CN102130831A - Networking method based on super virtual local area network (Super VLAN) technology - Google Patents
Networking method based on super virtual local area network (Super VLAN) technology Download PDFInfo
- Publication number
- CN102130831A CN102130831A CN2011100404745A CN201110040474A CN102130831A CN 102130831 A CN102130831 A CN 102130831A CN 2011100404745 A CN2011100404745 A CN 2011100404745A CN 201110040474 A CN201110040474 A CN 201110040474A CN 102130831 A CN102130831 A CN 102130831A
- Authority
- CN
- China
- Prior art keywords
- vlan
- switch
- network
- port
- layer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
For overcoming the problems in network construction investment, caused by two networking methods commonly used at present, the invention discloses a networking method based on a super virtual local area network (Super VLAN) technology. In the method, network equipment in a collective layer is only required to update to be a three-layer collective switch supporting the Super VLAN technology, so that the characteristics of the Super VLAN technology can be utilized sufficiently; and network equipment in an primary access layer and a core layer is maintained to be used (particularly, the network equipment in the access layer still can use a switch with simple functions and low price when a new network is established), thereby reaching the purpose that the networking mode of a traditional three-layer network (including an access layer, a collective layer and a core layer) is not changed, effectively solving network faults caused by the problems of network loop, address resolution protocol (ARP) attacks, dynamic host configuration protocol (DHCP) spoofing and the like, especially being capable of sufficiently protecting early investment, and greatly reducing the investment in the establishment of a new network or the update and renovation of a network.
Description
One, technical field
The present invention relates to computer network communication field, specifically relate to a kind of method of network organizing.
Two, background technology
Popularize and the development of broadband technology several thousand up to ten thousand at most at least of the network nodes of each large and medium-sized enterprise and universities and colleges along with Internet and Intranet.Because the user causes network failure to occur frequently to problems such as the existence, particularly network loop of the shortage of the understanding of network knowledge and technology and internet worm and network attack, ARP attacks, DHCP deceptions, often causes network paralysis in the time of seriously.Webmaster department not only spends great amount of manpower and searches and fix a breakdown, and has also delayed the use of user to network simultaneously.In order to keep the normal operation of network, network management department adopts at present:
1. on existing three-layer network (Access Layer, convergence-level, core layer) networking model basis shown in Figure 1, updating access-layer switch more, high-performance (has the mutual isolation of port, the restriction of speed, 802.1X realization Deng access function, network loop detects and ends, and DHCP intercepts and ARP detection of dynamic function) switch.
2. at Access Layer for each user distributes a VLAN, thoroughly solved interactional problem between the users such as network loop, network A RP attack, DHCP deception.Because the VLAN of the aspect of access segmentation, restriction for fear of 4KVLAN, need support three layers of convergence switch of QinQ technical capability at the network equipment of convergence-level, the network equipment in core layer should be able to provide highdensity VLAN termination function, and supports the BRAS core router (see figure 2) of QinQ termination ability (Common VLAN and QinQ VLAN simultaneously promptly can terminate).This networking model has alleviated the performance requirement of access layer network equipment, and (access switch only bears that the user inserts and the function of Layer 2 data forwarding, only need provide basic VLAN partition functionality), help reducing the investment of the access layer network equipment of One's name is legion.Guarantee the utilization of legacy network access device, save the investment funds, satisfy carrying out of current operation simultaneously, such as the IPV6 multicast service.
Above-mentioned network organizing pattern can effectively solve the network failure that problems such as network loop, ARP attack, DHCP deception cause really, has promoted the quality of the network operation.Yet brought following problems:
1. for the method for employing scheme networking model 1., the access-layer switch that the quantity accounting must be reached more than 90% updates more high performance switch.The access-layer switch of numerous quantity like this is that network is newly-built or upgrading all causes investment greatly.Particularly the switch that changes of network upgrade transformation can not re-use, and causes the massive losses of up-front investment.
2. 2. use the method for the networking model of QinQ technology for the employing scheme, must use three layers of convergence switch supporting the QinQ technical capability and the BRAS core router of supporting QinQ termination ability.Particularly BRAS router price is high, causes that the networking construction cost is huge to be increased.
Three, summary of the invention
The objective of the invention is to overcome the problem that networking investment aspect that the above-mentioned two class networking methods of present employing cause exists, a kind of network-building method (see figure 3) of utilizing super VLAN (SuperVlan) technology is provided.This method is as long as update into the network equipment of convergence-level three layers of convergence switch of support SuperVlan technical capability, keep and use the former Access Layer and the core layer network equipment, even but access layer network equipment simple, cheap switch of function of use still when New-deployed Network especially.Reached and neither changed traditional three-layer network (Access Layer, convergence-level, core layer) networking model; can effectively solve the network failure that problems such as network loop, ARP attack, DHCP deception cause again; particularly can protect early investment fully, reduce the investment cost that network is newly-built or renovate greatly.
The technical scheme of realization goal of the invention is solved by following steps.
Based on the networking method of SuperVLAN technology, its method step is as follows:
Step 1: initialization, respectively Access Layer, convergence-level switch are carried out that physics is installed and access-layer switch physically is connected down with convergence switch and core switch respectively, after checking that then switch physically connects correctly down, give switch power-up, start;
Step 2: access-layer switch is configured: according to switch Switch
iThe port number j of i=1....m creates j-1 VLAN successively respectively on switch
kThe n=2..3..j of k=i * (n-1) is for the name of convenient management VLAN should keep identical with the tag number (VID) of VLAN;
Step 3: with the port of the j on the switch according to each VLAN
kDistribute the principle of a user port successively m platform switch configuration to be finished, i.e. port of VLAN of a user.Simultaneously the port arrangement that connects convergence switch on the switch is become to support the port of relay capabilities, promptly be configured to Trunk port, reach the order ground of the data flow that can transmit a plurality of VLAN;
Step 4: to the configuration of convergence switch, at first on convergence switch, create K+2 VLAN, wherein the VID of K VLAN should be identical with the VID on the access-layer switch, enter the vlan configuration mode of K+1 then, the IP address of this VLAN and DHCP Server service or the DHCP proxy service function of this VLAN are set, guarantee that the equipment of user side obtains the IP address automatically;
Step 5: continue to be provided with the function which SuperVLAN this VLAN belongs to and open SuperVLAN, continuation is set to K VLAN the SubVLAN of SuperVLAN under this VLAN pattern, simultaneously Proxy Address Resolution Protocol (ARP) function of SubVLAN is closed, do not allow the intercommunication of each SubVLAN, reach two layers of effect of isolating mutually of network;
Step 6: with each of convergence switch connect down port and with core switch on the port that connects all be arranged to Trunk port, reach the order ground of the data flow that can transmit a plurality of VLAN;
Step 7: enter the vlan configuration mode of K+2, the IP address of this VLAN is set.Is the DHCP Server service function of looking then in the VLAN at SuperVLAN place provided with? if DHCP Server service is not set, then configuration DHCP agency service in this VLAN;
Step 8:, will be arranged to Trunk port with the port that connects under the convergence switch at this switch to the configuration of core switch.Create one with convergence switch on the VLAN VLAN with VID of the same name of K+2;
Step 9: enter the configuration mode of this VLAN, the IP address of this VLAN is set.Is the DHCP Server service function of looking then in the VLAN at SuperVLAN place of convergence switch provided with? if DHCP Server service is not set, the then DHCP Server service of the configuration SuperVLAN network segment in this VLAN;
Step 10: the route that continues in this VLAN, to dispose intercommunication between this VLAN and the SuperVLAN;
Step 11: preserve the system configuration of respective switch, restart respective switch then.
The basic principle of networking method that the present invention is based on the SuperVLAN technology is as follows:
The principle main portions of networking method of the present invention is exactly to have used super VLAN (SuperVlan) technology fully, and what is SuperVLAN so?
SuperVLAN is a kind of mode that VLAN divides.SuperVLAN is called VLAN aggregation again, is the administrative skill of a kind of special optimization IP address.Traditional information service firm (ISP) network is assigned with an IP subnet for each user, and per minute is joined a subnet, just has three IP addresses occupied, respectively as network number, broadcast address and the default gateway of subnet.If a large amount of unappropriated IP address is arranged in some users' the subnet, use also can't for other users.Therefore this method can cause the waste of IP address.SuperVLAN has effectively solved this problem, and its principle is that the IP with a network segment gives a plurality of different VLAN (being called SubVLAN), and these SubVLAN belong to a SuperVLAN.And each SubVLAN is an independently broadcast domain, isolates mutually for two layers between the different SubVLAN.So only be required to be SuperVLAN and distribute an IP subnet, and for each user sets up a SubVLAN, thereby the isolation between the different user guaranteed.
The IP address of all SubVLAN in can flexible allocation SuperVLAN subnet when the user in the SubVLAN need carry out three layers of communication, will use the IP address of virtual interface of SuperVLAN as default gateway.A plurality of like this VLAN share an IP address, thereby have saved the IP address resource.Simultaneously, in order to realize three layer intercommunications between different SubVLAN and the intercommunication of SubVLAN and other networks, need utilize the ARP proxy function.Can carry out the forwarding and the processing of ARP request and response message by ARP proxy, thereby realize three layer intercommunications between two layers of isolated port.
This shows that the original intention that adopts the SuperVLAN technology is in order to save IP address (it only needs the SuperVLAN that comprises a plurality of Sub VLAN is distributed an IP address).And not only utilize the SuperVLAN technology to save the characteristic of IP address based on the networking method of SuperVLAN technology, the more important thing is that utilizing each SubVLAN all is an independently broadcast domain, two layers of characteristic of isolating mutually between the different user.For each user distributes a VLAN, each VLAN only distributes a user port on access-layer switch.Like this influence between the different user is dropped to minimumly, thoroughly solved interactional problem between the users such as network loop, network A RP attack, DHCP deception.
The present invention is based on the networking method of SuperVLAN technology and traditional three-layer network (Access Layer, convergence-level, core layer) network-building method or use the method for the networking model of the QinQ technology following beneficial effect of having compared:
1. effectively solve the network failure that problems such as network loop, ARP attack, DHCP deception cause, promoted the quality of the network operation.
2. do not change the institutional framework of traditional three-layer network (Access Layer, convergence-level, core layer) network-building method, kept the flexibility of legacy network operation and the multifarious characteristics of application, strengthened the reliability of network.
3. because this method only updates into the three-tier switch of support SuperVLAN technical capability at the network equipment of Network Convergence Layer, alleviated the performance requirement of legacy network access layer network equipment, (access switch is only born the function that the user inserts and Layer 2 data is transmitted, only need provide basic VLAN partition functionality), keep and use the former Access Layer and the core layer network equipment, even but access layer network equipment simple, cheap switch of function of use still when New-deployed Network especially.Reduced the investment cost that network is newly-built or renovate greatly.
Four, description of drawings
Fig. 1: traditional three-layer network topological mode figure.
Fig. 2: the network topology ideograph that adopts the QinQ technology.
Fig. 3: based on the network topology ideograph of SuperVLAN technology.
Five, instantiation
1. example environment
Experimental situation is made of building, students' dormitory, a building, the network convergence device machine room that 720 information points and 1 3.3m * 3.3m * 3m are arranged in the building, settle 4 standard cabinets that 2m is high in the machine room, 8 of the switches that 16 of the switches of bay μ Hammer2024E 24 ports and Avaya P334T 48 ports are installed are as user's access switch, and StarNet's RG-S5760 three-tier switch is as convergence switch.2 of the switches of 4 of the switches of 24 ports and 48 ports are installed respectively in each rack, No. 1 port of each switch links to each other with StarNet RG-S5760 convergence switch with twisted pair network cable respectively, and the RG-S5760 of StarNet convergence switch usefulness multimode fiber line links to each other with StarNet RG-S8606 core switch.
2. realize
1. respectively 24 user's access switch are carried out VLAN and divide and port arrangement, wherein the related content of gulf, Taiwan and Hongkong μ Hammer2024E switch configuration shows below:
2. to the configuration of the RG-S5760 of StarNet convergence switch, the related content of configuration shows below:
3. to the configuration of the RG-S8606 of StarNet core switch, the related content of configuration shows below:
After setting is finished, preserve the configuration of respective switch, restart switch, experiment is finished.
As seen the performance requirement to access switch is lower from above-mentioned deploy content, is fit to simple, the cheap switch of a large amount of functions of use.Configuration to core switch need not done big change yet, crucial part is in the Supper VLAN on the convergence switch and the network interconnection between the core switch, because the SuperVLAN technology is not supported the 802.1Q agreement, therefore must on convergence switch, create a Common VLAN as springboard, Supper VLAN and core switch be carried out bridge joint reach interconnected between the network.
Claims (1)
1. based on the networking method of SuperVLAN technology, its method step is as follows:
Step 1: initialization, respectively Access Layer, convergence-level switch are carried out that physics is installed and access-layer switch physically is connected down with convergence switch and core switch respectively, after checking that then switch physically connects correctly down, give switch power-up, start;
Step 2: access-layer switch is configured: according to switch Switch
iThe port number j of i=1....m creates j-1 VLAN successively respectively on switch
kThe n=2..3..j of k=i * (n-1) is for the name of convenient management VLAN should keep identical with the tag number (VID) of VLAN;
Step 3: with the port of the j on the switch according to each VLAN
kDistribute the principle of a user port successively m platform switch configuration to be finished, i.e. port of VLAN of a user.Simultaneously the port arrangement of linking convergence switch on the switch is become to support the port of relay capabilities, promptly be configured to Trunk port, reach the order ground of the packet that can transmit a plurality of VLAN;
Step 4: to the configuration of convergence switch: at first on convergence switch, create K+2 VLAN, wherein the VID of K VLAN should be identical with the VID on the access-layer switch, enter the vlan configuration mode of K+1 then, the IP address of this VLAN and DHCP Server service or the DHCP proxy service function of this VLAN are set, guarantee that the equipment of user side obtains the IP address automatically;
Step 5: continue to be provided with the function which SuperVLAN this VLAN belongs to and open SuperVLAN, continuation is set to K VLAN the SubVLAN of SuperVLAN under this VLAN pattern, simultaneously Proxy Address Resolution Protocol (ARP) function of SubVLAN is closed, do not allow the intercommunication of each SubVLAN, reach two layers of effect of isolating mutually of network;
Step 6: with each of convergence switch connect down port and with core switch on the port that connects all be arranged to Trunk port, reach the order ground that each port all can transmit the packet of a plurality of VLAN;
Step 7: enter the vlan configuration mode of K+2, the IP address of this VLAN is set.Is the DHCP Server service function of looking then in the VLAN at SuperVLAN place provided with? if DHCP Server service is not set, then configuration DHCP agency service in this VLAN;
Step 8: to the configuration of core switch: will be arranged to Trunk port with the port that connects under the convergence switch at this switch.Create one with convergence switch on the VLAN VLAN with VID of the same name of K+2;
Step 9: enter the configuration mode of this VLAN, the IP address of this VLAN is set.Is the DHCP Server service function of looking then in the VLAN at SuperVLAN place of convergence switch provided with? if DHCP Server service is not set, the then DHCP Server service of the configuration SuperVLAN network segment in this VLAN;
Step 10: the route that continues in this VLAN, to dispose intercommunication between this VLAN and the SuperVLAN;
Step 11: preserve the system configuration of respective switch, restart respective switch then.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011100404745A CN102130831A (en) | 2011-02-18 | 2011-02-18 | Networking method based on super virtual local area network (Super VLAN) technology |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011100404745A CN102130831A (en) | 2011-02-18 | 2011-02-18 | Networking method based on super virtual local area network (Super VLAN) technology |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102130831A true CN102130831A (en) | 2011-07-20 |
Family
ID=44268725
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011100404745A Pending CN102130831A (en) | 2011-02-18 | 2011-02-18 | Networking method based on super virtual local area network (Super VLAN) technology |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102130831A (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102916850A (en) * | 2012-08-23 | 2013-02-06 | 歌尔声学股份有限公司 | Computer network loop detecting method |
| WO2013152552A1 (en) * | 2012-04-10 | 2013-10-17 | 中兴通讯股份有限公司 | Method for implementing virtual network, and network management system |
| CN104936195A (en) * | 2015-06-15 | 2015-09-23 | 中兴国通通讯装备技术(北京)有限公司 | Method for realizing self-organizing network by using LTE wireless network and CPE as IP Backhaul |
| CN105897541A (en) * | 2016-04-11 | 2016-08-24 | 烽火通信科技股份有限公司 | Method of enabling SUPER VLAN and VLANIF to be compatible in IPRAN system |
| CN109450768A (en) * | 2018-11-01 | 2019-03-08 | 中国联合网络通信集团有限公司 | The method of container interconnection and the system interconnected for container |
| CN111030931A (en) * | 2019-12-17 | 2020-04-17 | 苏州浪潮智能科技有限公司 | Method and equipment for forwarding priority label across network segments |
| CN112187674A (en) * | 2020-08-26 | 2021-01-05 | 广州锦行网络科技有限公司 | Network structure and networking method supporting IPv4 and IPv6 dual-stack mixing |
| CN114710388A (en) * | 2022-03-25 | 2022-07-05 | 江苏科技大学 | Campus network security architecture and network monitoring system |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6914905B1 (en) * | 2000-06-16 | 2005-07-05 | Extreme Networks, Inc. | Method and system for VLAN aggregation |
| CN101005434A (en) * | 2007-01-15 | 2007-07-25 | 杭州华为三康技术有限公司 | Polymerizing method for two layer multicast virtual local area network and its convergent exchanger |
-
2011
- 2011-02-18 CN CN2011100404745A patent/CN102130831A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6914905B1 (en) * | 2000-06-16 | 2005-07-05 | Extreme Networks, Inc. | Method and system for VLAN aggregation |
| CN101005434A (en) * | 2007-01-15 | 2007-07-25 | 杭州华为三康技术有限公司 | Polymerizing method for two layer multicast virtual local area network and its convergent exchanger |
Non-Patent Citations (1)
| Title |
|---|
| 费博: "《防止ARP攻击的SUPER VLAN技术》", 《计算机与信息技术》 * |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103368764B (en) * | 2012-04-10 | 2018-05-04 | 中兴通讯股份有限公司 | The implementation method and Network Management System of a kind of virtual network |
| WO2013152552A1 (en) * | 2012-04-10 | 2013-10-17 | 中兴通讯股份有限公司 | Method for implementing virtual network, and network management system |
| CN103368764A (en) * | 2012-04-10 | 2013-10-23 | 中兴通讯股份有限公司 | Virtual-network realization method and network management system |
| US9413603B2 (en) | 2012-04-10 | 2016-08-09 | Zte Corporation | Method for implementing virtual network, and network management system |
| CN102916850B (en) * | 2012-08-23 | 2015-08-26 | 歌尔声学股份有限公司 | A kind of computer network loop detecting method |
| CN102916850A (en) * | 2012-08-23 | 2013-02-06 | 歌尔声学股份有限公司 | Computer network loop detecting method |
| CN104936195B (en) * | 2015-06-15 | 2018-07-17 | 中兴国通通讯装备技术(北京)有限公司 | A kind of ad hoc network implementation method using LTE wireless networks and CPE as IP Backhaul |
| CN104936195A (en) * | 2015-06-15 | 2015-09-23 | 中兴国通通讯装备技术(北京)有限公司 | Method for realizing self-organizing network by using LTE wireless network and CPE as IP Backhaul |
| CN105897541A (en) * | 2016-04-11 | 2016-08-24 | 烽火通信科技股份有限公司 | Method of enabling SUPER VLAN and VLANIF to be compatible in IPRAN system |
| CN105897541B (en) * | 2016-04-11 | 2018-11-06 | 烽火通信科技股份有限公司 | The method of compatible SUPER VLAN and VLANIF in IPRAN systems |
| CN109450768A (en) * | 2018-11-01 | 2019-03-08 | 中国联合网络通信集团有限公司 | The method of container interconnection and the system interconnected for container |
| CN109450768B (en) * | 2018-11-01 | 2021-06-01 | 中国联合网络通信集团有限公司 | Method for interconnecting containers and system for interconnecting containers |
| CN111030931A (en) * | 2019-12-17 | 2020-04-17 | 苏州浪潮智能科技有限公司 | Method and equipment for forwarding priority label across network segments |
| CN112187674A (en) * | 2020-08-26 | 2021-01-05 | 广州锦行网络科技有限公司 | Network structure and networking method supporting IPv4 and IPv6 dual-stack mixing |
| CN112187674B (en) * | 2020-08-26 | 2021-07-16 | 广州锦行网络科技有限公司 | Network structure and networking method supporting IPv4 and IPv6 dual-stack mixing |
| CN114710388A (en) * | 2022-03-25 | 2022-07-05 | 江苏科技大学 | Campus network security architecture and network monitoring system |
| CN114710388B (en) * | 2022-03-25 | 2024-01-23 | 江苏科技大学 | Campus network security system and network monitoring system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11463279B2 (en) | Method and apparatus for implementing a flexible virtual local area network | |
| CN102130831A (en) | Networking method based on super virtual local area network (Super VLAN) technology | |
| US8175103B2 (en) | Dynamic networking of virtual machines | |
| EP2859444B1 (en) | Elastic enforcement layer for cloud security using sdn | |
| EP2491684B1 (en) | Method and apparatus for transparent cloud computing with a virtualized network infrastructure | |
| CN109716717A (en) | From software-defined network controller management virtual port channel switching equipment peer-to-peer | |
| WO2018157299A1 (en) | Virtualization method for optical line terminal (olt) device, and related device | |
| CN106789367A (en) | The construction method and device of a kind of network system | |
| US20100031253A1 (en) | System and method for a virtualization infrastructure management environment | |
| CN110838964B (en) | Network docking system for virtual network and physical network | |
| TW200913614A (en) | Data center virtual local area network system and method | |
| Barabash et al. | A case for overlays in dcn virtualization | |
| CN102255903A (en) | Safety isolation method for virtual network and physical network of cloud computing | |
| CN106899478A (en) | The method that power test business realizes resource resilient expansion by cloud platform | |
| CN104092684A (en) | Method and device for supporting VPN based on OpenFlow protocol | |
| CN111083148A (en) | Method for realizing VPN gateway based on cloud computing field | |
| CN106027396B (en) | A kind of route control method, device and system | |
| CN108574613A (en) | The double layer intercommunication method and device of SDN data centers | |
| CN116155650B (en) | Data message forwarding method and equipment and electronic equipment | |
| CN103873338A (en) | Method for realizing network virtualization by utilizing binding and VLANs (Virtual Local Area Networks) | |
| US10944665B1 (en) | Auto-discovery and provisioning of IP fabric underlay networks for data centers | |
| CN202696647U (en) | Control system network architecture | |
| CN103259944B (en) | Method for configuring IP soft switch system and different intranet switchboards | |
| WO2013140507A1 (en) | Network integration device, network integration method, and network integration system | |
| CN109039909A (en) | A kind of method and device of message forwarding |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20110720 |
|
| WD01 | Invention patent application deemed withdrawn after publication |