CN101626338B - Method and device for realizing multiple virtual private network (VPN) examples - Google Patents
Method and device for realizing multiple virtual private network (VPN) examples Download PDFInfo
- Publication number
- CN101626338B CN101626338B CN2009100891842A CN200910089184A CN101626338B CN 101626338 B CN101626338 B CN 101626338B CN 2009100891842 A CN2009100891842 A CN 2009100891842A CN 200910089184 A CN200910089184 A CN 200910089184A CN 101626338 B CN101626338 B CN 101626338B
- Authority
- CN
- China
- Prior art keywords
- vpn
- sub
- interface
- equipment
- multicast message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method for realizing multiple VPN examples and a PE device. The method comprises the following steps: collocating a first access control list (ACL), a second ACL and a plurality of sub-interfaces respectively corresponding to different VPNs at a physical port of the PE device, which is connected with a CE device; transmitting multi-cast messages according to the first ACL when the PE device receives multi-cast messages from the CE device; and transmitting the multi-cast messages according to the second ACL when the PE device receives the multi-cast messages entering from a backbone network. The invention can realize multiple VPN examples without changing the CE device.
Description
Technical field
The present invention relates to network communications technology field, refer to a kind of method and PE equipment of realizing many VPN instance especially.
Background technology
Multi-protocol label switching three-layer Virtual Private Network (MPLS L3VPN, Multiprotocol LabelSwitching Layer 3 Virtual Private Network) be a kind of VPN based on Border Gateway Protocol (BGP, Border Gateway Protocol) and the realization of MPLS expansion technique.MPLS L3VPN is made up of each website (Site) of provider backbone network and user, and is independently of one another between each website, only could realize intercommunication by backbone network.
Multicasting VPN is based on the technology that MPLS L3VPN network is realized multicast transmission.Fig. 1 is the networking schematic diagram of the multicasting VPN based on MPLS L3VPN of the prior art.As shown in Figure 1, Provider Edge (PE, Provider Edge) equipment is the edge device in the provider backbone network, customer edge (CE with the user site side, Customer Edge) equipment directly links to each other, and is responsible for the processing of VPN route, is the main implementor of MPLS L3VPN.CE is a user network boundary device, is responsible for the forwarding of user network route.In the multicasting VPN technology, the unicast routing table that utilizes static routing or any unicast routing protocol to be generated by Protocol Independent Multicast (PIM, ProtocolIndependent Multicast) provides route for the IP multicast.PIM transmits (RPF by inverse path, Reverse PathForwarding) mechanism realizes the forwarding to multicast message, when multicast message arrives local device, at first it is carried out rpf check, if rpf check is passed through, then create corresponding multicast routing table item, thereby carry out the forwarding of multicast message, if the rpf check failure then abandons this message.
In actual applications, the user can dispose based on the multicasting VPN scheme of MPLS L3VPN shown in Figure 1 according to actual needs with carrying video conference, business such as video request program.In network environment shown in Figure 1, PE is connected with CE by a physical port, but need under a CE equipment, hang with the main frame of many relatives of Taiwan compatriots living on the Mainland in the practical application in different VPN, for example in Fig. 1, hang with the host A 1 that belongs to VPN1 under the CE equipment of website 1 and belong to the host B 1 of VPN2, and hang with under the CE equipment of website 2 host A 2 that belongs to VPN1 and the host B 2 that belongs to VPN2.The IP address of each main frame is different, but the IP address that belongs to the main frame of same VPN belongs to the same network segment, and different VPN has the IP address of different segment.For example, the IP address of host A 1 be 10.5. *. *, the IP address of host B 1 be 10.6. *. *.
Because the needs of hanging the main frame that belongs to different VPN a CE equipment are under arranged in the middle of the reality, therefore need CE equipment with and the PE equipment that connects on dispose many examples multicast vpn service.But because CE only is connected by a physical link with PE equipment, therefore in the prior art, by all disposing a plurality of logical subinterface or a plurality of VLNA virtual interface is realized on CE equipment PE equipment, it is configurable many examples multicast vpn service that different logical subinterface/VLAN virtual interfaces is bound different VPN respectively.
But, because the CE equipment of user side is underlying device, may configuration logic sub-interface or VLAN virtual interface in the middle of actual; Perhaps the user does not wish to change CE equipment; Perhaps in transformation project, for the business that does not influence bottom-layer network (as the district local area network (LAN)) is stable, the user does not want to revise the configuration information of its CE equipment yet.Traditional in this case multicasting VPN collocation method can only be gone up VPN instance of configuration by the physical port that is connected with CE equipment (being called main interface again) on PE equipment, and can't implement the multicast transmission business of a plurality of VPN instance.
Summary of the invention
The invention provides a kind of method that realizes many VPN instance, this method can realize many VPN instance under the situation that does not change CE equipment.
The present invention also provides a kind of PE equipment, and this equipment is realized many VPN instance under the situation that does not change CE equipment.
For achieving the above object, technical scheme of the present invention specifically is achieved in that
The invention discloses a kind of method that realizes the multiple virtual private network (VPN) VPN instance, this method is applied to the multicasting VPN scene that a plurality of main frames that customer edge CE equipment connects belong to different VPN, and this method comprises:
Configuration corresponds respectively to a plurality of sub-interfaces of described different VPN on Provider Edge PE equipment and physical port that CE equipment is connected, and on PE equipment configuration first access control list ACL and the 2nd ACL; Wherein, preserve the corresponding relation between the affiliated VPN in IP address and IP address among the ACL, preserve the corresponding relation between the affiliated physical port of sub-interface and sub-interface among the 2nd ACL;
When described PE equipment receives first multicast message from CE equipment, search an ACL according to the source IP address of first multicast message, obtain corresponding VPN, find out the sub-interface of this VPN correspondence again, first multicast message is transmitted according to the sub-interface lookup VPN multicast forward table of being found out;
When described PE equipment receives from second multicast message that backbone network enters, if the outgoing interface of second multicast message is a sub-interface, then searches the 2nd ACL and find this sub-interface corresponding physical port, second multicast message is sent from physical port.
The invention also discloses a kind of PE equipment, a plurality of sub-interfaces that correspond respectively to different VPN have been disposed in being connected with CE equipment of this PE equipment on the physical port, and this PE equipment comprises: memory module and multicast message forwarding module, wherein,
Memory module is used to preserve first access control list ACL and the 2nd ACL; Wherein, preserve the corresponding relation between the affiliated VPN in IP address and IP address among the ACL, preserve the corresponding relation between the affiliated physical port of sub-interface and sub-interface among the 2nd ACL;
The multicast message forwarding module, be used for when first multicast message of receiving from CE equipment, search an ACL according to the source IP address of first multicast message, obtain corresponding VPN, find out the sub-interface of this VPN correspondence again, first multicast message is transmitted according to the sub-interface lookup VPN multicast forward table of being found out; Be used for when receiving,, then searching the 2nd ACL and finding this sub-interface corresponding physical port, second multicast message is sent from physical port if the outgoing interface of second multicast message is a sub-interface from second multicast message that backbone network enters.
As seen from the above technical solution, the present invention this on PE equipment and physical port that CE equipment is connected configuration correspond respectively to a plurality of sub-interfaces of described different VPN, and on PE equipment configuration first access control list ACL and the 2nd ACL; Wherein, preserve the corresponding relation between the affiliated VPN in IP address and IP address among the ACL, preserve the corresponding relation between the affiliated physical port of sub-interface and sub-interface among the 2nd ACL; When described PE equipment receives first multicast message from CE equipment, search an ACL according to the source IP address of first multicast message, obtain corresponding VPN, find out the sub-interface of this VPN correspondence again, first multicast message is transmitted according to the sub-interface lookup VPN multicast forward table of being found out; When described PE equipment receives from second multicast message that backbone network enters, if the outgoing interface of second multicast message is a sub-interface, then search the 2nd ACL and find this sub-interface corresponding physical port, the technical scheme that second multicast message is sent from physical port just can realize many VPN instance need not to change under the situation of existing C E equipment.
Description of drawings
Fig. 1 is the networking schematic diagram of the multicasting VPN based on MPLS L3VPN of the prior art;
Fig. 2 is a kind of flow chart of realizing the method for many VPN instance of the embodiment of the invention;
Fig. 3 is a networking schematic diagram of embodiment of the invention multicasting VPN;
Fig. 4 is the composition structured flowchart of embodiment of the invention PE equipment.
Embodiment
Core concept of the present invention is: utilize in the original user network design, host IP address among the same VPN under the same website belongs to the same network segment, and the nonoverlapping characteristic in IP address in its each VPN, on PE equipment, divide VPN according to the IP address that belongs to different segment, transmit message redirecting IP address according to different segment to corresponding VPN multicast forward table, thereby realize many VPN instance
For making purpose of the present invention, technical scheme and advantage clearer, below the present invention is described in more detail.
Fig. 2 is a kind of flow chart of realizing the method for many VPN instance of the embodiment of the invention.This method is applied to the multicasting VPN scene that a plurality of main frames that customer edge CE equipment connects belong to different VPN, scene for example shown in Figure 1, and then as shown in Figure 2, this method comprises:
Need to prove that in this step sub-interface is a logic interfacing.
In this step, the generation of described VPN multicast forward table is the same with generating mode of the prior art, is promptly generated by the PIM agreement.Because disposed sub-interface on physical port, so PE equipment is slightly different to the processing of PIM protocol massages, back extended meeting is introduced.
In the described flow process of Fig. 2, step 201 is described is in advance configuration effort, and step 202 and 203 is based on the process that configuration is in advance transmitted the opposite multicast message of direction, so step 202 and 203 sequencing on the life period not in fact.
In the step 201 of scheme shown in Figure 2, on the physical port of PE equipment, dispose and correspond respectively in a plurality of sub-interfaces of described different VPN, also need to belong to the IP address of the same network segment for each sub-interface configuration and corresponding VPN.Can guarantee like this has correct IP address information in multicast RPF processing procedure.
Consider with existing message forwarding mechanism and keep consistency, method by loopback in the embodiment of the invention will send to the sub-interface of its VPN correspondence from the multicasting VPN message that physical port enters, then the PE equipment described in the step 202 is searched an ACL according to the source IP address of first multicast message, obtain corresponding VPN, find out again after the sub-interface of this VPN correspondence, and before first multicast message being transmitted according to the sub-interface lookup VPN multicast forward table of being found out, this method further comprises: PE equipment is encapsulated into the numbering and the physical port number of the sub-interface found out in the head of first multicast message in the Tag mode, and first multicast message is mail to the loopback mouth of PE equipment self; When PE equipment receives described first multicast message from the loopback mouth, confirm that according to the Tag encapsulated content first multicast message is that a sub-interface from physical port enters.For example, when the sub-interface of encapsulation when being numbered 1, can confirm what this message entered from the sub-interface 1 of the physical port that is connected with CE according to the message of loopback.
In addition, can also adopt the mode of external loop, the PE main interface (physical port) that promptly is connected with CE is gone up the configuration acl rule, and at configuration on another physical interface and the corresponding sub-interface of different VPN (VPN under each main frame of hanging under the CE equipment that main interface connected), the transmitting terminal of this another physical interface is connected with the interface end of himself, realizes the message loop fuction.The source IP address of the message that coupling enters from main interface, according to the corresponding relation between source IP address, VPN and the sub-interface with the sub-interface of message redirecting to described another physical port of its corresponding VPN binding.On sub-interface, bind VPN and external loop is set, when message enters PE equipment once more by sub-interface, will in VPN, do multicast forwarding by physical circuit.In the opposite direction, dispose the 2nd ACL on the sub-interface equally, the message redirecting that with all outgoing interfaces is sub-interface is to the main interface that is connected with CE equipment.But the shortcoming of this scheme is a physical port that need additionally take PE equipment.
The front is mentioned, owing on physical port, disposed the sub-interface of a plurality of logics corresponding with different VPN, therefore PE equipment need carry out following processing to the PIM protocol massages, so that the PIM agreement thinks to transmit the multicast forwarding port of corresponding VPN message rather than the physical port that is connected with CE equipment with sub-interface.Specifically comprise: when the PIM agreement when the physical port that is connected with CE equipment enters PE equipment, network processing unit in the PE equipment (NP) match protocol enables list item, when the PIM protocol massages was forwarded to the CPU of PE equipment, it was PIM hello packet or PIM JP message that the driving forwarding module need be discerned this PIM protocol massages by protocol attribute.If PIM hello packet, then according to the number of the VPN that binds on the physical port, to the PIM hello packet duplicate and on deliver to self the platform protocol handling program handle, for example, the VPN number of binding on the physical port is 3, be that the sub-interface number is 3, just the PIM hello packet duplicated 3 parts of transmissions; If PIM JP message, then parse multicast group IP address (GIP wherein, Group IP), obtain the sub-interface numbering corresponding according to GIP with corresponding the closing of VPN, and the platform protocol handling program of delivering to self on this sub-interface numbering is handled with this VPN.Just can to generate with the sub-interface be the VPN multicast forward table of key assignments to the platform protocol handling program like this.
The VPN multicast forward table of prior art is key assignments with VPN, and among the present invention, sub-interface and VPN bind one by one, so the platform protocol handling program generates the change that the process of VPN multicast forward table does not have, and just key assignments becomes sub-interface by VPN.
For making technical scheme of the present invention clearer, below enumerate a specific embodiment and be illustrated.
Fig. 3 is a networking schematic diagram of the invention process multicasting VPN.As shown in Figure 3, CE1 is connected with PE1, connected the main frame that belongs to three VPN under the CE1, and the IP address that wherein belongs to the main frame of VPN1 belong to network segment 10.5. *. *, the IP address that belongs to the main frame of VPN2 belong to network segment 10.6. *. *, the IP address that belongs to the main frame of VPN3 belong to network segment 10.7. *. *.The physical port that is connected with CE1 on the PE1 is g1/1/1.
According to the solution of the present invention, on PE1 shown in Figure 3, carry out following configuration:
(1) in the PE1 configuration logical subinterface identical with the VPN number, promptly dispose 3 sub-interfaces, the numbering of each sub-interface is respectively: g1/1/1.1, g1/1/1.2 and g1/1/1.3, the with dashed lines segment table shows in Fig. 3.Wherein, sub-interface g1/1/1.1 is corresponding with VPN1, and sub-interface g1/1/1.2 is corresponding with VPN2, and sub-interface g1/1/1.3 is corresponding with VPN3.In order to guarantee when multicast RPF handles correct IP address information is arranged, be that three sub-interfaces dispose the IP address that the VPN corresponding with it is in the same network segment respectively.
(2) correspond respectively to Inbound (CE1-PE1-backbone network) and the outgoing direction (access control list (ACL) of backbone network-PE1-CE1) in PE1 configuration.Wherein, preserve the corresponding relation between the affiliated VPN in IP address and IP address among the ACL of Inbound, as shown in table 1, preserve the corresponding relation between the affiliated physical port of sub-interface and sub-interface among the ACL of outgoing direction, as shown in table 2.
| The IP address | VPN |
| 10.5.×.× | VPN1 |
| 10.6.×.× | VPN2 |
| 10.7.×.× | VPN3 |
Table 1
| Sub-interface | Physical port |
| g1/1/1.1 | g1/1/1 |
| g1/1/1.2 | g1/1/1 |
| g1/1/1.3 | g1/1/1 |
Table 2
Based on above-mentioned configuration, PE1 is as follows to the processing of PIM protocol massages and multicast service message:
(1) the PIM protocol massages enters the NP forwarding chip of PE1 through physical port g1/1/1, and match protocol enables list item when being forwarded to CPU, drives forwarding module and judges that by the protocol attribute sign this PIM protocol massages is PIM hello packet or PIM JP message.If the PIM hello packet, deliver to the platform protocol handling program of PE1 on then duplicating after 3 parts; If PIM JP message, then drive software parses GIP wherein, obtain the sub-interface information corresponding by the corresponding relation between GIP and the VPN with this VPN, for example that corresponding with the GIP that parses is VPN1, then Dui Ying sub-interface is g1/1/1.1, will deliver to the platform protocol handling program of PE1 on the sub-interface information that obtain.The platform protocol handling program generates the VPN multicast forward table according to the information that is received according to existing mode.
(2) for the multicast message that enters from physical port g1/1/1, here suppose that this multicast message is to be sent by the main frame that belongs to VPN1, its source IP address be 10.5. *. *, the NP forwarding chip of PE1 according to the source IP address 10.5. of this multicast message *. * coupling ACL that goes into as shown in table 1 is redirected to corresponding VPN1, g1/1/1.1 is encapsulated in the head of this multicast message as Tag with the sub-interface of VPN1 correspondence numbering, and this multicast message is mail to the specific inner loop of NP answers back.Here owing to promptly comprised the numbering 1 of sub-interface among the sub-interface numbering g1/1/1.1, comprised the port numbers g1/1/1 of its affiliated physical port again, therefore need not additionally again physical port number to be encapsulated in the header.
Multicast message loopback mouth internally enters NP once more, and NP is analytic message again, by Tag and physical port number, thinks what this message entered from sub-interface g1/1/1.1.Then search the VPN multicast forward table, multicast message is transmitted from the Multicast Tunnel Interface that is found according to sub-interface g1/1/1.1.
(3) correspondingly, arrive the multicast message of PE1 for the Multicast Tunnel from backbone network, the NP of PE1 carries out the tunnel termination, when the private network multicast member outgoing interface of finding this multicast message is the sub-interface of logic, when for example outgoing interface is g1/1/1.1, search the ACL that goes out as shown in table 2 according to g1/1/1.1, obtaining the corresponding physical port is g1/1/1, then this multicast message is redirected to physical port g1/1/1 and transmits.
From the foregoing description as can be seen, according to technical scheme of the present invention, when realizing many examples multicasting VPN, do not need CE to support sub-interface or virtual VLAN interface, network upgrade does not need to change the configuration of CE when transforming, and only need change the multicasting VPN that PE equipment just can be supported many examples.
Next provide the multicast structure of the PE equipment among the present invention based on the foregoing description.
Fig. 4 is the composition structured flowchart of embodiment of the invention PE equipment.Disposed a plurality of sub-interfaces that correspond respectively to different VPN on PE equipment as shown in Figure 4 and the physical port that CE equipment is connected, this PE equipment comprises: memory module 401 and multicast message forwarding module 402.Here multicast forwarding module 402 is the composition modules of NP in the PE equipment.
In Fig. 4, memory module 401 is used to preserve first access control list ACL and the 2nd ACL; Wherein, preserve the corresponding relation between the affiliated VPN in IP address and IP address among the ACL, preserve the corresponding relation between the affiliated physical port of sub-interface and sub-interface among the 2nd ACL;
Multicast message forwarding module 402, be used for when first multicast message of receiving from CE equipment, search an ACL according to the source IP address of first multicast message, obtain corresponding VPN, find out the sub-interface of this VPN correspondence again, first multicast message is transmitted according to the sub-interface lookup VPN multicast forward table of being found out; Be used for when receiving,, then searching the 2nd ACL and finding this sub-interface corresponding physical port, second multicast message is sent from physical port if the outgoing interface of second multicast message is a sub-interface from second multicast message that backbone network enters.
Each sub-interface of PE equipment has as shown in Figure 4 disposed the IP address that belongs to the same network segment with corresponding VPN.
In Fig. 4, described multicast message forwarding module 402, searching an ACL according to the source IP address of first multicast message, obtain corresponding VPN, find out again after the sub-interface of this VPN correspondence, and before first multicast message being transmitted according to the sub-interface lookup VPN multicast forward table of being found out, be further used for, be encapsulated into the numbering and the physical port number of the sub-interface found out in the head of first multicast message in the Tag mode, and first multicast message is mail to the loopback mouth of PE equipment, when receiving described first multicast message from the loopback mouth, confirm that according to the Tag encapsulated content first multicast message is that a sub-interface from described physical port correspondence enters.
In Fig. 4, described multicast message forwarding module 402 is used for the inner loop that first multicast message mails to PE equipment is answered back or external rings is answered back.
PE equipment as shown in Figure 4 further comprises: the protocol massages forwarding module, do not draw in Fig. 4.This protocol massages forwarding module is used for when receiving the PIM hello packet, according to the number of the VPN that binds on the physical port, to the PIM hello packet duplicate and on deliver to PE equipment the platform protocol handling program handle; Be used for when receiving PIM JP message, parse multicast group IP address wherein, obtain the sub-interface numbering corresponding according to multicast group IP address and the corresponding relation of VPN, and the platform protocol handling program of delivering to PE equipment on this sub-interface numbering is handled with this VPN.
In sum, the present invention this on PE equipment and physical port that CE equipment is connected configuration correspond respectively to a plurality of sub-interfaces of described different VPN, and on PE equipment configuration first access control list ACL and the 2nd ACL; Wherein, preserve the corresponding relation between the affiliated VPN in IP address and IP address among the ACL, preserve the corresponding relation between the affiliated physical port of sub-interface and sub-interface among the 2nd ACL; When described PE equipment receives first multicast message from CE equipment, search an ACL according to the source IP address of first multicast message, obtain corresponding VPN, find out the sub-interface of this VPN correspondence again, first multicast message is transmitted according to the sub-interface lookup VPN multicast forward table of being found out; When described PE equipment receives from second multicast message that backbone network enters, if the outgoing interface of second multicast message is a sub-interface, then search the 2nd ACL and find this sub-interface corresponding physical port, the technical scheme that second multicast message is sent from physical port, need not to change under the situation of existing C E equipment, just can realize many VPN instance.
The above is preferred embodiment of the present invention only, is not to be used to limit protection scope of the present invention, all any modifications of being made within the spirit and principles in the present invention, is equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (10)
1. method that realizes the multiple virtual private network (VPN) VPN instance, this method are applied to the multicasting VPN scene that a plurality of main frames that customer edge CE equipment connects belong to different VPN, it is characterized in that this method comprises:
Configuration corresponds respectively to a plurality of sub-interfaces of described different VPN on Provider Edge PE equipment and physical port that CE equipment is connected, and on PE equipment configuration first access control list ACL and the 2nd ACL; Wherein, preserve the corresponding relation between the affiliated VPN in IP address and IP address among the ACL, preserve the corresponding relation between the affiliated physical port of sub-interface and sub-interface among the 2nd ACL;
When described PE equipment receives first multicast message from CE equipment, search an ACL according to the source IP address of first multicast message, obtain corresponding VPN, find out the sub-interface of this VPN correspondence again, first multicast message is transmitted according to the sub-interface lookup VPN multicast forward table of being found out;
When described PE equipment receives from second multicast message that backbone network enters, if the outgoing interface of second multicast message is a sub-interface, then searches the 2nd ACL and find this sub-interface corresponding physical port, second multicast message is sent from physical port.
2. the method for claim 1, its feature exists, this method further comprises: dispose on the physical port of PE equipment and correspond respectively in a plurality of sub-interfaces of described different VPN, belong to the IP address of the same network segment for each sub-interface configuration and corresponding VPN.
3. the method for claim 1, it is characterized in that, search an ACL at PE equipment according to the source IP address of first multicast message, obtain corresponding VPN, find out again after the sub-interface of this VPN correspondence, and before according to the sub-interface lookup VPN multicast forward table of being found out first multicast message being transmitted, this method further comprises:
PE equipment is encapsulated into the numbering and the physical port number of the sub-interface found out in the head of first multicast message in the Tag mode, and first multicast message is mail to the loopback mouth of PE equipment self;
When PE equipment receives described first multicast message from the loopback mouth, confirm that according to the Tag encapsulated content first multicast message is that a sub-interface from described physical port correspondence enters.
4. method as claimed in claim 3 is characterized in that,
Described loopback mouth is that inner loop is answered back or external rings is answered back.
5. the method for claim 1 is characterized in that, this method further comprises:
When described PE equipment receives the PIM hello packet, number according to the VPN that binds on the physical port, to the PIM hello packet duplicate and on deliver to self platform protocol handling program, generate the VPN multicast forward table by the platform protocol handling program according to the information that is received;
When described PE equipment receives PIM JP message, parse multicast group IP address wherein, obtain the sub-interface numbering corresponding according to multicast group IP address and the corresponding relation of VPN with this VPN, and, generate the VPN multicast forward table according to the information that is received by the platform protocol handling program with delivering to the platform protocol handling program of self on this sub-interface numbering.
6. a Provider Edge PE equipment is characterized in that, has disposed a plurality of sub-interfaces that correspond respectively to different VPN on this PE equipment and the physical port that CE equipment is connected, and this PE equipment comprises: memory module and multicast message forwarding module, wherein,
Memory module is used to preserve first access control list ACL and the 2nd ACL; Wherein, preserve the corresponding relation between the affiliated VPN in IP address and IP address among the ACL, preserve the corresponding relation between the affiliated physical port of sub-interface and sub-interface among the 2nd ACL;
The multicast message forwarding module, be used for when first multicast message of receiving from CE equipment, search an ACL according to the source IP address of first multicast message, obtain corresponding VPN, find out the sub-interface of this VPN correspondence again, first multicast message is transmitted according to the sub-interface lookup VPN multicast forward table of being found out; Be used for when receiving,, then searching the 2nd ACL and finding this sub-interface corresponding physical port, second multicast message is sent from physical port if the outgoing interface of second multicast message is a sub-interface from second multicast message that backbone network enters.
7. PE equipment as claimed in claim 6 is characterized in that, each sub-interface of described PE equipment has disposed the IP address that belongs to the same network segment with corresponding VPN.
8. PE equipment as claimed in claim 6 is characterized in that,
Described multicast message forwarding module, searching an ACL according to the source IP address of first multicast message, obtain corresponding VPN, find out again after the sub-interface of this VPN correspondence, and before first multicast message being transmitted according to the sub-interface lookup VPN multicast forward table of being found out, be further used for, be encapsulated into the numbering and the physical port number of the sub-interface found out in the head of first multicast message in the Tag mode, and first multicast message is mail to the loopback mouth of PE equipment, when receiving described first multicast message from the loopback mouth, confirm that according to the Tag encapsulated content first multicast message is that a sub-interface from described physical port correspondence enters.
9. PE equipment as claimed in claim 8 is characterized in that,
Described multicast message forwarding module is used for the inner loop that first multicast message mails to PE equipment is answered back or external rings is answered back.
10. PE equipment as claimed in claim 6, it is characterized in that, this PE equipment further comprises: the protocol massages forwarding module, be used for when receiving the PIM hello packet, number according to the VPN that binds on the physical port, to the PIM hello packet duplicate and on deliver to the platform protocol handling program of PE equipment, generate the VPN multicast forward table by the platform protocol handling program according to the information that is received; Be used for when receiving PIM JP message, parse multicast group IP address wherein, obtain the sub-interface numbering corresponding according to multicast group IP address and the corresponding relation of VPN with this VPN, and, generate the VPN multicast forward table according to the information that is received by the platform protocol handling program with delivering to the platform protocol handling program of PE equipment on this sub-interface numbering.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100891842A CN101626338B (en) | 2009-08-03 | 2009-08-03 | Method and device for realizing multiple virtual private network (VPN) examples |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100891842A CN101626338B (en) | 2009-08-03 | 2009-08-03 | Method and device for realizing multiple virtual private network (VPN) examples |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101626338A CN101626338A (en) | 2010-01-13 |
| CN101626338B true CN101626338B (en) | 2011-11-23 |
Family
ID=41522032
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009100891842A Expired - Fee Related CN101626338B (en) | 2009-08-03 | 2009-08-03 | Method and device for realizing multiple virtual private network (VPN) examples |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101626338B (en) |
Families Citing this family (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103259727B (en) | 2012-08-31 | 2016-12-28 | 杭州华三通信技术有限公司 | A kind of message forwarding method and equipment |
| CN103401803A (en) * | 2013-08-09 | 2013-11-20 | 迈普通信技术股份有限公司 | Fluid control management system and method |
| CN104104612B (en) * | 2014-07-30 | 2017-07-04 | 新华三技术有限公司 | A kind of load sharing method and device |
| CN105791109B (en) * | 2014-12-25 | 2020-03-10 | 中兴通讯股份有限公司 | Method, device and node for multicast forwarding of multi-protocol label switching intermediate node |
| CN104753754A (en) * | 2015-03-12 | 2015-07-01 | 杭州华三通信技术有限公司 | Method and apparatus for transmitting messages |
| CN104780090B (en) * | 2015-04-27 | 2018-10-26 | 新华三技术有限公司 | Method, apparatus, the PE equipment of VPN multicast transmissions |
| CN106101617B (en) * | 2016-06-08 | 2020-04-10 | 浙江宇视科技有限公司 | Message transmission method, device and system |
| US10469501B2 (en) * | 2017-03-31 | 2019-11-05 | Hewlett Packard Enterprise Development Lp | Multi-protocol access control lists |
| CN107018059B (en) * | 2017-04-25 | 2019-11-12 | 新华三技术有限公司 | A kind of message forwarding method and device |
| CN108768861B (en) * | 2018-06-29 | 2021-01-08 | 新华三信息安全技术有限公司 | Method and device for sending service message |
| CN111049721B (en) * | 2019-12-12 | 2021-06-29 | 广州鲁邦通物联网科技有限公司 | OpenVPN cluster, construction method thereof, communication method and system |
| CN111786909B (en) * | 2020-05-19 | 2022-04-29 | 深圳震有科技股份有限公司 | Method for updating protocol state of VRRP interface, switch and storage medium |
| CN111786873B (en) * | 2020-07-13 | 2021-11-26 | 浙江捷创方舟数字技术有限公司 | Remote control method, system and gateway supporting PLC redundancy |
| CN113518104B (en) * | 2021-03-11 | 2024-02-27 | 网宿科技股份有限公司 | Data message processing method, transfer equipment and system |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1516401A (en) * | 2003-01-06 | 2004-07-28 | 华为技术有限公司 | Method for implementing multirole main machine based on virtual local network |
| CN101448051A (en) * | 2008-12-23 | 2009-06-03 | 杭州华三通信技术有限公司 | Voice calling method and edge device combined with virtual private network |
-
2009
- 2009-08-03 CN CN2009100891842A patent/CN101626338B/en not_active Expired - Fee Related
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1516401A (en) * | 2003-01-06 | 2004-07-28 | 华为技术有限公司 | Method for implementing multirole main machine based on virtual local network |
| CN101448051A (en) * | 2008-12-23 | 2009-06-03 | 杭州华三通信技术有限公司 | Voice calling method and edge device combined with virtual private network |
Non-Patent Citations (1)
| Title |
|---|
| JP特开2006-174508A 2006.06.29 |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101626338A (en) | 2010-01-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101626338B (en) | Method and device for realizing multiple virtual private network (VPN) examples | |
| CN102035729B (en) | Multicast data forwarding method | |
| US7570635B2 (en) | Multicast network unit, multicast network system, and multicast method | |
| US8934486B2 (en) | System and method for implementing multicast over a label-switched core network | |
| CN101616014B (en) | Method for realizing cross-virtual private local area network multicast | |
| CN101079806B (en) | Bi-directional forwarding in Ethernet-based service domains over networks | |
| CN100531138C (en) | Operator's boundary notes, virtual special LAN service communication method and system | |
| CN100542127C (en) | A kind of method of realizing group broadcasting based on multiservice transport platform | |
| US20100329252A1 (en) | Method and Apparatus for Enabling Multicast Route Leaking Between VRFs in Different VPNs | |
| JP2008079175A (en) | Frame transfer system | |
| CN102413060B (en) | User private line communication method and equipment used in VPLS (Virtual Private LAN (Local Area Network) Service) network | |
| CN102185778B (en) | Method and device for transmitting data based on VLL (Virtual Lease Line) | |
| CN102075446A (en) | Interconnection method of transparent interconnection network of lots of links in different places and operator edge device | |
| CN103326918A (en) | Message forwarding method and message forwarding equipment | |
| CN102316030A (en) | Method for realizing two-layer internetworking of data center and device | |
| CN100484080C (en) | Routing access method, system and operator edge equipment for virtual private network | |
| CN102571375B (en) | Multicast forwarding method and device as well as network device | |
| CN101631129B (en) | Method and device for transmitting multicast data | |
| CN103326940A (en) | Method for forwarding message in network and edge device of operator | |
| CN104579981B (en) | A kind of multicast data packet forwarding method and apparatus | |
| CN101299723B (en) | Method and apparatus for managing label switching route tunnel information | |
| CN102064999B (en) | Method and equipment for forwarding multicast message | |
| WO2021093463A1 (en) | Packet forwarding method, first network device, and first device group | |
| CN105591897B (en) | The MAC Address synchronous method and device of TRILL network | |
| CN102710510B (en) | Information processing method, apparatus and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address |
Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Patentee after: Xinhua three Technology Co., Ltd. Address before: 310053 Hangzhou hi tech Industrial Development Zone, Zhejiang province science and Technology Industrial Park, No. 310 and No. six road, HUAWEI, Hangzhou production base Patentee before: Huasan Communication Technology Co., Ltd. |
|
| CP03 | Change of name, title or address | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20111123 Termination date: 20200803 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |