CN101729355B - Method for realizing particular virtual local area network and device - Google Patents

Method for realizing particular virtual local area network and device Download PDF

Info

Publication number
CN101729355B
CN101729355B CN 200910242136 CN200910242136A CN101729355B CN 101729355 B CN101729355 B CN 101729355B CN 200910242136 CN200910242136 CN 200910242136 CN 200910242136 A CN200910242136 A CN 200910242136A CN 101729355 B CN101729355 B CN 101729355B
Authority
CN
China
Prior art keywords
port
pvlan
data
vlan
inbound
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN 200910242136
Other languages
Chinese (zh)
Other versions
CN101729355A (en
Inventor
钱勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN 200910242136 priority Critical patent/CN101729355B/en
Publication of CN101729355A publication Critical patent/CN101729355A/en
Priority to BR112012013727A priority patent/BR112012013727A2/en
Priority to PCT/CN2010/077818 priority patent/WO2011069392A1/en
Application granted granted Critical
Publication of CN101729355B publication Critical patent/CN101729355B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]

Abstract

The invention discloses a method for realizing a particular virtual local area network, which comprises the steps of: setting the port type of the particular virtual local area network (PVLAN) of each port in an inlet VALN table and an outlet VLAN table of the built virtual local area network (PVLAN); and comparing the PVLAN port type of the inlet in the inlet VALN table with the PVLAN port type of the outlet in the outlet VALN table when two-stage date enters into switch equipment to be transferred; and transmitting the date when the transmission requirement is met. The invention further discloses a device for realizing the particular virtual local area network. The technical scheme of the invention can conveniently realize the PVLAN function and easily be dilated, and can save the resource overhead of hardware caused by finding complex port segregation tables.

Description

A kind of implementation method of particular virtual local area network and device
Technical field
The present invention relates to virtual local area network technology in the data communication, relate in particular to a kind of implementation method and device of particular virtual local area network.
Background technology
VLAN (VLAN; Virtual Local Area Network) be the technology that produces for the broadcasting packet that limits double layer network at first; VLAN is divided into a plurality of two straton nets with a flat double layer network; Can not communicate with one another between subnet, broadcasting packet is limited in the sub-net, increase the management of performance and the security performance of double layer network.
Fast development along with network application; Ethernet has experienced the development of 10 megabit Ethernets, 100 megabit Fast Ethernets, 1 gigabit Ethernet and 10 gigabit Ethernets; In this process, the user can propose increasingly high requirement in the expansion aspect for network.Existing nowadays traditional vlan technology can't solve the limitation that existing network can the expansion aspect, and existing network model is that this model has brought a lot of limitation, mainly comprises for each user distributes single-vlan and IP subnet:
(1) restriction of VLAN: the intrinsic VLAN quantity of switch is 4096, and this resource is limited;
(2) restriction of Spanning-Tree Protocol (STP, Spanning Tree Protocol) management: the spanning-tree topology managerial demand of VLAN is according to STP operation STP algorithm, and the STP algorithm is very complicated;
(3) restriction of IP address: the quantity of IP address is limited, and the division of IP subnet, each IP subnet can take corresponding IP address, therefore can bring the waste of IP address;
(4) restriction of route: each subnet all needs the allocating default gateway, and then just needs to safeguard, manage a large amount of routes;
For addressing the above problem, prior art has produced a kind of new technology on vlan basis: particular virtual local area network (PVLAN, Private VLAN), and PVLAN adopts two-layer VLAN isolation technology, has only the VLAN overall situation in upper strata visible, and the VLAN of lower floor realizes isolating.In PVLAN; Switch ports themselves is divided into three types: isolated port (Isolated port), group's port (Community port), Hybrid port (Promiscuous port); Wherein, isolated port and group's port belong to the VLAN of lower floor, and Hybrid port belongs to upper strata VLAN.Between the different PVLAN, any port all can not communicate through media interviews control (MAC) address interconnect of Ethernet.In the same PVLAN, isolated port can only be communicated by letter with Hybrid port, and two isolated ports can not exchange message each other; Group's port can be communicated by letter with Hybrid port, and two group's ports also can exchange message each other; Hybrid port links to each other with router or layer-3 switch interface, and the message that it is received can mail to isolated port and group's port.
At present, PVLAN realizes through the port isolation table usually, should table through the key-course software administration, and repeater system is that the port isolation table looked in index with VLAN, inbound port, outbound port in the process of E-Packeting, and whether determines converting flow.
Along with switch is supported the increase of port number, and a port can belong to a plurality of VLAN, so; It is big that the port isolation table also becomes thereupon; So, just bring the difficulty of aspects such as storage, management, maintenance, therefore present most of switches are conditional to the support of PVLAN; Usually only support the PVLAN of some, obviously this can't satisfy growing network demand; Simultaneously, switch adopts hardware to transmit in order to realize performance requirement usually, judges through looking into the port isolation table whether message is transmitted, and this also will take certain hardware resource expense.
Summary of the invention
In view of this, main purpose of the present invention is to provide a kind of implementation method and device of particular virtual local area network, can realize pvlan feature easily and be easy to dilatation, also will reduce taking of hardware resource expense.
For achieving the above object, technical scheme of the present invention is achieved in that
The implementation method of a kind of particular virtual local area network provided by the invention; In the inbound port vlan table and outbound port vlan table of the VLAN that creates; The PVLAN port type of each port in the VLAN is set through network management interface; The PVLAN port type comprises: isolated port, group's port and Hybrid port are index with port numbers+vlan information, are saved in inbound port vlan table and outbound port vlan table respectively; This method also comprises:
When Layer 2 data entering switching equipment is transmitted, PVLAN port type and data outbound port the PVLAN port type in outbound port vlan table of data query inbound port in the inbound port vlan table;
The outbound port PVLAN port type of the inbound port PVLAN port type of comparing data and data; At the inbound port PVLAN port type of data and the outbound port PVLAN port type of data; Wherein any one is Hybrid port, when perhaps being group's port, carries out data forwarding.
In the such scheme, the PVLAN port type of said data query inbound port in the inbound port vlan table is specially: according to VLAN inquiry inbound port vlan table under the inbound port of data number and the data, obtain inbound port PVLAN port type.
In the such scheme, the inquiry of the PVLAN port type of said data outbound port in the outbound port vlan table is specially: inquire the port vlan table according to VLAN under outbound port number and the data, obtain outbound port PVLAN port type.
In the such scheme, this method further comprises: transmit when requiring not meeting, abandon data.
The implement device of a kind of particular virtual local area network provided by the invention is characterized in that, this device comprises: port is provided with module, interface querying module, comparison module, forwarding module; Wherein,
Port is provided with module; Be used for inbound port vlan table and outbound port vlan table at the VLAN that creates; The PVLAN port type of each port in the VLAN is set through network management interface; The PVLAN port type comprises: isolated port, group's port and Hybrid port are index with port numbers+vlan information, are saved in inbound port vlan table and outbound port vlan table respectively;
The interface querying module is used for obtaining inbound port PVLAN port type according to VLAN inquiry inbound port vlan table under the inbound port of data number and the data; And VLAN inquires the port vlan table under the outbound port that will transmit according to data number and the data, obtains outbound port PVLAN port type;
Comparison module; Be used for the inbound port PVLAN port type of comparing data and the outbound port PVLAN port type of data; At the inbound port PVLAN port type of data and the outbound port PVLAN port type of data; Wherein any one is Hybrid port, when perhaps being group's port, and the notice forwarding module;
Forwarding module is used to transmit data.
In the such scheme, said interface querying module further comprises: inbound port enquiry module and outbound port enquiry module, wherein,
The inbound port enquiry module is used for obtaining inbound port PVLAN port type according to VLAN inquiry inbound port vlan table under the inbound port of data number and the data;
VLAN inquires the port vlan table under the outbound port enquiry module, the outbound port that is used for will transmitting according to data number and data, obtains outbound port PVLAN port type.
In the such scheme, this device further comprises: discard module is used to abandon data;
Accordingly, said comparison module is further used for not transmitting when requiring the notice discard module meeting.The implementation method of particular virtual local area network provided by the present invention and device; The PVLAN port type of each port is set in the inbound port vlan table of the VLAN that creates and outbound port vlan table; When Layer 2 data entering switching equipment is transmitted; Through PVLAN port type and outbound port the PVLAN port type in outbound port vlan table of inbound port in the inbound port vlan table relatively, when meeting forwarding and require, carry out data forwarding; So, can realize pvlan feature easily, and need can not expand more VLAN and realize PVLAN for PVLAN creates the port isolation table; And the shared hardware resource expense of saving hardware searching complicated port segregation table.
Description of drawings
Fig. 1 is the schematic flow sheet of the implementation method of particular virtual local area network of the present invention;
Fig. 2 is the structural representation of the implement device of particular virtual local area network of the present invention.
Embodiment
Basic thought of the present invention is: the PVLAN port type that each port is set in the inbound port vlan table of the VLAN that creates and outbound port vlan table; When Layer 2 data gets into switching equipment and transmits, the PVLAN port type of data query inbound port in the inbound port vlan table, and the PVLAN port type of data outbound port in the outbound port vlan table; Through relatively inbound port PVLAN port type and outbound port PVLAN port type, confirm to carry out data forwarding when requiring meeting forwarding; Thereby realize the function of PVLAN.
Through accompanying drawing and specific embodiment the present invention is done further detailed description more below.
The implementation method of particular virtual local area network of the present invention, as shown in Figure 1, this method may further comprise the steps:
Step 101: the PVLAN port type that each port is set in the inbound port vlan table of the VLAN that creates and outbound port vlan table;
Concrete; Create VLAN through network management interface; And create inbound port vlan table (IngressPortVlan table) and the outbound port vlan table (EgressPortVlan table) of this VLAN, the switching equipment port is joined in the inbound port vlan table and outbound port vlan table of this VLAN;
Through network management interface the PVLAN port type of each port in the VLAN is set, the PVLAN port type comprises: isolated port, group's port and Hybrid port, default port type all are Hybrid port.With the index of port numbers+vlan information, be saved in inbound port vlan table and the outbound port vlan table of said VLAN respectively as inbound port vlan table and outbound port vlan table.Said vlan information can be VLAN name, VLAN address etc.
Step 102: Layer 2 data gets in the up handling process that switch transmits, and according to VLAN inquiry inbound port vlan table under the inbound port of data number and the data, obtains inbound port PVLAN port type;
Step 103:, jump to the corresponding outbound port of the switching equipment that to transmit according to the mac address forwarding table of data;
Step 104: in the downlink processing flow process that data are transmitted, inquire the port vlan table, obtain outbound port PVLAN port type according to VLAN under outbound port number and the data;
Whether meet the forwarding requirement through step 105 and step 106 judgment data below;
Step 105: inbound port PVLAN port type that relatively obtains and outbound port PVLAN port type judge whether that wherein any one is Hybrid port, if then execution in step 108; If not, then execution in step 106;
Step 106: inbound port PVLAN port type that relatively obtains and outbound port PVLAN port type judge whether to be group's port, if then execution in step 108; If not, then execution in step 107;
Step 107: abandon data, finish forwarding process.
Step 108: data are normally transmitted by the outbound port that will transmit.
For realizing said method, the present invention also provides the implement device of particular virtual local area network, and is as shown in Figure 2, and this device comprises: port is provided with module 20, interface querying module 21, comparison module 22, forwarding module 23; Wherein,
Port is provided with module 20, is used at the inbound port vlan table of the VLAN that creates and the PVLAN port type that the outbound port vlan table is provided with each port;
Interface querying module 21 is used for obtaining inbound port PVLAN port type according to VLAN inquiry inbound port vlan table under the inbound port of data number and the data; And VLAN inquires the port vlan table under the outbound port that will transmit according to data number and the data, obtains outbound port PVLAN port type;
Comparison module 22 is used for the inbound port PVLAN port type of comparing data and the outbound port PVLAN port type of data, transmits when requiring notice forwarding module 23 meeting;
Said meet transmit to require be: the outbound port PVLAN port type of the inbound port PVLAN port type of data and data, wherein any one is Hybrid port; Perhaps, the outbound port PVLAN port type of the inbound port PVLAN port type of data and data is group's port;
Forwarding module 23 is used for transmitting data by the outbound port that will transmit.
Said interface querying module 21 further includes interface querying module 211, outbound port enquiry module 212, wherein,
Inbound port enquiry module 211 is used for obtaining inbound port PVLAN port type according to VLAN inquiry inbound port vlan table under the inbound port of data number and the data;
VLAN inquires the port vlan table under the outbound port enquiry module 212, the outbound port that is used for will transmitting according to data number and data, obtains outbound port PVLAN port type;
This device further comprises discard module 24, be used to abandon the data that will transmit.
Accordingly, said comparison module 22 is further used for not transmitting when requiring notice discard module 24 meeting.
The above is merely preferred embodiment of the present invention, is not to be used to limit protection scope of the present invention, all any modifications of within spirit of the present invention and principle, being done, is equal to replacement and improvement etc., all should be included within protection scope of the present invention.

Claims (7)

1. the implementation method of a particular virtual local area network; It is characterized in that; In the inbound port vlan table and outbound port vlan table of the Virtual Local Area Network of creating, through network management interface the PVLAN port type of each port in the VLAN is set, the PVLAN port type comprises: isolated port, group's port and Hybrid port; With port numbers+vlan information is index, is saved in inbound port vlan table and outbound port vlan table respectively;
This method also comprises:
When Layer 2 data entering switching equipment is transmitted, PVLAN port type and data outbound port the PVLAN port type in outbound port vlan table of data query inbound port in the inbound port vlan table;
The outbound port PVLAN port type of the inbound port PVLAN port type of comparing data and data; At the inbound port PVLAN port type of data and the outbound port PVLAN port type of data; Wherein any one is Hybrid port, when perhaps being group's port, carries out data forwarding.
2. method according to claim 1; It is characterized in that; The PVLAN port type of said data query inbound port in the inbound port vlan table is specially: according to VLAN inquiry inbound port vlan table under the inbound port of data number and the data, obtain inbound port PVLAN port type.
3. method according to claim 1; It is characterized in that; The inquiry of the PVLAN port type of said data outbound port in the outbound port vlan table is specially: inquire the port vlan table according to VLAN under outbound port number and the data, obtain outbound port PVLAN port type.
4. method according to claim 1 is characterized in that, this method further comprises: transmit when requiring not meeting, abandon data.
5. the implement device of a particular virtual local area network is characterized in that, this device comprises: port is provided with module, interface querying module, comparison module, forwarding module; Wherein,
Port is provided with module; Be used for inbound port vlan table and outbound port vlan table at the VLAN that creates; The PVLAN port type of each port in the VLAN is set through network management interface; The PVLAN port type comprises: isolated port, group's port and Hybrid port are index with port numbers+vlan information, are saved in inbound port vlan table and outbound port vlan table respectively;
The interface querying module is used for obtaining inbound port PVLAN port type according to VLAN inquiry inbound port vlan table under the inbound port of data number and the data; And VLAN inquires the port vlan table under the outbound port that will transmit according to data number and the data, obtains outbound port PVLAN port type;
Comparison module; Be used for the inbound port PVLAN port type of comparing data and the outbound port PVLAN port type of data; At the inbound port PVLAN port type of data and the outbound port PVLAN port type of data; Wherein any one is Hybrid port, when perhaps being group's port, and the notice forwarding module;
Forwarding module is used to transmit data.
6. device according to claim 5 is characterized in that, said interface querying module further comprises: inbound port enquiry module and outbound port enquiry module, wherein,
The inbound port enquiry module is used for obtaining inbound port PVLAN port type according to VLAN inquiry inbound port vlan table under the inbound port of data number and the data;
VLAN inquires the port vlan table under the outbound port enquiry module, the outbound port that is used for will transmitting according to data number and data, obtains outbound port PVLAN port type.
7. according to claim 5 or 6 described devices, it is characterized in that this device further comprises: discard module is used to abandon data;
Accordingly, said comparison module is further used for not transmitting when requiring the notice discard module meeting.
CN 200910242136 2009-12-08 2009-12-08 Method for realizing particular virtual local area network and device Expired - Fee Related CN101729355B (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
CN 200910242136 CN101729355B (en) 2009-12-08 2009-12-08 Method for realizing particular virtual local area network and device
BR112012013727A BR112012013727A2 (en) 2009-12-08 2010-10-18 method and apparatus for implementing a virtual private local area network (pvlan)
PCT/CN2010/077818 WO2011069392A1 (en) 2009-12-08 2010-10-18 Method and apparatus to implement virtual local area network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 200910242136 CN101729355B (en) 2009-12-08 2009-12-08 Method for realizing particular virtual local area network and device

Publications (2)

Publication Number Publication Date
CN101729355A CN101729355A (en) 2010-06-09
CN101729355B true CN101729355B (en) 2012-07-18

Family

ID=42449619

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 200910242136 Expired - Fee Related CN101729355B (en) 2009-12-08 2009-12-08 Method for realizing particular virtual local area network and device

Country Status (3)

Country Link
CN (1) CN101729355B (en)
BR (1) BR112012013727A2 (en)
WO (1) WO2011069392A1 (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101729355B (en) * 2009-12-08 2012-07-18 中兴通讯股份有限公司 Method for realizing particular virtual local area network and device
CN103368764B (en) * 2012-04-10 2018-05-04 中兴通讯股份有限公司 The implementation method and Network Management System of a kind of virtual network
CN102833366B (en) * 2012-08-27 2016-03-30 神州数码网络(北京)有限公司 MAC address learning method and system thereof in a kind of PVLAN mac address table, PVLAN
CN103685082B (en) * 2012-09-21 2017-06-16 新华三技术有限公司 A kind of method and apparatus for realizing virtual unit on switches
WO2014189554A1 (en) * 2013-05-20 2014-11-27 Citrix Systems, Inc. Methods and systems for creating and managing network groups
CN106685788B (en) * 2017-01-10 2019-10-11 盛科网络(苏州)有限公司 The chip implementing method of PVLAN under stacking mode
CN112311737A (en) * 2019-07-31 2021-02-02 中兴通讯股份有限公司 Flow isolation method, device and equipment and storage medium
CN110933106B (en) * 2019-12-13 2022-03-22 迈普通信技术股份有限公司 PVLAN isolation method and device, electronic equipment and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101022392A (en) * 2007-03-06 2007-08-22 华为技术有限公司 Virtual local network-based data exchanging method and equipment
CN101035052A (en) * 2007-04-25 2007-09-12 中兴通讯股份有限公司 Port separation method based on the virtual LAN
CN101572655A (en) * 2008-04-29 2009-11-04 华为技术有限公司 Method and equipment for port isolation

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100461732C (en) * 2006-06-16 2009-02-11 华为技术有限公司 Ethernet technology switching and forwarding method, system and equipment
CN101729355B (en) * 2009-12-08 2012-07-18 中兴通讯股份有限公司 Method for realizing particular virtual local area network and device

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101022392A (en) * 2007-03-06 2007-08-22 华为技术有限公司 Virtual local network-based data exchanging method and equipment
CN101035052A (en) * 2007-04-25 2007-09-12 中兴通讯股份有限公司 Port separation method based on the virtual LAN
CN101572655A (en) * 2008-04-29 2009-11-04 华为技术有限公司 Method and equipment for port isolation

Also Published As

Publication number Publication date
CN101729355A (en) 2010-06-09
WO2011069392A1 (en) 2011-06-16
BR112012013727A2 (en) 2016-03-15

Similar Documents

Publication Publication Date Title
CN101729355B (en) Method for realizing particular virtual local area network and device
CN102025591B (en) Method and system for implementing virtual private network
CN101616014B (en) Method for realizing cross-virtual private local area network multicast
CN101841451B (en) Virtual local area network-based speed limiting method and system for cloud hosts
CN100450080C (en) Method and apparatus for astringing two layer MAC address
CN1199400C (en) Master-standby switching and load sharing system and method based on Ethernet access platform
CN101035052B (en) Port separation method based on the virtual LAN
CN102148766B (en) Method for service interworking in PON (passive optical network) under three-layer function networking
CN100407704C (en) Method of dynamically learning address on MAC layer
CN101707545B (en) Method and system for realizing private virtual local area network
CN100358322C (en) Method of multilayer VLAN switching
CN101257447A (en) Method, system and routing apparatus of load sharing
CN101778035B (en) Virtual private LAN service communication method and device
CN102984070B (en) A kind of Ethernet is without the method for numbering Interface realization data retransmission
CN103501280A (en) Access method of multilayer virtual overlay network
CN100563205C (en) The implementation method of user-isolated virtual local area network (LAN) and the network equipment of application thereof
CN101800691A (en) Method, equipment and system for establishing data forwarding paths in ethernets
CN101635702A (en) Method for forwarding data packet using security strategy
CN106657442A (en) Method and system for realizing media shared storage network based on VxLAN
CN101335685A (en) Method implementing priority process of special packet by redirecting technique
CN100382541C (en) Virtual circuit exchanging method based on MAC studying
CN100413281C (en) Method for realizing virtual exchange using QinQ technique
CN100413260C (en) Method for configurating slave node of virtual LAN
CN101009618A (en) Communication device and implementation method with the LAN/WAN port switching function
CN100454890C (en) Data exchange method based on virtual local area network

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20120718

Termination date: 20191208

CF01 Termination of patent right due to non-payment of annual fee