CN101197760B - User grouping intercommunication/isolation device in virtual special network service - Google Patents
User grouping intercommunication/isolation device in virtual special network service Download PDFInfo
- Publication number
- CN101197760B CN101197760B CN2006101618632A CN200610161863A CN101197760B CN 101197760 B CN101197760 B CN 101197760B CN 2006101618632 A CN2006101618632 A CN 2006101618632A CN 200610161863 A CN200610161863 A CN 200610161863A CN 101197760 B CN101197760 B CN 101197760B
- Authority
- CN
- China
- Prior art keywords
- vlan
- message
- intercommunication
- mac address
- broadcasting
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000002955 isolation Methods 0.000 title claims abstract description 14
- 238000012217 deletion Methods 0.000 claims abstract description 8
- 230000037430 deletion Effects 0.000 claims abstract description 8
- 125000006850 spacer group Chemical group 0.000 claims description 17
- 230000000875 corresponding effect Effects 0.000 claims description 7
- 238000012545 processing Methods 0.000 claims description 4
- 230000002596 correlated effect Effects 0.000 claims description 3
- 101100059544 Arabidopsis thaliana CDC5 gene Proteins 0.000 description 14
- 101150115300 MAC1 gene Proteins 0.000 description 14
- 238000000034 method Methods 0.000 description 10
- 102100034336 Acyl-coenzyme A synthetase ACSM1, mitochondrial Human genes 0.000 description 7
- 101100244969 Arabidopsis thaliana PRL1 gene Proteins 0.000 description 7
- 102100039558 Galectin-3 Human genes 0.000 description 7
- 101000780198 Homo sapiens Acyl-coenzyme A synthetase ACSM1, mitochondrial Proteins 0.000 description 7
- 101100454448 Homo sapiens LGALS3 gene Proteins 0.000 description 7
- 101150051246 MAC2 gene Proteins 0.000 description 7
- 230000008569 process Effects 0.000 description 6
- 230000008901 benefit Effects 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000005192 partition Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 230000015572 biosynthetic process Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 238000012797 qualification Methods 0.000 description 1
- 230000008929 regeneration Effects 0.000 description 1
- 238000011069 regeneration method Methods 0.000 description 1
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention discloses a user grouping intercommunication/isolation device in the virtual private network service which comprises: a VLAN intercommunication command configuration module used to analyze a VLAN intercommunication configuration command and a VLAN intercommunication deletion command which are configurated by the user; a MAC address learning and FIB management module which is connected to the VLAN intercommunication command configuration module, is used to copy the transfer entry of a MAC address in a VLAN to other VLANs intercommunicated with the VLAN, writes the transfer entry into a FIB for message transfer; and a message transfer module which is connected to the MAC address learning and FIB management module, is used to broadcast the message to other VLANs intercommunicated with the VLAN according to the intercommunication state of the VLAN, and replaces the VLAN of the message according to the transfer entry when the related single-cast message is processed and then transfers the message.
Description
Technical field
The present invention relates to based on multi-protocol label switching network (Multi Protocol LabelSwitch, abbreviation MPLS) L 2 virtual private network (the Layer 2 Virtual PrivateNetwork of technology, abbreviation L2VPN) VPN service (the Virtual Private LANService in, be called for short VPLS) technology, more specifically, relate to the device of realizing intercommunication/isolation between the middle user grouping of VPLS VPN (Virtual Private Network is called for short VPN).
Background technology
Local area network (LAN) (the Local Area Network that VPLS is virtual for the user provides, be called for short LAN) service, can allow all clients where no matter be positioned at physically by the VPLS technology, all seem and be within the LAN, enjoy facility and benefit that LAN brought.Use VLAN to carry out user's isolation and access control for the fail safe that strengthens network in traditional LAN, it makes and can't exchange visits between 2 layers of VLAN by cutting apart a plurality of broadcast domains, avoids some potential potential safety hazards.
In VPLS VPN, the getatability information of data message relies on the learning functionality of the physical address (being MAC Address) of data plane to obtain.As data message from a pseudo-line (Pseudo Wire, be called for short PW) go up when arriving, if source MAC be unknown MAC Address (promptly, in transmitting, search forwarding entry) less than correspondence, need so this MAC Address and this PW are connected, when have data message to this MAC next time, just can send like this from this PW, same, as data message from a local connecting circuit (Attachment Circuits, be called for short AC) go up when arriving, also to connect the source MAC of this message and this AC, when the data message to this MAC is arranged next time just from this AC transmission.These all MAC Address and the mapping relations between PW or the AC are saved in and have just formed forwarding information table (Forwarding Information Base is called for short FIB) together.
In VPLS, the mode of learning of MAC Address has two kinds, and a kind of is qualified (sub conditione) mode, and another is unqualified (unconditionally) mode.In the unqualified mode, all VLAN share a broadcast domain and a MAC Address space, and the MAC Address of the user between the different VLAN can not be overlapping, can not realize the isolation between the different VLAN; In the qualified mode, the user among the same VPLS VPN must be among the same VLAN, does not allow a VPLS VPN that a plurality of VLAN are arranged, and this moment, the object of study no longer only was MAC, but VLAN tag+MAC.
As can be seen, in the qualified mode of learning, user among VPLS VPN can only be among the VLAN, the effect of performance VLAN that can't be real, equally, in the unqualified mode of learning, though a plurality of VLAN can be among the same VPLSVPN, VPLS VPN but can't distinguish these VLAN.
Therefore, in existing VPLS VPN, can't utilize VLAN to realize user's grouping and isolation, more can't realize not on the same group between user's intercommunication.
Summary of the invention
The device of intercommunication/isolations between the user grouping is provided to provide in a kind of VPN service main purpose of the present invention, its can utilize VLAN realize the isolation of user grouping, while can realize not on the same group between user's intercommunication.
User grouping intercommunication/spacer assembly according to the present invention comprises: VLAN intercommunication command configuration module is used to resolve user configured VLAN intercommunication configuration order and VLAN intercommunication delete command; MAC address learning and FIB administration module, be connected to VLAN intercommunication command configuration module, can handle message, be used for forwarding entry with the MAC Address of VLAN and copy among other VLAN with the VLAN intercommunication, and forwarding entry write be used for message among the FIB and transmit from a plurality of VLAN; And packet forwarding module, be connected to institute's MAC address learning and FIB administration module, can handle message from a plurality of VLAN, be used for message being had the VLAN broadcasting of interoperation relationships to other, and when unicast message is correlated with in processing, transmit again behind the VLAN according to forwarding entry replacement message according to VLAN intercommunication situation.
Wherein, VLAN intercommunication command configuration module is used for that user's configuration order is resolved the back and generates VLAN interoperation relationships table, and the interoperation relationships table is handed down to MAC address learning and the FIB administration module is used for follow-up MAC address learning.
In addition, technical scheme provided by the invention is carried out MAC address learning under the sub conditione mode, among the VPLS VPN a plurality of VLAN are arranged, between two VLAN therein under the situation of not intercommunication, between two VLAN identical MAC can be arranged, under the situation of intercommunication between two VLAN, can not have identical MAC between two VLAN.
MAC address learning and FIB administration module are searched VLAN interoperation relationships table as required in the study MAC Address, VLAN and other VLAN in the MAC Address of learning have under the situation of interoperation relationships, MAC Address is duplicated generate new forwarding entry among the VLAN of interoperation relationships, behind new forwarding entry, add the source vlan mark, be issued to packet forwarding module then and be used to transmit data message.Wherein, when packet forwarding module receives the unicast message of known purpose MAC, be under the situation of local AC at outgoing interface, if there is not the source vlan mark in the forwarding entry that finds, then E-Packet from outgoing interface; If have the source vlan mark in the forwarding entry that finds, then at first the VLAN in the message is replaced with source vlan corresponding in the forwarding entry, the local interface from correspondence E-Packets then.
It should be noted that, VLAN intercommunication command configuration module is used to resolve user's VLAN intercommunication configuration delete command, the user is specified the VLAN interoperation relationships of deletion from VLAN interoperation relationships table, delete, notify MAC address learning and FIB administration module to delete this VLAN interoperation relationships simultaneously, and the forwarding entry that is copied into based on the VLAN interoperation relationships in the deletion fib table.
As for packet forwarding module, the broadcasting packet that packet forwarding module will receive from local AC to identical local VPN member and all PW broadcasting of VLAN the broadcasting packet; The broadcasting packet that will receive from far-end PW to identical local VPN member and the spoke PW broadcasting of VLAN the broadcasting packet; The unicast message of the unknown MAC Address that will receive from local AC to identical local VPN member and all PW broadcasting of VLAN the unicast message; The unicast message of the unknown target MAC (Media Access Control) address that will receive from far-end PW to identical local VPN member and the spokePW broadcasting of VLAN the unicast message.Wherein, the VLAN in the message is not replaced during broadcasting,,, and the VLAN in the message is replaced to during broadcasting the VLAN of interoperation relationships further to the VLAN broadcasting that interoperation relationships is arranged if the VLAN under the message has interoperation relationships with local other VLAN.
By technique scheme, the present invention can bring the advantage of the vlan technology among traditional LAN into play in VPLS VPN, makes that the function of VPLS VPN is abundant and easy-to-use more.Particularly, realized by the present invention: allow the user to be among a plurality of different VLAN in (1) VPLS VPN, the user under the default conditions between each VLAN isolates, and has realized that by VLAN user's grouping is isolated.(2) just can realize the intercommunication of user between different VLAN by easy configuration, can implement access control policy more flexibly.
Description of drawings
Accompanying drawing described herein is used to provide further understanding of the present invention, constitutes the application's a part, and illustrative examples of the present invention and explanation thereof are used to explain the present invention, do not constitute improper qualification of the present invention.In the accompanying drawings:
Fig. 1 is the structured flowchart according to user grouping intercommunication/spacer assembly of the present invention; And
Fig. 2 is the networking diagram that divides into groups and isolate arbitrarily according to VPLS user of the present invention.
Embodiment
Describe the present invention below with reference to the accompanying drawings in detail.
At first, the embodiment of the invention provides a kind of grouping user intercommunication/spacer assembly.
As shown in Figure 1, this device comprises: VLAN intercommunication command configuration module 102 is used to resolve user configured VLAN intercommunication configuration order and VLAN intercommunication delete command; MAC address learning and FIB administration module 104, be connected to VLAN intercommunication command configuration module 102, can handle message from a plurality of VLAN, be used for forwarding entry with the MAC Address of VLAN and copy among other VLAN with the VLAN intercommunication, and forwarding entry write be used for message among the FIB and transmit; And packet forwarding module 106, be connected to MAC address learning and FIB administration module 104, can handle message from a plurality of VLAN, be used for message being had the VLAN broadcasting of interoperation relationships to other, and when unicast message is correlated with in processing, transmit again behind the VLAN according to forwarding entry replacement message according to VLAN intercommunication situation.
Under network environment as shown in Figure 2, the function that grouping user intercommunication/spacer assembly of the present invention will be realized is as follows: the user among (1) VLAN1, VLAN2, the VLAN3 between different VLAN isolates mutually; (2) VLAN1, VLAN2, VLAN3 respectively can with the VLAN4 intercommunication.
In order to realize that VLAN1, VLAN2, VLAN3 are respectively and the intercommunication between the VLAN4, need be at each operator's equipment (Provider Equipment, abbreviation PE) configuration VLAN1 and VLAN4 intercommunication in the VPLS on, VLAN2 and VLAN4 intercommunication and VLAN3 and VLAN4 intercommunication.
Wherein, VLAN intercommunication command configuration module 102 is resolved the back with user's configuration order and is generated VLAN interoperation relationships table, and the interoperation relationships table is handed down to MAC address learning and FIB administration module 104 is used for follow-up MAC address learning.Therefore, VLAN intercommunication command configuration module 102 is handled these order backs and is generated formation VLAN intercommunication list item, is designated as: VLAN1:VLAN4; VLAN2:VLAN4; VLAN3:VLAN4.Simultaneously, VLAN intercommunication command configuration module 102 is handed down to MAC address learning and FIB administration module 104 with these list items after generating these VLAN intercommunication list items.
MAC address learning and FIB administration module 104 are searched VLAN interoperation relationships table as required in the study MAC Address, VLAN and other VLAN in the MAC Address of learning have under the situation of interoperation relationships, MAC Address is duplicated generate new forwarding entry among the VLAN of interoperation relationships, behind new forwarding entry, add the source vlan mark, be issued to packet forwarding module 106 then and be used to transmit data message.When packet forwarding module 106 receives the unicast message of known purpose MAC, be under the situation of local AC at outgoing interface, if there is not the source vlan mark in the forwarding entry that finds, then E-Packet from outgoing interface; If have edge VLAN mark in the forwarding entry that finds, then at first the VLAN in the message is replaced with source vlan corresponding in the forwarding entry, the local interface from correspondence E-Packets then.
Wherein, the VLAN intercommunication command configuration module 102 of VLAN intercommunication configuration delete command that is used for resolving the user at the VLAN interoperation relationships of the user being specified deletion when VLAN interoperation relationships table is deleted, notify MAC address learning and FIB administration module 104 these VLAN interoperation relationships of deletion simultaneously, and the forwarding entry that is copied into based on the VLAN interoperation relationships in the deletion fib table.
As for packet forwarding module 106, its broadcasting packet that will receive from local AC to identical local VPN member and all PW broadcasting of VLAN the broadcasting packet; The broadcasting packet that will receive from far-end PW to identical local VPN member and the spoke PW broadcasting of VLAN the broadcasting packet; The unicast message of the unknown MAC Address that will receive from local AC to identical local VPN member and all PW broadcasting of VLAN the unicast message; The unicast message of the unknown target MAC (Media Access Control) address that will receive from far-end PW to identical local VPN member and the spoke PW broadcasting of VLAN the unicast message.Especially, the VLAN in the message is not replaced during broadcasting,,, and the VLAN in the message is replaced to during broadcasting the VLAN of interoperation relationships further to the VLAN broadcasting that interoperation relationships is arranged if the VLAN under the message has interoperation relationships with local other VLAN.
In addition, embodiments of the invention also provide a kind of user grouping interoperability methods, use is according to the user grouping intercommunication/spacer assembly of the embodiment of the invention, be used for realizing the user grouping intercommunication of VPN service, wherein, MAC address learning and FIB administration module 104 are needing to copy forwarding-table item between the VLAN of intercommunication, and packet forwarding module 106 is optionally handled the VLAN in the message according to the destination that message sends when carrying out the message forwarding.
Particularly, MAC address learning and FIB administration module 104 copy the MAC Address among the VLAN to the forwarding-table item that has the source vlan mark of the information that generates among the VLAN with its intercommunication.For the message repeating process, if message is mail to far-end by PW when carrying out the message forwarding, then packet forwarding module 106 is not handled the VLAN in the message, have the source vlan mark to exist if message is addressed in local AC and the corresponding forwarding entry, then packet forwarding module 106 is transmitted after the VLAN in the message is replaced to source vlan again.For the broadcasting packet that receives, in the AC of native vlan broadcasting, also to the local AC broadcasting that belongs to other VLAN of native vlan intercommunication.
Like this, can guarantee that user between the different VLAN of interoperation relationships can learn MAC Address mutually and message can be by correct forwarding between the different VLAN of intercommunication.
Embodiments of the invention also provide a kind of user grouping partition method, use is according to the user grouping intercommunication/spacer assembly of the embodiment of the invention, be used for realizing the user grouping isolation of VPN service, wherein, MAC address learning and FIB administration module 104 on send up the message MAC address learning time, learn as keyword with MAC+VLAN tag; Packet forwarding module 106 carry out message when transmitting with the purpose MAC+VLAN tag of message as the keyword search fib table.
So just be equivalent to the fib table of a VPLS VPN has been divided into a plurality of sublists according to different VLAN again.Do not disposing under the situation of VLAN intercommunications by VLAN intercommunication command configuration module 102, the MAC Address of each VLAN all is in the middle of the different sublists, thereby the data message that mails to certain purpose MAC of different VLAN is transmitted the purpose MAC that failure can not be forwarded to different VLAN owing to not matching of VLAN field causes searching, so just realized the isolation between different VLAN.
Describe user grouping intercommunication/partition method hereinafter with reference to Fig. 2 in conjunction with example, realize the concrete operations example of user grouping intercommunication/isolation by means of the user grouping intercommunication/spacer assembly of the embodiment of the invention by the embodiment of the invention.
Example 1
Realize the intercommunication (is the example explanation with the intercommunication that realizes Client2 and Server1) between last two the different VLAN of different PE.
At first describe arp request and MAC address learning process: Client2 and need visit Server1, at first Client2 sends the arp broadcasting packet, the pairing forwarding-table item of source MAC+VLAN of this message not during packet forwarding module 106 is found to transmit on PE2, just MAC address learning and FIB administration module 104 will be given on source MAC in this message and the information such as VLAN and incoming interface, MAC address learning and FIB administration module 104 are 1 according to the information learning that send on the packet forwarding module 106 to the outgoing interface of VLAN1+MAC2 correspondence, the forwarding entry that generates is designated as VLAN1+MAC2---and 1, and then search VLAN interoperation relationships table, find and have VLAN interoperation relationships VLAN1:VLAN4, be designated as VLAN4+MAC2 with regard to new forwarding entry of regeneration---1:VLAN1, this forwarding entry has the source vlan mark, and MAC address learning and FIB administration module 104 are handed down to packet forwarding module 106 with two forwarding entrys after finishing study.
At this moment, the relevant relevant entry of transmitting among the FIB on the PE2 is: VLAN1+MAC2---1; VLAN4+MAC2---1:VLAN1.
Packet forwarding module 106 on the PE2 finds that with about giving the purpose MAC that reexamines this message behind MAC address learning and the FIB administration module 104 on the forwarding information that needs study this MAC is a broadcasting MAC, handles so this message is done broadcasting.This arp message is broadcast to PE1 by PW1, packet forwarding module 106 on the PE1 is equally with the source MAC and the VLAN of this message and go into MAC address learning and the FIB administration module of giving on the information such as PW on the PE1 104, MAC address learning and FIB administration module 104 carry out MAC address learning, the outlet of at first learning the VLAN1+MAC2 correspondence is PW1, owing to there is VLAN interoperation relationships VLAN1:VLAN4, so other forwarding entry VLAN4+MAC2 of regeneration, corresponding outlet is PW1, give this forwarding entry VLAN1 that marks simultaneously, MAC address learning and FIB administration module 104 are learnt two forwarding entry VLAN1+MAC2---PW1, VLAN4+MAC2---PW1:VLAN1, and these two forwarding entrys are handed down to packet forwarding module 106.
At this moment, relevantly among the FIB on the PE1 transmit relevant entry and be: VLAN1+MAC2---PW1; VLAN4+MAC2---PW1:VLAN1.
Packet forwarding module 106 on the PE2 send the back to check the purpose MAC of this message on finishing, same this MAC that finds is a broadcasting MAC, then message is broadcasted processing, owing between VLAN4 and the VLAN1 interoperation relationships is arranged, can receive this broadcasting packet so be in the Server1 of VLAN4 kind, but VLAN3 and VLAN1 do not have interoperation relationships, so Client1 can not receive this broadcasting packet.Server1 finds oneself should respond this arp message after receiving this message, so just sending a destination address is MAC2, source address MACS1, VLAN is labeled as the message of VLAN4, this message carries out MAC address learning by MAC address learning on PE1 and FIB administration module 104 after arriving PE1 equally, at first learn VLAN4+MACS1---2, because VLAN interoperation relationships VLAN1:VLAN4 is arranged, so generate an other forwarding entry VLAN1+MACS1---2:VLAN4 again automatically, MAC address learning and FIB administration module 104 are handed down to packet forwarding module 106 with two forwarding entrys after finishing study.Packet forwarding module 106 is that VLAN4+MAC2 is that keyword search is transmitted according to the source MAC and the VLAN of message, finds forwarding entry VLAN4+MAC2---PW1:VLAN1, and message is forwarded from PW1.
At this moment, the FIB on the PE1 transmits and has increased by two list items, changes into: VLAN1+MAC2---PW1; VLAN4+MAC2---PW1:VLAN1; VLAN4+MACS1---2; VLAN1+MACS1---2:VLAN4.
MAC address learning and FIB administration module 104 behind this arp answer message arrival PE2 on the PE2 carry out MAC address learning equally, learn VLAN4+MACS1---PW1, same owing to there is VLAN interoperation relationships VLAN1:VLAN4, generate an other forwarding entry VLAN4+MACS1---PW1:VLAN1; Packet forwarding module 106 on the PE2 is searched to transmit according to VLAN4+MAC2 and is found corresponding forwarding entry VLAN4+MAC2---1:VLAN1, VLAN with this message replaces with VLAN1 indicated in the forwarding entry then, is transmitted to Client2 from exporting 1 at last.Client2 has finished the process of an arp request, has also all learnt the forwarding information of the MAC Address of Client2 and Server on each PE.
At this moment, the FIB on the PE2 transmits clauses and subclauses and is: VLAN1+MAC2---and 1; VLAN4+MAC2---1:VLAN1; VLAN4+MACS1---PW1; VLAN1+MACS1---PW1:VLAN4.
Afterwards, to carry out the data message forwarding process: after finishing the arp request, the formal interaction data message of beginning between Client2 and the Server1, on the Client2 when Server1 sends datagram the purpose MAC of message be MACS1, VLAN is VLAN1, packet forwarding module 106 when this message arrives PE2 on the PE2 is searched fib table, with MACS1+VLAN1 is that forwarding entry VLAN1+MACS1---PW1:VLAN4 is arrived in keyword search, then data message is forwarded to PE1 from PW1, receive behind this message packet forwarding module 106 on the PE1 and search FIB with MACS1+VLAN1, find forwarding entry VLAN1+MACS1---2:VLAN4, VLAN in this data message is replaced with VLAN4, be forwarded to Server1 from 2 mouthfuls then.What Server1 walked when Client2 sends message is same flow process.
Example 2
Realize the isolation (being isolated into example explanation) between the different VLAN on the different PE to realize Client2 and Client1.
Client2 attempts to visit Client1, at first send the arp request message, the VLAN that carries in the message is VLAN1, this message is a broadcasting packet, so can be broadcast to PE1 by PW1, for this message of PE1 is the broadcasting packet of receiving from PW, so the packet forwarding module 106 on the PE1 has the native vlan of interoperation relationships to broadcast to the local VPN member identical with VLAN in the message with this VLAN this message, local no VLAN1 member, have only VLAN4 and VLAN1 that interoperation relationships is arranged, so this message can be broadcast among the VLAN4, promptly have only Server1 can receive this message, Client1 can not receive this message, and Client1 can't reply this arp request, so the arp of Client2 asks failure, can't with the Client1 literary composition of transmitting messages mutually.
On the contrary, Client1 attempts to visit Client2, the message that carries in the arp request broadcasting packet is VLAN3, when this message arrives PE2 for PE2 this message be the broadcasting packet of receiving from PW, so the packet forwarding module 106 on the PE2 has the native vlan of interoperation relationships to broadcast to the local VPN member identical with VLAN in the message with this VLAN this message, there is VLAN3 member this locality, there is not to have the member of interoperation relationships with VLAN1, so this message only can be broadcast among the VLAN3, so have only Client3 can receive this arp request message, and Client2 can't receive this arp request message, so the arp of Client1 asks failure, can't with the Client1 literary composition of transmitting messages mutually.
Example 3
Realize the isolation (being isolated into example explanation) between the different VLAN on the identical PE to realize Client2 and Client3's.
The arp request message of Client2 arrives PE2, for PE2, this message is the broadcasting packet of receiving from local AC, the local member of VPN and all PW with local member of the VPN of VLAN and the VLAN that interoperation relationships is arranged broadcasts packet forwarding module 106 on the PE2 to this locality with this message, the local member who except Client2, does not have other VLAN1, there is not to have the VLAN4 member of interoperation relationships with VLAN1 yet, so Client3 can't receive this arp request message, the arp request failure of Client2 can't continue to send message to Client3.By the same token, the arp of Client3 request also can be failed, and can't continue to send message to Client2.
Example 4
Realize the intercommunication (intercommunication with realization Client1 and Client3 is that example illustrates) between the identical VLAN on the different PE.
Client1 sends arp request broadcasting packet, the VLAN that this message carries when arriving PE1 is VLAN3, the source MAC that packet forwarding module 106 on the PE12 at first is checked through this message is unknown MAC, MAC address learning and FIB administration module 104 will be given then on the relevant information, carry out MAC address learning by MAC address learning and FIB administration module 104, learn forwarding entry MAC1+VLAN3---1, because there are interoperation relationships in VLAN3 and VLAN4, therefore other forwarding entry: the MAC1+VLAN4 of meeting regeneration---1:VLAN3 is handed down to packet forwarding module 106 with these two forwarding entrys then.
Finish the message relevant information on send packet forwarding module 106 pairs of these messages in back to do broadcasting to handle, be broadcast to PE2 by this message of PW1, carry out MAC address learning equally after receiving this message on the PE2,---PW1 and MAC1+VLAN4---PW1:VLAN3 that learns forwarding entry MAC1+VLAN3, packet forwarding module on the PE2 106 is broadcasted to native vlan this message with the VLAN that interoperation relationships is arranged afterwards, there is the member Client3 that is both VLAN3 this locality, but there is not to have the member of the VLAN4 of interoperation relationships with VLAN3, so have only Client3 can receive this broadcasting packet on the PE2, Client3 replys this arp request then, the source MAC that replys message is MAC3, purpose MAC is MAC1, VLAN is VLAN3, same MAC address learning and FIB administration module 104 carry out MAC address learning with regard to the relevant information of this message behind this message arrival PE2, by increasing by two forwarding entry: MAC3+VLAN3 among the FIB on the study PE2---and 2, MAC3+VLAN4---2:VLAN3; Packet forwarding module on the PE2 106 finds relative transferring item MAC1+VLAN3---PW1 according to MAC1+VLAN3 afterwards, so this message is sent to PE1 by PW1 according to forwarding entry, MAC address learning and FIB administration module 104 behind the arrival PE1 on the PE1 carry out MAC address learning equally, learn two forwarding entry: MAC3+VLAN3---PW1, MAC3+VLAN4---PW1:VLAN3, next find forwarding entry MAC1+VLAN3 according to MAC1+VLAN3---1, by 1 interface this message is transmitted to Client1, so far Client1 has finished the process of an arp request, all learnt the forwarding entry of Clien1 and Client3 on PE1 and the PE2 accordingly, forwarding Client1 that next just can be correct and the message between the Client3.
Example 5
Realize the intercommunication (intercommunication with realization Client4 and Client5 is that example illustrates) between the identical VLAN on the identical PE.
Clilent4 attempts to visit Client5, sends the arp request message, and last MAC address learning of PE3 and FIB administration module 104 at first carry out MAC address learning to this message behind this message arrival PE3, learn two forwarding entry: MAC4+VLAN2---and 1; MAC4+VLAN4---1:VLAN2.
This message is broadcast on the member and all PW of local identical VLAN by packet forwarding module 106 then, Client5 has received this arp request message, replys this arp request then, and the destination address of the message of answer is MAC4, source address is MAC5, and VLAN is VLAN2.This message carries out MAC address learning after arriving PE3 equally, learns two forwarding entry: MAC5+VLAN2---and 2; MAC5+VLAN4---2:VLAN2.
Then, packet forwarding module 106 finds forwarding entry according to MAC4+VLAN2: MAC4+VLAN2---and 1, then this message is sent to Client4 from outgoing interface 1, Client4 finishes the arp request, learn the forwarding entry of Client4 and Client5 on the PE3, forwarding Client5 that just can be correct and the message between the Client4.
Example 6
Realize the intercommunication (intercommunication with realization Client1 and Server1 is that example illustrates) between the identical VLAN on the identical PE.
Clilent1 attempts to visit Server1, sends the arp request message, and after this message arrived PE1, last MAC address learning of PE1 and FIB administration module 104 at first carried out MAC address learning to this message, learn two forwarding entry: MAC1+VLAN3---and 1; MAC1+VLAN4---1:VLAN3.
Then, this message is broadcast on the member and all PW of local identical VLAN by packet forwarding module 106, because VLAN3 and VLAN4 have interoperation relationships, so Server1 can receive this arp request message, reply this arp request then, the destination address of the message of replying is MACS1, and source address is MAC1, and VLAN is VLAN4.This message carries out MAC address learning after arriving PE3 equally, learns two forwarding entry: MACS1+VLAN4---and 2; MACS1+VLAN3---2:VLAN4.
Afterwards, packet forwarding module 106 finds forwarding entry according to MAC1+VLAN4: MAC1+VLAN4---1:VLAN3, because outlet is for having the source vlan mark in local AC and the forwarding-table item, so being replaced to VLAN3, the VLAN4 of message then this message is sent to Client1 from outgoing interface 1, Client1 finishes the arp request, learn the forwarding entry of Client1 and Server1 on the PE1, forwarding Client1 that just can be correct and the message between the Server1.
The above is the preferred embodiments of the present invention only, is not limited to the present invention, and for a person skilled in the art, the present invention can have various changes and variation.Within the spirit and principles in the present invention all, any modification of being done, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (9)
1. a user grouping intercommunication/spacer assembly is used for making the user grouping intercommunication/isolation of VPN service, it is characterized in that, comprising:
VLAN intercommunication command configuration module is used to resolve user configured VLAN intercommunication configuration order and VLAN intercommunication delete command;
MAC address learning and FIB administration module, be connected to described VLAN intercommunication command configuration module, can handle message from a plurality of VLAN, be used for forwarding entry with the MAC Address of VLAN and copy among other VLAN with described VLAN intercommunication, and described forwarding entry write be used for message among the FIB and transmit; And
Packet forwarding module, be connected to described MAC address learning and FIB administration module, can handle message from a plurality of VLAN, be used for message being had the VLAN broadcasting of interoperation relationships to other, and when unicast message is correlated with in processing, transmit again behind the VLAN according to forwarding entry replacement message according to VLAN intercommunication situation.
2. user grouping intercommunication/spacer assembly according to claim 1, it is characterized in that, described VLAN intercommunication command configuration module is used for that user's configuration order is resolved the back and generates VLAN interoperation relationships table, and described interoperation relationships table is handed down to described MAC address learning and the FIB administration module is used for follow-up MAC address learning.
3. user grouping intercommunication/spacer assembly according to claim 1, it is characterized in that, under the sub conditione mode, carry out MAC address learning, among the VPLS VPN a plurality of VLAN are arranged, between two VLAN therein under the situation of not intercommunication, between described two VLAN identical MAC can be arranged, under the situation of intercommunication between two VLAN, can not have identical MAC between described two VLAN.
4. user grouping intercommunication/spacer assembly according to claim 3, it is characterized in that, described MAC address learning and FIB administration module are searched VLAN interoperation relationships table as required in the study MAC Address, VLAN and other VLAN in the MAC Address of learning have under the situation of interoperation relationships, described MAC Address is duplicated generate new forwarding entry among the VLAN of interoperation relationships, behind described new forwarding entry, add the source vlan mark, be issued to described packet forwarding module then and be used to transmit data message.
5. user grouping intercommunication/spacer assembly according to claim 4, it is characterized in that, when described packet forwarding module receives the unicast message of known purpose MAC, at outgoing interface is under the situation of local AC, if there is not the source vlan mark in the forwarding entry that finds, then transmit described message from outgoing interface; If have the source vlan mark in the forwarding entry that finds, then at first the VLAN in the described message is replaced with source vlan corresponding in the forwarding entry, transmit described message from the local interface of correspondence then.
6. according to each described user grouping intercommunication/spacer assembly in the claim 1 to 5, it is characterized in that, described VLAN intercommunication command configuration module is used to resolve user's VLAN intercommunication configuration delete command, the user is specified the VLAN interoperation relationships of deletion from VLAN interoperation relationships table, delete, notify described MAC address learning and FIB administration module to delete this VLAN interoperation relationships simultaneously, and the forwarding entry that is copied into based on described VLAN interoperation relationships in the deletion fib table.
7. user grouping intercommunication/spacer assembly according to claim 1 is characterized in that, the broadcasting packet that described packet forwarding module will receive from local AC to identical local VPN member and all PW broadcasting of VLAN the described broadcasting packet; The broadcasting packet that will receive from far-end PW to identical local VPN member and the spoke PW broadcasting of VLAN the described broadcasting packet; The unicast message of the unknown MAC Address that will receive from local AC to identical local VPN member and all PW broadcasting of VLAN the described unicast message; The unicast message of the unknown target MAC (Media Access Control) address that will receive from far-end PW to identical local VPN member and the spoke PW broadcasting of VLAN the described unicast message.
8. user grouping intercommunication/spacer assembly according to claim 7, it is characterized in that, the VLAN in the message is not replaced during broadcasting, if the VLAN under the message and local other VLAN have interoperation relationships, further to the VLAN broadcasting that interoperation relationships is arranged, and the VLAN in the message is replaced to the described VLAN that interoperation relationships is arranged during broadcasting.
9. user grouping intercommunication/spacer assembly according to claim 7, it is characterized in that, in described packet forwarding module, when the PW broadcasting packet, message was duplicated many parts from last broadcasting initial stage of PW, the VLAN of the corresponding intercommunication of the VLAN in each message according to interoperation relationships.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2006101618632A CN101197760B (en) | 2006-12-05 | 2006-12-05 | User grouping intercommunication/isolation device in virtual special network service |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2006101618632A CN101197760B (en) | 2006-12-05 | 2006-12-05 | User grouping intercommunication/isolation device in virtual special network service |
Publications (2)
Publication Number | Publication Date |
---|---|
CN101197760A CN101197760A (en) | 2008-06-11 |
CN101197760B true CN101197760B (en) | 2010-09-29 |
Family
ID=39547918
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2006101618632A Expired - Fee Related CN101197760B (en) | 2006-12-05 | 2006-12-05 | User grouping intercommunication/isolation device in virtual special network service |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN101197760B (en) |
Families Citing this family (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102098202B (en) * | 2009-12-11 | 2013-08-07 | 华为技术有限公司 | Virtual private topology control method, device and system |
CN102195852B (en) * | 2010-03-09 | 2014-08-13 | 杭州华三通信技术有限公司 | Method and BEB (Backbone Edge Bridge) equipment for realizing user leased-line connection in PBB (Provider Backbone Bridge) network |
CN102655468B (en) * | 2011-03-02 | 2016-12-28 | 中兴通讯股份有限公司 | A kind of method and system realizing privately owned VPLS |
CN102255785B (en) * | 2011-08-11 | 2014-05-07 | 杭州华三通信技术有限公司 | Network isolation method in VPLS (Virtual Private Lan Service) and device thereof |
CN104601418B (en) * | 2014-12-02 | 2017-11-21 | 重庆尊贤科技有限公司 | Multiple lower multi-internet integration Transmission systems in the vlan of a family one bindings authentication mechanism outlet |
CN105591988B (en) * | 2015-09-24 | 2019-03-15 | 新华三技术有限公司 | A kind of synchronous method and device of MAC Address |
CN112311737A (en) * | 2019-07-31 | 2021-02-02 | 中兴通讯股份有限公司 | Flow isolation method, device and equipment and storage medium |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1652542A (en) * | 2004-02-07 | 2005-08-10 | 华为技术有限公司 | Method for implement virtual leased line |
CN1759572A (en) * | 2003-06-20 | 2006-04-12 | 中兴通讯股份有限公司 | A kind of method that realizes that Ethernet service safety is isolated |
EP1705840A1 (en) * | 2004-01-16 | 2006-09-27 | Nippon Telegraph and Telephone Corporation | User mac frame transfer method, edge transfer device, and program |
CN1863089A (en) * | 2006-04-17 | 2006-11-15 | 华为技术有限公司 | Method for configurating slave node of virtual LAN |
-
2006
- 2006-12-05 CN CN2006101618632A patent/CN101197760B/en not_active Expired - Fee Related
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1759572A (en) * | 2003-06-20 | 2006-04-12 | 中兴通讯股份有限公司 | A kind of method that realizes that Ethernet service safety is isolated |
EP1705840A1 (en) * | 2004-01-16 | 2006-09-27 | Nippon Telegraph and Telephone Corporation | User mac frame transfer method, edge transfer device, and program |
CN1652542A (en) * | 2004-02-07 | 2005-08-10 | 华为技术有限公司 | Method for implement virtual leased line |
CN1863089A (en) * | 2006-04-17 | 2006-11-15 | 华为技术有限公司 | Method for configurating slave node of virtual LAN |
Also Published As
Publication number | Publication date |
---|---|
CN101197760A (en) | 2008-06-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3211839B1 (en) | Split-horizon packet forwarding in a mh-pbb-evpn network | |
CN103139037B (en) | For realizing the method and apparatus of VLAN flexibly | |
CN104135420B (en) | A kind of method, equipment and the system of message forwarding | |
CN101848129B (en) | Network system, core switch, edge switch and data relay method | |
CN103227843B (en) | A kind of physical link address management method and device | |
CN103795636B (en) | Multicast processing method, device and system | |
CN101765827B (en) | Overlay transport virtualization | |
EP2600573B1 (en) | Method for transmitting addresses correspondence relationship in second-layer protocol using link status routing | |
CN101197760B (en) | User grouping intercommunication/isolation device in virtual special network service | |
CN102801625B (en) | A kind of method of heterogeneous network double layer intercommunication and equipment | |
CN101808042B (en) | Access method and device of multiprotocol label switching double-layer virtual private network | |
CN102413060B (en) | User private line communication method and equipment used in VPLS (Virtual Private LAN (Local Area Network) Service) network | |
CN102668463A (en) | Method for the provision of gateway anycast virtual mac reachability in extended subnets | |
AU2003286511A1 (en) | Modified spanning tree protocol for metropolitan area network | |
CN101110745A (en) | Method, device and system for engaging second layer network and third layer network | |
CN101616014A (en) | A kind of method that realizes cross-virtual private local area network multicast | |
CN102932499A (en) | Method and device for learning media access control (MAC) addresses in virtual private lan service (VPLS) networks | |
CN102185778A (en) | Method and device for transmitting data based on VLL (Virtual Lease Line) | |
WO2008046359A1 (en) | Method and apparatus for isolating the different virtual local area network services | |
CN101552727A (en) | Method of transmitting and receiving message and a provider edge router | |
CN103326918A (en) | Message forwarding method and message forwarding equipment | |
CN100559772C (en) | Mixed virtual private network system and backbone network edge apparatus and collocation method thereof | |
CN101621477A (en) | Method and device for one-to-many port mirror image | |
CN102064999B (en) | Method and equipment for forwarding multicast message | |
CN101197762A (en) | User grouping intercommunication/isolation method and device in virtual special network service |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20100929 |
|
CF01 | Termination of patent right due to non-payment of annual fee |