CN102549990B - Method and device for generating forwarding table term of virtual private network - Google Patents

Abstract

The invention discloses a method and a device for generating forward table term of virtual private network. The method includes that: a master node of virtual cluster network element (VNE) generates a VNE business information using VNE as a single network element according to pre-configurated virtual private network (VPN) business; the master node determines a first VPN terminal and a second terminal which one VPN channel of VPN pass through in VNE, wherein the VPN is corresponding to the VPN business information; according to the VPN business information, the local VPN forwarding table terms are generated for the first terminal and the second terminal of VPN separately. The invention has the advantage that a method of generating the forward table term, which is needed when VPN runs, in the terminal of VNE for VPN is provided, so that the VNE can support the VPN and the practicability of the the VNE technology is improved significantly.

Description

A kind of method and apparatus of generating forwarding table term of virtual private network

Technical field

The present invention relates to the communications field, relate in particular to the method and apparatus of a kind of generating virtual private network (VPN) forwarding-table item.

Background technology

Tradition access point (PoP) group-network construction has the hierarchical structure of two-layer or multilayer, is divided into different levels according to function and deployed position, for example, be divided into core layer, convergence-level, edge access layer and equity.Between each layer in PoP networking, conventionally adopt dual-homed redundancy link to improve reliability, successively converge and routing user flow.Due to network traffics and broadband user's sustainable growth, operator carried out a scale dilatation every 1 to 2 year conventionally, mainly realized dilatation by increasing PoP level, device quantity, replacing apparatus platform or port capacity.

Wherein, the device of described Access Layer is responsible for customer flow access, and abundant type of user interface is provided, and node distributes wide, and port density is large.The device of described convergence-level is responsible for converging and route access node flow, expands the Service coverage of core node, and port type is abundant, and aggregate capabilities is strong, possesses Multiple Business Management ability.The device of described core layer is responsible for high speed forward, interregional business intercommunication and route, and nodes is less.

This PoP framework is piled up and is formed by multiple device, dual-homed interconnected a large amount of physical ports that take between device, and device port resource and energy resource consumption waste is serious, converges the more wastes of level larger.Install more and morphotype professional ability is different, topological structure complexity, causes integrated services and expansion difficulty, configuration is complicated, overhead is large, overall co-ordination weak effect, safety/OAM/ reliability/QoS are disposed complexity and had some setbacks.Converging level, more inner to forward jumping figures more, cause that routing convergence is slow and routing stability is poor, fault management difficulty.

Along with network size, traffic carrying capacity and number of users constantly increase, IP bearer network PoP points are more and more, network is more and more intensive, interconnected degree is more and more higher, needs to integrate and simplified network structure, improves resource utilization, reduce costs, energy efficient, reduces management complexity, improves routing convergence and stability.

In prior art, there is a kind of virtual exchange system (VSS, virtual switching system).Two physical switches of this system are combined into a virtual switch, by control and management planar set therein in a physical switches, mainly for two or many main devices of exchange in consolidated network layer, are applicable to simple catenary, ring topology.But this virtual exchange system can not be supported Virtual Private Network (VPN).

Summary of the invention

One object of the present invention is for providing a kind of method and apparatus of generating forwarding table term of virtual private network

Technical solution of the present invention is as follows:

An aspect of of the present present invention discloses a kind of method of generating forwarding table term of virtual private network, and described method comprises:

Host node in Virtual Cluster network element VNE generates the vpn service information taking described VNE as independent network element according to pre-configured virtual private network business;

Described host node determine a VPN passage in the VPN corresponding with described vpn service information in described VNE, need through VPN the first end points and VPN the second end points;

According to described vpn service information, for described VPN the first end points and VPN the second end points generate respectively local VPN forwarding-table item separately.

An aspect of of the present present invention discloses a kind of method of generating forwarding table term of virtual private network, and described method comprises:

Host node in Virtual Cluster network element VNE generates the vpn service information taking described VNE as independent network element according to pre-configured virtual private network business;

Described host node determine a VPN passage in the VPN corresponding with described vpn service information in described VNE, need through VPN the first end points and VPN the second end points;

According to described vpn service information, it is the local VPN forwarding-table item of described VPN first end dot generation;

According to described vpn service information, for described VPN the second end points generates tunnel forwarding-table item.

An aspect of of the present present invention discloses a kind of network equipment, and described device comprises:

Vpn service information generating unit, for according to pre-configured virtual private network business, generates the vpn service information taking a Virtual Cluster network element VNE as independent network element;

VPN end points determining unit, for determine a VPN passage of the VPN corresponding with described vpn service information in described VNE, need through VPN the first end points and VPN the second end points;

Forwarding-table item generation unit, for according to described vpn service information, for described VPN the first end points and VPN the second end points generate respectively local VPN forwarding-table item separately.

An aspect of of the present present invention discloses a kind of network equipment, comprising:

Vpn service information generating unit, for according to pre-configured virtual private network business, generates the vpn service information taking a Virtual Cluster network element VNE as independent network element;

VPN end points determining unit, for determine a VPN passage of the VPN corresponding with described vpn service information in described VNE, need through VPN the first end points and VPN the second end points;

VPN forwarding-table item generation unit, for according to described vpn service information, is the local VPN forwarding-table item of described VPN first end dot generation;

Tunnel forwarding-table item generation unit, for according to described vpn service information, is described VPN the second end points generation tunnel forwarding-table item.

An advantage of the present invention has been to provide a kind of method for the required forwarding-table item of the end points generating run VPN of VPN in Virtual Cluster network element (VNE), makes VNE can support VPN, greatly improve can VNE technology practicality.

Brief description of the drawings

In order to be illustrated more clearly in the technical scheme in the embodiment of the present invention, to the accompanying drawing of required use in embodiment be briefly described below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, do not paying under the prerequisite of creative work, can also obtain according to these accompanying drawings other accompanying drawing.

Figure 1 shows that the network structure of one embodiment of the invention;

Figure 2 shows that the network structure of one embodiment of the invention;

Figure 3 shows that the network structure of one embodiment of the invention;

Fig. 4 a is depicted as the network structure of one embodiment of the invention;

Fig. 4 b is depicted as the network structure of one embodiment of the invention;

Fig. 5 a is depicted as the network structure of one embodiment of the invention;

Fig. 5 b is depicted as the network structure of one embodiment of the invention;

Fig. 6 a is depicted as the network structure of one embodiment of the invention;

Fig. 6 b is depicted as the network structure of one embodiment of the invention;

Fig. 7 a is depicted as the network structure of one embodiment of the invention;

Fig. 7 b is depicted as the network structure of one embodiment of the invention;

Figure 8 shows that the network structure of one embodiment of the invention;

Figure 9 shows that the structure drawing of device of one embodiment of the invention;

It described in Figure 10, is the structure drawing of device of one embodiment of the invention.

Embodiment

Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiment.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtaining under creative work prerequisite, belong to the scope of protection of the invention.

One embodiment of the present of invention are as follows.

Open a kind of pseudo wire emulation (PWE3) technology of supporting single-hop edge-to-edge in Virtual Cluster network element (VNE) of the present embodiment, the method for generating virtual private network (VPN) forwarding-table item.

Host node in step 101, Virtual Cluster network element (VNE) generates the vpn service information taking described VNE as independent network element according to pre-configured Virtual Private Network (VPN) business.

Preferably, described vpn service information comprises: the interface identifier of the interface connected with far-end Provider Edge node (PE) in place in circuit (AC, the Attached Circuit) interface identifier of interface in the inside VPN label of described VNE, described VNE, described VNE, tunnel forwarding-table item mapped identification and the internal tunnel label of corresponding VNE with described tunnel forwarding-table item mapped identification.Wherein, the AC interface in described VNE is the interface being connected with user's lateral edges device (CE) in VNE.Preferably, the inside VPN label of described VNE is that the VPN of a described VNE of process is at the VPN label of the part of described VNE inside.

Preferably, before step 101, also comprise: using described VNE as single network element device in the situation that, on described host node, configure a single-hop PWE3 business.Preferably, described vpn service information is overall pseudo-line (PW) information.Preferably, described host node determines that according to described overall PW vpn service information described VNE is a Provider Edge device (PE) on the whole.

Step 102, described host node determine a VPN passage in the VPN corresponding with described vpn service information in described VNE, need through VPN the first end points and VPN the second end points.

Because described VNE is the virtual bench that comprises many physical entity devices, therefore a VPN passage conventionally has two VPN end points in described VNE, and one of them VPN end points is VPN the first end points, and another VPN end points is VPN the second end points.Preferably, described VPN passage can also be through other nodes in described VNE.In the present embodiment VPN passage node except described two VPN end points of process in a VNE is called to VPN intermediate node.

Obviously, the number of the node in a VNE can change, but at least will comprise that a host node and one are from node.Preferably, in a VNE, can also comprise a slave node, during with convenient host node fault, switch to new host node.

Preferably, as shown in Figure 1, VNE comprises that a host node (node 1) and four are from node (node 2-node 5).Article one, VPN passage is through node 3, node 4 and node 5, and wherein node 3 and node 4 are described VPN end points, and described node 5 is described VPN intermediate node.

Preferably, in network, also comprise a far-end PE, a first user lateral edges device (CE) and the 2nd CE, a described CE is connected with described VNE, described the 2nd CE is connected with described far-end PE, and then is connected with described VNE by operator's node (P).As shown in Figure 1, a described CE is connected with the node 4 in described VNE, and described the 2nd CE is connected with described far-end PE, and is connected with the node 3 in described VNE with P node by described far-end PE.

Preferably, described host node determines that according to described vpn service information described VNE serves as PE node in network.

The interface identifier of the AC interface that preferably, described host node is connected with a described CE according to described VNE determines that described VPN passage is at the VPN of described VNE the first end points.Wherein, a described AC interface is the interface being connected with a described CE in described VNE.Because described VPN the first end points is connected with a CE, so described VPN the first end points is user's side PE (UPE) of VNE inside.For example, as shown in Figure 1, the interface identifier of the AC interface that node 1 is connected with CE1 according to described VNE determines that node 4 is for VPN the first end points.

Preferably, described host node determines that according to the interface identifier of the interface of one in the VNE physical node being connected with described far-end PE described VPN passage is at the VPN of described VNE the second end points.Wherein, the physical node that described and described far-end PE is connected is realized and being connected with described far-end PE by P node.Because described VPN the second end points is connected with a far-end PE, so described VPN the second end points is the upper strata PE (SPE, Super PE) of VNE inside.For example, as shown in Figure 1, node 1 determines that according to the interface identifier of the interface of the node 3 being connected with a far-end PE node 3 is for VPN the second end points.

Because described VPN the first end points is to determine according to the interface identifier of an AC interface in described VNE, therefore described VPN the first end points is used for a described CE access carrier network, thereby determine that described VPN the first end points is PE (UPE, a User PE) node near user's side.Because described VPN the second end points is to determine according to the interface identifier of an interface being connected with described far-end PE in VNE, therefore described VPN the second end points is connected with described far-end PE, thereby determine that described VPN the second end points is upper strata PE (SPE, Super PE) node.

Preferably, described host node can also determine whether described VPN passage also exists VPN intermediate node in described VNE according to the forwarding-table item of described VNE inside.If also there is VPN intermediate node, because the UPE of respectively with one VNE inside of described VPN intermediate node is connected with SPE, therefore described VPN intermediate node is physics operator (P) node of described VNE inside.For example, as shown in Figure 1, node 1 is determined between node 3 and node 4 and is had VPN intermediate node, i.e. node 5 according to the inner forwarding-table item of described VNE.

Step 103, according to described vpn service information, for described VPN the first end points and VPN the second end points generate respectively local VPN forwarding-table item separately.

Preferably, for the local VPN forwarding-table item 11 of described VPN first end dot generation and local VPN forwarding-table item 12, for described VPN the second end points generates local VPN forwarding-table item 21 and local VPN forwarding-table item 22.Preferably, can generate described local VPN forwarding-table item by described host node.

Preferably, the VPN forwarding-table item mapped identification that enter label and described VPN first end points of the inside VPN passage that described local VPN forwarding-table item 11 comprises VNE on described VPN the first end points; Described local VPN forwarding-table item 12 comprises the VPN forwarding-table item mapped identification of interface identifier and described VPN first end points of a described AC interface.Preferably, described local VPN forwarding-table item 11 also comprises that movement content is the label action of ejecting label and forwarding.Preferably, described local VPN forwarding-table item 12 also comprises that movement content is the label action forwarding.Preferably, the inside VPN passage of described VNE is the part of described VPN passage in described VNE inside.

Preferably, the inside VPN passage that described local VPN forwarding-table item 21 comprises VNE first enters label and Tunnel Identifier for associated VNE outer tunnel on described VPN the second end points, and the inside VPN passage that described local VPN forwarding-table item 22 comprises VNE second enters label and Tunnel Identifier for associated VNE internal tunnel on described VPN the second end points.Preferably described local VPN forwarding-table item 22 also comprises that movement content is the label action of switch label forwarding.

Because described host node is that described VPN the first end points and VPN the second end points have generated the required forwarding-table item of operation VPN, thereby make VNE can support VPN.

Preferably, according to described vpn service information, for described VPN the first end points and VPN the second end points generate respectively tunnel forwarding-table item separately.The tunnel forwarding-table item of described VPN the first end points comprises tunnel forwarding-table item 11 and tunnel forwarding-table item 12; The double-pointed tunnel of described VPN forwarding-table item comprises tunnel forwarding-table item 21 and tunnel forwarding-table item 22.Preferably, can generate described tunnel forwarding-table item by described host node.

Preferably, described tunnel forwarding-table item 11 comprises the outgoing label of VNE internal tunnel on described VPN the first end points, the tunnel forwarding-table item mapped identification of VPN the first end points, preferably, described tunnel forwarding-table item 11 also comprises that movement content is the label action that is pressed into label; Described tunnel forwarding-table item 12 comprises that VNE internal tunnel enters label on described VPN the first end points, and preferably, described tunnel forwarding-table item 12 also comprises that movement content is the label action of ejecting label.

Preferably, described tunnel forwarding-table item 21 comprises outgoing label, the VPN double-pointed tunnel forwarding-table item mapped identification of VNE internal tunnel on described VPN the second end points, preferably, described tunnel forwarding-table item 21 also comprises that movement content is the label action that is pressed into label; Described tunnel forwarding-table item 22 comprises that the enter label, described tunnel forwarding-table item 22 of VNE internal tunnel on described VPN the second end points also comprises that movement content is the label action of ejecting label.

Preferably, in the time also there is described VPN intermediate node in network, described host node also needs the method with reference to the present embodiment, on described VPN intermediate node, generates tunnel forwarding-table item in order to carry two tunnels between described VPN the first end points and VPN the second end points.

Preferably, this enforcement can also comprise step 104.

Step 104, described host node will send to respectively described VPN the first end points and VPN the second end points for the local VPN forwarding-table item of described VPN the first end points and the double-pointed each self-generating of VPN.

Preferably, described VPN the first end points and VPN the second end points tunnel forwarding-table item are separately sent to respectively described VPN the first end points and VPN the second end points by described host node.

Preferably, the tunnel forwarding-table item generating for described VPN intermediate node is sent to described VPN intermediate node by described host node.

One embodiment of the present of invention are as follows.

The present embodiment is open a kind of at Virtual Cluster network element (VNE, Virtual Network Element) support the pseudo wire emulation (PWE3 of multi-hop edge-to-edge, Pseudo Wire Emulation Edge to Edge) in the situation of technology, the method of generating virtual private network (VPN, Virtual Private Network) forwarding-table item.

Host node in step 201, Virtual Cluster network element (VNE) generates the vpn service information taking described VNE as independent network element according to pre-configured Virtual Private Network (VPN) business.Preferably, described vpn service information comprises: the interface identifier of the inside VPN label of described VNE, the interface connected with far-end Provider Edge node (PE), tunnel forwarding-table item mapped identification and the corresponding VNE internal tunnel label with described tunnel forwarding-table item mapped identification.Preferably, the inside VPN label of described VNE is that the VPN of a described VNE of process is at the VPN label of the part of described VNE inside.

Preferably, before step 201, also comprise: using described VNE as single network element device in the situation that, on described host node, configure a multi-hop PWE3 business.Preferably, described vpn service information is overall multi-hop counterfeit wire (PW, Pseudo Wire) information.Preferably, described host node determines that according to described overall multi-hop counterfeit wire vpn service information described VNE is upper strata PE (Super PE) on the whole.

Step 202, described host node determine a VPN passage in the VPN corresponding with described vpn service information in described VNE, need through VPN the first end points and VPN the second end points.

Because described VNE is the virtual bench that comprises many physical entity devices, therefore a VPN passage conventionally has two VPN end points in described VNE, and one of them VPN end points is VPN the first end points, and another VPN end points is VPN the second end points.Preferably, described VPN passage can also be through other nodes in described VNE.

Obviously, the number of the node in a VNE can change, but at least will comprise that a host node and one are from node.Preferably, in a VNE, can also comprise a slave node, during with convenient host node fault, switch to new host node.

Preferably, as shown in Figure 2, VNE comprises that a host node (node 1) and four are from node (node 2-node 5).Article one, VPN passage is through node 3, node 4 and node 5, and wherein node 3 and node 4 are described VPN end points, and described node 5 is described VPN intermediate node.

Preferably, in network, can also comprise the first user side PE (UPE, UserPE) and the 2nd UPE that are connected with VNE respectively, the first user lateral edges device (CE) being connected with a described UPE, the 2nd CE being connected with described the 2nd UPE.

Preferably, described host node determines that according to described vpn service information described VNE serves as upper strata PE (SPE, Super PE) node in network.

Preferably, described host node determines that according to the tunnel outgoing interface mark of the node being connected with a described UPE in VNE described VPN passage is at the VPN of described VNE the first end points.Because described VPN the first end points is connected with a described UPE, so described VPN the first end points is the first upper strata PE (SPE) of VNE inside.For example, as shown in Figure 2, node 1 determines that according to the tunnel outgoing interface mark of the node 4 being connected with a UPE node 4 is for VPN the first end points.

Preferably, described host node determines that according to the tunnel outgoing interface mark of the node being connected with described the 2nd UPE in VNE described VPN passage is at the VPN of described VNE the second end points.Because described VPN the second end points is connected with described the 2nd UPE, so described VPN the second end points is the second upper strata PE (SPE) of VNE inside.For example, as shown in Figure 2, node 1 determines that according to the tunnel outgoing interface mark of the node 3 being connected with the 2nd UPE node 3 is for VPN the second end points.

Because described VPN the first end points is to determine according to the tunnel outgoing interface mark of one in the VNE node being connected with a described UPE, and described VNE is SPE, therefore can determine that described VPN the first end points is a SPE node of described VNE inside.Because described VPN the second end points is to determine according to the tunnel outgoing interface mark of one in the VNE node being connected with described the 2nd UPE, and described VNE is SPE, therefore can determine that described VPN the second end points is the 2nd SPE node of described VNE inside.

Preferably, described host node can also determine whether described VPN passage also passes through VPN intermediate node between described two VPN end points according to the forwarding-table item of described VNE inside.If also pass through VPN intermediate node, because the SPE of respectively with two VNE inside of described VPN intermediate node is connected with SPE, therefore described VPN intermediate node is physics operator (P) node of described VNE inside.For example, as shown in Figure 2, node 1 is determined between node 3 and node 4 and is had VPN intermediate node, i.e. node 5 according to the inner forwarding-table item of described VNE.

Step 203, according to described vpn service information, for described VPN the first end points and VPN the second end points generate respectively local VPN forwarding-table item separately.

Preferably, for the local VPN forwarding-table item 11 of described VPN first end dot generation and local VPN forwarding-table item 12, for described VPN the second end points generates local VPN forwarding-table item 21 and local VPN forwarding-table item 22.

Preferably, the inside VPN passage that described local VPN forwarding-table item 11 comprises VNE first enters label and Tunnel Identifier for associated VNE internal tunnel on described VPN the first end points, and the inside VPN passage that described local VPN forwarding-table item 12 comprises VNE second enters label and Tunnel Identifier for associated VNE outer tunnel on described VPN the first end points.Preferably, described local VPN forwarding-table item 11,12 also comprises that movement content is the label action of switch label forwarding.Preferably, the inside VPN passage of described VNE is the part of described VPN passage in described VNE inside.

Preferably, the inside VPN passage that described local VPN forwarding-table item 21 comprises VNE first enters label and Tunnel Identifier for associated VNE outer tunnel on described VPN the second end points.The inside VPN passage that described local VPN forwarding-table item 22 comprises VNE second enters label and Tunnel Identifier for associated VNE internal tunnel on described VPN the second end points.Preferably, described local VPN forwarding-table item 21,22 also comprises that movement content is the label action of switch label forwarding.

Because described host node is that described VPN the first end points and VPN the second end points have generated the required forwarding-table item of operation VPN, thereby make VNE can support VPN.

Preferably, according to described vpn service information, for described VPN the first end points and VPN the second end points generate respectively tunnel forwarding-table item separately.The tunnel forwarding-table item of described VPN the first end points comprises tunnel forwarding-table item 11 and tunnel forwarding-table item 12; The double-pointed tunnel of described VPN forwarding-table item comprises tunnel forwarding-table item 21 and tunnel forwarding-table item 22.Preferably, can generate described tunnel forwarding-table item by described host node.

Preferably, described tunnel forwarding-table item 11 comprises the outgoing label of VNE internal tunnel on described VPN the first end points, the tunnel forwarding-table item mapped identification of described VPN the first end points, preferably, described tunnel forwarding-table item 11 also comprises that movement content is the label action that is pressed into (Push) label, described tunnel forwarding-table item 12 comprise VNE internal tunnel on described VPN the first end points enter label and label substance is the label action of ejecting label.

Preferably, described tunnel forwarding-table item 21 comprises outgoing label, the described VPN double-pointed tunnel forwarding-table item mapped identification of VNE internal tunnel on described VPN the second end points; Preferably, described tunnel forwarding-table item 21 also comprises that movement content is the label action that is pressed into label.Described tunnel forwarding-table item 22 comprises that the enter label, label substance of VNE internal tunnel on described VPN the second end points is the label action of ejecting label.

Preferably, in the time also there is described VPN intermediate node in network, described host node also needs the method with reference to the present embodiment, on described VPN intermediate node, generates tunnel forwarding-table item in order to carry two tunnels between described VPN the first end points and VPN the second end points.

Preferably, this enforcement can also comprise step 204.

Step 204, described host node will send to respectively described VPN the first end points and VPN the second end points for the local VPN forwarding-table item of described VPN the first end points and the double-pointed each self-generating of VPN.

Preferably, described VPN the first end points and VPN the second end points tunnel forwarding-table item are separately sent to respectively described VPN the first end points and VPN the second end points by described host node.

Preferably, the tunnel forwarding-table item generating for described VPN intermediate node is sent to described VPN intermediate node by described host node.

One embodiment of the present of invention are as follows

The present embodiment is open a kind of at Virtual Cluster network element (VNE, Virtual Network Element) support local circuit interconnection (CCC, Circuit Cross Connect) in the situation of technology, the method of generating virtual private network (VPN, Virtual Private Network) forwarding-table item.

Host node in step 301, Virtual Cluster network element (VNE) generates the vpn service information taking described VNE as independent network element according to pre-configured Virtual Private Network (VPN) business.

Preferably, described vpn service information comprises: interface identifier, VPN forwarding-table item mapped identification and the tunnel forwarding-table item mapped identification of place in circuit (AC, the Attachment Circuit) interface in inside VPN label, the VNE of described VNE.Wherein, the AC interface in described VNE is the interface being connected with user's lateral edges device (CE) in VNE.Preferably, the inside VPN label of described VNE is that the VPN of a described VNE of process is at the VPN label of the part of described VNE inside.

Preferably, before step 301, also comprise: using described VNE as single network element device in the situation that, on described host node, configure virtual leased link (VLL, the Virtual Leased Line) business of a local CCC mode.Preferably, described vpn service information is overall VLL information.Preferably, described host node determines that according to described overall VLL vpn service information described VNE is a Provider Edge device (PE) on the whole.

Step 302, described host node determine a VPN passage in the VPN corresponding with described vpn service information in described VNE, need through VPN the first end points and VPN the second end points.

Because described VNE is the virtual bench that comprises many physical entity devices, therefore a VPN passage conventionally has two VPN end points in described VNE, and one of them VPN end points is VPN the first end points, and another VPN end points is VPN the second end points.Preferably, described VPN passage can also be through other nodes in described VNE.In the present embodiment VPN passage node except described two VPN end points of process in a VNE is called to VPN intermediate node.

Obviously, the number of the node in a VNE can change, but at least will comprise that a host node and one are from node.Preferably, in a VNE, can also comprise a slave node, during with convenient host node fault, switch to new host node.

Preferably, as shown in Figure 3, VNE comprises that a host node (node 1) and four are from node (node 2-node 5).Article one, VPN passage is through node 3, node 4 and node 5, and wherein node 3 and node 4 are described VPN end points, and described node 5 is described VPN intermediate node.

Preferably, also at least have a first user lateral edges device (CE, Customer Edge) and the 2nd CE in network, a described CE is connected with described VNE respectively with the 2nd CE.Preferably, as shown in Figure 3, a described CE is CE1, and described the 2nd CE is CE2, and described CE1 is connected with described node 4, and described CE2 is connected with described node 3.

The interface identifier of the AC interface that preferably, described host node is connected with a described CE according to described VNE is determined the VPN end points of described VPN passage at described VNE.Wherein, a described AC interface is the interface being connected with a described CE in described VNE.Because described VPN the first end points is connected with a described CE, so described VPN the first end points is the first user side PE (UPE) of VNE inside.For example, as shown in Figure 3, the interface identifier of the AC interface that node 1 is connected with CE1 according to described VNE determines that node 4 is a VPN end points.

The interface identifier of the 2nd AC interface that preferably, described host node is connected with described the 2nd CE according to described VNE is determined described VPN passage another VPN end points at described VNE.Wherein, described the 2nd AC interface is the interface being connected with described the 2nd CE in described VNE.Because described VPN the second end points is connected with described the 2nd CE, so described VPN the first end points is second user's side PE (UPE) of VNE inside.For example, as shown in Figure 3, node 1 determines that according to the interface identifier of the AC interface being connected with CE2 node 3 is for another VPN end points.

Because described two VPN end points are connected with the 2nd CE device with the described CE device in network respectively, therefore can determine that described two VPN end points are the Provider Edge node (PE) of physics.

Preferably, described host node can also determine whether described VPN also passes through VPN intermediate node between described two VPN end points according to the forwarding-table item of described VNE inside.If also pass through VPN intermediate node, because the UPE of respectively with two VNE inside of described VPN intermediate node is connected, therefore described VPN intermediate node is physics operator (P, the Provider) node of described VNE inside.For example, R1 determines and between VPN end points R3 and R4, has VPN intermediate node R5 according to VNE inside forwarding-table item.

Step 303, according to described vpn service information, for described VPN the first end points and VPN the second end points generate respectively local VPN forwarding-table item separately.

Preferably, be described VPN first end dot generation VPN forwarding-table item 11, VPN forwarding-table item 12 and VPN forwarding-table item 13, for described VPN the second end points generates VPN forwarding-table item 21, VPN forwarding-table item 22 and VPN forwarding-table item 23.Preferably, can generate described VPN forwarding-table item by described host node.

Preferably, described VPN forwarding-table item 11 comprises that the inside VPN passage of VNE is in a VPN forwarding-table item mapped identification that enters label and a described VPN node of described VPN the first end points; Described VPN forwarding-table item 12 comprises a VPN forwarding-table item mapped identification of interface identifier and a described VPN node of a described AC interface; Described VPN forwarding-table item 13 is included in the double-pointed local outgoing interface mark of described VPN the, for the Tunnel Identifier of associated VNE internal tunnel with to the double-pointed local down hop of described VPN.Preferably, the inside VPN passage of described VNE is the part of described VPN passage in described VNE inside.

Preferably, described VPN forwarding-table item 11 also comprises that movement content is the label action of ejecting label and forwarding, described VPN forwarding-table item 12 also comprises that movement content is the label action forwarding, and described VPN forwarding-table item 13 also comprises that movement content is the label action forwarding.

Preferably, the inside VPN passage that described VPN forwarding-table item 21 comprises VNE described VPN double-pointed enter label and the double-pointed VPN forwarding-table item mapped identification of described VPN, described VPN forwarding-table item 22 comprises interface identifier and the double-pointed VPN forwarding-table item mapped identification of described VPN of the 2nd AC interface, and described VPN forwarding-table item 23 is included in the local outgoing interface mark of described VPN the first end points, for the Tunnel Identifier of associated VNE internal tunnel with to the local down hop of described VPN the first end points.

Preferably, described VPN forwarding-table item 21 also comprises that movement content is the label action of ejecting label and forwarding, described VPN forwarding-table item 22 also comprises that movement content is the label action forwarding, and described VPN forwarding-table item 23 also comprises that movement content is the label action forwarding.

Because described host node is that described VPN the first end points and VPN the second end points have generated the required forwarding-table item of operation VPN, thereby make VNE can support VPN.

Preferably, in the time also there is VPN intermediate node in network, described host node also needs, with reference to method of the present invention, on described VPN intermediate node, to generate tunnel forwarding-table item in order to carry two tunnels between described VPN the first end points and VPN the second end points.

Preferably, this enforcement can also comprise step 304.

Step 304, described host node will send to respectively described VPN the first end points and VPN the second end points for the local VPN forwarding-table item of described VPN the first end points and the each self-generating of VPN the second end points.

Preferably, the tunnel forwarding-table item generating for VPN intermediate node is handed down to described VPN intermediate node by described host node.

One embodiment of the present of invention are as follows

The present embodiment is open a kind of in the situation that Virtual Cluster network element (VNE) is supported VPLS (VPLS), the method for generating virtual private network (VPN) forwarding-table item.

Host node in step 401, Virtual Cluster network element (VNE) generates the vpn service information taking described VNE as independent network element according to pre-configured Virtual Private Network (VPN) business.Preferably, described vpn service information comprises: the interface identifier of the interface connected with far-end Provider Edge node (PE) in interface identifier, the VNE of place in circuit (AC, the Attached Circuit) interface in VNE, tunnel forwarding-table item mapped identification and the internal tunnel label of corresponding VNE with tunnel forwarding-table item mapped identification.Wherein, the AC interface in described VNE is the interface being connected with user's lateral edges device (CE) in VNE.Preferably, the internal tunnel label of described VNE is for carrying the tunnel label in the part of described VNE inside through the tunnel of the VPN of described VNE.

Preferably, before step 401, also comprise: using described VNE as single network element device in the situation that, on described host node, configure a VPLS business.Preferably, described vpn service information is overall VPLS information.Preferably, described host node determines that according to described overall VPLS vpn service information described VNE is a Provider Edge device (PE).

Step 402, described host node determine a VPN passage in the VPN corresponding with described vpn service information in described VNE, need through VPN the first end points and VPN the second end points.

Because described VNE is the virtual bench that comprises many physical entity devices, therefore a VPN conventionally has two VPN end points in described VNE, and one of them VPN end points is VPN the first end points, and another VPN end points is VPN the second end points.Preferably, described VPN passage can also be through other nodes in described VNE.In the present embodiment VPN passage node except described two VPN end points of process in a VNE is called to VPN intermediate node.

Preferably, as shown in Fig. 4 a, VNE comprises that a host node (node 1) and four are from node (node 2-node 5).Article one, VPN passage is through node 3, node 4 and node 5, and wherein node 3 and node 4 are described VPN end points, and described node 5 is described VPN intermediate node.

Obviously, the number of the node in a VNE can change, but at least will comprise that a host node and one are from node.Preferably, in a VNE, can also comprise a slave node, during with convenient host node fault, switch to new host node.

Preferably, in network, can also comprise a far-end PE, a first user lateral edges device (CE) and the 2nd CE.A described CE is connected from node with first in described VNE, and described the 2nd CE is connected with described far-end PE.As shown in Fig. 4 a, first in described VNE is node 4 from node, and a described CE is connected with described node 4.

Preferably, described host node determines that according to described vpn service information described VNE serves as PE node in network.

Preferably, described host node determines that according to the interface identifier of one in the VNE AC interface being connected with a described CE described VPN passage is at the VPN of described VNE the first end points.Wherein, a described AC interface is the interface being connected with a described CE in described VNE.For example, as shown in Fig. 4 a, node 1 determines that according to the interface identifier of an AC interface of the node 4 being connected with CE1 node 4 is for VPN the first end points.

Preferably, described host node determines that according to the interface identifier of one in the VNE interface being connected with described far-end PE described VPN passage is at the VPN of described VNE the second end points.For example, as shown in Fig. 4 a, node 1 determines that according to the interface identifier of the interface of the node 3 being connected with described far-end PE node 3 is for VPN the second end points.

Because described VPN the first end points is to determine according to the interface identifier of an AC interface in VNE, therefore described VPN the first end points is used for a CE access carrier network, thereby determine user's side PE (UPE, User PE) node that described VPN the first end points is a VNE inside.Because described VPN the second end points is to determine according to the interface identifier of the interface being connected with described far-end PE in VNE, therefore described VPN the second end points is connected with described far-end PE, thereby determine upper strata PE (SPE, the Super PE) node that described VPN the second end points is a VNE inside.

Preferably, described host node can also determine whether described VPN passage also passes through VPN intermediate node between described two VPN end points according to the forwarding-table item of described VNE inside.For example, as shown in Fig. 4 a, node 1 is determined between node 3 and node 4 and is had VPN intermediate node, i.e. node 5 according to the inner forwarding-table item of described VNE.Certainly, also may exist in the situation that does not have VPN intermediate node described in VPN between two VPN end points.

Preferably, can also comprise the 3rd CE in network, a node in described VNE is connected with described the 3rd CE.As shown in Figure 4 b, CE3 is the 3rd CE, and node 5 is connected with described the 3rd CE.Can be connected with described the 3rd CE according to one in the VNE interface identifier of the 2nd AC interface of physical node of described host node is determined VPN the 3rd end points.Wherein, described VPN the 3rd end points is the end points of other one article of VPN passage on described VNE, and described the 2nd AC interface is the interface being connected with described the 2nd CE in described VNE.For example, as shown in Figure 4 b, described node 1 determines that according to the interface identifier of the 2nd AC interface of the node 5 being connected with CE3 node 5 is for VPN the 3rd end points.Alternatively, the VPN end points of described other one article of VPN passage in described VNE is described VPN the 3rd end points, and a described other VPN passage another VPN end points in described VNE is described VPN the first end points or VPN the second end points.

Because described VPN the 3rd end points is to determine according to the interface identifier of an AC interface in VNE, therefore described VPN the 3rd end points is used for a described CE access carrier network, thereby determines that described VPN the 3rd end points is a UPE node.

Step 403, according to described vpn service information, for described VPN the first end points and VPN the second end points generate respectively local VPN forwarding-table item separately.

Preferably, for the local VPN forwarding-table item 11 of described VPN first end dot generation, for described VPN the second end points generates local VPN forwarding-table item 21 and local VPN forwarding-table item 22.Preferably, can generate described local VPN forwarding-table item by described host node.

Preferably, the VPN forwarding-table item mapped identification that enter label and described VPN first end points of the inside VPN passage that described local VPN forwarding-table item 11 comprises described VNE on described VPN the first end points.Preferably, the inside VPN passage of described VNE is the part of described VPN passage in described VNE inside.

Preferably, the inside VPN passage that described local VPN forwarding-table item 21 comprises described VNE first enters label and Tunnel Identifier for associated VNE outer tunnel on described VPN the second end points.The inside VPN passage that described local VPN forwarding-table item 22 comprises VNE second enters label and Tunnel Identifier for associated VNE internal tunnel on described VPN the second end points.

Because described host node is that described VPN the first end points and VPN the second end points have generated the required forwarding-table item of operation VPN, thereby make VNE can support VPN.

Preferably, described local VPN forwarding-table item 11, local VPN forwarding-table item 21 and local VPN forwarding-table item 22 comprise that a movement content is the label action of ejecting label.

Preferably, according to described vpn service information, for described VPN the first end points and VPN the second end points generate respectively tunnel forwarding-table item separately.The tunnel forwarding-table item of described VPN the first end points comprises tunnel forwarding-table item 11 and tunnel forwarding-table item 12; The double-pointed tunnel of described VPN forwarding-table item comprises tunnel forwarding-table item 21 and tunnel forwarding-table item 22.Preferably, can generate described tunnel forwarding-table item by described host node.

Preferably, described tunnel forwarding-table item 11 comprise VPN the first end points from VPN the first end points to the outgoing label of the double-pointed VNE internal tunnel of VPN, the tunnel forwarding-table item mapped identification of VPN the first end points, described tunnel forwarding-table item 12 comprises the enter label of VPN the first end points at the VNE internal tunnel from VPN the second end points to VPN the first end points.Preferably, described tunnel forwarding-table item 11 also comprises that a movement content is the label action that is pressed into label.Preferably, described tunnel forwarding-table item 12 also comprises that a movement content is the label action of ejecting label.

Preferably, described tunnel forwarding-table item 21 comprises outgoing label and the VPN double-pointed tunnel forwarding-table item mapped identification of the second end points at the VNE internal tunnel from VPN the second end points to VPN the first end points, and described tunnel forwarding-table item 22 comprises that the second end points is at the label that enters from VPN the first end points to the double-pointed VNE internal tunnel of VPN.Preferably, described tunnel forwarding-table item 21 also comprises that a movement content is the label action that is pressed into label.Preferably, described tunnel forwarding-table item 22 also comprises that a movement content is the label action of ejecting label.

Preferably, in the time also there is described VPN intermediate node in network, described host node also needs, with reference to method of the present invention, on described VPN intermediate node, to generate tunnel forwarding-table item in order to carry two tunnels between described VPN the first end points and VPN the second end points.

In the time also there is VPN the 3rd end points in the present embodiment, can, with reference to the method in the present embodiment for to generate local VPN forwarding-table item at VPN the 3rd end points, between VPN the 3rd end points and VPN the first end points or VPN the second end points, set up another VPN passage.

Preferably, the present embodiment can also comprise step 404.

Step 404, described host node will send to respectively described VPN the first end points and VPN the second end points for the local VPN forwarding-table item of described VPN the first end points and the double-pointed each self-generating of VPN.

Preferably, described VPN the first end points and VPN the second end points tunnel forwarding-table item are separately sent to respectively described VPN the first end points and VPN the second end points by described host node.

Preferably, in the time there is described VPN intermediate node in described VNE, the tunnel forwarding-table item generating for described VPN intermediate node is handed down to described VPN intermediate node by described host node.

Preferably, the local VPN forwarding-table item generating for described VPN the 3rd end points is handed down to described VPN the 3rd end points by described host node.

Preferably, the tunnel forwarding-table item generating for described VPN the 3rd end points is sent to described VPN the 3rd end points by described host node.

One embodiment of the present of invention are as follows

The present embodiment is open a kind of in the situation that Virtual Cluster network element (VNE) is supported hierarchical virtual private LAN service (HVPLS), the method for generating virtual private network (VPN) forwarding-table item.

Host node in step 501, Virtual Cluster network element (VNE) generates the vpn service information taking described VNE as independent network element according to pre-configured Virtual Private Network (VPN) business.

Preferably, described vpn service information comprises: the interface identifier of the interface being connected with first user side PE (UPE) in the interface identifier of the interface connected with far-end PE, VNE in the inside VPN label of described VNE, described VNE, tunnel forwarding-table item mapped identification and the internal tunnel label of corresponding VNE with described tunnel forwarding-table item mapped identification.Preferably, the inside VPN label of described VNE is that the VPN of a described VNE of process is at the VPN label of the part of described VNE inside.Preferably, the internal tunnel label of described VNE is for carrying the tunnel label in the part of described VNE inside through the tunnel of the VPN of described VNE.

Preferably, before step 501, also comprise: using described VNE as single network element device in the situation that, on described host node, configure a HVPLS business.Preferably, described vpn service information is overall HVPLS information.Described host node determines that according to described overall HVPLS vpn service information described VNE is a upper strata PE (Super PE) on the whole.

Step 502, described host node determine a VPN passage in the VPN corresponding with described vpn service information in described VNE, need through VPN the first end points and VPN the second end points.

Because described VNE is the virtual bench that comprises many physical entity devices, therefore a VPN passage conventionally has two VPN end points in described VNE, and one of them VPN end points is VPN the first end points, and another VPN end points is VPN the second end points.Preferably, described VPN passage can also be through other nodes in described VNE.

Obviously, the number of the node in a VNE can change, but at least will comprise that a host node and one are from node.Preferably, in a VNE, can also comprise a slave node, during with convenient host node fault, switch to new host node.

Preferably, as shown in Figure 5 a, VNE comprises that a host node (node 1) and four are from node (node 2-node 5).Article one, VPN passage is through node 3, node 4 and node 5, and wherein node 3 and node 4 are described VPN end points, and described node 5 is described VPN intermediate node.

Preferably, in the network of the present embodiment, also at least comprise a UPE, a far-end PE, a first user lateral edges device (CE) and the 2nd CE.A described UPE is connected from node with first in described VNE, and a described CE is connected from node with described first by a described UPE; Described far-end PE is connected from node with second in described VNE, and described the 2nd CE is connected from node with second in described VNE by described far-end PE.

As shown in Figure 5 a, described first in described VNE is node 4 from node, and a described UPE is connected with described node 4, and a CE is connected with node 4 by a UPE; In described VNE described second is node 3 from node, and described far-end PE is connected with described node 3 by P node, and the 2nd CE is connected with node 3 by described far-end PE again.

Preferably, described host node determines that according to described vpn service information described VNE serves as SPE in network.

Preferably, described host node determines that according to the interface identifier of the interface being connected with a UPE in VNE described VPN passage is at the VPN of described VNE the first end points.Because described VPN the first end points is connected with a described UPE, described VPN the first end points is user's side PE (UPE) of VNE inside.For example, as shown in Figure 5 a, node 1 determines that according to the interface identifier of the node 4 being connected with a UPE in VNE node 4 is for VPN the first end points.

Preferably, described host node determines that according to the interface identifier of the interface being connected with described far-end PE in VNE described VPN passage is at the VPN of described VNE the second end points.Because described VPN the second end points is connected with described far-end PE, so described VPN the second end points is a high-rise PE (SPE) of VNE inside.For example, as shown in Figure 5 a, node 1 determines that according to the interface identifier of the interface of the node 3 being connected with far-end PE in VNE node 3 is for VPN the second end points.

Preferably, described host node can also determine whether described VPN passage also passes through VPN intermediate node between described two VPN end points according to the forwarding-table item of described VNE inside.For example, as shown in Figure 5 a, node 1 is determined between node 3 and node 4 and is had VPN intermediate node, i.e. node 5 according to the inner forwarding-table item of described VNE.Preferably, in the present embodiment, described VPN intermediate node is operator's node (P).

Preferably, because HVPLS is a kind of point-to-multipoint vpn service, therefore in network, can also comprise the 2nd UPE, described the 2nd UPE is connected from node with the 3rd in described VNE, and the 3rd CE is connected from node with the described the 3rd by described the 2nd UPE.As shown in Figure 5 b, the 3rd in described VNE is node 5 from node, and described the 3rd CE is connected with described node 5 by the 2nd UPE.In the time there is described the 2nd UPE in described network, described vpn service information also comprises the interface identifier of the interface being connected with the 2nd UPE in VNE.

Preferably, can also comprise the 2nd UPE and the 3rd CE in network, a node in described VNE is connected with described the 3rd CE by described the 2nd UPE.Described host node determines that according to the interface identifier of the interface being connected with described the 2nd UPE in VNE described VPN is at the VPN of described VNE the 3rd end points.As shown in Figure 5 b, CE3 is the 3rd CE, and node 5 is connected with described the 3rd CE by described the 2nd UPE.Described host node determines that according to the interface identifier of the interface being connected with described the 2nd UPE in VNE described VPN is at the VPN of described VNE the 3rd end points, wherein, described VPN the 3rd end points is the end points of other one article of VPN passage on described VNE, and described the 2nd AC interface is the interface being connected with described the 2nd CE in described VNE.Alternatively, the VPN end points of described other one article of VPN passage in described VNE is described VPN the 3rd end points, and a described other VPN passage another VPN end points in described VNE is described VPN the first end points or VPN the second end points.

Step 503, according to described vpn service information, for described VPN the first end points and VPN the second end points generate respectively local VPN forwarding-table item separately.

Preferably, for the local VPN forwarding-table item 11 of described VPN first end dot generation, local VPN forwarding-table item 12, for described VPN the second end points generates local VPN forwarding-table item 21, local VPN forwarding-table item 22.Preferably, can generate described local VPN forwarding-table item by described host node.

The first VPN forwarding-table item mapped identification that enter label and described VPN first end points of the inside VPN passage that described local VPN forwarding-table item 11 comprises VNE on described VPN the first end points.The inside VPN passage that described local VPN forwarding-table item 12 comprises VNE second enters label and VPN forwarding-table item mapped identification on described VPN the first end points.Preferably, described local VPN forwarding-table item 11 and local VPN forwarding-table item 12 also comprise respectively that a movement content is the label action of ejecting label.

The inside VPN passage that described local VPN forwarding-table item 21 comprises VNE first enters label and Tunnel Identifier for associated VNE outer tunnel on described VPN the second end points.The inside VPN passage that described local VPN forwarding-table item 22 comprises VNE second enters label and Tunnel Identifier for associated VNE internal tunnel on described VPN the second end points.Preferably, described local VPN forwarding-table item 21 and local VPN forwarding-table item 22 also comprise respectively that a movement content is the label action of ejecting label.

Because described host node is that described VPN the first end points and VPN the second end points have generated the required forwarding-table item of operation VPN, thereby make VNE can support VPN.

Preferably, according to described vpn service information, for described VPN the first end points and VPN the second end points generate respectively tunnel forwarding-table item separately.

The tunnel forwarding-table item of described VPN the first end points comprises tunnel forwarding-table item 11 and tunnel forwarding-table item 12; The double-pointed tunnel of described VPN forwarding-table item comprises tunnel forwarding-table item 21 and tunnel forwarding-table item 22.Preferably, can generate described tunnel forwarding-table item by described host node.

Preferably, described tunnel forwarding-table item 11 comprises the outgoing label of VNE internal tunnel on described VPN the first end points, the tunnel forwarding-table item mapped identification of described VPN the first end points, preferably, tunnel forwarding-table item 11 also comprises that a movement content is for being pressed into the label action of label (Push).Described tunnel forwarding-table item 12 comprises that the enter label, movement content of VNE internal tunnel on described VPN the first end points is the label action of ejecting label.

Preferably, described tunnel forwarding-table item 21 comprises outgoing label, the described VPN double-pointed tunnel forwarding-table item mapped identification of VNE internal tunnel on described VPN the second end points, preferably, tunnel forwarding-table item 21 also comprises that a movement content is the label action that is pressed into label.Described tunnel forwarding-table item 22 comprises that the enter label, movement content of VNE internal tunnel on described VPN the second end points is the label action of ejecting label.

Preferably, in the time also there is described VPN intermediate node in network, described host node also needs the method with reference to the present embodiment, on described VPN intermediate node, generates tunnel forwarding-table item in order to carry two tunnels between described VPN the first end points and VPN the second end points.

Preferably, in the time also comprising described the 2nd UPE and described the 3rd CE in network, between described VPN the 3rd end points and described VPN the first end points or VPN the second end points, may also there is another VPN passage.Therefore the host node in described VNE need to be according to the method in the present embodiment on described VPN the 3rd end points and VPN the first end points, or, on VPN the 3rd end points and VPN the second end points, for described another VPN passage generates local VPN forwarding-table item.Preferably, the host node in described VNE need to be also that described another VPN generates tunnel forwarding-table item according to the method in the present embodiment.

Preferably, this enforcement can also comprise step 504.

Step 504, described host node will send to respectively described VPN the first end points and VPN the second end points for the local VPN forwarding-table item of described VPN the first end points and the double-pointed each self-generating of VPN.

Preferably, described VPN the first end points and VPN the second end points tunnel forwarding-table item are separately sent to respectively described VPN the first end points and VPN the second end points by described host node.

Preferably, in the time there is described VPN intermediate node in described VNE, the tunnel forwarding-table item generating for described VPN intermediate node is sent to described VPN intermediate node by described host node.

Preferably, the local VPN forwarding-table item generating for described VPN the 3rd end points is sent to described VPN the 3rd end points by described host node.

Preferably, the tunnel forwarding-table item generating for described VPN the 3rd end points is sent to described VPN the 3rd end points by described host node.

One embodiment of the present of invention are as follows

The present embodiment is open a kind of in the situation that Virtual Cluster network element (VNE) is supported Layer3 Virtual Private Network (L3VPN), the method for generating virtual private network (VPN) forwarding-table item.

Host node in step 601, Virtual Cluster network element (VNE) generates the vpn service information taking described VNE as independent network element according to pre-configured Virtual Private Network (VPN) business.Preferably, described vpn service information comprises: the interface identifier of the interface connected with remote subscriber side Provider Edge node (UPE) in the inside VPN label of described VNE, described VNE, tunnel forwarding-table item mapped identification and the internal tunnel label of corresponding VNE with described tunnel forwarding-table item mapped identification.Preferably, the inside VPN label of described VNE is that the VPN of a described VNE of process is at the VPN label of the part of described VNE inside.Preferably, the internal tunnel label of described VNE is for carrying the tunnel label in the part of described VNE inside through the tunnel of the VPN of described VNE.

Preferably, before step 601, also comprise: using described VNE as single network element device in the situation that, on described host node, configure an overall L3VPN business.Preferably, described host node determines that according to the L3VPN business information of the described overall situation described VNE is a Provider Edge device (PE) on the whole.

Step 602, described host node determine a VPN passage in the VPN corresponding with described vpn service information in described VNE, need through VPN the first end points and VPN the second end points.

Because described VNE is the virtual bench that comprises many physical entity devices, therefore a VPN passage conventionally has two VPN end points in described VNE, and one of them VPN end points is VPN the first end points, and another VPN end points is VPN the second end points.Preferably, described VPN passage can also be through other nodes in described VNE.In the present embodiment VPN passage node except described two VPN end points of process in a VNE is called to VPN intermediate node.

Preferably, as shown in Figure 6 a, VNE comprises that a host node (node 1) and four are from node (node 2-node 5).A VPN passage is through node 3, node 4 and node 5, and wherein node 3 and node 4 are described VPN end points, and described node 5 is described VPN intermediate node.

Obviously, the number of the node in a VNE can change, but at least will comprise that a host node and one are from node.Preferably, in a VNE, can also comprise a slave node, during with convenient host node fault, switch to new host node.

Preferably, in network, can also comprise a far-end PE, a first user lateral edges device (CE) and the 2nd CE.A described CE is connected from node with first in described VNE, and described the 2nd CE is connected with described far-end PE.As shown in Figure 6 a, first in described VNE is node 4 from node, and a described CE is connected with described node 4.

Preferably, described host node determines that according to described vpn service information described VNE serves as PE node in network.

Preferably, described host node determines that according to the interface identifier of one in the VNE AC interface being connected with a described CE described VPN passage is at the VPN of described VNE the first end points.For example, as shown in Figure 6 a, node 1 determines that according to the interface identifier of the AC interface of the AC interface of the node 4 being connected with CE1 node 4 is for VPN the first end points.

Preferably, described host node determines that according to the interface identifier of one in the VNE interface being connected with described far-end PE described VPN passage is at the VPN of described VNE the second end points.For example, as shown in Figure 6 a, node 1 determines that according to the interface identifier of the interface of the node 3 being connected with described far-end PE node 3 is for VPN the second end points.

Because described VPN the first end points is to determine according to the interface identifier of an AC interface in VNE, therefore described VPN the first end points is used for a CE access carrier network, thereby determine user's side PE (UPE, User PE) node that described VPN the first end points is a VNE inside.Because described VPN the second end points is to determine according to the interface identifier of the interface being connected with described far-end PE in VNE, therefore described VPN the second end points is connected with described far-end PE, thereby determine upper strata PE (SPE, the Super PE) node that described VPN the second end points is a VNE inside.

Preferably, described host node can also determine whether described VPN passage also passes through VPN intermediate node between described two VPN end points according to the forwarding-table item of described VNE inside.For example, as shown in Figure 6 a, node 1 is determined between node 3 and node 4 and is had VPN intermediate node, i.e. node 5 according to the inner forwarding-table item of described VNE.Preferably, in the present embodiment, described VPN intermediate node is operator's node (P).Certainly, also may there is the situation that does not have VPN intermediate node between described two VPN end points.

Preferably, can also comprise the 3rd CE in network, a node in described VNE is connected with described the 3rd CE.As shown in Figure 6 b, CE3 is the 3rd CE, and node 5 is connected with described the 3rd CE.Can be connected with described the 3rd CE according to one in the VNE interface identifier of AC interface of physical node of described host node is determined a VPN the 3rd end points, and wherein, described VPN the 3rd end points is the end points of other one article of VPN passage on described VNE.For example, as shown in Figure 6 b, described node 1 determines that according to the interface identifier of the AC interface of the node 5 being connected with CE3 node 5 is for VPN the 3rd end points.Alternatively, the VPN end points of described other one article of VPN passage in described VNE is described VPN the 3rd end points, and a described other VPN passage another VPN end points in described VNE is described VPN the first end points or VPN the second end points.

Because described VPN the 3rd end points is to determine according to the interface identifier of an AC interface in VNE, therefore described VPN the 3rd end points is used for a described CE access carrier network, thereby determines that described VPN the 3rd end points is a UPE node of VNE inside.

Step 603, according to described vpn service information, for described VPN the first end points and VPN the second end points generate respectively local VPN forwarding-table item separately.

Preferably, for the local VPN forwarding-table item 11 of described VPN first end dot generation and local VPN forwarding-table item 12, for described VPN the second end points generates local VPN forwarding-table item 21, local VPN forwarding-table item 22 and local VPN forwarding-table item 23.Preferably, can generate described local VPN forwarding-table item by described host node.

The local VPN forwarding-table item mapped identification that enter label and described VPN first end points of the inside VPN passage that described local VPN forwarding-table item 11 comprises VNE on VPN the first end points; Described local VPN forwarding-table item 12 comprises the outgoing label of inside VPN passage on VPN the first end points and the local VPN forwarding-table item mapped identification of described VPN the first end points of VNE.Preferably, described local VPN forwarding-table item 11 also comprises that movement content is the label action of ejecting label.Preferably, the inside VPN passage of described VNE is the part of described VPN passage in described VNE inside.

The inside VPN passage that described local VPN forwarding-table item 21 comprises VNE first enters label, Tunnel Identifier for associated VNE outer tunnel on VPN the second end points; The inside VPN passage that described local VPN forwarding-table item 22 comprises VNE second enters label, Tunnel Identifier for associated VNE internal tunnel on VPN the second end points; Outgoing label and the described VPN double-pointed local VPN forwarding-table item mapped identification of the inside VPN passage that described local VPN forwarding-table item 23 comprises VNE on described VPN the second end points.Preferably, described local VPN forwarding-table item 21 and local VPN forwarding-table item 22 also comprise respectively that movement content is the label action of ejecting label.

Because described host node is that described VPN the first end points and VPN the second end points have generated the required forwarding-table item of operation VPN, thereby make VNE can support VPN.

Preferably, according to described vpn service information, for described VPN the first end points and VPN the second end points generate respectively tunnel forwarding-table item separately.

The tunnel forwarding-table item of described VPN the first end points comprises tunnel forwarding-table item 11 and tunnel forwarding-table item 12; The double-pointed tunnel of described VPN forwarding-table item comprises tunnel forwarding-table item 21 and tunnel forwarding-table item 22.Preferably, can generate described tunnel forwarding-table item by described host node.

Described tunnel forwarding-table item 11 comprises the outgoing label of VNE internal tunnel on VPN the first end points and the tunnel forwarding-table item mapped identification of described VPN the first end points, preferably, described tunnel forwarding-table item 11 also comprises that a movement content is the label action that is pressed into label.Described tunnel forwarding-table item 12 comprises that enter label and the movement content of VNE internal tunnel on VPN the first end points is the label action of ejecting label.

Described tunnel forwarding-table item 21 comprises outgoing label and the described VPN double-pointed tunnel forwarding-table item mapped identification of VNE internal tunnel on VPN the second end points, preferably, described tunnel forwarding-table item 21 also comprises that a movement content is the label action that is pressed into label.Described tunnel forwarding-table item 22 comprises that enter label and the movement content of VNE internal tunnel on VPN the second end points is the label action of ejecting label.

Preferably, in the time also there is described VPN intermediate node in network, described host node also needs the method with reference to the present embodiment, on described VPN intermediate node, generates tunnel forwarding-table item in order to carry two tunnels between described VPN the first end points and VPN the second end points.

Preferably, in the time also comprising the 3rd CE in network, between described VPN the 3rd end points and described VPN the first end points or VPN the second end points, may also there is another VPN passage.Therefore the host node in described VNE need to be according to the method in the present embodiment on described VPN the 3rd end points and VPN the first end points, or, on VPN the 3rd end points and VPN the second end points, for described another VPN passage generates local VPN forwarding-table item.Preferably, the host node in described VNE need to be also that described another VPN passage generates tunnel forwarding-table item according to the method in the present embodiment.

Step 604, described host node will send to respectively described VPN the first end points and VPN the second end points for the local VPN forwarding-table item of described VPN the first end points and the double-pointed each self-generating of VPN.

Preferably, described VPN the first end points and VPN the second end points tunnel forwarding-table item are separately sent to respectively described VPN the first end points and VPN the second end points by described host node.

Preferably, in the time there is described VPN intermediate node in described VNE, the tunnel forwarding-table item generating for described VPN intermediate node is sent to described VPN intermediate node by described host node.

Preferably, the local VPN forwarding-table item generating for described VPN the 3rd end points is sent to described VPN the 3rd end points by described host node.

Preferably, the tunnel forwarding-table item generating for described VPN the 3rd end points is sent to described VPN the 3rd end points by described host node.

One embodiment of the present of invention are as follows

In the open a kind of situation of supporting hierarchical virtual private network (HoVPN, Hierarchy of VPN) in Virtual Cluster network element (VNE) of the present embodiment, the method for generating virtual private network (VPN) forwarding-table item.

Host node in step 701, Virtual Cluster network element (VNE) generates the vpn service information taking described VNE as independent network element according to pre-configured Virtual Private Network (VPN) business.

Preferably, described vpn service information comprises: the interface identifier of the interface being connected with first user side PE (UPE) in the interface identifier of the inside VPN label of described VNE, the described VNE interface connected with far-end PE, described VNE, tunnel forwarding-table item mapped identification and the internal tunnel label of corresponding VNE with described tunnel forwarding-table item mapped identification.Preferably, the inside VPN label of described VNE is that the VPN of a described VNE of process is at the VPN label of the part of described VNE inside.Preferably, the internal tunnel label of described VNE is for carrying the tunnel label in the part of described VNE inside through the tunnel of the VPN of described VNE.

Preferably, before step 701, also comprise: using described VNE as single network element device in the situation that, on described host node, configure a HoVPN business.

Step 702, described host node determine a VPN passage in the VPN corresponding with described vpn service information in described VNE, need through VPN the first end points and VPN the second end points.

Because described VNE is the virtual bench that comprises many physical entity devices, therefore a VPN passage conventionally has two VPN end points in described VNE, and one of them VPN end points is VPN the first end points, and another VPN end points is VPN the second end points.Preferably, described VPN passage can also be through other nodes in described VNE.

Obviously, the number of the node in a VNE can change, but at least will comprise that a host node and one are from node.Preferably, in a VNE, can also comprise a slave node, during with convenient host node fault, switch to new host node.

Preferably, as shown in Figure 7a, VNE comprises that a host node (node 1) and four are from node (node 2-node 5).A VPN passage is through node 3, node 4 and node 5, and wherein node 3 and node 4 are described VPN end points, and described node 5 is described VPN intermediate node.

Preferably, in network, also at least comprise a UPE, a far-end PE, a first user lateral edges device (CE) and the 2nd CE.A described UPE is connected from node with first in described VNE, and a described CE is connected from node with described first by a described UPE; Described far-end PE is connected from node with second in described VNE, and described the 2nd CE is connected from node with second in described VNE by described far-end PE.

As shown in Figure 7a, described first in described VNE is node 4 from node, and a described UPE is connected with described node 4, and a CE is connected with node 4 by a UPE; In described VNE described second is node 3 from node, and described far-end PE is connected with described node 3 by P node, and the 2nd CE is connected with node 3 by described far-end PE again.

Preferably, described host node determines that according to described vpn service information described VNE serves as upper strata PE (SPE, Super PE) in network.

Preferably, described host node determines that according to the interface identifier of the interface being connected with a UPE in VNE described VPN passage is at the VPN of described VNE the first end points.Because described VPN the first end points is connected with a described UPE, described VPN the first end points is user's side PE (UPE) of VNE inside.For example, as shown in Figure 7a, node 1 determines that according to the interface identifier of the node 4 being connected with a UPE in VNE node 4 is for VPN the first end points.

Preferably, described host node determines that according to the interface identifier of the interface being connected with described far-end PE in VNE described VPN passage is at the VPN of described VNE the second end points.Because described VPN the second end points is connected with described far-end PE, so described VPN the second end points is a high-rise PE (SPE) of VNE inside.For example, as shown in Figure 7a, node 1 determines that according to the interface identifier of the interface of the node 3 being connected with far-end PE in VNE node 3 is for VPN the second end points.

Preferably, described host node can also determine whether described VPN passage also passes through VPN intermediate node between described two VPN end points according to the forwarding-table item of described VNE inside.For example, as shown in Figure 7a, node 1 is determined between node 3 and node 4 and is had VPN intermediate node, i.e. node 5 according to the inner forwarding-table item of described VNE.

Preferably, can also comprise the 2nd UPE in network, described the 2nd UPE is connected from node with the 3rd in described VNE, and the 3rd CE is connected from node with the described the 3rd by described the 2nd UPE.As shown in Figure 7b, the 3rd in described VNE is node 5 from node, and described the 3rd CE is connected with described node 5 by the 2nd UPE.In the time there is described the 2nd UPE in described network, described vpn service information also comprises the interface identifier of the interface being connected with the 2nd UPE in VNE.

Preferably, in the time also there is described the 2nd UPE and the 3rd CE in network, described host node determines that according to the interface identifier of the interface being connected with described the 2nd UPE in VNE described VPN passage is at the VPN of described VNE the 3rd end points, wherein, described VPN the 3rd end points is the end points of other one article of VPN passage on described VNE.For example, as shown in Figure 7b, node 1 determines that according to the interface identifier of the node 5 being connected with the 2nd UPE in VNE node 5 is for VPN the 3rd end points.Alternatively, the VPN end points of described other one article of VPN passage in described VNE is described VPN the 3rd end points, and a described other VPN passage another VPN end points in described VNE is described VPN the first end points or VPN the second end points.Because described VPN the 3rd end points is connected with described the 2nd UPE, described VPN the second end points is user's side PE (UPE) of VNE inside.

Step 703, according to described vpn service information, for described VPN the first end points and VPN the second end points generate respectively local VPN forwarding-table item separately.

Preferably, for the local VPN forwarding-table item 11 of described VPN first end dot generation, local VPN forwarding-table item 12 and local VPN forwarding-table item 13, for described VPN the second end points generates this local VPN forwarding-table item 21, local VPN forwarding-table item 22 and local VPN forwarding-table item 23.Preferably, can generate described local VPN forwarding-table item by described host node.

The first local VPN forwarding-table item mapped identification that enter label and described VPN first end points of the inside VPN passage that described local VPN forwarding-table item 11 comprises VNE on VPN the first end points; The inside VPN passage that described local forwarding-table item 12 comprises VNE is the second local VPN forwarding-table item mapped identification that enters label and described VPN the first end points on VPN the first end points; Described local forwarding-table item 13 comprises the outgoing label of inside VPN passage on VPN the first end points and the local VPN forwarding-table item mapped identification of described VPN the first end points of VNE.Preferably, the internal tunnel label of described VNE is for carrying the tunnel label in the part of described VNE inside through the tunnel of the VPN of described VNE.

The inside VPN passage that described local VPN forwarding-table item 21 comprises VNE first enters label and Tunnel Identifier for associated VNE outer tunnel on VPN the second end points; The inside VPN passage that described local VPN forwarding-table item 22 comprises VNE second enters label and Tunnel Identifier for associated VNE internal tunnel on VPN the second end points; Outgoing label and the described VPN double-pointed local VPN forwarding-table item mapped identification of the inside VPN passage that described local VPN forwarding-table item 23 comprises VNE on described VPN the second end points.Preferably, described local VPN forwarding-table item 21 and local VPN forwarding-table item 22 also comprise that movement content is the label action of ejecting label.

Because described host node is that described VPN the first end points and VPN the second end points have generated the required forwarding-table item of operation VPN, thereby make VNE can support VPN.

Preferably, according to described vpn service information, for described VPN the first end points and VPN the second end points generate respectively tunnel forwarding-table item separately.

The tunnel forwarding-table item of described VPN the first end points comprises tunnel forwarding-table item 11 and tunnel forwarding-table item 12; The double-pointed tunnel of described VPN forwarding-table item comprises tunnel forwarding-table item 21 and tunnel forwarding-table item 22.Preferably, can generate described tunnel forwarding-table item by described host node.

Described tunnel forwarding-table item 11 comprises the outgoing label of VNE internal tunnel on VPN the first end points and the tunnel forwarding-table item mapped identification of described VPN the first end points, preferably, also comprises that movement content is the label action that is pressed into label in described tunnel forwarding-table item 11; Described tunnel forwarding-table item 12 comprises that enter label and the movement content of VNE internal tunnel on VPN the first end points is the label action of ejecting label.

Described tunnel forwarding-table item 21 comprises outgoing label and the described VPN double-pointed tunnel forwarding-table item mapped identification of VNE internal tunnel on VPN the second end points, preferably, also comprises that movement content is the label action that is pressed into label in described tunnel forwarding-table item 21; Described tunnel forwarding-table item 22 comprises that enter label and the movement content of VNE internal tunnel on VPN the second end points is the label action of ejecting label.

Preferably, in the time also there is described VPN intermediate node in network, described host node also needs the method with reference to the present embodiment, on described VPN intermediate node, generates tunnel forwarding-table item in order to carry two tunnels between described VPN the first end points and VPN the second end points.

Preferably, in the time also comprising the 3rd CE in network, between described VPN the 3rd end points and described VPN the first end points or VPN the second end points, may also there is another VPN passage.Therefore the host node in described VNE need to be according to the method in the present embodiment on described VPN the 3rd end points and VPN the first end points, or, on VPN the 3rd end points and VPN the second end points, for described another VPN passage generates local VPN forwarding-table item.Preferably, the host node in described VNE need to be also that described another VPN passage generates tunnel forwarding-table item according to the method in the present embodiment.

Step 704, described host node will send to respectively described VPN the first end points and VPN the second end points for the local VPN forwarding-table item of described VPN the first end points and the double-pointed each self-generating of VPN.

Preferably, described VPN the first end points and VPN the second end points tunnel forwarding-table item are separately sent to respectively described VPN the first end points and VPN the second end points by described host node.

Preferably, in the time there is described VPN intermediate node in described VNE, the tunnel forwarding-table item generating for described VPN intermediate node is sent to described VPN intermediate node by described host node.

Preferably, the local VPN forwarding-table item generating for described VPN the 3rd end points is sent to described VPN the 3rd end points by described host node.

Preferably, the tunnel forwarding-table item generating for described VPN the 3rd end points is sent to described VPN the 3rd end points by described host node.

One embodiment of the present of invention are as follows

The present embodiment is open a kind of at Virtual Cluster network element (VNE, Virtual Network Element) support remote circuit interconnection (CCC, Circuit Cross Connect) in the situation of technology, the method of generating virtual private network (VPN, Virtual Private Network) forwarding-table item.

Host node in step 801, Virtual Cluster network element (VNE) generates the vpn service information taking described VNE as independent network element according to pre-configured Virtual Private Network (VPN) business.Preferably, described vpn service information comprises: interface identifier, VPN forwarding-table item mapped identification and the tunnel forwarding-table item mapped identification of place in circuit (AC, the Attachment Circuit) interface in the inside VPN label of described VNE, described VNE.Wherein, the AC interface in described VNE is the interface being connected with user's lateral edges device (CE) in VNE.Preferably, the inside VPN label of described VNE is that the VPN of a described VNE of process is at the VPN label of the part of described VNE inside.

Preferably, before step 801, also comprise: using described VNE as single network element device in the situation that, on described host node, configure virtual leased link (VLL, the Virtual Leased Line) business of a long-range CCC mode.Preferably, described vpn service information is overall VLL information.Preferably, described host node determines that according to described overall VLL vpn service information described VNE is a Provider Edge device (PE) on the whole

Step 802, described host node determine a VPN passage in the VPN corresponding with described vpn service information in described VNE, need through VPN the first end points and VPN the second end points.

Because described VNE is the virtual bench that comprises many physical entity devices, therefore a VPN passage conventionally has two VPN end points in described VNE, and one of them VPN end points is VPN the first end points, and another VPN end points is VPN the second end points.Preferably, described VPN can also be through other nodes in described VNE.In the present embodiment VPN passage node except described two VPN end points of process in a VNE is called to VPN intermediate node.

Obviously, the number of the node in a VNE can change, but at least will comprise that a host node and one are from node.Preferably, in a VNE, can also comprise a slave node, during with convenient host node fault, switch to new host node.

Preferably, as shown in Figure 8, VNE comprises that a host node (node 1) and four are from node (node 2-node 5).A VPN passage is through node 3, node 4 and node 5, and wherein node 3 and node 4 are described VPN end points, and described node 5 is described VPN intermediate node.

Preferably, in network, also at least there is a first user lateral edges device (CE, Customer Edge) and the 2nd CE.A described CE be connected with described VPN the first end points, described the 2nd CE is connected with described VPN the second end points by a far-end Provider Edge node (PE).Preferably, as shown in Figure 8, a described CE is CE1, and described the 2nd CE is CE2, and described CE1 is connected with described node 4, and described CE2 is connected with described node 3 by far-end PE.

The interface identifier of the AC interface that preferably, described host node is connected with a described CE according to described VNE is determined the VPN end points of described VPN passage at described VNE.Wherein, a described AC interface is the interface being connected with a described CE in described VNE.Because described VPN the first end points is connected with a described CE, so described VPN the first end points is user's side PE (UPE) of VNE inside.For example, as shown in Figure 8, the interface identifier of the AC interface that node 1 is connected with CE1 according to described VNE determines that node 4 is a VPN end points.

Preferably, described host node determines that according to the interface identifier of the interface being connected with described far-end PE in VNE described VPN passage is at the VPN of described VNE the second end points.Because described VPN the second end points is connected with described far-end PE, so described VPN the first end points is an operator (P) node of VNE inside.For example, as shown in Figure 8, node 1 determines that according to the interface identifier of the interface of the node 3 being connected with far-end PE in VNE node 3 is for VPN the second end points.

Preferably, described host node can also determine whether described VPN passage also passes through VPN intermediate node between described two VPN end points according to the forwarding-table item of described VNE inside.If also pass through VPN intermediate node, because the PE of respectively with one VNE inside of described VPN intermediate node is connected with a P node, therefore described VPN intermediate node is also a P node.For example, as shown in Figure 8, node 1 is determined between node 3 and node 4 and is had VPN intermediate node, i.e. node 5 according to the inner forwarding-table item of described VNE.

Step 803, according to described vpn service information, be the local VPN forwarding-table item of described VPN first end dot generation.

Preferably, for the local VPN forwarding-table item 11 of described VPN first end dot generation, local VPN forwarding-table item 12 and local VPN forwarding-table item 13, for described VPN the second end points generates local VPN forwarding-table item 21 and local VPN forwarding-table item 22.Preferably, can generate described local VPN forwarding-table item by described host node.

Preferably, the VPN forwarding-table item mapped identification that enter label and described VPN first end points of the inside VPE passage that described local VPN forwarding-table item 11 comprises VNE on described VPN the first end points.Preferably, the inside VPN passage of described VNE is described VPN passage in the part of described VNE inside preferably, and local VPN forwarding-table item 11 also comprises that a movement content is the label action of ejecting label and forwarding.Described local VPN forwarding-table item 12 comprises a VPN forwarding-table item mapped identification of interface identifier and described VPN first end points of an AC interface.Preferably, described local VPN forwarding-table item 12 also comprises that a movement content is the label action forwarding.Described local VPN forwarding-table item 13 comprises that the interface identifier of the local outgoing interface being connected with described VPN the second end points and for the Tunnel Identifier of associated VNE internal tunnel preferably, described VPN forwarding-table item 13 also comprise that a movement content is the label action that forwards and to the double-pointed local down hop of described VPN.

Step 804, according to described vpn service information, be that described VPN the second end points generates tunnel forwarding-table item.

Preferably, for the first tunnel, for described VPN the second end points generates tunnel forwarding-table item 11 and tunnel forwarding-table item 12.Described the first tunnel is the tunnel of described VPN the first end points to described far-end PE.

Described tunnel forwarding-table item 11 comprises that described the first tunnel enters label and described the first tunnel tunnel forwarding-table item mapped identification on VPN the second end points on described VPN the second end points.

Described tunnel forwarding-table item 12 comprises the outgoing label of described the first tunnel on described VPN the second end points, tunnel forwarding-table item mapped identification and the described VPN double-pointed local outgoing interface of described the first tunnel on VPN the second end points, preferably, described tunnel forwarding-table item 12 also comprises the label action that a movement content is switch label.

Preferably, for the second tunnel, for described VPN the second end points generates tunnel forwarding-table item 21 and tunnel forwarding-table item 22.Described the second tunnel is the tunnel of described far-end PE to described VPN the first end points.

Described tunnel forwarding-table item 21 comprises that described the second tunnel enters label and described the second tunnel tunnel forwarding-table item mapped identification on VPN the second end points on described VPN the second end points.

Described tunnel forwarding-table item 22 comprises the outgoing label of described the second tunnel on described VPN the second end points, tunnel forwarding-table item mapped identification and the described VPN double-pointed local outgoing interface of described the second tunnel on VPN the second end points, preferably, described tunnel forwarding-table item 22 also comprises the label action that a movement content is switch label.

Because described host node is that described VPN the first end points and VPN the second end points have generated the required forwarding-table item of operation VPN, thereby make VNE can support VPN.

Preferably, in the time also there is described VPN intermediate node in network, described host node also needs the method with reference to the present embodiment, on described VPN intermediate node, generates tunnel forwarding-table item in order to carry two tunnels between described VPN the first end points and VPN the second end points.

The tunnel forwarding-table item that step 805, described host node generate by the local VPN forwarding-table item for the dot generation of described VPN first end with for described VPN the second end points sends to respectively described VPN the first end points and VPN the second end points.

Preferably, the tunnel forwarding-table item for the first tunnel and the second tunnel generating for described VNE intermediate node is issued to described VPN intermediate node.

One embodiment of the present of invention

One embodiment of the present of invention disclose a kind of network equipment.Described network equipment is for together forming a Virtual Cluster network element (VNE) with other devices.

Described network equipment comprises Virtual Private Network (VPN) business information generation unit 91, VPN end points determining unit 92 and forwarding-table item generation unit 93.

Described vpn service information generating unit 91, for according to pre-configured Virtual Private Network (VPN) business, generates the vpn service information taking a Virtual Cluster network element (VNE) as independent network element;

Described VPN end points determining unit 92 for determine a VPN passage of the VPN corresponding with described vpn service information in described VNE, need through VPN the first end points and VPN the second end points;

Described forwarding-table item generation unit 93 is for according to described vpn service information, for described VPN the first end points and VPN the second end points generate respectively local VPN forwarding-table item separately.

Preferably, described network equipment also comprises transmitting element, for sending to respectively described VPN the first end points and VPN the second end points for the local VPN forwarding-table item of described VPN the first end points and the double-pointed each self-generating of VPN.

Preferably, in the time that the VNE at described network equipment place supports the pseudo wire emulation (PWE3) of single-hop edge-to-edge,

Described vpn service information comprises: the interface identifier of the interface connected with far-end Provider Edge node PE in the interface identifier of the place in circuit AC interface in the inside VPN label of described VNE, described VNE, described VNE, tunnel forwarding-table item mapped identification and the internal tunnel label of corresponding VNE with described tunnel forwarding-table item mapped identification;

The local VPN forwarding-table item of described VPN the first end points comprises local VPN forwarding-table item 11 and local VPN forwarding-table item 12;

The VPN forwarding-table item mapped identification that enter label and described VPN first end points of the inside VPN passage that described local VPN forwarding-table item 11 comprises VNE on described VPN the first end points;

Described local VPN forwarding-table item 12 comprises the VPN forwarding-table item mapped identification of interface identifier and described VPN first end points of a described AC interface;

The double-pointed local VPN forwarding-table item of described VPN comprises local VPN forwarding-table item 21 and local VPN forwarding-table item 22;

The inside VPN passage that described local VPN forwarding-table item 21 comprises described VNE first enters label and Tunnel Identifier for associated VNE outer tunnel on described VPN the second end points;

The inside VPN passage that described local VPN forwarding-table item 22 comprises described VNE second enters label and Tunnel Identifier for associated VNE internal tunnel on described VPN the second end points.

Preferably, in the time that the VNE at described network equipment place supports the pseudo wire emulation (PWE3) of multi-hop edge-to-edge,

Described vpn service information comprises: the interface identifier of the inside VPN label of described VNE, the interface connected with far-end Provider Edge node PE, tunnel forwarding-table item mapped identification and the corresponding VNE internal tunnel label with described tunnel forwarding-table item mapped identification;

The local VPN forwarding-table item of described VPN the first end points comprises local VPN forwarding-table item 11 and local VPN forwarding-table item 12;

The inside VPN passage that described local VPN forwarding-table item 11 comprises described VNE first enters label and Tunnel Identifier for associated VNE internal tunnel on described VPN the first end points;

The inside VPN passage that described local VPN forwarding-table item 12 comprises described VNE second enters label and Tunnel Identifier for associated VNE outer tunnel on described VPN the first end points;

The double-pointed local VPN forwarding-table item of described VPN comprises local VPN forwarding-table item 21 and local VPN forwarding-table item 22;

The inside VPN passage that described local VPN forwarding-table item 21 comprises described VNE first enters label and Tunnel Identifier for associated VNE outer tunnel on described VPN the second end points;

The inside VPN passage that described local VPN forwarding-table item 22 comprises described VNE second enters label and Tunnel Identifier for associated VNE internal tunnel on described VPN the second end points.

Preferably, in the time that the VNE at described network equipment place supports local circuit interconnection (CCC), described vpn service information comprises:

Interface identifier, VPN forwarding-table item mapped identification and the tunnel forwarding-table item mapped identification of the place in circuit AC interface in the inside VPN label of described VNE, described VNE;

The local VPN forwarding-table item of described VPN the first end points comprises local VPN forwarding-table item 11, local VPN forwarding-table item 12 and local VPN forwarding-table item 13;

Described VPN forwarding-table item 11 comprises that the inside VPN passage of VNE is in a VPN forwarding-table item mapped identification that enters label and a described VPN node of described VPN the first end points;

Described VPN forwarding-table item 12 comprises a VPN forwarding-table item mapped identification of interface identifier and a described VPN node of a described AC interface;

Described VPN forwarding-table item 13 is included in the double-pointed local outgoing interface mark of described VPN the, for the Tunnel Identifier of associated VNE internal tunnel with to the double-pointed local down hop of described VPN;

The double-pointed local VPN forwarding-table item of described VPN comprises local VPN forwarding-table item 21, local VPN forwarding-table item 22 and local VPN forwarding-table item 23;

The inside VPN passage that described VPN forwarding-table item 21 comprises VNE described VPN double-pointed enter label and the double-pointed VPN forwarding-table item mapped identification of described VPN;

Described VPN forwarding-table item 22 comprises interface identifier and the double-pointed VPN forwarding-table item mapped identification of described VPN of the 2nd AC interface;

Described VPN forwarding-table item 23 is included in the local outgoing interface mark of described VPN the first end points, for the Tunnel Identifier of associated VNE internal tunnel with to the local down hop of described VPN the first end points.

Preferably, in the time that the VNE at described network equipment place supports VPLS (VPLS), described vpn service information comprises:

The interface identifier of the interface connected with far-end Provider Edge node PE in the interface identifier of the place in circuit AC interface in described VNE, described VNE, tunnel forwarding-table item mapped identification and with described tunnel forwarding-table item mapped identification the internal tunnel label of corresponding VNE;

The local VPN forwarding-table item of described VPN the first end points comprises local VPN forwarding-table item 11;

The VPN forwarding-table item mapped identification that enter label and described VPN first end points of the inside VPN passage that described local VPN forwarding-table item 11 comprises described VNE on described VPN the first end points;

The double-pointed local VPN forwarding-table item of described VPN comprises local VPN forwarding-table item 21 and local VPN forwarding-table item 22;

The inside VPN passage that described local VPN forwarding-table item 21 comprises described VNE first enters label and Tunnel Identifier for associated VNE outer tunnel on described VPN the second end points;

The inside VPN passage that described local VPN forwarding-table item 22 comprises described VNE second enters label and Tunnel Identifier for associated VNE internal tunnel on described VPN the second end points.

Preferably, in the time that the VNE at described network equipment place supports hierarchical virtual private LAN service (HVPLS),

Described vpn service information comprises: the interface identifier of the interface being connected with first user side PE in the interface identifier of the interface connected with far-end PE, described VNE in the inside VPN label of described VNE, described VNE, tunnel forwarding-table item mapped identification and the internal tunnel label of corresponding VNE with described tunnel forwarding-table item mapped identification;

The local VPN forwarding-table item of described VPN the first end points comprises local VPN forwarding-table item 11 and local VPN forwarding-table item 12;

The first VPN forwarding-table item mapped identification that enter label and described VPN first end points of the inside VPN passage that described local VPN forwarding-table item 11 comprises described VNE on described VPN the first end points;

The inside VPN passage that described local VPN forwarding-table item 12 comprises described VNE second enters label and VPN forwarding-table item mapped identification on described VPN the first end points;

The double-pointed local VPN forwarding-table item of described VPN comprises local VPN forwarding-table item 21 and local VPN forwarding-table item 22;

The inside VPN passage that described local VPN forwarding-table item 21 comprises described VNE first enters label and Tunnel Identifier for associated VNE outer tunnel on described VPN the second end points;

The inside VPN passage that described local VPN forwarding-table item 22 comprises described VNE second enters label and Tunnel Identifier for associated VNE internal tunnel on described VPN the second end points.

Preferably, in the time that the VNE at described network equipment place supports Layer3 Virtual Private Network (L3VPN),

Described vpn service information comprises: the interface identifier of the interface connected with remote subscriber side Provider Edge node UPE in the inside VPN label of described VNE, described VNE, tunnel forwarding-table item mapped identification and the internal tunnel label of corresponding VNE with described tunnel forwarding-table item mapped identification;

The local VPN forwarding-table item of described VPN the first end points comprises local VPN forwarding-table item 11 and local VPN forwarding-table item 12;

The local VPN forwarding-table item mapped identification that enter label and described VPN first end points of the inside VPN passage that described local VPN forwarding-table item 11 comprises described VNE on VPN the first end points;

Described local VPN forwarding-table item 12 comprises the outgoing label of inside VPN passage on VPN the first end points and the local VPN forwarding-table item mapped identification of described VPN the first end points of described VNE;

The double-pointed local VPN forwarding-table item of described VPN comprises local VPN forwarding-table item 21, local VPN forwarding-table item 22 and local VPN forwarding-table item 23;

The inside VPN passage that described local VPN forwarding-table item 21 comprises described VNE first enters label and Tunnel Identifier for associated VNE outer tunnel on VPN the second end points;

The inside VPN passage that described local VPN forwarding-table item 22 comprises described VNE second enters label and Tunnel Identifier for associated VNE internal tunnel on VPN the second end points;

Outgoing label and the described VPN double-pointed local VPN forwarding-table item mapped identification of the inside VPN passage that described local VPN forwarding-table item 23 comprises described VNE on described VPN the second end points.

Preferably, in the time that the VNE at described network equipment place supports hierarchical virtual private network (HoVPN),

Described vpn service information comprises: the interface identifier of the interface being connected with first user side PE in the interface identifier of the inside VPN label of described VNE, the described VNE interface connected with far-end PE, described VNE, tunnel forwarding-table item mapped identification and the internal tunnel label of corresponding VNE with described tunnel forwarding-table item mapped identification;

The local VPN forwarding-table item of described VPN the first end points comprises local VPN forwarding-table item 11, local VPN forwarding-table item 12 and local VPN forwarding-table item 13;

The first local VPN forwarding-table item mapped identification that enter label and described VPN first end points of the inside VPN passage that described local VPN forwarding-table item 11 comprises described VNE on VPN the first end points;

The inside VPN passage that described local forwarding-table item 12 comprises described VNE is the second local VPN forwarding-table item mapped identification that enters label and described VPN the first end points on VPN the first end points;

Described local forwarding-table item 13 comprises the outgoing label of inside VPN passage on VPN the first end points and the local VPN forwarding-table item mapped identification of described VPN the first end points of described VNE;

The double-pointed local VPN forwarding-table item of described VPN comprises local VPN forwarding-table item 21, local VPN forwarding-table item 22 and local VPN forwarding-table item 23;

The inside VPN passage that described local VPN forwarding-table item 21 comprises described VNE first enters label and Tunnel Identifier for associated VNE outer tunnel on VPN the second end points;

The inside VPN passage that described local VPN forwarding-table item 22 comprises described VNE second enters label and Tunnel Identifier for associated VNE internal tunnel on VPN the second end points;

Outgoing label and the described VPN double-pointed local VPN forwarding-table item mapped identification of the inside VPN passage that described local VPN forwarding-table item 23 comprises described VNE on described VPN the second end points.

Preferably, in the present embodiment, the inside VPN label of described VNE is that the VPN of a described VNE of process is at the VPN label of the part of described VNE inside; The inside VPN passage of described VNE is the part of described VPN passage in described VNE inside; The internal tunnel label of described VNE is for carrying the tunnel label in the part of described VNE inside through the tunnel of the VPN of described VNE.

In the present embodiment, described unit is hardware cell, or a part of unit in described unit is hardware cell.

One embodiment of the present of invention

One embodiment of the present of invention disclose a kind of network equipment.Described network equipment is for together forming a Virtual Cluster network element (VNE) with other devices.

As shown in figure 10, described network equipment comprises vpn service information generating unit 101, VPN end points determining unit 102, VPN forwarding-table item generation unit 103 and tunnel forwarding-table item generation unit 104.

Described vpn service information generating unit 101, for according to pre-configured virtual private network business, generates the vpn service information taking a Virtual Cluster network element VNE as independent network element;

Described VPN end points determining unit 102 for determine a VPN passage of the VPN corresponding with described vpn service information in described VNE, need through VPN the first end points and VPN the second end points;

Described VPN forwarding-table item generation unit 103, for according to described vpn service information, is the local VPN forwarding-table item of described VPN first end dot generation;

Described tunnel forwarding-table item generation unit 104, for according to described vpn service information, is described VPN the second end points generation tunnel forwarding-table item.

Preferably, described device also comprises transmitting element, sends to respectively described VPN the first end points and VPN the second end points for the tunnel forwarding-table item generating by the local VPN forwarding-table item for the dot generation of described VPN first end with for described VPN the second end points.

In the time that described VNE supports remote circuit interconnection (CCC), described vpn service information comprises:

Interface identifier, VPN forwarding-table item mapped identification and the tunnel forwarding-table item mapped identification of the place in circuit AC interface in the inside VPN label of described VNE, described VNE;

The local VPN forwarding-table item of described VPN the first end points comprises local VPN forwarding-table item 11, local VPN forwarding-table item 12 and local VPN forwarding-table item 13;

The VPN forwarding-table item mapped identification that enter label and described VPN first end points of the inside VPN passage that described local VPN forwarding-table item 11 comprises VNE on described VPN the first end points;

Described local VPN forwarding-table item 12 comprises a VPN forwarding-table item mapped identification of interface identifier and described VPN first end points of an AC interface;

Described local VPN forwarding-table item 13 comprises the interface identifier of the local outgoing interface being connected with described VPN the second end points and the Tunnel Identifier for associated VNE internal tunnel;

The double-pointed tunnel of described VPN forwarding-table item comprises tunnel forwarding-table item 11 and tunnel forwarding-table item 12;

Described tunnel forwarding-table item 11 comprises that the first tunnel enters label and described the first tunnel tunnel forwarding-table item mapped identification on VPN the second end points on described VPN the second end points;

Described tunnel forwarding-table item 12 comprises the outgoing label of described the first tunnel on described VPN the second end points, tunnel forwarding-table item mapped identification and the described VPN double-pointed local outgoing interface of described the first tunnel on VPN the second end points;

Also tunnel forwarding-table item 21 and tunnel forwarding-table item 22 of the double-pointed tunnel of described VPN forwarding-table item;

Described tunnel forwarding-table item 21 comprises that the second tunnel enters label and described the second tunnel tunnel forwarding-table item mapped identification on VPN the second end points on described VPN the second end points;

Described tunnel forwarding-table item 22 comprises the outgoing label of described the second tunnel on described VPN the second end points, tunnel forwarding-table item mapped identification and the described VPN double-pointed local outgoing interface of described the second tunnel on VPN the second end points.

Preferably, in the present embodiment, the inside VPN label of described VNE is that the VPN of a described VNE of process is at the VPN label of the part of described VNE inside; The inside VPN passage of described VNE is the part of described VPN passage in described VNE inside.

In the present embodiment, described unit is hardware cell, or a part of unit in described unit is hardware cell.

One of ordinary skill in the art will appreciate that: all or part of step that realizes said method embodiment can complete by the relevant hardware of program command, aforesaid program can be stored in a computer read/write memory medium, this program is in the time carrying out, execution comprises the step of said method embodiment, and aforesaid storage medium comprises: the various media that can be program code stored such as ROM, RAM, magnetic disc or CD.

Finally it should be noted that: above embodiment only, in order to the technical scheme of the embodiment of the present invention to be described, is not intended to limit; Although the embodiment of the present invention is had been described in detail with reference to previous embodiment, those of ordinary skill in the art is to be understood that: its technical scheme that still can record aforementioned each embodiment is modified, or part technical characterictic is wherein equal to replacement; And these amendments or replacement do not make the essence of appropriate technical solution depart from the scope of the each embodiment technical scheme of the embodiment of the present invention.

Claims (16)

1. a method for generating forwarding table term of virtual private network, is characterized in that, comprising:

Host node in Virtual Cluster network element VNE generates the vpn service information taking described VNE as independent network element according to pre-configured virtual private network business;

Described host node determine a VPN passage in the VPN corresponding with described vpn service information in described VNE, need through VPN the first end points and VPN the second end points;

Described host node is according to described vpn service information, for described VPN the first end points and VPN the second end points generate respectively local VPN forwarding-table item separately.

2. method according to claim 1, is characterized in that, described method comprises:

Described host node will send to respectively described VPN the first end points and VPN the second end points for the local VPN forwarding-table item of described VPN the first end points and the double-pointed each self-generating of VPN.

3. method according to claim 1 and 2, is characterized in that,

In the time that described VNE supports the pseudo wire emulation PWE3 of single-hop edge-to-edge, described vpn service information comprises:

The interface identifier of the interface connected with far-end Provider Edge node PE in the interface identifier of the place in circuit AC interface in the inside VPN label of described VNE, described VNE, described VNE, tunnel forwarding-table item mapped identification and with described tunnel forwarding-table item mapped identification the internal tunnel label of corresponding VNE;

The local VPN forwarding-table item of described VPN the first end points comprises local VPN forwarding-table item 11 and local VPN forwarding-table item 12;

The VPN forwarding-table item mapped identification that enter label and described VPN first end points of the inside VPN passage that described local VPN forwarding-table item 11 comprises VNE on described VPN the first end points;

Described local VPN forwarding-table item 12 comprises the VPN forwarding-table item mapped identification of interface identifier and described VPN first end points of an AC interface, and a described AC interface is the connected interface of first user lateral edges device CE in described VNE;

The double-pointed local VPN forwarding-table item of described VPN comprises local VPN forwarding-table item 21 and local VPN forwarding-table item 22;

The inside VPN passage that described local VPN forwarding-table item 21 comprises described VNE first enters label and Tunnel Identifier for associated VNE outer tunnel on described VPN the second end points;

The inside VPN passage that described local VPN forwarding-table item 22 comprises described VNE second enters label and Tunnel Identifier for associated VNE internal tunnel on described VPN the second end points.

4. method according to claim 1 and 2, is characterized in that,

In the time that described VNE supports the pseudo wire emulation PWE3 of multi-hop edge-to-edge, described vpn service information comprises:

The interface identifier of the inside VPN label of described VNE, the interface connected with far-end Provider Edge node PE, tunnel forwarding-table item mapped identification and with described tunnel forwarding-table item mapped identification corresponding VNE internal tunnel label;

The local VPN forwarding-table item of described VPN the first end points comprises local VPN forwarding-table item 11 and local VPN forwarding-table item 12;

The inside VPN passage that described local VPN forwarding-table item 11 comprises described VNE first enters label and Tunnel Identifier for associated VNE internal tunnel on described VPN the first end points;

The inside VPN passage that described local VPN forwarding-table item 12 comprises described VNE second enters label and Tunnel Identifier for associated VNE outer tunnel on described VPN the first end points;

The double-pointed local VPN forwarding-table item of described VPN comprises local VPN forwarding-table item 21 and local VPN forwarding-table item 22;

The inside VPN passage that described local VPN forwarding-table item 21 comprises described VNE first enters label and Tunnel Identifier for associated VNE outer tunnel on described VPN the second end points;

The inside VPN passage that described local VPN forwarding-table item 22 comprises described VNE second enters label and Tunnel Identifier for associated VNE internal tunnel on described VPN the second end points.

5. method according to claim 1 and 2, is characterized in that,

In the time that described VNE supports local circuit interconnection CCC, described vpn service information comprises:

Interface identifier, VPN forwarding-table item mapped identification and the tunnel forwarding-table item mapped identification of the place in circuit AC interface in the inside VPN label of described VNE, described VNE;

The local VPN forwarding-table item of described VPN the first end points comprises local VPN forwarding-table item 11, local VPN forwarding-table item 12 and local VPN forwarding-table item 13;

Described VPN forwarding-table item 11 comprises that the inside VPN passage of VNE is in a VPN forwarding-table item mapped identification that enters label and described VPN the first end points of described VPN the first end points;

Described VPN forwarding-table item 12 comprises a VPN forwarding-table item mapped identification of interface identifier and described VPN first end points of an AC interface, and a described AC interface is the interface being connected with first user lateral edges device CE in described VNE;

Described VPN forwarding-table item 13 is included in the double-pointed local outgoing interface mark of described VPN the, for the Tunnel Identifier of associated VNE internal tunnel with to the double-pointed local down hop of described VPN;

The double-pointed local VPN forwarding-table item of described VPN comprises local VPN forwarding-table item 21, local VPN forwarding-table item 22 and local VPN forwarding-table item 23;

The inside VPN passage that described VPN forwarding-table item 21 comprises VNE described VPN double-pointed enter label and the double-pointed VPN forwarding-table item mapped identification of described VPN;

Described VPN forwarding-table item 22 comprises interface identifier and the double-pointed VPN forwarding-table item mapped identification of described VPN of the 2nd AC interface, and described the 2nd AC interface is the interface being connected with second user's lateral edges device CE in described VNE;

Described VPN forwarding-table item 23 is included in the local outgoing interface mark of described VPN the first end points, for the Tunnel Identifier of associated VNE internal tunnel with to the local down hop of described VPN the first end points.

6. method according to claim 1 and 2, is characterized in that,

In the time that described VNE supports VPLS VPLS, described vpn service information comprises:

The interface identifier of the interface connected with far-end Provider Edge node PE in the interface identifier of the place in circuit AC interface in described VNE, described VNE, tunnel forwarding-table item mapped identification and with described tunnel forwarding-table item mapped identification the internal tunnel label of corresponding VNE;

The local VPN forwarding-table item of described VPN the first end points comprises local VPN forwarding-table item 11;

The VPN forwarding-table item mapped identification that enter label and described VPN first end points of the inside VPN passage that described local VPN forwarding-table item 11 comprises described VNE on described VPN the first end points;

The double-pointed local VPN forwarding-table item of described VPN comprises local VPN forwarding-table item 21 and local VPN forwarding-table item 22;

The inside VPN passage that described local VPN forwarding-table item 21 comprises described VNE first enters label and Tunnel Identifier for associated VNE outer tunnel on described VPN the second end points;

The inside VPN passage that described local VPN forwarding-table item 22 comprises described VNE second enters label and Tunnel Identifier for associated VNE internal tunnel on described VPN the second end points.

7. method according to claim 1 and 2, is characterized in that,

In the time that described VNE supports hierarchical virtual private LAN service HVPLS, described vpn service information comprises:

The interface identifier of the interface being connected with first user side PE in the interface identifier of the interface connected with far-end PE, described VNE in the inside VPN label of described VNE, described VNE, tunnel forwarding-table item mapped identification and with described tunnel forwarding-table item mapped identification the internal tunnel label of corresponding VNE;

The local VPN forwarding-table item of described VPN the first end points comprises local VPN forwarding-table item 11 and local VPN forwarding-table item 12;

The first VPN forwarding-table item mapped identification that enter label and described VPN first end points of the inside VPN passage that described local VPN forwarding-table item 11 comprises described VNE on described VPN the first end points;

The inside VPN passage that described local VPN forwarding-table item 12 comprises described VNE second enters label and VPN forwarding-table item mapped identification on described VPN the first end points;

The double-pointed local VPN forwarding-table item of described VPN comprises local VPN forwarding-table item 21 and local VPN forwarding-table item 22;

The inside VPN passage that described local VPN forwarding-table item 21 comprises described VNE first enters label and Tunnel Identifier for associated VNE outer tunnel on described VPN the second end points;

The inside VPN passage that described local VPN forwarding-table item 22 comprises described VNE second enters label and Tunnel Identifier for associated VNE internal tunnel on described VPN the second end points.

8. method according to claim 1 and 2, is characterized in that,

In the time that described VNE supports Layer3 Virtual Private Network L3VPN, described vpn service information comprises:

The interface identifier of the interface connected with remote subscriber side Provider Edge node UPE in the inside VPN label of described VNE, described VNE, tunnel forwarding-table item mapped identification and with described tunnel forwarding-table item mapped identification the internal tunnel label of corresponding VNE;

The local VPN forwarding-table item of described VPN the first end points comprises local VPN forwarding-table item 11 and local VPN forwarding-table item 12;

The local VPN forwarding-table item mapped identification that enter label and described VPN first end points of the inside VPN passage that described local VPN forwarding-table item 11 comprises described VNE on VPN the first end points;

Described local VPN forwarding-table item 12 comprises the outgoing label of inside VPN passage on VPN the first end points and the local VPN forwarding-table item mapped identification of described VPN the first end points of described VNE;

The double-pointed local VPN forwarding-table item of described VPN comprises local VPN forwarding-table item 21, local VPN forwarding-table item 22 and local VPN forwarding-table item 23;

The inside VPN passage that described local VPN forwarding-table item 21 comprises described VNE first enters label and Tunnel Identifier for associated VNE outer tunnel on VPN the second end points;

The inside VPN passage that described local VPN forwarding-table item 22 comprises described VNE second enters label and Tunnel Identifier for associated VNE internal tunnel on VPN the second end points;

Outgoing label and the described VPN double-pointed local VPN forwarding-table item mapped identification of the inside VPN passage that described local VPN forwarding-table item 23 comprises described VNE on described VPN the second end points.

9. method according to claim 1 and 2, is characterized in that,

In the time that described VNE supports hierarchical virtual private network HoVPN, described vpn service information comprises:

The interface identifier of the interface being connected with first user side PE in the interface identifier of the inside VPN label of described VNE, the described VNE interface connected with far-end PE, described VNE, tunnel forwarding-table item mapped identification and with described tunnel forwarding-table item mapped identification the internal tunnel label of corresponding VNE;

The local VPN forwarding-table item of described VPN the first end points comprises local VPN forwarding-table item 11, local VPN forwarding-table item 12 and local VPN forwarding-table item 13;

The first local VPN forwarding-table item mapped identification that enter label and described VPN first end points of the inside VPN passage that described local VPN forwarding-table item 11 comprises described VNE on VPN the first end points;

The inside VPN passage that described local forwarding-table item 12 comprises described VNE is the second local VPN forwarding-table item mapped identification that enters label and described VPN the first end points on VPN the first end points;

Described local forwarding-table item 13 comprises the outgoing label of inside VPN passage on VPN the first end points and the local VPN forwarding-table item mapped identification of described VPN the first end points of described VNE;

The double-pointed local VPN forwarding-table item of described VPN comprises local VPN forwarding-table item 21, local VPN forwarding-table item 22 and local VPN forwarding-table item 23;

The inside VPN passage that described local VPN forwarding-table item 21 comprises described VNE first enters label and Tunnel Identifier for associated VNE outer tunnel on VPN the second end points;

The inside VPN passage that described local VPN forwarding-table item 22 comprises described VNE second enters label and Tunnel Identifier for associated VNE internal tunnel on VPN the second end points;

Outgoing label and the described VPN double-pointed local VPN forwarding-table item mapped identification of the inside VPN passage that described local VPN forwarding-table item 23 comprises described VNE on described VPN the second end points.

10. a method for generating forwarding table term of virtual private network, is characterized in that, comprising:

Host node in Virtual Cluster network element VNE generates the vpn service information taking described VNE as independent network element according to pre-configured virtual private network business;

Described host node determine a VPN passage in the VPN corresponding with described vpn service information in described VNE, need through VPN the first end points and VPN the second end points;

According to described vpn service information, it is the local VPN forwarding-table item of described VPN first end dot generation;

According to described vpn service information, for described VPN the second end points generates tunnel forwarding-table item.

11. methods according to claim 10, is characterized in that, described method also comprises:

The tunnel forwarding-table item that described host node generates by the local VPN forwarding-table item for the dot generation of described VPN first end with for described VPN the second end points sends to respectively described VPN the first end points and VPN the second end points.

12. according to the method described in claim 10 or 11, it is characterized in that,

In the time that described VNE supports remote circuit interconnection CCC, described vpn service information comprises:

Interface identifier, VPN forwarding-table item mapped identification and the tunnel forwarding-table item mapped identification of the place in circuit AC interface in the inside VPN label of described VNE, described VNE;

The local VPN forwarding-table item of described VPN the first end points comprises local VPN forwarding-table item 11, local VPN forwarding-table item 12 and local VPN forwarding-table item 13;

The VPN forwarding-table item mapped identification that enter label and described VPN first end points of the inside VPN passage that described local VPN forwarding-table item 11 comprises VNE on described VPN the first end points;

Described local VPN forwarding-table item 12 comprises a VPN forwarding-table item mapped identification of interface identifier and described VPN first end points of an AC interface, and a described AC interface is the interface being connected with first user lateral edges device CE in described VNE;

Described local VPN forwarding-table item 13 comprises the interface identifier of the local outgoing interface being connected with described VPN the second end points and the Tunnel Identifier for associated VNE internal tunnel;

The double-pointed tunnel of described VPN forwarding-table item comprises tunnel forwarding-table item 11 and tunnel forwarding-table item 12;

Described tunnel forwarding-table item 11 comprises that the first tunnel enters label and described the first tunnel tunnel forwarding-table item mapped identification on VPN the second end points on described VPN the second end points;

Described tunnel forwarding-table item 12 comprises the outgoing label of described the first tunnel on described VPN the second end points, tunnel forwarding-table item mapped identification and the described VPN double-pointed local outgoing interface of described the first tunnel on VPN the second end points;

The double-pointed tunnel of described VPN forwarding-table item also comprises tunnel forwarding-table item 21 and tunnel forwarding-table item 22;

Described tunnel forwarding-table item 21 comprises that the second tunnel enters label and described the second tunnel tunnel forwarding-table item mapped identification on VPN the second end points on described VPN the second end points;

Described tunnel forwarding-table item 22 comprises the outgoing label of described the second tunnel on described VPN the second end points, tunnel forwarding-table item mapped identification and the described VPN double-pointed local outgoing interface of described the second tunnel on VPN the second end points.

13. 1 kinds of network equipments, is characterized in that, comprising:

Vpn service information generating unit, for according to pre-configured virtual private network business, generates the vpn service information taking a Virtual Cluster network element VNE as independent network element;

VPN end points determining unit, for determine a VPN passage of the VPN corresponding with described vpn service information in described VNE, need through VPN the first end points and VPN the second end points;

Forwarding-table item generation unit, for according to described vpn service information, for described VPN the first end points and VPN the second end points generate respectively local VPN forwarding-table item separately.

14. devices according to claim 13, is characterized in that, also comprise:

Transmitting element, for sending to respectively described VPN the first end points and VPN the second end points for the local VPN forwarding-table item of described VPN the first end points and the double-pointed each self-generating of VPN.

15. 1 kinds of network equipments, is characterized in that, comprising:

Vpn service information generating unit, for according to pre-configured virtual private network business, generates the vpn service information taking a Virtual Cluster network element VNE as independent network element;

VPN end points determining unit, for determine a VPN passage of the VPN corresponding with described vpn service information in described VNE, need through VPN the first end points and VPN the second end points;

VPN forwarding-table item generation unit, for according to described vpn service information, is the local VPN forwarding-table item of described VPN first end dot generation;

Tunnel forwarding-table item generation unit, for according to described vpn service information, is described VPN the second end points generation tunnel forwarding-table item.

16. devices according to claim 15, is characterized in that, described device also comprises:

Transmitting element, sends to respectively described VPN the first end points and VPN the second end points for the tunnel forwarding-table item generating by the local VPN forwarding-table item for the dot generation of described VPN first end with for described VPN the second end points.

Images