridge, it is only necessary to establish a single connection using the signaling process, and the communication is performed only on the above connection.
It is possible to maintain the interoperability with the existing terminal device without causing the conventional terminal device to perform special processing. It should be noted that the present invention is not limited to the above embodiment, and it is also possible to register the address of the LAN terminal device connected to the branch line LAN in the first address table of the server. The server does not need to transfer the address resolution request frame to the bridge, and the server can manage groups of all terminals on the network.

Further, in the present invention, it is possible to assign a plurality of VLAN groups to one port of the bridge in an overlapping manner, and it is also possible to connect a plurality of terminal devices to one port. In this embodiment,
Although the VLANs are logically independent, the present invention is not limited to this, and it is also possible to set communication between specific VLANs.

[0066]

As described above, according to the present invention, the first
A relay device having a plurality of ports to which each terminal device is connected and a bridge function and a second terminal device are directly connected through a trunk network, and each port of the relay device and the second terminal device are grouped. In a system for separately setting a virtual network and performing data communication between a transmission source terminal device and a terminal device permitted to communicate, address information of the relay device and the second terminal device,
Correlating at least one group identification information to which the relay device and the second terminal device belong and bit information indicating that the belonging group is a relay device to which a plurality of different first terminal devices are connected. First to remember
A memory response unit having an address storage unit is connected to the trunk network, and in response to an inquiry of a destination network address performed prior to the data communication,
Since the storage response means returns a predetermined response to the device that made the inquiry so that the first address storage unit is searched and data communication can be performed only between the terminal devices for which the communication is permitted, a plurality of groups are transmitted. Bridge or AT belonging to
The load of group management in the M terminal device can be reduced, and the interoperability with the existing terminal device can be maintained without causing the conventional terminal device to perform special processing.

According to a fourth aspect, in response to an inquiry of a destination network address which is not stored in the first address storage unit, the storage response means is a relay device and a second terminal device other than the device that made the inquiry. The second device stores the inquiry, and the relay device stores the MAC address of the first terminal device connected to the relay device and the group identification information to which the first terminal device belongs in association with each other. A plurality of units, the second address storage unit is searched for an inquiry about the address of the first terminal device, and a predetermined response including group identification information corresponding to the address is returned to the storage response unit. It is possible to reduce the load of group management in the bridge belonging to the group.

According to a fifth aspect, the relay device that has made the inquiry stores the network address of the destination obtained by the predetermined response from the storage response means and the group identification information to which the destination belongs in association with each other. The third address storage unit is searched for the destination of the transmission frame from the first terminal device having three address storage units and connected to the own device, and the group to which the destination belongs and the first terminal device belong to Only when communication between groups is permitted, the transmission frame is sent to the trunk network, so that the load of group management in bridges belonging to a plurality of groups can be reduced.

In the sixth and ninth aspects, when the storage response means or the broadcast means receives a frame to be broadcast, the search result of the first address storage section or the group identifier added to the broadcast frame. Determines the group to which the transmission source belongs, and only when communication is permitted between the groups to which the transmission source belongs, the broadcast frame is transmitted to the relay device or the second terminal device of the group added to the destination. Since the transfer is performed, resources such as an address resolution server and a broadcast server on the network side can be minimized, and efficient connection establishment and band utilization can be performed.

In the eighth and twelfth aspects, the relay device searches the second address storage section for the broadcast frame from the first terminal device connected to the own device, and the first terminal device The broadcast frame to which the group identification information to which it belongs is sent to the storage response means, and the broadcast frame transferred from the storage response means is based on the group identification information added to the broadcast frame. By searching the second address storage unit and relaying the broadcast frame only to the first terminal device belonging to the group, efficient connection establishment and band utilization can be performed.

[Brief description of drawings]

FIG. 1 is a configuration diagram showing a configuration of an embodiment of a virtual LAN system using a virtual network management method according to the present invention.

FIG. 2 is a frame format showing a structure of a frame used in the system of FIG.

FIG. 3 is a flowchart for explaining an operation of the server shown in FIG. 1 when receiving an address resolution request frame.

FIG. 4 is a flowchart for explaining the operation of the server when receiving an address resolution response frame.

FIG. 5 is a flowchart for explaining the operation of the server when receiving a broadcast frame.

[Explanation of symbols]

10 ATM network VAS / ABS server BR1 to BR4 bridge T11 to T14 ATM terminal device T1-1 to T1-4, T2-1, T2-2, T3-1 to T3-3, T4-1 to
T4-3 LAN terminal device

Claims (12)

[Claims] 1. A relay device having a bridge function and a plurality of ports to which a first terminal device is respectively connected, and a second terminal device are directly connected via a trunk network, and each port of the relay device and In a system in which the second terminal device is divided into groups to set a virtual network and data communication is performed between the transmission source terminal device and the terminal device permitted to communicate, address information of the relay device and the second terminal device, Correlating at least one group identification information to which the relay device and the second terminal device belong and bit information indicating that the belonging group is a relay device to which a plurality of different first terminal devices are connected. A storage response unit having a first address storage unit for storing is connected to the trunk network, and is connected prior to the data communication. To queries network address of the destination to the memory response means,
A virtual network construction method, wherein a predetermined response is returned to the device that made the inquiry so that data communication can be performed only between the terminal devices that are allowed to communicate by searching the first address storage unit. 2. The trunk network is an ATM network, and the network address is ATM.
The address information stored in the first address storage unit is an M address of the relay device and the second terminal device.
The virtual network construction method according to claim 1, comprising an AC address and an ATM address corresponding to the MAC address. 3. The storage response means stores the group identification information corresponding to the address of the device that made the inquiry.
Only when communication is permitted between the group to which the device making the inquiry belongs and the group to which the destination device of the inquiry belongs are searched from the first address storage unit, and the predetermined response is sent to the inquiry. The method for constructing a virtual network according to claim 1, wherein the method is returned to the device that performed the virtual network. 4. In response to an inquiry about a network address of a destination not stored in the first address storage unit, the storage response means causes the relay device and the second terminal device other than the device that made the inquiry to: The relay device transfers the inquiry, and the relay device stores the MAC address of each first terminal device connected to the relay device and the group identification information to which each first terminal device belongs in association with each other. In response to an inquiry about the address of the first terminal device, the second address storage unit is searched, and a predetermined response including group identification information corresponding to the corresponding address is returned to the storage response unit. The virtual network construction method according to claim 1 or 3. 5. The third address storage in which the relay device that has made the inquiry stores the network address of the destination obtained by the predetermined response from the storage response means and the group identification information to which the destination belongs in association with each other. Between the group to which the destination belongs and the group to which the first terminal device belongs, by searching the third address storage unit for the destination of the transmission frame from the first terminal device connected to the own device. The transmission frame is transmitted to the trunk network only when communication is permitted.
Or the virtual network construction method described in 3. 6. The storage response means, when receiving a frame to be broadcast, determines the group to which the transmission source belongs from the search result of the first address storage unit or the group identifier added to the broadcast frame. However, the broadcast frame is transferred to the relay device or the second terminal device of the group added to the destination only when communication is permitted between the groups to which the transmission source belongs. ，
The virtual network construction method according to 3 or 4. 7. The storage response means, when transferring the broadcast frame, searches the first address storage unit, and the transfer destination of the broadcast frame is a plurality of destinations to which at least one group to which the broadcast frame belongs belongs. 7. The virtual network construction method according to claim 4, wherein when one terminal device is a relay device, the group identification information of the transmission source is added to the broadcast frame and transferred. 8. The relay device searches the second address storage unit for a broadcast frame from a first terminal device connected to the relay device, and obtains group identification information to which the first terminal device belongs. The added broadcast frame is sent to the storage response means, and for the broadcast frame transferred from the storage response means, the second frame is transmitted based on the group identification information added to the broadcast frame. 8. The virtual network construction method according to claim 4, 6 or 7, wherein the address storage unit is searched and the broadcast frame is relayed only to the first terminal device belonging to the group. 9. A relay device having a bridge function and a plurality of ports to which the first terminal device is respectively connected, and a second terminal device are directly connected via a trunk network, and each port of the relay device and In a system in which a second terminal device is divided into groups to set a virtual network and data communication is performed between a transmission source terminal device and a terminal device permitted to communicate, address information of the relay device and the second terminal device, The at least one group identification information to which the relay device and the second terminal device belong and the bit information indicating that the belonging group is a relay device to which a plurality of first terminal devices different from each other are connected are stored in association with each other. A broadcast unit having a first address storage unit for connecting to the trunk network, and the broadcast unit is a frame to be broadcast. If you receive,
The group to which the transmission source belongs is determined from the search result of the first address storage unit or the group identifier added to the broadcast frame, and the communication is permitted only when communication is permitted between the groups to which the transmission source belongs. A method for constructing a virtual network, characterized in that the information frame is transferred to a relay device or a second terminal device of a group added to the destination. 10. The trunk network is an ATM network, and the network address is AT.
The address information stored in the first address storage unit, which is composed of an M address, includes MAC addresses of the relay device and the second terminal device, and an ATM corresponding to the MAC address.
The virtual network construction method according to claim 9, wherein the virtual network construction method comprises an address. 11. When transferring the broadcast frame, the broadcast means searches the first address storage unit, and the transfer destination of the broadcast frame is a plurality of destinations to which at least one group to which the broadcast frame belongs is different. 10. The virtual network construction method according to claim 9, wherein when one terminal device is a relay device, the group identification information of the transmission source is added to the broadcast frame and transferred. 12. The second relay device stores the MAC address of each first terminal device connected to the relay device and group identification information to which the first terminal device belongs in association with each other.
The second address storage unit is searched for the broadcast frame from the first terminal device having an address storage unit and connected to the own device, and the group identification information to which the first terminal device belongs is added. The broadcast address frame is sent to the storage response means, and for the broadcast frame transferred from the storage response means, the second address storage unit is based on the group identification information added to the broadcast frame. The virtual network construction method according to claim 9 or 11, wherein the broadcast frame is relayed to only the first terminal device belonging to the group.