CN100414919C - Method for realizing virtual special network of over-muti-autonomous system mixed network - Google Patents

Method for realizing virtual special network of over-muti-autonomous system mixed network Download PDF

Info

Publication number
CN100414919C
CN100414919C CNB2005101153096A CN200510115309A CN100414919C CN 100414919 C CN100414919 C CN 100414919C CN B2005101153096 A CNB2005101153096 A CN B2005101153096A CN 200510115309 A CN200510115309 A CN 200510115309A CN 100414919 C CN100414919 C CN 100414919C
Authority
CN
China
Prior art keywords
website
vpn
route
address
asbr
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CNB2005101153096A
Other languages
Chinese (zh)
Other versions
CN1852213A (en
Inventor
张宏科
李德丰
郜帅
谷志慧
张思东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CNB2005101153096A priority Critical patent/CN100414919C/en
Publication of CN1852213A publication Critical patent/CN1852213A/en
Application granted granted Critical
Publication of CN100414919C publication Critical patent/CN100414919C/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention discloses a method for realizing a hybrid network VPN across multiple autonomous systems. The method comprises the steps that routing information comprising multiple network protocol editions of each device in networks is set, and a VPN first site informs a second site about VPN routes of the first site through the hybrid network VPN across multiple autonomous systems according to the routing information; a source host machine in the second site sends out VPN service flows of which the objective address is an objective host machine in the first site to the first site through the hybrid network VPN across multiple autonomous systems according to the routes. The present invention provides a method for realizing mutual communication between VPN sites by modifying and complementing the prior art when a backbone network is an IPv4/v6 hybrid network across autonomous systems. The technical scheme of the present invention is simple in realization process, and is suitable for the situation of few VPN users.

Description

A kind of implementation method of virtual special network of over-muti-autonomous system mixed network
Technical field
The present invention relates to the implementation method in Virtual Private Network field, particularly a kind of virtual special network of over-muti-autonomous system mixed network.
Background technology
Multiprotocol label switching (mpls) is the technology of the quick forwarding capability of a kind of routing function that combines procotol (IP) and ATM(Asynchronous Transfer Mode).Therefore, MPLS can realize the quick forwarding of IP packet by the IP packet being configured to the MPLS bag of tape label.Border Gateway Protocol/multiprotocol label switching (BGP/MPLS) VPN(Virtual Private Network) is a kind of three-layer VPN technology, it utilizes the VPN route of the multi-protocols extended attribute transmission tape label of BGP, and carry out professional isolation by the tag feature of MPLS and transmit, thereby provide VPN service.
BGP/MPLS VPN is according to its topological structure type, can be divided into single autonomous system BGP/MPLSVPN and stride multi self-governing system BGP/MPLS VPN, both differences are that the former provides the backbone network of BGP/MPLSVPN service to be made up of single autonomous system, and the latter is made up of a plurality of autonomous systems.In addition, whether identical according to the IP version of communicating by letter between VPN user, can be divided between the similar web site of VPN between communication and foreign peoples's web site and communicating by letter, both differences are whether the IP version of the VPN website place network that intercoms mutually is identical.
In ietf draft 4 (draft-ieft-ppvpn-rfc2547bis-04) about ppvpn standard RFC2547, whole network protocol edition 4 (IPv4) network list autonomous system and the solution of striding the similar Netcom of multi self-governing system BGP/MPLS VPN letter have been proposed, in RFC2766, proposed to utilize the NAT-PT technology to realize the scheme that main frame in pure net network protocol edition 6 (IPv6) network and the main frame in the pure IPv4 network communicate, and in draft-ieft-13vpn-bgp-ipv6-02, proposed to be used for single autonomous system BGP/MPLS vpn solution of network at IPv4 MPLS backbone network and IPv6 VPN.Above-mentioned three kinds of existing technical scheme are below described respectively.
Prior art one:
Having proposed to stride based on the IPv4 backbone network three kinds of solutions of multi self-governing system BGP/MPLSVPN in RFC2547BIS, is the example explanation with first kind of solution wherein here, and this scheme as shown in Figure 1.
As shown in Figure 1, the MPLS backbone network is made up of AS100 and two autonomous systems of AS200, provider's edge device (PE) 1 connects VPN A website 1 (site1) and VPN B website 2 (site2), and PE2 connects VPN A website 3 (site3) and VPN B website 4 (site4).And all networks are the IPv4 network among Fig. 1.
In order to realize the communication between the VPN website, at first need between the VPN website, carry out the VPN route learning, carry out the communication of business datum again according to the VPN route of learning.Wherein, last process is called the transmission of VPN control flows, and back one process is called the forwarding of Business Stream.Be published to the transmittance process of control flows in website 3 these schemes of explanation below with the route 100.0.0.0/8 of website 1, sending destination address with website 3 to website 1 is that the vpn service stream of 100.0.0.1 is the repeating process that example illustrates Business Stream in this scheme.
The transmittance process of control flows at first is described, this process may further comprise the steps:
Step 101, configuring static route, Interior Gateway Protocol (IGP) or external margin gateway protocol (EBGP) between the customer edge of website 1 (CE) 1 and the PE1, CE1 announces described VPN route 100.0.0.0/8 to PE1.
Step 102, according to the interface corresponding with VPN A website 1, PE1 writes the VPN route 100.0.0.0/8 that receives in the virtual routing forwarding (VRF) 1 of PE1, and is this route assignment label; Wherein VRF1 is the virtual routing forwarding corresponding to VPN A, and VRF2 is the virtual routing forwarding corresponding to VPN B.
Step 103, between PE1 and Autonomous System Boundary Router, AS Boundary Router (ASBR) 1, by the configuration multi-protocols-internal edge gateway protocol (MP-IBGP), PE1 with VPN route 100.0.0.0/8 together with being communicated to ASBR1 for its distributed labels.
Step 104, ASBR1 writes this VPN route among the local VRF1.
Step 105, the VRF1 among the ASBR1 and VRF2 by physics or logic be connected respectively with ASBR2 in VRF1 link to each other with VRF2, so ASBR1 can be communicated to the VPN route 100.0.0.0/8 among the VRF1 among the VRF1 of ASBR2.
Step 106, ASBR2 is that above-mentioned VPN route 100.0.0.0/8 redistributes label, and this label and this VPN route together are communicated to PE2 by MP-IBGP.
Step 107, PE2 receives this VPN route, and it is write among the local VRF1.
Step 108, according to the corresponding relation of VRF1 and VPN website, PE2 by IGP, EBGP or static routing with this VPN advertising of route to website 3.
Illustrate that then website 3 sends the process that destination address is the vpn service stream of 100.0.0.1 to website 1, this process may further comprise the steps:
Step 121, CE3 is by searching local routing table, is that the vpn service circulation of 100.0.0.1 is dealt into PE2 with destination address.
Step 122, PE2 is according to the VRF1 corresponding with website 3, and searching destination address is prefix route and the label thereof of 100.0.0.1, then this Business Stream is encapsulated as the MPLS message, is forwarded to ASBR2.
Step 123, the same with step 105, have being connected of physics or logic between the VRF1 of ASBR2 and the VRF1 of ASBR1, so ASBR2 sends to ASBR1 with the vpn service circulation of reduction.
Step 124, ASBR1 searches in local VRF1 and obtains prefix route and the label that destination address is 100.0.0.1, and this vpn service stream that will receive according to this label is encapsulated as the MPLS bag and is forwarded to PE1.
Step 125, PE1 is reduced to the IP packet with the MPLS bag that receives, and according to the label that ejects this work flow is sent to website 3.
From such scheme as can be seen, stride multi self-governing system BGP/MPLS vpn solution one among the RFC2547BIS, BGP/MPLS VPN can only be solved, the BGP/MPLS VPN that MPLS backbone network and VPN website are the IPv4/IPv6 hybrid network can not be solved based on the IPv4 network.
Prior art two:
In RFC2766, proposed to utilize network address translation-protocol conversion (NAT-PT) technology to realize the scheme that communicates between main frame in the pure IPv6 network and the main frame in the pure IPv4 network.This technical scheme as shown in Figure 2, wherein network 1 is pure IPv6 network, network 2 is pure IPv4 network; NAT-PT is network address translation-protocol converter among the figure, is used to finish IP bag, Internet Control Message Protocol (ICMP) wraps in the conversion between IPv4 and the IPv6; Domain name service-ALG (DNS-ALG) is used to realize the conversion of domain name service (DNS) request response message between IPv4 and IPv6, and detects the IP address in the upper strata message packaged in the IP bag.The IPv6 host A that short dash line among the figure two (201 to 206) is depicted as in the network 1 is initiated the domain name mapping process that the IPv4 host B in network 2 is communicated by letter, and the IPv4 host B that long dotted line (221 to 226) is depicted as in the network 2 is initiated the domain name mapping process that the IPv6 host A in network 1 is communicated by letter.
With reference to Fig. 2, IPv6 host A initiation communication process of IPv4 host B in network 2 is as follows in the network 1:
Step 201, host A sends IPv6 DNS request to NAT-PT.
Step 202, NAT-PT receives this request, by DNS-ALG this request is converted to IPv4 DNS request, and mails to the IPv4 dns server of network 2.
NAT-PT is returned in the IPv4 address that step 203, the dns server in the network 2 will be resolved back.
Step 204, NAT-PT adds the particular address prefix and returns host A before this IPv4 address.
Step 205, host A be with this IPv4 address architecture IPv6 packet, and send to NAT-PT, and this IPv6 packet is because the particular prefix of destination address is routed to NAT-PT.
Step 206, NAT-PT uses the IPv4 address of removing prefix as destination address, and changing this IPv6 packet is the IPv4 packet, and mails to host B.
Continuation is with reference to Fig. 2, and IPv4 host B initiation communication process of IPv6 host A in network 1 is as follows in the network 2:
Step 221, host B sends IPv4 DNS request to NAT-PT.
Step 222, after NAT-PT received this request, DNS-ALG was converted to the IPv6DNS request with this request, and mail to the IPv6 dns server in the network 1.
The IPv6 address that step 223, the dns server in the network 1 will be resolved back returns to NAT-PT.
Step 224, NAT-PT selects an IPv4 address and returns to host B from this locality has the IPv4 address pool of particular address prefix.
Step 225, host B be with this IPv4 address architecture IPv4 packet, and send to NAT-PT, because this IPv4 packet rs destination address has particular prefix, so this packet is routed to NAT-PT.
Step 226, NAT-PT finds the IPv6 address corresponding with this packet rs destination address, is purpose IPv6 address with this address, this IPv4 packet is converted to the IPv6 packet, and mails to host A.
From technique scheme as can be seen, two of prior aries have provided the scheme of main-machine communication in adjacent IPv4 network and the IPv6 network, and the communication between the heterogeneous network website of crossing over a plurality of autonomous systems does not propose solution.
Prior art three:
In draft-ieft-13vpn-bgp-ipv6-02, having proposed backbone network is that single autonomous system of IPv4 or IPv6 and VPN user site are the BGP/MPLS vpn solution under the IPv6 network, and this scheme as shown in Figure 3.With reference to Fig. 3, all VPN user site are the IPv6 network, and the MPLS backbone network is the IPv4 network; Wherein, VPN A website 1, VPNB website 2 insert PE1, and VPN A website 3, VPNB website 4 insert PE2.
Following with reference to the VPN route 3ffe:3240: of Fig. 3 description with website 1 :/32 are communicated to the control flows transmittance process of website 3, and website 3 sends the Business Stream transmittance process that destination address is the vpn service stream of 3ffe:3240::1 to website 1, and prior art three is described.
The transmittance process of description control stream at first:
Step 301, CE1 is by the VPN route 3ffe:3240: of method in PE1 distribution site 1 such as static routing, EBGP, IGP :/32.
Step 302, PE1 receives the VPN route of above-mentioned website, it is write among the IPv6VRF1 of VPNA correspondence, and be this route assignment label.
Step 303, PE1 gives PE2 by MP-IBGP with the IPv6 advertising of route of above-mentioned tape label.In the BGP message of announcement VPN route, reached at the information that multi-protocols can reach in the attribute is IPv6 VPN route 3ffe:3240: :/32, and next hop field is the IPv6 VPN address of the IPv4 map addresses of PE1;
Step 304, PE2 receives this route, and it is added among the IPv6 VRF1 of VPN A correspondence.Wherein, next jumps the IPv6 VPN address for the IPv4 map addresses of PE1.
Step 305, PE2 issues this route by methods such as static routing, IGP, EBGP to CE3.
Secondly, the transmittance process of Business Stream is described, as follows:
Step 321, the IPv6 packet that website 3 interior destination addresses are 3ffe:3240::1 is forwarded to CE3.
Step 322, CE3 searches local routing table, according to the prefix route that finds above-mentioned IP v6 packet is forwarded to PE2.
Step 323, the VRF1 that PE2 inquiry and VPN website 3 are corresponding, for this IPv6 packet is pressed into the secondary label, wherein label is that PE1 is the IPv6 VPN route 3ffe:3240: of website 1 at the bottom of the stack: the label of/32 route assignment, stack top label are IPv4 label switched path (LSP) label of PE2 to PE1.
Step 324, by the LSP of PE2 to PE1, PE2 is forwarded to PE1 with the MPLS bag.
Step 325, PE1 according to stack at the bottom of label MPLS bag is reduced to the IPv6 packet, and this IPv6 packet is forwarded to destination host in the website 1.
From the scheme of above-mentioned prior art three as can be seen, it is that the single autonomous system of IPv4 or IPv6, VPN website are the communication issue between the VPN website of IPv6 network that this scheme has solved backbone network, but not propose at BGP/MPLS VPN backbone network be that IPv4/v6 hybrid network and the VPN website of striding multi self-governing system is the solution of the situation of IPv4/6 hybrid network to prior art three.
Summary of the invention
In view of this, the present invention proposes the implementation method of a kind of network of over-muti-autonomous system mixed VPN, is the problem of striding the communication between the VPN website of IPv4/V6 hybrid network of multi self-governing system in order to solve at backbone network.
According to above-mentioned purpose, the present invention proposes the implementation method of a kind of network of over-muti-autonomous system mixed VPN, comprise first website and second website in this network; This method may further comprise the steps:
When described first website is similar web site with second website,
A1., the routing iinformation that comprises a plurality of network protocol versions of each equipment in the network is set, according to described routing iinformation, the name a person for a particular job VPN advertising of route of first website of VPN first stop is given first autonomous system be connected with first website, first autonomous system is given second autonomous system that is connected with second website with the VPN advertising of route of described first website, and second autonomous system is given second website with the VPN advertising of route of described first website;
B1. source host sends to second autonomous system according to described route with described vpn service stream in second website, second autonomous system sends to first autonomous system with described vpn service stream, and first autonomous system sends to destination host in first website with described vpn service stream.
When described first website and second website are foreign peoples's web site,
A2., the routing iinformation that comprises a plurality of network protocol versions of each equipment in the network is set, according to described routing iinformation, the name a person for a particular job VPN advertising of route of first website of VPN first stop is given first autonomous system be connected with first website, first autonomous system is given second autonomous system that is connected with second website with the VPN advertising of route of described first website, second autonomous system is given second website with the VPN advertising of route of described first website, second website with the described first website VPN advertising of route to the second domain name service dns server and second network address translation-protocol converter NAT-PT;
B2. the interior source host of second website obtains the second attribute address of destination host in first website by second dns server and the 2nd NAT-PT request according to described route, source host is the second attribute data bag of the described second attribute address according to the described second attribute address architecture destination address, and sends it to destination host in first website.
In such scheme, described steps A 1 comprises: A10. is in the 2nd ASBR of an ASBR of a PE who is connected with first website, the 2nd PE that is connected with second website, a PE place autonomous system, the 2nd PE place autonomous system, for each the virtual routing forwarding VRF that belongs to different VPN sets up IPv4 VRF and IPv6 VRF respectively; A11. a CE of first website gives a PE with the VPN advertising of route of described first website; A12. a PE writes self VRF with the VPN route of described first website, and with VPN advertising of route to the ASBR of described first website, and next of this VPN route jumped to having the loop-back address with the PE of this VPN route identical version IP; A1 3. ASBR writes the VPN route of described first website VRF of self, in forwarding information base (FIB), search the stack top label that obtains among the VRF should the VPN route, and by with the 2nd ASBR between the sub-interface that links to each other, with VPN advertising of route to the two ASBR of described first website, and this VPN route next jump be have with the identical IP version of this VPN route, with an ASBR in the corresponding sub-interface IP address of VRF under this VPN route; A14. the 2nd ASBR writes self VRF with the VPN route of described first website, and with VPN advertising of route to the two PE of described first website; A15. the 2nd PE writes self VRF with the VPN route of described first website, searches the stack top label that obtains among the VRF should the VPN route in FIB, and with the VPN advertising of route of described first website the 2nd CE to second website; A16. the 2nd CE writes the VPN route of described first website routing table of self; Described step B1 comprises: source host sends described vpn service stream in B11. second website; B12. after the 2nd CE receives described VPN data flow, this VPN data flow is sent to the 2nd PE that is connected with second website according to the content that is kept in advance in self routing table; B13. the 2nd PE is encapsulated as multiprotocol label switching MPLS bag according to being kept at the first interior website VPN route of self VRF in advance with described VPN data flow, sends to the 2nd ASBR of the 2nd PE place autonomous system; B14. the 2nd ASBR reduces described MPLS bag and obtains described VPN data flow, and according to the pairing sub-interface of the VRF that is kept at self in advance, described VPN data flow is sent to an ASBR of a PE place autonomous system that is connected with first website; B15. an ASBR is encapsulated as MPLS bag with described VPN data flow, and the first website VPN route according to being kept in advance in self VRF is encapsulated as the MPLS bag with described VPN data flow, and this MPLS bag is sent to a PE; B16. a PE reduces described MPLS bag and obtains described VPN data flow, and according to being kept at the CE that content in the label forwarding information table sends to described VPN data flow first website in advance; B17. a CE is transmitted to described destination host with described VPN data flow.
Preferably, in steps A 11, first website is announced the VPN route of described first website to a PE by External BGP EBGP, Interior Gateway Protocol IGP or static routing; And/or in steps A 15 Shens, the 2nd PE announces the VPN route of described first website to second website by EBGP, IGP or static routing.
In steps A 16, the 2nd CE further gives the VPN advertising of route of described first website other routing devices in second website.
In steps A 13, the EBGP of an ASBR by disposing between each sub-interface of an ASBR and the 2nd ASBR in advance is with VPN advertising of route to the two ASBR of first website.
In FIB, search described in the steps A 13 before the step that obtains among the VRF stack top label that should the VPN route, whether the IP version that further comprises the autonomous system of judging an ASBR place is identical with the IP version of this VPN route, if it is identical then directly in FIB, search the stack top label that obtains among the VRF should the VPN route, if different then next of this VPN route jumped into row handle the back and in FIB, search the stack top label that obtains among the VRF should the VPN route; In FIB, search described in the steps A 15 before the step that obtains among the VRF stack top label that should the VPN route, whether the IP version that further comprises the autonomous system of judging an ASBR place is identical with the IP version of this VPN route, if it is identical then directly in FIB, search the stack top label that obtains among the VRF should the VPN route, if different then next of this VPN route jumped into row handle the back and in FIB, search the stack top label that obtains among the VRF should the VPN route.
In technique scheme, described steps A 2 comprises: it is a DNS-ALG address in first website that A20. is provided with higher level's dns server address of first dns server in first website, and higher level's dns server address that second dns server in second website is set is the 2nd DNS-ALG address in second website; A21. the first customer edge CE of first website gives the first edge device PE of provider that is connected with first website with the VPN advertising of route of described first website; A22. a PE writes self virtual routing forwarding VRF with the VPN route of described first website, and with the first Autonomous System Boundary Router, AS Boundary Router ASBR of VPN advertising of route to the PE place autonomous system of described first website; A23. an ASBR writes the VRF of self with the VPN route of described first website, and the VPN advertising of route of described first website is arrived the 2nd ASBR of the 2nd PE place autonomous system that is connected with second website; A24. the 2nd ASBR writes self VRF with the VPN route of described first website, and with VPN advertising of route to the two PE of described first website; A25. the 2nd PE writes self VRF with the VPN route of described first website, and with the VPN advertising of route of described first website the 2nd CE to second website; A26. the 2nd CE writes self VRF with the VPN route of described first website, and with the VPN advertising of route of described first website to second dns server and the 2nd NAT-PT; Described step B2 comprises: the source host in B21. second website sends second attribute DNS request to second dns server; B22. second dns server sends to the 2nd DNS-ALG with described second attribute DNS request; B23. the 2nd DNS-ALG converts described second attribute DNS request to first attribute DNS request, and described first attribute DNS request is sent to the first interior dns server of first website; B24. first dns server is resolved the first attribute address of the destination host that described first attribute DNS request obtains, and the first attribute address of described destination host is returned to the 2nd DNS-ALG server; B25. the 2nd DNS-ALG server points to the second attribute address of the 2nd NAT-PT according to the first attribute address architecture, and the described second attribute address is returned to second dns server; B26. second dns server returns to source host with the described second attribute address; B27. source host sends the second attribute data bag that destination address is the described second attribute address, and the described second attribute data bag is routed to the 2nd NAT-PT; B28. the 2nd NAT-PT obtains the first attribute address according to the second attribute address, and the second attribute data bag is converted to the first attribute data bag, and the described first attribute data bag is sent to a CE; B29. a CE is transmitted to destination host with the described first attribute data bag.
Described first website is the IPv4 website, and described second website is the IPv6 website; Described first attribute is IPv4, and described second attribute is IPv6; In step B25, described the 2nd DNS-ALG server comprises according to the step of described IPv4 address architecture IPv6 address: the 2nd DNS-ALG server adds the particular address prefix before the IPv4 address, construct described IPv6 address; In step B28, described the 2nd NAT-PT comprises according to the step that the IPv6 address obtains the IPv4 address: the 2nd NAT-PT takes out back 32 in the described IPv6 address, obtains described IPv4 address.
Described first website is the IPv6 website, and described second website is the IPv4 website; Described first attribute is IPv6, and described second attribute is IPv4; In step B25, described the 2nd DNS-ALG server comprises according to the step of described IPv6 address architecture IPv4 address: the 2nd DNS-ALG server is chosen out the IPv4 address of an IPv4 address as described structure wantonly from this locality has the IPv4 address pool of particular address prefix; Described step B25 further comprises the step of preserving the corresponding relation between described IPv6 address and the IPv4 address; In step B28, described the 2nd NAT-PT comprises according to the step that the IPv4 address obtains the IPv6 address: the 2nd NAT-PT finds the IPv6 address corresponding with described IPv4 address according to described corresponding relation.
In steps A 21, first website is announced the VPN route of described first website to a PE by external margin gateway protocol EBGP, Interior Gateway Protocol IGP or static routing; And/or in steps A 25, the 2nd PE announces the VPN route of described first website to second website by EBGP, IGP or static routing.
In steps A 26, the 2nd CE further gives the VPN advertising of route of described first website other routing devices in second website.
In steps A 23, an ASBR is by a pre-configured ASBR and the EBGP between the 2nd ASBR, with VPN advertising of route to the two ASBR of first website.
Described DNS-ALG has identical address with NAT-PT.
As can be seen, because the present invention makes amendment to prior art and replenishes, having provided at backbone network is when striding the IPv4/v6 hybrid network of multi self-governing system from such scheme, realizes the method for VPN website intercommunication.Technical scheme implementation procedure of the present invention is fairly simple, is suitable for the less situation of VPN user.
Description of drawings
Fig. 1 is the schematic network structure of prior art one;
Fig. 2 is the schematic network structure of prior art two;
Fig. 3 is the schematic network structure of prior art three;
Fig. 4 A is the schematic diagram according to first embodiment of the invention;
Fig. 4 B is the schematic flow sheet according to second embodiment of the invention;
Fig. 5 A is the schematic diagram according to second embodiment of the invention;
Fig. 5 B and Fig. 5 C are the schematic flow sheet according to second embodiment of the invention.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, the present invention is described in more detail by the following examples.
First embodiment:
With reference to figure 4A, the MPLS backbone network is made up of IPv4 network A S100 and IPv6 network A S200; PE1 connects VPN A website 1 and VPN B website 2, and PE2 connects VPN A website 3 and VPN B website 4, and wherein VPN website 1, website 3, website 4 are the IPv4 network, and website 2 is the IPv6 network.
The configuration of primary circuit routing equipment is as follows among Fig. 4 A: PE1, PE2, ASBR1, ASBR2 are provided with the IPv4/v6 dual stack, and its IPv6 loop-back address is compatible IPv4 address of IPv6 or IPv6 mapping IPv4 address, is that example is described with the compatible IPv4 of IPv6 address below; Between PE1 and CE1, the CE2, dispose IGP, EBGP or static routing between PE2 and CE3, the CE4; Between PE1 and the ASBR1, utilize IPv4/v6 loop-back address configuration MP-IBGP between PE2 and the ASBR2, transmit the VPNIPv4/v6 route of tape label; Dispose MP-EBGP between ASBR1 and the ASBR2, by the sub-interface or the corresponding VRF of the virtual circuit of ATM connection of frame relay; Operation IGP in AS100, the AS200.
Communication mainly is divided into the transmission of control flows and the forwarding of Business Stream between the VPN website of BGP/MPLS VPN, the former refers to belong to the process of carrying out route learning between the user site of same VPN, the user site that the latter refers to belong to same VPN is carried out the process that Business Stream is transmitted according to the routing iinformation of being learnt after having learnt each other VPN route mutually.Be communicated to VPN A website 3 with the VPN route 100.0.0.0/8 in the VPN A website 1 below, and website 3 to send destination address to website 1 be that the Business Stream of 100.0.0.1 is an example, describe first embodiment in detail.
At first with reference to the step 401 of Fig. 4 B to step 410, the VPN route of website 1 100.0.0.0/8 in website 3 these websites of announcement is described, its detailed process is as follows:
Step 401, by EBGP, IGP or the static routing of disposing between PE1 and the CE1, CE1 is communicated to PE1 with VPN route 100.0.0.0/8.
Step 402, PE1 writes VPN route 100.0.0.0/8 among the IPv4 VRF1 corresponding with VPN A, and is this route assignment label 1001 according to the interface that receives the VPN route, can write following clauses and subclauses in the IPv4 of PE1 VRF1:
Destination?out?interface?next?hop?top?label?bottom?label
100.0.0.0/8?E0?direct-connect?----1001
Wherein, purpose prefix (destination) 100.0.0.0/8 represents the prefix route that can reach, outgoing interface (out interface) E0 represents that the outgoing interface of PE1 is E0, next jumping (next hop) directly is connected with CE1 for direct-connect represents PE1, and label at the bottom of the stack (bottom label) 1001 expression PE1 are the label of this VPN route assignment.
Step 403, PE1 by and ASBR1 between the MP-IBGP session, be 1001 VPN A route 100.0.0.0/8 to ASBR1 announcement institute distributing labels.
In the MPLS of PE1 label forwarding information table, write following clauses and subclauses:
in?interface?out?interface?in?label?out?label
E1?E0?1001----
Wherein, incoming interface (in interface) E1 represents that the incoming interface of PE1 is E1, and outgoing interface (outinterface) E0 represents that the outgoing interface of PE1 is E0, goes into the label of label (bottom label) 1001 expression PE1 for this VPN route assignment.
Step 404, ASBR1 writes this VPN route among the local VRF1 according to route target community, therefore writes following clauses and subclauses in the IPv4 of ASBR1 VRF1:
Destination?out?interface?next?hop?top?label?bottom?label
100.0.0.0/8?E0?10.0.0.1?20?1001
Wherein purpose prefix 100.0.0.0/8 represents the prefix route that can reach; E0 represents the interface E0 of ASBR1; 10.0.0.1 be the IPv4 loop-back address of PE1, the next hop address of expression 100.0.0.0/8 VPN route; Stack top label 20 expression ASBR1 are to the IPv4 LSP label of PE1, and this label can obtain by the LSP label that finds this VPN route next jump 10.0.0.1 in the forwarding information base (FIB) of ASBR1; Label 1001 expression PE1 are the label of this VPN route assignment at the bottom of the stack.
Step 405, link to each other by physical or logical interface between the VRF1 of ASBR1 and the VRF1 of ASBR2, by the EBGP that between ASBR1 and ASBR2, disposes, ASBR1 is communicated to ASBR2 with the VPN route 100.0.0.0/8 among the VRF1, this VPN route is not carried any label, and next jumps the IPv4 address for the pairing sub-interface of VRF1 in the ASBR1.
Step 406, ASBR2 is according to sub-interface information that links to each other with ASBR1 and the IP version that receives the VPN route, this VPN route is write among the local IPv4 VRF1, and redistributes label 2002, in the IPv4 of ASBR2 VRF1, write following clauses and subclauses for this VPN route:
Destination?out?interface?next?hop?top?label?bottom?label
100.0.0.0/8?if-1 20.0.0.1?--- 2002
Wherein, purpose prefix (destination) 100.0.0.0/8 represents the prefix route that can reach, outgoing interface (out interface) if-1 represents that the outgoing interface of PE1 is if-1, next jumping (next hop) is 20.0.0.1, and label at the bottom of the stack (bottom label) 2002 expression ASBR1 are the label of this VPN route assignment.
Step 407, ASBR2 by and PE2 between the MP-IBGP session be 2002 VPN route 100.0.0.0 to PE2 announcement label, wherein next hop address is the IPv4 loop-back address of ASBR2.Because AS200 is the IPv6 network, so the announcement of this IPv4 VPN route is to be based upon TCP/IPv6 to connect on the basis.
In the label forwarding information table of ASBR2, write following clauses and subclauses:
in?interface?out?interface?in?label?out?label
E0 if-1 2002 ----
Wherein, incoming interface (in interface) E0 represents that the incoming interface of PE1 is E1, and outgoing interface (outinterface) if-1 represents that the outgoing interface of ASBR is if-1, goes into the label of label (bottom label) 2002 expression ASBR1 for this VPN route assignment.
Step 408, PE2 receives this VPN route, according to route target community this VPN route is write among the local IPv4 VRF1, when jumping the recursive lookup stack top label corresponding according to next of this VPN route with this VPN route, because this next hop address is the IPv4 loop-back address of ASBR2, therefore add prefix before next is jumped at this::, searching PE2 arrives:: the LSP label of 30.0.0.1, stack top label as VPN route 100.0.0.0/8, suppose that this label is 40, then write following clauses and subclauses among the IPv4 VRF1 of PE2:
Destination?out?interface?next?hop?top?label?bottom?label
100.0.0.0/8?E1?30.0.0.1?40?2002
Step 409, PE2 by and CE3 between EBGP, IGP or the static routing of disposing, announce above-mentioned VPN route 100.0.0.0/8 to CE3, wherein next jumps the IPv4 address for the E0 interface of PE2.
Step 410, CE3 receives this VPN route, writes local routing table, and other routing devices are announced this VPN route in website 3.
By above step, the VPN advertising of route of the 100.0.0.0/8 in the VPN website 1 is to VPN website 3, and all routing devices in the website 3 have been learnt this VPN route.Therefore, according to this routing iinformation, website 3 can send the vpn service stream that the destination address prefix is 100.0.0.0/8 to website 1.
To step 427, website 3 sends the vpn service stream that destination address is 100.0.0.1 to website 1 with reference to step 421 among Fig. 4 B, and its detailed process is as follows:
Step 421, the destination address that source host sends in the website 3 are the vpn service stream of 100.0.0.1, at first are forwarded to CE3 in website 3.
Step 422, CE3 searches local routing table, and finding the next hop address of this vpn service stream destination address prefix route is the E0 interface IPv4 address of PE2, so this Business Stream is forwarded to PE2.
Step 423, the interface that PE2 sends according to work flow are searched and the corresponding VRF1 of VPN A website, and searching the stack top label that obtains prefix route 100.0.0.0/8 in IPv4 VRF1 is 40, and label is 2002 at the bottom of the stack, and outgoing interface is E1.Therefore, this vpn service stream is encapsulated as the MPLS bag, and label 2002 at the bottom of its stack, stack top label 40, and the LSP from interface E1 along PE2 to ASBR2 transmits toward ASBR2.
Step 424, through the forwarding of P4 and P3 router, ASBR2 receives the vpn service stream that PE2 sends, according to the label forwarding information table ejection label 2002 of ASBR2, ASBR2 reduction VPN data flow, and the vpn service stream of reduction is transmitted to ASBR1 from interface if-1.
Step 425, ASBR1 receives the vpn service stream that destination address is 100.0.0.1 from interface if-1, therefore searches the IPv4 VRF1 corresponding with the if-1 interface, and the stack top label that finds this destination address prefix route 100.0.0.0/8 is 20, label is 1001 at the bottom of the stack, and outgoing interface is E0.Therefore, this vpn service stream is encapsulated as the MPLS bag at ASBR1, is pressed into label 1001 at the bottom of the stack, stack top label 20, and the LSP from interface E0 along ASBR1 to PE1 mails to PE1.
Step 426, forwarding through P2 and P1 router, it is 1001 vpn service stream that PE1 receives label from interface E0, by searching local label forwarding information table, PE1 ejects label 1001, PE1 reduces above-mentioned MPLS bag and obtains vpn service stream, and the vpn service stream that is reduced is transmitted to CE1 from interface E1.
Step 427, CE1 receives the vpn service stream that destination address is 100.0.0.1, and this work flow is sent to destination host in this website.
By above step, can realize the forwarding of VPN website 3 to website 1VPN Business Stream.Other belong to transmit Business Stream between the user site of same VPN process similarly, the VPN the route each other as long as user site in the same VPN has been learnt from each other, the information that writes VRF and label forwarding information table when then the forwarding of vpn service stream will be according to announcement VPN route encapsulates and transmits.
Second embodiment:
In first embodiment, two websites that communicate are homogeneous network websites, in a second embodiment, are that example illustrates enforcement of the present invention with the communication between the heterogeneous network website.
The NAT-PT technology has been adopted in intercommunication between VPN foreign peoples's web site in a second embodiment, and the Business Stream between the VPN website is carried out network address translation-protocol conversion, is converted into the vpn service stream of the identical IP version of website of communication with it, communicates again.
Shown in Fig. 5 A, the MPLS backbone network is made up of IPv4 network A S100 and IPv6 network A S200; VPN A website 1 and VPN B website 2 insert PE1, and VPN A website 4 and VPN B website 3 insert PE2; Wherein website 2, website 3, website 4 are the IPv4 network, and website 1 is the IPv6 network.Below will be elaborated to this programme.Dotted portion among Fig. 5 A is represented the resolving of the IPv6 host A initiation DNS request in the website 1, hereinafter will be elaborated.
The configuration of primary circuit routing equipment is as follows in Fig. 5 A: dns server, NAT-PT (DNS-ALG), CE1, CE4 all adopt the IPv4/v6 dual stack in PE1, PE2, ASBR1, ASBR2 and website 1, the website 2; The IPv6 loop-back address of PE1, PE2, ASBR1, ASBR2 is the compatible IPv4 of IPv6 address, also can be set to the IPv6 address of IPv4 mapping, is that example is described with the compatible IPv4 of IPv address below; In the configuration site 1 the IPv6 dns server and and website 4 in higher level's dns server address of IPv4 dns server be respectively DNS-ALG address in website 1 and the website 4; Dispose IGP, EBGP or static routing between PE1 and CE1, PE2 and the CE4; Between PE1 and the ASBR1, utilize IPv4/v6 loop-back address configuration MP-IBGP between PE2 and the ASBR2, be used to transmit the VPN route of tape label; Utilize IPv4 loop-back address configuration MP-EBGP to transmit the VPN route between ASBR1 and the ASBR2.
Dns server among Fig. 5 A in website 1 and the website 4 is respectively IPv6 dns server and IPv4DNS server, and being used for provides analysis service to the domain name in website 1, the website 4; DNS-ALG is domain name service-ALG, is used for the DSN that receives request and replys and handle, and the IP address in the upper-layer protocol message is scanned; NAT-PT carries out the conversion between IPv4/v6, the ICMPv4/v6, and an IPv4 address pool with particular address prefix is arranged in the NAT-PT of IPv4 website 4, and this prefix route is pointed to NAT-PT self.In the present embodiment NAT-PT and DNS-ALG are combined into same equipment.Initiate communication with the IPv4 host B of the IPv6 host A in the website 1 to website 4 in respectively below, and the IPv6 host As of the IPv4 host B in the website 4 to website 1 in to initiate to communicate by letter be example, this programme is elaborated.
In order to realize the intercommunication between VPN foreign peoples's web site, at first must learn the VPN routing iinformation of the other side's website each other.The process of VPN route learning is identical in the similar Netcom with first embodiment of the study of this VPN route letter.That is, at first give outlet PE, write the VRF of outlet PE the VPN advertising of route; Be routed to ASBR in this autonomous system by the VPN of outlet PE announcement tape label; Again the VPN advertising of route is arrived in abutting connection with ASBR by the EBGP between ASBR, and write in the VRF of ASBR; Again the VPN advertising of route of tape label is arrived entry PE in abutting connection with ASBR, write the VRF of entry PE; Be communicated to the corresponding VPN website of local terminal by entry PE again.
Through the VPN route learning, CE1, NAT-PT in the website 1, and dns server may learn IPv4 VPN route and website 4 interior other all the IPv4 VPN routing iinformations of CE4, dns server, NAT-PT in the website 4.CE4, NAT-PT in the same website 4, and dns server may learn other all IPv6 VPN routing iinformations in the IPv6 VPN route of CE1, dns server, NAT-PT in the website 1 and the website 1.
With reference to Fig. 5 B, the IPv4 host B in website 4 of the IPv6 host A in the website 1 is initiated communication, and its detailed process is as follows:
Step 501, the host A IPv6 dns server in website 1 sends IPv6 DNS request.
Step 502, owing to do not have this domain name in the IPv6 dns server in the website 1, so the IPv6DNS server mails to the upper level dns server with this request.Owing in dns server, disposed the address that higher level's dns server address is DNS-ALG, so this DNS request is forwarded to the DNS-ALG in the website 1.
Step 503, the DNS-ALG in the website 1 receives this DNS request, conversion IPv6 DNS request is IPv4 DNS request, and the request of the IPv4 DNS after will changing is transmitted to the IPv4DNS server in the website 4.Because the DNS-ALG in the website 1 is IPv4/v6 pair of stacks, learnt the IPv4 VPN route of dns servers in the website 4, so this IPv4 DNS request can be forwarded to the dns server of website 4.
The IPv4 dns servers are resolved this DNS request in the step 504, website 4, and the IPv4 address of the host B of resolving is back replied as DNS, according to the VPN routing iinformation of the website 1 interior DNS-ALG that has learnt, return to the DNS-ALG of website 1.
Step 505, the DNS-ALG in the website 1 adds the particular address prefix before the IPv4 address of the host B that described parsing is returned, be configured to the IPv6 address, returns to the dns server in the website 1.
Step 506, dns server returns to host A with this IPv6 address.
Step 507, host A is a destination address structure IPv6 packet with this IPv6 address.Because this destination address has particular prefix, and this prefix route sensing NAT-PT, so this IPv6 packet is routed to the NAT-PT in the website 1.
Step 508, NAT-PT takes out back 32 (being the IPv4 address of host B) of destination address as destination address, the IPv6 packet that receives is converted to the IPv4 packet,, the IPv4 packet after the conversion is forwarded to CE4 according to the VPN route of the website of learning 4.
Step 509, CE4 is forwarded to host B with the IPv4 packet that receives.
By above process, the IPv6 host A in the website 1 can be realized the communication of IPv4 host B in website 4.
Below will describe the process of the IPv6 host A initiation communication of IPv4 host B in website 1 in the website 4 in detail, because the IPv4 address is different with the method for IPv6 address mutual mapping, thus in this process the processing mode of the NAT-PT of website 4 and DNS-ALG and the processing mode in the above-mentioned website 1 with different.
With reference to Fig. 5 C, the IPv6 host A in website 1 of the IPv4 host B in the website 4 is initiated communication, and its detailed process is as follows:
Step 521, the host B IPv4 dns server in website 4 sends IPv4 DNS request.
Step 522, because there is not this domain name in the dns server of website 4, so dns server mails to higher level's dns server with this DNS request.Because the higher level's dns server address that disposes in the dns server of website 4 is the DNS-ALG address of website 4, so this IPv4 DNS request is forwarded to DNS-ALG.
Step 523, the DNS-ALG of website 4 receives this DNS request, and this IPv4 DNS request is converted to IPv6 DNS request, and will ask to transmit the dns server in the past website 1.Because the DNS-ALG in the website 4 has learnt the route of dns server in the website 1, therefore, this request can arrive the IPv6 dns server of website 1 by the forwarding of routing devices such as PE2, ASBR2, ASBR1, PE1.
Step 524, the IPv6 dns server in the website 1 receive this IPv6 DNS request, resolve and obtain the IPv6 address of host A, and this IPv6 address is returned to the DNS-ALG of website 4;
Step 525, DNS-ALG in the website 4 receives the IPv6 address of the host A of resolving go back to, from having the IPv4 address pool of particular address prefix, of this locality chooses out an IPv4 address wantonly, this address is returned to dns server in the website 4, and in address mapping table the IPv6 address of record host A and the corresponding relation of this IPv4 address.
Step 526, the dns server of website 4 returns to host B with above-mentioned address.
Step 527, host B is constructed the IPv4 packet with the IPv4 address that receives as destination address.Because this IPv4 packet rs destination address has the particular address prefix, and this prefix route sensing NAT-PT, so this packet is routed to the NAT-PT of website 4.
Step 528, NAT-PT receives this IPv4 packet, search IPv6 address corresponding in the mapping table with this IPv4 destination address, finding this address is the IPv6 address of host A, therefore, NAT-PT is that destination address is converted to the IPv6 packet with the IPv4 packet that receives with this address, mails to host A.Because NAT-PT has learnt the VPN route of website 1, so this IPv6 packet is forwarded to the CE1 of website 1.
Step 529, CE1 receives the IPv6 packet that this destination address is the host A address, and this IPv6 packet is forwarded to destination host A.
The above only is preferred embodiment of the present invention, and is in order to restriction the present invention, within the spirit and principles in the present invention not all, any modification of being done, is equal to replacement, improvement etc., all should be included within protection scope of the present invention.

Claims (13)

1. an implementation method of striding multi self-governing system AS hybrid network virtual private network comprises first website and second website in this network; It is characterized in that this method may further comprise the steps:
When described first website is similar web site with second website,
A1., the routing iinformation that comprises a plurality of network protocol versions of each equipment in the network is set, according to described routing iinformation, the name a person for a particular job VPN advertising of route of first website of VPN first stop is given first autonomous system be connected with first website, first autonomous system is given second autonomous system that is connected with second website with the VPN advertising of route of described first website, and second autonomous system is given second website with the VPN advertising of route of described first website;
B1. source host sends to second autonomous system according to described route with described vpn service stream in second website, second autonomous system sends to first autonomous system with described vpn service stream, and first autonomous system sends to destination host in first website with described vpn service stream.
When described first website and second website are foreign peoples's web site,
A2., the routing iinformation that comprises a plurality of network protocol versions of each equipment in the network is set, according to described routing iinformation, the name a person for a particular job VPN advertising of route of first website of VPN first stop is given first autonomous system be connected with first website, first autonomous system is given second autonomous system that is connected with second website with the VPN advertising of route of described first website, second autonomous system is given second website with the VPN advertising of route of described first website, second website with the described first website VPN advertising of route to the second domain name service dns server and second network address translation-protocol converter NAT-PT;
B2. the interior source host of second website obtains the second attribute address of destination host in first website by second dns server and the 2nd NAT-PT request according to described route, source host is the second attribute data bag of the described second attribute address according to the described second attribute address architecture destination address, and sends it to destination host in first website.
2. method according to claim 1 is characterized in that,
Described steps A 1 comprises:
A10. in the 2nd ASBR of the first Autonomous System Boundary Router, AS Boundary Router ASBR of the first edge device PE of provider that is connected with first website, the 2nd PE that is connected with second website, a PE place autonomous system, the 2nd PE place autonomous system, for each the virtual routing forwarding VRF that belongs to different VPN sets up network protocol version four IPv4VRF and network protocol version six IPv6VRF respectively;
A11. the first customer edge CE of first website gives a PE with the VPN advertising of route of described first website;
A12. a PE writes self VRF with the VPN route of described first website, and with VPN advertising of route to the ASBR of described first website, and next of this VPN route jumped to having the loop-back address with the PE of this VPN route identical version IP;
A13. an ASBR writes the VPN route of described first website VRF of self, in forwarding information base FIB, search the stack top label that obtains among the VRF should the VPN route, and by with the 2nd ASBR between the sub-interface that links to each other, with VPN advertising of route to the two ASBR of described first website, and this VPN route next jump be have with the identical IP version of this VPN route, with an ASBR in the corresponding sub-interface IP address of VRF under this VPN route;
A14. the 2nd ASBR writes self VRF with the VPN route of described first website, and with VPN advertising of route to the two PE of described first website;
A15. the 2nd PE writes self VRF with the VPN route of described first website, searches the stack top label that obtains among the VRF should the VPN route in FIB, and with the VPN advertising of route of described first website the 2nd CE to second website;
A16. the 2nd CE writes the VPN route of described first website routing table of self;
Described step B1 comprises:
B11. source host sends described vpn service stream in second website;
B12. after the 2nd CE receives described VPN data flow, this VPN data flow is sent to the 2nd PE that is connected with second website according to the content that is kept in advance in self routing table;
B13. the 2nd PE is encapsulated as multiprotocol label switching MPLS bag according to being kept at the first interior website VPN route of self VRF in advance with described VPN data flow, sends to the 2nd ASBR of the 2nd PE place autonomous system;
B14. the 2nd ASBR reduces described MPLS bag and obtains described VPN data flow, and according to the pairing sub-interface of the VRF that is kept at self in advance, described VPN data flow is sent to an ASBR of a PE place autonomous system that is connected with first website;
B15. an ASBR is encapsulated as MPLS bag with described VPN data flow, and the first website VPN route according to being kept in advance in self VRF is encapsulated as the MPLS bag with described VPN data flow, and this MPLS bag is sent to a PE;
B16. a PE reduces described MPLS bag and obtains described VPN data flow, and according to being kept at the CE that content in the label forwarding information table sends to described VPN data flow first website in advance;
B17. a CE is transmitted to described destination host with described VPN data flow.
3. method according to claim 2 is characterized in that,
In steps A 11, first website is announced the VPN route of described first website to a PE by External BGP EBGP, Interior Gateway Protocol IGP or static routing; And/or
In steps A 15, the 2nd PE announces the VPN route of described first website to second website by EBGP, IGP or static routing.
4. method according to claim 2 is characterized in that, in steps A 16, the 2nd CE further gives the VPN advertising of route of described first website other routing devices in second website.
5. method according to claim 2 is characterized in that, in steps A 13, the EBGP of an ASBR by disposing between each sub-interface of an ASBR and the 2nd ASBR in advance is with VPN advertising of route to the two ASBR of first website.
6. method according to claim 2 is characterized in that,
In FIB, search described in the steps A 13 before the step that obtains among the VRF stack top label that should the VPN route, whether the IP version that further comprises the autonomous system of judging an ASBR place is identical with the IP version of this VPN route, if it is identical then directly in FIB, search the stack top label that obtains among the VRF should the VPN route, if different then next of this VPN route jumped into row handle the back and in FIB, search the stack top label that obtains among the VRF should the VPN route;
In FIB, search described in the steps A 15 before the step that obtains among the VRF stack top label that should the VPN route, whether the IP version that further comprises the autonomous system of judging an ASBR place is identical with the IP version of this VPN route, if it is identical then directly in FIB, search the stack top label that obtains among the VRF should the VPN route, if different then next of this VPN route jumped into row handle the back and in FIB, search the stack top label that obtains among the VRF should the VPN route.
7. method according to claim 1 is characterized in that,
Described steps A 2 comprises:
A20., higher level's dns server address that first dns server in first website is set is the first domain name service-ALG DNS-ALG address in first website, and higher level's dns server address that second dns server in second website is set is the 2nd DNS-ALG address in second website;
A21. the first customer edge CE of first website gives the first edge device PE of provider that is connected with first website with the VPN advertising of route of described first website;
A22. a PE writes self virtual routing forwarding VRF with the VPN route of described first website, and with the first Autonomous System Boundary Router, AS Boundary Router ASBR of VPN advertising of route to the PE place autonomous system of described first website;
A23. an ASBR writes the VRF of self with the VPN route of described first website, and the VPN advertising of route of described first website is arrived the 2nd ASBR of the 2nd PE place autonomous system that is connected with second website;
A24. the 2nd ASBR writes self VRF with the VPN route of described first website, and with VPN advertising of route to the two PE of described first website;
A25. the 2nd PE writes self VRF with the VPN route of described first website, and with the VPN advertising of route of described first website the 2nd CE to second website;
A26. the 2nd CE writes self VRF with the VPN route of described first website, and with the VPN advertising of route of described first website to second dns server and the 2nd NAT-PT;
Described step B2 comprises:
B21. the source host in second website sends second attribute DNS request to second dns server;
B22. second dns server sends to the 2nd DNS-ALG with described second attribute DNS request;
B23. the 2nd DNS-ALG converts described second attribute DNS request to first attribute DNS request, and described first attribute DNS request is sent to the first interior dns server of first website;
B24. first dns server is resolved the first attribute address of the destination host that described first attribute DNS request obtains, and the first attribute address of described destination host is returned to the 2nd DNS-ALG server;
B25. the 2nd DNS-ALG server points to the second attribute address of the 2nd NAT-PT according to the first attribute address architecture, and the described second attribute address is returned to second dns server;
B26. second dns server returns to source host with the described second attribute address;
B27. source host sends the second attribute data bag that destination address is the described second attribute address, and the described second attribute data bag is routed to the 2nd NAT-PT;
B28. the 2nd NAT-PT obtains the first attribute address according to the second attribute address, and the second attribute data bag is converted to the first attribute data bag, and the described first attribute data bag is sent to a CE;
B29. a CE is transmitted to destination host with the described first attribute data bag.
8. method according to claim 7 is characterized in that, described first website is the IPv4 website, and described second website is the IPv6 website; Described first attribute is IPv4, and described second attribute is IPv6;
In step B25, described the 2nd DNS-ALG server comprises according to the step of described IPv4 address architecture IPv6 address: the 2nd DNS-ALG server adds the particular address prefix before the IPv4 address, construct described IPv6 address;
In step B28, described the 2nd NAT-PT comprises according to the step that the IPv6 address obtains the IPv4 address: the 2nd NAT-PT takes out back 32 in the described IPv6 address, obtains described IPv4 address.
9. method according to claim 7 is characterized in that, described first website is the IPv6 website, and described second website is the IPv4 website; Described first attribute is IPv6, and described second attribute is IPv4;
In step B25, described the 2nd DNS-ALG server comprises according to the step of described IPv6 address architecture IPv4 address: the 2nd DNS-ALG server is chosen out the IPv4 address of an IPv4 address as described structure wantonly from this locality has the IPv4 address pool of particular address prefix;
Described step B25 further comprises the step of preserving the corresponding relation between described IPv6 address and the IPv4 address;
In step B28, described the 2nd NAT-PT comprises according to the step that the IPv4 address obtains the IPv6 address: the 2nd NAT-PT finds the IPv6 address corresponding with described IPv4 address according to described corresponding relation.
10. method according to claim 7 is characterized in that, in steps A 21, first website is announced the VPN route of described first website to a PE by external margin gateway protocol EBGP, Interior Gateway Protocol IGP or static routing; And/or
In steps A 25, the 2nd PE announces the VPN route of described first website to second website by EBGP, IGP or static routing.
11. method according to claim 7 is characterized in that, in steps A 26, the 2nd CE further gives the VPN advertising of route of described first website other routing devices in second website.
12. method according to claim 7 is characterized in that, in steps A 23, an ASBR is by a pre-configured ASBR and the EBGP between the 2nd ASBR, with VPN advertising of route to the two ASBR of first website.
13. method according to claim 7 is characterized in that, described DNS-ALG has identical address with NAT-PT.
CNB2005101153096A 2005-11-14 2005-11-14 Method for realizing virtual special network of over-muti-autonomous system mixed network Expired - Fee Related CN100414919C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB2005101153096A CN100414919C (en) 2005-11-14 2005-11-14 Method for realizing virtual special network of over-muti-autonomous system mixed network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB2005101153096A CN100414919C (en) 2005-11-14 2005-11-14 Method for realizing virtual special network of over-muti-autonomous system mixed network

Publications (2)

Publication Number Publication Date
CN1852213A CN1852213A (en) 2006-10-25
CN100414919C true CN100414919C (en) 2008-08-27

Family

ID=37133683

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB2005101153096A Expired - Fee Related CN100414919C (en) 2005-11-14 2005-11-14 Method for realizing virtual special network of over-muti-autonomous system mixed network

Country Status (1)

Country Link
CN (1) CN100414919C (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101567831B (en) * 2008-04-21 2011-11-16 成都市华为赛门铁克科技有限公司 Method and device for transmitting and receiving messages among local area networks and communication system
US9515916B2 (en) 2010-10-21 2016-12-06 Cisco Technology, Inc. Redirection of requests for target addresses
CN102546848B (en) * 2010-12-21 2014-12-31 中国移动通信集团公司 Device and method for generating labels in network address translation gateway
CN102932496B (en) * 2012-10-10 2017-03-29 瑞斯康达科技发展股份有限公司 A kind of method and system of management domain name system information
CN106559505A (en) * 2015-09-25 2017-04-05 中兴通讯股份有限公司 IP method for parameter configuration, network address processing method and processing device
CN114650271B (en) * 2022-03-23 2023-12-05 杭州迪普科技股份有限公司 Global load DNS neighbor site learning method and device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1414749A (en) * 2002-08-23 2003-04-30 华为技术有限公司 Three layer virtual private network and its construction method
US20040059829A1 (en) * 2002-09-24 2004-03-25 Chu Thomas P. Methods and devices for converting routing data from one protocol to another in a virtual private network
EP1482678A1 (en) * 2003-05-26 2004-12-01 AT&T Corp. System for converting IPv4 data packets into IPv6 data packets.

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1414749A (en) * 2002-08-23 2003-04-30 华为技术有限公司 Three layer virtual private network and its construction method
US20040059829A1 (en) * 2002-09-24 2004-03-25 Chu Thomas P. Methods and devices for converting routing data from one protocol to another in a virtual private network
EP1482678A1 (en) * 2003-05-26 2004-12-01 AT&T Corp. System for converting IPv4 data packets into IPv6 data packets.

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
BGP/MPLS VPN 的复杂应用. 阎永强.有线电视技术,第11期. 2004
BGP/MPLS VPN 的复杂应用. 阎永强.有线电视技术,第11期. 2004 *

Also Published As

Publication number Publication date
CN1852213A (en) 2006-10-25

Similar Documents

Publication Publication Date Title
CN100387019C (en) Method for realizing cross-mixed network multi-protocol tag exchange virtual special network
CN100411381C (en) Communication method and system between mixed network VPN stations across different autonomous systems
US10116556B2 (en) Techniques for routing and forwarding between multiple virtual routers implemented by a single device
CN100571197C (en) A kind of provider's edge device and using method thereof of combining network address conversion
US7756998B2 (en) Managing L3 VPN virtual routing tables
CN1266913C (en) Tunneling through access network
CN100433691C (en) Routing method of virtual special network
EP1811728B1 (en) Method, system and device of traffic management in a multi-protocol label switching network
CN101110745A (en) Method, device and system for engaging second layer network and third layer network
US7095740B1 (en) Method and apparatus for virtual overlay networks
CN100450065C (en) Method for providing communication between virtual special network stations
CN102739501B (en) Message forwarding method and system in two three layer virtual private networks
CN101150566B (en) Device and method for realizing network address translation protocol under isomerous network system
CN100414919C (en) Method for realizing virtual special network of over-muti-autonomous system mixed network
CN102801625A (en) Method and device for double layered mutual communication in heterogeneous network
CN100484080C (en) Routing access method, system and operator edge equipment for virtual private network
CN102546433A (en) Data forwarding method based on MPLS (Multi Protocol Label Switching) VPN (Virtual Private Network) and PEs (Provider Edges)
CN100428739C (en) Implementing method and system for support VPLS service on IP skeletal network
CN102474451B (en) Connect internal layer and outer MPLS label
CN102394804A (en) VPN system building method and VPN system
CN113726653B (en) Message processing method and device
EP3477897B1 (en) Method for routing data packets in a network topology
CN101557334B (en) MPLS VPN, VPN multiple-instance user edge device and implementation method thereof
US8248956B2 (en) Method or apparatus for distributing routing information in networks
WO2023284675A1 (en) Forwarding table lookup method and apparatus, and storage medium and electronic apparatus

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20080827

Termination date: 20171114

CF01 Termination of patent right due to non-payment of annual fee