CN100505674C - Packet forwarding method, system and verge equipment in virtual private network - Google Patents

Packet forwarding method, system and verge equipment in virtual private network Download PDF

Info

Publication number
CN100505674C
CN100505674C CNB2007101214205A CN200710121420A CN100505674C CN 100505674 C CN100505674 C CN 100505674C CN B2007101214205 A CNB2007101214205 A CN B2007101214205A CN 200710121420 A CN200710121420 A CN 200710121420A CN 100505674 C CN100505674 C CN 100505674C
Authority
CN
China
Prior art keywords
message
virtual
routing
routing iinformation
forwarding
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CNB2007101214205A
Other languages
Chinese (zh)
Other versions
CN101114973A (en
Inventor
李竑
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ruijie Networks Co Ltd
Original Assignee
Fujian Star Net Communication Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fujian Star Net Communication Co Ltd filed Critical Fujian Star Net Communication Co Ltd
Priority to CNB2007101214205A priority Critical patent/CN100505674C/en
Publication of CN101114973A publication Critical patent/CN101114973A/en
Application granted granted Critical
Publication of CN100505674C publication Critical patent/CN100505674C/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a message forwarding method, a system and an edge device in a virtual private network. The method comprises that the virtual route forwarding table of the edge device in a backbone network obtains the route information announced by other virtual route forwarding tables in the same virtual private network; wherein, the route information at least includes the interface IP address information bound by other virtual route forwarding tables, and the route information of the network segment related with other virtual route forwarding tables; the edge device carries on message forwarding according to the route information. By using the invention, the interface address bound by the virtual route forwarding table can be ensured to arrive, and the method is easy to realize.

Description

Message forwarding method, system and edge device in a kind of Virtual Private Network
Technical field
The present invention relates to Virtual Private Network (VPN:Virtual Private Network), be particularly related to the router CE that a plurality of interfaces on the edge device PE of a backbone network are bound a virtual routing forwarding VRF separately and connected a plurality of customer network edges, and these a plurality of CE belong under the situation of same VPN, message forwarding method, system and edge device in the Virtual Private Network.
Background technology
Virtual private network, the so-called virtual user of being meant no longer needs to have actual long-distance data circuit, and is to use the data circuit (by using tunneling technique) of the ready-made network of service provider.So-called dedicated network is meant that the user can formulate a network that meets own demand most for oneself, similarly is privately owned network.
The mode of realization IP VPN has a variety of, the VPN based on Level 2 Tunnel Protocol (L2TP) is for example arranged, based on the VPN of layer 3 Tunnel protocol (as IPSec).Border gateway protocol (BGP:BorderGateway Protocol)/MPLSIP VPN has appearred in the appearance along with multiprotocol label switching (MPLS:Multiprotocol Label Switch) technology.
Fig. 1 is the formation schematic diagram of L3VPN in the prior art.As shown in Figure 1, the router (P:Provider Router) in the backbone network is finished route and quick forwarding capability, supports the MPLS function, as the P1 among the figure, P2, P3.
The router of customer network edge (CE:Customer Edge Router) is as the CE1 among Fig. 1, CE2, CE3, CE4.CE belongs to user's VPN in logic, and certain interface of CE directly links to each other with service provider's router.
The edge device of backbone network (PE:Provider Edge Router), PE1 as shown in fig. 1 and PE2.PE belongs to the service provider in logic, and PE is connected with CE, and a PE can connect a plurality of different CE.PE mainly is responsible for receiving the VPN information that the CE end sends, and sends VPN information to other PE, and receives VPN information from other PE, is distributed to corresponding CE.
VPN user's website (VPN Site) is as the VPNA among the figure, VPNB.This website is an isolated IP network among the VPN, generally is communicated with by backbone network with long-range other website (or subnet) of same VPN.
Connecting by data link (AC:Attachment Circuit) between CE and the PE, is exactly that an AC connects as the circuit between PE1 among Fig. 1 and the CE1.
Virtual routing forwarding (VRF:VPN Routing and Forwarding tables).On pe router, have a plurality of VRF, these VRF are corresponding with one or more AC on the pe router, are used to receive the VPN routing iinformation of the CE end that AC connects.AC link between PE and the CE all needs related VRF.VRF is responsible for receiving the VPN route from the CE termination, perhaps to CE end announcement VPN route, and does not disturb mutually between a plurality of VRF on same PE.
AC link between PE and the CE connects the special interface of PE end, and the VRF that claims this interface and AC link correspondence is one " binding " relation.Each VRF can " bind " one or more interface, but the last specific interface of PE can only be tied to a VRF.As shown in Figure 1, two VRF are arranged on the PE1, i.e. VRF_VPNA and VRF_VPNB, related respectively 2 AC connect two VPN websites.
The VPN user's of CE end routing iinformation is delivered to PE and goes up corresponding VRF, carries this VPN routing iinformation by bgp protocol between PE, to other PE announcement.As shown in Figure 1, two VPN users are arranged on the PE1, PE1 receives routing iinformation from different VPN websites, and to PE2 announcement VPN routing iinformation, bgp protocol also will be responsible for the last different VRF of PE2 and receive each self-corresponding VPN information by bgp protocol.
Fig. 2 is the course of work schematic diagram of existing BGP/MPLS VPN.As shown in Figure 2, the two-layer label of VPN The data that in backbone network MPLS network, transmits, i.e. public network tunnel label and VPN label.Be elaborated below in conjunction with accompanying drawing 2.
In the time will arriving destination address 192.168.2.5 on the CE1, the routing table of inquiry CE1 is forwarded to message on the PE1.On PE1,, be pressed into private network tags 111, and, be pressed into public network label 1024, this message is forwarded according to next hop address 10.1.1.2 according to the routing table of VRF1.Wherein, the value of public network label 1024 is moved label distribution protocol (LDP:Label DistributeProtocol) by backbone network and is obtained, the value of public network label is determined by LDP, the effect of public network label is to allow message be forwarded to PE2 from PE1 in the MPLS backbone network, at the label value 1024 of PE1 by the distribution of LDP agreement, its meaning is: on PE1 if arrive PE2 (ip address 10.1.1.2), as long as be pressed into label 1024, afterwards the message with 1024 labels is sent from eth1, in the MPLS backbone network, just can finish message forwarding, arrive PE2.
The value of private network tags 111 is by operation bgp protocol distribution between PE1 and the PE2, and the value of private network tags is determined that by BGP its effect is the VRF that is mapped to appointment on PE according to private network tags, then decision VPN message forwarding in the VRF routing table.By the label value 111 of bgp protocol distribution, its meaning is on VRF1: if the interface of VRF1 binding is received the message of the destination address 192.168.2.5 that the CE1 end sends, need to be pressed into private network tags 111 on PE1.After the message of private network tags 111 arrives PE1, be mapped to the routing table of VRF2 according to the value of private network tags, in the routing table of VRF2, search route according to destination address 192.168.2.5 afterwards.
From last surface analysis, can know very that the effect of public network label and private network tags: PE1 is last and stamp two-layer label for message, ground floor (public network) label exchanges in backbone network inside, the VPN message is stamped this layer label, just can in the MPLS network, arrive opposite end PE, at this time just need to use the second layer (private network) label, this layer label indicated the VPN message to carry out Route Selection according to the routing table of which VRF.Like this,, just can find next jumping and outgoing interface according to vpn label, thus correct message is forwarded.
From the message that PE1 sends with two-layer label, on P, remove public network label 1024, only the message that contains private network tags is transmitted to PE2.PE2 is last according to private network tags 111, is associated with on the corresponding VRF2, seeks routing iinformation in the routing table of VRF2.At last message is transmitted to CE2.
Generally, all be the route among the VRF of local VPN website, be distributed to certain VRF on the PE of a distant place by bgp protocol.But also may exist among the same VPN 2 websites to link on mutually same the PE, and related different VRF.Will occur this moment, the situation that route is distributed mutually between the VRF on the same PE, as shown in Figure 3.
VPNA has 3 websites, and two VRF are arranged on PE1, i.e. VRF1_VPNA and VRF2_VPNA, and related CE1 and CE2 respectively, and CE1 and CE2 belong to same VPN.A VRF is arranged, i.e. VRF3_VPNA, related CE3 on the PE2.If CE2 passes to VRF2 on the PE1 to the routing iinformation of VPN website
VPNA, this VPN routing iinformation need be announced by the VRF1_VPNA on this PE, also needs the VRF3_VPNA announcement on PE2.
For message forwarding process in the better analytical technology scheme, simply introduce the method for IP route longest match principle here.Supposing has following two route table items on the router, as shown in table 1.
Table 1
Figure C200710121420D00081
If there is message will arrive destination address 172.16.2.1 on the router, only match route entry 172.16.0.0/16, so corresponding forwarding behavior is transmitted according to route table items 172.16.0.0/16.
If there is message will arrive destination address 172.16.1.1 on the router, can match route entry 172.16.1.0/24 and 172.16.0.0/16 simultaneously, because 172.16.1.1 coupling route entry 172.16.1.0/24 has 24, and 172.16.1.1 coupling route entry 172.16.0.0/16 has 16, so 172.16.1.0/24 has longer matching length than 172.16.0.0/16,, can transmit the forwarding destination address on this router according to the forwarding behavior of route table items 172.16.1.0/24 correspondence so being 172.16.1.1.
Fig. 4 is to be that example is analyzed the routing table content of VRF2 and VRF2 to VRF1, VRF3 distribution routing procedure schematic diagram with VRF2.As shown in Figure 4, the routing table of known VRF2 correspondence has following two routes, and is as shown in table 2.
Table 2
Figure C200710121420D00082
VRF2 is when VRF3 announcement route, and the routing iinformation of announcement 192.168.2.0/24 and corresponding private network tags suppose that private network tags is 100.Announce to after the PE2 by bgp protocol, receive this advertising of route by the VRF3 of PE2.VRF3 routing table on the PE2 is just like next bar route entry as a result, and is as shown in table 3.
Table 3
Figure C200710121420D00091
When if CE3 will arrive 192.168.2.1, suppose that CE3 comes ping destination address 192.168.2.1, promptly send a special packet to destination address 192.168.2.1, and requiring destination address is after the equipment of 192.168.2.1 is received this message, respond a response message to source address equipment, on PE2,, can add 100 private network tags, add the public network label again and send to PE1 according to the routing iinformation of VRF3.After receiving this message on the PE1, be associated with VRF2 according to private network tags 100.Seek route in the routing table of VRF2, can find the route table items of 192.168.2.1/32 according to the longest coupling, the result is directly responded by PE1.When if CE3 will arrive 192.168.2.2, suppose also to allow CE3 come ping destination address 192.168.2.2 that same reason behind adding private network tags 100 and the public network label, sends.Seek route according to the private network tags in the message 100 in the routing table of VRF2 on PE1, can find the route entry of 192.168.2.0/24, outgoing interface eth2 so PE1 can send this message to CE2, is responded by CE2.
And VRF2 announces the routing iinformation of 192.168.2.0/24 to the route of VRF1 announcement, and VRF1 goes up routing table just like next bar route entry like this, and is as shown in table 4.
Table 4
Figure C200710121420D00092
Like this, CE1 end causes when will arrive destination address and is 192.168.2.1, if CE1 comes ping destination address 192.168.2.1, according to the route entry on the VRF1, the message that arrives 192.168.2.1 can be transmitted to CE2 mistakenly, because the non-destination address of CE2, therefore, can not send response message, and source address equipment do not know whether message arrives destination address, thereby cause can't ping logical to source address equipment.
Summary of the invention
The object of the present invention is to provide a kind of message forwarding method, system and edge device in Virtual Private Network.When a plurality of CE that a plurality of VRF associations are arranged on a PE belonged to same VPN, the interface that VRF bound also belonged to this VPN inside, by the embodiment of the invention, had guaranteed that the interface IP address of VRF binding can reach for the CE in the same VPN.
The embodiment of the invention provides the message forwarding method in a kind of Virtual Private Network, and this method comprises:
Virtual routing forwarding in the edge device of backbone network obtains to belong to together the routing iinformation that other virtual routing forwarding of a Virtual Private Network sends and stores described routing iinformation, the routing iinformation of the interface IP address information that wherein said routing iinformation comprises described other virtual routing forwarding binding at least and the network segment related with described other virtual routing forwarding;
Described edge device carries out message according to described routing iinformation and transmits.
The embodiment of the invention also provides a kind of message forwarding system, and this system comprises the edge device of backbone network at least, and described edge device comprises interface, control unit and retransmission unit at least; Wherein,
Control unit is used for the mutual announcement of the routing iinformation between the virtual routing forwarding that belongs to a Virtual Private Network together is controlled;
Retransmission unit, be connected with control unit, be used under the control of control unit, the routing iinformation between stored at least two virtual routing forwardings that belong to a Virtual Private Network together is announced and each virtual routing forwarding is preserved the routing iinformation of other virtual routing forwarding circular mutually; And be connected with described interface, receive message, and this message is transmitted according to described routing iinformation by this interface;
Wherein, the routing iinformation of the described routing iinformation interface IP address information that comprises virtual routing forwarding binding at least and the network segment related with this virtual routing forwarding; The corresponding described virtual routing forwarding binding of described interface and this interface.
The embodiment of the invention also provides a kind of edge device of backbone network, and this edge device comprises control unit and retransmission unit at least; Wherein,
Control unit is used for the mutual announcement of the routing iinformation between the virtual routing forwarding that belongs to a Virtual Private Network together is controlled;
Retransmission unit, be connected with control unit, be used under the control of control unit, the routing iinformation between stored at least two virtual routing forwardings that belong to a Virtual Private Network together is announced and each virtual routing forwarding is preserved the routing iinformation of other virtual routing forwarding circular mutually; And be connected with described interface, receive message, and this message is transmitted according to described routing iinformation by this interface;
Wherein, the routing iinformation of the described routing iinformation interface IP address information that comprises virtual routing forwarding binding at least and the network segment related with this virtual routing forwarding; The corresponding described virtual routing forwarding binding of described interface and this interface.
The beneficial effect of the embodiment of the invention is, when a plurality of interfaces on the edge of table equipment of backbone network are bound a virtual routing forwarding VRF separately, and when the router CE at the user network edge that this interface connects belongs to same VPN, virtual routing forwarding VRF announces the IP address of the interface of its binding to other virtual routing forwarding VRF as a routing iinformation, thereby guaranteed that the interface IP address that virtual routing forwarding is bound all can reach, and this method realizes simple.
Description of drawings
Accompanying drawing described herein is used to provide further understanding of the present invention, constitutes the application's a part, does not constitute limitation of the invention.In the accompanying drawings:
Fig. 1 is the formation schematic diagram of L3VPN in the prior art;
Fig. 2 is the course of work schematic diagram of existing BGP/MPLS VPN;
Fig. 3 is a route distribution schematic diagram between the VRF of 2 websites among the same VPN when being connected to identical PE;
Fig. 4 is to be that example is analyzed the routing table content of VRF2 and VRF2 to VRF1, VRF3 distribution routing procedure schematic diagram with VRF2;
Fig. 5 is that the message of the embodiment of the invention is transmitted schematic diagram;
Fig. 6 is the formation schematic diagram of edge device PE of the backbone network of the embodiment of the invention.
Embodiment
For the purpose, technical scheme and the advantage that make the embodiment of the invention is clearer,, the embodiment of the invention is described in further details below in conjunction with embodiment and accompanying drawing.At this, illustrative examples of the present invention and explanation thereof are used to explain the present invention, but not as a limitation of the invention.
Embodiment one
The embodiment of the invention provides a kind of message forwarding system, and as shown in Figure 5, this system comprises the edge device PE of backbone network at least, and this edge device PE comprises interface (not shown), control unit 602 and retransmission unit 601 at least; Wherein,
Control unit 602 is used for the mutual announcement of the routing iinformation between the virtual routing forwarding that belongs to a Virtual Private Network together is controlled;
Retransmission unit 601 is connected with control unit 602, is used under the control of control unit 602, and the routing iinformation between stored at least two virtual routing forwardings that belong to a Virtual Private Network together is announced mutually; And be connected with interface, receive message, and this message is transmitted according to described routing iinformation by this interface;
Wherein, the routing iinformation of the described routing iinformation interface IP address information that comprises virtual routing forwarding binding at least and the network segment related with this virtual routing forwarding; The corresponding described virtual routing forwarding binding of described interface and this interface.
In the present embodiment, this system also comprises at least two routers that belong to the customer network edge of a VPN together, is connected with edge device PE by corresponding interface, is used to send message to edge device PE.
Fig. 6 is the formation schematic diagram of edge device.As shown in Figure 6, retransmission unit 601 comprises at least:
Routing iinformation notification unit 601a is used under the control of control unit 602, and the routing iinformation between the stored virtual routing forwarding that belongs to a Virtual Private Network together is announced mutually;
Memory cell 601b is used to store described virtual routing forwarding, and each described virtual routing forwarding is preserved the routing iinformation of other described virtual routing forwarding circular;
The message retransmission unit is used to receive the message that the router of described customer network edge sends, and carries out message according to described routing iinformation and transmit.
In the present embodiment, as shown in Figure 6, be example to VRF2 announcement routing iinformation with VRF1, process and announcement process that 602 pairs of announcements of control unit routing iinformation is controlled describe.
The routing iinformation notification unit obtains the routing iinformation of VRF1, and the routing iinformation of the interface IP address information that this routing iinformation comprises the VRF1 binding and the network segment related with this VRF1 is sent to control unit 602 with this routing iinformation; After 602 pairs of these routing iinformations of control unit are handled, this routing iinformation is sent to retransmission unit 601, by the routing iinformation notification unit this routing iinformation is delivered to VRF2 and store.Like this, retransmission unit 601 can utilize above-mentioned routing iinformation to carry out the message forwarding.Wherein, handle can be in the following way for 602 pairs of route information of control unit:
After control unit 602 receives the routing iinformation of VRF1, inquire about other virtual routing forwarding VRF that whether belongs to same VPN on this edge device PE, if have, then control unit 602 decision-makings will also need to belong to this edge device PE other virtual routing forwarding VRF of a VPN from the routing iinformation that VRF1 receives, announce as VRF2.
Though announcing routing iinformation with VRF1 to VRF2 in the foregoing description is that example describes, said method also is applicable to the process of VRF2 to the VRF1 announcement.And be that example describes with two VRF in the foregoing description, if when having a plurality of VRF, the announcement process of routing iinformation and said process are similar between them, repeat no more herein.
In the above-described embodiments, at least two of the routers of customer network edge, as shown in Figure 5, this router is two in the present embodiment, i.e. CE1 and CE2.
Sending message respectively with CE2 below is example to destination address 192.168.1.1 and destination address 192.168.1.2, and the course of work of the message forwarding system of the embodiment of the invention is described.
The first, CE2 sends message to destination address 192.168.1.1:
CE2 sends the ping message to PE, carries destination address information in this ping message, i.e. 192.168.1.1; After the message retransmission unit of PE receives this ping message, at the VRF of correspondence, seek routing iinformation in the present embodiment among the VRF2, at this moment,, message is forwarded to the interface of 192.168.1.1 correspondence according to routing iinformation, at this moment, respond this ping message request by PE.
The second, CE2 sends message to destination address 192.168.1.2:
CE2 sends the ping message to PE, carries destination address information in this ping message, i.e. 192.168.1.2; After PE message retransmission unit receives this ping message, at the VRF of correspondence table, for looking for routing iinformation among the VRF2, this message is forwarded on the CE1 in the present embodiment according to this routing iinformation, respond this ping message request by CE1.
By the foregoing description as can be known, when a plurality of interfaces on the edge of table equipment PE of backbone network are bound a virtual routing forwarding VRF separately, and when the router CE at the user network edge that this interface connects belongs to same VPN, virtual routing forwarding VRF announces the IP address of the interface of its binding to other virtual routing forwarding VRF as a routing iinformation, thereby has guaranteed that the interface IP address that virtual routing forwarding is bound all can reach.
Embodiment two
The embodiment of the invention provides the message forwarding method in a kind of Virtual Private Network, this method comprises: virtual routing forwarding in the edge device of backbone network obtains to belong to together the routing iinformation of other virtual routing forwarding announcement of a Virtual Private Network, wherein the routing iinformation of the routing iinformation interface IP address information that comprises other virtual routing forwarding VRF binding at least and the network segment related with other virtual routing forwarding VRF; Described edge device carries out message according to described routing iinformation and transmits.
By the foregoing description as can be known, when a plurality of interfaces on the edge of table equipment PE of backbone network are bound a virtual routing forwarding VRF separately, and when the router CE at the user network edge that this interface connects belongs to same VPN, virtual routing forwarding VRF announces the IP address of the interface of its binding to other virtual routing forwarding VRF as a routing iinformation, thereby has guaranteed that the interface IP address that virtual routing forwarding is bound all can reach.
In the present embodiment, virtual routing forwarding VRF receives the routing iinformation of other virtual routing forwarding VRF announcement that belongs to a virtual private network together, and comprise step: other virtual routing forwarding VRF is sent to described virtual routing forwarding VRF with routing iinformation; This virtual routing forwarding VRF stores routing iinformation.
As shown in Figure 6, when VRF2 obtains other virtual routing forwarding, during as the routing iinformation of VRF1 announcement, can be in the following way: the routing iinformation notification unit obtains the routing iinformation of VRF1, the routing iinformation of the interface IP address information that this routing iinformation comprises VRF1 binding and the network segment related with this VRF1 is sent to control unit 602 with this routing iinformation; After 602 pairs of these routing iinformations of control unit are handled, this routing iinformation is sent to retransmission unit 601, by the routing iinformation notification unit this routing iinformation is delivered to VRF2 and store.In addition, the mode that 602 pairs of route information of control unit are handled such as above-mentioned repeats no more herein.
In addition, after storing described routing iinformation, also comprise step: the router CE that routing iinformation is sent to the customer network edge that is connected with the interface of this virtual routing forwarding VRF binding.For example, after VRF2 stores described routing iinformation, routing iinformation is sent to the router CE2 of the customer network edge that is connected with the interface of this virtual routing forwarding VRF2 binding.Like this, retransmission unit 601 can utilize above-mentioned routing iinformation to carry out the message forwarding.
In the present embodiment, when described edge device PE received the message that the router CE at the user network edge that is connected with the interface of this virtual routing forwarding VRF binding sends, this edge device PE carried out message according to routing iinformation and transmits, and comprises step:
The router CE at user network edge sends message to edge device PE, and wherein, this message carries the destination address information that this router CE will arrive; Wherein, destination address information is the IP address of the interface of other virtual routing forwarding VRF binding; After receiving this message, in virtual routing forwarding VRF, seek and the corresponding routing iinformation in above-mentioned purpose address; According to longest match principle, match corresponding route entry; This message is sent to the interface of corresponding IP address according to next the jumping destination address in this route entry.
In the present embodiment, when edge device PE received the message that the router CE at the user network edge that is connected with the interface of this virtual routing forwarding VRF binding sends, described edge device PE carried out message according to routing iinformation and transmits, and comprises step:
The router CE at user network edge sends message to edge device PE, and wherein, this message carries the destination address information that this router CE will arrive; Wherein, described destination address is the IP address of the router CE at the user network edge that is connected with the interface of other virtual routing forwarding VRF binding; After receiving this message, in virtual routing forwarding VRF, seek and the corresponding routing iinformation of described destination address; Match corresponding route entry; According to next the jumping destination address in this route entry this message is sent to and the corresponding router in described IP address.
In the foregoing description, the virtual routing forwarding on the edge device PE of a backbone network is at least two, and correspondingly, the router of customer network edge also is at least two.Be that CE1 and CE2, corresponding virtual routing forwarding are that VRF1 and VRF2 are example with the router of customer network edge shown in Figure 5 below, the message forwarding method of the embodiment of the invention is elaborated.
Fig. 5 is the schematic diagram that message is transmitted in the embodiment of the invention.As shown in Figure 5, two virtual routing forwardings are arranged on the edge device PE of backbone network,, be stored among the memory cell 601b of retransmission unit 601, and VRF1 and VRF2 belong to same VPN respectively, can receive the other side's routing iinformation each other as VRF1 and VRF2.Wherein, the interface IP address of VRF1 is 193.168.2.1, and the interface IP address of VRF2 is 192.168.2.1.Router CE1, the CE2 at the user network edge that is connected with VRF1, VRF2 interface respectively, CE1, CE2 belong to same VPN; Wherein, the IP address of CE1 is 192.168.1.2, and the IP address of CE2 is 192.168.2.2.
As shown in table 5, two routes are arranged on the VRF1:
Table 5
Figure C200710121420D00161
At first, VRF2 obtains the routing iinformation of VRF1 announcement.
Wherein, can be in the following way:
(1) VRF1 is to the routing iinformation of VRF2 announcement directly connected subnet, i.e. the routing iinformation of the network segment related with VRF1: 192.168.1.0/24, next-hop ip address 192.168.1.2, outgoing interface eth1.Announcement process repeats no more as mentioned above herein.
After VRF2 receives this routing iinformation, in the VRF2 routing table, can store this routing iinformation;
The CE2 that is connected to the interface with this VRF2 binding sends this routing iinformation.Wherein, the routing iinformation of transmission is: destination address 192.168.1.0/24, and next jumps 192.168.2.1, and the information of the routing table of CE2 is as shown in table 6 like this.
Table 6
(2) VRF1 announces the interface IP address of its binding to VRF2 as routing iinformation.Wherein,
The interface IP address of VRF1 binding is 192.168.1.1, and VRF1 announces route: 192.168.1.1/32, next jumping: 0.0.0.0, outgoing interface: do not have.
Last this routing iinformation of storage of VRF2 can not send to CE2 for this routing iinformation.Because announced following routing iinformation to CE2 (1): destination address 192.168.1.0/24, next jumps 192.168.2.1.After CE2 had received this routing iinformation, the routing table of CE2 was as shown in table 6.
If will arrive destination address 192.168.1.1 on the CE2, coupling CE2 route table items 192.168.1.0/24, next jumping is 192.168.2.1, message can be by correct forwarding.Like this, the advantage of only announcing the 192.168.1.0/24 routing iinformation is can announce a route 192.168.1.1.32 less between PE and the CE2, can't influence the message forwarding result.
Learn from above analysis: last VRF2 may learn following two routes, and is as shown in table 7.
Table 7
Figure C200710121420D00171
After the route that CE2 reception VRF2 announcement is come, routing iinformation as shown in table 6 is arranged in the routing table.
In addition, in (2), VRF2 also can be sent to CE2 with above-mentioned routing iinformation, this routing iinformation is 192.168.1.1/32, and next jumps 192.168.2.1, like this, following two routing iinformations are arranged on the CE2, and shown in the chart 8, just the forwarding behavior of these two routing iinformations is just in time the same.
Table 8
Figure C200710121420D00172
Like this, on CE2, to arrive the 192.168.1.1 of destination, can transmit according to the routing iinformation of 192.168.1.1/32 according to the longest match selection.
Secondly, after VRF2 obtained routing iinformation, this edge device PE carried out message according to this routing iinformation and transmits.Wherein, be that example is elaborated to the embodiment of the invention with the routing iinformation shown in table 6, the table 7 below.
Sending message respectively with CE2 is example to destination address 192.168.1.1 and destination address 192.168.1.2, and the message forwarding method of the embodiment of the invention is described.
The first, CE2 sends message to destination address 192.168.1.1:
CE2 sends the ping message to PE, carries destination address information in this ping message, i.e. 192.168.1.1; After PE received this ping message, the message retransmission unit in the retransmission unit 601 was sought routing iinformation at the VRF of correspondence among the VRF2 in the present embodiment, at this moment, as shown in table 7, according to the principle of long coupling, match on the route entry of 192.168.1.1/32, the next-hop ip address of this route entry is 0.0.0.0, outgoing interface: do not have,, message is forwarded to the interface of 192.168.1.1 correspondence then according to the above-mentioned information in this route entry, at this moment, respond this ping message request by PE.
The second, CE2 sends message to destination address 192.168.1.2:
CE2 sends the ping message to PE, carries destination address information in this ping message, i.e. 192.168.1.2; After PE receives this ping message, message retransmission unit in the retransmission unit 601 is at the VRF of correspondence table, look for routing iinformation among the VRF2 in the present embodiment, as shown in table 7, like this, match on the route entry of 192.168.1.0/24, the next-hop ip address of this route entry is: 192.168.1.2, outgoing interface: eth1; So this message is forwarded on the CE1, respond this ping message request by CE1.
By the foregoing description as can be known, VRF announces the interface IP address of its binding as a routing iinformation other VRF on this PE, has guaranteed that all websites in the VPN all are to reach, and has realized fairly simple.
Above-described specific embodiment; purpose of the present invention, technical scheme and beneficial effect are further described; institute is understood that; the above only is specific embodiments of the invention; and be not intended to limit the scope of the invention; within the spirit and principles in the present invention all, any modification of being made, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.

Claims (9)

1. the message forwarding method in the Virtual Private Network is characterized in that this method comprises:
Virtual routing forwarding in the edge device of backbone network obtains to belong to together the routing iinformation that other virtual routing forwarding of a Virtual Private Network sends and stores described routing iinformation, the routing iinformation of the interface IP address information that wherein said routing iinformation comprises described other virtual routing forwarding binding at least and the network segment related with other described virtual routing forwarding;
Described edge device carries out message according to described routing iinformation and transmits.
2. method according to claim 1 is characterized in that, after storing described routing iinformation, also comprises step: the router that described routing iinformation is sent to the customer network edge that is connected with the interface of described virtual routing forwarding binding.
3. method according to claim 1, it is characterized in that, when described edge device received the message that the router at the user network edge that is connected with the interface of this virtual routing forwarding binding sends, described edge device carries out message according to routing iinformation to be transmitted, and comprises step:
The router at user network edge sends message to described edge device, and wherein, described message carries the destination address information that this router will arrive; Wherein, described destination address information is the IP address of the interface of described other virtual routing forwarding binding;
After receiving this message, in described virtual routing forwarding, seek and the corresponding routing iinformation of described destination address;
According to longest match principle, match corresponding route entry;
This message is sent to the interface of corresponding described IP address according to next the jumping destination address in this route entry.
4. method according to claim 1, it is characterized in that, when described edge device received the message that the router at the user network edge that is connected with the interface of this virtual routing forwarding binding sends, described edge device carries out message according to routing iinformation to be transmitted, and comprises step:
The router at user network edge sends message to described edge device, and wherein, described message carries the destination address information that this router will arrive; Wherein, the IP address of the router at the user network edge that is connected for interface of described destination address with described other virtual routing forwarding binding;
After receiving this message, in described virtual routing forwarding, seek and the corresponding routing iinformation of described destination address;
Match corresponding route entry;
According to next the jumping destination address in this route entry this message is sent to and the corresponding router in described IP address.
5. a message forwarding system is characterized in that, this system comprises the edge device of backbone network at least, and described edge device comprises interface, control unit and retransmission unit at least; Wherein,
Control unit is used for the mutual announcement of the routing iinformation between the virtual routing forwarding that belongs to a Virtual Private Network together is controlled;
Retransmission unit, be connected with control unit, be used under the control of control unit, the routing iinformation between stored at least two virtual routing forwardings that belong to a Virtual Private Network together is announced and each virtual routing forwarding is preserved the routing iinformation of other virtual routing forwarding circular mutually; And be connected with described interface, receive message, and this message is transmitted according to described routing iinformation by this interface;
Wherein, the routing iinformation of the described routing iinformation interface IP address information that comprises virtual routing forwarding binding at least and the network segment related with this virtual routing forwarding; The corresponding described virtual routing forwarding binding of described interface and this interface.
6. system according to claim 5, it is characterized in that, described system also comprises at least two routers that belong to the customer network edge of a Virtual Private Network together, is connected with described edge device by corresponding interface, is used to send message to described edge device.
7. system according to claim 6 is characterized in that, described retransmission unit comprises at least:
The routing iinformation notification unit is used under the control of described control unit, and the routing iinformation between the stored virtual routing forwarding that belongs to a Virtual Private Network together is announced mutually;
Memory cell is used to store described virtual routing forwarding, and each described virtual routing forwarding is preserved the routing iinformation of other described virtual routing forwarding circular;
The message retransmission unit is used to receive the message that the router of described customer network edge sends, and carries out message according to described routing iinformation and transmit.
8. the edge device of a backbone network is characterized in that, described edge device comprises control unit and retransmission unit at least; Wherein,
Control unit is used for the mutual announcement of the routing iinformation between the virtual routing forwarding that belongs to a Virtual Private Network together is controlled;
Retransmission unit, be connected with control unit, be used under the control of control unit, the routing iinformation between stored at least two virtual routing forwardings that belong to a Virtual Private Network together is announced and each virtual routing forwarding is preserved the routing iinformation of other virtual routing forwarding circular mutually; And be connected with described interface, receive message, and this message is transmitted according to described routing iinformation by this interface;
Wherein, the routing iinformation of the described routing iinformation interface IP address information that comprises virtual routing forwarding binding at least and the network segment related with this virtual routing forwarding; The corresponding described virtual routing forwarding binding of described interface and this interface.
9. edge device according to claim 8 is characterized in that, described retransmission unit comprises at least:
The routing iinformation notification unit is used under the control of described control unit, and the routing iinformation between the stored virtual routing forwarding that belongs to a Virtual Private Network together is announced mutually;
Memory cell is used to store described virtual routing forwarding, and each described virtual routing forwarding is preserved the routing iinformation of other described virtual routing forwarding circular;
The message retransmission unit is used to receive the message that the router of described customer network edge sends, and carries out message according to described routing iinformation and transmit.
CNB2007101214205A 2007-09-06 2007-09-06 Packet forwarding method, system and verge equipment in virtual private network Expired - Fee Related CN100505674C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB2007101214205A CN100505674C (en) 2007-09-06 2007-09-06 Packet forwarding method, system and verge equipment in virtual private network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB2007101214205A CN100505674C (en) 2007-09-06 2007-09-06 Packet forwarding method, system and verge equipment in virtual private network

Publications (2)

Publication Number Publication Date
CN101114973A CN101114973A (en) 2008-01-30
CN100505674C true CN100505674C (en) 2009-06-24

Family

ID=39023105

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB2007101214205A Expired - Fee Related CN100505674C (en) 2007-09-06 2007-09-06 Packet forwarding method, system and verge equipment in virtual private network

Country Status (1)

Country Link
CN (1) CN100505674C (en)

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102137173B (en) * 2010-12-27 2014-09-03 华为技术有限公司 Routing information distributing method, equipment, virtual special network system
CN102185778B (en) * 2011-05-11 2014-09-10 杭州华三通信技术有限公司 Method and device for transmitting data based on VLL (Virtual Lease Line)
CN103546380B (en) * 2013-11-05 2016-08-17 迈普通信技术股份有限公司 A kind of message forwarding method based on policybased routing and device
CN103634217B (en) * 2013-11-13 2017-02-08 华为技术有限公司 Method for issuing route information, method and device for transmitting massage
CN103795630B (en) * 2014-01-15 2017-10-17 新华三技术有限公司 The message transmitting method and device of a kind of label exchange network
CN105337870B (en) * 2014-08-15 2018-11-27 新华三技术有限公司 A kind of route issuing method and device
CN104901884B (en) * 2015-05-27 2018-10-09 新华三技术有限公司 Wide area network SDN collecting topologies implementation method and device
CN105939261A (en) * 2015-09-16 2016-09-14 杭州迪普科技有限公司 Method and device for statically configuring VPN routing
CN107026796B (en) * 2016-02-01 2021-01-05 华为技术有限公司 VPN route notification method, data flow forwarding method and related equipment
CN107666429B (en) * 2016-07-29 2020-12-18 平安科技(深圳)有限公司 Switch logic deployment method and terminal in Overlay network
CN111901239A (en) * 2019-05-06 2020-11-06 中国移动通信集团湖南有限公司 Communication method, system, device and storage medium based on virtual network
CN112738869B (en) * 2020-12-29 2022-12-20 北京天融信网络安全技术有限公司 Message receiving method, device, equipment and medium
EP4297346A1 (en) * 2021-03-19 2023-12-27 Huawei Technologies Co., Ltd. Traffic control method and related device

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
BGP/MPLS VPNs. Eric C. Rosen et al.draft-ietf-ppvpn-rfc2547bix-03.txt. 2002 *
BGP/MPLS VPN设计、实现及组播支持算法研究. 李海华.中国人民解放军信息工程大学学位论文. 2006 *
MPLS-VPN工作特性. 陈启美等.电力自动化设备,第22卷第10期. 2002 *

Also Published As

Publication number Publication date
CN101114973A (en) 2008-01-30

Similar Documents

Publication Publication Date Title
CN100505674C (en) Packet forwarding method, system and verge equipment in virtual private network
CN100550841C (en) Autonomous System Boundary Router, AS Boundary Router route issuing method and Autonomous System Boundary Router, AS Boundary Router
CN100433691C (en) Routing method of virtual special network
CN102932499B (en) Method and device for learning media access control (MAC) addresses in virtual private lan service (VPLS) networks
CN102413059B (en) Multicast forwarding method based on SPB (Shortest Path Bridging) network and SPBM (MAC-in-MAC SPB) bridge
CN101052022B (en) System and method for virtual special net user to access public net
CN100411381C (en) Communication method and system between mixed network VPN stations across different autonomous systems
CN103731349B (en) Message forwarding method and edge device between a kind of Ethernet virtualization interconnection neighbours
CN102130813B (en) Pseudo line establishing method, system and equipment
CN104885416A (en) Bridging network devices in a hybrid communication network
CN101582830B (en) Device for realizing mutual access of crossing virtual private networks and method
CN100484080C (en) Routing access method, system and operator edge equipment for virtual private network
CN100450065C (en) Method for providing communication between virtual special network stations
US8774076B2 (en) Optimizing OTV multicast traffic flow for site local receivers
CN102739501A (en) Message forwarding method in two or three layer virtual private network (VPN) and system thereof
CN103326915A (en) Method, device and system for achieving three-layer VPN
CN105453513A (en) Packet forwarding method, forwarding entry delivery method, and network device
CN100559772C (en) Mixed virtual private network system and backbone network edge apparatus and collocation method thereof
CN104780090B (en) Method, apparatus, the PE equipment of VPN multicast transmissions
CN104283782A (en) Method and device for determining message forwarding paths in multi-protocol label switching network
EP3018866A1 (en) Signaling aliasing capability in data centers
CN103795630A (en) Message transmitting method and device of label switching network
CN106034072A (en) Packet forwarding method and device and service provider network edge PE equipment
CN113726653B (en) Message processing method and device
CN100414919C (en) Method for realizing virtual special network of over-muti-autonomous system mixed network

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CP01 Change in the name or title of a patent holder
CP01 Change in the name or title of a patent holder

Address after: 350015 M9511 Industrial Park, fast road, Mawei District, Fujian, Fuzhou

Patentee after: RUIJIE NETWORKS Co.,Ltd.

Address before: 350015 M9511 Industrial Park, fast road, Mawei District, Fujian, Fuzhou

Patentee before: Fujian Star-net Ruijie Network Co.,Ltd.

CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20090624

Termination date: 20210906