CN100586088C - Method for realizing virtual LAN aggregation and aggregation exchanger - Google Patents

Method for realizing virtual LAN aggregation and aggregation exchanger Download PDF

Info

Publication number
CN100586088C
CN100586088C CN 200610099458 CN200610099458A CN100586088C CN 100586088 C CN100586088 C CN 100586088C CN 200610099458 CN200610099458 CN 200610099458 CN 200610099458 A CN200610099458 A CN 200610099458A CN 100586088 C CN100586088 C CN 100586088C
Authority
CN
China
Prior art keywords
user
vlan
side
network
acl entry
Prior art date
Application number
CN 200610099458
Other languages
Chinese (zh)
Other versions
CN1878112A (en
Inventor
刘建锋
民 姚
军 宁
Original Assignee
杭州华三通信技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 杭州华三通信技术有限公司 filed Critical 杭州华三通信技术有限公司
Priority to CN 200610099458 priority Critical patent/CN100586088C/en
Publication of CN1878112A publication Critical patent/CN1878112A/en
Application granted granted Critical
Publication of CN100586088C publication Critical patent/CN100586088C/en

Links

Abstract

The invention discloses a convergence method and exchange to realize VLAN, which comprises the following steps: setting corresponding relationship of different user side VLAN and network side VLAN; receiving the first report from user through user side VLAN for convergence exchange; sending the first report to gateway equipment through user side VLAN according to the set corresponding relationship; accepting the second report through network side VLAN for convergence exchange; sending the second report to corresponding user through user side VLAN according to set corresponding relationship and MAC address with carrying goal in the second report. The invention can proceed report transmission between convergence switch and gateway equipment through the same network side VLAN, which realizes VLAN convergence to save VLAN resource.

Description

实现虚拟局域网聚合的方法和汇聚交换机 Virtual local area network switch aggregation and polymerization of

技术领域 FIELD

本发明涉及网络通信技术,特别是涉及一种实现虚拟局域网(VLAN) 聚合的方法和汇聚交换机。 The present invention relates to network communication technology, particularly to a virtual LAN (VLAN) and polymerization of aggregation switches.

背景技术 Background technique

在众多宽带网组建方案中,IP网以其独有的操作容易、管理简单和技术灵活等特性,在城域网的组建中脱颖而出,占有很大比例。 Among the many broadband network set up scenarios, IP networks with its unique operation easy, simple and flexible management and technical characteristics, in the formation of the MAN stand out, account for a large proportion. 在IP网中, 主要是以三层(layer 3 , L3)交换机为核心交换设备,以VLAN为实现手段和方法,为用户提供高速以太专线,用来实现高速上网或者公司内部之间实现自己的数据业务和其它业务,如视频点播之类。 In the IP network, mainly three (layer 3, L3) of the switch core switching equipment to implement VLAN to means and methods to provide users with high-speed Ethernet line, to achieve high-speed Internet or between realize their company's internal data services and other services, such as video-on-demand type.

图1是在现有技术中二层组网示意图。 FIG 1 is a networking diagram Layer in the prior art. 参见图1,在现有技术中,在二层组网中,当多个用户主机接入不同的VLAN时,如图1中所示的用户主机1接入VLANl 、用户主机2接入VLAN2且用户主机3接入VLAN3,各个VLAN分别通过二层(layer 2 , L2 )交换机和汇聚交换机透传到网关设备比如L3交换机上进行终结。 Referring to Figure 1, in the prior art, the floor network, when a plurality of different hosts to the VLAN, as shown in FIG. 1 hosts an access VLANl, user access to the host 2 and VLAN2 3 hosts access VLAN3, respectively, each VLAN (layer 2, L2) passes through the convergence switch, and the switch device, such as a gateway for termination by the Layer L3 switch.

参见图1,在进行报文传输时,在上行方向上,接入不同VLAN的各个用户主机分别通过各自接入的VLAN将报文发送至汇聚交换机;汇聚交换机再分别通过用户主机接入的各个VLAN将l艮文发送至网关设备;在下行方向上,网关设备将发送给各个用户主机的报文分别通过用户主机接入的各个VLAN发送至汇聚交换机,汇聚交换机再通过用户主机接入的各个VLAN 将才艮文发送至各个用户主^li。 Referring to Figure 1, for packet transmission in the upstream direction, each subscriber host access different VLAN each respective access VLAN to packets transmitted by the convergence switch; aggregation switch then respectively connected by respective hosts the Gen-l VLAN sending to the gateway device; in the downstream direction, the gateway device will be sent to each user host packets are transmitted to the aggregation switch via individual subscriber host access VLAN, then access by a convergence switch hosts each VLAN the Gen only sending to each of the user home ^ li.

由以上描述可以看出,在现有技术中,当不同用户主机接入不同VLAN As it can be seen from the above description, in the prior art, when different users access to different hosts VLAN

时,各个用户主机的报文在汇聚交换机与网关设备之间必须通过不同的VLAN进行传输,使得汇聚交换机与网关设备之间的VLAN数量过多,大大浪费了VLAN资源。 When the packets of each user to be conducted between the host and the gateway device aggregation switch via different transmission VLAN, such that the number of the VLAN aggregation switch between the gateway device is too large, a lot of waste of resources VLAN.

另外,由于不同用户主机的报文在汇聚交换机与网关设备之间必须通过不同的VLAN进行传输,因此,针对不同的VLAN,网关设备必须分别进行VLAN终结处理,从而大大增加了网关设备的业务负荷量;并且,针对不同的VLAN,网关设备均必须占用自身的一个路由接口资源,从而大大浪费了网关设备的接口资源。 Further, since the packets of different hosts to be conducted between the gateway device and the aggregation switch via different transmission VLAN, therefore, for different VLAN, VLAN termination gateway device must be treated separately, thereby greatly increasing the traffic load of the gateway device volume; and, for different VLAN, gateway device must occupy itself a routing interface resources, thereby greatly wasting the interface resources gateway device.

发明内容 SUMMARY

有鉴于此,本发明的第一目的在于提供一种实现VLAN聚合的方法, 本发明的第二目的在于提供一种汇聚交换机,以保证在汇聚交换机与网关设备之间通过聚合后的一个VLAN进行报文传输,节约VLAN资源。 In view of this, a first object of the present invention is to provide a method to achieve VLAN aggregation, a second object of the present invention to provide a convergence switch, a VLAN to ensure by after polymerization aggregation switch between the gateway device and message transmission, save VLAN resources.

为了达到上述目的,本发明的技术方案是这样实现的: To achieve the above object, the technical solution of the present invention is implemented as follows:

一种实现虚拟局域网聚合的方法,汇聚交换机建立上行方向访问控制列表ACL表项,设置上行方向ACL表项中的匹配规则和匹配动作记录多个用户侧VLAN与一个网络侧VLAN的对应关系;在多个用户主机分别接入多个用户侧VLAN后,根据接入的多个用户侧VLAN的标识、 一个网络侧VLAN标识以及每一个用户主机的MAC地址及其接入的VLAN标识,针对每一个用户主机建立一个下行方向ACL表项;该方法还包括:汇聚交换机通过所述多个用户侧VLAN中的当前用户侧VLAN接收到用户主机发来的第一报文,根据所建立的上行方向ACL表项,通过所述网络侧VLAN将第一报文发送至网关设备;汇聚交换机通过所述网络侧VLAN接收到第二报文,根据建立的下行方向ACL表项以及第二报文中携带的目的MAC地址,通过对应的用户侧VLAN将第二报文发送至对应的用户主机。 A method implemented VLAN aggregation, aggregation switch establishes an uplink direction the ACL entry, set in the uplink direction and a matching correspondence relation matching rule action items recorded in a plurality of user-side VLAN and the VLAN network side ACL table; in the plurality of user access to a plurality of hosts each user-side VLAN, according to the identifier of the plurality of user access-side VLAN, the VLAN identifier and a network side for each user host MAC address and VLAN ID to access, for each host establishes a user ACL entry downstream direction; the method further comprising: the convergence switch receiving a first user sent by the host with the current packet of the plurality of user-side VLAN in the user VLAN, according to the established uplink ACL entry, by the network side VLAN packet to the first gateway device; convergence switch receiving the second packet through the network-side VLAN, according to the established downlink ACL entry and a second packet carries the destination MAC address, the second packet to the corresponding user through a corresponding user-side host VLAN.

所述设置上行方向ACL表项中的匹配规则和匹配动作记录多个用户侧VLAN与一个网络侧VLAN的对应关系包括:设置该上行方向ACL表项中的匹配规则为报文携带的VLAN标识为所述多个用户侧VLAN标识中的任急一个,设置该上行方向ACL表项中的匹配动作为将报文携带的用户侧VLAN标识替换为所述网络侧VLAN的标识。 And matching rules match the setting operation of recording a plurality of user-side VLAN and the uplink VLAN network side ACL entry in the correspondence relationship comprises: setting the matching rules in the ACL entry in the uplink direction is carried in the packets is identified VLAN the plurality of user-side acute any one VLAN tag matches the setting operation of the ACL entry in the upstream direction to the packet VLAN identifier carried in the user side of the network side is replaced with the VLAN identifier.

VLAN将第一报文发送至网关设备的步骤包括:汇聚交换机确定第一报文中携带的当前用户侧VLAN的标识符合上行方向ACL表项中的匹配规则,才艮据上行方向ACL表项中的匹配动作,将第一报文携带的当前用户侧的VLAN 标识替换为所述网络侧VLAN的标识,然后通过所述网络侧VLAN将第一报文发送至网关设备。 A first step of the VLAN packet to the gateway apparatus comprising: a first convergence switch determines the current packet carries a VLAN ID that meets the user-side matching rules in the ACL entry in the uplink direction, only the uplink direction according Gen ACL entry matching operation, the VLAN ID of the current user side of the first packet carries replace the VLAN identifier of the network side, the network side and then through the first VLAN packet to the gateway device.

所述针对每一个用户主机建立一个下行方向ACL表项的步骤包括:汇聚交换机针对每一个用户主机建立一个相对应的下行方向ACL表项,设置每一个下行方向ACL表项中的匹配规则为l艮文目的MAC地址为对应用户主才几的MAC地址,且才艮文携带的VLAN标识为网络侧VLAN标识;设置每一个下行方向ACL表项中的匹配动作为将报文携带的网络侧VLAN标识替换为该下行方向ACL表项所对应用户主机接入的用户侧V.LAN标识。 Said step of establishing a downlink direction ACL entry for each user host includes: the convergence switch to establish a downstream direction corresponding ACL entry for each user host matching rules provided for each ACL entry in the downstream direction is l Gen destination MAC address corresponding to the MAC address of the user's home only a few, and it Gen packet carries a VLAN identifier for the network-side VLAN identifier; matching operation is provided in each downlink direction ACL entry for the packets carried in network-side VLAN Alternatively the host identifier corresponding to the user for the access downlink ACL entry side V.LAN user identification.

所述汇聚交换机通过对应的用户侧VLAN将第二报文发送至对应用户主机的步骤包括:汇聚交换机确定第二报文中携带的网络侧VLAN标识和目的MAC地址符合一个下行方向ACL表项中的匹配规则,根据该符合的下行方向ACL表项中的匹配动作,将第二报文携带的网络侧VLAN的标识替换为对应用户侧VLAN的标识,然后通过所述对应的用户侧VLAN将第二才良文发送至对应的用户主^/L。 A second step of the aggregation switch packet to the host through a corresponding user-side VLAN corresponds comprising: a convergence switch determines the second message carrying network-side VLAN ID and a destination MAC address matches the ACL entry in the downstream direction the matching rules in the ACL table entry operation according to the downlink direction meet, and replacement with the corresponding user-side VLAN identifier carried in the second packet network VLAN identity, and then by the user side corresponding to the first VLAN two Cailiang sending user to the corresponding primary ^ / L.

优选地,该方法进一步包括:汇聚交换机在检测到一个用户主机退出其接入的用户侧VLAN,根据该退出的用户主机的MAC地址,删除包含该退出的用户主机MAC地址的下行方向ACL表项。 Preferably, the method further comprising: the user VLAN aggregation switches its access to exit in a user host is detected, the MAC address of the user exit in the host, containing downlink user to delete the MAC address of the ACL entry exit .

一种汇聚交换机,该汇聚交换机包括: One kind of aggregation switches, the aggregation switch comprises:

人机交互单元,将管理人员输入的多个用户侧VLAN标识和一个网络侧VLAN标识发送至ACL表项管理单元; Interactive means, a plurality of input-side user management VLAN identifier and a VLAN identifier to the network-side ACL entry management unit;

MAC地址管理单元,在检测到各个用户主机接入时,将各个用户主机的 MAC address management unit, upon detecting the respective hosts to the respective hosts

8ACL表项管理单元,根据接收到的多个用户侧VLAN标识和一个网络侧VLAN标识建立上行方向ACL表项,设置上行方向ACL表项中的匹配规则和匹配动作记录多个用户侧VLAN与一个网络侧VLAN的对应关系, 在多个用户主机分别接入多个用户侧VLAN后,根据接入的多个用户倒VLAN的标识、 一个网络侧VLAN标识以及每一个用户主机的MAC地址及其接入的VLAN标识,针对每一个用户主机建立一个下行方向ACL表项; 收发处理单元,接收用户主机通过当前用户侧VLAN发来的第一报文,从 8ACL entry management unit, establish an ACL entry in the uplink direction according to the received plurality of user-side VLAN identifier and a network-side VLAN ID, and the matching operation of matching rule provided in uplink ACL entry is recorded with a plurality of user-side VLAN after the VLAN corresponding relationship between the network side, a plurality of hosts each user access to a plurality of user-side VLAN, according to a plurality of user access inverted VLAN identifier, MAC address, and a network-side VLAN ID for each user and connected to the host by the VLAN identifier, for each user to establish a downlink host ACL entry; reception processing unit which receives the user sent by the host via a first current user-side VLAN packet, from

过网络侧VLAN将第一报文发送至网关设备;接收网关设备通过网络侧VLAN发来的第二报文,从ACL表项管理单元中获取下行方向ACL表项, 根据下行方向ACL表项以及第二报文中携带的目的MAC地址,通过对应的用户侧VLAN将第二报文发送至对应的用户主机。 A first through-VLAN packet to the gateway device; receiving-side device via a network gateway to send a second VLAN packet, acquiring the downlink direction from the ACL entry in the ACL entry management unit, ACL entry according to the downlink direction and the second packet carries the destination MAC address, the second packet to the corresponding user through a corresponding user-side host VLAN.

所述ACL表项管理单元,设置上行方向ACL表项中的匹配规则为报文 The ACL entry management unit, disposed upstream direction ACL rule matching table entry packets

携带的VLAN标识为所接收到用户侧VLAN标识中的任意一个,设置上行 VLAN ID is carried in the received VLAN tag to any user of one side, is provided upstream

方向ACL表项中的匹配动作为将报文携带的用户侧VLAN标识替换为所述 ACL entry matching the moving direction of the packet is carried in the user-side VLAN identifier replace the

网络侧VLAN的标识; The network-side VLAN identification;

所述收发处理单元,在接收到第一报文时,从ACL表项管理单元中获 The reception processing unit, upon receiving the first message, from the ACL entry is eligible management unit

取上行方向ACL表项,在确定第一报文中携带的当前用户侧VLAN标识符 Take uplink ACL entries carried in this message to determine a first VLAN identifier of the user-side

合上行方向ACL表项中的匹配规则后,根据上行方向ACL表项中的匹配动 The matching rules engagement ACL entry in the upstream direction, the upstream direction in accordance with the matching entry in the ACL movable

作,将第一报文携带的当前用户侧的VLAN标识替换为网络侧VLAN的标 For the first packet carries a VLAN identifier of the user-side network side marked replacement of the VLAN

识,然后通过网络侧VLAN将第一报文发送至网关设备。 Identifying, by the network side and the first VLAN packet to the gateway device.

所述ACL表项管理单元,根据接收到的多个用户侧VLAN标识、 一个网络侧VLAN标识和各个用户主机的MAC地址及其接入的用户侧VLAN标识,针对每一个用户主机建立一个相对应的下行方向ACL表项,设置每一个下行方向ACL表项中的匹配规则为报文目的MAC地址为对应用户主机的MAC地址,且报文携带的VLAN标识为网络侧VLAN标识;设置每一个下行方向ACL表项中的匹配动作为将报文携带的网络侧VLAN标识替换 The ACL entry management unit, according to the received plurality of user-side VLAN identifier, a MAC address and the VLAN identifier of each network hosts and the access user-side VLAN identifier, establishing a corresponding host for each user downstream direction ACL entry, set matching rules each downlink direction ACL entry for the destination MAC address is the MAC address corresponding to the hosts, and the packet carries a VLAN identifier for the network-side VLAN identifier; provided each downlink matching operation direction ACL entry will replace carried by the packet network side VLAN identifier

所述收发处理单元,在接收到第二报文时,从ACL表项管理单元中获取各个下行方向ACL表项,在确定第二报文中携带的网络侧VLAN标识和目的MAC地址符合一个下行方向ACL表项中的匹配规则后,根据该符合的下行方向ACL表项中的匹配动作,将第二报文携带的网络侧VLAN的标识替换为对应用户侧VLAN的标识,然后通过所述对应的用户侧VLAN将第二报文发送至对应的用户主机。 The reception processing unit, when receiving the second packet, respective downlink direction acquired from the ACL entry in the ACL entry management section, in determining a second message carrying network-side VLAN ID and the destination MAC address matches a downlink the matching rules in the ACL entry direction, matching the action items based on the ACL table matching the downlink direction, the corresponding user-side replace the VLAN identifier carried in the second packet network VLAN identity, and then through said corresponding a second user-side VLAN packet to the corresponding user host.

所述MAC地址管理单元,进一步用于在检测到一个用户主机退出其接入的用户侧VLAN时,将携带该用户主才几MAC地址的MAC地址删除消息发送至ACL表项管理单元; The MAC address management unit is further configured to detect when a user VLAN user out of its host access, it will carry the main user MAC address MAC address several deletion message to the ACL entry management unit;

ACL表项管理单元,根据接收到的MAC地址删除消息中携带的MAC 地址,删除包含该MAC地址的下行方向ACL表项。 ACL entry management unit, remove the MAC address carried in the message to the received MAC address, deleting the downstream direction comprising ACL entry of the MAC address.

由此可见,在本发明中,在汇聚交换机与网关设备之间通过聚合后的同一个网络侧VLAN进行报文传输,从而实现了VLAN聚合,使得汇聚交换机与网关设备之间的VLAN数量大大减少,节约了VLAN资源。 Thus, in the present invention, the aggregation switch between the gateway and the packet transmission device via the same network-side VLAN after polymerization, the polymerization in order to achieve a VLAN, such that the number of the VLAN aggregation switch between the gateway device and greatly reduced saves VLAN resources.

另外,由于在汇聚交换机与网关设备之间通过聚合后的同一个网络侧VLAN进行报文传输,因此,网关设备只需针对一个网络侧VLAN进行终结处理,从而大大降低了网关设备的业务负荷量;并且,由于网关设备只需针对一个网络侧VLAN,因此,网关设备只需占用自身的一个路由接口资源, 大大节约了网关设备的接口资源。 Further, since the packets transmitted over the same network-side VLAN after polymerization aggregation switch between the gateway device and, therefore, the gateway device is designed for termination processing for a network-side VLAN, thereby greatly reducing the traffic load of the gateway device ; and, since a gateway device only for the VLAN network side, thus, the gateway device itself occupies only a routing interface resources, greatly saving interface resources of the gateway device.

附图说明 BRIEF DESCRIPTION

图1是在现有技术中二层组网示意图。 FIG 1 is a networking diagram Layer in the prior art. 图2是在本发明中实现VLAN聚合的系统的结构示意图。 2 is a schematic diagram of VLAN aggregation system configuration in the present invention. 图3是在本发明中汇聚交换机的基本结构示意图。 FIG 3 is a schematic view of a basic structure of the aggregation switch in the present invention. 图4是在本发明实施例中实现VLAN聚合的流程图。 FIG 4 is a flowchart of VLAN polymerized in the embodiment of the present invention.

具体实施方式 Detailed ways

本发明提出了一种实现VLAN聚合的方法,其核心思想是:设置多个用户侧虚拟局域网VLAN与一个网络侧VLAN的对应关系;汇聚交换机通过所述多个用户侧VLAN中的当前用户侧VLAN接收到用户主机发来的第一报文,根据所设置的对应关系,通过所述网络侧VLAN将第一报文发送至网关设备;汇聚交换机通过所述网络侧VLAN接收到第二报文,根据所设置的对应关系以及第二报文中携带的目的媒质接入控制(MAC)地址, 通过对应的用户侧VLAN将第二报文发送至对应的用户主机。 The present invention proposes a method for implementing VLAN aggregation, its core idea is: a plurality of user-side virtual LAN (VLAN) to a corresponding relationship between the network side of the VLAN; aggregation switches current through the plurality of user-side VLAN in the user-side VLAN receiving a first user sent by the host message, according to the correspondence set by the network-side VLAN packet to the first gateway device; convergence switch receiving the second packet through the network-side VLAN, the correspondence relationship between the set and the destination media access control (MAC) address carried in the second message, the second message is transmitted to corresponding user through a corresponding user-side host VLAN.

其中,设置所述对应关系可以通过在汇聚交换机中设置对应的访问控制列表(ACL)表项来实现。 Wherein, the correspondence relationship may be provided by setting the corresponding access control entry list (ACL) to achieve the convergence switch.

相应的,本发明还提出了一种汇聚交换机。 Accordingly, the present invention proposes a convergence switch. 该汇聚交换机用于保存不同用户侧VLAN与一个网络侧VLAN的对应关系,在通过任意一个用户侧VLAN接收到第一报文后,根据所保存的对应关系,将第一报文通过所述网络侧VLAN发送至网关设备,在通过网络侧VLAN接收到网关设备发来的第二报文后,根据所保存的对应关系及第二报文中的目的MAC地址,将第 The aggregation switch for storing a correspondence relationship of different user VLAN with a VLAN of the network side, upon receiving the first message via any of a user VLAN, according to the saved corresponding relationship between the first packet through the network side VLAN transmitted to the gateway device, the gateway device after receiving the second message sent by the network-side VLAN, according to the destination MAC address and the correspondence relationship stored in the second packet, the first

图3是在本发明中汇聚交换机的基本结构示意图。 FIG 3 is a schematic view of a basic structure of the aggregation switch in the present invention. 参见图3,在本发明中,汇聚交换机的基本结构可以包括:人机交互单元、MAC地址管理单元、 ACL表项管理单元和收发处理单元,其中, Referring to Figure 3, in the present invention, the basic structure of aggregation switches may include: interactive unit, MAC address management unit, the ACL entry processing management unit and a transceiver unit, wherein,

人机交互单元,将管理人员输入的多个用户侧VLAN标识和一个网络侧VLAN标识发送至ACL表项管理单元; Interactive means, a plurality of input-side user management VLAN identifier and a VLAN identifier to the network-side ACL entry management unit;

MAC地址管理单元,在检测到各个用户主机接入时,将各个用户主机ACL表项管理单元,根据接收到的用户侧VLAN标识、网络侧VLAN 标识和各个用户主机的MAC地址信息及其接入的用户侧VLAN标识,建立ACL表项,设置ACL表项中的匹配规则和匹配动作记录多个用户侧VLAN 与一个网络侧VLAN的对应关系; MAC address management unit, upon detecting the respective hosts to the respective hosts ACL entry management unit, according to the received user-side VLAN ID, the MAC address information of the network-side VLAN ID and the respective hosts and access user-side VLAN identifier established ACL entry, set the ACL rules table entry and operation of recording the mapping between the plurality of matching the user side to a network side VLAN of the VLAN;

收发处理单元,接收用户主机通过当前用户侧VLAN发来的第一报文, 从ACL表项管理单元中获取ACL表项,根据ACL表项的匹配规则和匹配动作所记录的多个用户侧VLAN与一个网络侧VLAN的对应关系,通过网络侧VLAN将第一报文发送至网关设备;接收网关设备通过网络侧VLAN 发来的第二报文,从ACL表项管理单元中获取ACL表项,根据ACL表项的匹配^L则和匹配动作所记录的多个用户侧VLAN与一个网络侧VLAN的对应关系,通过对应的用户侧VLAN将第二报文发送至对应的用户主机。 Reception processing unit which receives the user sent by the host via a first current user-side VLAN packets acquired from the ACL ACL entry entry management unit, a plurality of users in accordance with the ACL rules and matching entry side of the recording operation of the VLAN a correspondence between the VLAN network side, the network side VLAN packet to the first gateway device; receiving-side device via a network gateway to send a second VLAN packets acquired from the ACL entry in the ACL entry management unit, the ACL entry matches ^ L and the matching operation corresponding to the recorded plurality of user-side relationship with a VLAN-VLAN, and transmits the second packet to the host through the corresponding user-side VLAN corresponds to a user.

在本发明中,所述的用户侧VLAN是指位于接入侧,即用户主机直接接入的VLAN;所述的网络侧VLAN是指位于网络侧,即汇聚交换机与网关设备之间的VLAN。 In the present invention, the user-side VLAN is used at the access side, i.e., direct access to the VLAN hosts; The network-side VLAN is used at the network side, i.e. VLAN aggregation between the switch and the gateway device.

为使本发明的目的、技术方案和优点更加清楚,下面结合附图及具体实施例对本发明作进一步地详细描述。 To make the objectives, technical solutions, and advantages of the present invention clearer, the following specific embodiments of the present invention will be described in further detail in conjunction with the accompanying drawings and.

图4是在本发明实施例中实现VLAN聚合的流程图。 FIG 4 is a flowchart of VLAN polymerized in the embodiment of the present invention. 参见图2、图3和图4,在本发明中,比如三个用户主才几即用户主才几1、用户主才几和用户主枳j 3,分别接入不同的用户侧VLAN,即VLAN1 、 VLAN2和VLAN3,本发明实现VLAN聚合,即通过同一个网络侧VLAN即VLAN4来实现报文传输的过程包括以下步骤: Referring to FIG. 2, FIG. 3 and FIG. 4, in the present invention, such as the user's home only a few three main i.e. only a few user 1, the user's home and the user only a few main orange J 3, access different user-side VLAN, which VLAN1, VLAN2 and VLAN3, the present invention implements VLAN aggregation, i.e., by a network-side VLAN and the same process to achieve VLAN4 packet transmission comprises the steps of:

步骤401:管理人员向汇聚交换机中的人机交互单元输入多个用户侧VLAN标识和一个网络侧VLAN标识。 Step 401: Management input VLAN identifier and a plurality of user-side VLAN identifier to a network-side switch aggregation interactive unit.

比如,管理人员所输入的用户侧VLAN标识包括VLAN1 、 VLAN2和VLAN3 ,所输入的网络侧VLAN标识包括VLAN4。 For example, the management-side user input VLAN ID comprises VLAN1, VLAN2 and VLAN3, the input side of the network comprises a VLAN identifier VLAN4.

步骤402:在汇聚交换机中,人机交互单元将所接收到的多个用户侧VLAN标识和一个网络侧VLAN标识发送至ACL表项管理单元。 Step 402: the convergence switch, interactive unit received a plurality of user-side VLAN identifier and a VLAN identifier to the network-side ACL entry management unit.

12步骤403:在用户主机l、用户主机2和用户主才几3分别通过VLAN1、 VLAN2和VLAN3接入后,汇聚交换机中的MAC地址管理单元检测到新增用户主机1 、用户主机2和用户主机3的MAC地址及其接入的VLAN标识。 12 Step 403: 3, respectively, by only a few VLAN1 VLAN2 and VLAN3 after access, aggregation switches the MAC address management unit detects the new host hosts a user L, the host 2 and the user home users, 1, 2 and the user hosts and the MAC address of the access VLAN identifier 3.

步骤404: MAC地址管理单元将新增的、每一个用户主机的MAC地址 Step 404: MAC address of the newly added management unit, each of the MAC address of a user host

在上述步骤403至步骤404中,MAC地址管理单元检测到并发送至ACL 表项管理单元的用户主机的MAC地址及VLAN标识为:用户主机1对应MACl及VLANl 、用户主机2对应MAC2及VLAN2,用户主机3对应MAC3 及VLAN3。 In the above step 403 to step 404, MAC address management unit detects and transmits to the MAC address and the VLAN identifier hosts ACL entry management unit to: hosts 1 corresponds MACl and VLANl, hosts 2 corresponding to MAC2 and VLAN2, 3 corresponds to user host MAC3 and VLAN3.

步骤405: ACL表项管理单元根据接收到的多个用户侧VLAN标识和一个网络侧VLAN标识,建立上行方向ACL表项。 Step 405: ACL entry management unit according to the received plurality of user-side VLAN identifier and a network-side VLAN identifier established in the uplink direction ACL entry.

这里,上行方向ACL表项中包括匹配规则和匹配动作。 Here, the uplink ACL entry matching includes matching rules and actions.

其中,匹配4见则为:4艮文携带的VLAN标识为所述用户侧VLAN标识中的任意一个,即VLANl,或VLAN2,或VLAN3。 Wherein matching compared see 4: 4 Gen VLAN identifier carried in packets to any one of the user-side VLAN ID, i.e. VLANl, or VLAN2, or VLAN3.

匹配动作为:将报文携带的用户侧VLAN标识替换为网络侧VLAN标识,也就是将报文携带的VLANl或VLAN2或VLAN3替换为VLAN4。 Match action to: packet VLAN ID carried in the user-side network replaced VLAN ID is carried in the packet or VLAN2 VLANl VLAN3 or replaced VLAN4.

步骤406: ACL表项管理单元根据接收到的多个用户侧VLAN标识、 一个网络侧VLAN标识以及每一个用户主机的MAC地址及其接入的VLAN 标识,针对每一个用户主机建立一个相对应的下行方向ACL表项。 Step 406: ACL entry management unit, and a network-side VLAN ID for each user MAC address and host access VLAN identifier established for each user according to the received host to a plurality of user-side VLAN ID corresponding downstream direction ACL entries.

这里,每一个下行方向ACL表项中均包括匹配规则和匹配动作。 Here, each downlink direction ACL entry matching comprises matching rules and actions.

其中,在与用户主机l相对应的下行方向ACL表项1中,匹配规则为: 报文目的MAC地址为MAC1,且报文携带的VLAN标识为网络侧VLAN 标识,即VLAN4。 Wherein, in the downlink direction user hosts l ACL entry corresponding to the matching rule is 1: the destination MAC address MACl, and the VLAN ID carried by the packet network side VLAN ID, i.e. VLAN4. 匹配动作为:将报文携带的网络侧VLAN标识替换为该下行方向ACL表项1所对应用户主机1接入的用户侧VLAN标识,也就是将报文携带的VLAN4替换为VLANl 。 Match action is: the network side carried by the packet VLAN identity replacement ACL entry corresponding to a user access to a host for the downlink user-side VLAN ID is carried in the packet is replaced VLAN4 VLANl.

在与用户主机2相对应的下行方向ACL表项2中,匹配规则为:报文目的MAC地址等于MAC2,且报文携带的VLAN标识为网络侧VLAN标识,即VLAN4。 In the downlink direction corresponding to the ACL entry 2 hosts 2, the matching rule is: equal to the destination MAC address MAC2, and the VLAN ID carried by the packet network side VLAN ID, i.e. VLAN4. 匹配动作为:将报文携带的网络侧VLAN标识替换为该下行方向ACL表项2所对应用户主机2接入的用户侧VLAN标识,也就是将报文携带的VLAN4替换为VLAN2。 Match action is: the network side carried by the packet VLAN identity replacement ACL table entries for the downlink direction user VLAN identifier hosts 2 corresponding to the second access, which is carried in the packet is replaced VLAN4 VLAN2.

在与用户主机3相对应的下行方向ACL表项3中,匹配规则为:报文目的MAC地址等于MAC3,且报文携带的VLAN标识为网络侧VLAN标识,即VLAN4。 In the downstream direction and the host computer 3 corresponding to the user ACL entry 3, the matching rule is: equal to the destination MAC address MAC3, and the VLAN identifier carried in the packet network side VLAN ID, i.e. VLAN4. 匹配动作为:将报文携带的网络侧VLAN标识替换为该下行方向ACL表项3所对应用户主机3接入的用户侧VLAN标识,也就是将报文携带的VLAN4替换为VLAN3。 Match action is: the network side carried by the packet VLAN identity replacement ACL table entries for the downlink direction user VLAN identifier of the user access the host computer 3 corresponding to 3, which is carried in the packet is replaced VLAN4 VLAN3.

步骤407:在上行方向上, 一个用户主机,比如用户主机l,将所接入的用户侧VLAN的标识即VLANl携带在报文1中发送至汇聚交换机。 Step 407: In the upstream direction, a host user, such as user L host, the access to the user-side VLAN carry the identifier that is sent to VLANl aggregation switches in a packet.

步骤408:在汇聚交换机中,收发处理单元在上行方向上接收到报文1 后,从ACL表项管理单元获取上行方向ACL表项。 Step 408: after aggregation switches, the reception processing unit receives a packet in the uplink direction, the uplink ACL entry acquired from the ACL entry management unit.

步骤409:收发处理单元确定报文1中携带的用户侧VLAN标识即VLANl符合上行方向ACL表项中的匹配规则。 Step 409: a transceiver packet processing unit 1 determines the user-side VLAN identifier carried in compliance VLANl i.e. uplink ACL rule matching table entry.

这里,由于上行方向ACL表项中的匹配规则为报文携带的VLAN标识为用户侧VLAN标识,即VLANl,或VLAN2,或VLAN3。 Here, since the matching rule uplink ACL entry for the packet VLAN identifier carried in the user-side VLAN ID, i.e. VLANl, or VLAN2, or VLAN3. 因此,在本步骤中,收发处理单元可确定报文1中携带的VLANl符合上行方向ACL表项中的匹配规则。 Thus, in this step, the reception processing unit may determine a message carried in the upstream direction VLANl meet the matching rules in the ACL entry.

步骤410:收发处理单元根据上行方向ACL表项中的匹配动作,即, 将报文携带的用户侧VLAN标识替换为网络侧VLAN标识,执行将报文1 中携带的VLANl替换为VLAN4。 Step 410: The uplink reception processing unit ACL entry matching operation, i.e., the packet carries a VLAN identifier replace the user-side network side VLAN ID, performs a packet carried VLANl replaced VLAN4.

步骤411:收发处理单元通过VLAN4将报文l发送至网关设备。 Step 411: a transceiver VLAN4 processing unit transmits the packet to the gateway device l.

对于其他用户主机,即用户主机2和用户主机3,在上行方向发送报文的过程与上述步骤407至步骤411过程的原理完全相同。 For other hosts, i.e. hosts hosts 3 and 2, the principle of the process of sending packets in the uplink direction of the process of step 407 to step 411 are identical.

步骤412:在下行方向上,当网关设备需要向一个用户主机,比如用户主机l,下发报文2时,网关设备将用户主机1的MAC地址即MAC1作为目的MAC地址携带在才良文2中,以及将网络侧VLAN的标识即VLAN4携 Step 412: In the downstream direction, when the gateway device needs to a user host, such as hosts L, the transmitters paper 2, the gateway device transmits user MAC address of host 1, i.e., MAC1 as destination MAC address carried in only Yoshibumi 2, and network-side VLAN identifier carried i.e. VLAN4

14带在报文2中,然后将报文2发送至汇聚交换机。 14 with the packet 2, and then transmits the message 2 to the aggregation switch.

步骤413:在汇聚交换机中,收发处理单元在下行方向上接收到报文2 步骤414:收发处理单元将报文2中携带的目的MAC地址和网络侧 Step 413: the convergence switch, transmission and reception processing unit receives the message 2 in step 414 in the downstream direction: a transceiver packet processing unit 2 carries the destination MAC address and the network

步骤415:收发处理单元在确定报文2中携带的目的MAC地址和网络侧VLAN标识与下行方向ACL表项1中的匹配规则相匹配时,根据下行方向ACL表项1中的匹配动作,将报文2中携带的VLAN4替换为VLAN1。 Step 415: when the reception processing unit determines packet 2 carries the destination MAC address and a network-side VLAN identifier and the downlink direction ACL entry 1 matching rule matches, according to the downlink direction of the matching operation ACL entry 1, the 2 packets carried VLAN4 replaced VLAN1.

这里,由于在针对用户主机l的下行方向ACL表项1中,匹配规则为: 报文目的MAC地址为MAC1,且报文携带的VLAN标识为网络侧VLAN 标识,即VLAN4。 Here, since in the downlink direction for the hosts 1 l ACL entry, the matching rule: the destination MAC address MACl, and the VLAN ID carried by the packet network side VLAN ID, i.e. VLAN4. 因此,收发处理单元根据报文2中携带的目的MAC地址为MAC1,携带的VLAN标识为VLAN4,可匹配到下行方向ACL表项1。 Thus, transmission and reception processing unit according to the destination MAC address carried in the packet is MACl 2, VLAN ID is carried in the VLAN4, it can be matched to a downstream direction ACL entry. 并且,根据下行方向ACL表项1中的匹配动作为将报文携带的VLAN4替换为VLAN1,执行将报文2中携带的VLAN4替换为VLAN1。 Further, according to a downlink ACL entry matching operation is carried in the packet is replaced with the VLAN1 VLAN4, performs packet 2 carries VLAN4 replaced VLAN1.

步骤416:收发处理单元通过VLAN1将报文2发送至用户主机1。 Step 416: a transceiver VLAN1 processing unit 2 transmits the packets to the hosts 1.

对于其他用户主机,即用户主机2和用户主机3,在下行方向发送报文的过程与上述步骤412至步骤416过程的原理完全相同。 For other hosts, i.e. hosts hosts 3 and 2, the principle of the process of sending packets in the downlink direction of the process of step 412 to step 416 are identical.

需要说明的是,上述图4中所述的各个步骤之间并无严格意义上的顺序要求,只是为了便于描述而拆分的不同步骤。 Incidentally, there is no strict sense of the sequence between the individual requirements of the above steps in FIG. 4, for convenience of description only and split the different steps. 比如,描述报文在上行方向传输过程的步骤407至步骤411与描述报文在下行方向传输过程的步骤412至步骤416之间没有固定的先后顺序等。 For example, in a step described uplink packet transmission process of step 411 and 407 to be described the sequence of packets is not fixed between the downlink direction transmission process step 412 to step 416 and the like.

在本发明中,利用汇聚交换机中的MAC地址管理单元和ACL表项管理单元还可以进一步实现对用户主机的动态管理,在通信过程中,当一个用户主机接入用户侧VLAN和退出用户侧VLAN时,通过MAC地址管理单元和ACL表项管理单元的配合可以实现动态的更新相关ACL表项,从而保证可利用聚合后的网络侧VLAN准确地完成报文传输。 In the present invention, the aggregation switch using the MAC address management unit and an ACL entry management unit may further implement dynamic management of hosts, in the communication process, when a subscriber host access to the user-side VLAN and the user VLAN exit when, can be dynamically updated ACL entry associated with the MAC address by an ACL entry management unit and management unit, to ensure the network-side VLAN available after completion of the polymerization packet transmission accurately. 具体而言,当用户主机,比如用户主机1接入用户侧VLAN1时,根据上述图4所示过程,本发明能够针对该接入的用户主机1建立相关的上行方向ACL表项和下行方 Specifically, if a host, such as a user when the user access the host computer 1 side of the VLAN1, according to the process shown in FIG. 4, the present invention can be a build of uplink and downlink side ACL entry for a user to access the host

向ACL表项;当该用户主机1退出用户侧VLAN1时,MAC地址管理单元可检测到该用户主机1断开与VLAN1的连接,因此,可以将携带MAC1 信息的MAC地址删除消息发送至ACL表项管理单元,ACL表项管理单元根据该MAC地址删除消息中携带的MAC1信息,删除包含MAC1信息的下行方向ACL表项l,对于上行方向ACL表项,可以将其匹配规则中关于VLAN1的信息删除,也可以不删除。 The ACL entry; when the user exits a host VLAN1 user side, the MAC address management unit may detect the connected and disconnected to hosts 1 VLAN1, and therefore, can carry the MAC address MAC1 information message to delete an ACL item management unit, ACL entry management unit deletes based on the MAC address MAC1 information carried in the message, delete the downlink direction ACL entry l contains MAC1 information for uplink ACL entry which matches the rules may be information regarding to VLAN1 delete, you can not delete.

总之,以上所述仅为本发明的较佳实施例而已,并非用于限定本发明的保护范围。 In summary, the above descriptions are merely preferred embodiments of the present invention but are not intended to limit the scope of the present invention. 凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。 Any modification within the spirit and principle of the present invention, made, equivalent substitutions, improvements, etc., should be included within the scope of the present invention.

1 1

Claims (10)

1、一种实现虚拟局域网聚合的方法,其特征在于,汇聚交换机建立上行方向访问控制列表ACL表项,设置上行方向ACL表项中的匹配规则和匹配动作记录多个用户侧虚拟局域网VLAN与一个网络侧VLAN的对应关系;在多个用户主机分别接入多个用户侧VLAN后,根据接入的多个用户侧VLAN的标识、一个网络侧VLAN标识以及每一个用户主机的MAC地址及其接入的VLAN标识,针对每一个用户主机建立一个下行方向ACL表项; 该方法还包括:汇聚交换机通过所述多个用户侧VLAN中的当前用户侧VLAN接收到用户主机发来的第一报文,根据所建立的上行方向ACL表项,通过所述网络侧VLAN将第一报文发送至网关设备; 汇聚交换机通过所述网络侧VLAN接收到第二报文,根据建立的下行方向ACL表项以及第二报文中携带的目的MAC地址,通过对应的用户侧VLAN将第二报文发送至对应的用户主机。 1. A method of polymerization to achieve virtual local area network, wherein the uplink convergence switch establishing the ACL entry, set the matching rules and the matching uplink ACL entry operation in a plurality of user-side recording with a virtual local area network VLAN corresponding relationship between the network-side VLAN; a plurality of hosts, respectively, after a plurality of user-side VLAN access, according to the identifier of the plurality of user access-side VLAN, MAC address, VLAN ID, and a network-side host and each user access by the VLAN identifier, establishing a downstream direction ACL entry for each user host; the method further comprising: the convergence switch receiving a user sent by the host through the first packet of the current user VLAN plurality of user-side VLAN. the uplink ACL entry created by the network-side VLAN packet to the first gateway device; convergence switch receiving the second packet through the network-side VLAN, according to the established downlink ACL entry and a second packet carries the destination MAC address, sends the packet to the corresponding second hosts through a corresponding user-side VLAN.
2、 根据权利要求1所述的方法,其特征在于,所述设置上行方向ACL表项中的匹配规则和匹配动作记录多个用户侧VLAN与一个网络侧VLAN的对应关系包括:设置该上行方向ACL表项中的匹配规则为报文携带的VLAN标识为所述多个用户侧VLAN标识中的任意一个,设置该上行方向ACL表项中的匹配动作为将报文携带的用户侧VLAN标识替换为所述网络侧VLAN的标识。 2. The method according to claim 1, wherein said setting the corresponding relationship between the rule and the matching operation of the matching uplink ACL entry records a plurality of user-side VLAN and the VLAN network side comprises: setting the uplink direction ACL rules table entry in any of the plurality of user-side VLAN identifier in a set operation of the matching uplink ACL entry for the packet is a VLAN identifier carried in the packet is carried in the user-side VLAN ID replacement the network side VLAN identification.
3、 根据权利要求2所述的方法,其特征在于,所述汇聚交换机根据所建立的上行方向ACL表项通过所述网络侧VLAN将第一报文发送至网关设备的步骤包括:汇聚交换机确定第一报文中携带的当前用户侧VLAN的标识符合上行方向ACL表项中的匹配规则,根据上行方向ACL表项中的匹配动作,将第一报文携带的当前用户侧的VLAN标识替换为所述网络侧VLAN的标识,然后通过所述网络侧VLAN将第一报文发送至网关设备。 3. The method according to claim 2, wherein said aggregation step switch according to the established uplink ACL entry by the network-side VLAN packet to the first gateway device comprising: a convergence switch determines Alternatively the VLAN identifier of the first user-side current packet carries a VLAN ID that meets the user-side matching rules in the ACL entry in the uplink direction, according to the uplink ACL entry matching operation, the first packet is carried the network-side VLAN identifier, then the network side a first VLAN packet to the gateway device.
4、 根据权利要求l、 2或3所述的方法,其特征在于,所述针对每一个用户主机建立一个下行方向ACL表项的步骤包括:汇聚交换机针对每一个用户主机建立一个相对应的下行方向ACL表项,设置每一个下行方向ACL表项中的匹配规则为报文目的MAC地址为对应用户主机的MAC地址,且报文携带的VLAN标识为网络侧VLAN标识;设置每一个下行方向ACL表项中的匹配动作为将报文携带的网络侧VLAN标识替换为该下行方向ACL表项所对应用户 4, according to claim l, 2 or 3, wherein for each user said step of establishing a downlink direction host ACL entry comprises: an aggregation switch for each user to establish a corresponding downlink host direction ACL entry, set matching rules each downlink direction ACL entry for the destination MAC address is the MAC address corresponding to the hosts, and the packet carries a VLAN identifier for the network-side VLAN identifier; provided each downlink direction ACL match action table entry corresponding to the replacement ACL entry for downlink user packets carried by the network-side VLAN identifier
5、 根据权利要求4所述的方法,其特征在于,所述汇聚交换机通过对应的用户侧VLAN将第二报文发送至对应用户主机的步骤包括:汇聚交换机确定第二报文中携带的网络侧VLAN标识和目的MAC地址符合一个下行方向ACL表项中的匹配规则,根据该符合的下行方向ACL表项中的匹配动作,将第二净艮文携带的网络侧VLAN的标识替换为对应用户侧VLAN的标识,然后通过所述对应的用户侧VLAN将第二报文发送至对应的用户主机。 5. The method as claimed in claim 4, wherein said step of converging the second packet switch sends the user to the corresponding host through corresponding user-side VLAN comprises: determining a second aggregation switch network packet carries side VLAN ID and the destination MAC address complies with a matching rule ACL entry in the downlink direction, the downlink direction based on the ACL entry matching the matching operation, the second net Gen packet carries a VLAN identifier of the network side corresponding to the user to replace the side VLAN identifier, and then transmits a second packet to the host through the corresponding user corresponding to the user-side VLAN.
6、 根据权利要求5所述的方法,其特征在于,该方法进一步包括:汇聚交换机在检测到一个用户主机退出其接入的用户侧VLAN,根据该退出的用户主机的MAC地址,删除包含该退出的用户主机MAC地址的下行方向ACL表项。 6. The method as claimed in claim 5, characterized in that, the method further comprising: the user VLAN aggregation switches its access to exit in a user host is detected, the MAC address of the user exit in the host, including the deleted downlink user host MAC address ACL entry to exit.
7、 一种汇聚交换机,其特征在于,该汇聚交换机包括:人机交互单元,将管理人员输入的多个用户侧VLAN标识和一个网络侧VLAN标识发送至ACL表项管理单元;MAC地址管理单元,在检测到各个用户主机接入时,将各个用户主机的MAC地址及其接入的各个用户侧VLAN标识发送至ACL表项管理单元;ACL表项管理单元,根据接收到的多个用户侧VLAN标识和一个网络侧VLAN标识建立上行方向ACL表项,设置上行方向ACL表项中的匹配规则和匹配动作记录多个用户侧VLAN与一个网络侧VLAN的对应关系,在多个用户主机分别接入多个用户侧VLAN后,根据接入的多个用户侧VLAN的标识、一个网络侧VLAN标识以及每一个用户主机的MAC地址及其接入的VLAN标识,针对每一个用户主机建立一个下行方向ACL表项;收发处理单元,接收用户主机通过当前用户侧VLAN发来的第一^t文,从网络侧VLAN将第一 7 A convergence switch, wherein, the aggregation switch comprises: interactive means transmits a plurality of user-side VLAN identifier and a network manager to the input side of the ACL entry VLAN identifier management unit; the MAC address management unit , upon detection of the respective user access the host, the host transmits the MAC address of each user and each user-side access to the ACL entry VLAN ID management unit; ACL entry management unit, according to the received plurality of user-side VLAN identifier and a network-side VLAN identifier established in the uplink direction ACL entry, the matching correspondence relation matching rules and actions provided uplink ACL entry records a plurality of user-side VLAN and the VLAN network side, a plurality of hosts each connected after the plurality of user-side VLAN, according to the identifier of the plurality of user access-side VLAN, the VLAN identifier and a network side for each user MAC address and host access VLAN identifier, establishing a downlink for each user host ACL entry; reception processing unit which receives the user sent by the host side by the current user text ^ t a first VLAN, VLAN from the network side of the first 文发送至网关设备;接收网关设备通过网络侧VLAN发向ACL表项以及第二报文中携带的目的MAC地址,通过对应的用户侧VLAN 将第二报文发送至对应的用户主机。 Sending to the gateway device; sent to the gateway device receives the ACL entry and a destination MAC address carried in the second message through the network-side VLAN, assign the second transmission packet to the host through the corresponding user corresponding user-side VLAN.
8、 根据权利要求7所述的汇聚交换机,其特征在于,所述ACL表项管理单元,设置上行方向ACL表项中的匹配规则为报文携带的VLAN标识为所接收到用户侧VLAN标识中的任意一个,设置上行方向ACL表项中的匹配动作为将报文携带的用户侧VLAN标识替换为所述网络侧VLAN的标识;所述收发处理单元,在接收到第一报文时,从ACL表项管理单元中获取上行方向ACL表项,在确定第一报文中携带的当前用户侧VLAN标识符合上行方向ACL表项中的匹配规则后,根据上行方向ACL表项中的匹配动作,将第一才艮文携带的当前用户侧的VLAN标识替换为网络侧VLAN的标识,然后通过网络侧VLAN将第一报文发送至网关设备。 8, according to claim matching rule uplink ACL entry for the packet is a VLAN identifier carried in the received user VLAN identifier in the aggregation switches in claim 7, wherein the ACL entry management unit is provided any of a set matching operation uplink ACL entry for the packets carried in the user-side VLAN identifier is replaced with the VLAN identifier of the network side; the reception processing unit, upon receiving the first message, from after the ACL entry management unit acquires uplink ACL entries carried in this message to determine a first VLAN ID that meets the user-side matching rules in the ACL entry in the uplink direction, the uplink according to the matching operation in the ACL entry, Gen packet carries only the first current VLAN identifier identifying the user side replacing the VLAN network side, the network side and the first VLAN packet to the gateway device.
9、 根据权利要求7或8所述的汇聚交换机,其特征在于,所述ACL表项管理单元,才艮据接收到的多个用户侧VLAN标识、 一个网络侧VLAN标识和各个用户主机的MAC地址及其接入的用户侧VLAN标识,针对每一个用户主机建立一个相对应的下行方向ACL表项,设置每一个下行方向ACL表项中的匹配规则为报文目的MAC地址为对应用户主机的MAC地址,且报文携带的VLAN标识为网络侧VLAN标识;设置每一个下行方向ACL表项中的匹配动作为将报文携带的网络侧VLAN标识替换为该下行方向ACL表项所对应用户主机接入的用户侧VLAN标识;所述收发处理单元,在接收到第二报文时,从ACL表项管理单元中获取各个下行方向ACL表项,在确定第二报文中携带的网络侧VLAN标识和目的MAC地址符合一个下行方向ACL表项中的匹配规则后,根据该符合的下行方向ACL表项中的匹配动作,将第二报文携带的 9, the convergence switch according to claim 7 or 8, wherein the ACL entry management unit, according to a plurality of user-side only Gen received VLAN ID, a network-side VLAN ID and MAC respective hosts and the access address of the user-side VLAN identifier, establishing a downstream direction corresponding to the host for each user ACL entry, each provided downstream direction ACL rule table entry matches the destination MAC address for the corresponding hosts MAC address and the VLAN identifier carried in the packet network side VLAN identifier; matching operation is provided in each downlink direction ACL entry for the packet network side VLAN identifier carried in the replacement ACL entry for the corresponding downlink user host access user-side VLAN ID; the reception processing unit, when receiving the second packet, respective downlink direction acquired from the ACL entry in the ACL entry management section, in determining the second packet carries a VLAN network after identification and a destination MAC address matches the downstream direction of ACL entry matching rule, the matching entries based on the operation direction matches the ACL table downlink, the second packet carries the 网络侧VLAN的标识替换为对应用户侧VLAN的标识,然后通过所述对应的用户侧VLAN将第二报文发送至对应的用户主才几。 The network-side VLAN identifier corresponding to the user-side replace the VLAN identifier, and then transmits through the user-side VLAN corresponding to the second message corresponding to the primary user only a few.
10、根据权利要求9所述的汇聚交换机,其特征在于,所述MAC地址管理单元,进一步用于在检测到一个用户主机退出其接入的用户侧VLAN时,将ACL表项管理单元,根据接收到的MAC地址删除消息中携带的MAC地址,删除包含该MAC地址的下行方向ACL表项。 10, the convergence switch according to claim 9, wherein the MAC address management unit is further configured to detect when a user access the host out of its user-side VLAN, assign ACL entry management unit, according to received MAC address remove the MAC address carried in the message, delete the downstream direction comprising ACL entry of the MAC address.
CN 200610099458 2006-07-20 2006-07-20 Method for realizing virtual LAN aggregation and aggregation exchanger CN100586088C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 200610099458 CN100586088C (en) 2006-07-20 2006-07-20 Method for realizing virtual LAN aggregation and aggregation exchanger

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 200610099458 CN100586088C (en) 2006-07-20 2006-07-20 Method for realizing virtual LAN aggregation and aggregation exchanger

Publications (2)

Publication Number Publication Date
CN1878112A CN1878112A (en) 2006-12-13
CN100586088C true CN100586088C (en) 2010-01-27

Family

ID=37510415

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 200610099458 CN100586088C (en) 2006-07-20 2006-07-20 Method for realizing virtual LAN aggregation and aggregation exchanger

Country Status (1)

Country Link
CN (1) CN100586088C (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100512194C (en) 2006-12-25 2009-07-08 华为技术有限公司 Sending and receiving method and system for link aggregation method, device and MAC frame
CN100544302C (en) 2007-01-15 2009-09-23 杭州华三通信技术有限公司 Aggregation method for two layer multicast virtual local area network and its convergent exchanger
CN100583801C (en) 2007-11-30 2010-01-20 华为技术有限公司 A method, system and switching device for dynamically establishing multicast virtual LAN
CN101325531B (en) * 2008-07-26 2012-05-23 中兴通讯股份有限公司 Forwarding method and system for virtual LAN
US8665886B2 (en) * 2009-03-26 2014-03-04 Brocade Communications Systems, Inc. Redundant host connection in a routed network
CN102546414B (en) * 2012-01-06 2015-04-22 北京星网锐捷网络技术有限公司 Message forwarding method, device and system
CN105379210B (en) 2014-02-21 2019-02-01 华为技术有限公司 A kind of data flow processing method and device
CN107332812A (en) * 2016-04-29 2017-11-07 新华三技术有限公司 Implementation method and device for controlling network access

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1426199A (en) 2001-12-13 2003-06-25 华为技术有限公司 Method for managing users in wide hand city network
EP1328088A2 (en) 2002-01-15 2003-07-16 XchangePoint Holdings Ltd Virtual local area network interconnection and router interface
CN1555162A (en) 2003-12-24 2004-12-15 中兴通讯股份有限公司 Control device and method for realizing broad band connecting server multiple business united interface
CN1561038A (en) 2004-03-09 2005-01-05 港湾网络有限公司 Method of collecting insertion of multiple IP voice insertion equipment
CN1701563A (en) 2002-09-09 2005-11-23 西门子公司 Wireless local area network with clients having extended freedom of movement

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1426199A (en) 2001-12-13 2003-06-25 华为技术有限公司 Method for managing users in wide hand city network
EP1328088A2 (en) 2002-01-15 2003-07-16 XchangePoint Holdings Ltd Virtual local area network interconnection and router interface
CN1701563A (en) 2002-09-09 2005-11-23 西门子公司 Wireless local area network with clients having extended freedom of movement
CN1555162A (en) 2003-12-24 2004-12-15 中兴通讯股份有限公司 Control device and method for realizing broad band connecting server multiple business united interface
CN1561038A (en) 2004-03-09 2005-01-05 港湾网络有限公司 Method of collecting insertion of multiple IP voice insertion equipment

Also Published As

Publication number Publication date
CN1878112A (en) 2006-12-13

Similar Documents

Publication Publication Date Title
US6934754B2 (en) Methods and apparatus for processing network data transmissions
CN101827009B (en) Routing frames in a trill network using service vlan identifiers
JP5874726B2 (en) A communication control system, the control server, forwarding node, a communication control method and a communication control program
CN1823546B (en) Method and apparatus for forwarding packets in an Ethernet passive optical network
CN102594711B (en) Message forwarding method and edge device therefor
EP1826957B1 (en) Dynamic building of VLAN interfaces based on subscriber information
CN103259727B (en) OSPF packets forwarding method and apparatus
US8565235B2 (en) System and method for providing transparent LAN services
CN101399749B (en) Method, system and device for packet filtering
US7869432B1 (en) Peer-to-peer link aggregation across a service provider network
CN100490420C (en) Packet transfer apparatus
CN102857416B (en) A method for implementing virtual networks, and virtual network controller
CN100583773C (en) Method and device for controlling data link layer elements with network layer elements
CN101047583B (en) It supports virtual local area network service passive optical network system and corresponding method
EP0861544B1 (en) Method for establishing restricted broadcast groups in a switched network
JP4898812B2 (en) Ethernet (registered trademark) promotion of differentiated quality of service in a passive optical network
CN102148749B (en) Method and device for extending switch port
US7808994B1 (en) Forwarding traffic to VLAN interfaces built based on subscriber information strings
CN1194508C (en) Multicasting message transmission method base on two-layer exchange device
CN104350467A (en) Elastic enforcement layer for cloud security using SDN
CN1533108A (en) Method for realizing dynamic gateway load sharing and backup
CN1265580C (en) Identification and business management method for network user
US8121126B1 (en) Layer two (L2) network access node having data plane MPLS
CN101645880A (en) Method and device for forwarding data frame based on line bundle
CN101022394B (en) Method for realizing virtual local network aggregating and converging exchanger

Legal Events

Date Code Title Description
C06 Publication
C10 Entry into substantive examination
C14 Grant of patent or utility model
CP03