WO2008046359A1 - Method and apparatus for isolating the different virtual local area network services - Google Patents

Method and apparatus for isolating the different virtual local area network services Download PDF

Info

Publication number
WO2008046359A1
WO2008046359A1 PCT/CN2007/070930 CN2007070930W WO2008046359A1 WO 2008046359 A1 WO2008046359 A1 WO 2008046359A1 CN 2007070930 W CN2007070930 W CN 2007070930W WO 2008046359 A1 WO2008046359 A1 WO 2008046359A1
Authority
WO
WIPO (PCT)
Prior art keywords
vlan
network
bridge
shortest path
service instance
Prior art date
Application number
PCT/CN2007/070930
Other languages
French (fr)
Chinese (zh)
Inventor
Faming Yang
Hongguang Guan
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Publication of WO2008046359A1 publication Critical patent/WO2008046359A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/12Shortest path evaluation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/48Routing tree calculation
    • H04L45/484Routing tree calculation using multiple routing trees

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Small-Scale Networks (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A method and apparatus for isolating the different virtual local area network services. The method mainly includes : assigning the identification information to the VLAN (virtual local area network) service instances accessed to the shortest path bridge network; transferring the identification information of the VLAN service instance along the root port direction of the different spanning trees in the shortest path bridge network by the access network bridge of the VLAN service instance; identifying the accessed VLAN service instance according to the identification information received from the root port direction of the spanning tree by theaccess network bridge in the shortest path bridge network. By use of the method, it can be realized to isolate the different VLAN services in the shortest path bridge network, thereby it is ensured that the VLAN service data packet is propagated in the range of the VLAN.

Description

说明书 对不同虚拟局域网业务进行隔离的方法和装置  Method and apparatus for isolating different virtual local area network services
[1] 技术领域 [1] Technical field
[2] 本发明涉及网络通信领域, 尤其涉及一种对不同虚拟局域网业务进行隔离的方 法和装置。  [2] The present invention relates to the field of network communications, and in particular, to a method and apparatus for isolating different virtual local area network services.
[3] 背景技术 [3] Background Art
[4] 在传统的通过以太网网桥互联的网络中, 由于在同一个广播域中釆用相同的且 唯一的生成树来进行数据转发, 因此, 通常并不能保证数据包按最短路径转发 , 从而会导致数据包集中在某些链路上传送。  [4] In traditional networks interconnected by Ethernet bridges, because the same and unique spanning tree is used for data forwarding in the same broadcast domain, it is usually not guaranteed that packets are forwarded by the shortest path. As a result, packets are concentrated on certain links.
[5] 为了使网桥能够按最短路径转发数据, 目前有国际标准组织 IEEE (Institute for [5] In order to enable bridges to forward data on the shortest path, there is currently the International Standards Organization IEEE (Institute for
Electrical and Electronics Electrical and Electronics
Engineers , 电子电气工程师协会) 的最短路径桥项目组和国际标准组织 IETF (In ternet Engineering Task Force , Internet工禾呈任务组) 的 TRILL (interconnection of Lots of  Engineers, Institute of Electrical and Electronics Engineers) Shortest Path Bridge Project Team and International Standards Organization IETF (In ternet Engineering Task Force, Internet Workforce Task Force) TRILL (interconnection of Lots of
Links , 多链路中的透明互连) 工作组在分别按照两个不同方法进行研究。  Links, transparent interconnections in multiple links) The working group is studied in two different ways.
[6] 根据 IEEE [6] According to IEEE
802.1aq所阐述的最短路径桥接技术, 在桥接网络中以每个入口网桥为根创建一 个生成树 (称为入口树) , 当来自桥接网络外部的 VLAN (虚拟局域网) 业务数 据包到达入口网桥吋, 将该数据包封装新的外部 tag头, 这个外部头包含了能识 别入口树实例的信息, 并且该外部头与客户 VLAN信息无关。 于是, 封装了外部 tag的数据包在最短路径桥接网络内沿 Tag标识的入口树按最短路径转发。  The shortest path bridging technique described in 802.1aq creates a spanning tree (called an ingress tree) with each ingress bridge as the root in the bridged network, when VLAN (virtual local area network) traffic packets from outside the bridging network arrive at the ingress network. Bridge, encapsulates the packet with a new external tag header that contains information that identifies the entry tree instance, and that is independent of the customer VLAN information. Thus, the data packet encapsulating the external tag is forwarded by the shortest path along the entry tree identified by the Tag in the shortest path bridged network.
[7] 目前的 MSTP (Multiple Spanning Tree  [7] Current MSTP (Multiple Spanning Tree
Protocol, 多生成树协议) 是针对不同 VLAN设置不同的生成树, 每个 VLAN构建 一颗单生成树。 当 MSTP在 802.1aq环境中使用吋, 同一个 VLAN业务需要使用多 个最短路径树, 同吋不同 VLAN业务也可以共用一个有共同入口网桥的最短路径 树, 比如, 在一个 SPVID3树上连接两个客户 VLAN。  Protocol, multiple spanning tree protocol) Set different spanning trees for different VLANs, and build a single spanning tree for each VLAN. When MSTP is used in an 802.1aq environment, the same VLAN service needs to use multiple shortest path trees. Similarly, different VLAN services can share a shortest path tree with a common ingress bridge. For example, connect two on one SPVID3 tree. Customer VLAN.
[8] 最短路径网桥环境给每个入口树实例分配唯一的一个 VID (Visual LAN Identifier, 虚拟局域网标识符) , 可将此 VID称为 SPVID (Shortest Path Visual LAN [8] The shortest path bridge environment assigns a unique VID to each entry tree instance (Visual LAN) Identifier, virtual local area network identifier), this VID can be called SPVID (Shortest Path Visual LAN)
Identifier, 最短路径 VID) 。 当某一个 VLAN业务数据包从外部接入最短路径桥 接网络吋, 给该 VLAN业务数据包封装一个包含 SPVID的外部 tag , 封装后的数据 包的帧格式大致如下:  Identifier, shortest path VID). When a VLAN service data packet is externally connected to the shortest path bridge network, the VLAN service data packet is encapsulated with an external tag containing the SPVID. The frame format of the encapsulated data packet is as follows:
Figure imgf000004_0001
Figure imgf000004_0001
但是, 上述数据包的帧格式中的 SPVID不能区分客户 VLAN业务, 所以如果按 S PVID进行数据转发会出现业务数据泄漏, 即转发到没有 VLAN业务的网桥上。 下面用一个例子来说明这一点。  However, the SPVID in the frame format of the above data packet cannot distinguish the customer VLAN service. Therefore, if data forwarding is performed according to the S PVID, service data leakage occurs, that is, it is forwarded to the bridge without the VLAN service. Let's use an example to illustrate this point.
比如, 在图 1所示的桥接网络中, 一个最短路径桥接网络由桥接节点 A、 B、 C 、 D构成, 生成了 4个入口树, 分别用不同的线段来表示。 现有一个接入 VLAN 1的客户从网桥 A、 B、 D接入最短路径桥接网络。 当 VLAN业务数据包到达图 1所 示的桥接网络中的最短路径网桥桥节点吋, 要封装一个包含入口树对应的 SPVID 的外部 tag。  For example, in the bridged network shown in Figure 1, a shortest path bridged network consists of bridge nodes A, B, C, and D, and four entry trees are generated, each represented by a different line segment. An existing client accessing VLAN 1 accesses the shortest path bridged network from bridges A, B, and D. When the VLAN service data packet arrives at the shortest path bridge node in the bridged network shown in Figure 1, an external tag containing the SPVID corresponding to the entry tree is encapsulated.
当上述数据包在桥接网络内沿着 SPVID确定的树进行传播吋, 外部客户 VLAN ID在桥接网络内部是透明的, 于是, 接入 VLAN  When the above data packet is propagated along the tree determined by the SPVID in the bridged network, the external customer VLAN ID is transparent inside the bridged network, and thus, the access VLAN
1业务的广播包 (包括未知包) 将会扩散到没有接入 VLAN 1 service broadcast packet (including unknown packet) will spread to no access VLAN
1业务的桥节点 C上去, 从而造成业务数据泄漏和带宽资源的浪费, 因此如何保 证不同的 VLAN广播域隔离, 即当一个 VLAN中的数据包需要进行广播吋, 它不 能被泄漏到其它 VLAN中, 即避免不恰当的泛洪, 是桥接网络中需要解决的问题 在针对 802.1ah实现的 PBBN (Provider Backbone Bridge 1 The bridge node C of the service goes up, which causes service data leakage and waste of bandwidth resources. Therefore, how to ensure different VLAN broadcast domain isolation, that is, when a packet in a VLAN needs to be broadcast, it cannot be leaked into other VLANs. , that is, to avoid inappropriate flooding, is a problem that needs to be solved in the bridged network. PBBN (Provider Backbone Bridge) for 802.1ah implementation
Network, 运营商骨干网桥网络) 网络中, 若干 I-SIDs (i-SID == Service instanceNetwork, Carrier Backbone Network) In the network, several I-SIDs (i-SID == Service instance
ID , 业务实例标识符) 标识的不同的业务实例的数据在 PBBN网络传递吋会共用 一个 B-VLAN隧道 (即针对 B-VID所分配的生成树实例) 。 ID, Service Instance Identifier) The data of the different service instances identified in the PBBN network will share a B-VLAN tunnel (that is, the spanning tree instance assigned to the B-VID).
现有技术中一种在 B-VLAN隧道中隔离不同业务实例的方法为: 由于 PBBN网 络对外部数据来说是透明传输的, 因此, 该方法针对每个业务实例 (即针对每 个 I-SID) 分配一个组播地址, 不同 I-SID对应的组播地址可不同, 并且在 PBBN 网络内需要建立相应组播地址的数据转发表。 当一个业务实例的数据包到达 PBB N网络的边界网桥吋, 若该数据包的目的地址是未知包地址、 广播包或组播地址 , 则对该数据包封装一个外部 MAC头, 外部 MAC头的目的地址是 I-SID所对应的 组播地址。 由于不同的服务实例可有不同的组播地址, 这样封装了相应的组播 地址的数据包在 PBBN网络内部传递吋, 能达到不同业务实例的数据互相隔离。 A method for isolating different service instances in a B-VLAN tunnel in the prior art is: due to the PBBN network The network is transparently transmitted to external data. Therefore, the method assigns a multicast address to each service instance (that is, for each I-SID), and the multicast addresses corresponding to different I-SIDs can be different, and in PBBN. A data forwarding table of the corresponding multicast address needs to be established in the network. When a data packet of a service instance reaches the border bridge of the PBB N network, if the destination address of the data packet is an unknown packet address, a broadcast packet, or a multicast address, the data packet is encapsulated with an external MAC header, and the external MAC header is encapsulated. The destination address is the multicast address corresponding to the I-SID. Since different service instances may have different multicast addresses, the data packets encapsulating the corresponding multicast addresses are transmitted inside the PBBN network, and the data of different service instances can be isolated from each other.
[15] 上述现有技术的方法的缺点为: 该方法仅仅适用于 PBBN网络。 在最短路径网 桥网络中, 业务数据转发是基于 SPVID树, 不能看到外部 VLAN服务实例标识。 该方法没有针对最短路径桥接网络环境给出组播地址转发表的配置方法, 因此 , 该方法不适用最短路径桥接网络环境。  [15] A disadvantage of the above prior art method is that the method is only applicable to the PBBN network. In the shortest path bridge network, the service data forwarding is based on the SPVID tree, and the external VLAN service instance identifier cannot be seen. This method does not provide a method for configuring the multicast address forwarding table for the shortest path bridging network environment. Therefore, this method is not applicable to the shortest path bridging network environment.
[16] 发明内容  [16] Summary of the invention
[17] 本发明的目的是提供一种对不同虚拟局域网业务进行隔离的方法和装置, 从而 可以保证在最短路径桥接网络中, 对不同 VLAN业务进行隔离。  [17] It is an object of the present invention to provide a method and apparatus for isolating different virtual local area network services, thereby ensuring isolation of different VLAN services in the shortest path bridged network.
[18] 本发明的目的是通过以下技术方案实现的:  [18] The object of the present invention is achieved by the following technical solutions:
[19] 一种对不同虚拟局域网业务进行隔离的方法, 包括:  [19] A method of isolating different virtual local area network services, including:
[20] 给最短路径桥接网络中接入的虚拟局域网 VLAN业务实例分配标识信息;  [20] assigning identification information to the virtual local area network VLAN service instance accessed in the shortest path bridged network;
[21] 所述 VLAN业务实例的接入网桥将所述 VLAN业务实例的标识信息, 沿着所述 最短路径桥接网络中不同入口树的根端口方向进行传递;  [21] The access bridge of the VLAN service instance transmits the identifier information of the VLAN service instance along a root port direction of different entry trees in the shortest path bridge network;
[22] 所述最短路径桥接网络内的接入网桥根据从其入口树的根端口方向接收到的所 述标识消息, 对所述接入的 VLAN业务实例进行识别。  [22] The access bridge in the shortest path bridging network identifies the accessed VLAN service instance according to the identification message received from the root port direction of the ingress tree.
[23] 一种最短路径桥接网络中的接入网桥, 包括:  [23] An access bridge in a shortest path bridged network, including:
[24] 标识信息分配模块, 用于给最短路径桥接网络中接入的 VLAN业务实例分配标 识信息;  [24] an identifier information distribution module, configured to allocate identification information to a VLAN service instance accessed in the shortest path bridge network;
[25] 标识信息传输模块, 用于将所述标识信息分配模块分配的 VLAN业务实例的标 识信息, 沿着所述最短路径桥接网络中不同入口树的根端口方向进行传递; [25] an identifier information transmission module, configured to transmit identification information of a VLAN service instance allocated by the identifier information distribution module along a root port direction of different entry trees in the shortest path bridge network;
[26] VLAN业务实例识别模块, 用于根据从其入口树的根端口方向接收到的所述标 识消息, 对最短路径桥接网络中接入的 VLAN业务实例进行识别。 [27] 由上述本发明提供的技术方案可以看出, 本发明通过给每个 VLAN业务实例分 配一个组播地址, 在每个 VLAN业务接入网桥, 沿着不同的 SPVID标识对应的树 的根端口方向发起 VLAN接入组播地址的注册; 或者, 给每个 VLAN业务实例分 配一个 SPVID组, 在每个接入网桥形成包含 VLAN [26] The VLAN service instance identification module is configured to identify the VLAN service instance accessed in the shortest path bridge network according to the identifier message received from the root port direction of the entry tree. [27] It can be seen from the technical solution provided by the present invention that the present invention assigns a multicast address to each VLAN service instance, and accesses the bridge in each VLAN service, and identifies the corresponding tree along different SPVIDs. The root port direction initiates the registration of the VLAN access multicast address; or, assigns an SPVID group to each VLAN service instance, and forms a VLAN in each access bridge.
ID和 SPVID间关系的翻译表, 沿着不同的 SPVID标识对应的树的根端口方向发起 SPVID的注册。 从而可以对于不同的应用场景, 提供了在最短路径桥接网络中两 种不同的 VLAN业务隔离方法。 既保证了不同 VLAN业务的隔离, 保证了 VLAN 业务数据包在本 VLAN范围内传播, 又能实现业务 VLAN  A translation table of the relationship between the ID and the SPVID, and the registration of the SPVID is initiated along the root port direction of the tree corresponding to the different SPVID identifiers. Therefore, two different VLAN service isolation methods in the shortest path bridged network can be provided for different application scenarios. It ensures the isolation of different VLAN services, ensures that VLAN service data packets are transmitted within the VLAN, and implements service VLANs.
ID在最短路径桥接网络内的透明处理。  The ID is transparently processed within the shortest path bridged network.
[28] 附图说明 [28] BRIEF DESCRIPTION OF THE DRAWINGS
[29] 图 1为一种桥接网络的结构示意图;  [29] Figure 1 is a schematic structural diagram of a bridge network;
[30] 图 2为本发明所述实施例 1的具体处理流程图;  2 is a flowchart of a specific process of Embodiment 1 of the present invention;
[31] 图 3为本发明所述实施例 1中的桥接网络的结构示意图;  3 is a schematic structural diagram of a bridge network in Embodiment 1 of the present invention;
[32] 图 4为本发明所述实施例 2的具体处理流程图;  4 is a flowchart of a specific process of Embodiment 2 of the present invention;
[33] 图 5为本发明所述实施例 2中的桥接网络的结构示意图;  FIG. 5 is a schematic structural diagram of a bridge network according to Embodiment 2 of the present invention; FIG.
[34] 图 6为图 5所示的桥接网络中的针对 VLAN 1的注册过程示意图。  [34] FIG. 6 is a schematic diagram of a registration process for VLAN 1 in the bridge network shown in FIG. 5.
[35] 具体实施方式  [35] Specific implementation
[36] 本发明提供了一种对不同虚拟局域网业务进行隔离的方法和装置。 本发明针对 不同的应用场景, 提供了本发明所述方法的两个实施例。  [36] The present invention provides a method and apparatus for isolating different virtual local area network services. The present invention provides two embodiments of the method of the present invention for different application scenarios.
[37] 下面结合附图来详细描述本发明, 实施例 1的核心为: 釆用组播地址隔离不同 的 VLAN业务实例, 并在最短路径桥接网络内沿着不同的 SPVID标识对应的生成 树的根端口方向进行组播地址注册。 [37] The present invention is described in detail below with reference to the accompanying drawings. The core of Embodiment 1 is: Configuring different VLAN service instances by using multicast addresses, and identifying corresponding spanning trees along different SPVIDs in the shortest path bridged network. Multicast address registration in the root port direction.
[38] 实施例 1的具体处理流程如图 2所示, 包括如下步骤: [38] The specific processing flow of Embodiment 1 is as shown in FIG. 2, and includes the following steps:
[39] 步骤 2-1、 给每个 VLAN业务实例分配一个组播地址。 [39] Step 2-1. Assign a multicast address to each VLAN service instance.
[40] 实施例 1利用和扩展现有的 MMRP (多组播注册协议) 技术。 首先需要给最短 路径桥接网络中的每个接入的客户 VLAN业务实例分配一个唯一的组播地址, 作 为所述 VLAN业务实例的标识信息。 该组播地址是属于所述最短路径桥接网络的 MAC地址空间。 该组播地址可以在接入网桥的入口树生成前分配, 也可以在入 口树生成后分配。 [40] Embodiment 1 utilizes and extends existing MMRP (Multiple Multicast Registration Protocol) technology. First, a unique multicast address is assigned to each of the access client VLAN service instances in the shortest path bridging network as the identification information of the VLAN service instance. The multicast address is a MAC address space belonging to the shortest path bridged network. The multicast address can be assigned before the access tree of the access bridge is generated, or it can be entered. The port tree is allocated after it is generated.
[41] 比如, 在图 3所示的桥接网络中, 一个最短路径桥接网络由桥接节点 A、 B、 C 、 D构成, 生成了 4个入口树, 分别用不同的线段来表示。 现在有一个 VLAN 1业务实例的从网桥 A、 B、 D接入到图 3所示最短路径桥接网络。 给该 VLAN 1业务实例分配一个组播地址 m。  [41] For example, in the bridged network shown in Figure 3, a shortest path bridged network consists of bridge nodes A, B, C, and D, and four entry trees are generated, each represented by a different line segment. There is now a VLAN 1 service instance from bridges A, B, and D to the shortest path bridge network shown in Figure 3. Assign a multicast address m to the VLAN 1 service instance.
[42] 步骤 2-2、 将组播地址在最短路径桥接网络内沿着不同的 SPVID标识对应的树的 根端口方向进行注册。  [42] Step 2-2. Register the multicast address in the shortest path bridging network along the root port direction of the tree corresponding to the different SPVID identifiers.
[43] 在给每个接入的 VLAN业务实例分配了一个唯一的组播地址后, 每个 VLAN业 务实例的接入网桥需要针对不同的入口树发起分配的组播地址的注册过程。  [43] After assigning a unique multicast address to each access VLAN service instance, the access bridge of each VLAN service instance needs to initiate the registration process of the assigned multicast address for different entry trees.
[44] 当一个 VLAN业务对应一个 SPVID组吋, 假定该 SPVID组有 n个 SPVID, 则该 V LAN业务对应着一组 VLAN业务接入网桥, 在每个 VLAN业务接入网桥, 针对 n-1 个其它 VLAN业务接入网桥为树根确定的入口树, 发起一个组播地址注册过程, 此吋每个注册消息朝着一个入口树的根端口方向传播。  [44] When a VLAN service corresponds to an SPVID group, assuming that the SPVID group has n SPVIDs, the V LAN service corresponds to a set of VLAN service access bridges, and each VLAN service access bridge, for n - 1 other VLAN service access bridge is an entry tree determined by the root of the tree, and initiates a multicast address registration process, where each registration message propagates toward the root port of an entry tree.
[45] 本实施例提供了二个注册方案。 下面分别介绍该二个注册方案。  [45] This embodiment provides two registration schemes. The two registration schemes are described separately below.
[46] 注册方案 1 : 在组播地址的注册过程中, VLAN业务实例的接入节点沿着具有 S PVID标识的入口树向根端口方向发送注册消息, 该注册消息携带该 VLAN业务 实例对应的组播地址、 入口树 SPVID标识信息。 在实际应用中, 可以在注册消息 的数据包的 Tag头部封装所述相应组播地址、 入口树 SPVID标识信息; 或者, 在 所述注册消息的数据包的静荷内容中设置所述相应组播地址、 入口树 SPVID标识 [46] Registration scheme 1: In the registration process of the multicast address, the access node of the VLAN service instance sends a registration message to the root port along the ingress tree with the S PVID identifier, where the registration message carries the corresponding VLAN service instance. Multicast address and entry tree SPVID identification information. In an actual application, the corresponding multicast address, the entry tree SPVID identification information may be encapsulated in a Tag header of the data packet of the registration message; or the corresponding group is set in the static load content of the data packet of the registration message. Broadcast address, entry tree SPVID identifier
Ι π Λ∑!、。 Ι π Λ∑! ,.
[47] 接收到上述注册消息的网桥在接收端口上注册一个 FDB entry (filter  [47] The bridge that received the above registration message registers an FDB entry (filter) on the receiving port.
database, 过滤数据库表项) 。 该 FDB  Database, filter database table entries). The FDB
entry包括: 接收端口号和上述注册消息中携带的入口树的 SPVID标识、 组播地址 , 然后将该注册消息继续向根端口方向传播。 比如, 在图 3所示的桥接网络中, VLAN1接入节点 A和 VLAN1接入节点 D分别沿着根端口向 VLAN1接入节点 B发送 携带 (SPVID  The entry includes: receiving the port number and the SPVID identifier and the multicast address of the entry tree carried in the foregoing registration message, and then continuing to propagate the registration message to the root port. For example, in the bridged network shown in Figure 3, VLAN 1 access node A and VLAN 1 access node D are respectively carried along the root port to VLAN 1 access node B (SPVID).
3, m) 的注册消息; VLAN1接入节点 B和 VLAN1接入节点 D分别沿着根端口向 V LAN1接入节点 A发送携带 (SPVID 4, m) 的注册消息; VLAN1接入节点 A和 VLAN1接入节点 B分别沿着根端口向 V LAN1接入节点 D发送携带 (SPVID2, m) 的注册消息。 接入节点 C也将接收到 接入节点 、 接入节点8、 接入节点 D发送的注册消息, 由于在接入节点 C上没有 注册组播地址 m, 接入节点 C可以不处理接收到的注册消息。 3, m) registration message; VLAN 1 access node B and VLAN 1 access node D respectively send along the root port to V LAN1 access node A carrying (SPVID 4, m) registration message; VLAN 1 access node A and VLAN 1 access node B respectively send a registration message carrying (SPVID2, m) to the V LAN1 access node D along the root port. The access node C will also receive the registration message sent by the access node, the access node 8, and the access node D. Since the multicast address m is not registered on the access node C, the access node C may not process the received message. Registration message.
[48] 注册方案 2、 管理系统在 SPVID树生成前, 在每个接入网桥为接入的 VLAN业务 实例分配相应的组播地址, 在每个 SPVID树的收敛后, VLAN业务实例的接入网 桥沿着 SPVID树的指定端口方向发送注册消息, 接收到注册消息的网桥在接收端 口上注册一个上述 FDB entry。  [48] Registration scheme 2: Before the SPVID tree is generated, the management system assigns a corresponding multicast address to each access bridge to access the VLAN service instance. After each SPVID tree converges, the VLAN service instance is connected. The inbound bridge sends a registration message along the designated port direction of the SPVID tree, and the bridge that receives the registration message registers one of the above FDB entries on the receiving port.
[49] 比如, 在图 3所示的桥接网络中, VLAN1接入节点 A沿着指定端口向 VLAN1接 入节点 D、 VLAN1接入节点 B发送携带 (SPVID  [49] For example, in the bridged network shown in Figure 3, VLAN 1 access node A is connected to VLAN 1 along node 1 and VLAN 1 is connected to node B to transmit (SPVID).
4, m) 的注册消息; VLAN1接入节点 B沿着指定端口向 VLAN1接入节点1)、 VL AN1接入节点 A发送携带 (SPVID  4, m) registration message; VLAN1 access node B sends a carry along the designated port to the VLAN1 access node 1), VL AN1 access node A (SPVID
3, m) 的注册消息; VLAN1接入节点 D沿着指定端口向 VLAN1接入节点八、 VL AN1接入节点 B发送携带 (SPVID  3, m) registration message; VLAN 1 access node D along the designated port to the VLAN1 access node VIII, VL AN1 access node B send carry (SPVID
2, m) 的注册消息。 接入节点 C也将接收到接入节点 A、 接入节点8、 接入节点 D发送的注册消息, 由于在接入节点 C上没有注册组播地址 m, 接入节点 C可以不 处理接收到的注册消息。  2, m) registration message. The access node C will also receive the registration message sent by the access node A, the access node 8, and the access node D. Since the multicast address m is not registered on the access node C, the access node C may not process the received message. Registration message.
[50] 在上述注册方案 1中, 需要解决接收端口对 Tag数据包的过滤问题。 由于上述注 册方案 1中没有专门针对端口进行 SPVID注册, 即没有形成注册项 (SPVID, 端 口号) 。 但根据 802.1Q目前的规定: 关于 VLAN釆用了 "enable or disable Ingress Filtering" (釆用或关闭入口网桥过滤方式) 。 若使用 enable Ingress  [50] In the above registration scheme 1, it is necessary to solve the problem of filtering the tag data packet by the receiving port. Since there is no SPVID registration for the port in the above registration scheme 1, no registration item (SPVID, port number) is formed. However, according to the current 802.1Q regulations: "Enable or disable Ingress Filtering" is used for VLANs. If you use enable Ingress
Filtering (釆用入口网桥过滤方式) , 由于在接收网桥上没有形成注册项 (SPVI D, 端口号) , 接收网桥将丢弃接收到的包含 tag头部的数据包。 因此, 在上述注 册方案 1中, 为保证包含 tag头部的注册数据包的顺利传递, 在网桥的接收端口上 将釆用 Disable Ingress Filter ingress (关闭入口网桥过滤方式) 。  Filtering (ingress gateway filtering), because the registration entry (SPVI D, port number) is not formed on the receiving bridge, the receiving bridge will discard the received packet containing the tag header. Therefore, in the above registration scheme 1, in order to ensure the smooth delivery of the registration packet including the tag header, the Disable Ingress Filter ingress is disabled on the receiving port of the bridge.
[51] 在上述注册方案 2中, 需要解决包含 Tag (该 tag携带 SPVID) 的注册包的过滤问 题  [51] In the above registration scheme 2, the filtering problem of the registration package containing the Tag (the tag carries the SPVID) needs to be solved.
。 根据现有的 MMRP, 在多生成树环境中进行注册吋, 注册包要携带一个 tag头 , 该 tag头包含 VLAN . According to the existing MMRP, after registering in a multiple spanning tree environment, the registration package must carry a tag header. , the tag header contains a VLAN
ID (在这里应是 SPVID) 。 由于在接收网桥上没有形成注册项 (SPVID, 端口号 ID (here should be SPVID). Since no registration item is formed on the receiving bridge (SPVID, port number)
) , 接收网桥将丢弃接收到的包含 tag的注册包。 因此, 在上述注册方案 2中, 为 保证注册包的顺利传递, 在网桥的接收端口上将釆用 Disable Ingress Filter ingress (关闭入口网桥过滤方式) 。 ), the receiving bridge will discard the received registration packet containing the tag. Therefore, in the above registration scheme 2, in order to ensure the smooth delivery of the registration packet, the Disable Ingress Filter ingress is disabled on the receiving port of the bridge.
[52] 步骤 2-3、 最短路径桥接网络内的网桥根据注册形成的 FDB [52] Step 2-3, the shortest path bridges the bridge in the network according to the registration of the FDB
entry, 对不同 VLAN业务实例进行隔离, 进行 VLAN数据包的转发。  Entry, isolates different VLAN service instances and forwards VLAN packets.
[53] 在进行了上述注册过程后, 最短路径桥接网络内的网桥便可以根据注册形成的 各种 FDB [53] After the above registration process, the bridges in the shortest path bridged network can be based on various FDBs formed by registration.
entry (包含出口树的 SPVID标识、 组播地址和端口号) 项, 对不同 VLAN业务实 例进行隔离, 将各数据包在其所属的 VLAN业务实例的接入网桥之间进行转发。  The entry (including the SPVID ID, multicast address, and port number of the egress tree) is used to isolate different VLAN service instances and forward each packet between access bridges of the VLAN service instance to which it belongs.
[54] 当一个 VLAN  [54] When a VLAN
ID对应的业务数据包到达最短路径桥接网络内的网桥吋, 接收网桥将该数据包 封装一个外部头。 若判断该数据包是单播未知包、 组播包或广播包, 则上述外 部头的目的地址是该 VLAN接入组的组播地址; 另外, 还需封装包含以接收网桥 为根的 SPVID的外部 tag头。 然后, 将封装后的数据包在最短路径桥接网络内在 本 VLAN范围内沿着入口树进行转发。  The service data packet corresponding to the ID arrives at the bridge in the shortest path bridged network, and the receiving bridge encapsulates the data packet with an external header. If it is determined that the data packet is a unicast unknown packet, a multicast packet, or a broadcast packet, the destination address of the external header is a multicast address of the VLAN access group. In addition, the SPVID including the receiving bridge as a root is also encapsulated. The external tag header. The encapsulated packets are then forwarded along the entry tree within the VLAN within the shortest path bridged network.
[55] 比如, 在图 3所示的桥接网络中, 当接入网桥 B接收到属于 VLAN1的数据包吋 [55] For example, in the bridged network shown in Figure 3, when access bridge B receives a packet belonging to VLAN1吋
, 若该数据包是未知单播地址, 则将该数据包封装包含目的地址的 MAC头 (组 播地址 m) 和一个包含 SPVID If the data packet is an unknown unicast address, the data packet is encapsulated with a MAC header (the multicast address m) and a SPVID containing the destination address.
3的 tag头, 然后, 再按照包含 SPVID3标识、 组播地址 m和端口号的 FDB entry项将封装后的数据包进行转发。 由于在网桥 B上没有形成到网桥 C的包含 SP The tag header of 3, and then forward the encapsulated packet according to the FDB entry containing the SPVID3 identifier, the multicast address m, and the port number. Since the bridge B is not formed on the bridge B, the SP is included.
VID3标识、 组播地址 m和端口号的 FDB FID of VID3 identifier, multicast address m and port number
entry项, 因此, 上述数据包会传播到网桥 A和 D, 而不会泄漏到网桥 C。 从而保 证了数据包在 VLAN1范围内传播。  The entry entry, therefore, will propagate to the bridges A and D without leaking to bridge C. This ensures that packets are transmitted within the scope of VLAN 1.
[56] 上述实施例 1的处理流程即保证了不同 VLAN业务的隔离, 又能实现业务 VLAN[56] The processing flow of the foregoing Embodiment 1 ensures isolation of different VLAN services and implements a service VLAN.
ID在最短路径桥接网络内的透明处理。 The ID is transparently processed within the shortest path bridged network.
[57] 上述实施例 1的处理流程适合于 802.1ah环境, 在运营商网络内部转发基于最短 路径桥接技术, 相对于客户网络又构成了 MAC in [57] The processing flow of the foregoing Embodiment 1 is suitable for the 802.1ah environment, and the forwarding is shortest within the carrier network. Path bridging technology, which constitutes MAC in in relation to the customer network
MACo 在对 802. lad进行扩展, 允许在 802. lad中釆用 MAC in  MACo is extending 802. lad, allowing MAC in 802. lad
MAC封装后, 上述实施例 1可以应用在 802.1ad环境。  After MAC encapsulation, the above embodiment 1 can be applied in an 802.1ad environment.
[58] 实施例 2的核心为: 釆用 SPVID组隔离不同的 VLAN业务实例, 并在最短路径桥 接网络内沿着不同的 SPVID标识对应的生成树的根端口方向进行 SPVID组注册。 The core of the embodiment 2 is as follows: SP SPVID group is used to isolate different VLAN service instances, and SPVID group registration is performed in the shortest path bridge network along the root port direction of the corresponding spanning tree of different SPVID identifiers.
[59] 实施例 2的具体处理流程如图 4所示, 包括如下步骤: [59] The specific processing flow of Embodiment 2 is as shown in FIG. 4, and includes the following steps:
[60] 步骤 4-1、 给每个 VLAN业务实例分配一个 SPVID组, 形成包含 VLAN [60] Step 4-1. Assign an SPVID group to each VLAN service instance to form a VLAN.
ID和 SPVID组间关系的翻译表。  A translation table of the relationship between ID and SPVID groups.
[61] 首先需要在最短路径桥接网络中的每个接入网桥, 对应每个接入的客户 VLAN 业务分配一个的 SPVID, 作为所述 VLAN业务实例的标识信息。 该 SPVID在整个 最短路径桥接网络内是唯一的。 于是, 对于一个 VLAN业务实例就分配了一组 SP[61] First, each access bridge in the shortest path bridging network needs to allocate one SPVID for each accessed client VLAN service as the identification information of the VLAN service instance. This SPVID is unique across the shortest path bridged network. Thus, a set of SPs is assigned to a VLAN service instance.
VID (SPVIDs) 。 VID (SPVIDs).
[62] 若不同的 VLAN业务实例接入了一组相同的网桥, 则可给它们分配一组相同的 或者不同的 SPVID。 但是对同一个 VLAN业务实例, 在不同接入网桥上对不同入 口树给它分配的 SPVID是不同的。  [62] If different VLAN service instances access a group of identical bridges, they can be assigned a set of identical or different SPVIDs. However, for the same VLAN service instance, the SPVID assigned to different access trees on different access bridges is different.
[63] 因此, 给不同的 VLAN业务实例分配的一组 SPVID, 既能标识不同的入口树, 也能区分不同的 VLAN业务实例, 可以用来隔离不同的 VLAN业务实例。 [63] Therefore, a group of SPVIDs assigned to different VLAN service instances can identify different entry trees and different VLAN service instances.
[64] 在 802.1aq网络中, 在每个入口树的生成过程中, 每个网桥发送的 BPDU (Bridg e Protocol Data [64] In an 802.1aq network, BPDUs sent by each bridge during the generation of each entry tree (Bridg e Protocol Data
Unit, 桥接协议数据单元) 消息中要携带一个或多个映射信息: VLAN ID -SPVID, 这样多个 SPVID映射到同一个入口树实例上, 且一个 SPVID只能映射 到一个入口树业务实例 (每个 SPVID在所述的最短路径桥接网络内是唯一的) 。  Unit, bridging protocol data unit) The message carries one or more mapping information: VLAN ID - SPVID, so that multiple SPVIDs are mapped to the same entry tree instance, and one SPVID can only be mapped to one ingress tree service instance (per The SPVIDs are unique within the shortest path bridged network described).
[65] 于是, 在每个接入网桥上形成了包含 VLAN [65] Thus, a VLAN is formed on each access bridge.
ID和 SPVID组之间映射关系的翻译表。 根据该翻译表, 在任何一个入口桥, 一个 VLAN ID可以映射到唯一的一组 SPVID, 一个 SPVID组可以映射到唯一的 VLAN ID。  A translation table for the mapping between ID and SPVID groups. According to the translation table, at any entry bridge, a VLAN ID can be mapped to a unique set of SPVIDs, and an SPVID group can be mapped to a unique VLAN ID.
[66] 如在图 5所示的桥接网络中, VLAN  [66] As in the bridged network shown in Figure 5, VLAN
1业务实例在网桥八、 B、 D接入, 给该 VLAN 1业务实例分配了一组 SPVIDs{ l, 4, 2}; VLAN 1 service instance in the bridge eight, B, D access, give the VLAN 1 business instance is assigned a set of SPVIDs { l, 4, 2}; VLAN
2业务实例在网桥。、 B、 D接入, 给该 VLAN  2 The business instance is on the bridge. , B, D access, give the VLAN
2业务实例分配了一组 SPVIDs{ 10, 11 , 12}。  2 The business instance is assigned a set of SPVIDs { 10, 11 , 12}.
[67] 当一个 VLAN业务实例的数据到达某个接入网桥吋, 可以利用上述形成的翻译 表, 将相应的 SPVID封装到数据包中, 该 SPVID既能标识入口树又能区分 VLAN 业务, 然后将封装后的数据包在桥接网络内沿着 SPVID标识的入口树进行转发。 [67] When the data of a VLAN service instance reaches an access bridge, the corresponding SPVID can be encapsulated into a data packet by using the translation table formed above, and the SPVID can identify both the entry tree and the VLAN service. The encapsulated data packet is then forwarded along the entry tree identified by the SPVID within the bridged network.
[68] 步骤 4-2、 将给 VLAN业务实例分配的一组 SPVID在最短路径桥接网络中进行注 册。 [68] Step 4-2. Register a set of SPVIDs assigned to the VLAN service instance in the shortest path bridged network.
[69] 为了保证了数据包在一个 VLAN业务实例范围内传播, 而不会泄漏到 VLAN业 务实例范围外的网桥上。 需要将给 VLAN业务实例分配的一组 SPVID在最短路径 桥接网络中进行注册。  [69] To ensure that packets are spread within a VLAN service instance, they do not leak to bridges outside the VLAN service instance. A set of SPVIDs assigned to VLAN service instances needs to be registered in the shortest path bridged network.
[70] 在最短路径桥接网络内如何进行 VLAN注册, 目前的 802.1aq还没有给出相应的 方法。 现有一种注册方法为: 利用广播方式通告 VLAN、 组播地址信息, 然后进 一步利用 64位反射向量方法。 此方法缺点是: 比较复杂, 每个网桥储存的信息 量很大。 [70] How to perform VLAN registration in the shortest path bridged network, the current 802.1aq has not given a corresponding method. An existing registration method is as follows: Broadcasting a VLAN, multicast address information, and then further utilizing a 64 -bit reflection vector method. The disadvantages of this method are: More complex, each bridge stores a large amount of information.
[71] 下面描述本实施例中的最短路径桥接网络内的 SPVID注册方法。  The SPVID registration method in the shortest path bridge network in this embodiment will be described below.
[72] 首先, 在每个入口接入网桥针对每个 VLAN ID, 根据配置的 VLAN ID  [72] First, at each ingress access bridge for each VLAN ID, based on the configured VLAN ID
和 SPVID的映射关系表, 找出相应的 SPVIDs, 但不包括和本入口桥为根的树相 应的 SPVID。  The SPVID mapping table is used to find the corresponding SPVIDs, but does not include the SPVID corresponding to the tree whose root is the entry bridge.
[73] 然后, 针对 SPVIDs中的每个 SPVID标识的入口树的根端口发起一个 SPVID注册 [73] Then, initiate an SPVID registration for the root port of the entry tree identified by each SPVID in the SPVIDs
, 即沿着根端口发送携带本网桥分配的 SPVID的注册消息。 每个网桥收到该注册 消息后, 将该注册消息中携带的 SPVID标识和接收端口信息进行保存。 并根据 S PVID找出相应的生成树实例, 继续朝该生成树的根端口发送携带 , that is, the registration message carrying the SPVID assigned by the bridge is sent along the root port. After receiving the registration message, each bridge saves the SPVID identifier and the receiving port information carried in the registration message. Find the corresponding spanning tree instance based on the S PVID and continue to send the port to the root port of the spanning tree.
SPVID的注册消息。  SPVID registration message.
[74] 当一个网桥得知一个 SPVID对应的树的拓扑结构发生变化后, 若它是该 SPVID 对应的 VLAN接入节点, 且该 SPVID对应的树的根网桥不是本网桥, 则该网桥需 要重新对 SPVID进行注册。  [74] When a bridge learns that the topology of the tree corresponding to the SPVID changes, if it is the VLAN access node corresponding to the SPVID, and the root bridge of the tree corresponding to the SPVID is not the local bridge, The bridge needs to re-register the SPVID.
[75] 上述实施例 2中的注册流程可以应用到 802.1Q环境中, 不适合在 802.1ah、 802.a d环境中使用, 因为 802.1ah, 802.ad釆用是 QinQ技术, 体现了对 VLAN扩展性的 支持。 [75] The registration process in the above Embodiment 2 can be applied to an 802.1Q environment, and is not suitable for 802.1ah, 802.a. Used in the d environment, because 802.1ah, 802.ad is used in QinQ technology, which reflects the support for VLAN scalability.
[76] 根据上述实施例 2中的注册流程, 在图 5所示的桥接网络中, 针对 VLAN  [76] According to the registration procedure in Embodiment 2 above, in the bridge network shown in FIG. 5, for the VLAN
1的注册过程示意图如图 6所示。 具体注册过程如下:  The registration process of 1 is shown in Figure 6. The specific registration process is as follows:
[77] 在接入网桥 D, 针对 VLAN 1, 分别在 SPVID 1和 SPVID [77] On access bridge D, for VLAN 1, respectively in SPVID 1 and SPVID
4标识的入口树发起相应 SPVID的注册; 在接入网桥 A, 针对 VLAN  4 identified entry tree initiates registration of the corresponding SPVID; at access bridge A, for VLAN
1 , 分别在 SPVID 1和 SPVID  1 , in SPVID 1 and SPVID respectively
2标识的入口树发起相应 SPVID的注册。 在接入网桥 B, 针对 VLAN  2 The identified entry tree initiates the registration of the corresponding SPVID. On access bridge B, for VLAN
1, 分别在 SPVID 4和 SPVID 2标识的入口树发起相应 SPVID的注册。  1. Initiate the registration of the corresponding SPVID in the entry tree identified by SPVID 4 and SPVID 2 respectively.
[78] 当 VLAN [78] When VLAN
1业务实例数据包到达接入网桥八、 B和 D后, 接入网桥八、 B和 D査询上述翻译表 , 获得在接入网桥八、 B和 D上针对 VLAN  1 After the service instance data packet arrives at the access bridges VIII, B, and D, the access bridges VIII, B, and D query the above translation table, and obtain the VLANs on the access bridges 8, B, and D.
1业务实例分配的相应 SPVID, 将该数据包封装包含相应 SPVID的 tag头。 然后, 根据翻译表中保存的 VLAN1和 SPVID组之间映射关系和注册的端口信息, 从 VL AN1对应的 SPVID标识的树的根端口方向将数据包进行转发。 由于翻译表中保存 的 VLAN1和 SPVID组之间映射关系没有包含接入网桥 C, 从而可以保证数据包将 不会泄漏到 VLAN  1 The corresponding SPVID assigned by the service instance, and the data packet is encapsulated with a tag header containing the corresponding SPVID. Then, according to the mapping relationship between the VLAN1 and SPVID groups stored in the translation table and the registered port information, the data packet is forwarded from the root port direction of the tree identified by the SPVID corresponding to VL AN1. Since the mapping between the VLAN1 and SPVID groups saved in the translation table does not include the access bridge C, it can ensure that the data packet will not leak to the VLAN.
2接入网桥。。 保证了数据包在其所属的 VLAN业务实例的接入网桥之间进行转发  2 access to the bridge. . Ensure that the data packet is forwarded between the access bridges of the VLAN service instance to which it belongs.
[79] 以上所述, 仅为本发明较佳的具体实施方式, 但本发明的保护范围并不局限于 此, 任何熟悉本技术领域的技术人员在本发明揭露的技术范围内, 可轻易想到 的变化或替换, 都应涵盖在本发明的保护范围之内。 因此, 本发明的保护范围 应该以权利要求的保护范围为准。 The above description is only a preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily think of within the technical scope disclosed by the present invention. Changes or substitutions are intended to be included within the scope of the invention. Therefore, the scope of protection of the present invention should be determined by the scope of the claims.

Claims

权利要求书 Claim
[1] 1、 一种对不同虚拟局域网业务进行隔离的方法, 其特征在于, 包括: 给最短路径桥接网络中接入的虚拟局域网 VLAN业务实例分配标识信息; 所述 VLAN业务实例的接入网桥将所述 VLAN业务实例的标识信息, 沿着所 述最短路径桥接网络中不同入口树的根端口方向进行传递; 所述最短路径桥接网络内的接入网桥根据从其入口树的根端口方向接收到 的所述标识消息, 对所述接入的 VLAN业务实例进行识别。  [1] A method for isolating different virtual local area network services, comprising: assigning identification information to a virtual local area network (VLAN) service instance accessed in a shortest path bridging network; and accessing the VLAN service instance The bridge transmits the identification information of the VLAN service instance along a root port direction of different entry trees in the shortest path bridge network; the access bridge in the shortest path bridge network is based on a root port from the entry tree thereof The identifier message received in the direction is used to identify the accessed VLAN service instance.
[2] 2、 根据权利要求 1所述的方法, 其特征在于, 所述的给最短路径桥接网络 中接入的虚拟局域网 VLAN业务实例分配标识信息过程, 具体包括: 给最短路径桥接网络中的每个接入的 VLAN业务实例分配一个唯一的组播 地址, 作为所述 VLAN业务实例的标识信息; 将所述组播地址配置在 VLAN 业务实例的每个接入网桥上。  [2] The method according to claim 1, wherein the process of assigning identification information to the virtual local area network (VLAN) service instance accessed in the shortest path bridging network comprises: providing the shortest path in the network Each of the accessed VLAN service instances is assigned a unique multicast address as the identification information of the VLAN service instance. The multicast address is configured on each access bridge of the VLAN service instance.
[3] 3、 根据权利要求 2所述的方法, 其特征在于, 所述的 VLAN业务实例的接 入网桥将所述 VLAN业务实例的标识信息, 沿着所述最短路径桥接网络中 不同入口树的根端口方向进行传递过程, 具体包括:  [3] The method according to claim 2, wherein the access bridge of the VLAN service instance bridges the identification information of the VLAN service instance along the shortest path to bridge different entries in the network. The root port direction of the tree is transmitted, including:
所述 VLAN业务实例的每个接入网桥沿着所述最短路径桥接网络中不同入 口树的根端口方向, 向其它网桥发送携带相应组播地址、 入口树最短路径 虚拟局域网标识符 SPVID标识信息的注册消息;  Each access bridge of the VLAN service instance sends a corresponding multicast address and an entry tree shortest path virtual local area network identifier (SPVID) identifier to other bridges along the root port direction of the different entry trees in the shortest path bridge network. Registration message of information;
所述其它网桥接收到所述注册消息后, 将接收端口信息和所述注册消息中 携带的组播地址、 入口树 SPVID标识进行保存; 将所述注册消息继续沿着 所述最短路径桥接网络中不同入口树的根端口方向进行转发。  After receiving the registration message, the other bridge saves the receiving port information and the multicast address and the entry tree SPVID identifier carried in the registration message; and continues to register the registration message along the shortest path bridge network. The root port direction of different entry trees is forwarded.
[4] 4、 根据权利要求 3所述的方法, 其特征在于, 在所述注册消息的数据包的 头部封装所述相应组播地址、 入口树 SPVID标识信息; 或者, 在所述注册 消息的数据包的静荷内容中设置所述相应组播地址、 入口树 SPVID标识信 息。 [4] The method according to claim 3, wherein the corresponding multicast address, the entry tree SPVID identification information is encapsulated in a header of the data packet of the registration message; or, in the registration message The corresponding multicast address and the entry tree SPVID identification information are set in the static payload content of the data packet.
[5] 5、 根据权利要求 2所述的方法, 其特征在于, 所述的 VLAN业务实例的接 入网桥将所述 VLAN业务实例的标识信息, 沿着所述最短路径桥接网络中 不同入口树的根端口方向进行传递过程, 具体包括: 在所述最短路径桥接网络中的各个入口树收敛吋, 所述 VLAN业务实例的 每个接入网桥沿着所述最短路径桥接网络中不同入口树的指定端口方向, 向其它网桥发送携带相应组播地址、 入口树 SPVID标识信息的注册消息; 所述其它网桥接收到所述注册消息后, 将接收端口信息和所述注册消息中 携带的组播地址、 入口树 SPVID标识进行保存; 将所述注册消息继续沿着 所述最短路径桥接网络中不同入口树的指定端口方向进行转发。 [5] The method according to claim 2, wherein the access bridge of the VLAN service instance bridges the identification information of the VLAN service instance along the shortest path to bridge different entries in the network. The root port direction of the tree is transmitted, including: Each of the access tree bridges in the shortest path bridging network converges, and each access bridge of the VLAN service instance transmits and carries to other bridges along the designated port direction of different entry trees in the shortest path bridging network. a registration message of the corresponding multicast address and the entry tree SPVID identification information; after receiving the registration message, the other bridge saves the receiving port information and the multicast address and the entry tree SPVID identifier carried in the registration message; The registration message continues to be forwarded along the designated port direction of the different entry trees in the shortest path bridged network.
[6] 6、 根据权利要求 1所述的方法, 其特征在于, 所述的给最短路径桥接网络 中接入的虚拟局域网 VLAN业务实例分配标识信息过程, 具体包括: 给最短路径桥接网络中的每个接入的 VLAN业务实例分配一个 SPVID组, 作为所述 VLAN业务实例的标识信息; 将所述 SPVID组中包含的各个 SPVID 分别配置在 VLAN业务实例的各个接入网桥上。  [6] The method according to claim 1, wherein the process of assigning identification information to the virtual local area network (VLAN) service instance accessed in the shortest path bridge network comprises: providing the shortest path in the network Each of the accessed VLAN service instances is assigned an SPVID group as the identification information of the VLAN service instance. Each SPVID included in the SPVID group is configured on each access bridge of the VLAN service instance.
[7] 7、 根据权利要求 6所述的方法, 其特征在于, 所述的给最短路径桥接网络 中接入的虚拟局域网 VLAN业务实例分配标识信息过程, 还包括: 在最短路径桥接网络中的各个接入网桥上配置并保存各个接入的 VLAN业 务实例的 VLAN标识 ID和所述 SPVID组的映射关系。  [7] The method according to claim 6, wherein the process of assigning identification information to the virtual local area network (VLAN) service instance accessed in the shortest path bridging network further comprises: in the shortest path bridging network The mapping between the VLAN ID of each VLAN service instance and the SPVID group is configured and saved on each access bridge.
[8] 8、 根据权利要求 7所述的方法, 其特征在于, 所述的 VLAN业务实例的接 入网桥将所述 VLAN业务实例的标识信息, 沿着所述最短路径桥接网络中 不同入口树的根端口方向进行传递过程, 具体包括:  [8] The method according to claim 7, wherein the access bridge of the VLAN service instance bridges the identification information of the VLAN service instance along the shortest path to bridge different entries in the network. The root port direction of the tree is transmitted, including:
所述 VLAN业务实例的每个接入网桥根据保存的所述 VLAN  Each access bridge of the VLAN service instance is based on the saved VLAN
ID和 SPVID组的映射关系, 获取所述 VLAN业务实例对应的 SPVID组; 沿着 该 SPVID组中包含的 SPVID对应入口树的根端口方向, 向其它网桥发送携 带相应 SPVID标识信息的注册消息;  The mapping relationship between the ID and the SPVID group, the SPVID group corresponding to the VLAN service instance is obtained; the SPVID included in the SPVID group corresponds to the root port direction of the entry tree, and the registration message carrying the corresponding SPVID identification information is sent to other bridges;
所述其它网桥接收到所述注册消息后, 将该注册消息中携带的 SPVID标识 和接收端口信息进行保存; 获得所述注册消息中携带的 SPVID标识对应的 入口树信息, 将所述注册消息继续沿着该入口树的根端口方向进行转发。  After receiving the registration message, the other bridge saves the SPVID identifier and the receiving port information carried in the registration message, and obtains the entry tree information corresponding to the SPVID identifier carried in the registration message, and the registration message is sent. Continue forwarding along the root port of the entry tree.
[9] 9、 根据权利要求 3、 5或 8所述的方法, 其特征在于, 所述的最短路径桥接 网络内的接入网桥根据从其入口树的根端口方向接收到的所述标识消息, 对所述接入的 VLAN业务实例进行识别的过程, 具体包括: 所述最短路径桥接网络内的接入网桥根据从其入口树的根端口方向接收到 的所述注册消息, 对接入的各个 VLAN业务实例进行识别, 将各数据包在 其所属的 VLAN业务实例的接入网桥之间进行转发。 [9] 9. The method according to claim 3, 5 or 8, wherein the access bridge in the shortest path bridged network receives the identifier according to a direction from a root port of its entry tree. The process of identifying the accessed VLAN service instance includes: The access bridge in the shortest path bridging network identifies the accessed VLAN service instances according to the registration message received from the root port direction of the ingress tree, and sets each data packet in the VLAN service to which it belongs. Forwarding between the access bridges of the instance.
[10] 10、 一种最短路径桥接网络中的接入网桥, 其特征在于, 包括: [10] 10. An access bridge in a shortest path bridged network, comprising:
标识信息分配模块, 用于给最短路径桥接网络中接入的 VLAN业务实例分 配标识信息;  An identifier information distribution module, configured to allocate identifier information to a VLAN service instance accessed in the shortest path bridge network;
标识信息传输模块, 用于将所述标识信息分配模块分配的 VLAN业务实例 的标识信息, 沿着所述最短路径桥接网络中不同入口树的根端口方向进行 传递;  And an identifier information transmission module, configured to transmit, by using the identifier information of the VLAN service instance allocated by the identifier information distribution module, along a root port direction of different entry trees in the shortest path bridge network;
VLAN业务实例识别模块, 用于根据从其入口树的根端口方向接收到的所 述标识消息, 对最短路径桥接网络中接入的 VLAN业务实例进行识别。  The VLAN service instance identification module is configured to identify the VLAN service instance accessed in the shortest path bridge network according to the identifier message received from the root port direction of the entry tree.
PCT/CN2007/070930 2006-10-20 2007-10-19 Method and apparatus for isolating the different virtual local area network services WO2008046359A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200610113920XA CN101166137B (en) 2006-10-20 2006-10-20 Method for separating different virtual LAN services
CN200610113920.X 2006-10-20

Publications (1)

Publication Number Publication Date
WO2008046359A1 true WO2008046359A1 (en) 2008-04-24

Family

ID=39313628

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2007/070930 WO2008046359A1 (en) 2006-10-20 2007-10-19 Method and apparatus for isolating the different virtual local area network services

Country Status (2)

Country Link
CN (1) CN101166137B (en)
WO (1) WO2008046359A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104579980A (en) * 2013-10-18 2015-04-29 杭州华三通信技术有限公司 Multicast datagram forwarding method and equipment
CN112311737A (en) * 2019-07-31 2021-02-02 中兴通讯股份有限公司 Flow isolation method, device and equipment and storage medium

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102316000A (en) * 2011-09-29 2012-01-11 杭州华三通信技术有限公司 Method for declaring enabled virtual local area network (VLAN) and equipment thereof
CN102387079B (en) * 2011-10-19 2014-04-02 华为技术有限公司 Method and network equipment for optimizing 802.1AQ protocol multicasting treatment
CN102664790B (en) * 2012-04-16 2015-03-11 福建星网锐捷网络有限公司 Multicast data message forwarding method, system and bridge equipment
CN102780607B (en) * 2012-04-19 2015-06-03 中兴通讯股份有限公司 Method and device for dynamically configuring Ethernet service channel
US9137144B2 (en) * 2012-09-28 2015-09-15 Alcatel Lucent Method and apparatus for communication path selection
CN103780630B (en) * 2014-02-18 2018-07-10 迈普通信技术股份有限公司 Virtual LAN port separation method and system
US9762403B2 (en) * 2014-11-21 2017-09-12 Avaya Inc. Shortest path bridging (SPB)—protocol-independent multicast (PIM) interactions on a backbone edge bridge (BEB) acting as a multicast boundary router interfacing with a PIM network
CN106533935B (en) 2015-09-14 2019-07-12 华为技术有限公司 A kind of method and apparatus obtaining business chain information in cloud computing system
US9860160B2 (en) * 2015-12-30 2018-01-02 Stmicroelectronics, Inc. Multipath switching using per-hop virtual local area network classification
EP3425853B1 (en) * 2016-03-02 2023-09-20 Nec Corporation Network system, terminal, sensor data collection method, and program

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6813250B1 (en) * 1997-12-23 2004-11-02 Cisco Technology, Inc. Shared spanning tree protocol
US20050259597A1 (en) * 2000-10-17 2005-11-24 Benedetto Marco D Multiple instance spanning tree protocol

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6813250B1 (en) * 1997-12-23 2004-11-02 Cisco Technology, Inc. Shared spanning tree protocol
US20050259597A1 (en) * 2000-10-17 2005-11-24 Benedetto Marco D Multiple instance spanning tree protocol

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104579980A (en) * 2013-10-18 2015-04-29 杭州华三通信技术有限公司 Multicast datagram forwarding method and equipment
CN112311737A (en) * 2019-07-31 2021-02-02 中兴通讯股份有限公司 Flow isolation method, device and equipment and storage medium

Also Published As

Publication number Publication date
CN101166137A (en) 2008-04-23
CN101166137B (en) 2011-04-06

Similar Documents

Publication Publication Date Title
WO2008046359A1 (en) Method and apparatus for isolating the different virtual local area network services
US8098656B2 (en) Method and apparatus for implementing L2 VPNs on an IP network
EP3211839B1 (en) Split-horizon packet forwarding in a mh-pbb-evpn network
US9225640B2 (en) Intra-domain and inter-domain bridging over MPLS using MAC distribution via border gateway protocol
US9001829B2 (en) Techniques for routing data between network areas
US8917731B2 (en) Multi-protocol support over Ethernet packet-switched networks
Andersson et al. Provider provisioned virtual private network (VPN) terminology
US9100351B2 (en) Method and system for forwarding data in layer-2 network
US9203644B2 (en) Enabling an Ethernet ring network to scalably support a hub-and-spoke connectivity model
US8027347B2 (en) Border gateway protocol extended community attribute for layer-2 and layer-3 virtual private networks using 802.1ah-based tunnels
US7929554B2 (en) Optimized forwarding for provider backbone bridges with both I and B components (IB-PBB)
US8085811B2 (en) Method and apparatus for transporting ethernet services
US20080159309A1 (en) System and method of mapping between local and global service instance identifiers in provider networks
US20050138149A1 (en) Method and system for increasing available user VLAN space
US20080080535A1 (en) Method and system for transmitting packet
CN103326918B (en) A kind of message forwarding method and equipment
US7839800B2 (en) Multiple I-service registration protocol (MIRP)
WO2008019614A1 (en) Method and system for forwarding data between a plurality of provider ethernet networks
US20220210064A1 (en) Address registration
Andersson et al. RFC 4026: Provider Provisioned Virtual Private Network (VPN) Terminology
Gashinsky TRILL working group L. Dunbar Internet Draft D. Eastlake Intended status: Standard Track Huawei Expires: Sept 2012 Radia Perlman Intel

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07817121

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07817121

Country of ref document: EP

Kind code of ref document: A1