CN101197760B - User grouping intercommunication/isolation device in virtual special network service - Google Patents

User grouping intercommunication/isolation device in virtual special network service Download PDF

Info

Publication number
CN101197760B
CN101197760B CN2006101618632A CN200610161863A CN101197760B CN 101197760 B CN101197760 B CN 101197760B CN 2006101618632 A CN2006101618632 A CN 2006101618632A CN 200610161863 A CN200610161863 A CN 200610161863A CN 101197760 B CN101197760 B CN 101197760B
Authority
CN
China
Prior art keywords
vlan
message
intercommunication
mac address
broadcasting
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN2006101618632A
Other languages
Chinese (zh)
Other versions
CN101197760A (en
Inventor
冯军
刘克波
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN2006101618632A priority Critical patent/CN101197760B/en
Publication of CN101197760A publication Critical patent/CN101197760A/en
Application granted granted Critical
Publication of CN101197760B publication Critical patent/CN101197760B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)

Abstract

The invention discloses a user grouping intercommunication/isolation device in the virtual private network service which comprises: a VLAN intercommunication command configuration module used to analyze a VLAN intercommunication configuration command and a VLAN intercommunication deletion command which are configurated by the user; a MAC address learning and FIB management module which is connected to the VLAN intercommunication command configuration module, is used to copy the transfer entry of a MAC address in a VLAN to other VLANs intercommunicated with the VLAN, writes the transfer entry into a FIB for message transfer; and a message transfer module which is connected to the MAC address learning and FIB management module, is used to broadcast the message to other VLANs intercommunicated with the VLAN according to the intercommunication state of the VLAN, and replaces the VLAN of the message according to the transfer entry when the related single-cast message is processed and then transfers the message.

Description

User grouping intercommunication/spacer assembly in the VPN service
Technical field
The present invention relates to based on multi-protocol label switching network (Multi Protocol LabelSwitch, abbreviation MPLS) L 2 virtual private network (the Layer 2 Virtual PrivateNetwork of technology, abbreviation L2VPN) VPN service (the Virtual Private LANService in, be called for short VPLS) technology, more specifically, relate to the device of realizing intercommunication/isolation between the middle user grouping of VPLS VPN (Virtual Private Network is called for short VPN).
Background technology
Local area network (LAN) (the Local Area Network that VPLS is virtual for the user provides, be called for short LAN) service, can allow all clients where no matter be positioned at physically by the VPLS technology, all seem and be within the LAN, enjoy facility and benefit that LAN brought.Use VLAN to carry out user's isolation and access control for the fail safe that strengthens network in traditional LAN, it makes and can't exchange visits between 2 layers of VLAN by cutting apart a plurality of broadcast domains, avoids some potential potential safety hazards.
In VPLS VPN, the getatability information of data message relies on the learning functionality of the physical address (being MAC Address) of data plane to obtain.As data message from a pseudo-line (Pseudo Wire, be called for short PW) go up when arriving, if source MAC be unknown MAC Address (promptly, in transmitting, search forwarding entry) less than correspondence, need so this MAC Address and this PW are connected, when have data message to this MAC next time, just can send like this from this PW, same, as data message from a local connecting circuit (Attachment Circuits, be called for short AC) go up when arriving, also to connect the source MAC of this message and this AC, when the data message to this MAC is arranged next time just from this AC transmission.These all MAC Address and the mapping relations between PW or the AC are saved in and have just formed forwarding information table (Forwarding Information Base is called for short FIB) together.
In VPLS, the mode of learning of MAC Address has two kinds, and a kind of is qualified (sub conditione) mode, and another is unqualified (unconditionally) mode.In the unqualified mode, all VLAN share a broadcast domain and a MAC Address space, and the MAC Address of the user between the different VLAN can not be overlapping, can not realize the isolation between the different VLAN; In the qualified mode, the user among the same VPLS VPN must be among the same VLAN, does not allow a VPLS VPN that a plurality of VLAN are arranged, and this moment, the object of study no longer only was MAC, but VLAN tag+MAC.
As can be seen, in the qualified mode of learning, user among VPLS VPN can only be among the VLAN, the effect of performance VLAN that can't be real, equally, in the unqualified mode of learning, though a plurality of VLAN can be among the same VPLSVPN, VPLS VPN but can't distinguish these VLAN.
Therefore, in existing VPLS VPN, can't utilize VLAN to realize user's grouping and isolation, more can't realize not on the same group between user's intercommunication.
Summary of the invention
The device of intercommunication/isolations between the user grouping is provided to provide in a kind of VPN service main purpose of the present invention, its can utilize VLAN realize the isolation of user grouping, while can realize not on the same group between user's intercommunication.
User grouping intercommunication/spacer assembly according to the present invention comprises: VLAN intercommunication command configuration module is used to resolve user configured VLAN intercommunication configuration order and VLAN intercommunication delete command; MAC address learning and FIB administration module, be connected to VLAN intercommunication command configuration module, can handle message, be used for forwarding entry with the MAC Address of VLAN and copy among other VLAN with the VLAN intercommunication, and forwarding entry write be used for message among the FIB and transmit from a plurality of VLAN; And packet forwarding module, be connected to institute's MAC address learning and FIB administration module, can handle message from a plurality of VLAN, be used for message being had the VLAN broadcasting of interoperation relationships to other, and when unicast message is correlated with in processing, transmit again behind the VLAN according to forwarding entry replacement message according to VLAN intercommunication situation.
Wherein, VLAN intercommunication command configuration module is used for that user's configuration order is resolved the back and generates VLAN interoperation relationships table, and the interoperation relationships table is handed down to MAC address learning and the FIB administration module is used for follow-up MAC address learning.
In addition, technical scheme provided by the invention is carried out MAC address learning under the sub conditione mode, among the VPLS VPN a plurality of VLAN are arranged, between two VLAN therein under the situation of not intercommunication, between two VLAN identical MAC can be arranged, under the situation of intercommunication between two VLAN, can not have identical MAC between two VLAN.
MAC address learning and FIB administration module are searched VLAN interoperation relationships table as required in the study MAC Address, VLAN and other VLAN in the MAC Address of learning have under the situation of interoperation relationships, MAC Address is duplicated generate new forwarding entry among the VLAN of interoperation relationships, behind new forwarding entry, add the source vlan mark, be issued to packet forwarding module then and be used to transmit data message.Wherein, when packet forwarding module receives the unicast message of known purpose MAC, be under the situation of local AC at outgoing interface, if there is not the source vlan mark in the forwarding entry that finds, then E-Packet from outgoing interface; If have the source vlan mark in the forwarding entry that finds, then at first the VLAN in the message is replaced with source vlan corresponding in the forwarding entry, the local interface from correspondence E-Packets then.
It should be noted that, VLAN intercommunication command configuration module is used to resolve user's VLAN intercommunication configuration delete command, the user is specified the VLAN interoperation relationships of deletion from VLAN interoperation relationships table, delete, notify MAC address learning and FIB administration module to delete this VLAN interoperation relationships simultaneously, and the forwarding entry that is copied into based on the VLAN interoperation relationships in the deletion fib table.
As for packet forwarding module, the broadcasting packet that packet forwarding module will receive from local AC to identical local VPN member and all PW broadcasting of VLAN the broadcasting packet; The broadcasting packet that will receive from far-end PW to identical local VPN member and the spoke PW broadcasting of VLAN the broadcasting packet; The unicast message of the unknown MAC Address that will receive from local AC to identical local VPN member and all PW broadcasting of VLAN the unicast message; The unicast message of the unknown target MAC (Media Access Control) address that will receive from far-end PW to identical local VPN member and the spokePW broadcasting of VLAN the unicast message.Wherein, the VLAN in the message is not replaced during broadcasting,,, and the VLAN in the message is replaced to during broadcasting the VLAN of interoperation relationships further to the VLAN broadcasting that interoperation relationships is arranged if the VLAN under the message has interoperation relationships with local other VLAN.
By technique scheme, the present invention can bring the advantage of the vlan technology among traditional LAN into play in VPLS VPN, makes that the function of VPLS VPN is abundant and easy-to-use more.Particularly, realized by the present invention: allow the user to be among a plurality of different VLAN in (1) VPLS VPN, the user under the default conditions between each VLAN isolates, and has realized that by VLAN user's grouping is isolated.(2) just can realize the intercommunication of user between different VLAN by easy configuration, can implement access control policy more flexibly.
Description of drawings
Accompanying drawing described herein is used to provide further understanding of the present invention, constitutes the application's a part, and illustrative examples of the present invention and explanation thereof are used to explain the present invention, do not constitute improper qualification of the present invention.In the accompanying drawings:
Fig. 1 is the structured flowchart according to user grouping intercommunication/spacer assembly of the present invention; And
Fig. 2 is the networking diagram that divides into groups and isolate arbitrarily according to VPLS user of the present invention.
Embodiment
Describe the present invention below with reference to the accompanying drawings in detail.
At first, the embodiment of the invention provides a kind of grouping user intercommunication/spacer assembly.
As shown in Figure 1, this device comprises: VLAN intercommunication command configuration module 102 is used to resolve user configured VLAN intercommunication configuration order and VLAN intercommunication delete command; MAC address learning and FIB administration module 104, be connected to VLAN intercommunication command configuration module 102, can handle message from a plurality of VLAN, be used for forwarding entry with the MAC Address of VLAN and copy among other VLAN with the VLAN intercommunication, and forwarding entry write be used for message among the FIB and transmit; And packet forwarding module 106, be connected to MAC address learning and FIB administration module 104, can handle message from a plurality of VLAN, be used for message being had the VLAN broadcasting of interoperation relationships to other, and when unicast message is correlated with in processing, transmit again behind the VLAN according to forwarding entry replacement message according to VLAN intercommunication situation.
Under network environment as shown in Figure 2, the function that grouping user intercommunication/spacer assembly of the present invention will be realized is as follows: the user among (1) VLAN1, VLAN2, the VLAN3 between different VLAN isolates mutually; (2) VLAN1, VLAN2, VLAN3 respectively can with the VLAN4 intercommunication.
In order to realize that VLAN1, VLAN2, VLAN3 are respectively and the intercommunication between the VLAN4, need be at each operator's equipment (Provider Equipment, abbreviation PE) configuration VLAN1 and VLAN4 intercommunication in the VPLS on, VLAN2 and VLAN4 intercommunication and VLAN3 and VLAN4 intercommunication.
Wherein, VLAN intercommunication command configuration module 102 is resolved the back with user's configuration order and is generated VLAN interoperation relationships table, and the interoperation relationships table is handed down to MAC address learning and FIB administration module 104 is used for follow-up MAC address learning.Therefore, VLAN intercommunication command configuration module 102 is handled these order backs and is generated formation VLAN intercommunication list item, is designated as: VLAN1:VLAN4; VLAN2:VLAN4; VLAN3:VLAN4.Simultaneously, VLAN intercommunication command configuration module 102 is handed down to MAC address learning and FIB administration module 104 with these list items after generating these VLAN intercommunication list items.
MAC address learning and FIB administration module 104 are searched VLAN interoperation relationships table as required in the study MAC Address, VLAN and other VLAN in the MAC Address of learning have under the situation of interoperation relationships, MAC Address is duplicated generate new forwarding entry among the VLAN of interoperation relationships, behind new forwarding entry, add the source vlan mark, be issued to packet forwarding module 106 then and be used to transmit data message.When packet forwarding module 106 receives the unicast message of known purpose MAC, be under the situation of local AC at outgoing interface, if there is not the source vlan mark in the forwarding entry that finds, then E-Packet from outgoing interface; If have edge VLAN mark in the forwarding entry that finds, then at first the VLAN in the message is replaced with source vlan corresponding in the forwarding entry, the local interface from correspondence E-Packets then.
Wherein, the VLAN intercommunication command configuration module 102 of VLAN intercommunication configuration delete command that is used for resolving the user at the VLAN interoperation relationships of the user being specified deletion when VLAN interoperation relationships table is deleted, notify MAC address learning and FIB administration module 104 these VLAN interoperation relationships of deletion simultaneously, and the forwarding entry that is copied into based on the VLAN interoperation relationships in the deletion fib table.
As for packet forwarding module 106, its broadcasting packet that will receive from local AC to identical local VPN member and all PW broadcasting of VLAN the broadcasting packet; The broadcasting packet that will receive from far-end PW to identical local VPN member and the spoke PW broadcasting of VLAN the broadcasting packet; The unicast message of the unknown MAC Address that will receive from local AC to identical local VPN member and all PW broadcasting of VLAN the unicast message; The unicast message of the unknown target MAC (Media Access Control) address that will receive from far-end PW to identical local VPN member and the spoke PW broadcasting of VLAN the unicast message.Especially, the VLAN in the message is not replaced during broadcasting,,, and the VLAN in the message is replaced to during broadcasting the VLAN of interoperation relationships further to the VLAN broadcasting that interoperation relationships is arranged if the VLAN under the message has interoperation relationships with local other VLAN.
In addition, embodiments of the invention also provide a kind of user grouping interoperability methods, use is according to the user grouping intercommunication/spacer assembly of the embodiment of the invention, be used for realizing the user grouping intercommunication of VPN service, wherein, MAC address learning and FIB administration module 104 are needing to copy forwarding-table item between the VLAN of intercommunication, and packet forwarding module 106 is optionally handled the VLAN in the message according to the destination that message sends when carrying out the message forwarding.
Particularly, MAC address learning and FIB administration module 104 copy the MAC Address among the VLAN to the forwarding-table item that has the source vlan mark of the information that generates among the VLAN with its intercommunication.For the message repeating process, if message is mail to far-end by PW when carrying out the message forwarding, then packet forwarding module 106 is not handled the VLAN in the message, have the source vlan mark to exist if message is addressed in local AC and the corresponding forwarding entry, then packet forwarding module 106 is transmitted after the VLAN in the message is replaced to source vlan again.For the broadcasting packet that receives, in the AC of native vlan broadcasting, also to the local AC broadcasting that belongs to other VLAN of native vlan intercommunication.
Like this, can guarantee that user between the different VLAN of interoperation relationships can learn MAC Address mutually and message can be by correct forwarding between the different VLAN of intercommunication.
Embodiments of the invention also provide a kind of user grouping partition method, use is according to the user grouping intercommunication/spacer assembly of the embodiment of the invention, be used for realizing the user grouping isolation of VPN service, wherein, MAC address learning and FIB administration module 104 on send up the message MAC address learning time, learn as keyword with MAC+VLAN tag; Packet forwarding module 106 carry out message when transmitting with the purpose MAC+VLAN tag of message as the keyword search fib table.
So just be equivalent to the fib table of a VPLS VPN has been divided into a plurality of sublists according to different VLAN again.Do not disposing under the situation of VLAN intercommunications by VLAN intercommunication command configuration module 102, the MAC Address of each VLAN all is in the middle of the different sublists, thereby the data message that mails to certain purpose MAC of different VLAN is transmitted the purpose MAC that failure can not be forwarded to different VLAN owing to not matching of VLAN field causes searching, so just realized the isolation between different VLAN.
Describe user grouping intercommunication/partition method hereinafter with reference to Fig. 2 in conjunction with example, realize the concrete operations example of user grouping intercommunication/isolation by means of the user grouping intercommunication/spacer assembly of the embodiment of the invention by the embodiment of the invention.
Example 1
Realize the intercommunication (is the example explanation with the intercommunication that realizes Client2 and Server1) between last two the different VLAN of different PE.
At first describe arp request and MAC address learning process: Client2 and need visit Server1, at first Client2 sends the arp broadcasting packet, the pairing forwarding-table item of source MAC+VLAN of this message not during packet forwarding module 106 is found to transmit on PE2, just MAC address learning and FIB administration module 104 will be given on source MAC in this message and the information such as VLAN and incoming interface, MAC address learning and FIB administration module 104 are 1 according to the information learning that send on the packet forwarding module 106 to the outgoing interface of VLAN1+MAC2 correspondence, the forwarding entry that generates is designated as VLAN1+MAC2---and 1, and then search VLAN interoperation relationships table, find and have VLAN interoperation relationships VLAN1:VLAN4, be designated as VLAN4+MAC2 with regard to new forwarding entry of regeneration---1:VLAN1, this forwarding entry has the source vlan mark, and MAC address learning and FIB administration module 104 are handed down to packet forwarding module 106 with two forwarding entrys after finishing study.
At this moment, the relevant relevant entry of transmitting among the FIB on the PE2 is: VLAN1+MAC2---1; VLAN4+MAC2---1:VLAN1.
Packet forwarding module 106 on the PE2 finds that with about giving the purpose MAC that reexamines this message behind MAC address learning and the FIB administration module 104 on the forwarding information that needs study this MAC is a broadcasting MAC, handles so this message is done broadcasting.This arp message is broadcast to PE1 by PW1, packet forwarding module 106 on the PE1 is equally with the source MAC and the VLAN of this message and go into MAC address learning and the FIB administration module of giving on the information such as PW on the PE1 104, MAC address learning and FIB administration module 104 carry out MAC address learning, the outlet of at first learning the VLAN1+MAC2 correspondence is PW1, owing to there is VLAN interoperation relationships VLAN1:VLAN4, so other forwarding entry VLAN4+MAC2 of regeneration, corresponding outlet is PW1, give this forwarding entry VLAN1 that marks simultaneously, MAC address learning and FIB administration module 104 are learnt two forwarding entry VLAN1+MAC2---PW1, VLAN4+MAC2---PW1:VLAN1, and these two forwarding entrys are handed down to packet forwarding module 106.
At this moment, relevantly among the FIB on the PE1 transmit relevant entry and be: VLAN1+MAC2---PW1; VLAN4+MAC2---PW1:VLAN1.
Packet forwarding module 106 on the PE2 send the back to check the purpose MAC of this message on finishing, same this MAC that finds is a broadcasting MAC, then message is broadcasted processing, owing between VLAN4 and the VLAN1 interoperation relationships is arranged, can receive this broadcasting packet so be in the Server1 of VLAN4 kind, but VLAN3 and VLAN1 do not have interoperation relationships, so Client1 can not receive this broadcasting packet.Server1 finds oneself should respond this arp message after receiving this message, so just sending a destination address is MAC2, source address MACS1, VLAN is labeled as the message of VLAN4, this message carries out MAC address learning by MAC address learning on PE1 and FIB administration module 104 after arriving PE1 equally, at first learn VLAN4+MACS1---2, because VLAN interoperation relationships VLAN1:VLAN4 is arranged, so generate an other forwarding entry VLAN1+MACS1---2:VLAN4 again automatically, MAC address learning and FIB administration module 104 are handed down to packet forwarding module 106 with two forwarding entrys after finishing study.Packet forwarding module 106 is that VLAN4+MAC2 is that keyword search is transmitted according to the source MAC and the VLAN of message, finds forwarding entry VLAN4+MAC2---PW1:VLAN1, and message is forwarded from PW1.
At this moment, the FIB on the PE1 transmits and has increased by two list items, changes into: VLAN1+MAC2---PW1; VLAN4+MAC2---PW1:VLAN1; VLAN4+MACS1---2; VLAN1+MACS1---2:VLAN4.
MAC address learning and FIB administration module 104 behind this arp answer message arrival PE2 on the PE2 carry out MAC address learning equally, learn VLAN4+MACS1---PW1, same owing to there is VLAN interoperation relationships VLAN1:VLAN4, generate an other forwarding entry VLAN4+MACS1---PW1:VLAN1; Packet forwarding module 106 on the PE2 is searched to transmit according to VLAN4+MAC2 and is found corresponding forwarding entry VLAN4+MAC2---1:VLAN1, VLAN with this message replaces with VLAN1 indicated in the forwarding entry then, is transmitted to Client2 from exporting 1 at last.Client2 has finished the process of an arp request, has also all learnt the forwarding information of the MAC Address of Client2 and Server on each PE.
At this moment, the FIB on the PE2 transmits clauses and subclauses and is: VLAN1+MAC2---and 1; VLAN4+MAC2---1:VLAN1; VLAN4+MACS1---PW1; VLAN1+MACS1---PW1:VLAN4.
Afterwards, to carry out the data message forwarding process: after finishing the arp request, the formal interaction data message of beginning between Client2 and the Server1, on the Client2 when Server1 sends datagram the purpose MAC of message be MACS1, VLAN is VLAN1, packet forwarding module 106 when this message arrives PE2 on the PE2 is searched fib table, with MACS1+VLAN1 is that forwarding entry VLAN1+MACS1---PW1:VLAN4 is arrived in keyword search, then data message is forwarded to PE1 from PW1, receive behind this message packet forwarding module 106 on the PE1 and search FIB with MACS1+VLAN1, find forwarding entry VLAN1+MACS1---2:VLAN4, VLAN in this data message is replaced with VLAN4, be forwarded to Server1 from 2 mouthfuls then.What Server1 walked when Client2 sends message is same flow process.
Example 2
Realize the isolation (being isolated into example explanation) between the different VLAN on the different PE to realize Client2 and Client1.
Client2 attempts to visit Client1, at first send the arp request message, the VLAN that carries in the message is VLAN1, this message is a broadcasting packet, so can be broadcast to PE1 by PW1, for this message of PE1 is the broadcasting packet of receiving from PW, so the packet forwarding module 106 on the PE1 has the native vlan of interoperation relationships to broadcast to the local VPN member identical with VLAN in the message with this VLAN this message, local no VLAN1 member, have only VLAN4 and VLAN1 that interoperation relationships is arranged, so this message can be broadcast among the VLAN4, promptly have only Server1 can receive this message, Client1 can not receive this message, and Client1 can't reply this arp request, so the arp of Client2 asks failure, can't with the Client1 literary composition of transmitting messages mutually.
On the contrary, Client1 attempts to visit Client2, the message that carries in the arp request broadcasting packet is VLAN3, when this message arrives PE2 for PE2 this message be the broadcasting packet of receiving from PW, so the packet forwarding module 106 on the PE2 has the native vlan of interoperation relationships to broadcast to the local VPN member identical with VLAN in the message with this VLAN this message, there is VLAN3 member this locality, there is not to have the member of interoperation relationships with VLAN1, so this message only can be broadcast among the VLAN3, so have only Client3 can receive this arp request message, and Client2 can't receive this arp request message, so the arp of Client1 asks failure, can't with the Client1 literary composition of transmitting messages mutually.
Example 3
Realize the isolation (being isolated into example explanation) between the different VLAN on the identical PE to realize Client2 and Client3's.
The arp request message of Client2 arrives PE2, for PE2, this message is the broadcasting packet of receiving from local AC, the local member of VPN and all PW with local member of the VPN of VLAN and the VLAN that interoperation relationships is arranged broadcasts packet forwarding module 106 on the PE2 to this locality with this message, the local member who except Client2, does not have other VLAN1, there is not to have the VLAN4 member of interoperation relationships with VLAN1 yet, so Client3 can't receive this arp request message, the arp request failure of Client2 can't continue to send message to Client3.By the same token, the arp of Client3 request also can be failed, and can't continue to send message to Client2.
Example 4
Realize the intercommunication (intercommunication with realization Client1 and Client3 is that example illustrates) between the identical VLAN on the different PE.
Client1 sends arp request broadcasting packet, the VLAN that this message carries when arriving PE1 is VLAN3, the source MAC that packet forwarding module 106 on the PE12 at first is checked through this message is unknown MAC, MAC address learning and FIB administration module 104 will be given then on the relevant information, carry out MAC address learning by MAC address learning and FIB administration module 104, learn forwarding entry MAC1+VLAN3---1, because there are interoperation relationships in VLAN3 and VLAN4, therefore other forwarding entry: the MAC1+VLAN4 of meeting regeneration---1:VLAN3 is handed down to packet forwarding module 106 with these two forwarding entrys then.
Finish the message relevant information on send packet forwarding module 106 pairs of these messages in back to do broadcasting to handle, be broadcast to PE2 by this message of PW1, carry out MAC address learning equally after receiving this message on the PE2,---PW1 and MAC1+VLAN4---PW1:VLAN3 that learns forwarding entry MAC1+VLAN3, packet forwarding module on the PE2 106 is broadcasted to native vlan this message with the VLAN that interoperation relationships is arranged afterwards, there is the member Client3 that is both VLAN3 this locality, but there is not to have the member of the VLAN4 of interoperation relationships with VLAN3, so have only Client3 can receive this broadcasting packet on the PE2, Client3 replys this arp request then, the source MAC that replys message is MAC3, purpose MAC is MAC1, VLAN is VLAN3, same MAC address learning and FIB administration module 104 carry out MAC address learning with regard to the relevant information of this message behind this message arrival PE2, by increasing by two forwarding entry: MAC3+VLAN3 among the FIB on the study PE2---and 2, MAC3+VLAN4---2:VLAN3; Packet forwarding module on the PE2 106 finds relative transferring item MAC1+VLAN3---PW1 according to MAC1+VLAN3 afterwards, so this message is sent to PE1 by PW1 according to forwarding entry, MAC address learning and FIB administration module 104 behind the arrival PE1 on the PE1 carry out MAC address learning equally, learn two forwarding entry: MAC3+VLAN3---PW1, MAC3+VLAN4---PW1:VLAN3, next find forwarding entry MAC1+VLAN3 according to MAC1+VLAN3---1, by 1 interface this message is transmitted to Client1, so far Client1 has finished the process of an arp request, all learnt the forwarding entry of Clien1 and Client3 on PE1 and the PE2 accordingly, forwarding Client1 that next just can be correct and the message between the Client3.
Example 5
Realize the intercommunication (intercommunication with realization Client4 and Client5 is that example illustrates) between the identical VLAN on the identical PE.
Clilent4 attempts to visit Client5, sends the arp request message, and last MAC address learning of PE3 and FIB administration module 104 at first carry out MAC address learning to this message behind this message arrival PE3, learn two forwarding entry: MAC4+VLAN2---and 1; MAC4+VLAN4---1:VLAN2.
This message is broadcast on the member and all PW of local identical VLAN by packet forwarding module 106 then, Client5 has received this arp request message, replys this arp request then, and the destination address of the message of answer is MAC4, source address is MAC5, and VLAN is VLAN2.This message carries out MAC address learning after arriving PE3 equally, learns two forwarding entry: MAC5+VLAN2---and 2; MAC5+VLAN4---2:VLAN2.
Then, packet forwarding module 106 finds forwarding entry according to MAC4+VLAN2: MAC4+VLAN2---and 1, then this message is sent to Client4 from outgoing interface 1, Client4 finishes the arp request, learn the forwarding entry of Client4 and Client5 on the PE3, forwarding Client5 that just can be correct and the message between the Client4.
Example 6
Realize the intercommunication (intercommunication with realization Client1 and Server1 is that example illustrates) between the identical VLAN on the identical PE.
Clilent1 attempts to visit Server1, sends the arp request message, and after this message arrived PE1, last MAC address learning of PE1 and FIB administration module 104 at first carried out MAC address learning to this message, learn two forwarding entry: MAC1+VLAN3---and 1; MAC1+VLAN4---1:VLAN3.
Then, this message is broadcast on the member and all PW of local identical VLAN by packet forwarding module 106, because VLAN3 and VLAN4 have interoperation relationships, so Server1 can receive this arp request message, reply this arp request then, the destination address of the message of replying is MACS1, and source address is MAC1, and VLAN is VLAN4.This message carries out MAC address learning after arriving PE3 equally, learns two forwarding entry: MACS1+VLAN4---and 2; MACS1+VLAN3---2:VLAN4.
Afterwards, packet forwarding module 106 finds forwarding entry according to MAC1+VLAN4: MAC1+VLAN4---1:VLAN3, because outlet is for having the source vlan mark in local AC and the forwarding-table item, so being replaced to VLAN3, the VLAN4 of message then this message is sent to Client1 from outgoing interface 1, Client1 finishes the arp request, learn the forwarding entry of Client1 and Server1 on the PE1, forwarding Client1 that just can be correct and the message between the Server1.
The above is the preferred embodiments of the present invention only, is not limited to the present invention, and for a person skilled in the art, the present invention can have various changes and variation.Within the spirit and principles in the present invention all, any modification of being done, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.

Claims (9)

1. a user grouping intercommunication/spacer assembly is used for making the user grouping intercommunication/isolation of VPN service, it is characterized in that, comprising:
VLAN intercommunication command configuration module is used to resolve user configured VLAN intercommunication configuration order and VLAN intercommunication delete command;
MAC address learning and FIB administration module, be connected to described VLAN intercommunication command configuration module, can handle message from a plurality of VLAN, be used for forwarding entry with the MAC Address of VLAN and copy among other VLAN with described VLAN intercommunication, and described forwarding entry write be used for message among the FIB and transmit; And
Packet forwarding module, be connected to described MAC address learning and FIB administration module, can handle message from a plurality of VLAN, be used for message being had the VLAN broadcasting of interoperation relationships to other, and when unicast message is correlated with in processing, transmit again behind the VLAN according to forwarding entry replacement message according to VLAN intercommunication situation.
2. user grouping intercommunication/spacer assembly according to claim 1, it is characterized in that, described VLAN intercommunication command configuration module is used for that user's configuration order is resolved the back and generates VLAN interoperation relationships table, and described interoperation relationships table is handed down to described MAC address learning and the FIB administration module is used for follow-up MAC address learning.
3. user grouping intercommunication/spacer assembly according to claim 1, it is characterized in that, under the sub conditione mode, carry out MAC address learning, among the VPLS VPN a plurality of VLAN are arranged, between two VLAN therein under the situation of not intercommunication, between described two VLAN identical MAC can be arranged, under the situation of intercommunication between two VLAN, can not have identical MAC between described two VLAN.
4. user grouping intercommunication/spacer assembly according to claim 3, it is characterized in that, described MAC address learning and FIB administration module are searched VLAN interoperation relationships table as required in the study MAC Address, VLAN and other VLAN in the MAC Address of learning have under the situation of interoperation relationships, described MAC Address is duplicated generate new forwarding entry among the VLAN of interoperation relationships, behind described new forwarding entry, add the source vlan mark, be issued to described packet forwarding module then and be used to transmit data message.
5. user grouping intercommunication/spacer assembly according to claim 4, it is characterized in that, when described packet forwarding module receives the unicast message of known purpose MAC, at outgoing interface is under the situation of local AC, if there is not the source vlan mark in the forwarding entry that finds, then transmit described message from outgoing interface; If have the source vlan mark in the forwarding entry that finds, then at first the VLAN in the described message is replaced with source vlan corresponding in the forwarding entry, transmit described message from the local interface of correspondence then.
6. according to each described user grouping intercommunication/spacer assembly in the claim 1 to 5, it is characterized in that, described VLAN intercommunication command configuration module is used to resolve user's VLAN intercommunication configuration delete command, the user is specified the VLAN interoperation relationships of deletion from VLAN interoperation relationships table, delete, notify described MAC address learning and FIB administration module to delete this VLAN interoperation relationships simultaneously, and the forwarding entry that is copied into based on described VLAN interoperation relationships in the deletion fib table.
7. user grouping intercommunication/spacer assembly according to claim 1 is characterized in that, the broadcasting packet that described packet forwarding module will receive from local AC to identical local VPN member and all PW broadcasting of VLAN the described broadcasting packet; The broadcasting packet that will receive from far-end PW to identical local VPN member and the spoke PW broadcasting of VLAN the described broadcasting packet; The unicast message of the unknown MAC Address that will receive from local AC to identical local VPN member and all PW broadcasting of VLAN the described unicast message; The unicast message of the unknown target MAC (Media Access Control) address that will receive from far-end PW to identical local VPN member and the spoke PW broadcasting of VLAN the described unicast message.
8. user grouping intercommunication/spacer assembly according to claim 7, it is characterized in that, the VLAN in the message is not replaced during broadcasting, if the VLAN under the message and local other VLAN have interoperation relationships, further to the VLAN broadcasting that interoperation relationships is arranged, and the VLAN in the message is replaced to the described VLAN that interoperation relationships is arranged during broadcasting.
9. user grouping intercommunication/spacer assembly according to claim 7, it is characterized in that, in described packet forwarding module, when the PW broadcasting packet, message was duplicated many parts from last broadcasting initial stage of PW, the VLAN of the corresponding intercommunication of the VLAN in each message according to interoperation relationships.
CN2006101618632A 2006-12-05 2006-12-05 User grouping intercommunication/isolation device in virtual special network service Expired - Fee Related CN101197760B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2006101618632A CN101197760B (en) 2006-12-05 2006-12-05 User grouping intercommunication/isolation device in virtual special network service

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2006101618632A CN101197760B (en) 2006-12-05 2006-12-05 User grouping intercommunication/isolation device in virtual special network service

Publications (2)

Publication Number Publication Date
CN101197760A CN101197760A (en) 2008-06-11
CN101197760B true CN101197760B (en) 2010-09-29

Family

ID=39547918

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2006101618632A Expired - Fee Related CN101197760B (en) 2006-12-05 2006-12-05 User grouping intercommunication/isolation device in virtual special network service

Country Status (1)

Country Link
CN (1) CN101197760B (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102098202B (en) * 2009-12-11 2013-08-07 华为技术有限公司 Virtual private topology control method, device and system
CN102195852B (en) * 2010-03-09 2014-08-13 杭州华三通信技术有限公司 Method and BEB (Backbone Edge Bridge) equipment for realizing user leased-line connection in PBB (Provider Backbone Bridge) network
CN102655468B (en) * 2011-03-02 2016-12-28 中兴通讯股份有限公司 A kind of method and system realizing privately owned VPLS
CN102255785B (en) * 2011-08-11 2014-05-07 杭州华三通信技术有限公司 Network isolation method in VPLS (Virtual Private Lan Service) and device thereof
CN104601418B (en) * 2014-12-02 2017-11-21 重庆尊贤科技有限公司 Multiple lower multi-internet integration Transmission systems in the vlan of a family one bindings authentication mechanism outlet
CN105591988B (en) * 2015-09-24 2019-03-15 新华三技术有限公司 A kind of synchronous method and device of MAC Address
CN112311737A (en) * 2019-07-31 2021-02-02 中兴通讯股份有限公司 Flow isolation method, device and equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1652542A (en) * 2004-02-07 2005-08-10 华为技术有限公司 Method for implement virtual leased line
CN1759572A (en) * 2003-06-20 2006-04-12 中兴通讯股份有限公司 A kind of method that realizes that Ethernet service safety is isolated
EP1705840A1 (en) * 2004-01-16 2006-09-27 Nippon Telegraph and Telephone Corporation User mac frame transfer method, edge transfer device, and program
CN1863089A (en) * 2006-04-17 2006-11-15 华为技术有限公司 Method for configurating slave node of virtual LAN

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1759572A (en) * 2003-06-20 2006-04-12 中兴通讯股份有限公司 A kind of method that realizes that Ethernet service safety is isolated
EP1705840A1 (en) * 2004-01-16 2006-09-27 Nippon Telegraph and Telephone Corporation User mac frame transfer method, edge transfer device, and program
CN1652542A (en) * 2004-02-07 2005-08-10 华为技术有限公司 Method for implement virtual leased line
CN1863089A (en) * 2006-04-17 2006-11-15 华为技术有限公司 Method for configurating slave node of virtual LAN

Also Published As

Publication number Publication date
CN101197760A (en) 2008-06-11

Similar Documents

Publication Publication Date Title
EP3211839B1 (en) Split-horizon packet forwarding in a mh-pbb-evpn network
CN103139037B (en) For realizing the method and apparatus of VLAN flexibly
CN104135420B (en) A kind of method, equipment and the system of message forwarding
CN101848129B (en) Network system, core switch, edge switch and data relay method
CN103227843B (en) A kind of physical link address management method and device
CN103795636B (en) Multicast processing method, device and system
CN101765827B (en) Overlay transport virtualization
EP2600573B1 (en) Method for transmitting addresses correspondence relationship in second-layer protocol using link status routing
CN101197760B (en) User grouping intercommunication/isolation device in virtual special network service
CN102801625B (en) A kind of method of heterogeneous network double layer intercommunication and equipment
CN101808042B (en) Access method and device of multiprotocol label switching double-layer virtual private network
CN102413060B (en) User private line communication method and equipment used in VPLS (Virtual Private LAN (Local Area Network) Service) network
CN102668463A (en) Method for the provision of gateway anycast virtual mac reachability in extended subnets
AU2003286511A1 (en) Modified spanning tree protocol for metropolitan area network
CN101110745A (en) Method, device and system for engaging second layer network and third layer network
CN101616014A (en) A kind of method that realizes cross-virtual private local area network multicast
CN102932499A (en) Method and device for learning media access control (MAC) addresses in virtual private lan service (VPLS) networks
CN102185778A (en) Method and device for transmitting data based on VLL (Virtual Lease Line)
WO2008046359A1 (en) Method and apparatus for isolating the different virtual local area network services
CN101552727A (en) Method of transmitting and receiving message and a provider edge router
CN103326918A (en) Message forwarding method and message forwarding equipment
CN100559772C (en) Mixed virtual private network system and backbone network edge apparatus and collocation method thereof
CN101621477A (en) Method and device for one-to-many port mirror image
CN102064999B (en) Method and equipment for forwarding multicast message
CN101197762A (en) User grouping intercommunication/isolation method and device in virtual special network service

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20100929

CF01 Termination of patent right due to non-payment of annual fee