CN100397844C - Method for sending virtual LAN data - Google Patents
Method for sending virtual LAN data Download PDFInfo
- Publication number
- CN100397844C CN100397844C CNB2005100066033A CN200510006603A CN100397844C CN 100397844 C CN100397844 C CN 100397844C CN B2005100066033 A CNB2005100066033 A CN B2005100066033A CN 200510006603 A CN200510006603 A CN 200510006603A CN 100397844 C CN100397844 C CN 100397844C
- Authority
- CN
- China
- Prior art keywords
- vlan
- network exchanging
- data
- chip
- exchanging chip
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
The present invention relates to a method for utilizing a flow classification technique to isolate transparent transmission local area network data. The present invention comprises the steps that a data passage is established for messages by using ACL rules in a network exchange chip; after the messages are received, the network exchange chip extracts a VLAN ID from the messages and compares the VLAN ID with the ACL rules; if the VLAN ID is the same with the ACL rules, the messages are forwarded to a forwarding port to which ACL rule data correspond, if not, the VLAN ID is compared with the next ACL rule data; if the VLAN ID is not the same with all the ACL rule data, the messages are discarded. The present invention makes network devices identify all the or partial VLANs by adding the number of the network exchange chips; for a single chip system, the single chip system which adopts the present invention can isolate and transmit transparently all the or partial data in the VLANs; besides, the present invention makes an ascending device of the network exchange chips achieve access and identification of a plurality of users.
Description
Technical field
The present invention relates to a kind of with Institute of Electrical and Electronics Engineers (Institute of Electrical andElectronics Engineers, be called for short: IEEE) 802.1Q (Virtual Bridged Local AreaNetworks, Virtual Bridged Local Area Network) message in network exchanging chip with Access Control List (ACL) (AccessControl List, be called for short: ACL) rule is mated, with realization support 4096 or with last VLAN (Virtual Local Area Network, abbreviation VLAN) method of data penetration transmission belongs to the vlan network technical field.
Background technology
VLAN (Virtual Local Area Network, be called for short VLAN) is used for that (Local Area Network, be called for short: the physics network segment LAN) is divided into a plurality of virtual LAN network segments with local area network (LAN).VLAN makes the division of working group no longer be confined to physical location, can divide according to function, application or agreement, has improved the flexibility and the convenience of networking.
The IEEE 802.1Q (Virtual Bridged Local Area Networks) of IEEE issue has stipulated the implementation of VLAN in the Ethernet.According to the regulation of 802.1Q, after the source MAC of the Ether frame of standard, increase the 802.1Q label of one 4 byte.802.1Q label comprise 2 bytes tag protocol identifier (Tag Protocol Identifier, be called for short: TPID) and the tag control information of 2 bytes (Tag Control Information is called for short: TCI).TPID is the new type of IEEE definition, and its value is hexadecimal 8100, is used to identify the message that this Ether frame is the 802.1Q label.
Referring to Fig. 1, it has represented the 802.1Q frame format of standard, wherein:
Destintion Address is a target MAC (Media Access Control) address, has 4 bytes (Bytes),
Source Address is a source MAC, has 4Bytes,
802.1Q Tag is the 802.1Q label field, has 4Bytes,
Length/type is data length or type of message, has 2Bytes,
DATA is the data field of Ethernet bearing,
FCS be verification and.
Referring to Fig. 2, it is the detailed content of 802.1Q label.Wherein, VLAN ID (VirtualLocal Area Network Identifier is called for short: VID or VLAN ID) is one 12 a domain information, is used to identify different VLAN, and its value is 0~4095, is used to distinguish 4096 VLAN.Each data message of supporting the equipment of 802.1Q agreement to send out all can comprise this territory, to indicate own affiliated VLAN.
Usually, the 802.1Q label in the network equipment by the network processing unit of hardware level (for example: Ethernet switching chip) add when sending message.In order to distinguish the main frame (or equipment) that is positioned at different VLAN, can set up with information such as VLAN ID and MAC Address in the memory is transmitting of index field.In actual applications, not all equipment can both be set up and comprise transmitting of all 4096 VLAN.During 4096 of the VLAN ID less thaies that can discern when certain equipment in the local area network (LAN), just can't guarantee with network in the collaborative data communication of finishing in all VLAN of miscellaneous equipment.
The technology that most of network equipment supports are classified and duplicated or abandon business data flow according to ACL, in each type operating system (as UNIX, Windows NT/XP/2000, Linux etc.), in the various kinds of equipment (as router, Ethernet switch, DSLAM etc.), in each quasi-protocol (as IPX, TCP/IP etc.), corresponding implementation is arranged all.For example: the BCM5615 of BroadCom company, can filtering rule be set based on 64 byte arbitrarily-shaped domains of 80 bytes range before the Ether frame masks by 80 joints, thereby implementation rule is classified flexibly and is duplicated or abandon.If VLAN ID territory is provided with mask, then can realize data forwarding or filtration based on VLAN ID.
Summary of the invention
The method that the purpose of this invention is to provide a kind of sending virtual LAN data, make the distributed network equipment or the single-chip network equipment that adopt VLAN recognition capability finite element network exchange chip, utilize flow classification techniques to isolate, can discern with transparent transmission all or part VLAN in data.
The object of the present invention is achieved like this:
Adopting acl rule on network exchanging chip is that the 802.1Q message of standard is set up data channel, a plurality of VLAN is divided by group, and each group of being divided distributed to respectively respectively transmit port; When network exchanging chip received described message, network exchanging chip was extracted VLANID from this message, and the acl rule data of VLAN ID and setting are compared; If equate, then this message is sent to the forwarding port corresponding with described acl rule data, otherwise, this VLAN ID and next acl rule data are compared; If described VLAN ID and all acl rule data are all unequal, then abandon this message.
The present invention can't discern in network exchanging chip under the situation of all VLAN, by increasing the quantity of network exchanging chip, can make network equipment identification all or part VLAN; For system-on-a-chip,, make described system-on-a-chip can isolate the data in the transparent transmission all or part VLAN owing to adopted the solution that described VLAN grouping is transparent to the cascade port; Simultaneously, the invention enables the upstream plant that is connected to network exchanging chip can realize a plurality of users are inserted and sign.
Description of drawings
Fig. 1 is the form schematic diagram that has 802.1Q label Ether frame;
Fig. 2 is a 802.1Q label detailed content schematic diagram;
Fig. 3 is the schematic diagram of one embodiment of the invention;
Fig. 4 is the schematic diagram of another embodiment of the present invention.
Embodiment
The present invention is described in further detail below in conjunction with accompanying drawing and specific embodiment:
In distributed network equipment, generally exist a network exchanging chip and a plurality of business chip, general maximum 4096 VLAN that have of network exchanging chip; All chips can belong to a hardware environment (as all on a veneer) physically, also can belong to a plurality of hardware environment (as every chip block on different veneers) respectively.In both cases, each chip all needs to be operated in master-slave mode, and wherein, network exchanging chip is a master chip, and other are from chip, finish exchanges data by communication interface between each chip.
Referring to Fig. 3, when each chip can only be supported M VLAN, then M * N was greater than 4096 o'clock, and the total VLAN capacity that possesses the above chip system of N piece has just surpassed 4096.
With 4096 VLAN (for example: 2,4,8,16,32,64,128 with the unit number, ...) be divided into some groups for organizing, distribute to every business chip, then the user access port that each business chip provided just can belong to any one or a plurality of VLAN in the VLAN group of distributing to this network exchanging chip.
For above-mentioned distribution, can be by the user as the case may be by corresponding corresponding network exchanging chip of the corresponding group of man-machine interface (as order line) configuration or business chip.Network exchanging chip or business chip can only corresponding one group of VLAN, also can corresponding many group VLAN, and this depends on based on specific design of the present invention.For example: can dispose VLAN 64~127 corresponding to chip CHIP1, also can dispose VLAN64~127,128~191 all corresponding to chip 1.The unit number is 2 Nth power, and N is the arbitrary integer between the 1-11, can get 32,64 etc.Finally depend on based on specific design of the present invention.
According to flow classification techniques mentioned in the background technology, mask matches is carried out in 12 VLANID territories of standard 802.1Q frame, between network exchanging chip up going port and each business chip, set up the acl rule of traffic classification, for different VLAN is set up upright data channel.
Referring to Fig. 3, the VLAN ID of the mask matches between network exchanging chip CHIP1 up going port and the business chip CHIP2 is 256~319, then the message from VLAN256~319 of network exchanging chip CHIP1 up going port can be copied to business chip CHIP2 immediately, can be copied to the up going port of network exchanging chip CHIP1 immediately from the message of VLAN256~319 of business chip CHIP2, the message in other VLAN then can not pass through from this data channel yet.
The concrete grammar that utilizes ACL to carry out traffic classification among the present invention is: generally can utilize network exchanging chip or functional definition acl rule that business chip provided in the network equipment, come abandoning or duplicating and control some data message.For example: can be that VLAN ID formulates acl rule at low 2 bytes of the 802.1Q label field in the standard Ether frame (totally 4 bytes), mate, abandon this message with decision and still copy to other port according to the value of each data bit (bit).Referring to Fig. 3, more more specifically say: 2 bytes of establishing VLAN ID are 16bit from low to high, if with the 7th be 1, the 8th and above everybody be 0 message and copy to port one, then 0~6 value of the VLAN id field of those messages that may be replicated may be 000000~111111, the probable value of corresponding VLAN ID is 64~127, by matching ratio, just can reach VLAN ID is the purpose that 64~127 message copies to port Port1.
The data channel of utilizing flow classification rule to set up for certain port can be not unique, can set up a plurality of data channel corresponding to a up going port, uploads so the data of a plurality of business chips can converge by a up going port.Referring to Fig. 3, up going port 1 wherein can converge the message from a plurality of business chips.
Message from business chip is the 802.1Q frame of standard, so it seems from upstream plant, this equipment is supported the 802.1Q standard, and under the situation of having set up abundant stream rule, can support all 4096 VLAN.
Flow classification rule can be set up between any two ports of network exchanging chip, so the number of the up going port of network exchanging chip is not unique, can have a plurality of up going ports, and each up going port can independently be set up the passage of all 4096 vlan datas of transparent transmission.Referring to Fig. 3, there are two up going ports in network exchanging chip CHIP1, can link to each other with upstream plant, transmits the data of different VLAN.
It should be noted that: the bus by can transmitting Ethernet data between the up going port of network exchanging chip and each business chip or network interface etc. are set up data channel.In distributed network equipment, network exchanging chip does not need to distribute the VLAN group, and VLAN only distributes to business chip.
Under the situation that needs cascade effect to use, it is regular to set up corresponding stream between the up going port of the port that connects cascade device and network exchanging chip, just can be between cascade device and upstream plant the transparent transmission vlan data.Referring to Fig. 1, the message of cascade device is also uploaded by the up going port that data channel converges to network exchanging chip.
Aforesaid flow classification rule can be by man-machine interface and software processes dynamic-configuration, and which VLAN that each port belongs to place chip VLAN group also can dynamic-configuration, both combinations, then all of the port can be configured in any one VLAN in 4096 VLAN.If want to make the port Port1 of business chip CHIP2 to belong to VLAN4000, then at first for setting up, business chip CHIP2 comprises the data channel of 4000 VLAN group by the configuration flow classifying rules, and again corresponding ports Port1 is added VLAN4000 and get final product.
Under distributed environment, under the situation that need insert more than 4096 users, can set up a plurality of up going ports, and business chip divided into groups, these divide into groups to set up data channel between different with the network exchanging chip respectively up going ports, the data of 4096 VLAN of each network exchanging chip up going port independent transmission, and upstream plant (as BAS) is when the identification user, add corresponding access interface information, then can realize access and sign more than 4096 users.
Referring to Fig. 4, utilize flow classification techniques can realize isolating transparent transmission all 4096 or part of V LAN in data.Its method is substantially the same with the above embodiments 1, and different is: for single-chip device, the transparent transmission of its data carries out between upstream plant and cascade device, therefore, adopts equipment of the present invention can discern all 4096 VLAN.
In the present embodiment, main equipment and each cascade device have only a core exchange chip, the capacity of multipotency identification VLAN is less than 4096 (being assumed to be 256), utilize flow classification techniques, the suitable acl rule of definition on main equipment, just can provide passage, respectively 256 VLAN of transparent transmission for upstream plant and every cascade device.Because the VLAN difference of the data of each passage institute transparent transmission, for upstream plant and cascade device, this main equipment support 1~256,257~512,513~768 and even more VLAN.
It should be noted that at last: above embodiment only in order to the explanation the present invention and and unrestricted technical scheme described in the invention; Therefore, although this specification has been described in detail the present invention with reference to each above-mentioned embodiment,, those of ordinary skill in the art should be appreciated that still and can make amendment or be equal to replacement the present invention; And all do not break away from the technical scheme and the improvement thereof of the spirit and scope of the present invention, and it all should be encompassed in the middle of the claim scope of the present invention.
Claims (4)
1. the method for a sending virtual LAN data, it is characterized in that: adopting acl rule on network exchanging chip is that the 802.1Q message of standard is set up data channel, a plurality of VLAN in the described network exchanging chip are divided by group, and each group of being divided distributed to respectively respectively transmit port; When network exchanging chip receives described message, handle according to following steps:
Network exchanging chip is extracted VLAN ID from this message; The acl rule data of VLAN ID and setting are compared; If equate, then this message is sent to the forwarding port corresponding with described acl rule data, otherwise, this VLAN ID and next acl rule data are compared; If described VLAN ID and all acl rule data are all unequal, then abandon this message.
2. the method for sending virtual LAN data according to claim 1, it is characterized in that: described forwarding port is during as the access interface that communicates between operation exchange chip and network exchanging chip, described operation exchange chip is pressed VLAN and is divided grouping, each divides into groups to set up data channel between the up going port corresponding with network exchanging chip, and the data of all VLAN of the described network exchanging chip support of each up going port independent transmission of network exchanging chip; The upstream plant that connects with the network exchanging chip up going port is when the different VLAN user of identification, in this VLAN user's message, add described access interface information, in order to realize access and sign to VLAN user, wherein, the VLAN number of users is more than the VLAN quantity of described network exchanging chip support.
3. the method for sending virtual LAN data according to claim 1, it is characterized in that: during cascade port that described forwarding port communicates as network exchanging chip and cascade device, described cascade device is pressed VLAN and is divided grouping, each divides into groups to set up data channel between the up going port corresponding with network exchanging chip, and the data of all VLAN of the described network exchanging chip support of each up going port independent transmission of network exchanging chip; The upstream plant that connects with the network exchanging chip up going port is when the different VLAN user of identification, in this VLAN user's message, add described cascade port information, in order to realize access and sign to VLAN user, wherein, the VLAN number of users is more than the VLAN quantity of described network exchanging chip support.
4. the method for sending virtual LAN data according to claim 1, it is characterized in that: a plurality of VLAN in the network exchanging chip are divided by group be meant that all VLAN with the network exchanging chip support are divided into more than one group, the VLAN number in each group is 2N; Wherein, 1≤N≤11.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2005100066033A CN100397844C (en) | 2005-01-04 | 2005-01-04 | Method for sending virtual LAN data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2005100066033A CN100397844C (en) | 2005-01-04 | 2005-01-04 | Method for sending virtual LAN data |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1801771A CN1801771A (en) | 2006-07-12 |
| CN100397844C true CN100397844C (en) | 2008-06-25 |
Family
ID=36811540
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2005100066033A Expired - Fee Related CN100397844C (en) | 2005-01-04 | 2005-01-04 | Method for sending virtual LAN data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100397844C (en) |
Families Citing this family (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101022343B (en) * | 2007-03-19 | 2010-09-08 | 杭州华三通信技术有限公司 | Network invading detecting/resisting system and method |
| CN101272350B (en) * | 2008-05-06 | 2011-01-05 | 北京星网锐捷网络技术有限公司 | Output access control method and output access control device |
| CN101355499B (en) * | 2008-09-02 | 2011-06-22 | 中兴通讯股份有限公司 | Apparatus and method for processing access control list business |
| CN101764827B (en) * | 2010-02-02 | 2012-05-23 | 中国电子科技集团公司第三十研究所 | Method for realizing apparatus concatenation and increasing user quantity |
| US9531567B2 (en) * | 2012-07-03 | 2016-12-27 | Mitsubishi Electric Corporation | Network system |
| CN102857428B (en) * | 2012-09-18 | 2015-11-25 | 杭州华三通信技术有限公司 | A kind of message forwarding method based on Access Control List (ACL) and equipment |
| CN104158716A (en) * | 2013-05-13 | 2014-11-19 | 中兴通讯股份有限公司 | Method for processing message and cascading chip |
| CN104717138B (en) * | 2013-12-11 | 2019-07-12 | 中兴通讯股份有限公司 | A kind of method and interchanger for realizing message forwarding |
| CN103746943B (en) * | 2013-12-23 | 2017-04-19 | 汉柏科技有限公司 | Method for establishing VLAN subinterface and exchange chip using the same |
| CN104125232B (en) * | 2014-08-04 | 2018-10-12 | 上海斐讯数据通信技术有限公司 | A method of quickly issuing acl rule |
| CN111224887B (en) * | 2018-11-27 | 2023-06-27 | 天翼云科技有限公司 | Device configuration method, system and related device |
| CN114697275B (en) * | 2020-12-30 | 2023-05-12 | 深圳云天励飞技术股份有限公司 | Data processing method and device |
| CN112769650A (en) * | 2021-01-11 | 2021-05-07 | 杭州锐思客技术有限公司 | Multi-VLAN loop detection method and system |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020091795A1 (en) * | 2001-01-05 | 2002-07-11 | Michael Yip | Method and system of aggregate multiple VLANs in a metropolitan area network |
| EP1246408A1 (en) * | 2001-03-27 | 2002-10-02 | Tellabs Denmark A/S | Mapping of data frames from a local area network into a synchronous digital telecommunications system |
| CN1416239A (en) * | 2001-10-31 | 2003-05-07 | 华为技术有限公司 | Method for switching in virtual local area network of the access network with mixed optical fiber and coaxial line |
| US20030152075A1 (en) * | 2002-02-14 | 2003-08-14 | Hawthorne Austin J. | Virtual local area network identifier translation in a packet-based network |
| CN1507215A (en) * | 2002-12-11 | 2004-06-23 | 华为技术有限公司 | Two-layer message isolating method |
-
2005
- 2005-01-04 CN CNB2005100066033A patent/CN100397844C/en not_active Expired - Fee Related
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020091795A1 (en) * | 2001-01-05 | 2002-07-11 | Michael Yip | Method and system of aggregate multiple VLANs in a metropolitan area network |
| EP1246408A1 (en) * | 2001-03-27 | 2002-10-02 | Tellabs Denmark A/S | Mapping of data frames from a local area network into a synchronous digital telecommunications system |
| CN1416239A (en) * | 2001-10-31 | 2003-05-07 | 华为技术有限公司 | Method for switching in virtual local area network of the access network with mixed optical fiber and coaxial line |
| US20030152075A1 (en) * | 2002-02-14 | 2003-08-14 | Hawthorne Austin J. | Virtual local area network identifier translation in a packet-based network |
| CN1507215A (en) * | 2002-12-11 | 2004-06-23 | 华为技术有限公司 | Two-layer message isolating method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1801771A (en) | 2006-07-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100397844C (en) | Method for sending virtual LAN data | |
| US8867555B2 (en) | Method and system for transparent LAN services in a packet network | |
| EP1471684B1 (en) | Method and apparatus for determining shared broadcast domains of network switches, ports and interfaces | |
| US7756146B2 (en) | Flooding reduction method | |
| US8923297B1 (en) | Method and apparatus for managing packets in a packet switched network | |
| CN100461769C (en) | Method of processing packet of virtual LAN for network switch | |
| CN101313533A (en) | Optical network terminal, packet process method, apparatus and system thereof | |
| KR20040107379A (en) | Apparatus and method for implementing vlan bridging and a vpn in a distributed architecture router | |
| JP2003032287A (en) | Method and apparatus for connecting networks, and system using the apparatus | |
| CN100521653C (en) | Method and system for nesting group network by skeleton bridging technology | |
| WO2012009893A1 (en) | Flow based processing method and system in virtual local area network | |
| CN100563205C (en) | The implementation method of user-isolated virtual local area network (LAN) and the network equipment of application thereof | |
| CN100358322C (en) | Method of multilayer VLAN switching | |
| CN103701679A (en) | VLAN (virtual local area network) conversion implementation method | |
| CN100413260C (en) | Method for configurating slave node of virtual LAN | |
| WO2009019300A1 (en) | Vlan data framing and transmission | |
| CN100438493C (en) | Improvement of user access capacity of wide band access apparatus | |
| MXPA06001072A (en) | Method of switching packets in a transmission medium comprising multiple stations which are connected using different links. | |
| CN100391177C (en) | Method for extending virtual Local area network number in exchanging equipment | |
| Cisco | Configuring VLANs | |
| Cisco | Configuring VLANs | |
| KR20050083748A (en) | Method of implementing virtual local area networks on elelctrical network communication systems | |
| Cisco | Configuring VLANs | |
| CN100373857C (en) | Method of realizing suppressing broadcast storm in Ether net | |
| JP4146861B2 (en) | Network connection method and apparatus |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20080625 Termination date: 20100204 |