WO2006094440A1 - A method of virtual local area network exchange and the network device thereof - Google Patents

A method of virtual local area network exchange and the network device thereof Download PDF

Info

Publication number
WO2006094440A1
WO2006094440A1 PCT/CN2005/002067 CN2005002067W WO2006094440A1 WO 2006094440 A1 WO2006094440 A1 WO 2006094440A1 CN 2005002067 W CN2005002067 W CN 2005002067W WO 2006094440 A1 WO2006094440 A1 WO 2006094440A1
Authority
WO
WIPO (PCT)
Prior art keywords
vlan
vpn
information
switching
network
Prior art date
Application number
PCT/CN2005/002067
Other languages
French (fr)
Chinese (zh)
Inventor
Yang Yu
Wei Wang
Haitao Zhang
Jianfeng Liu
Guoqiang Zhuang
Jianfeng Zhang
Kuncheng Peng
Shengwen Lu
Gang Cao
Xiao Li
Original Assignee
Hangzhou H3C Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from CNB2005100513520A external-priority patent/CN100428737C/en
Priority claimed from CNB2005100564166A external-priority patent/CN100446503C/en
Priority claimed from CNB200510056722XA external-priority patent/CN100413281C/en
Priority claimed from CNB200510069487XA external-priority patent/CN100358322C/en
Application filed by Hangzhou H3C Technologies Co., Ltd. filed Critical Hangzhou H3C Technologies Co., Ltd.
Publication of WO2006094440A1 publication Critical patent/WO2006094440A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • H04L12/4675Dynamic sharing of VLAN information amongst network nodes

Definitions

  • the present invention relates to the field of network communication technologies, and in particular, to a method for virtual LAN exchange and a network to device. Background technique
  • VLAN Virtual Local Area Network
  • a VLAN forms a logical subnet, that is, a logical broadcast domain, which can cover multiple network devices and allows network users in different geographical locations to join a logical subnet.
  • the division of VLANs can be based on different principles. There are three main types:
  • Port-based VLAN partitioning which divides several ports on one or more switches into one logical group.
  • the MAC address refers to the identifier of the network card.
  • the MAC address of each network card is unique and is fixed on the network card.
  • Route-based VLAN division The routing protocol works at the network layer.
  • the corresponding working devices are routers and routing switches (ie, Layer 3 switches). This approach allows one VLAN to span multiple switches, or one port to be in multiple VLANs.
  • VLANs Although the devices connected to the VLANs come from different network segments, they can communicate directly with each other as if they are in the same network segment. Because VLANs reverse-separate devices rather than physically into network segments, they provide flexible user/host management, bandwidth allocation, and resource optimization.
  • a LAN in the same physical form can be divided into multiple VLANs (Virtual Local Area Network). Each VLAN cannot be directly accessed and can only be accessed through a routing device. This improves network security and reliability.
  • VLANs Virtual Local Area Network
  • VPN Virtual Private Networks
  • Layer 2 VPN technologies include V-switch technology (VLAN switching technology, a technology that uses VLAN tag switching for forwarding) and QinQ technology (two-layer IEEE 802.1Q label encapsulation technology, that is, on a data packet.
  • V-switch technology VLAN switching technology, a technology that uses VLAN tag switching for forwarding
  • QinQ technology two-layer IEEE 802.1Q label encapsulation technology, that is, on a data packet.
  • Two-layer VLAN tag also known as 802.1 Q tunneling technology
  • MPLS Multi-Protocol Label Switch
  • V-switch technology is a simple VPN technology, the basic principle of its implementation.
  • the management is implemented by directly switching one or two layers of VLAN tags of an ingress Ethernet data frame to corresponding VLAN tags of the egress port.
  • the Layer 2 switching device exchanges one or two layers of VLAN tags belonging to a specific VPN carried by the data frames coming in from the ingress port into a new layer or two of another local area network belonging to the specific VPN.
  • Layer VLAN tags are then sent out from the output port, so that LANs with different VLAN tags in different regions form a large VPN network.
  • V-switch to implement VPN has the following disadvantages: (1) It can only implement point-to-point VPN; (2) It needs manual configuration to implement multi-hop traversal of operators, so that when multiple carriers need to cross If the device is configured, it needs to be configured on each device. After the configuration is completed at the carrier's network portal, it can be self-routing. (3) The VPN user service is not exchanged, that is, the VPN user is not used. MAC address learning and MAC address forwarding.
  • the 802.1Q standard addresses the problem of how large networks can be divided into smaller parts.
  • the 802.1Q-enabled switch ports can be configured to transport tagged or unlabeled frames.
  • a tag field containing VLAN information can be inserted into the Ethernet frame. If a port has an 802.1Q-capable device (such as another switch) connected, these tag frames can carry VLAN membership information between switches.
  • the tag control information field TCI includes a user priority (User Priority), a Canonical Format Indicator, and a VLAN ID.
  • QinQ Double Tag
  • QinQ technology (a technology that uses two layers of IEEE 802.1Q tags for encapsulation, which is a two-layer VLAN tag on a data packet, also known as 802.1Q tunneling technology) is another type of VPN technology that uses L2 layer technology.
  • the two-layer IEEE 802.1Q standard label encapsulation technology encapsulates a public network VLAN tag in addition to the private network VLAN tag, so that the private network VLAN can be transparently transmitted from the public network to other private networks that need to be connected. Because it does not require additional signaling support, it can implement a simple VPN function, and can form a large VPLS (Virtual Private LAN Service) in a local area network (LAN). So it is very simple and convenient.
  • VPLS Virtual Private LAN Service
  • VLAN planning is required for the entire VPLS when planning the network.
  • such a plan requires not only professionals to complete, but also greatly inconveniences the networking of the entire network, which may affect the development of the business; in addition, due to configuration changes, new errors may be introduced in the network. It is very difficult for users to accept.
  • the MPLS-based VPN technology is implemented using MPLS labels.
  • mainstream technologies for MPLS-based Layer 2 VPNs include point-to-point VPN (VLL, Virtual Leased Private Line) technology and point-to-multipoint VPN (VPLS, Virtual Private LAN Service) technology.
  • VLL Virtual Leased Private Line
  • VPLS Virtual Private LAN Service
  • MPLS-based VLL Virtual Leased Line
  • the data frame of the user service is transmitted in the normal Ethernet data frame of the CE (the consumer edge device).
  • the PE Provider Edge, Vendor Edge
  • the PE is based on the user VLAN information.
  • the destination MAC address is searched for the forwarding table, a double-layer MPLS label is obtained.
  • the destination MAC address and VLAN information of the next hop are obtained, and then encapsulated and sent from the corresponding sending port of the device to the peer end.
  • PE equipment Table 1 below shows the user's normal data frame, and Table 2 shows the MPLS data frame.
  • the PE device After the MPLS encapsulated data packet is sent to the peer PE device, the PE device removes the label of the two layers of MPLS, and obtains the final outgoing port information of the VPN user service on the device from the inner layer label of the two layers of the MPLS label.
  • the Layer 2 Ethernet data frame of the user VPN is sent out from the corresponding physical port intact.
  • MPLS-based VPN technology requires that the device must support MPLS labels, which puts higher requirements on the device.
  • MPLS labels require users to mark the same service within the same VPN.
  • the tags must be globally unified and cannot be different.
  • the location of the location (meaning different outlets of the device) and the VLAN value in the form of service flags are different, which in turn brings difficulties to the VPN network implementation.
  • the VPN logo and the internal service logo of the VPN are configured by the operator and the enterprise customer, Cannot be completed by one party.
  • the user VPN service from a CE access point of a VPN user is based on the Layer 2 destination MAC information of the service.
  • there are multiple destination CEs to choose from that is, each CE is connected to multiple CE points, and can communicate with hosts under multiple VPN users under multiple CE points.
  • Table 3 shows the normal data frames for the user and Table 4 shows the MPLS data frames.
  • the point-to-multipoint VPLS VPN is the same process as the point-to-point VLL VPN encapsulation. That is to say, at the source PE device, the incoming Layer 2 Ether is coming.
  • the network data frame encapsulates two layers of MPLS labels and sends them to the peer PE device.
  • the PE device strips the two layers of MPLS labels and obtains the destination physical port information from the corresponding physical port based on the information carried in the MPLS label.
  • the user's Layer 2 Ethernet information and VLAN information cannot be changed during the entire forwarding process because the information is the VPN user's information.
  • the provider or operator of the service should only be responsible for providing the communication channel of the Layer 2 connectivity, but not the user. Any information. This is the original intention and purpose of the MPLS Layer 2 VPN solution.
  • the Layer 2 VLAN information in some environments is added by the Layer 2 VPN service provider or the carrier itself.
  • the carrier either provides a physical port to the VPN user or the existing VLAN of the user.
  • Adding a layer of VLA information on top of the information In short, there are more and more common applications where operators can control one or two layers of VLAN information. In this case, all VLA information is still used. Treated and treated as information of VPN users, it will bring a lot of unreasonable and inconvenient VPN deployment in the application.
  • interworking between VLANs can only be achieved by configuring Layer 3 (Protocol Layer) routing.
  • Layer 3 Virtual Private Network
  • a Layer 3 VPN technology is usually adopted.
  • MPLS L3 VPN 3-layer VPN based on multi-protocol label switching
  • Equipment has higher performance, increasing equipment costs and maintenance costs.
  • This scheme is not limited by geography and network.
  • the backbone network is required to support MPLS. It is too complicated for the metropolitan area network with Ethernet networking; and the interoperability and flexibility of Layer 3 interworking is not as good as that of Layer 2 (link layer).
  • VLAN conversion technology which converts the incoming VLAN into another VLAN, which is mainly used for converting the public network VLAN ID and the private network VLAN ID.
  • the feature is to configure the VLAN ID conversion attribute on the ingress port. For example, on port 2, VLAN 2 is converted to VLAN 200, so when VLAN 2 reaches port 2, it is converted to VLAN 200.
  • This type of conversion requires that the converted VLAN ID must be the public network VLAN ID, which occupies the VLAN ID resource of the switch itself. It only supports the conversion of one VLAN ID. It does not support the conversion of multiple VLAN IDs.
  • the feature is to convert the VLAN ID. A VLAN ID of a private network can only be converted into a public network VLAN ID, which realizes one-to-one conversion and lacks flexibility. Summary of the invention
  • the technical problem to be solved by the present invention is to provide a method for multi-layer virtual local area network switching and a network device to overcome the disadvantages of low efficiency and complicated equipment in the prior art for implementing VLAN interworking, and flexible implementation of multi-point and multi-layer virtual local area networks. Automatic exchange between.
  • the present invention provides the following technical solution: a method for virtual local area network switching, including the steps:
  • the exchange related information includes a VPN ID, a VPN ID and an outgoing physical port, public network VLAN information, data frame identification information, a switching domain identifier, a switching domain identifier, and a destination MAC address.
  • the VPN ID or VLAN information is carried in an MPLS label.
  • the switching domain identifier is obtained according to a data frame query configuration table.
  • the present invention also provides a method for switching a virtual local area network, which is used to transparently transmit a VLAN of a private network from a public network to another private network that needs to be connected.
  • the public network includes at least one network device ingress port and one network device out. Port, including steps:
  • mapping described in step 21) specifically includes:
  • the user VLAN tag carried in the replacement data frame is a VPN ID.
  • the mapping in step 23) specifically includes: 41) a mapping table configured on an egress port of the network device, such that the VPN ID and the egress port number correspond to the VLAN tag used by the VPN user;
  • the egress port of the network device After receiving the data frame carrying the VPN ID, the egress port of the network device queries the mapping table.
  • the VPN ID carried in the replacement data frame is a user VLAN tag.
  • the VPN ID is a new one or two layer VLAN tag.
  • the present invention also provides a method for virtual local area network switching, which is based on an existing MPLS-based Layer 2 VPN wide area network, where the network includes at least one source PE (office) device and a pair of end PEs (office) ) equipment, including steps:
  • the source PE device After receiving the Layer 2 data frame with the VLAN information, the source PE device obtains the VPN ID by using the mapping relationship between the VLAN and the VPN; The forwarding of the destination MAC address is performed by using the ID of the VPN, and the information of the destination PE and the information of the MPLS two-layer label are encapsulated.
  • the peer PE device After receiving the encapsulated Layer 2 data frame, the peer PE device changes the encapsulated VLAN information and forwards the packet through the mapping relationship between the VPN ID and the VLAN.
  • the MPLS two-layer label is further encapsulated on the layer 2 data frame.
  • the VLAN information carried by the Layer 2 Ethernet data frame is original VLAN information or VPN ID information, according to a specific transmission environment.
  • the peer PE device before changing the encapsulated VLAN information, the peer PE device further needs to use the VPN ID and the destination MAC address information to find the forwarding destination physical port on the peer PE device; According to the physical port information, the mapping table of the VPN I to the VLAN under the physical port is obtained, and the VLAN information that needs to be encapsulated when the port is output is obtained, and is encapsulated and sent from the corresponding physical port.
  • the VLAN information carried by the encapsulated Layer 2 Ethernet data frame may be one layer or two layers.
  • the source PE device further learns the source MAC address by using the VPN ID, and learns the corresponding MAC address to the corresponding port of the VPN user under the source PE device.
  • the peer PE device further learns the corresponding source MAC address under the corresponding corresponding remote PE according to the VPN ID information and the source information of the MPLS label switching path.
  • the invention also provides a method for virtual local area network exchange, comprising the steps of:
  • VLAN switching path forwarding table configuring a VLAN switching path forwarding table on the VLAN switching device, where the VLAN switching path forwarding table includes VLAN information of all switching domains participating in the switching;
  • the step 163) specifically includes:
  • the step 163) is specifically:
  • the method further comprises: stripping the multi-layer VLAN tag of the input data packet.
  • the step 164) includes:
  • the encapsulated input data packets are respectively forwarded through the corresponding exit path.
  • the method further comprises the steps of:
  • the step 162) includes:
  • the multi-layer VLAN tag of the input data packet and the ingress port query the VLAN switching path table to obtain the corresponding switching domain identifier.
  • the VLAN switching path table is queried according to the multi-layer VLAN tag of the input data packet, and the corresponding switching domain identifier is obtained.
  • the step 162) further includes:
  • the VLAN tags in the VLAN switching path table are preferentially matched according to the label depth priority or in the configuration order.
  • the invention also provides a method for virtual local area network exchange, comprising the steps of:
  • the QinQ VLAN exchange table includes a public network VLAN ID, an outbound port number, a private network VLAN ID, and a switched private network VLAN ID information, or a public network VPN identifier, an outbound port number, a private network VLAN ID, and The VLAN ID of the new private network after the exchange, or the public network VLAN ID, the outbound port number, the MAC address, the user address, and the exchanged VLAN ID information.
  • the QinQ VLAN switch table is uniformly configured in the switching device, or the table is split into one table configured on each port.
  • the QinQ VLAN exchange table is queried by the stripped outer public network VLAN ID + the outbound port number + the private network VLAN ID, and a new private network VLAN ID is obtained.
  • the outer public network VLAN refers to the outermost public network VLAN.
  • the present invention also provides a network device, which is applied at the edge of an operator to provide services for VPN users, and includes:
  • a forwarding module configured to forward the data frame from the corresponding port according to the internal forwarding table
  • a storage unit configured to store a mapping relationship between the user information and the local user VLAN;
  • the conversion module acquires user information in the data frame of the operator network, and updates the current user VLAN information in the data frame according to the mapping relationship, so as to carry the local
  • the user VLAN information is sent to the forwarding module for processing; or the local user VLAN information in the data frame from the user is obtained, and the data frame is updated according to the mapping relationship to carry the user information, and then submitted to the forwarding module for processing.
  • the user information is included in an MPLS label of the data frame or included in a carrier VLAN tag of the data frame.
  • the VLAN carried by the user is double-layered.
  • the present invention also provides a virtual local area network switching method, which is applied to an edge device of an operator, and includes the following steps:
  • the VLAN is replaced with the VLAN of the user recorded on the device and then forwarded to the user.
  • the user information is in an operator VLAN or an MPLS label.
  • the beneficial effects of the present invention are as follows: Since the correspondence between the exchange information and the VLAN information is configured in the network device, the data frame is updated according to the corresponding relationship, thereby improving the VLAN interworking. Time efficiency, flexible implementation of automatic exchange between multi-point, multi-layer virtual LAN.
  • the method for configuring the mapping table on the ingress port and the egress port respectively can change the value of the user VLAN tag, so that the user service category inside a VPN is marked on different physical ports (corresponding to different physical locations).
  • Different representations and centralized configuration on only one device simplify network deployment.
  • the point-to-multipoint VPN method provided by the solution does not require the use of a switch with MPLS function, and can be applied to many current low-end and mid-range devices, thereby greatly reducing the cost of the network operator.
  • VPN ID can be represented by mapping two layers of VLAN tags in the Layer 2 data frame
  • 4K*4K VPNs can be implemented, which greatly expands the number of VPNs and improves the number of VPN users. support.
  • the carrier is added to the Layer 2 Ethernet.
  • the control of the VLAN information in the network data frame so that the type of VPN service required by the local party to be configured separately can be completed without the cooperation of the other party (user), thus making the deployment of the VPN more convenient and flexible.
  • the correspondence between the switching domain identifier and the multi-layer VLAN tag and the port is established, so that different paths in the same switching domain can implement Layer 2 interworking, and are exchanged.
  • a VLAN does not occupy the VLAN resources of the device itself. That is, the number of VLANs to be accessed is not limited by the 4094 VLAN resources of the VLAN switching device.
  • the VPN operation can be easily implemented, and the VPN configuration mode can be flexibly designated without the VLAN planning of the VPN in advance, so that the operator can perform VLAN division according to different regions according to its own plan, without the configuration text of the existing network. Any tampering, convenient VPN networking.
  • the table includes the VLAN information that is involved in the exchange in all switching domains: the switching domain identifier, the MAC address, the VLAN label, and possibly the port number.
  • MAC address learning through the multi-layer VLAN tag based on the ingress can not only learn the MAC address and port, but also learn the VLAN tag of the corresponding egress, so as to realize automatic exchange between multiple points and different layers of VLANs on the 2nd layer. Improve the connection efficiency between VLANs.
  • the QinQ VLAN switching table effectively solves the problem that the user networks with different VLAN IDs cannot communicate flexibly, and the VLANs of different regions can be configured to form a large VPN network through QinQ technology instead of You need to make any changes to the network configuration, and the private network in different areas can independently plan its own VLAN.
  • the planning is simple and the networking is flexible.
  • FIG. 1 is a schematic diagram of an internal hardware structure of a device embodying the present invention
  • Figure 2 is a schematic illustration of a typical environment to which the second embodiment of the method of the present invention is applied;
  • Figure 3 is a flow chart of a second embodiment of the method of the present invention.
  • FIG. 4 is a flowchart showing an implementation of a third embodiment of the method of the present invention.
  • FIG. 5 is a flow chart of querying and learning an exit path in a third embodiment of the method of the present invention.
  • FIG. 6 is a schematic diagram of VLAN networking
  • FIG. 7 is a flowchart of a process of receiving data forwarding in the VLAN network shown in FIG. 6.
  • FIG. 8 is a flowchart of a process of forwarding data in the VLAN network shown in FIG. 6.
  • FIG. 9 is a third embodiment of the present invention in a VPN network. Schematic diagram of the application. detailed description
  • the typical implementation steps include three steps of the operator network ingress port processing, the carrier network internal forwarding, and the operator network out port processing.
  • the carrier network here can be any network with Layer 2 VPN function.
  • the ingress port and the egress port of the network operator may be physical ports on different network devices in the same network, or different physical ports on the same network device in the same network, or even the same network device in the same network.
  • the network device here is usually a switch or router.
  • a table is added to complete the identification of the VPN user and the replacement of the VLAN tag.
  • the input to this table is the ingress port of the user VPN data frame and the one or two layers of VLAN tags it carries.
  • the output after the lookup table is another layer or two layers of VLAN tags used by the operator representing the VPN logo. It should be noted that the table may be manually configured or implemented by other methods as long as the above logical mapping function can be implemented.
  • the VLAN tag of the replaced Layer 2 data frame is one layer, then 4096 VPNs are supported; if the replaced VLAN tag is two layers, then 4K*4K VPNs are supported.
  • Table 5 is an example of the operator ingress port mapping table.
  • the replaced one or two layers of VLAN tags represent VPN VPN I must be unified in the carrier's internal network.
  • the VPN ID referred to here is a logical concept. For example, in Table 5, enter physical port 1.
  • the user's dual VLAN tag is mapped to the VPN ID 301, 302, 301+302 to form the VPN ID, 4 " ⁇ VPN1, it can be known that the dual VLAN tag of the physical port 3 is also mapped to 301+.
  • VPN1 of 302 so in Table 5, the users represented by physical ports 1 and 3 belong to the same VPN user.
  • the VLAN tag before the replacement is configured according to the specific ingress port, and the VLAN tag of multiple different ports is mapped to the same VPN ID.
  • the self-learning forwarding is performed according to the converted VLAN tag, and is forwarded to the egress of the carrier network. This process is no different from the internal forwarding process of the Layer 2 VPN provided by the common carrier. No longer.
  • a table is added to complete the conversion of the VPN logo used by the operator and the VLAN tag used by the user.
  • the input to this table is one or two layers of VLAN tags representing the VPN ID flag, and the output is the user's representation of the VPN port label (one or two layers) at the output port.
  • Table 6 is an example of an operator outgoing port mapping table. : Input . , Output ', : : : ' Out port VPN flag VPN flag User VLAN1 : : User VLA 2
  • This table of output directions is also configured according to the specific outgoing port. That is to say, the same VPN ID, the translated two-layer user VLAN tags can be the same on different physical output ports, and of course can be different.
  • the technical solution provided by the present invention can support a data frame with one or two layers of VLAN tags, if the label of the carrier network entry port is replaced by only one layer, and then only according to the layer label.
  • MAC address learning and forwarding then only support 4096 VPNs, which is currently supported by all chips on the market.
  • the label after the replacement of the ingress port table has two layers, and then the MAC address learning and forwarding are performed according to the two layers of labels, then 4096*4096 VPNs can be supported, which is for the device connected to the carrier network and the user network.
  • the forwarding chip function puts forward higher requirements. This is a general network data switching device, especially a switch with a commercial L2/L3 forwarding chip.
  • the present invention provides an apparatus dedicated to the implementation of the method provided by the present invention.
  • the internal structure of the device for implementing the method for providing a point-to-multipoint layer 2 VPN using the dual VLAN tag of the present invention will be described in detail below with reference to the accompanying drawings.
  • the current commercial L2/L3 layer switch forwarding chip supports VLAN-based forwarding.
  • the present invention adds a conversion module in front of the forwarding chip (which may be referred to as a forwarding module), thereby realizing the forwarding of user data frames with dual VLAN tags.
  • the conversion module here can be implemented by hardware or software.
  • the present invention provides a network device (not shown) having a forwarding module, a conversion module, and a storage module.
  • the forwarding module is configured to forward the data frame from the corresponding port according to the internal forwarding table;
  • the storage unit stores the mapping relationship between the user information and the local user VLAN;
  • the conversion module acquires the user information from the carrier network data frame, and according to the foregoing
  • the mapping relationship updates the current user VLAN information in the data frame to carry the local user VLAN information, and then sends the information to the forwarding module; or obtains the local user VLAN information in the data frame from the user, and updates the data according to the mapping relationship.
  • the frame is carried to carry the user information and then handed over to the forwarding module for processing.
  • the specific functions implemented by the conversion module are described as follows: In the direction of each physical port of the switch, according to the mapping table of the two-layer VLAN tag configured by the CPU to the one-layer (or two-layer) VLAN tag, it is mapped to the representative. The new VLAN of the Layer 2 VPN ID is then recalculated and handed over to the subsequent commercial ASIC for subsequent forwarding. At each GE (Gigabit Ethernet) exit, the new VLAN tag representing the Layer 2 VPN ID is used. According to the mapping table configured by the CPU on each port, two layers of labels are regenerated, and then the CRC is recalculated and issued.
  • the FPGA Field program gate array in the conversion module does a simple job (mapping and CRC) at a lower cost. And the table is configured on each physical port, so the FPGA can only perform the in/out conversion of the dual VLAN tag VPN port as needed, instead of having to be implemented on all ports.
  • the method and device provided by the first embodiment of the present invention can enhance the functions provided by the existing Layer 2 VPN network at a lower cost, in particular, can handle the Layer 2 with dual VLAN tags.
  • Ethernet data frames can implement 4K*4K VPNs, and the network configuration method is more flexible and simple.
  • the core idea is to configure a mapping relationship between the VLAN and the VPN ID in the source device and the peer device, and the VPN ID is used as an intermediary.
  • the VLAN ID information of the source and the peer can be different, so that the deployment of the VPN network by the operator is more flexible and convenient.
  • the networking application environment provided by the second embodiment of the present invention is the same as the traditional VPN network based on the existing MPLS, but the VPN network deployment is more flexible and convenient.
  • Figure 2 shows that enterprise users A and B connect to their respective three branch office LANs through the VPLS service.
  • a VLAN placed under a port of a device in a certain equipment room of user A is placed in another VLAN.
  • a VLAN under a port of a device in a computer room (the values of the two VLANs are different) belong to the same VPN user and need to communicate with their Layer 2 services.
  • the communication between the equipment room and the equipment room needs to pass through the operator's MPLS network, and the networking application supports a multi-point to multi-point application mode, that is, one VPN user may have multiple service access points, from each The service data frames coming in by the service access point may be interconnected with more than two destination access points.
  • the VPN user's Layer 2 data frame format coming in from the source PE device is as follows: Table 7 shows the format of the Layer 2 data frame of the VPN user at the egress of the peer PE.
  • Table 8 shows the format of the Layer 2 data frame with two VLAN tags as shown in Table 9 and Table 10. .
  • Table 9 shows the format of the Layer 2 data frame of the VPN user that the PE device enters.
  • Table 10 shows the format of the Layer 2 data frame of the VPN user at the egress of the destination PE.
  • the Layer 2 data frame format of the VPN user at the egress of the PE device enters the original Layer 2 data frame of the MPLS-based Layer 2 VPN network service provider. Depending on the packet transmission mode, it may have a VLAN tag. It may also be with two layers of VLAN tags or no VLAN tags. In the case of a VLAN tag, the Ethernet switch automatically adds a default VLAN information to the incoming Layer 2 data frame based on the incoming physical port information. Therefore, the original Layer 2 data frame without VLAN information is described later. Both are considered according to a layer of VLAN tags.
  • the complete technical solution of the second embodiment of the present invention includes a layer of VLAN tag and two (multi) layer VLAN tags.
  • the following takes the case of a layer of VLAN tags as an example.
  • VLAN 1 of source PE1 that is, user A branch LAN 1 (or VLAN 1 below a physical port) corresponds to VPN user A
  • VLAN 2 below destination PE2 is user A branch LAN 2 ( Or on a physical port
  • the following VLAN 2) also corresponds to VPN user A
  • the VLAN 3 under the destination PE4 that is, user A branch LAN 3 (or VLAN 3 below a physical port) also corresponds to VPN user A, within the entire carrier network, from three Different VLANs of different PEs form the VPN ID1 of user A. All the nodes in the VPN are based on the Layer 2 communication of the Layer 2 Ethernet data frames, and the Layer 2 MAC address can be automatically learned and aged, just like the ordinary two.
  • Layer data forwarding is the same. That is to say, the MAC address of each node is learned under the corresponding physical port in the form of VPN ID1 joining port.
  • VPN ID1 is replaced with the corresponding physical port.
  • the VPN user A is in the process of interworking between VLAN 1 and PE3.
  • the process of forwarding is as follows:
  • the PE1 device After receiving the Layer 2 data frame with VLAN1, the PE1 device uses the mapping table of VLAN1 to VPN ID1 to obtain the VPN IDL.
  • PE information and information about the MPLS two-layer label.
  • the VLAN information data bits in the Layer 2 Ethernet data frame can be one layer, two layers, or none, because the specific hardware environment in the network is different. Therefore, the corresponding encapsulation process may be The following package changes: a.
  • the encapsulated Layer 2 data frame carries the original VLAN1 information.
  • the encapsulated Layer 2 data frame carries the information of VPN ID1.
  • VLAN1 or VPN ID1 information that is, the original VLAN location or an empty VLAN value (all zeros), or no VLAN information at all, that is, the format is not encapsulated with VLAN information.
  • VPN ID1 Use VPN ID1 to learn the source MAC address, and learn the MAC address to the corresponding port of the VPN user under the corresponding PE.
  • the VPN ID1 information needs to be obtained from the MPLS label.
  • mapping table with the VLAN obtains the VLAN information to be encapsulated when the port is output, and is encapsulated and sent from the corresponding physical port.
  • the MAC address of the destination port is learned under the corresponding remote PE, that is, the PE that sends the Ethernet data frame connected to the source PE1 device.
  • the MPLS label of the Layer 2 data frame of the VPN user with the two layers of MPLS label encapsulation through the carrier network already carries the VLAN and the VPN ID.
  • Information so the information carried in the corresponding VLAN information data bits in the Layer 2 data frame can be very flexible.
  • the original VLAN information may be carried, or may not be carried, or the VPN ID information may be used. Therefore, the specific processing situation and means are A variety of, the following are considered in several cases o
  • VPN ID information is already carried in the MPLS label, this information may not be carried in the VLAN information. Whether it is carried, sometimes associated with the specific implementation of the hardware forwarding ASIC. Because some hardware forwarding ASIC chips are handled smoothly without VLAN information, if the Layer 2 data frame does not carry VLAN information internally, at this time, the peer chip processing action is relatively simple, only a new layer of VLAN tag needs to be inserted. That's it.
  • the information carried can be more. Because the user VPN ID information is carried in the MPLS label at this time, other information can be carried in the VLAN. For example, if there are multiple VLANs under one CE, MPLS carries the VPN ID information, and the location of the VLAN label can carry different VLAN information under the CE.
  • the VLAN information can be provided through the carrier network to provide a VPN user with multiple VLAN application requirements, and the multiple VLANs have different representations at different CE points.
  • the peer PE obtains the VPN ID information from the MPLS label to further obtain the local VLAN information
  • the specific implementation manner may be various, for example, the peer PE device.
  • the VPN ID information or VLAN information may be carried in other parts of the Layer 2 Ethernet data frame, and the information may be used to implement local VLAN information. It is to be understood that these modifications and applications are intended to be included within the scope of the appended claims.
  • the VLAN information of multiple points may be different, and the principle of Layer 2 forwarding is that multiple MAC addresses need to be interoperable in one VLAN.
  • the VLAN information that has passed through the MPLS network preferably represents the VPN ID, rather than the localized VLAN information of each point, because this will cause the MAC address learning problem at the destination point. If the past is localized information, then the device itself can handle this situation, for example, processing the localized VLAN information and learning and forwarding the Layer 2 VPN.
  • both VLAN tags are only localized. That is to say, only a specific fixed value is available on one access point, and at the other access point, the two layers of labels marking the VPN user or user service need to be replaced with the values of the other two VLAN tags.
  • the second embodiment of the present invention is added to the source PE device.
  • the mapping between the VLAN and the VPN ID is performed, and the mapping relationship is resolved in the peer PE device.
  • the control of the VLAN information in the Layer 2 Ethernet data frame is implemented by the carrier.
  • the implementation can be performed by one party (the party).
  • the type of VPN service required for configuration can be completed without the cooperation of the other party (user), thus making the deployment of the VPN easier and more flexible.
  • the core of the third embodiment of the present invention is to establish a VLAN switching path table, in which the VLAN information involved in the switching in all switching domains is included in the table: a switching domain identifier, a MAC address, a VLAN label, and possibly a port number, thereby establishing Corresponding relationship between the switching domain identifier and the multi-layer VLAN tag and the port; after receiving the input data packet, querying the VLAN switching path table according to the multi-layer VLAN tag of the data packet to obtain the corresponding switching domain identifier; The destination MAC address of the input packet selects the egress path of the input packet and the corresponding VLAN tag; strips the multi-layer VLAN tag of the input packet, encapsulates it by the selected VLAN tag, and forwards the encapsulated input through the egress path. Packets, which enable Layer 2 interconnection of multiple VLANs, for example, one VLAN and multiple VLANs (one VLAN, two VLANs, three VLANs, etc.), and the exchange between
  • step 101 configuring a virtual local area network VLAN switching path table, where the VLAN switching path table includes VLAN information involved in switching in all switching domains: Domain ID, VLAN tag, and corresponding port information.
  • VLAN switching path table includes VLAN information involved in switching in all switching domains: Domain ID, VLAN tag, and corresponding port information.
  • the support of the outer VLAN is not limited by the 4094, each port You can independently support 4094 outer VLANs.
  • the outer VLAN of the multi-layer VLAN occupies the VLAN configured by the VLAN switching device
  • the outer VLAN can only support a maximum of 4094.
  • the VLAN switching path table only needs to contain the VLAN information to be exchanged. All the paths in the switching domain to which the VLAN belongs can be easily found by the mapping between the VLAN tag and the port configured on the switch.
  • the so-called switched domain refers to the range of VLAN switching. Different VLANs in the same switching domain can be exchanged without any restrictions on the VLAN characteristics of the ingress and egress ports.
  • the multi-layer virtual local area network is a private network or a public network.
  • VLAN switch path table configured is as follows:
  • the VLAN information of the exchange domain IDs 2 and 3 is exchanged.
  • the VLAN tag and the Layer 2 VLAN tag (the number of VLANs are the same as the number of VLAN layers to be supported) and the port number. Composition.
  • the value of each VLAN is 1 - 4094. 0 indicates that the VLAN of the layer can be arbitrarily matched.
  • the configuration information of the switching domain with the exchange domain ID 2 is as follows:
  • the first configuration information indicates that the first layer VLAN of port 1 is VLAN 7, and the second layer VLAN is any VLAN.
  • the second configuration information indicates that the first layer VLAN of port 2 is VLAN 100, and the second layer VLAN is VLAN 2.
  • the third configuration information indicates that the first layer VLAN of port 3 is VLAN 10 and the second layer VLAN is VLAN 5.
  • the configuration information of the switching domain with the exchange domain ID 3 is as follows:
  • the fourth configuration information indicates that the first layer VLAN of port 3 is VLAN 10, and the second layer VLAN is any VLAN.
  • the path information of the input packet and the associated switching domain can be known from the table. If the outer VLAN of the multi-layer VLAN participating in the exchange belongs to the switching device itself
  • a VLAN can be configured to exchange all the ports included in the VLAN by querying the VLAN configuration table of the switch.
  • the port and VLAN tag information can be combined to automatically generate the switch.
  • the exchange path under the domain can be configured to exchange all the ports included in the VLAN by querying the VLAN configuration table of the switch.
  • Step 102 Extract the multi-layer VLAN tag corresponding to the configured number of switching path support layers from the input data packet.
  • the configured switching path can support several layers of VLAN tags, and the maximum number of VLAN tags of the packet can be taken.
  • step 103 Query the VLAN switching path table to obtain the corresponding switching domain identifier.
  • the mapping between the multi-layer label and the port needs to be configured in the VLAN switching path table.
  • the multi-layer VLAN tag of the packet and the inbound port query VLAN switching path table can obtain the corresponding switching domain identifier.
  • the outer VLAN of the multi-layer VLAN occupies the VLAN to which the VLAN switching device belongs, only the VLAN switching path table is needed. This includes the information about the switching domain ID and the VLAN tag. Therefore, you only need to query the VLAN switching path table based on the multi-layer VLAN tag of the input data packet to obtain the corresponding switching domain identifier.
  • the VLAN switching device After receiving the input data packet, the VLAN switching device knows which port the data packet comes from, and queries the VLAN switching path table according to the port number and the multi-layer VLAN tag obtained, and matches the VLAN tag in the VLAN switching path table to obtain a corresponding exchange. Domain ID, which gives you which switching domain this VLAN belongs to.
  • the VLAN tag hits can be matched in depth-first or in the order of configuration priority when matching VLAN tags.
  • the so-called depth-first principle refers to a VLAN tag with a high priority and a high priority.
  • the data packet received from port 3 is a two-layer VLAN tag data packet of VLAN 10/VLAN 5
  • the third record and the fourth record in the above Table 11 are all in compliance, but the accuracy of the third record is higher than that of the fourth record. Record, so select the exchange domain ID in the record to be 2. At this time, you need to strip off the two layers of VLAN tags.
  • the data packet received by port 3 is a VLAN 10/VLAN 6 VLAN tag packet, you can only hit the fourth record VLAN 10/VLAN 0. In this case, the switch domain ID is 3, and only the outer VLAN 10 of the hit is stripped. label.
  • the principle of configuration order priority refers to matching according to the configuration order in the VLAN switching path table. Who configures first and who matches first.
  • Step 104 Select an exit path of the input packet according to the switching domain identifier and the destination MAC address of the input packet.
  • Step 105 Forward the input data packet by selecting an egress path.
  • the VLAN tag of each layer corresponding to the egress path needs to be obtained.
  • the inbound VLAN tag hit in step 103 is stripped off, and then, according to The obtained outbound VLAN tag encapsulates the data packet and encapsulates it before forwarding.
  • the Layer 2 switching is based on the MAC address of the network node to forward data.
  • an address forwarding table needs to be established.
  • the correspondence between the MAC address and the port is indicated in the address forwarding table.
  • the present invention also needs to establish a forwarding table to indicate the forwarding relationship of VLAN data packets, which port to switch to, and what kind of VLAN to exchange.
  • the forwarding table established by the present invention includes the following information: a switching domain ID, a MAC address, a VLAN tag, and a port number.
  • the table is built based on the source MAC address and the multi-layer VLAN tag in the input packet. Therefore, the required egress path information cannot be obtained when the table is accessed for the first time.
  • FIG. 5 shows the flow of querying and learning the egress path in the method of the present invention.
  • step 201 querying the forwarding table with the switching domain identifier and the destination MAC address;
  • step 202 determining whether the corresponding egress path is queried;
  • step 203 obtain the exit path and the corresponding VLAN tag
  • step 204 Obtain all the egress paths and corresponding VLAN tags except the ingress path corresponding to the switching domain identifier according to the VLAN switching path table.
  • Step 205 The source MAC address of the input data packet and the multi-layer VLAN tag are learned into the forwarding table. In this way, the returned data packet can directly find the egress port corresponding to the source MAC address from the forwarding table.
  • Table 12 the forwarding table obtained after learning is shown in Table 12 below: Table 12:
  • the input packet is forwarded as follows:
  • the input data packet is encapsulated according to the VLAN tag corresponding to the egress path, and if the egress corresponds to the multi-layer VLAN tag, multiple layers are sequentially added to the data packet;
  • the encapsulated input packet is sent out from the port of the egress path.
  • the input packet needs to be broadcasted to the possible egress path, that is, to be broadcast to the port corresponding to all paths within the range of VLAN switching.
  • the data broadcast to different ports must be encapsulated according to their corresponding VLAN tags before they can be forwarded.
  • the specific forwarding process is as follows:
  • the encapsulated input data packets are respectively forwarded through the corresponding exit path.
  • the above process of stripping the multi-layer VLAN tag of the input data packet may also be performed after the input data packet is acquired.
  • the terminal device determines whether the data packet is sent to the device according to the destination MAC address of the received data packet. If the destination MAC address is the same as the MAC address of the local device, it is processed according to the normal process. If it is not the same, the packet is discarded.
  • the multi-layer VLAN is further explained below with reference to the forwarding path in the forwarding table shown in Table 12. Exchange process.
  • FIG. 6 shows the networking of VLAN switching domain 2.
  • VLAN switching domain 2 consists of VLAN 7 under port 1, VLAN 100/VLAN 2 under port 2, and VLAN 10/VLAN 5 under port 3. These three independent networks form a large Layer 2 network through multi-layer VLAN switching. .
  • step 401 A layer of VLAN 7 (only one layer of VLAN tags) is obtained from the incoming packet.
  • Step 402 Query the VLAN switching path table by using VLAN 7 and port number 1, and obtain the switching domain ID 2. Description is the packet to be VLAN-switched, stripping the VLAN7 label in the packet.
  • Step 403 Query the forwarding table by using the exchange domain ID and the destination MAC address of the data packet.
  • Step 404 Determine whether the result is queried.
  • step 405 the corresponding VLAN tag in the query result is encapsulated and sent to the port corresponding to the query result.
  • step 406 Query the VLAN switching path table according to the switching domain ID to obtain the switching domain ID. All paths VLAN7/1, VLAN100/VLAN2/2, VLAN10 VLAN5/3 three paths, because VLAN7/1 is the input path of the packet, so only two copies of data need to be copied, ie step 407: Copy the packet by the number of paths.
  • step 405 encapsulating the corresponding VLAN tag in the query result and sending it to the port corresponding to the query result.
  • VLAN100/VLAN2/2, VLAN10/VLAN5/3 put one of the data on the two layers of VLAN tags 100 and 2, and then send it out from port 2; the other is labeled with two layers of VLAN tags 10 and 5. Then send it out from port 3.
  • both A2 and A3 devices can receive data, but only the MAC address of A2 matches the destination MAC address of the packet, A2 receives the data, and A3 discards the data.
  • step 408 learn the ingress VLAN 7 and the source MAC address into the forwarding table.
  • the exchanged packets can be forwarded directly to port 1 according to the forwarding table. This step can also be completed after step 401.
  • step 501 get two layers of VLAN tags from the packet.
  • Step 502 Query the VLAN switching path table by using VLAN 100/VLAN 2 and port number 2, and obtain the switching domain ID 2. Description is the packet to be VLAN-switched, and the VLAN100/VLAN2 label in the packet is stripped.
  • Step 503 Query the forwarding table by using the switching domain ID and the destination MAC address of the data packet. Since the address of A1 has been learned through step 408 in the process shown in FIG. 4, it can be queried that the egress path of the data packet is VLAN 7/1.
  • Step 504 Encapsulate the VLAN ID in the query result and send it to the port in the query result.
  • VLAN switching domain ID of the data packet, the incoming VLAN tag VLAN 100/VLAN 2 in port number 2, and the source MAC address are learned into the forwarding table, that is, step 505: learning the ingress VLAN 100/VLAN 2 and the source MAC address to the forwarding table. in.
  • This step can also be completed after step 501.
  • the path can be exchanged through the VLAN.
  • the table directly finds the egress path of the input packet and the corresponding VLAN tag. After receiving the data packet, the multi-layer VLAN tag corresponding to the configured switching path support layer is removed from the input data packet, and the configured switching path can support several layers of VLAN tags, and the maximum number of outer VLAN tags of the data packet is taken.
  • the VLAN switching path table is queried to obtain the corresponding switching domain identifier; according to the switching domain identifier, only two switching paths in the switching domain are obtained, and the multi-layer VLAN tag and the input port number are taken out from the input data packet. If the VLAN information in the VLAN switching path table is matched, the ingress path of the data packet is obtained, and the other path in the switching domain is the egress path of the data packet. It can be seen that the learning process of forwarding by destination MAC address and source MAC address is omitted in this way. It not only saves forwarding table resources, but also greatly improves the forwarding performance of VLAN switching devices.
  • VLAN switching path table can be organized in a variety of ways, and will not be enumerated here.
  • VLAN switching paths of the two switching domains with different switching paths are configured separately. For example, only the path information of the two switching path tables passes through a VLAN switching path relationship correspondence table. In the table, each ingress path uniquely corresponds to one. Exit path.
  • the above example describes the exchange process between the VLANs with the two VLAN tags. The process of the exchange between the two VLANs is similar to the above, and is not described here.
  • the operator can divide VLANs into different areas according to their own plans.
  • the bottom layer consists of access switching devices. After adding two VLAN tags, they can access VLAN switching devices, which can support 4094 X 4094 VLANs.
  • the company For the company, it has two branches. The first branch is located in the area A, the port of the VLAN switching device accessing the upper layer is P1, and the VLA assigned to the user by the access switching device is VLAN 5, and the second branch is located in the area B.
  • the port of the VLAN switching device connected to the upper layer is P2, and the VLAN assigned to the user by the access switching device is VLAN 10. If you need to configure the two branches of VLAN 5 of Region A and VLAN 10 of Region B to provide a VPN network to the enterprise, you only need to configure a switching domain on the VLAN switching device and join the switching paths VLAN1/VLAN5/P1 and VLAN2. /VLAN10/P2 can be.
  • Table 13 See, without changing the network configuration shown in Figure 9, and configuring according to Table 13, you can realize the interworking between the first branch and the second branch, which facilitates the configuration and maintenance of the VPN network and network.
  • the QinQ technology enables the private network VLAN to be transparently transmitted through the public network.
  • the private network of the same VLAN is connected to the access switch of the public network through the access switch of the user.
  • Have the same VLAN ID) can form a large VPN network, we call it VPNA
  • VLAN 2 users in different regions can also form another big one.
  • VPN network we call it VPN B.
  • the devices in VPN A can implement Layer 2 interworking.
  • the devices in VPN B can also implement Layer 2 interworking.
  • the devices of VPN A and VPN B cannot communicate with each other at the second layer.
  • the network with the same VLAN ID can communicate with each other at Layer 2. Therefore, VLAN planning is required for the entire VPLS when planning the network.
  • VLANs of the local areas need to be uniformly planned. If a VPN network is to be formed, the VLANs in different areas need to be configured with the same VLAN ID, which is limited when networking. For example, the marketing department of the same company located in A and B needs to be interconnected, but because the two networks are independent networking, the VLAN ID planning is also independent. We have a marketing department VLAN ID X, B. The VLAN ID of the marketing department. If you want to form a VPN for the marketing department of the two places, you must modify the VLAN ID of the A or B market. Such modifications not only require professionals to complete, but also affect the use of the network, affecting the development of the business, and new errors may be introduced due to configuration changes, which is difficult for users to receive.
  • the invention adopts a method for realizing virtual exchange with different VLAN IDs by using QinQ technology on the device, so that user networks with different VLAN ID identifiers can also form a VPN network.
  • the user can implement a VLAN with any VLAN ID to form a large VPN network without any modification to the network, and implement Layer 2 interworking between VLANs with different VLAN IDs.
  • the VLAN switch table consists of the public network VLAN ID, the egress port number, the private network VLAN ID, and the switched private VLAN ID.
  • the public network VLAN ID + egress port number + private network VLAN ID form the key of the table.
  • the QinQ packet arrives at the terminal port of QinQ, the outer VLAN tag of QinQ is stripped, and the original private network VLAN packet is obtained. At the same time, the VLAN ID of the private network is obtained. Network VLAN ID + outgoing port + private network The VLAN ID is used to query the QinQ VLAN exchange table to obtain a new private network VLAN ID.
  • VLAN 10 and VLAN 12 of Area A are interconnected with VLAN 5 and VLAN 6 of Area B through QinQ.
  • the user wants VLAN 10 of A to communicate with VLAN 5 of B at the link layer, and VLAN 12 of A and VLAN 6 of B communicate at the link layer.
  • A's network is connected to port 10 of public network switch and B is connected to port 1.
  • the specific implementation scheme of the VLAN 12 of the area A and the VLAN 6 of the area B constitutes a large VLAN is as follows:
  • the data is configured as shown in Table 15.
  • the packet of VLAN 6 is encapsulated in QinQ on port 1.
  • the outer VLAN ID is 8.
  • the corresponding packet format is shown in Table 16 (2).
  • the QinQ VLAN exchange table is searched according to the public network VLAN ID 8 + outgoing port number 10 + private network VLAN ID 6 to obtain the new private network VLAN ID number is VLAN 12, then VLAN 6 is based on QinQ VLAN.
  • the switch table is switched to VLAN 12.
  • the corresponding packet format is shown in Table 17 (2).
  • the new private network VLAN ID 12 packet is sent out of port 10, so that two private networks: VLAN 12 and B of A.
  • VLAN 6 implements Layer 2 mutual access and forms a large VLAN. Layer 2 mutual access between VLAN 10 and VLAN 5 can also be completed based on the same principle.
  • VLAN 12 packet strips the outer label VLAN 8 and exchanges the new VLAN ID 6.
  • VLAN 6 packet strips the outer label VLAN 8 and exchanges the new VLAN ID 12.
  • the above is only one embodiment of the fourth embodiment of the present invention.
  • the present invention can uniformly configure the QinQ VLAN switch table in the switching device, or split the table into a table for each port configuration, so that the QinQ VLAN is configured. There is no port number in the contents of the exchange table, and the implementation and technical effects are the same.
  • the keyword "public network VLAN ID" of the QinQ VLAN exchange table in the fourth embodiment of the present invention can be completely replaced by the "VPN identifier".
  • the new private network VLAN ID is defined by configuring the keyword "VPN ID + egress port number + private network VLAN ID”. The implementation scheme and technical effect are the same.
  • the port described in the fourth embodiment of the present invention refers to a logical port, which may be a physically existing port or a virtual port.
  • the above method for realizing virtual switching by using QinQ technology can be implemented by software or by hardware logic circuit.
  • the fourth embodiment of the present invention is applicable not only to the case of two layers of IEEE 802.1Q tags, but also to the case of encapsulating multiple layers of IEEE 802.1Q tags.
  • the outer public network VLANs described in the present invention are both Refers to the outermost public network VLAN.
  • the fourth embodiment of the present invention solves the problem that the network with different VLAN identifiers is difficult to implement interworking at the second layer. Compared with the prior art, the fourth embodiment of the present invention has the following advantages: 1. A VLAN network capable of implementing different identifications forms a large VPN network through QinQ technology, and the user does not need to make any changes to the network configuration;
  • Private networks in different regions can independently plan their own VLAN IDs, and plan the bills and network flexibility.
  • the method for virtual local area network switching of the present invention includes the steps of:
  • the exchange information includes the VPN ID, the VPN ID and the physical port, the public network VLAN information, the data frame identification information, the switching domain identifier, the switching domain identifier, and the destination MAC address, and the like according to actual conditions and requirements.
  • Another virtual local area network switching method applied to an edge device of an operator includes the following steps:
  • the data frame is received from the carrier network, and the current user VLAN included in the data frame is replaced with the VLAN of the user recorded on the device, and then forwarded to the user.
  • the user information is in an operator VLAN or an MPLS label.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A method of virtual local area network exchange includes the steps of: receiving the data frame, obtaining the information related to the exchange according to the data frame, querying the corresponding relations between the information related to the exchange and the VLAN information configured in the network device, thereby to obtain the new VLAN information, and updating the data frame according to the new VLAN information; forwarding the updated data frame. Wherein, the information related to the exchange comprises VPNID, VPNID and egress physical ports, public network VLAN information, the identification information of the data frame the identification of the exchange field, the identification of the exchange field and the destination MAC address. The invention also discloses the corresponding network devices.

Description

虛拟局域网交换的方法和网络设备  Virtual local area network switching method and network device
技术领域 Technical field
本发明涉及网络通信技术领域,具体涉及一种虛拟局域网交换的 方法和网给设备。 背景技术  The present invention relates to the field of network communication technologies, and in particular, to a method for virtual LAN exchange and a network to device. Background technique
VLAN (虚拟局域网)是指在交换局域网的基础上, 采用网络管 理软件构建的可跨越不同网段、 不同网络的端到端的逻辑网络。 一个 VLAN组成一个逻辑子网, 即一个逻辑广播域, 它可以覆盖多个网络 设备, 允许处于不同地理位置的网络用户加入到一个逻辑子网中。 VLAN的划分可依据不同的原则, 主要有以下三种:  VLAN (Virtual Local Area Network) refers to an end-to-end logical network constructed by network management software that can span different network segments and different networks based on the switched LAN. A VLAN forms a logical subnet, that is, a logical broadcast domain, which can cover multiple network devices and allows network users in different geographical locations to join a logical subnet. The division of VLANs can be based on different principles. There are three main types:
1. 基于端口的 VLAN划分, 即将一个或多个交换机上的几个端 口划分为一个逻辑组。  1. Port-based VLAN partitioning, which divides several ports on one or more switches into one logical group.
2.基于 MAC地址的 VLAN划分。 MAC地址是指网卡的标识符, 每一块网卡的 MAC地址都是唯一且固化在网卡上的。  2. VLAN division based on MAC address. The MAC address refers to the identifier of the network card. The MAC address of each network card is unique and is fixed on the network card.
3. 基于路由的 VLAN划分。 路由协议工作在网络层, 相应的工 作设备有路由器和路由交换机(即三层交换机)。 该方式允许一个 VLAN跨越多个交换机, 或一个端口位于多个 VLAN中。  3. Route-based VLAN division. The routing protocol works at the network layer. The corresponding working devices are routers and routing switches (ie, Layer 3 switches). This approach allows one VLAN to span multiple switches, or one port to be in multiple VLANs.
虽然 VLAN所连接的设备来自不同的网段, 但是相互之间可以 进行直接通信, 好象处于同一网段中一样。 由于 VLAN是将局域网 内的设备逆辑地而不是物理地划分成一个个网段,所以它可以提供灵 活的用户 /主机管理、 带宽分配以及资源最优化等服务。  Although the devices connected to the VLANs come from different network segments, they can communicate directly with each other as if they are in the same network segment. Because VLANs reverse-separate devices rather than physically into network segments, they provide flexible user/host management, bandwidth allocation, and resource optimization.
在同一物理形态上的局域网可以分成多个 VLAN ( Virtual Local Area Network, 虚拟局域网), 各 VLAN之间不能直接访问, 只能通 过路由设备来访问, 这样可以提高网络的安全性和可靠性。  A LAN in the same physical form can be divided into multiple VLANs (Virtual Local Area Network). Each VLAN cannot be directly accessed and can only be accessed through a routing device. This improves network security and reliability.
VPN ( Virtual Private Networks, 虛拟专网)技术是一种通过公众 网絡来传递私有网络的技术,通过这种技术可以把不同地点的私用网 络连接起来, 是一种廉价高效的方法。 目前常用的二层 VPN技术有 V-switch技术(VLAN 交换技术, 使用 VLAN标签交换进行转发的 一种技术)、 QinQ技术(两层 IEEE802.1Q标签封装技术, 亦即, 在 一个数据包上打两层 VLAN标签, 又称 802.1 Q隧道技术)以及基于 MPLS ( Multi-Protocol Label Switch, 多协议标签交换技术) 的 VPN 技术。  VPN (Virtual Private Networks) technology is a technology that delivers private networks through public networks. This technology can connect private networks in different locations, which is a cheap and efficient method. Currently, the commonly used Layer 2 VPN technologies include V-switch technology (VLAN switching technology, a technology that uses VLAN tag switching for forwarding) and QinQ technology (two-layer IEEE 802.1Q label encapsulation technology, that is, on a data packet. Two-layer VLAN tag, also known as 802.1 Q tunneling technology, and VPN technology based on MPLS (Multi-Protocol Label Switch).
其中, V-switch技术是一种简单的 VPN技术, 其实现的基本原 理是通过对入端口以太网数据帧的一层或两层 VLAN标签直接进行 交换成出端口的对应 VLAN标签实现。 具体地说, 就是二层交换设 备通过将从入端口进来的数据帧携带的属于某一特定 VPN的一层或 两层 VLAN标签换成为同属该特定 VPN的另一局域网的新的一层或 两层 VLAN标签后, 然后从输出端口发出, 进而实现将处于不同地 域 VLAN标签不同的各局域网组成一个大的 VPN网络。 Among them, V-switch technology is a simple VPN technology, the basic principle of its implementation. The management is implemented by directly switching one or two layers of VLAN tags of an ingress Ethernet data frame to corresponding VLAN tags of the egress port. Specifically, the Layer 2 switching device exchanges one or two layers of VLAN tags belonging to a specific VPN carried by the data frames coming in from the ingress port into a new layer or two of another local area network belonging to the specific VPN. Layer VLAN tags are then sent out from the output port, so that LANs with different VLAN tags in different regions form a large VPN network.
然而, 采用 V-switch实现 VPN存在如下缺点: (1)只能实现点到 点的 VPN; (2)需要靠手工配置来实现运营商的多跳穿越, 这样, 当 需要穿越运营商的多个设备时, 那么需要在每个设备上都进行配置, 不能做到在运营商网络入口处配置完后, 进行自路由转发; (3)不对 VPN用户业务进行最终交换, 也就是说不进行 VPN用户的 MAC地 址学习和 MAC地址转发。  However, using V-switch to implement VPN has the following disadvantages: (1) It can only implement point-to-point VPN; (2) It needs manual configuration to implement multi-hop traversal of operators, so that when multiple carriers need to cross If the device is configured, it needs to be configured on each device. After the configuration is completed at the carrier's network portal, it can be self-routing. (3) The VPN user service is not exchanged, that is, the VPN user is not used. MAC address learning and MAC address forwarding.
802.1Q标准解决如何将大型网络划分为多个小部分的问题, 支 持 802.1Q 的交换端口可被配置来传输标签帧或未标签帧。一个包含 VLAN信息的标签字段可以插入以太帧中。 如果端口有支持 802.1Q 的设备(如另一个交换机)相连, 那么这些标签帧可以在交换机之间 传送 VLAN成员信息。  The 802.1Q standard addresses the problem of how large networks can be divided into smaller parts. The 802.1Q-enabled switch ports can be configured to transport tagged or unlabeled frames. A tag field containing VLAN information can be inserted into the Ethernet frame. If a port has an 802.1Q-capable device (such as another switch) connected, these tag frames can carry VLAN membership information between switches.
在以太网中的 IEEE 802.1Q标签帧格式中, 标签控制信息字段 TCI 包括用户优先级(User Priority )、 规范格式指示器 (Canonical Format Indicator )和 VLAN ID。 其中, VLAN ID是对 VLAN 的识 别字段, 在标准 802.1Q 中常被使用。 该字段为 12位。 支持 4096 ( 2Λ12 ) VLAN 的识别。 在 4096可能的 VID 中, VID = 0用于识 别帧优先级。 4095 ( FFF )作为预留值, 所以一个网络中可以划分的 VLAN的最大可能值为 4094, 这对于大型应用是不够的, 于是出现 了多层的虚拟局域网技术。 如果采用两层的 VLAN标签来表示一个 VLAN, 即 QinQ (双标签)技术, 则一个网络就可以划分成 4094 x 4094个 VLAN, 这样即可满足大多数的应用。 In the IEEE 802.1Q tag frame format in Ethernet, the tag control information field TCI includes a user priority (User Priority), a Canonical Format Indicator, and a VLAN ID. The VLAN ID is an identification field for the VLAN and is often used in the standard 802.1Q. This field is 12 bits. Support for 4096 ( 2 Λ 12 ) VLAN identification. In 4096 possible VIDs, VID = 0 is used to identify the frame priority. 4095 (FFF) is used as the reserved value, so the maximum possible value of VLANs that can be divided in one network is 4094, which is not enough for large-scale applications, and then there are multiple layers of virtual local area network technology. If a two-layer VLAN tag is used to represent a VLAN, that is, QinQ (Double Tag) technology, a network can be divided into 4094 x 4094 VLANs, which can satisfy most applications.
QinQ技术(采用两层 IEEE802.1Q标签进行封装的技术 , 就是 在一个数据包上打两层 VLAN标签, 又称 802.1Q隧道技术 )是另一 种筒单的 VPN技术, 它采用的 L2层技术, 通过两层 IEEE802.1Q标 准的标签封装技术, 即在使用的私网 VLAN标签外再封装一个公网 的 VLAN标签, 使得私网的 VLAN能够从公网透传到需要连接的其 它私网。 由于它不需要额外的信令支持就能实现简单的 VPN功能, 能够把 的几个地域的 LAN ( Local Area Network, 局域网)组成 一个大的 VPLS ( Virtual Private LAN Service,虚拟专用局域网服务), 因此非常简单方便。 QinQ technology (a technology that uses two layers of IEEE 802.1Q tags for encapsulation, which is a two-layer VLAN tag on a data packet, also known as 802.1Q tunneling technology) is another type of VPN technology that uses L2 layer technology. The two-layer IEEE 802.1Q standard label encapsulation technology encapsulates a public network VLAN tag in addition to the private network VLAN tag, so that the private network VLAN can be transparently transmitted from the public network to other private networks that need to be connected. Because it does not require additional signaling support, it can implement a simple VPN function, and can form a large VPLS (Virtual Private LAN Service) in a local area network (LAN). So it is very simple and convenient.
然而, 该技术只能使用一层 VLAN标签来标识用户 VPN, 当需 要两层 VLAN标签来确定一个用户 VPN的情况则无法支持, 而在实 际的网络应用中, 有很多地方是需要使用两层 VLAN来标志一个用 户;另夕卜,利用 QinQ技术封装的二层 VLAN标签,其中外层的 VLAN 标签由运营商提供代表 VPN的标识, 内层 VLNA标签由用户提供代 表每个 VPN内部业务的种类。 这样, 一个 VPN及其业务种类的配置 就必须由运营商和企业网共同完成, 而不能由一方集中完成。还有就 是每个 VLAN标签由 12位比特的二进制来定义是全局的, 如此, 带 来的问题是每个端口只能实现 4096个 VPN。  However, this technology can only use a layer of VLAN tags to identify user VPNs. When two layers of VLAN tags are required to determine a user VPN, it cannot be supported. In actual network applications, there are many places where two layers of VLANs are required. To mark a user; in addition, a Layer 2 VLAN tag encapsulated by QinQ technology, wherein the outer VLAN tag is provided by the operator to represent the VPN, and the inner VLNA tag is provided by the user to represent the type of internal service of each VPN. In this way, the configuration of a VPN and its service types must be completed by the operator and the enterprise network, and cannot be done centrally by one party. Also, it is global that each VLAN tag is defined by a 12-bit binary. Thus, the problem is that only 4096 VPNs can be implemented per port.
此外,如果对前述 QinQ技术不作特别处理,对于不同地域的 LAN 只有 VLAN标识相同的网络才能在二层实现互通, 也就是说, 只有 VLAN ID相同的两个网络才能组成一个真正的 VLAN, 这样在规划 网络时就要对整个 VPLS进行 VLAN规划。 但这样的规划不但需要 专业人员才能完成, 而且还会对整个网絡的组网带来极大的不便, 以 致影响业务的开展; 另外, 由于配置的更改还可能在网络中引入新的 错误, 这对于用户来说是很难接受的。  In addition, if the above-mentioned QinQ technology is not specially processed, only the networks with the same VLAN ID can be interconnected at the Layer 2 for LANs in different regions. That is, only two networks with the same VLAN ID can form a true VLAN. VLAN planning is required for the entire VPLS when planning the network. However, such a plan requires not only professionals to complete, but also greatly inconveniences the networking of the entire network, which may affect the development of the business; in addition, due to configuration changes, new errors may be introduced in the network. It is very difficult for users to accept.
而基于 MPLS的 VPN技术则是采用 MPLS 标签实现的。 当前, 基于 MPLS的二层 VPN的主流技术包括有点到点的 VPN (VLL, 虚 拟租用专线)技术,以及点到多点的 VPN(VPLS,虚拟私有 LAN服务) 技术。  The MPLS-based VPN technology is implemented using MPLS labels. Currently, mainstream technologies for MPLS-based Layer 2 VPNs include point-to-point VPN (VLL, Virtual Leased Private Line) technology and point-to-multipoint VPN (VPLS, Virtual Private LAN Service) technology.
基于 MPLS的 VLL(Virtual Leased Line,虛拟租用专线)技术是采 用 MPLS 标签实现的。 用户业务的数据帧在 CE ( Consumer Edge, 用户边缘设备)内部是以普通的以太网数据帧传输, 在进入运营商的 PE ( Provider Edge, 供应商边缘)设备后, PE根据用户的 VLAN信 息和目的 MAC信息,查找转发表后得到一个双层的 MPLS 标签,根 据这个双层 MPLS 标签再得到一个下一跳的目的 MAC和 VLAN信 息, 封装后从本设备的相应发送端口发出 , 发到对端的 PE设备。如 下表 1显示用户正常数据帧, 表 2显示 MPLS数据帧。  MPLS-based VLL (Virtual Leased Line) technology is implemented using MPLS labels. The data frame of the user service is transmitted in the normal Ethernet data frame of the CE (the consumer edge device). After entering the PE (Provider Edge, Vendor Edge) device of the carrier, the PE is based on the user VLAN information. After the destination MAC address is searched for the forwarding table, a double-layer MPLS label is obtained. According to the double-layer MPLS label, the destination MAC address and VLAN information of the next hop are obtained, and then encapsulated and sent from the corresponding sending port of the device to the peer end. PE equipment. Table 1 below shows the user's normal data frame, and Table 2 shows the MPLS data frame.
目的 MAC 源 MAC VLAN 静荷 C C  Purpose MAC source MAC VLAN static load C C
用户正常数据帧
Figure imgf000005_0001
User normal data frame
Figure imgf000005_0001
MPLS数据帧 这个 MPLS封装的数据包到了对端 PE设备以后, PE设备将两 层 MPLS 的标签去掉, 并且从这两层 MPLS标签的内层标签得到该 VPN用户业务在该设备上的最终出端口信息, 将用户 VPN的二层以 太网数据帧原封不动地从相应出物理端口发出。 MPLS data frame After the MPLS encapsulated data packet is sent to the peer PE device, the PE device removes the label of the two layers of MPLS, and obtains the final outgoing port information of the VPN user service on the device from the inner layer label of the two layers of the MPLS label. The Layer 2 Ethernet data frame of the user VPN is sent out from the corresponding physical port intact.
然而, 基于 MPLS的 VPN技术要求设备必须支持 MPLS标签, 这就对设备提出了更高的要求; 另外, 它要求用户同一 VPN内部标 示同一种业务的标记必须是全局统一的, 无法做到在不同的地点 (意 味着设备的不同出口)、业务标志形式的 VLAN数值不同,进而给 VPN 网络实现带来了困难; 最后, 由于 VPN标志及 VPN内部的业务标志 分别由运营商和企业客户配置, 同样无法由一方集中完成。  However, MPLS-based VPN technology requires that the device must support MPLS labels, which puts higher requirements on the device. In addition, it requires users to mark the same service within the same VPN. The tags must be globally unified and cannot be different. The location of the location (meaning different outlets of the device) and the VLAN value in the form of service flags are different, which in turn brings difficulties to the VPN network implementation. Finally, since the VPN logo and the internal service logo of the VPN are configured by the operator and the enterprise customer, Cannot be completed by one party.
如果一个 VPN用户有多于两个的 VPN接入点 ,那么就需要用到 下面的基于 MPLS的 VPLS VPN二层转发技术。  If a VPN user has more than two VPN access points, the following MPLS-based VPLS VPN Layer 2 forwarding technology is required.
在基于 MPLS 的 VPLS ( Virtual Private LAN Service, 虚拟私有 LAN服务) VPN组网应用情况下, 从一个 VPN用户的一个 CE接入 点上来的用户 VPN业务, 根据业务的二层目的 MAC信息、 入物理 端口和入 VLAN信息情况,有多个目的 CE可以选择, 也就是说每个 CE都与多个 CE点是通的, 可以与多个 CE点下的多个 VPN用户下 的主机进行通信。表 3显示用户正常数据帧 ,表 4显示 MPLS数据帧。
Figure imgf000006_0001
In the MPLS-based VPLS (Virtual Private LAN Service) VPN networking application, the user VPN service from a CE access point of a VPN user is based on the Layer 2 destination MAC information of the service. In the case of port and inbound VLAN information, there are multiple destination CEs to choose from, that is, each CE is connected to multiple CE points, and can communicate with hosts under multiple VPN users under multiple CE points. Table 3 shows the normal data frames for the user and Table 4 shows the MPLS data frames.
Figure imgf000006_0001
用户正常数据帧
Figure imgf000006_0002
User normal data frame
Figure imgf000006_0002
表 4 MPLS数据帧 从转发层面的数据帧封装形式看,点到多点的 VPLS VPN与点到 点的 VLL VPN封装是一样的过程, 也就是说在源 PE设备处, 将进 来的二层以太网数据帧封装两层 MPLS 标签后发往对端的目的 PE设 备。 目的 PE设备接收到封装 MPLS两层标签的用户 VPN数据帧以 后, 将两层 MPLS 标签剥离掉, 并才艮据 MPLS 标签携带的信息, 得 到目的物理端口信息, 从相应的物理端口发出。  Table 4 MPLS data frames From the data frame encapsulation form of the forwarding layer, the point-to-multipoint VPLS VPN is the same process as the point-to-point VLL VPN encapsulation. That is to say, at the source PE device, the incoming Layer 2 Ether is coming. The network data frame encapsulates two layers of MPLS labels and sends them to the peer PE device. After receiving the VPN data frame of the user that encapsulates the MPLS two-layer label, the PE device strips the two layers of MPLS labels and obtains the destination physical port information from the corresponding physical port based on the information carried in the MPLS label.
在上面的两种基于 MPLS的二层 VPN实现方案中, 用户的二层 以太网信息和 VLAN信息在整个转发过程中都是不能被改变的, 因 为这些信息都是 VPN用户的信息,作为提供 VPN业务的提供商或运 营商来说, 应该只是负责提供二层连通的通信管道, 而不能更改用户 的任何信息。 这是 MPLS 二层 VPN解决方案的初衷和目的。 In the above two MPLS-based Layer 2 VPN implementations, the user's Layer 2 Ethernet information and VLAN information cannot be changed during the entire forwarding process because the information is the VPN user's information. The provider or operator of the service should only be responsible for providing the communication channel of the Layer 2 connectivity, but not the user. Any information. This is the original intention and purpose of the MPLS Layer 2 VPN solution.
但在实际组网应用中,有些环境下的二层 VLAN信息是二层 VPN 业务提供商或者运营商自身添加的, 运营商或者是提供物理端口给 VPN用户使用, 或者是在用户已有的 VLAN信息之上再添加一层 VLA 信息, 总之是运营商可以控制一层或两层 VLAN信息权限的 应用场合越来越多和越来越普遍, 在这种情况下, 仍然把所有的 VLA 信息都当作是 VPN用户的信息来对待和处理, 在应用中就会 带来很多不合理和 VPN部署上的不便利。  However, in actual networking applications, the Layer 2 VLAN information in some environments is added by the Layer 2 VPN service provider or the carrier itself. The carrier either provides a physical port to the VPN user or the existing VLAN of the user. Adding a layer of VLA information on top of the information. In short, there are more and more common applications where operators can control one or two layers of VLAN information. In this case, all VLA information is still used. Treated and treated as information of VPN users, it will bring a lot of unreasonable and inconvenient VPN deployment in the application.
此外, VLAN之间的互通只能通过配置 3层(协议层)的路由实 现。 当需要組建 VPN (虚拟专用网)时, 通常采用 3层的 VPN技术。 目前最常用的 3层 VPN技术就是 MPLS L3 VPN (基于多协议标签交 换的 3层 VPN ), 这需要设备能够支持 MPLS功能及 L3 VPN功能, 配置支持 MPLS所需的信令和复杂的路由, 要求设备有更高的性能, 增加了设备成本及维护成本。这种方案不受地域和网络的限制, 但要 求骨干网支持 MPLS, 对于采用以太组网的城域网来说过于复杂; 而 且 3层互通效率及灵活性不如 2层(链路层)。  In addition, interworking between VLANs can only be achieved by configuring Layer 3 (Protocol Layer) routing. When a VPN (Virtual Private Network) needs to be set up, a Layer 3 VPN technology is usually adopted. At present, the most commonly used Layer 3 VPN technology is MPLS L3 VPN (3-layer VPN based on multi-protocol label switching), which requires the device to support MPLS functions and L3 VPN functions, and configure signaling and complex routing required to support MPLS. Equipment has higher performance, increasing equipment costs and maintenance costs. This scheme is not limited by geography and network. However, the backbone network is required to support MPLS. It is too complicated for the metropolitan area network with Ethernet networking; and the interoperability and flexibility of Layer 3 interworking is not as good as that of Layer 2 (link layer).
目前有一种 VLAN转换技术, 即将接入的 VLAN转换成另外一 个 VLAN, 主要用于公网 VLAN ID和私网 VLAN ID的转换。 其特 点是在入端口配置 VLAN ID的转换属性, 例如, 在端口 2, VLAN 2 转换成 VLAN 200 , 这样当 VLAN 2到达端口 2时就转换成了 VLAN 200。  Currently, there is a VLAN conversion technology, which converts the incoming VLAN into another VLAN, which is mainly used for converting the public network VLAN ID and the private network VLAN ID. The feature is to configure the VLAN ID conversion attribute on the ingress port. For example, on port 2, VLAN 2 is converted to VLAN 200, so when VLAN 2 reaches port 2, it is converted to VLAN 200.
这种转换方式要求转换后的 VLAN ID必须是公网 VLAN ID,会 占用交换机本身的 VLAN ID资源; 只支持一层 VLAN ID的转换,不 支持多层 VLAN ID的互相转换; 不能根据出端口网络的特性来转换 VLAN ID , 一个入私网 VLAN ID只能固定转换成一个公网的 VLAN ID, 实现一对一的转换, 缺少灵活性。 发明内容  This type of conversion requires that the converted VLAN ID must be the public network VLAN ID, which occupies the VLAN ID resource of the switch itself. It only supports the conversion of one VLAN ID. It does not support the conversion of multiple VLAN IDs. The feature is to convert the VLAN ID. A VLAN ID of a private network can only be converted into a public network VLAN ID, which realizes one-to-one conversion and lacks flexibility. Summary of the invention
本发明解决的技术问题是提供一种多层虚拟局域网交换的方法 以及一种网络设备, 以克服现有技术实现 VLAN互通时效率低, 设 备复杂的缺点, 灵活地实现多点、 多层虚拟局域网之间的自动交换。  The technical problem to be solved by the present invention is to provide a method for multi-layer virtual local area network switching and a network device to overcome the disadvantages of low efficiency and complicated equipment in the prior art for implementing VLAN interworking, and flexible implementation of multi-point and multi-layer virtual local area networks. Automatic exchange between.
为此,本发明提供如下的技术方案:一种虚拟局域网交换的方法, 包括步骤:  To this end, the present invention provides the following technical solution: a method for virtual local area network switching, including the steps:
1 )接收数据帧, 根据该数据帧中获取交换相关信息, 查询网络 设备中配置的交换相关信息和 VLAN信息的对应关系, 从而获取新 -6- 的 VLAN信息, 根据该新的 VLAN信息对数据帧进行更新; 1) receiving a data frame, obtaining the exchange related information according to the data frame, querying the correspondence between the exchange related information and the VLAN information configured in the network device, thereby acquiring a new -6- VLAN information, updating the data frame according to the new VLAN information;
2 )转发所述更新后的数据帧。  2) Forwarding the updated data frame.
优选地,所述交换相关信息包括 VPN ID、 VPN ID和出物理端口、 公网 VLAN信息、 数据帧识别信息、 交换域标识、 交换域标识和目 的 MAC地址。  Preferably, the exchange related information includes a VPN ID, a VPN ID and an outgoing physical port, public network VLAN information, data frame identification information, a switching domain identifier, a switching domain identifier, and a destination MAC address.
优选地, 所述 VPN ID或 VLAN信息携带在 MPLS标签中。 优选地, 所述交换域标识根据数据帧查询配置表获得。  Preferably, the VPN ID or VLAN information is carried in an MPLS label. Preferably, the switching domain identifier is obtained according to a data frame query configuration table.
本发明还提供一种虛拟局域网交换的方法, 用于使得私网的 VLAN从公网透传到需要连接的其他私网,其中所述公网上至少包括 有一个网络设备入端口及一个网络设备出端口, 包括步骤:  The present invention also provides a method for switching a virtual local area network, which is used to transparently transmit a VLAN of a private network from a public network to another private network that needs to be connected. The public network includes at least one network device ingress port and one network device out. Port, including steps:
21 )在所述网络设备入端口, 根据入物理端口将用户数据帧上的 VLAN标签映射成 VPN ID;  21) mapping, on the ingress port of the network device, a VLAN tag on a user data frame into a VPN ID according to the ingress physical port;
22 )将经上述处理后的用户数据帧在运营商网络内部进行转发; 23 )在所述网给设备出端口, 根据出物理端口将携带有 VPN ID 的数据帧映射成携带用户 VLAN标签的数据帧并进行转发。  22) Forwarding the processed user data frame in the carrier network; 23) mapping the data frame carrying the VPN ID to the data carrying the user VLAN tag according to the physical port. Frame and forward it.
优选地, 步骤 21 ) 中所述的映射具体包括:  Preferably, the mapping described in step 21) specifically includes:
31)在网络设备的入端口, 配置一张映射表, 使得 VPN ID与用 户 VLAN标签、 端口号对应;  31) Configure a mapping table on the ingress port of the network device, so that the VPN ID corresponds to the user VLAN tag and port number;
32)在网络设备的入端口,接收到携带有用户 VLAN标签的数据 帧后, 对上述映射表进行查询;  32) After receiving the data frame carrying the user VLAN tag on the ingress port of the network device, querying the mapping table;
33)根据查询的结果, 替换数据帧中携带的用户 VLAN标签为 VPN ID„  33) According to the result of the query, the user VLAN tag carried in the replacement data frame is a VPN ID.
优选地, 步骤 23 ) 中所述映射具体包括: 41 )在网络设备的出 端口配置的映射表, 使得 VPN ID、 出端口号与该 VPN用户使用的 VLAN标签相对应;  Preferably, the mapping in step 23) specifically includes: 41) a mapping table configured on an egress port of the network device, such that the VPN ID and the egress port number correspond to the VLAN tag used by the VPN user;
42 ) 网络设备的出端口接收到携带有 VPN ID的数据帧后 , 对上 述映射表进行查询;  42) After receiving the data frame carrying the VPN ID, the egress port of the network device queries the mapping table.
43 )根据查询的结果,替换数据帧中携带的 VPN ID为用户 VLAN 标签。  43) According to the result of the query, the VPN ID carried in the replacement data frame is a user VLAN tag.
优选地, 所述的 VPN ID为新的一层或两层 VLAN标签。  Preferably, the VPN ID is a new one or two layer VLAN tag.
本发明还提供一种虚拟局域网交换的方法, 运行在现有的基于 MPLS的二层 VPN广域网基础之上,所述网络包括至少一源端 PE(局 方)设备和一对端 PE (局方)设备, 包括步驟:  The present invention also provides a method for virtual local area network switching, which is based on an existing MPLS-based Layer 2 VPN wide area network, where the network includes at least one source PE (office) device and a pair of end PEs (office) ) equipment, including steps:
61 )源端 PE设备接收到带有 VLAN信息的二层数据帧后, 借由 VLAN与 VPN的映射关系表, 得到 VPN的 ID; 62 )通过 VPN的 ID进行目的 MAC地址的转发查找, 得到目的 PE的信息以及封装 MPLS两层标签的信息; 61) After receiving the Layer 2 data frame with the VLAN information, the source PE device obtains the VPN ID by using the mapping relationship between the VLAN and the VPN; The forwarding of the destination MAC address is performed by using the ID of the VPN, and the information of the destination PE and the information of the MPLS two-layer label are encapsulated.
63 )对端 PE设备收到封装后的二层数据帧后, 通过设置的 VPN ID到 VLAN的映射关系表,更改所述封装的 VLAN信息并进行转发。  63) After receiving the encapsulated Layer 2 data frame, the peer PE device changes the encapsulated VLAN information and forwards the packet through the mapping relationship between the VPN ID and the VLAN.
优选地, 在所述步骤 62 )中, 需进一步对二层数据帧进行 MPLS 两层标签的封装。  Preferably, in the step 62), the MPLS two-layer label is further encapsulated on the layer 2 data frame.
优选地, 根据具体的传输环境不同, 所述二层以太网数据帧携带 的 VLAN信息是原始的 VLAN信息或 VPN ID的信息。  Preferably, the VLAN information carried by the Layer 2 Ethernet data frame is original VLAN information or VPN ID information, according to a specific transmission environment.
优选地, 在步骤 63 ) 中, 在更改封装的 VLAN信息之前, 所述 对端 PE设备还需使用 VPN ID加目的 MAC地址信息查找得到对端 PE设备上的转发目的物理端口; 对端 PE设备根据所述物理端口信 息, 查找得到在该物理端口下的 VPN I 到 VLAN的映射表,得到输 出该端口时所需要封装的 VLAN信息, 封装后从相应物理端口发出。  Preferably, in step 63), before changing the encapsulated VLAN information, the peer PE device further needs to use the VPN ID and the destination MAC address information to find the forwarding destination physical port on the peer PE device; According to the physical port information, the mapping table of the VPN I to the VLAN under the physical port is obtained, and the VLAN information that needs to be encapsulated when the port is output is obtained, and is encapsulated and sent from the corresponding physical port.
优选地, 所述被封装的二层以太网数据帧所带的 VLAN信息可 以是一层或两层。  Preferably, the VLAN information carried by the encapsulated Layer 2 Ethernet data frame may be one layer or two layers.
优选地, 在步骤 61 ) 中, 所述源端 PE设备还需使用 VPN ID进 行源 MAC地址的学习, 并将相应的 MAC地址学习到该源端 PE设 备下属于该 VPN用户的相应端口。  Preferably, in the step 61), the source PE device further learns the source MAC address by using the VPN ID, and learns the corresponding MAC address to the corresponding port of the VPN user under the source PE device.
优选地,在步骤 63 )之后 ,所述对端 PE设备进一步根据 VPN ID 信息和 MPLS 标志交换路径的来源信息,将相应的源 MAC地址学习 到相应的对应的远端 PE之下。  Preferably, after the step 63), the peer PE device further learns the corresponding source MAC address under the corresponding corresponding remote PE according to the VPN ID information and the source information of the MPLS label switching path.
本发明还提供一种虚拟局域网交换的方法, 包括步骤:  The invention also provides a method for virtual local area network exchange, comprising the steps of:
161 )在虚拟局域网 VLAN交换设备上配置 VLAN交换路径转发 表,所述 VLAN交换路径转发表包括所有交换域下参与交换的 VLAN 信息;  161) configuring a VLAN switching path forwarding table on the VLAN switching device, where the VLAN switching path forwarding table includes VLAN information of all switching domains participating in the switching;
162 )查询所述 VLAN交换路径转发表, 获得输入数据包对应的 交换域标识;  162) querying the VLAN switching path forwarding table, and obtaining a switching domain identifier corresponding to the input data packet;
163 )根据所述交换域标识和所述输入数据包的目的媒体接入控 制 MAC地址选择所述输入数据包的出口路径;  163) selecting an exit path of the input data packet according to the switching domain identifier and a destination media access control MAC address of the input data packet;
164 )通过所述出口路径转发所述输入数据包。  164) forwarding the input data packet through the egress path.
优选地, 当所述输入数据包对应的交换域有 2条以上交换路径 时, 所述步骤 163 )具体包括:  Preferably, when the switching domain corresponding to the input data packet has more than two switching paths, the step 163) specifically includes:
171 ) 以交换域标识和目的 MAC地址查询转发表;  171) query the forwarding table by using the exchange domain identifier and the destination MAC address;
172 )如果所述转发表中有对应的出口路径, 则获取该出口路径 及对应的 VLAN标签; 05 002067 172) If there is a corresponding egress path in the forwarding table, obtain the egress path and the corresponding VLAN tag; 05 002067
-8--8-
173 )如果所述转发表中没有对应的出口路径,则根据所述 VLAN 交换路径表获取所述交换域标识对应的除入口路径之外的全部出口 路径及对应的 VLAN标签。 173) If there is no corresponding egress path in the forwarding table, all the egress paths and corresponding VLAN tags except the ingress path corresponding to the switching domain identifier are obtained according to the VLAN switching path table.
优选地, 当所述输入数据包对应的交换域只有 2条交换路径时, 所述步骤 163 )具体为:  Preferably, when the switching domain corresponding to the input data packet has only two switching paths, the step 163) is specifically:
直接根据所述 VLAN 交换路径表获取所述出口路径及对应的 VLAN标签。  Obtaining the egress path and the corresponding VLAN tag directly according to the VLAN switching path table.
优选地, 在所述步骤 162 )和 164 )之间还包括: 剥离输入数据 包的多层 VLAN标签。  Preferably, between the steps 162) and 164), the method further comprises: stripping the multi-layer VLAN tag of the input data packet.
优选地, 所述步骤 164 ) 包括:  Preferably, the step 164) includes:
201 ) 当获取到出口路径及对应的 VLAN标签后, 按下述过程转 发所述输入数据包:  201) After obtaining the egress path and the corresponding VLAN tag, forward the input packet as follows:
根据所述出口路径对应的 VLAN标签重新封装输入数据包; 将封装后的输入数据包通过所述出口路径转发;  Re-encapsulating the input data packet according to the VLAN tag corresponding to the egress path; and forwarding the encapsulated input data packet by using the egress path;
202 ) 当获取到交换域标识对应的除入口路径之外的全部出口路 径及对应的 VLAN标签后, 按下述过程转发所述输入数据包:  202) After obtaining all the exit paths and corresponding VLAN tags except the entry path corresponding to the switch domain identifier, forwarding the input data packet according to the following procedure:
复制与所述全部出口路径个数相同的、 剥离多层 VLAN标签后 的输入数据包;  Copying the input data packet with the same number of all the exit paths and stripping the multi-layer VLAN tag;
分别按照每个出口路径对应的 VLAN标签封装复制后的输入数 据包;  Encapsulating the copied input data packet according to the VLAN tag corresponding to each egress path;
将封装后的输入数据包分别通过对应的出口路径转发。  The encapsulated input data packets are respectively forwarded through the corresponding exit path.
优选地, 所述方法还包括步骤:  Preferably, the method further comprises the steps of:
220 )将所述输入数据包的源 MAC地址及多层 VLAN标签学习 到所述转发表中。  220) learning the source MAC address and the multi-layer VLAN tag of the input data packet into the forwarding table.
优选地, 所述步骤 162 ) 包括:  Preferably, the step 162) includes:
当所述多层 VLAN的外层 VLAN不占用本交换设备本身配置的 VLAN 时, 根据输入数据包的多层 VLAN标签和入端口查询所述 VLAN交换路径表, 得到对应的交换域标识;  When the outer VLAN of the multi-layer VLAN does not occupy the VLAN configured by the switching device itself, the multi-layer VLAN tag of the input data packet and the ingress port query the VLAN switching path table to obtain the corresponding switching domain identifier.
当所述多层 VLAN 的外层 VLAN 占用本交换设备本身配置的 VLAN时, 根据输入数据包的多层 VLAN标签查询所述 VLAN交换 路径表, 得到对应的交换域标识。  When the outer VLAN of the multi-layer VLAN occupies the VLAN configured by the switching device, the VLAN switching path table is queried according to the multi-layer VLAN tag of the input data packet, and the corresponding switching domain identifier is obtained.
优选地, 所述步骤 162 )还包括:  Preferably, the step 162) further includes:
当所述输入数据包的输入端口对应多个不同的交换域 ID时, 按 标签深度优先或者按配置顺序优先匹配所述 VLAN交换路径表中的 VLAN标签。 本发明还提供一种虚拟局域网交换的方法, 包括步骤: When the input port of the input data packet corresponds to a plurality of different switching domain IDs, the VLAN tags in the VLAN switching path table are preferentially matched according to the label depth priority or in the configuration order. The invention also provides a method for virtual local area network exchange, comprising the steps of:
271 )在交换设备上配置 QinQ VLAN交换表;  271) Configure a QinQ VLAN exchange table on the switching device.
272 )在 QinQ终结时, 查询 QinQ VLAN交换表得到新的私网 VLAN ID; 用新的私网 VLAN ID替换原先的数据包中的 VLAN ID;  272) When the QinQ is terminated, query the QinQ VLAN exchange table to obtain a new private network VLAN ID; replace the VLAN ID in the original data packet with the new private network VLAN ID;
273 )将替换了新的私网 VLAN ID的 QinQ数据包从出端口发送 出去。  273) Send the QinQ packet with the new private network VLAN ID out of the egress port.
优选地, 所述的 QinQ VLAN交换表包括公网 VLAN ID、 出端口 号、 私网 VLAN ID和交换后的新私网 VLAN ID信息, 或公网 VPN 标识、 出端口号、 私网 VLAN ID和交换后的新私网 VLAN ID信息, 或公网 VLAN ID、 出端口号、 MAC地址、 用户地址、 以及交换后的 VLAN ID信息等。  Preferably, the QinQ VLAN exchange table includes a public network VLAN ID, an outbound port number, a private network VLAN ID, and a switched private network VLAN ID information, or a public network VPN identifier, an outbound port number, a private network VLAN ID, and The VLAN ID of the new private network after the exchange, or the public network VLAN ID, the outbound port number, the MAC address, the user address, and the exchanged VLAN ID information.
优选地, 在步驟 271 ) 中, 将 QinQ VLAN交换表在交换设备中 进行统一配置, 或者将该表拆分成在每个端口各配置一个表。  Preferably, in step 271), the QinQ VLAN switch table is uniformly configured in the switching device, or the table is split into one table configured on each port.
优选地, 在所述的步骤 272 )中, 通过剥离的外层公网 VLAN ID +出端口号 +私网的 VLAN ID去查询 QinQ VLAN交换表, 得到新 的私网 VLAN ID。  Preferably, in the step 272), the QinQ VLAN exchange table is queried by the stripped outer public network VLAN ID + the outbound port number + the private network VLAN ID, and a new private network VLAN ID is obtained.
优选地, 所述外层公网 VLAN均指最外层公网 VLAN。  Preferably, the outer public network VLAN refers to the outermost public network VLAN.
本发明还提供一种网络设备, 其应用在运营商边缘以为 VPN用 户提供服务, 其包括:  The present invention also provides a network device, which is applied at the edge of an operator to provide services for VPN users, and includes:
转发模块 , 用以根据内部转发表将数据帧从相应的端口转发出 去;  a forwarding module, configured to forward the data frame from the corresponding port according to the internal forwarding table;
存储单元, 存储用户信息与本地用户 VLAN之间的映射关系; 转换模块, 获取来自运营商网络数据帧内的用户信息, 并依据上 述映射关系更新数据帧中的当前用户 VLAN信息, 使之携带本地用 户 VLAN信息, 然后送给转发模块处理; 或者获取来自用户的数据 帧内的本地用户 VLAN信息, 并依据上述映射关系更新数据帧, 使 之携带用户信息, 然后交给转发模块处理。  a storage unit, configured to store a mapping relationship between the user information and the local user VLAN; the conversion module acquires user information in the data frame of the operator network, and updates the current user VLAN information in the data frame according to the mapping relationship, so as to carry the local The user VLAN information is sent to the forwarding module for processing; or the local user VLAN information in the data frame from the user is obtained, and the data frame is updated according to the mapping relationship to carry the user information, and then submitted to the forwarding module for processing.
优选地,所述用户信息包含在数据帧的 MPLS标签中、或者包含 在数据帧的运营商 VLAN标签中。  Preferably, the user information is included in an MPLS label of the data frame or included in a carrier VLAN tag of the data frame.
优选地, 用户携带的 VLAN是双层的。  Preferably, the VLAN carried by the user is double-layered.
本发明还提供一种虚拟局域网交换方法,其应用于运营商某一边 缘设备, 其包括以下步骤:  The present invention also provides a virtual local area network switching method, which is applied to an edge device of an operator, and includes the following steps:
在边缘设备上记录下用户信息和该边缘设备下用户的 VLAN对 应关系;  Recording the user information on the edge device and the VLAN relationship of the user under the edge device;
从运营商网络内接收数据帧, 并将该数据帧中包含的当前用户 VLAN替换为设备上记录的用户的 VLAN, 然后转发给用户。 Receive a data frame from the carrier network and include the current user in the data frame The VLAN is replaced with the VLAN of the user recorded on the device and then forwarded to the user.
优选地, 所述用户信息是运营商 VLAN中或 MPLS标签。  Preferably, the user information is in an operator VLAN or an MPLS label.
由以上本发明提供的技术方案可以看出, 本发明的有益效果在 于: 由于网络设备中配置有交换信息和 VLAN信息之间的对应关系, 根据该对应关系来更新数据帧, 从而可以提高 VLAN互通时的效率, 灵活地实现多点、 多层虚拟局域网之间的自动交换。  The technical solution provided by the present invention can be seen that the beneficial effects of the present invention are as follows: Since the correspondence between the exchange information and the VLAN information is configured in the network device, the data frame is updated according to the corresponding relationship, thereby improving the VLAN interworking. Time efficiency, flexible implementation of automatic exchange between multi-point, multi-layer virtual LAN.
本发明的另一个方案中, 分别在入端口和出端口配置映射表的 方法可以改变用户 VLAN标签的数值, 从而可以使得一个 VPN内部 的用户业务种类标记在不同物理端口 (对应不同物理位置)有不同的表 现形式,并可以实现只在一台设备上集中配置,因此简化了网络布署。 最后,该方案提供的点到多点 VPN的方法,不需要采用具有 MPLS 功 能的交换机, 在当前众多的中低端设备上即可应用, 因而可以大大降 低网络运营商的成本。  In another aspect of the present invention, the method for configuring the mapping table on the ingress port and the egress port respectively can change the value of the user VLAN tag, so that the user service category inside a VPN is marked on different physical ports (corresponding to different physical locations). Different representations and centralized configuration on only one device simplify network deployment. Finally, the point-to-multipoint VPN method provided by the solution does not require the use of a switch with MPLS function, and can be applied to many current low-end and mid-range devices, thereby greatly reducing the cost of the network operator.
此外, 由于可以通过映射在二层数据帧中采用两层 VLAN标签 来表示 VPN ID, 因此可以实现 4K*4K个 VPN, 极大的拓展了 VPN 的数量, 为 VPN用户的数量增加作了较好的支持。  In addition, since the VPN ID can be represented by mapping two layers of VLAN tags in the Layer 2 data frame, 4K*4K VPNs can be implemented, which greatly expands the number of VPNs and improves the number of VPN users. support.
本发明的另一个方案中, 通过在源端 PE设备中添加 VLAN和 VPN ID的映射关系, 并在对端 PE设备中相应的解析并相应变动这 种映射关系, 增加了运营商对二层以太网数据帧中 VLAN信息的控 制, 从而实现局方单独配置所需要的 VPN业务种类, 不需要另一方 (用户) 的配合即可完成, 因而使得 VPN的部署更加简便、 灵活。  In another aspect of the present invention, by adding a mapping relationship between a VLAN and a VPN ID in the source PE device, and correspondingly parsing and correspondingly changing the mapping relationship in the peer PE device, the carrier is added to the Layer 2 Ethernet. The control of the VLAN information in the network data frame, so that the type of VPN service required by the local party to be configured separately can be completed without the cooperation of the other party (user), thus making the deployment of the VPN more convenient and flexible.
本发明的又一方案中, 通过建立 VLAN交换路径表, 从而建立 起了交换域标识与多层 VLAN标签及端口的对应关系, 使同一交换 域下的不同路径能够实现 2层互通, 被交换的 VLAN不占用设备本 身的 VLAN资源,也就是接入的 VLAN数不受 VLAN交换设备 4094 个 VLAN资源的限制。 利用本发明可以简单地实现 VPN运营, 灵活 指定 VPN的组建方式, 而不用事先对 VPN进行 VLAN规划, 使运 营商可以按自己的规划依照不同地域进行 VLAN划分, 而不需对现 网的配置文任何爹改, 方便地实现 VPN组网。  In another aspect of the present invention, by establishing a VLAN switching path table, the correspondence between the switching domain identifier and the multi-layer VLAN tag and the port is established, so that different paths in the same switching domain can implement Layer 2 interworking, and are exchanged. A VLAN does not occupy the VLAN resources of the device itself. That is, the number of VLANs to be accessed is not limited by the 4094 VLAN resources of the VLAN switching device. With the present invention, the VPN operation can be easily implemented, and the VPN configuration mode can be flexibly designated without the VLAN planning of the VPN in advance, so that the operator can perform VLAN division according to different regions according to its own plan, without the configuration text of the existing network. Any tampering, convenient VPN networking.
此外, 在该表中包括所有交换域下参与交换的 VLAN信息: 交 换域标识、 MAC地址、 VLAN标签, 还可能包括端口号。 通过基于 入口的多层 VLAN标签进行 MAC地址学习, 不仅可以学习 MAC地 址和端口, 而且还可学习到对应出口的 VLAN标签, 从而在 2层实 现多点、 不同层数 VLAN之间的自动交换, 提高了 VLAN之间的连 接效率。 本发明的再一方案中, 采用 QinQ VLAN交换表有效地解决了具 有不同 VLAN ID的用户网絡之间不能灵活互通的问题, 能够实现不 同地域的 VLAN通过 QinQ技术组成一个大的 VPN网络, 而不需要 用户对网络配置进行任何更改,并且不同的地域私网可以独立规划自 己的 VLAN, 规划简单、 组网灵活。 附图说明 In addition, the table includes the VLAN information that is involved in the exchange in all switching domains: the switching domain identifier, the MAC address, the VLAN label, and possibly the port number. MAC address learning through the multi-layer VLAN tag based on the ingress can not only learn the MAC address and port, but also learn the VLAN tag of the corresponding egress, so as to realize automatic exchange between multiple points and different layers of VLANs on the 2nd layer. Improve the connection efficiency between VLANs. In another aspect of the present invention, the QinQ VLAN switching table effectively solves the problem that the user networks with different VLAN IDs cannot communicate flexibly, and the VLANs of different regions can be configured to form a large VPN network through QinQ technology instead of You need to make any changes to the network configuration, and the private network in different areas can independently plan its own VLAN. The planning is simple and the networking is flexible. DRAWINGS
图 1是采用本发明的设备内部硬件结构原理图;  1 is a schematic diagram of an internal hardware structure of a device embodying the present invention;
图 2 是本发明的方法的第二实施方式所应用的典型环境的示意 图;  Figure 2 is a schematic illustration of a typical environment to which the second embodiment of the method of the present invention is applied;
图 3是本发明的方法的第二实施方式的流程图;  Figure 3 is a flow chart of a second embodiment of the method of the present invention;
图 4是本发明方法的第三实施方式的实现流程图;  4 is a flowchart showing an implementation of a third embodiment of the method of the present invention;
图 5 是本发明方法第三实施方式中查询并学习出口路径的流程 图;  5 is a flow chart of querying and learning an exit path in a third embodiment of the method of the present invention;
图 6是 VLAN组网示意图;  Figure 6 is a schematic diagram of VLAN networking;
图 7是图 6所示 VLAN网络中接收数据转发过程的流程图; 图 8是图 6所示 VLAN网络中回应数据转发过程的流程图; 图 9是本发明第三实施方式在 VPN组网中的应用示意图。 具体实施方式  7 is a flowchart of a process of receiving data forwarding in the VLAN network shown in FIG. 6. FIG. 8 is a flowchart of a process of forwarding data in the VLAN network shown in FIG. 6. FIG. 9 is a third embodiment of the present invention in a VPN network. Schematic diagram of the application. detailed description
为了更好地理解本发明,下面结合具体实施例对本发明做进一步 的说明, 当然, 具体实施例只是本发明的示范和典型, 并不能对本发 明所要求保护的范围构成限制。  The present invention will be further described in conjunction with the specific embodiments of the present invention, and the present invention is not intended to limit the scope of the invention.
本发明提供的虚拟局域网的交换方法的第一实施方式中,其典型 的实施步骤包括运营商网络入端口处理、运营商网絡内部转发和运营 商网络出端口处理三个主要步驟。 此处, 以运营商为例是为了更好的 结合实际情形来示范, 这里的运营商网络可以是任何具有二层 VPN 功能的网络。 同时此处网络运营商的入端口、 出端口可以是在同一网 络中不同网络设备上的物理端口,也可以是同一网络中同一网络设备 上的不同物理端口,甚至可以是同一网络中同一网络设备上的同一物 理端口, 此处的网絡设备一般为交换机或路由器。  In the first implementation manner of the method for exchanging the virtual local area network, the typical implementation steps include three steps of the operator network ingress port processing, the carrier network internal forwarding, and the operator network out port processing. Here, the operator is taken as an example to better demonstrate the actual situation. The carrier network here can be any network with Layer 2 VPN function. At the same time, the ingress port and the egress port of the network operator may be physical ports on different network devices in the same network, or different physical ports on the same network device in the same network, or even the same network device in the same network. On the same physical port, the network device here is usually a switch or router.
首先,详细说明本发明第一实施方式中运营商网络入端口处理方 法。  First, the carrier network ingress port processing method in the first embodiment of the present invention will be described in detail.
在运营商网絡边缘与用户网络相连接的交换机的入物理端口方 向, 加入一张表来完成 VPN用户的识别和 VLAN标签的替换工作。 这张表的输入是用户 VPN数据帧的入端口和其携带的一层或两层 VLAN标签, 查表后的输出是代表 VPN标志的运营商使用的另外一 层或两层 VLAN标签。 需要说明的是, 所述表可以是人工配置, 也 可以用其它方法实现, 只要能实现上述逻辑映射功能即可。 同时, 如 果被替换后的二层数据帧的 VLAN标签为一层, 那么支持 4096个 VPN; 如果替换后的 VLAN标签为两层, 那么支持 4K*4K个 VPN。 In the direction of the physical port of the switch connected to the user network at the edge of the carrier network, a table is added to complete the identification of the VPN user and the replacement of the VLAN tag. The input to this table is the ingress port of the user VPN data frame and the one or two layers of VLAN tags it carries. The output after the lookup table is another layer or two layers of VLAN tags used by the operator representing the VPN logo. It should be noted that the table may be manually configured or implemented by other methods as long as the above logical mapping function can be implemented. At the same time, if the VLAN tag of the replaced Layer 2 data frame is one layer, then 4096 VPNs are supported; if the replaced VLAN tag is two layers, then 4K*4K VPNs are supported.
表 5是运营商入端口映射表一个示范例。  Table 5 is an example of the operator ingress port mapping table.
Figure imgf000014_0001
表 5
Figure imgf000014_0001
table 5
替换后的一层或两层 VLAN标签代表 VPN的 VPN I 在运营商 内部网络中必须是统一的, 此处所指的 VPN ID是一种逻辑概念, 比 如在表 5中, 入物理端口 1的用户双 VLAN标签被映射成代表 VPN 标志的 301、 302, 301+302共同组成了 VPN ID, 4『ϋ殳为 VPNl , 可 以得知, 入物理端口 3 的双 VLAN标签也被映射成了 301+302 的 VPN1 ,因此在表 5中,入物理端口 1和 3代表的用户属于同一个 VPN 用户。 而替换前的 VLAN标签由于是根据具体入端口配置来的, 有 多个不同端口的 VLAN标签映射成一个相同 VPN ID的情况。  The replaced one or two layers of VLAN tags represent VPN VPN I must be unified in the carrier's internal network. The VPN ID referred to here is a logical concept. For example, in Table 5, enter physical port 1. The user's dual VLAN tag is mapped to the VPN ID 301, 302, 301+302 to form the VPN ID, 4 "ϋ殳 VPN1, it can be known that the dual VLAN tag of the physical port 3 is also mapped to 301+. VPN1 of 302, so in Table 5, the users represented by physical ports 1 and 3 belong to the same VPN user. The VLAN tag before the replacement is configured according to the specific ingress port, and the VLAN tag of multiple different ports is mapped to the same VPN ID.
然后, 进行运营商网络内部的转发。在运营商网络内部的转发过 程中, 按照转换后的 VLAN标志进行自学习转发, 直到转发到运营 商网络出口, 这个过程和普通运营商提供的二层 VPN内部的转发过 程没有什么区别, 此处不再赘述。  Then, forward the internals of the carrier network. During the forwarding process of the carrier network, the self-learning forwarding is performed according to the converted VLAN tag, and is forwarded to the egress of the carrier network. This process is no different from the internal forwarding process of the Layer 2 VPN provided by the common carrier. No longer.
下面, 详细描述运营商出端口处理方法。  In the following, the carrier out port processing method will be described in detail.
在运营商汉 VLA 标签 VPN交换机的出口方向,加入一张表来 完成运营商使用的 VPN标志与用户使用的 VLAN标志的转换。 这张 表的输入是代表 VPN ID标志的一层或两层 VLAN标签, 输出是该 VPN在该输出端口的用户表现形式 VLAN标签 (一层或两层)。  In the direction of the egress of the operator's VLA tag VPN switch, a table is added to complete the conversion of the VPN logo used by the operator and the VLAN tag used by the user. The input to this table is one or two layers of VLAN tags representing the VPN ID flag, and the output is the user's representation of the VPN port label (one or two layers) at the output port.
表 6是运营商出端口映射表的一个示范例。 : 输入 . ,输出 ',: : :' 出端口 VPN标志 VPN标志 用户 VLAN1 :: 用户 VLA 2 Table 6 is an example of an operator outgoing port mapping table. : Input . , Output ', : : : ' Out port VPN flag VPN flag User VLAN1 : : User VLA 2
VLAN1 VLAN2  VLAN1 VLAN2
1 301 302 : 101 102 1 301 302 : 101 102
:■, 2 ■■ 101 , Ί02 ;;::;: 210 211 ':■, 2 ■■ 101 , Ί02 ;;::;: 210 211 '
' 3 ' 301 '■ 302 :, ^10 :: . ' 102 . 表 6 ' 3 ' 301 '■ 302 :, ^10 :: . ' 102 . Table 6
输出方向的这张表也是按照具体出端口配置的。也就是说一个相 同的 VPN ID, 在不同的物理输出端口, 翻译后的两层用户 VLAN标 签可以相同, 当然也可以不同。  This table of output directions is also configured according to the specific outgoing port. That is to say, the same VPN ID, the translated two-layer user VLAN tags can be the same on different physical output ports, and of course can be different.
需要说明的是,本发明提供的技术方案可以支持带有一层或两层 VLAN标签的数据帧,如果在上述运营商网络入端口表替换后的标签 只有一层, 并且随后只是按照该层标签进行 MAC地址学习和转发, 那么只能支持 4096个 VPN, 这是目前市场上的所有芯片都可以支持 的。但如果在入端口表替换后的标签有两层, 并且随后按照两层标签 进行 MAC地址学习和转发, 那么就可以支持 4096*4096个 VPN, 这 就对运营商网絡和用户网络相连的设备的转发芯片功能提出了更高 的要求。 这是一般普通网絡数据交换设备, 特别是具有商用 L2/L3转 发芯片的交换机所不能支持的。  It should be noted that the technical solution provided by the present invention can support a data frame with one or two layers of VLAN tags, if the label of the carrier network entry port is replaced by only one layer, and then only according to the layer label. MAC address learning and forwarding, then only support 4096 VPNs, which is currently supported by all chips on the market. However, if the label after the replacement of the ingress port table has two layers, and then the MAC address learning and forwarding are performed according to the two layers of labels, then 4096*4096 VPNs can be supported, which is for the device connected to the carrier network and the user network. The forwarding chip function puts forward higher requirements. This is a general network data switching device, especially a switch with a commercial L2/L3 forwarding chip.
为此, 本发明提供一种专用于实施本发明提供的方法的设备。 下 面结合附图详细介绍实现本发明采用双 VLAN标签提供点到多点二 层 VPN的方法的设备的内部构成原理。  To this end, the present invention provides an apparatus dedicated to the implementation of the method provided by the present invention. The internal structure of the device for implementing the method for providing a point-to-multipoint layer 2 VPN using the dual VLAN tag of the present invention will be described in detail below with reference to the accompanying drawings.
目前的商用 L2/L3层交换机转发芯片都支持基于 VLAN的转发, 本发明在转发芯片 (可称之为转发模块)前面附加了一个转换模块, 即可实现对带有双 VLAN标签用户数据帧转发的支持, 此处的转换 模块可以用硬件也可以用软件的方法实现。  The current commercial L2/L3 layer switch forwarding chip supports VLAN-based forwarding. The present invention adds a conversion module in front of the forwarding chip (which may be referred to as a forwarding module), thereby realizing the forwarding of user data frames with dual VLAN tags. Support, the conversion module here can be implemented by hardware or software.
也就是说, 本发明提供一种具有转发模块、转换模块和存储模块 的网络设备(图未示)。 转发模块用以根据内部转发表将数据帧从相 应的端口转发出去; 存储单元存储用户信息与本地用户 VLAN之间 的映射关系; 转换模块获取来自运营商网络数据帧内的用户信息, 并 依据上述映射关系更新数据帧中的当前用户 VLAN信息, 使之携带 本地用户 VLAN信息, 然后送给转发模块处理; 或者获取来自用户 的数据帧内的本地用户 VLAN信息, 并依据上述映射关系更新数据 帧, 使之携带用户信息, 然后交给转发模块处理。 That is, the present invention provides a network device (not shown) having a forwarding module, a conversion module, and a storage module. The forwarding module is configured to forward the data frame from the corresponding port according to the internal forwarding table; the storage unit stores the mapping relationship between the user information and the local user VLAN; the conversion module acquires the user information from the carrier network data frame, and according to the foregoing The mapping relationship updates the current user VLAN information in the data frame to carry the local user VLAN information, and then sends the information to the forwarding module; or obtains the local user VLAN information in the data frame from the user, and updates the data according to the mapping relationship. The frame is carried to carry the user information and then handed over to the forwarding module for processing.
如图 1所示, 该转换模块实现的具体功能描述如下: 在交换机每 个物理端口入口方向,根据 CPU配置的两层 VLAN标签到一层 (或两 层) VLAN标签的映射表, 映射成代表二层 VPN ID的新 VLAN, 然 后重新计算 CRC后交给后面的商用 ASIC 进行后续转发; 在每个 GE (千兆以太网)的出口 , 再才艮据代表二层 VPN ID的新 VLAN标签, 根据 CPU配置在各个端口的映射表, 重新生成两层标签, 然后重新 计算 CRC后发出。  As shown in Figure 1, the specific functions implemented by the conversion module are described as follows: In the direction of each physical port of the switch, according to the mapping table of the two-layer VLAN tag configured by the CPU to the one-layer (or two-layer) VLAN tag, it is mapped to the representative. The new VLAN of the Layer 2 VPN ID is then recalculated and handed over to the subsequent commercial ASIC for subsequent forwarding. At each GE (Gigabit Ethernet) exit, the new VLAN tag representing the Layer 2 VPN ID is used. According to the mapping table configured by the CPU on each port, two layers of labels are regenerated, and then the CRC is recalculated and issued.
转换模块中的 FPGA ( Field program gate array,现场可编程门阵 列)做简单的工作 (映射和 CRC), 其成本较低。 并且表格是配置在每 个物理端口上的, 所以 FPGA可以根据需要只完成支持双 VLAN标 签 VPN端口的入 /出转换工作, 而不是必须在所有端口上都实现。  The FPGA (Field program gate array) in the conversion module does a simple job (mapping and CRC) at a lower cost. And the table is configured on each physical port, so the FPGA can only perform the in/out conversion of the dual VLAN tag VPN port as needed, instead of having to be implemented on all ports.
综上所述, 采用本发明第一实施方式提供的方法及设备, 在较低 成本的情况下就可以增强现有二层 VPN网络提供的功能, 特别是可 以处理带有双 VLAN标签的二层以太网数据帧, 能够实现 4K*4K个 VPN, 同时网络配置方法也更为灵活、 简便。  In summary, the method and device provided by the first embodiment of the present invention can enhance the functions provided by the existing Layer 2 VPN network at a lower cost, in particular, can handle the Layer 2 with dual VLAN tags. Ethernet data frames can implement 4K*4K VPNs, and the network configuration method is more flexible and simple.
本发明的虚拟局域网的交换方法的第二实施方式中,其核心思想 在于通过在源端 ΡΕ设备及对端 ΡΕ设备中配置 VLAN与 VPN ID的 映射关系表, 藉由 VPN ID为中介, 使得在传输数据帧时, 源端和对 端的 VLAN ID信息可以不同,进而实现运营商对 VPN网络的部署更 加灵活、 筒便。  In the second implementation manner of the method for exchanging the virtual local area network of the present invention, the core idea is to configure a mapping relationship between the VLAN and the VPN ID in the source device and the peer device, and the VPN ID is used as an intermediary. When the data frame is transmitted, the VLAN ID information of the source and the peer can be different, so that the deployment of the VPN network by the operator is more flexible and convenient.
本发明第二实施方式提供的组网应用环境与基于现有的 MPLS 的传统 VPN网络一样, 但在 VPN网络部署上却更加灵活、 筒便。 如 图 2所示, 在图 2中显示了企业用户 A和 B分别通过 VPLS服务接 各自的三个分支机构局域网。  The networking application environment provided by the second embodiment of the present invention is the same as the traditional VPN network based on the existing MPLS, but the VPN network deployment is more flexible and convenient. As shown in Figure 2, Figure 2 shows that enterprise users A and B connect to their respective three branch office LANs through the VPLS service.
在这样的基于 MPLS 的二层 VPN网络部署中,有时需要使用本 地化的 VLAN判断 VPN用户,比如说放在用户 A某个机房的某台设 备的某个端口下面的某个 VLAN与放在另外一个机房的某台设备的 某个端口下面的某个 VLAN (这两个 VLAN的数值不同)是同属于 一个 VPN用户, 需要将他们的二层业务进行互通。 机房与机房之间 的通信需要通过运营商的 MPLS 网络, 并且该种组网应用支持多点 对多点的应用模式, 也就是说, 一个 VPN用户可能有多个业务接入 点, 从每个业务接入点进来的业务数据帧, 都有可能与大于两个的目 的接入点进行互通。  In such an MPLS-based Layer 2 VPN network deployment, it is sometimes necessary to use a localized VLAN to determine a VPN user. For example, a VLAN placed under a port of a device in a certain equipment room of user A is placed in another VLAN. A VLAN under a port of a device in a computer room (the values of the two VLANs are different) belong to the same VPN user and need to communicate with their Layer 2 services. The communication between the equipment room and the equipment room needs to pass through the operator's MPLS network, and the networking application supports a multi-point to multi-point application mode, that is, one VPN user may have multiple service access points, from each The service data frames coming in by the service access point may be interconnected with more than two destination access points.
在上述情形中,从源 PE设备进来的 VPN用户二层数据帧格式如 表 7所示; 对端 PE设备出口处的 VPN用户二层数据帧格式如表 8 所示; 或者是如表 9、 表 10所示的两种带有两层 VLAN标签的二层 数据帧格式。 表 9是 PE设备进来的 VPN用户二层数据帧格式; 表 10是目的 PE设备出口处的 VPN用户二层数据帧格式。 In the above scenario, the VPN user's Layer 2 data frame format coming in from the source PE device is as follows: Table 7 shows the format of the Layer 2 data frame of the VPN user at the egress of the peer PE. Table 8 shows the format of the Layer 2 data frame with two VLAN tags as shown in Table 9 and Table 10. . Table 9 shows the format of the Layer 2 data frame of the VPN user that the PE device enters. Table 10 shows the format of the Layer 2 data frame of the VPN user at the egress of the destination PE.
Figure imgf000017_0001
Figure imgf000017_0001
表 8 目的 PE设备出口处的 VPN用户二层数据帧格式
Figure imgf000017_0002
Table 8 Layer 2 data frame format of the VPN user at the exit of the destination PE device
Figure imgf000017_0002
表 10 目的 PE设备出口处的 VPN用户二层数据帧格式 进入基于 MPLS的二层 VPN网络业务提供商的原始二层数据帧, 根据具体的报文传输方式不同, 可能是带有一层 VLAN标签, 也可 能是带有两层 VLAN 标签, 也可能是不带 VLAN 标签。 在不带 VLAN标签的情况下, 以太网交换机会根据入物理端口信息自动地 给进来的二层数据帧加上一个缺省 VLAN信息, 因此不带 VLAN信 息的原始二层数据帧在以后的表述中都按照一层 VLAN标签来考虑。  Table 10: The Layer 2 data frame format of the VPN user at the egress of the PE device enters the original Layer 2 data frame of the MPLS-based Layer 2 VPN network service provider. Depending on the packet transmission mode, it may have a VLAN tag. It may also be with two layers of VLAN tags or no VLAN tags. In the case of a VLAN tag, the Ethernet switch automatically adds a default VLAN information to the incoming Layer 2 data frame based on the incoming physical port information. Therefore, the original Layer 2 data frame without VLAN information is described later. Both are considered according to a layer of VLAN tags.
本发明第二实施方式的完整技术方案包含一层 VLAN标签和两 (多)层 VLAN标签的情况。 下面以一层 VLAN标签的情况为例进 行说明。  The complete technical solution of the second embodiment of the present invention includes a layer of VLAN tag and two (multi) layer VLAN tags. The following takes the case of a layer of VLAN tags as an example.
从上面的表中表示出的源 PE设备接收的二层数据帧和对端 PE 设备发送的二层数据帧格式中可以看出, 如果是带有一层 VLAN标 签的原始二层数据帧, 那么通过 MPLS 二层 VPN业务提供商网络以 后出来的 VLAN标签数值与原来的不同, 虽然前后两个 VLAN标签 都是标志同一个 VPN用户下的业务, 并且应该含义一样, 一样对待。 但在具体的 VLAN数值表现形式上不同。  It can be seen from the Layer 2 data frame received by the source PE device and the Layer 2 data frame format sent by the peer PE device, as shown in the above table, if it is the original Layer 2 data frame with a layer of VLAN tags, then The value of the VLAN tag that comes out of the MPLS Layer 2 VPN service provider network is different from the original one. Although the two VLAN tags are the same as those under the same VPN user, they should be treated the same. However, the specific VLAN value representations are different.
还以图 2为例,从逻辑上说, 源 PE1的 VLAN1即用户 A分支局 域网 1 (或者是在某物理端口下面 VLAN1 )对应于 VPN用户 A, 目 的 PE2下面的 VLAN2即用户 A分支局域网 2 (或者是在某物理端口 下面的 VLAN2)也对应于 VPN用户 A, 目的 PE4下面的 VLAN3即 用户 A分支局域网 3(或者是在某物理端口下面的 VLAN3)也对应于 VPN用户 A, 在整个运营商网络内部, 来自三个不同 PE点的不同 VLAN组成用户 A的 VPN IDl ,该 VPN 内的所有节点基于二层以太 网数据帧的二层通信是通的, 并且二层 MAC地址可以自动学习和老 化,就如同普通的二层数据转发一样。也就是说,各个节点下的 MAC 地址都以 VPN ID1加入端口的形式学习在相应的物理端口之下, 在 二层数据帧业务发往具体的物理端口时, VPN ID1被替换成相应物理 端口下的 VPN IDl的相应 VLAN表现形式。 Taking Figure 2 as an example, logically speaking, VLAN 1 of source PE1, that is, user A branch LAN 1 (or VLAN 1 below a physical port) corresponds to VPN user A, and VLAN 2 below destination PE2 is user A branch LAN 2 ( Or on a physical port The following VLAN 2) also corresponds to VPN user A. The VLAN 3 under the destination PE4, that is, user A branch LAN 3 (or VLAN 3 below a physical port) also corresponds to VPN user A, within the entire carrier network, from three Different VLANs of different PEs form the VPN ID1 of user A. All the nodes in the VPN are based on the Layer 2 communication of the Layer 2 Ethernet data frames, and the Layer 2 MAC address can be automatically learned and aged, just like the ordinary two. Layer data forwarding is the same. That is to say, the MAC address of each node is learned under the corresponding physical port in the form of VPN ID1 joining port. When the Layer 2 data frame service is sent to a specific physical port, VPN ID1 is replaced with the corresponding physical port. The corresponding VLAN representation of VPN IDl.
如图 2并结合图 3所示, 以 VPN用户 A在 PE1下面的 VLAN1 与 PE4下面的 VLAN3业务互通过程为例,具体转发原理过程说明如 下:  As shown in Figure 2 and Figure 3, the VPN user A is in the process of interworking between VLAN 1 and PE3. The process of forwarding is as follows:
( 1 ) PE1 设备接收到带有 VLAN1 的二层数据帧以后, 使用 VLAN1到 VPN IDl的映射关系表, 得到 VPN IDL  (1) After receiving the Layer 2 data frame with VLAN1, the PE1 device uses the mapping table of VLAN1 to VPN ID1 to obtain the VPN IDL.
( 2 )使用 VPN ID1进行目的 MAC地址的转发查找, 得到目的 (2) Use VPN ID1 to forward the destination MAC address and obtain the purpose.
PE信息, 以及封装 MPLS 两层标签的信息。 PE information, and information about the MPLS two-layer label.
( 3 )将用户的二层数据帧进行 MPLS封装,添加 MPLS 标签中, 发往目的 PE4。 在封装二层数据帧的时候, 由于网络中的具体硬件环 境不同, 二层以太网数据帧中的 VLAN信息数据位可以是一层、 二 层或者是没有, 因此对应的封装过程就可能会有以下几种封装变化: a. 被封装的二层数据帧带上原始的 VLAN1信息。  (3) MPLS encapsulation of the user's Layer 2 data frame, adding the MPLS label, and sending it to the destination PE4. When encapsulating a Layer 2 data frame, the VLAN information data bits in the Layer 2 Ethernet data frame can be one layer, two layers, or none, because the specific hardware environment in the network is different. Therefore, the corresponding encapsulation process may be The following package changes: a. The encapsulated Layer 2 data frame carries the original VLAN1 information.
b. 被封装的二层数据帧带上 VPN IDl的信息。  b. The encapsulated Layer 2 data frame carries the information of VPN ID1.
c 被封装的二层数据帧不带 VLAN1或者 VPN IDl信息, 即原 来的 VLAN位置或者是一个空 VLAN数值 (为全零), 或者根本没有 VLAN信息, 即封装为不带 VLAN信息的格式。  c Encapsulated Layer 2 data frames do not have VLAN1 or VPN ID1 information, that is, the original VLAN location or an empty VLAN value (all zeros), or no VLAN information at all, that is, the format is not encapsulated with VLAN information.
( 4 )使用 VPN ID1进行源 MAC地址的学习, 将 MAC地址学 习到相应的 PE下属于该 VPN用户的相应端口。  (4) Use VPN ID1 to learn the source MAC address, and learn the MAC address to the corresponding port of the VPN user under the corresponding PE.
( 5 ) 添加 MPLS标签的二层数据帧到了对端的 PE4设备以后, 从 MPLS标签中得到用户的二层数据帧。  (5) After adding the Layer 2 data frame of the MPLS label to the peer PE4 device, obtain the user's Layer 2 data frame from the MPLS label.
( 6 )在从添加 MPLS标签的数据帧中得到 VPN用户二层数据帧 时, 最重要的是要得到 VPN IDl的信息, 这个 VPN IDl信息需要从 MPLS 标签中得到。  (6) When obtaining the VPN user Layer 2 data frame from the data frame with the MPLS label added, the most important thing is to obtain the VPN ID1 information. The VPN ID1 information needs to be obtained from the MPLS label.
( 7 M吏用 VPN ID1加目的 MAC地址信息进行查找,得到该 PE4 的转发目的物理端口。  (7 M) Use VPN ID1 to add the destination MAC address information to find the destination physical port of the PE4.
( 8 )根据出物理端口信息, 去查找在该物理端口下的 VPN ID l 与 VLAN的映射表, 得到输出该端口时所需要封装的 VLAN信息, 封装后从相应物理端口发出。 (8) According to the physical port information, look up the VPN ID under the physical port. The mapping table with the VLAN obtains the VLAN information to be encapsulated when the port is output, and is encapsulated and sent from the corresponding physical port.
( 9 )根据 VPN ID1信息和 MPLS虚拟交换路径的来源信息,将 目的端口的 MAC地址学习到相应的远端 PE之下, 即对应到源 PE1 设备连接的发送以太网数据帧的 PE。  (9) According to the VPN ID1 information and the source information of the MPLS virtual switching path, the MAC address of the destination port is learned under the corresponding remote PE, that is, the PE that sends the Ethernet data frame connected to the source PE1 device.
另外, 在上面的转发过程中, 从源 PE1到目的 PE4的转发中, 由于穿过运营商网络的带两层 MPLS标签封装的 VPN用户二层数据 帧的 MPLS标签内已经携带了 VLAN和 VPN ID信息, 所以二层数 据帧内部对应的 VLAN信息数据位所携带的信息可以非常灵活, 比 如可以带原始的 VLAN信息, 也可以不带, 也可以带 VPN ID信息, 因此具体的处理情况和手段是多种多样的, 下面分几种情况进行考 虑 o  In addition, in the forwarding process from the source PE1 to the destination PE4, the MPLS label of the Layer 2 data frame of the VPN user with the two layers of MPLS label encapsulation through the carrier network already carries the VLAN and the VPN ID. Information, so the information carried in the corresponding VLAN information data bits in the Layer 2 data frame can be very flexible. For example, the original VLAN information may be carried, or may not be carried, or the VPN ID information may be used. Therefore, the specific processing situation and means are A variety of, the following are considered in several cases o
( 1 ) 带 VPN ID信息或不带 VLAN信息  (1) with or without VLAN ID information
因为 VPN ID信息在 MPLS 标签中已经携带, 因此这个信息在 VLAN信息中也可以不携带。 是否携带, 有时关联到硬件转发 ASIC 的具体实现。因为有些硬件转发 ASIC芯片对不带 VLAN信息的情况 处理比较顺畅一些, 如果二层数据帧内部不携带 VLAN信息, 在这 时候, 对端的芯片处理动作就比较简单, 只需要新插入一层 VLAN 标签就可以了。  Because the VPN ID information is already carried in the MPLS label, this information may not be carried in the VLAN information. Whether it is carried, sometimes associated with the specific implementation of the hardware forwarding ASIC. Because some hardware forwarding ASIC chips are handled smoothly without VLAN information, if the Layer 2 data frame does not carry VLAN information internally, at this time, the peer chip processing action is relatively simple, only a new layer of VLAN tag needs to be inserted. That's it.
( 2 ) 带原始 VLAN信息  ( 2 ) with original VLAN information
如果是将原始 VLAN信息带过运营商网络, 那么携带的信息就 可以更多一些。 因为这时候,用户 VPN ID信息是携带在 MPLS 标签 中的, 因此可以将其它一些信息携带在 VLAN 中。 比如说, 如果一 个 CE下面还有多个 VLAN,那么 MPLS携带 VPN ID信息,而 VLAN 标签的位置就可以携带 CE下面的不同 VLAN信息。  If the original VLAN information is carried over the carrier network, the information carried can be more. Because the user VPN ID information is carried in the MPLS label at this time, other information can be carried in the VLAN. For example, if there are multiple VLANs under one CE, MPLS carries the VPN ID information, and the location of the VLAN label can carry different VLAN information under the CE.
也就是说带 VLAN信息通过运营商网络可以提供一个 VPN用户 下面有多个 VLAN的应用需求, 并且这多个 VLAN在不同的 CE点 有不同的表现形式。  That is to say, the VLAN information can be provided through the carrier network to provide a VPN user with multiple VLAN application requirements, and the multiple VLANs have different representations at different CE points.
因此, 虽然本发明所叙述的具体实施例中, 对端 PE是从 MPLS 标签中获得 VPN ID信息进而进一步获得本地 VLAN信息的, 但是, 其具体的实现方式可以是多样的, 比如对端 PE设备可以不利用二层 以太网数据帧 MPLS标签内携带的 VPN ID信息或 VLAN信息, 而 是在二层以太网数据帧的其他部分携带 VPN ID信息或 VLAN信息, 并利用这些信息实现 VLAN信息的本地化转换, 因此, 不消说, 这 些变换和应用都是包含在本发明权利要求保护的范围之内的。 当然, 在多点对多点的应用中, 因为多个点的 VLAN信息可能 各不相同,而二层转发的原理是需要多个 MAC地址在一个 VLAN中 才能互通。因此,带过 MPLS网络的 VLAN信息最好是代表 VPN ID, 而不是各个点的局部化 VLAN信息,因为这会导致目的点的 MAC地 址学习问题。 如果带过去的是局部化的信息, 那么就需要设备本身能 够处理这种情况,比如说将局部化的 VLAN信息处理后进行二层 VPN 的学习和转发。 Therefore, in the specific embodiment of the present invention, the peer PE obtains the VPN ID information from the MPLS label to further obtain the local VLAN information, but the specific implementation manner may be various, for example, the peer PE device. Instead of using the VPN ID information or VLAN information carried in the MPLS label of the Layer 2 Ethernet data frame, the VPN ID information or VLAN information may be carried in other parts of the Layer 2 Ethernet data frame, and the information may be used to implement local VLAN information. It is to be understood that these modifications and applications are intended to be included within the scope of the appended claims. Of course, in a multi-point to multi-point application, the VLAN information of multiple points may be different, and the principle of Layer 2 forwarding is that multiple MAC addresses need to be interoperable in one VLAN. Therefore, the VLAN information that has passed through the MPLS network preferably represents the VPN ID, rather than the localized VLAN information of each point, because this will cause the MAC address learning problem at the destination point. If the past is localized information, then the device itself can handle this situation, for example, processing the localized VLAN information and learning and forwarding the Layer 2 VPN.
如上面已经提到的, 两层 VLAN标签的情况的处理如同一层 As already mentioned above, the case of a two-layer VLAN tag is treated like a layer
VLA 标签情况, 这两层 VLAN标签都是只有本地局部化的含义。 也就是说, 只在某个接入点上有专门的固定数值, 而到了另外一个接 入点, 标志 VPN用户或用户业务的这两层标签都需要被替换成另外 两层 VLAN标签的数值。 In the case of VLA tags, both VLAN tags are only localized. That is to say, only a specific fixed value is available on one access point, and at the other access point, the two layers of labels marking the VPN user or user service need to be replaced with the values of the other two VLAN tags.
综上所述, 本发明第二实施方式通过在源端 PE 设备中添加 In summary, the second embodiment of the present invention is added to the source PE device.
VLAN和 VPN ID的映射关系, 并在对端 PE设备中相应的解析这种 映射关系, 增加了运营商对二层以太网数据帧中 VLAN信息的控制, 实现了可以由一方 (局方)单独配置所需要的 VPN业务种类, 不需 要另一方(用户)的配合即可完成, 因而使得 VPN的部署更加简便、 灵活。 The mapping between the VLAN and the VPN ID is performed, and the mapping relationship is resolved in the peer PE device. The control of the VLAN information in the Layer 2 Ethernet data frame is implemented by the carrier. The implementation can be performed by one party (the party). The type of VPN service required for configuration can be completed without the cooperation of the other party (user), thus making the deployment of the VPN easier and more flexible.
本发明第三实施方式的核心在于通过建立 VLAN交换路径表, 在该表中包括所有交换域下参与交换的 VLAN信息: 交换域标识、 MAC地址、 VLAN标签, 还可能包括端口号, 从而建立起交换域标 识与多层 VLAN标签及端口的对应关系; 当接收到输入数据包后, 根据该数据包的多层 VLAN标签查询 VLAN交换路径表, 得到对应 的交换域标识; 居该交换域标识和输入数据包的目的 MAC地址选 择输入数据包的出口路径及对应的 VLAN标签; 剥离输入数据包的 多层 VLAN标签, 通过选择到的 VLAN标签对其进行封装, 并通过 出口路径转发封装后的输入数据包, 从而实现多层 VLAN的二层互 连, 例如, 一层 VLAN与多层 VLAN (一层 VLAN、 二层 VLAN、 三层 VLAN等), 以及多层 VLAN与多层 VLAN之间的交换。  The core of the third embodiment of the present invention is to establish a VLAN switching path table, in which the VLAN information involved in the switching in all switching domains is included in the table: a switching domain identifier, a MAC address, a VLAN label, and possibly a port number, thereby establishing Corresponding relationship between the switching domain identifier and the multi-layer VLAN tag and the port; after receiving the input data packet, querying the VLAN switching path table according to the multi-layer VLAN tag of the data packet to obtain the corresponding switching domain identifier; The destination MAC address of the input packet selects the egress path of the input packet and the corresponding VLAN tag; strips the multi-layer VLAN tag of the input packet, encapsulates it by the selected VLAN tag, and forwards the encapsulated input through the egress path. Packets, which enable Layer 2 interconnection of multiple VLANs, for example, one VLAN and multiple VLANs (one VLAN, two VLANs, three VLANs, etc.), and the exchange between multiple VLANs and multiple VLANs .
参照图 4所示本发明第三实施方式的方法的实现流程图: 首先, 在步骤 101: 配置虚拟局域网 VLAN 交换路径表, 所述 VLAN交换路径表包括所有交换域下参与交换的 VLAN信息: 交换 域标识、 VLAN标签, 以及与其对应的连接端口信息。 置的 VLAN, 此时, 外层 VLAN的支持不受 4094的限制, 每个端口 都可以独立支持 4094个外层 VLAN, 需要配置 VLAN交换路径表不 仅要包括所有交换域下参与交换的 VLAN,还要包括其对应的连接端 口信息。 Referring to FIG. 4, an implementation flowchart of the method of the third embodiment of the present invention is shown in FIG. 4: First, in step 101: configuring a virtual local area network VLAN switching path table, where the VLAN switching path table includes VLAN information involved in switching in all switching domains: Domain ID, VLAN tag, and corresponding port information. Set the VLAN, at this time, the support of the outer VLAN is not limited by the 4094, each port You can independently support 4094 outer VLANs. You need to configure the VLAN switching path table to include not only the VLANs participating in the switching domain but also the corresponding connection port information.
特别地, 当多层 VLAN的外层 VLAN占用本 VLAN交换设备所 配置的 VLAN时, 外层 VLAN最大只能支持 4094个, VLAN交换路 径表中只需包含参与交换的 VLAN信息即可。 通过本交换设备本身 配置的 VLAN标签与端口的对应关系, 就能方便地查找到该 VLAN 所属交换域内的所有路径。  In particular, when the outer VLAN of the multi-layer VLAN occupies the VLAN configured by the VLAN switching device, the outer VLAN can only support a maximum of 4094. The VLAN switching path table only needs to contain the VLAN information to be exchanged. All the paths in the switching domain to which the VLAN belongs can be easily found by the mapping between the VLAN tag and the port configured on the switch.
也就是说, 需要配置一个交换域中参与交换的 VLAN,使 VLAN 交换只在用户配置的范围内进行。 所谓交换域是指 VLAN交换的范 围。 同一个交换域中的不同 VLAN之间可以任意交换, 而不受入端 口和出端口的 VLAN特性的限制。 其中, 所述多层虚拟局域网为私 网或公网。  That is to say, you need to configure a VLAN to be exchanged in a switching domain, so that VLAN switching can only be performed within the scope of user configuration. The so-called switched domain refers to the range of VLAN switching. Different VLANs in the same switching domain can be exchanged without any restrictions on the VLAN characteristics of the ingress and egress ports. The multi-layer virtual local area network is a private network or a public network.
下面以支持两层 VLAN为例, 配置的 VLAN交换路径表如下表 11所示:  The following takes the support of a two-layer VLAN as an example. The VLAN switch path table configured is as follows:
表 11 : Table 11:
Figure imgf000021_0001
上表示出了交换域 ID分别为 2和 3中参与交换的 VLAN信息, 由一层 VLAN标签、 二层 VLAN标签(配置 VLAN的层数与需要支 持接入的 VLAN层数一致)和端口号构成。 其中, 每层 VLAN的取 值范围是 1 - 4094, 0表示可以任意匹配该层的 VLAN。
Figure imgf000021_0001
The VLAN information of the exchange domain IDs 2 and 3 is exchanged. The VLAN tag and the Layer 2 VLAN tag (the number of VLANs are the same as the number of VLAN layers to be supported) and the port number. Composition. The value of each VLAN is 1 - 4094. 0 indicates that the VLAN of the layer can be arbitrarily matched.
交换域 ID为 2的交换域中的配置信息如下:  The configuration information of the switching domain with the exchange domain ID 2 is as follows:
第 1条配置信息表示端口 1的第一层 VLAN为 VLAN 7,第二层 VLAN为任何 VLAN都可以;  The first configuration information indicates that the first layer VLAN of port 1 is VLAN 7, and the second layer VLAN is any VLAN.
第 2条配置信息表示端口 2的第一层 VLAN为 VLAN 100,第二 层 VLAN为 VLAN 2;  The second configuration information indicates that the first layer VLAN of port 2 is VLAN 100, and the second layer VLAN is VLAN 2.
第 3条配置信息表示端口 3的第一层 VLAN为 VLAN 10, 第二 层 VLAN为 VLAN 5。  The third configuration information indicates that the first layer VLAN of port 3 is VLAN 10 and the second layer VLAN is VLAN 5.
这三条记录表示了交换域 ID为 2的交换域中的三条交换路径。 利用本发明, 可实现在同一个交换域中不同交换路径在二层的互通, 而不再受限于是否属于同一个 VLAN。 These three records represent three exchange paths in the exchange domain with the exchange domain ID of 2. The invention can realize the interworking of different switching paths in the same switching domain at the second layer. It is no longer limited to whether it belongs to the same VLAN.
交换域 ID为 3的交换域中的配置信息如下:  The configuration information of the switching domain with the exchange domain ID 3 is as follows:
第 4条配置信息表示端口 3的第一层 VLAN为 VLAN 10, 第二 层 VLAN为任何 VLAN都可以。  The fourth configuration information indicates that the first layer VLAN of port 3 is VLAN 10, and the second layer VLAN is any VLAN.
在配置时, 可根据实际需要定义表 11中 VLAN标签的层数, 配 置不同层次的 VLAN标签, 如果需要支持两层标签的 VLAN交换, 则配置两层 VLAN标签, 如果支持三层标签的 VLAN交换, 则配置 三层 VLAN标签。  In the configuration, you can define the number of VLAN tags in Table 11 and configure the VLAN tags of different levels. If you need to support VLAN switching of the two layers, configure two VLAN tags. , configure a Layer 3 VLAN tag.
这样, 根据该表即可知道输入数据包的路径信息和所属交换域。 如果参与交换的多层 VLAN的外层 VLAN属于交换设备本身的 In this way, the path information of the input packet and the associated switching domain can be known from the table. If the outer VLAN of the multi-layer VLAN participating in the exchange belongs to the switching device itself
VLAN, 则在配置参与交换的 VLAN信息时, 可以不用配置具体的端 口, 而通过查询交换机的 VLAN配置表, 可得到该 VLAN所包含的 全部端口, 将端口和 VLAN标签信息结合可自动生成该交换域下的 交换路径。 A VLAN can be configured to exchange all the ports included in the VLAN by querying the VLAN configuration table of the switch. The port and VLAN tag information can be combined to automatically generate the switch. The exchange path under the domain.
步骤 102: 从输入数据包中取出与配置的交换路径支持层数对应 的多层 VLAN标签。 配置的交换路径能支持几层 VLAN标签, 就最 多取数据包的最外几层 VLAN标签。  Step 102: Extract the multi-layer VLAN tag corresponding to the configured number of switching path support layers from the input data packet. The configured switching path can support several layers of VLAN tags, and the maximum number of VLAN tags of the packet can be taken.
然后, 进到步骤 103: 查询 VLAN交换路径表, 得到对应的交换 域标识。  Then, proceed to step 103: Query the VLAN switching path table to obtain the corresponding switching domain identifier.
在上述步骤 101 已经提到 , 当多层 VLAN的外层 VLAN不占用 本交换设备本身配置的 VLAN时 , 需要在 VLAN交换路径表中配置 多层标签与端口的对应关系, 这时, 根据输入数据包的多层 VLAN 标签和入端口查询 VLAN交换路径表, 即可得到对应的交换域标识; 而当多层 VLAN的外层 VLAN占用本 VLAN交换设备所属的 VLAN 时, VLAN交换路径表中只需包含交换域标识、 VLAN标签这些信 息, 因此, 这时只需根据输入数据包的多层 VLAN标签查询 VLAN 交换路径表, 即可得到对应的交换域标识。  It has been mentioned in the above step 101 that when the outer VLAN of the multi-layer VLAN does not occupy the VLAN configured by the switching device itself, the mapping between the multi-layer label and the port needs to be configured in the VLAN switching path table. The multi-layer VLAN tag of the packet and the inbound port query VLAN switching path table can obtain the corresponding switching domain identifier. When the outer VLAN of the multi-layer VLAN occupies the VLAN to which the VLAN switching device belongs, only the VLAN switching path table is needed. This includes the information about the switching domain ID and the VLAN tag. Therefore, you only need to query the VLAN switching path table based on the multi-layer VLAN tag of the input data packet to obtain the corresponding switching domain identifier.
VLAN 交换设备收到输入数据包后, 知道该数据包来自哪个端 口,根据该端口号和取到的多层 VLAN标签查询 VLAN交换路径表, 匹配 VLAN交换路径表中的 VLAN标签, 得到对应的交换域 ID, 这 样就得到这个 VLAN是属于哪个交换域的。  After receiving the input data packet, the VLAN switching device knows which port the data packet comes from, and queries the VLAN switching path table according to the port number and the multi-layer VLAN tag obtained, and matches the VLAN tag in the VLAN switching path table to obtain a corresponding exchange. Domain ID, which gives you which switching domain this VLAN belongs to.
当输入数据包的输入端口对应多个不同的交换域 ID 时, 匹配 VLAN标签时 VLAN标签的命中可以按深度优先或者按配置顺序优 先原则进行匹配。  When the input port of the input packet corresponds to multiple different switching domain IDs, the VLAN tag hits can be matched in depth-first or in the order of configuration priority when matching VLAN tags.
所谓深度优先原则是指优先命中精度高的 VLAN标签, 例如, 如果从端口 3接收的数据包为 VLAN10/VLAN5的两层 VLAN标签数 据包, 则上表 11中第 3条记录和第 4条记录都符合要求, 但第 3条 记录的精度高于第 4条记录, 因此选择该记录中的交换域 ID为 2。 这时, 需要将两层 VLAN标签都剥离。 如果端口 3接收的数据包为 VLAN10/VLAN6的两层 VLAN标签数据包, 则只能命中第 4条记录 VLAN10/VLAN0, 这时得到交换域 ID为 3 , 且只需剥离命中的外层 的 VLAN10标签。 The so-called depth-first principle refers to a VLAN tag with a high priority and a high priority. For example, If the data packet received from port 3 is a two-layer VLAN tag data packet of VLAN 10/VLAN 5, the third record and the fourth record in the above Table 11 are all in compliance, but the accuracy of the third record is higher than that of the fourth record. Record, so select the exchange domain ID in the record to be 2. At this time, you need to strip off the two layers of VLAN tags. If the data packet received by port 3 is a VLAN 10/VLAN 6 VLAN tag packet, you can only hit the fourth record VLAN 10/VLAN 0. In this case, the switch domain ID is 3, and only the outer VLAN 10 of the hit is stripped. label.
所谓配置顺序优先原则是指按照 VLAN交换路径表中的配置顺 序进行匹配, 谁先配置, 谁先匹配。  The principle of configuration order priority refers to matching according to the configuration order in the VLAN switching path table. Who configures first and who matches first.
步骤 104: 根据交换域标识和输入数据包的目的 MAC地址选择 输入数据包的出口路径。  Step 104: Select an exit path of the input packet according to the switching domain identifier and the destination MAC address of the input packet.
步骤 105: 通过选择到的出口路径转发所述输入数据包。  Step 105: Forward the input data packet by selecting an egress path.
在选择出口路径获得输入数据包对应的出口路径的同时,还需要 获得出口路径对应的各层 VLAN标签, 在转发输入数据时, 先剥离 其在步骤 103中命中的入 VLAN标签,然后,再根据获得的出 VLAN 标签封装该数据包, 封装后再进行转发。  When the egress path is selected to obtain the egress path corresponding to the input data packet, the VLAN tag of each layer corresponding to the egress path needs to be obtained. When the input data is forwarded, the inbound VLAN tag hit in step 103 is stripped off, and then, according to The obtained outbound VLAN tag encapsulates the data packet and encapsulates it before forwarding.
本技术领域人员知道, 二层交换是基于网络节点的 MAC地址对 数据进行转发, 转发时需要建立地址转发表, 在该地址转发表中表明 了 MAC地址与端口的对应关系。 本发明同样需要建立一个转发表来 表明 VLAN数据包的转发关系, 具体交换到哪个端口, 交换成什么 样的 VLAN。 本发明建立的转发表包括以下信息: 交换域 ID、 MAC 地址、 VLAN标签、 端口号。 该表是根据输入数据包中的源 MAC地 址和多层 VLAN标签学习后建立起来的, 因此, 在初次访问该表时 并不能获得所需的出口路径信息。  Those skilled in the art know that the Layer 2 switching is based on the MAC address of the network node to forward data. When forwarding, an address forwarding table needs to be established. The correspondence between the MAC address and the port is indicated in the address forwarding table. The present invention also needs to establish a forwarding table to indicate the forwarding relationship of VLAN data packets, which port to switch to, and what kind of VLAN to exchange. The forwarding table established by the present invention includes the following information: a switching domain ID, a MAC address, a VLAN tag, and a port number. The table is built based on the source MAC address and the multi-layer VLAN tag in the input packet. Therefore, the required egress path information cannot be obtained when the table is accessed for the first time.
图 5示出了本发明方法中查询并学习出口路径的流程: 首先, 在步骤 201: 以交换域标识和目的 MAC地址查询转发表; 步骤 202: 判断是否查询到对应的出口路径;  Figure 5 shows the flow of querying and learning the egress path in the method of the present invention. First, in step 201: querying the forwarding table with the switching domain identifier and the destination MAC address; Step 202: determining whether the corresponding egress path is queried;
如果查询到, 则进到步骤 203: 获取该出口路径及对应的 VLAN 标签;  If the query is obtained, proceed to step 203: obtain the exit path and the corresponding VLAN tag;
否则, 进到步骤 204: 根据 VLAN交换路径表获取交换域标识对 应的除入口路径之外的全部出口路径及对应的 VLAN标签。  Otherwise, proceed to step 204: Obtain all the egress paths and corresponding VLAN tags except the ingress path corresponding to the switching domain identifier according to the VLAN switching path table.
步骤 205: 将输入数据包的源 MAC地址及多层 VLAN标签学习 到转发表中。这样,回来的数据包就能从转发表中直接查找到源 MAC 地址对应的出端口。  Step 205: The source MAC address of the input data packet and the multi-layer VLAN tag are learned into the forwarding table. In this way, the returned data packet can directly find the egress port corresponding to the source MAC address from the forwarding table.
例如, 学习后得到的转发表如下表 12所示: 表 12: For example, the forwarding table obtained after learning is shown in Table 12 below: Table 12:
Figure imgf000024_0001
在转发输入数据包时 , 根据学习到的出口路径的不同, 转发过程 也略有不同。
Figure imgf000024_0001
When forwarding incoming packets, the forwarding process is slightly different depending on the learned egress path.
如果从转发表中直接获取到出口路径及对应的 VLAN标签, 则 按下述过程转发输入数据包:  If the egress path and the corresponding VLAN tag are directly obtained from the forwarding table, the input packet is forwarded as follows:
剥离输入数据包的多层 VLAN标签;  Stripping the multi-layer VLAN tag of the incoming packet;
根据出口路径对应的 VLAN标签封装输入数据包, 如果出口对 应多层 VLAN标签, 则依次向数据包中添加多层;  The input data packet is encapsulated according to the VLAN tag corresponding to the egress path, and if the egress corresponds to the multi-layer VLAN tag, multiple layers are sequentially added to the data packet;
将封装后的输入数据包从出口路径的端口发送出去。  The encapsulated input packet is sent out from the port of the egress path.
如果不能从转发表中直接获取到出口路径,则需要将输入数据包 广播到可能的出口路径上, 也就是说要广播到能够进行 VLAN交换 范围内的所有路径对应的端口上, 这时, 需要从 VLAN交换路径表 获取交换域标识对应的除入口路径之外的全部出口路径及对应的 VLAN标签, 然后将输入数据包广播到这些出口路径对应的端口上。 由于是带有多层 VLAN标签的数据交换, 因此对于广播到不同端口 的数据, 还要根据其对应的 VLAN标签分别对这些数据进行封装, 然后才能转发。 具体转发过程如下:  If the egress path cannot be directly obtained from the forwarding table, the input packet needs to be broadcasted to the possible egress path, that is, to be broadcast to the port corresponding to all paths within the range of VLAN switching. Obtain all the egress paths and corresponding VLAN tags except the ingress path corresponding to the switching domain identifier from the VLAN switching path table, and then broadcast the input data packets to the ports corresponding to the egress paths. Because of the data exchange with multi-layer VLAN tags, the data broadcast to different ports must be encapsulated according to their corresponding VLAN tags before they can be forwarded. The specific forwarding process is as follows:
剥离输入数据包的多层 VLAN标签;  Stripping the multi-layer VLAN tag of the incoming packet;
复制与所述全部出口路径个数相同的、 剥离多层 VLAN标签后 的输入数据包;  Copying the input data packet with the same number of all the exit paths and stripping the multi-layer VLAN tag;
分别按照每个出口路径对应的 VLAN标签封装复制后的输入数 据包;  Encapsulating the copied input data packet according to the VLAN tag corresponding to each egress path;
将封装后的输入数据包分别通过对应的出口路径转发。  The encapsulated input data packets are respectively forwarded through the corresponding exit path.
上述剥离输入数据包的多层 VLAN标签的过程也可以是在获取 输入数据包后即可进行。  The above process of stripping the multi-layer VLAN tag of the input data packet may also be performed after the input data packet is acquired.
这样就可以保证只要目的设备在交换域内都能收到广播的数据 包, 终端设备根据收到的数据包的目的 MAC地址判断是否发往本设 备的数据包。 如果目的 MAC地址与本设备的 MAC地址相同, 则按 正常流程进行处理; 如果不相同, 则丟弃该数据包。  In this way, it can be ensured that the destination device can receive the broadcasted data packet in the switching domain, and the terminal device determines whether the data packet is sent to the device according to the destination MAC address of the received data packet. If the destination MAC address is the same as the MAC address of the local device, it is processed according to the normal process. If it is not the same, the packet is discarded.
下面参照表 12所示转发表中的转发路径,进一步说明多层 VLAN 的交换过程。 The multi-layer VLAN is further explained below with reference to the forwarding path in the forwarding table shown in Table 12. Exchange process.
VLAN交换域 2的组网方式如图 6所示:  Figure 6 shows the networking of VLAN switching domain 2.
VLAN 交换域 2 由端口 1 下的 VLAN7、 端口 2 下的 VLAN100/VLAN2和端口 3下的 VLAN10/VLAN5三个网络构成,这 三个独立的网络通过多层 VLAN交换就组成一个大的二层网络。  VLAN switching domain 2 consists of VLAN 7 under port 1, VLAN 100/VLAN 2 under port 2, and VLAN 10/VLAN 5 under port 3. These three independent networks form a large Layer 2 network through multi-layer VLAN switching. .
4 殳 Al、 A2、 A3三个网络中对应三个设备, 如果 A1访问 A2, 则工作流程如图 7所示:  4 对应 Al, A2, A3 correspond to three devices in three networks. If A1 accesses A2, the workflow is as shown in Figure 7:
首先, 在步骤 401: 从输入数据包中得到一层 VLAN7 (只有一 层 VLAN标签)。  First, in step 401: A layer of VLAN 7 (only one layer of VLAN tags) is obtained from the incoming packet.
步骤 402: 以 VLAN7和端口号 1查询 VLAN交换路径表, 得到 交换域 ID为 2。 说明是要进行 VLAN交换的数据包, 剥离数据包中 的 VLAN7标签。  Step 402: Query the VLAN switching path table by using VLAN 7 and port number 1, and obtain the switching domain ID 2. Description is the packet to be VLAN-switched, stripping the VLAN7 label in the packet.
步骤 403: 以交换域 ID和数据包的目的 MAC地址查询转发表。 步骤 404: 判断是否查询到结果。  Step 403: Query the forwarding table by using the exchange domain ID and the destination MAC address of the data packet. Step 404: Determine whether the result is queried.
如果查询到, 则进到步骤 405: 封装好查询结果中对应的 VLAN 标签, 发送到查询结果对应的端口上。  If the query is obtained, the process proceeds to step 405: the corresponding VLAN tag in the query result is encapsulated and sent to the port corresponding to the query result.
假设转发表为空, 且是首次访问转发表, 则不会查询到结果, 即 对应的出口路径, 此时, 进到步驟 406: 根据交换域 ID查询 VLAN 交换路径表, 得到交换域 ID 为 2 的全部路径 VLAN7/1、 VLAN100/VLAN2/2, VLAN10 VLAN5/3 三条路径, 因为 VLAN7/1 是数据包的输入路径, 所以只需复制两份数据, 即步骤 407: 按路径 数复制数据包。  If the forwarding table is empty and the forwarding table is accessed for the first time, the result is not queried, that is, the corresponding egress path. In this case, go to step 406: Query the VLAN switching path table according to the switching domain ID to obtain the switching domain ID. All paths VLAN7/1, VLAN100/VLAN2/2, VLAN10 VLAN5/3 three paths, because VLAN7/1 is the input path of the packet, so only two copies of data need to be copied, ie step 407: Copy the packet by the number of paths.
然后, 进到步骤 405: 封装好查询结果中对应的 VLAN标签, 发 送到 查询 结 果对应 的 端 口 上 。 针对上述两 条路径 VLAN100/VLAN2/2, VLAN10/VLAN5/3 , 将其中一份数据打上两层 VLAN标签 100和 2,然后从端口 2发送出去;另一份打上两层 VLAN 标签 10和 5, 然后从端口 3发送出去。  Then, proceeding to step 405: encapsulating the corresponding VLAN tag in the query result and sending it to the port corresponding to the query result. For the above two paths VLAN100/VLAN2/2, VLAN10/VLAN5/3, put one of the data on the two layers of VLAN tags 100 and 2, and then send it out from port 2; the other is labeled with two layers of VLAN tags 10 and 5. Then send it out from port 3.
这时, A2和 A3设备都能收到数据, 但只有 A2的 MAC地址与 数据包的目的 MAC地址匹配, A2接收该数据, A3会丢弃该数据。  At this time, both A2 and A3 devices can receive data, but only the MAC address of A2 matches the destination MAC address of the packet, A2 receives the data, and A3 discards the data.
此外,还要将数据包的 VLAN交换域 ID、入 VLAN标签 VLAN7、 入端口号和源 MAC地址学习到转发表中, 即步驟 408: 学习入口的 VLAN7和源 MAC地址到转发表中。 这样, 交换回来的数据包就能 直接根据转发表转发到端口 1。 该步骤也可以在步骤 401之后完成。  In addition, the VLAN switching domain ID, the ingress VLAN tag VLAN 7, the ingress port number, and the source MAC address of the data packet are learned into the forwarding table, that is, step 408: learn the ingress VLAN 7 and the source MAC address into the forwarding table. In this way, the exchanged packets can be forwarded directly to port 1 according to the forwarding table. This step can also be completed after step 401.
A2收到数据包后, 回应 A1的流程如图 8所示:  After A2 receives the data packet, the process of responding to A1 is as shown in Figure 8:
首先, 在步骤 501 : 从数据包中得到两层 VLAN 标签 VLAN100 VLAN2o First, in step 501: get two layers of VLAN tags from the packet. VLAN100 VLAN2 o
步骤 502: 以 VLAN100/VLAN2和端口号 2查询 VLAN交换路 径表, 得到交换域 ID为 2。 说明是要进行 VLAN交换的数据包, 剥 离数据包中的 VLAN100/VLAN2标签。  Step 502: Query the VLAN switching path table by using VLAN 100/VLAN 2 and port number 2, and obtain the switching domain ID 2. Description is the packet to be VLAN-switched, and the VLAN100/VLAN2 label in the packet is stripped.
步骤 503: 以交换域 ID和数据包的目的 MAC地址查询转发表, 因为 A1的地址通过图 4所示流程中的步骤 408已经学习到, 所以能 够查询到数据包的出口路径是 VLAN7/1。  Step 503: Query the forwarding table by using the switching domain ID and the destination MAC address of the data packet. Since the address of A1 has been learned through step 408 in the process shown in FIG. 4, it can be queried that the egress path of the data packet is VLAN 7/1.
步骤 504: 封装好查询结果中的 VLAN ID ,发送到查询结果中的 端口上。 在此, 需要在数据包头打上 VLAN7标签, 从端口 1发送出 去。  Step 504: Encapsulate the VLAN ID in the query result and send it to the port in the query result. Here, you need to put a VLAN7 tag on the packet header and send it out from port 1.
此外, 还要将数据包的 VLAN 交换域 ID、 入 VLAN 标签 VLAN100/VLAN2 入端口号 2和源 MAC地址学习到转发表中, 即 步骤 505:学习入口的 VLAN100/VLAN2和源 MAC地址到转发表中。  In addition, the VLAN switching domain ID of the data packet, the incoming VLAN tag VLAN 100/VLAN 2 in port number 2, and the source MAC address are learned into the forwarding table, that is, step 505: learning the ingress VLAN 100/VLAN 2 and the source MAC address to the forwarding table. in.
该步骤也可以在步骤 501之后完成。  This step can also be completed after step 501.
作为本发明第三实施方式中的一个特例,某个交换域在只有两个 接入点的情况下, 即该交换域中只有两条交换路径, 因为出口是唯一 的 , 因此可以通过 VLAN交换路径表直接查找到输入数据包的出口 路径及对应的 VLAN标签。 收到数据包后, 从输入数据包中取出与 配置的交换路径支持层数对应的多层 VLAN标签, 配置的交换路径 能支持几层 VLAN标签, 就最多取数据包的最外几层 VLAN标签; 然后, 查询 VLAN交换路径表, 得到对应的交换域标识; 根据该交 换域标识得知该交换域中只有两条交换路径,则通过从输入数据包中 取出的多层 VLAN标签及输入端口号匹配 VLAN 交换路径表中的 VLAN信息, 即可得到该数据包的入口路径, 则该交换域中的另一条 路径即为该数据包的出口路径。 可见, 通过这种方式省略了按目的 MAC地址的转发和源 MAC地址的学习过程。 不仅节省了转发表资 源, 还可大大提高 VLAN交换设备的转发性能。  As a special case in the third embodiment of the present invention, when a switching domain has only two access points, that is, there are only two switching paths in the switching domain, because the egress is unique, the path can be exchanged through the VLAN. The table directly finds the egress path of the input packet and the corresponding VLAN tag. After receiving the data packet, the multi-layer VLAN tag corresponding to the configured switching path support layer is removed from the input data packet, and the configured switching path can support several layers of VLAN tags, and the maximum number of outer VLAN tags of the data packet is taken. Then, the VLAN switching path table is queried to obtain the corresponding switching domain identifier; according to the switching domain identifier, only two switching paths in the switching domain are obtained, and the multi-layer VLAN tag and the input port number are taken out from the input data packet. If the VLAN information in the VLAN switching path table is matched, the ingress path of the data packet is obtained, and the other path in the switching domain is the egress path of the data packet. It can be seen that the learning process of forwarding by destination MAC address and source MAC address is omitted in this way. It not only saves forwarding table resources, but also greatly improves the forwarding performance of VLAN switching devices.
当然, VLAN交换路径表的组织方式可以多种多样, 在此不再一 一列举。  Of course, the VLAN switching path table can be organized in a variety of ways, and will not be enumerated here.
根据实际应用需要, 可以将所有交换域(包括只有两条交换路径 的交换域以及有两条以上交换路径的交换域) 下参与交换的 VLAN 信息放在同一个 VLAN交换路径表中, 也可以将这两种具有不同交 换路径的交换域的 VLAN交换路径分开配置, 比如, 只有两条交换 路径表的路径信息通过一个 VLAN交换路径关系对应表, 在该表中, 每个入口路径都唯一对应一个出口路径。 上面举例详细描述了带有两层 VLAN标签的 VLAN之间的交换 过程, 对于两层以上 VLAN之间的交换, 处理过程与上述类似, 在 此不再赘述。 According to the requirements of the actual application, you can put the VLAN information of all switching domains (including the switching domain with only two switching paths and the switching domain with two or more switching paths) in the same VLAN switching path table. The VLAN switching paths of the two switching domains with different switching paths are configured separately. For example, only the path information of the two switching path tables passes through a VLAN switching path relationship correspondence table. In the table, each ingress path uniquely corresponds to one. Exit path. The above example describes the exchange process between the VLANs with the two VLAN tags. The process of the exchange between the two VLANs is similar to the above, and is not described here.
利用本发明, 可以灵活地指定 VPN的组建方式, 而不用事先对 VPN进行 VLAN规划。  With the present invention, it is possible to flexibly specify the VPN setup method without prior VLAN planning for the VPN.
例如图 9所示的 VLAN配置:  For example, the VLAN configuration shown in Figure 9:
运营商可以按自己的规划对不同地域进行 VLAN划分, 最底层 由接入交换设备組成,加上两层 VLAN标签后接入 VLAN交换设备, 这样可以支持 4094 X 4094个 VLAN。  The operator can divide VLANs into different areas according to their own plans. The bottom layer consists of access switching devices. After adding two VLAN tags, they can access VLAN switching devices, which can support 4094 X 4094 VLANs.
对于公司曱, 它有两个分支机构, 第一分支机构位于地域 A, 接 入上层的 VLAN交换设备端口为 P1, 而接入交换设备分配给用户的 VLA 为 VLAN5, 第二分支机构位于地域 B, 接入上层的 VLAN交 换设备的端口为 P2 , 而接入交换设备分配给用户的 VLAN 为 VLAN10。 如果需要将地域 A的 VLAN5与地域 B的 VLAN10的这 两分支机构组成一个 VPN网络提供给曱公司, 则只需在 VLAN交换 设备上配置一个交换域, 同时加入交换路径 VLAN1/VLAN5/P1 和 VLAN2/VLAN10/P2即可。  For the company, it has two branches. The first branch is located in the area A, the port of the VLAN switching device accessing the upper layer is P1, and the VLA assigned to the user by the access switching device is VLAN 5, and the second branch is located in the area B. The port of the VLAN switching device connected to the upper layer is P2, and the VLAN assigned to the user by the access switching device is VLAN 10. If you need to configure the two branches of VLAN 5 of Region A and VLAN 10 of Region B to provide a VPN network to the enterprise, you only need to configure a switching domain on the VLAN switching device and join the switching paths VLAN1/VLAN5/P1 and VLAN2. /VLAN10/P2 can be.
配置甲公司组成的交换域 ID为 20,在 VLAN交换路径表中配置 的交换域及交换路径如下表 13所示:  Configure the switching domain ID of Group A to be 20, and the switching domain and switching path configured in the VLAN switching path table are as follows:
表 13:
Figure imgf000027_0001
见,、不用更改图 9中所示^网络配置, 、依^照表 13 配置, 釆 即可实现第一分支机构和第二分支机构的互通, 方便了 VPN组网及 网络的配置和维护。 Table 13:
Figure imgf000027_0001
See, without changing the network configuration shown in Figure 9, and configuring according to Table 13, you can realize the interworking between the first branch and the second branch, which facilitates the configuration and maintenance of the VPN network and network.
下面介绍本发明的第四实施方式。  Next, a fourth embodiment of the present invention will be described.
正如前所述,通过 QinQ技术能够让私网的 VLAN通过公网来透 传, 相同 VLAN标识的用户私网通过用户的接入交换机与公网的接 入交换机相连, 不同地域的 VLAN 1用户 (具有相同的 VLAN标识) 可以组成一个大的 VPN网络,我们称之为 VPNA,不同地域的 VLAN 2用户 (具有相同的 VLAN标识, 但不同于 VLAN 1用户的 VLAN 标识) 同样可以组成另外一个大的 VPN网络, 我们称之为 VPN B。 如果不作特别处理, VPN A内部的设备能够实现二层互通, VPN B 内部的设备也能实现二层互通, 但 VPNA和 VPN B的设备互相是不 能二层互通的, 即对于不同地域的 LAN只有 VLAN标识相同的网絡 才能在二层实现互通, 这样在规划网络时就要对整个 VPLS 进行 VLAN规划。 As mentioned above, the QinQ technology enables the private network VLAN to be transparently transmitted through the public network. The private network of the same VLAN is connected to the access switch of the public network through the access switch of the user. Have the same VLAN ID) can form a large VPN network, we call it VPNA, VLAN 2 users in different regions (with the same VLAN ID, but different from the VLAN ID of the VLAN 1 user) can also form another big one. VPN network, we call it VPN B. If there is no special treatment, the devices in VPN A can implement Layer 2 interworking. The devices in VPN B can also implement Layer 2 interworking. However, the devices of VPN A and VPN B cannot communicate with each other at the second layer. The network with the same VLAN ID can communicate with each other at Layer 2. Therefore, VLAN planning is required for the entire VPLS when planning the network.
现有技术的缺点在于要求各地的 VLAN要统一规划, 若想组成 一个 VPN网络, 则需要将在不同地域的 VLAN配置成相同的 VLAN ID, 这样在组网时就会受到限制。 例如同一公司位于 A、 B两地的市 场部需要互连, 但因为两地是独立組网的 , 所以 VLAN ID的规划也 是独立的, 我们個^: A地的市场部 VLAN ID X, B地的市场部的 VLAN ID Y,如果要想将两地的市场部組成一个 VPN,则必须修改 A 地或 B地市场部的 VLAN ID一致。 这样的修改不但需要专业人员 才能完成, 而且还会对网络使用造成影响, 影响业务的开展, 由于配 置的更改还可能引入新的错误, 这对于用户来说是很难接收的。  The disadvantages of the prior art are that the VLANs of the local areas need to be uniformly planned. If a VPN network is to be formed, the VLANs in different areas need to be configured with the same VLAN ID, which is limited when networking. For example, the marketing department of the same company located in A and B needs to be interconnected, but because the two networks are independent networking, the VLAN ID planning is also independent. We have a marketing department VLAN ID X, B. The VLAN ID of the marketing department. If you want to form a VPN for the marketing department of the two places, you must modify the VLAN ID of the A or B market. Such modifications not only require professionals to complete, but also affect the use of the network, affecting the development of the business, and new errors may be introduced due to configuration changes, which is difficult for users to receive.
本发明通过在设备上采用借由 QinQ技术实现具有不同 VLAN ID 标识虚拟交换的办法, 使得具有不同的 VLAN ID标识的用户网络也 能组成一个 VPN网络。 这样, 用户就可不用对网络不作任何修改就 能实现具有任意 VLAN ID标识的 VLAN能组成一个大的 VPN网络, 实现具有不同 VLAN ID标识的 VLAN间的二层互通。  The invention adopts a method for realizing virtual exchange with different VLAN IDs by using QinQ technology on the device, so that user networks with different VLAN ID identifiers can also form a VPN network. In this way, the user can implement a VLAN with any VLAN ID to form a large VPN network without any modification to the network, and implement Layer 2 interworking between VLANs with different VLAN IDs.
本发明方案分三步来实现上述目的:  The solution of the invention achieves the above purpose in three steps:
1、 在路由器、 交换机等交换设备上配置 QinQ VLAN交换表, 如表 14所示。 VLAN交换表由公网 VLAN ID、出端口号、私网 VLAN ID和交换后的新私网 VLAN ID构成, 其中公网 VLAN ID +出端口 号 +私网 VLAN ID构成表的关键字。  1. Configure the QinQ VLAN switch table on the switching devices such as routers and switches, as shown in Table 14. The VLAN switch table consists of the public network VLAN ID, the egress port number, the private network VLAN ID, and the switched private VLAN ID. The public network VLAN ID + egress port number + private network VLAN ID form the key of the table.
表 14 QinQ VLAN交换表  Table 14 QinQ VLAN exchange table
Figure imgf000028_0001
Figure imgf000028_0001
2、 当 QinQ数据包到达 QinQ的终端端口上时, 先完成 QinQ的 外层 VLAN Tag的剥离, 得到原始的私网 VLAN数据包, 同时得到 私网的 VLAN ID, 这时以剥离的外层公网 VLAN ID +出端口 +私网 的 VLANID去查询 QinQ VLAN交换表, 得到新的私网 VLANID。 2. When the QinQ packet arrives at the terminal port of QinQ, the outer VLAN tag of QinQ is stripped, and the original private network VLAN packet is obtained. At the same time, the VLAN ID of the private network is obtained. Network VLAN ID + outgoing port + private network The VLAN ID is used to query the QinQ VLAN exchange table to obtain a new private network VLAN ID.
3、 以新的私网 VLAN ID替换原来的私网 VLANID后从出端口 发送出去, 这样就实现了私网 VLAN的 ID交换。  3. Replace the original private network VLAN ID with the new private network VLAN ID and send it out from the outbound port. This implements the ID exchange of the private network VLAN.
例如: 地域 A的 VLAN10和 VLAN12通过 QinQ与地域 B的 VLAN 5和 VLAN 6互连。用户希望 A的 VLAN10要与 B的 VLAN 5 在链路层互通, A的 VLAN 12和 B的 VLAN 6在链路层互通。 我们 假设 A的网络接在公网交换机端口 10上, B接在端口 1上。 其中, 以地域 A的 VLAN 12和地域 B的 VLAN 6组成一个大的 VLAN的 具体实施方案如下:  For example: VLAN 10 and VLAN 12 of Area A are interconnected with VLAN 5 and VLAN 6 of Area B through QinQ. The user wants VLAN 10 of A to communicate with VLAN 5 of B at the link layer, and VLAN 12 of A and VLAN 6 of B communicate at the link layer. Let's assume that A's network is connected to port 10 of public network switch and B is connected to port 1. The specific implementation scheme of the VLAN 12 of the area A and the VLAN 6 of the area B constitutes a large VLAN is as follows:
根据前述组网要求, 按表 15所示配置数据。  According to the aforementioned networking requirements, the data is configured as shown in Table 15.
表 15 QinQ VLAN交换表  Table 15 QinQ VLAN exchange table
Figure imgf000029_0001
对于从 A的 VLAN12发出的数据在进入端口 10时进行 QinQ封 装, 加上公网的的 VLAN tag, 其中外层 VLANID为 8, 相应的数据 包格式见表 16 ( 1 )。 到达出端口 1时 QinQ终结, 根据 "公网 VLAN ID 8 +出端口号 1 +私网 VLAN ID 12"查找 QinQ VLAN交换表,得 到新的私网 VLAN ID号为 VLAN 6, VLAN12则根据 QinQ VLAN 交换表被交换成 VLAN 6, 相应的数据包格式见表 17 ( 1 ), 将新的私 网 VLANID6数据包出端口 1发送出去;
Figure imgf000029_0001
When the data sent from VLAN 12 of A enters port 10, QinQ encapsulation is performed, and the VLAN tag of the public network is added. The outer VLAN ID is 8. The corresponding packet format is shown in Table 16 (1). QinQ terminates when the port 1 is reached. According to the public network VLAN ID 8 + port number 1 + private network VLAN ID 12, the QinQ VLAN switch table is searched. The new private network VLAN ID number is VLAN 6, and the VLAN 12 is based on the QinQ VLAN. The exchange table is exchanged into VLAN 6. The corresponding packet format is shown in Table 17 (1), and the new private network VLANID6 packet is sent out of port 1;
VLAN6的数据包在端口 1进行 QinQ封装, 其中外层 VLANID 为 8, 相应的数据包格式见表 16 (2)。 到达端口 10时终结 QinQ, 根 据 "公网 VLAN ID 8 +出端口号 10 +私网 VLAN ID 6" 查找 QinQ VLAN交换表, 得到新的私网 VLAN ID号为 VLAN 12, 则 VLAN 6 根据 QinQ VLAN交换表被交换成 VLAN 12,相应的数据包格式见表 17 (2), 将新的私网 VLAN ID 12数据包出端口 10发送出去, 这样 两个私网: A地的 VLAN12和 B地的 VLAN 6就实现了二层互访, 组成了一个大的 VLAN。 基于相同的原理同样可以完成 VLAN10和 VLAN5的二层互访。  The packet of VLAN 6 is encapsulated in QinQ on port 1. The outer VLAN ID is 8. The corresponding packet format is shown in Table 16 (2). When Qin 10 is reached on port 10, the QinQ VLAN exchange table is searched according to the public network VLAN ID 8 + outgoing port number 10 + private network VLAN ID 6 to obtain the new private network VLAN ID number is VLAN 12, then VLAN 6 is based on QinQ VLAN. The switch table is switched to VLAN 12. The corresponding packet format is shown in Table 17 (2). The new private network VLAN ID 12 packet is sent out of port 10, so that two private networks: VLAN 12 and B of A. VLAN 6 implements Layer 2 mutual access and forms a large VLAN. Layer 2 mutual access between VLAN 10 and VLAN 5 can also be completed based on the same principle.
表 16 QinQ封装后数据包格式  Table 16 Packet format after QinQ encapsulation
(1) VLAN 12数据包结构 以太网地址 VLAN 8 VLAN 12 网絡数据 (1) VLAN 12 packet structure Ethernet address VLAN 8 VLAN 12 network data
( 2 ) VLAN 6数据包结构 (2) VLAN 6 packet structure
以太网地址 VLAN 6 网络数据 表 17 QinQ终结后的数据包格式  Ethernet address VLAN 6 Network data Table 17 Packet format after QinQ termination
( 1 ) VLAN 12数据包剥离外层标签 VLAN 8 , 交换新的 VLAN ID 6。  (1) The VLAN 12 packet strips the outer label VLAN 8 and exchanges the new VLAN ID 6.
以太网地 it VLAN 6 网络数据  Ethernet it VLAN 6 network data
( 2 ) VLAN 6数据包剥离外层标签 VLAN 8 , 交换新的 VLAN ID 12。 (2) The VLAN 6 packet strips the outer label VLAN 8 and exchanges the new VLAN ID 12.
以太网地址 VLAN 12 网络数据 对于点到多点的 VPLS的情况, 此时会涉及到对 QinQVLAN交 换表中多个 VLAN ID的选择。我们可以通过配置出端口号、 MAC地 址及其他相关信息(如用户地址)等来构成关键字, 进而查询得到新 的 VLAN ID信息, 由于此属于现有技术, 在此不赘述。  Ethernet Address VLAN 12 Network Data For point-to-multipoint VPLS, this involves the selection of multiple VLAN IDs in the QinQVLAN exchange table. We can configure the port number, the MAC address, and other related information (such as the user address) to form a keyword, and then query for the new VLAN ID information. Since this is a prior art, it will not be described here.
以上仅为本发明第四实施方式介绍的其中一个实施例,本发明可 以将 QinQ VLAN交换表在交换设备中进行统一配置, 也可以将该表 拆分成每个端口配置一个表, 这样 QinQ VLAN交换表的内容中就可 以没有端口号, 实施方案和技术效果是一样的。  The above is only one embodiment of the fourth embodiment of the present invention. The present invention can uniformly configure the QinQ VLAN switch table in the switching device, or split the table into a table for each port configuration, so that the QinQ VLAN is configured. There is no port number in the contents of the exchange table, and the implementation and technical effects are the same.
另外, 由于在 QinQ网络中外层的 VLAN与 VPN存在——对应 的关系, 因此本发明第四实施方式中的 QinQ VLAN交换表的关键字 "公网 VLAN ID"完全可以用 "VPN标识"来替换, 通过配置 "VPN 标识 +出端口号 +私网 VLAN ID"构成关键字来定义新的私网 VLAN ID, 实施方案和技术效果是一样的。  In addition, because the VLAN of the outer layer in the QinQ network exists in a corresponding relationship with the VPN, the keyword "public network VLAN ID" of the QinQ VLAN exchange table in the fourth embodiment of the present invention can be completely replaced by the "VPN identifier". The new private network VLAN ID is defined by configuring the keyword "VPN ID + egress port number + private network VLAN ID". The implementation scheme and technical effect are the same.
需要说明的是, 本发明第四实施方式中所述的端口均指逻辑端 口, 可以是物理存在的端口, 也可以是一个虛拟的端口。 而上述利用 QinQ技术实现虚拟交换的方法既可以由软件来实现, 也可以由硬件 逻辑电路来实现。  It should be noted that the port described in the fourth embodiment of the present invention refers to a logical port, which may be a physically existing port or a virtual port. The above method for realizing virtual switching by using QinQ technology can be implemented by software or by hardware logic circuit.
本发明第四实施方式不仅适用于两层 IEEE802.1Q Tag的情况, 也适用于封装多层 IEEE802.1Q Tag的情况, 在后一种情况下, 本发 明中所述的外层公网 VLAN均指最外层公网 VLAN。  The fourth embodiment of the present invention is applicable not only to the case of two layers of IEEE 802.1Q tags, but also to the case of encapsulating multiple layers of IEEE 802.1Q tags. In the latter case, the outer public network VLANs described in the present invention are both Refers to the outermost public network VLAN.
本发明第四实施方式解决了 VLAN标识不同的网络难以在二层 实现互通的问题, 与现有技术相比, 本发明第四实施方式具有以下优 .占、- 1、 能够实现不同标识的 VLAN网络通过 QinQ技术组成一个大 的 VPN网络, 用户不需要对网络配置进行任何更改; The fourth embodiment of the present invention solves the problem that the network with different VLAN identifiers is difficult to implement interworking at the second layer. Compared with the prior art, the fourth embodiment of the present invention has the following advantages: 1. A VLAN network capable of implementing different identifications forms a large VPN network through QinQ technology, and the user does not need to make any changes to the network configuration;
2、不同的地域的私网可以独立规划自己的 VLAN ID,规划筒单、 组网灵活。  2. Private networks in different regions can independently plan their own VLAN IDs, and plan the bills and network flexibility.
综上所述, 本发明的虚拟局域网交换的方法, 包括步骤: In summary, the method for virtual local area network switching of the present invention includes the steps of:
1 )接收数据帧, 根据该数据帧中获取交换相关信息, 查询网络 设备中配置的交换相关信息和 VLAN信息的对应关系, 从而获取新 的 VLAN信息, 根据该新的 VLAN信息对数据帧进行更新; 1) receiving a data frame, and obtaining the exchange related information according to the data frame, querying the correspondence between the exchange related information and the VLAN information configured in the network device, thereby acquiring new VLAN information, and updating the data frame according to the new VLAN information. ;
2 )转发所述更新后的数据帧。  2) Forwarding the updated data frame.
所述交换信息根据实际情况和需求, 包括 VPN ID、 VPN ID和出 物理端口、 公网 VLAN信息、 数据帧识别信息、 交换域标识、 交换 域标识和目的 MAC地址等等。  The exchange information includes the VPN ID, the VPN ID and the physical port, the public network VLAN information, the data frame identification information, the switching domain identifier, the switching domain identifier, and the destination MAC address, and the like according to actual conditions and requirements.
本发明的另一种应用于运营商某一边缘设备的虛拟局域网交换 方法包括以下步骤:  Another virtual local area network switching method applied to an edge device of an operator includes the following steps:
在边缘设备上记录下用户信息和该边缘设备下用户的 VLAN对 应关系;  Recording the user information on the edge device and the VLAN relationship of the user under the edge device;
从运营商网絡内接收数据帧, 并将该数据帧中包含的当前用户 VLAN替换为设备上记录的用户的 VLAN, 然后转发给用户。  The data frame is received from the carrier network, and the current user VLAN included in the data frame is replaced with the VLAN of the user recorded on the device, and then forwarded to the user.
其中, 所述用户信息是运营商 VLAN中或 MPLS标签。  The user information is in an operator VLAN or an MPLS label.

Claims

权 利 要 求 Rights request
1、 一种虚拟局域网交换的方法, 其特征在于, 包括步骤:A method for virtual LAN exchange, comprising the steps of:
1 )接收数据帧, 根据该数据帧中获取交换相关信息, 查询网络 设备中配置的交换相关信息和 VLAN信息的对应关系, 从而获取新 的 VLAN信息, 根据该新的 VLAN信息对数据帧进行更新; 1) receiving a data frame, and obtaining the exchange related information according to the data frame, querying the correspondence between the exchange related information and the VLAN information configured in the network device, thereby acquiring new VLAN information, and updating the data frame according to the new VLAN information. ;
2 )转发所述更新后的数据帧。  2) Forwarding the updated data frame.
2、根据权利要求 1所述的虚拟局域网交换的方法, 其特征在于, 所述交换相关信息包括 VPN ID、 VPN ID和出物理端口、公网 VLAN 信息、数据帧识别信息、 交换域标识、 交换域标识和目的 MAC地址。  The method for switching a virtual local area network according to claim 1, wherein the exchange related information comprises a VPN ID, a VPN ID, an outgoing physical port, a public network VLAN information, a data frame identification information, a switching domain identifier, and an exchange. Domain ID and destination MAC address.
3、 居权利要求 2所述的虚拟局域网交换的方法, 其特征在于, 所述 VPN ID或 VLAN信息携带在 MPLS标签中。  The method for switching the virtual local area network according to claim 2, wherein the VPN ID or the VLAN information is carried in the MPLS label.
4、才艮据权利要求 2所述的虚拟局域网交换的方法, 其特征在于, 所述交换域标识根据数据帧查询配置表获得。  The method for switching a virtual local area network according to claim 2, wherein the switching domain identifier is obtained according to a data frame query configuration table.
5、 一种虚拟局域网交换的方法, 用于使得私网的 VLAN从公网 透传到需要连接的其他私网,其中所述公网上至少包括有一个网絡设 备入端口及一个网絡设备出端口, 其特征在于, 包括步骤:  A method for switching a virtual local area network, wherein the private network VLAN is transparently transmitted from the public network to another private network that needs to be connected, wherein the public network includes at least one network device ingress port and one network device out port. It is characterized in that it comprises the steps of:
21 )在所述网络设备入端口,根据入物理端口将用户数据帧上的 VLAN标签映射成 VPN ID;  21) mapping, on the ingress port of the network device, a VLAN tag on a user data frame into a VPN ID according to the ingress physical port;
22 )将经上述处理后的用户数据帧在运营商网络内部进行转发; 22) forwarding the user data frame processed by the foregoing in the carrier network;
23 )在所述网络设备出端口, 根据出物理端口将携带有 VPN ID 的数据帧映射成携带用户 VLAN标签的数据帧并进行转发。 The data frame carrying the VPN ID is mapped to the data frame carrying the user VLAN tag and forwarded according to the physical port.
6、 才^据权利要求 5所述的方法, 其特征在于, 步骤 21 ) 中所述 的映射具体包括:  The method of claim 5, wherein the mapping in step 21) specifically includes:
31)在网络设备的入端口, 配置一张映射表, 使得 VPN ID与用 户 VLAN标签、 端口号对应;  31) Configure a mapping table on the ingress port of the network device, so that the VPN ID corresponds to the user VLAN tag and port number;
32)在网络设备的入端口,接收到携带有用户 VLAN标签的数据 帧后, 对上述映射表进行查询;  32) After receiving the data frame carrying the user VLAN tag on the ingress port of the network device, querying the mapping table;
33)根据查询的结果, 替换数据帧中携带的用户 VLAN标签为 VPN ID0 33) According to the result of the query, the user VLAN tag carried in the replacement data frame is VPN ID 0.
7、 居权利要求 5所述的方法, 其特征在于, 步骤 23 ) 中所述 映射具体包括: 41 )在网络设备的出端口配置的映射表,使得 VPN ID、 出端口号与该 VPN用户使用的 VLAN标签相对应;  The method of claim 5, wherein the mapping in step 23) specifically includes: 41) a mapping table configured on an egress port of the network device, such that the VPN ID, the egress port number, and the VPN user are used. Corresponding to the VLAN tag;
42 ) 网络设备的出端口接收到携带有 VPN ID的数据帧后, 对上 述映射表进行查询; 42) After the outbound port of the network device receives the data frame carrying the VPN ID, it is up. Query the mapping table;
43 )根据查询的结果,替换数据帧中携带的 VPN ID为用户 VLAN 标签。  43) According to the result of the query, the VPN ID carried in the replacement data frame is a user VLAN tag.
8、 根据权利要求 6或 7所述的方法, 其特征在于, 所述的 VPN ID为新的一层或两层 VLAN标签。  The method according to claim 6 or 7, wherein the VPN ID is a new one or two layer VLAN tag.
9、 一种虚拟局域网交换的方法, 运行在现有的基于 MPLS的二 层 VPN广域网基础之上, 所述网絡包括至少一源端 PE (局方)设备 和一对端 PE (局方)设备, 其特征在于, 包括步骤:  A method for switching a virtual local area network, which is based on an existing MPLS-based Layer 2 VPN wide area network, where the network includes at least one source PE (office) device and a pair of end PE (office) devices. , characterized in that it comprises the steps of:
61 )源端 PE设备接收到带有 VLAN信息的二层数据帧后, 借由 VLAN与 VPN的映射关系表, 得到 VPN的 ID;  61) After receiving the Layer 2 data frame with the VLAN information, the source PE device obtains the ID of the VPN by using the mapping relationship between the VLAN and the VPN;
62 )通过 VPN的 ID进行目的 MAC地址的转发查找, 得到目的 PE的信息以及封装 MPLS两层标签的信息;  62) Forwarding and searching the destination MAC address by using the ID of the VPN, and obtaining information of the destination PE and information for encapsulating the MPLS two-layer label;
63 )对端 PE设备收到封装后的二层数据帧后, 通过设置的 VPN ID到 VLAN的映射关系表,更改所述封装的 VLAN信息并进行转发。  63) After receiving the encapsulated Layer 2 data frame, the peer PE device changes the encapsulated VLAN information and forwards the packet through the mapping relationship between the VPN ID and the VLAN.
10、 如权利要求 9所述的方法, 其特征在于, 在所述步骤 62 ) 中, 需进一步对二层数据帧进行 MPLS两层标签的封装。  The method according to claim 9, wherein in the step 62), the MPLS two-layer label is further encapsulated on the layer 2 data frame.
11、 如权利要求 10所述的方法, 其特征在于, 根据具体的传输 环境不同,所述二层以太网数据帧携带的 VLAN信息是原始的 VLAN 信息或 VPN ID的信息。  The method of claim 10, wherein the VLAN information carried by the Layer 2 Ethernet data frame is original VLAN information or VPN ID information, according to a specific transmission environment.
12、 如权利要求 11所述的方法, 其特征在于: 在步骤 63 ) 中, 在更改封装的 VLAN信息之前, 所述对端 PE设备还需使用 VPN ID 加目的 MAC地址信息查找得到对端 PE设备上的转发目的物理端口; 对端 PE设备 #>据所述物理端口信息, 查找得到在该物理端口下的 VPN ID到 VLAN的映射表,得到输出该端口时所需要封装的 VLAN 信息, 封装后从相应物理端口发出。  The method of claim 11, wherein: in step 63), before changing the encapsulated VLAN information, the peer PE device further needs to use the VPN ID and the destination MAC address information to find the peer PE. The forwarding destination physical port on the device; the peer PE device #> finds the mapping table of the VPN ID to the VLAN under the physical port according to the physical port information, and obtains the VLAN information to be encapsulated when the port is output, and encapsulates Then issued from the corresponding physical port.
13、 如权利要求 9所述的方法, 其特征在于, 所述被封装的二层 以太网数据帧所带的 VLAN信息可以是一层或两层。  The method of claim 9, wherein the encapsulated Layer 2 Ethernet data frame carries VLAN information of one or two layers.
14、 如权利要求 9所述的方法, 其特征在于, 在步骤 61 ) 中, 所述源端 PE设备还需使用 VPN ID进行源 MAC地址的学习, 并将 相应的 MAC地址学习到该源端 PE设备下属于该 VPN用户的相应端 π。  The method of claim 9, wherein in the step 61), the source PE device further needs to learn the source MAC address by using the VPN ID, and learn the corresponding MAC address to the source end. The PE device belongs to the corresponding end π of the VPN user.
15、 如权利要求 9所述的方法, 其特征在于, 在步骤 63 )之后, 所述对端 PE设备进一步根据 VPN ID信息和 MPLS 标志交换路径的 来源信息,将相应的源 MAC地址学习到相应的对应的远端 PE之下。  The method according to claim 9, wherein after the step 63), the peer PE device further learns the corresponding source MAC address according to the VPN ID information and the source information of the MPLS label switching path. Corresponding to the remote PE.
16、 一种虚拟局域网交换的方法, 其特征在于, 包括步骤: 161 )在虚拟局域网 VLAN交换设备上配置 VLAN交换路径转发 表,所述 VLAN交换路径转发表包括所有交换域下参与交换的 VLAN16. A method of virtual local area network switching, comprising the steps of: 161) configuring a VLAN switching path forwarding table on the virtual local area network VLAN switching device, where the VLAN switching path forwarding table includes all the switching domains participating in the switching domain.
^5息 ^5 interest
162 )查询所述 VLAN交换路径转发表, 获得输入数据包对应的 交换域标识;  162) querying the VLAN switching path forwarding table, and obtaining a switching domain identifier corresponding to the input data packet;
163 )根据所述交换域标识和所述输入数据包的目的媒体接入控 制 MAC地址选择所述输入数据包的出口路径;  163) selecting an exit path of the input data packet according to the switching domain identifier and a destination media access control MAC address of the input data packet;
164 )通过所述出口路径转发所述输入数据包。  164) forwarding the input data packet through the egress path.
17、 根据权利要求 16所述的方法, 其特征在于, 当所述输入数 据包对应的交换域有 2条以上交换路径时,所述步骤 163 )具体包括: The method according to claim 16, wherein when the switching domain corresponding to the input data packet has more than two switching paths, the step 163) specifically includes:
171 ) 以交换域标识和目的 MAC地址查询转发表; 171) query the forwarding table by using the exchange domain identifier and the destination MAC address;
172 )如果所述转发表中有对应的出口路径, 则获取该出口路径 及对应的 VLAN标签;  172) If the forwarding path has a corresponding egress path, obtain the egress path and the corresponding VLAN tag.
173 )如果所述转发表中没有对应的出口路径,则根据所述 VLAN 交换路径表获取所述交换域标识对应的除入口路径之外的全部出口 路径及对应的 VLAN标签。  173) If there is no corresponding egress path in the forwarding table, all the egress paths and corresponding VLAN tags except the ingress path corresponding to the switching domain identifier are obtained according to the VLAN switching path table.
18、 根据权利要求 16所述的方法, 其特征在于, 当所述输入数 据包对应的交换域只有 2条交换路径时, 所述步骤 163 )具体为: 直接才艮据所述 VLAN 交换路径表获取所述出口路径及对应的 VLAN标签。  The method according to claim 16, wherein, when the switching domain corresponding to the input data packet has only two switching paths, the step 163) is specifically: directly referring to the VLAN switching path table. Obtain the egress path and corresponding VLAN tag.
19、 根据权利要求 17或 18所述的方法, 其特征在于, 在所述步 骤 162 )和 164 )之间还包括: 剥离输入数据包的多层 VLAN标签。  19. The method of claim 17 or 18, further comprising, between said steps 162) and 164): stripping the multi-layer VLAN tag of the incoming data packet.
20、 4 据权利要求 19所述的方法, 其特征在于, 所述步骤 164 ) 包括:  20. The method of claim 19, wherein the step 164) comprises:
201 ) 当获取到出口路径及对应的 VLAN标签后, 按下述过程转 发所述输入数据包:  201) After obtaining the egress path and the corresponding VLAN tag, forward the input packet as follows:
根据所述出口路径对应的 VLAN标签重新封装输入数据包; 将封装后的输入数据包通过所述出口路径转发;  Re-encapsulating the input data packet according to the VLAN tag corresponding to the egress path; and forwarding the encapsulated input data packet by using the egress path;
202 ) 当获取到交换域标识对应的除入口路径之外的全部出口路 径及对应的 VLAN标签后, 按下述过程转发所述输入数据包:  202) After obtaining all the exit paths and corresponding VLAN tags except the entry path corresponding to the switch domain identifier, forwarding the input data packet according to the following procedure:
复制与所述全部出口路径个数相同的、 剥离多层 VLAN标签后 的输入数据包;  Copying the input data packet with the same number of all the exit paths and stripping the multi-layer VLAN tag;
分别按照每个出口路径对应的 VLAN标签封装复制后的输入数 据包;  Encapsulating the copied input data packet according to the VLAN tag corresponding to each egress path;
将封装后的输入数据包分别通过对应的出口路径转发。 The encapsulated input data packets are respectively forwarded through the corresponding exit path.
21、 根据权利要求 16所述的方法, 其特征在于, 所述方法还包 括步骤: The method according to claim 16, wherein the method further comprises the steps of:
220 )将所述输入数据包的源 MAC地址及多层 VLAN标签学习 到所述转发表中。  220) learning the source MAC address and the multi-layer VLAN tag of the input data packet into the forwarding table.
22、根据权利要求 16或 21所述的方法, 其特征在于, 所述步骤 22. Method according to claim 16 or 21, characterized in that said step
162 )、包括: ― 一 162), including: ―
VLAN 时, 根据输入数据包的多层 VLAN 标签和入端口查询所述 VLAN交换路径表, 得到对应的交换域标识; In the case of a VLAN, the multi-layer VLAN tag of the input data packet and the ingress port query the VLAN switching path table to obtain the corresponding switching domain identifier.
当所述多层 VLAN 的外层 VLAN 占用本交换设备本身配置的 When the outer VLAN of the multi-layer VLAN occupies the configuration of the switching device itself.
VLAN时, 根据输入数据包的多层 VLAN标签查询所述 VLAN交换 路径表, 得到对应的交换域标识。 In the case of a VLAN, the VLAN switching path table is queried according to the multi-layer VLAN tag of the input data packet, and the corresponding switching domain identifier is obtained.
23、 根据权利要求 22所述的方法, 其特征在于, 所述步骤 162 ) 还包括:  The method according to claim 22, wherein the step 162) further comprises:
当所述输入数据包的输入端口对应多个不同的交换域 ID时, 按 标签深度优先或者按配置顺序优先匹配所述 VLAN交换路径表中的 VLAN标签。  When the input port of the input data packet corresponds to a plurality of different switching domain IDs, the VLAN tags in the VLAN switching path table are preferentially matched according to the label depth priority or in the configuration order.
24、 一种虚拟局域网交换的方法, 其特征在于, 包括步骤: 271 )在交换设备上配置 QinQ VLAN交换表;  A method for switching a virtual local area network, comprising the steps of: 271) configuring a QinQ VLAN exchange table on the switching device;
272 )在 QinQ终结时, 查询 QinQ VLAN交换表得到新的私网 272) When the QinQ is terminated, query the QinQ VLAN exchange table to obtain a new private network.
VLAN ID; 用新的私网 VLAN ID +换原先的数据包中的 VLAN ID; VLAN ID; use the new private network VLAN ID + to change the VLAN ID in the original packet;
273 )将替换了新的私网 VLAN ID的 QinQ数据包从出端口发送 出去。  273) Send the QinQ packet with the new private network VLAN ID out of the egress port.
25、 根据权利要求 24 所述的方法, 其特征在于, 所述的 QinQ VLAN交换表包括公网 VLAN ID、 出端口号、 私网 VLAN ID和交换 后的新私网 VLAN ID信息,或公网 VPN标识、出端口号、私网 VLAN ID和交换后的新私网 VLAN ID信息, 或公网 VLAN ID、 出端口号、 MAC地址、 用户地址、 以及交换后的 VLAN ID信息等。  The method according to claim 24, wherein the QinQ VLAN exchange table includes a public network VLAN ID, an outbound port number, a private network VLAN ID, and a switched private network VLAN ID information, or a public network. VPN ID, outbound port number, private network VLAN ID, and switched private VLAN ID information, or public network VLAN ID, outgoing port number, MAC address, user address, and exchanged VLAN ID information.
26、 根据权利要求 24所述的方法, 其特征在于, 在步骤 271 ) 中, 将 QinQ VLAN交换表在交换设备中进行统一配置, 或者将该表 拆分成在每个端口各配置一个表。  The method according to claim 24, wherein in step 271), the QinQ VLAN switch table is uniformly configured in the switching device, or the table is split into one table configured on each port.
27、 根据权利要求 24所述的方法, 其特征在于, 在所述的步骤 272 )中, 通过剥离的外层公网 VLAN ID +出端口号 +私网的 VLAN ID去查询 QinQ VLAN交换表, 得到新的私网 VLAN ID。  The method according to claim 24, wherein in the step 272), the QinQ VLAN exchange table is queried by stripping the outer public network VLAN ID + the outbound port number + the private network VLAN ID. Get the new private network VLAN ID.
28、 根据权利要求 27所述的方法, 其特征在于, 所述外层公网 VLAN均指最外层公网 VLAN。 The method according to claim 27, wherein the outer public network VLANs refer to the outermost public network VLAN.
29、 一种网络设备, 其应用在运营商边缘以为 VPN用户提供服 务, 其包括:  29. A network device, which is applied at the edge of an operator to provide services for VPN users, including:
转发模块, 用以根据内部转发表将数据帧从相应的端口转发出 去;  a forwarding module, configured to forward the data frame from the corresponding port according to the internal forwarding table;
存储单元, 存储用户信息与本地用户 VLAN之间的映射关系; 转换模块, 获取来自运营商网络数据帧内的用户信息, 并依据上 述映射关系更新数据帧中的当前用户 VLAN信息, 使之携带本地用 户 VLAN信息, 然后送给转发模块处理; 或者获取来自用户的数据 帧内的本地用户 VLAN信息, 并依据上述映射关系更新数据帧, 使 之携带用户信息, 然后交给转发模块处理。  a storage unit, configured to store a mapping relationship between the user information and the local user VLAN; the conversion module acquires user information in the data frame of the operator network, and updates the current user VLAN information in the data frame according to the mapping relationship, so as to carry the local The user VLAN information is sent to the forwarding module for processing; or the local user VLAN information in the data frame from the user is obtained, and the data frame is updated according to the mapping relationship to carry the user information, and then submitted to the forwarding module for processing.
30. 根据权利要求 29所述的网络设备, 其特征在于, 所述用户 信息包含在数据帧的 MPLS 标签中、 或者包含在数据帧的运营商 VLAN标签中。  30. The network device according to claim 29, wherein the user information is included in an MPLS label of a data frame or included in a carrier VLAN tag of the data frame.
31. 才艮据权利要求 29所述的网络设备, 其特征在于, 用户携带 的 VLAN是双层的。  31. The network device of claim 29, wherein the VLAN carried by the user is double-layered.
32. 一种虚拟局域网交换方法, 其应用于运营商某一边缘设备, 其包括以下步骤:  32. A virtual local area network switching method, which is applied to an edge device of an operator, and includes the following steps:
在边缘设备上记录下用户信息和该边缘设备下用户的 VLAN对 应关系;  Recording the user information on the edge device and the VLAN relationship of the user under the edge device;
从运营商网络内接收数据帧, 并将该数据帧中包含的当前用户 VLAN替换为设备上记录的用户的 VLAN, 然后转发给用户。  The data frame is received from the carrier network, and the current user VLAN included in the data frame is replaced with the VLAN of the user recorded on the device, and then forwarded to the user.
33. 根据权利要求 32所述的虚拟局域网交换方法, 其特征在于, 所述用户信息是运营商 VLAN中或 MPLS标签。  The virtual local area network switching method according to claim 32, wherein the user information is in an operator VLAN or an MPLS label.
PCT/CN2005/002067 2005-03-08 2005-12-01 A method of virtual local area network exchange and the network device thereof WO2006094440A1 (en)

Applications Claiming Priority (8)

Application Number Priority Date Filing Date Title
CN200510051352.0 2005-03-08
CNB2005100513520A CN100428737C (en) 2005-03-08 2005-03-08 Method for reducing VPN network arranging
CN200510056416.6 2005-03-22
CNB2005100564166A CN100446503C (en) 2005-03-22 2005-03-22 Enhanced VPN network optimization method and apparatus
CNB200510056722XA CN100413281C (en) 2005-03-24 2005-03-24 Method for realizing virtual exchange using QinQ technique
CN200510056722.X 2005-03-24
CNB200510069487XA CN100358322C (en) 2005-04-08 2005-04-30 Method of multilayer VLAN switching
CN200510069487.X 2005-04-30

Publications (1)

Publication Number Publication Date
WO2006094440A1 true WO2006094440A1 (en) 2006-09-14

Family

ID=36952940

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2005/002067 WO2006094440A1 (en) 2005-03-08 2005-12-01 A method of virtual local area network exchange and the network device thereof

Country Status (1)

Country Link
WO (1) WO2006094440A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102647325A (en) * 2012-03-23 2012-08-22 杭州华三通信技术有限公司 Method and device for realizing QinQ (802.1Q in 902.1Q) finalization
CN105915518A (en) * 2016-04-15 2016-08-31 中国航空工业集团公司洛阳电光设备研究所 Real-time parsing method and apparatus for ethernet data frame
US10866089B2 (en) 2015-04-24 2020-12-15 Faro Technologies, Inc. Two-camera triangulation scanner with detachable coupling mechanism
CN114039811A (en) * 2021-10-18 2022-02-11 南京邮电大学 Fast communication method in local area network

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1356806A (en) * 2001-12-31 2002-07-03 刘军民 Data forwarding method for implementing virtual channel transmission in LAN
US20020101870A1 (en) * 2001-01-30 2002-08-01 Chase Christopher J. Technique for ethernet access to packet-based services
WO2004023838A2 (en) * 2002-09-09 2004-03-18 Nortel Networks Limited Svc-l2 vpns: flexible on-demand switched mpls/ip layer-2 vpns for ethernet svc, atm and frame relay
CN1507230A (en) * 2002-12-10 2004-06-23 ��Ϊ�������޹�˾ Method of realizing special multiple-protocol label exchanging virtual network

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020101870A1 (en) * 2001-01-30 2002-08-01 Chase Christopher J. Technique for ethernet access to packet-based services
CN1356806A (en) * 2001-12-31 2002-07-03 刘军民 Data forwarding method for implementing virtual channel transmission in LAN
WO2004023838A2 (en) * 2002-09-09 2004-03-18 Nortel Networks Limited Svc-l2 vpns: flexible on-demand switched mpls/ip layer-2 vpns for ethernet svc, atm and frame relay
CN1507230A (en) * 2002-12-10 2004-06-23 ��Ϊ�������޹�˾ Method of realizing special multiple-protocol label exchanging virtual network

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102647325A (en) * 2012-03-23 2012-08-22 杭州华三通信技术有限公司 Method and device for realizing QinQ (802.1Q in 902.1Q) finalization
CN102647325B (en) * 2012-03-23 2014-11-26 杭州华三通信技术有限公司 Method and device for realizing QinQ (802.1Q in 902.1Q) finalization
US10866089B2 (en) 2015-04-24 2020-12-15 Faro Technologies, Inc. Two-camera triangulation scanner with detachable coupling mechanism
CN105915518A (en) * 2016-04-15 2016-08-31 中国航空工业集团公司洛阳电光设备研究所 Real-time parsing method and apparatus for ethernet data frame
CN105915518B (en) * 2016-04-15 2019-03-29 中国航空工业集团公司洛阳电光设备研究所 A kind of ethernet data frame real time parsing method and device
CN114039811A (en) * 2021-10-18 2022-02-11 南京邮电大学 Fast communication method in local area network
CN114039811B (en) * 2021-10-18 2023-07-25 南京邮电大学 Quick communication method in local area network

Similar Documents

Publication Publication Date Title
US8867555B2 (en) Method and system for transparent LAN services in a packet network
US8228928B2 (en) System and method for providing support for multipoint L2VPN services in devices without local bridging
US7881314B2 (en) Network device providing access to both layer 2 and layer 3 services on a single physical interface
US8194656B2 (en) Metro ethernet network with scaled broadcast and service instance domains
CN100442772C (en) Bridge-connection transmitting method
US7339929B2 (en) Virtual private LAN service using a multicast protocol
US9806906B2 (en) Flooding packets on a per-virtual-network basis
US9166929B1 (en) Performing scalable L2 wholesale services in computer networks using customer VLAN-based forwarding and filtering
EP2541841B1 (en) Method for sending ethernet frames in ethernet tree service and provider edge device
US20080080535A1 (en) Method and system for transmitting packet
WO2022100554A1 (en) Method for forwarding bier message, and device and system
JP2005341583A (en) Virtual private network, and multi-service provisioning platform and method
CN102413060B (en) User private line communication method and equipment used in VPLS (Virtual Private LAN (Local Area Network) Service) network
JP2005341591A (en) Virtual private network, and multi-service provisioning platform and method
US7924880B2 (en) Method and system for establishing hierarchical network with provider backbone bridges
WO2008019630A1 (en) A method, network and node device for data retransmission in network with double-layer
WO2008011818A1 (en) Method of realizing hierarchy-virtual private lan service and network system
CN100358322C (en) Method of multilayer VLAN switching
WO2011054263A1 (en) Access method and access system for layer 3 virtual private networks(vpn)
WO2020098611A1 (en) Method and apparatus for acquiring routing information
US20140321472A1 (en) Method for implementing e-tree service and provider edge device
WO2005125103A1 (en) A virtual private network system of hybrid site and hybrid backbone network and its realizing method
WO2006094440A1 (en) A method of virtual local area network exchange and the network device thereof
WO2007104201A1 (en) A method for forwarding message in the service tunnel of the ethernet application and a system thereof
Wu et al. Research on the application of cross-domain VPN technology based on MPLS BGP

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

NENP Non-entry into the national phase

Ref country code: RU

WWW Wipo information: withdrawn in national office

Country of ref document: RU

122 Ep: pct application non-entry in european phase

Ref document number: 05814003

Country of ref document: EP

Kind code of ref document: A1

WWW Wipo information: withdrawn in national office

Ref document number: 5814003

Country of ref document: EP