CN102891790B - The VPN virtual method of the privately owned cloud of a kind of accesses virtual and system - Google Patents
The VPN virtual method of the privately owned cloud of a kind of accesses virtual and system Download PDFInfo
- Publication number
- CN102891790B CN102891790B CN201210356632.2A CN201210356632A CN102891790B CN 102891790 B CN102891790 B CN 102891790B CN 201210356632 A CN201210356632 A CN 201210356632A CN 102891790 B CN102891790 B CN 102891790B
- Authority
- CN
- China
- Prior art keywords
- label
- qinqvlan
- enterprise customer
- vpc
- data flow
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides VPN virtual method and the system of the privately owned cloud of a kind of accesses virtual, the QinQ of pre-configured enterprise customer's application? VLAN and MPLS? corresponding relation between VPN, by data flow mutual between enterprise customer and the virtual privately owned cloud of data center is stamped QinQ? the mode of VLAN label, at the MPLS that described enterprise customer has applied for? the transmission of described data flow is carried out in VPN.Only need to rent a MPLS to operator by method and system provided by the invention? VPN just can realize the virtual privately owned cloud access of multiple enterprise customer, reduces taking of resource, has saved cost; The high qos requirement of enterprise customer can also be ensured simultaneously, without the need to encrypting thus saving transport overhead, can accomplish namely to open without the need to complex configurations in addition and namely lead to.
Description
[technical field]
The present invention relates to network communication technology field, particularly the VPN virtual method of the privately owned cloud of a kind of accesses virtual and system.
[background technology]
Virtual privately owned cloud (VPC) is that enterprise customer directly can be connected with the virtual server infrastructure in total cloud data center (IDC) by the VPN (virtual private network) (VPN) on the Internet towards medium-sized and small enterprises at the enterprise that total cloud creates privately owned cloud network.The VPN that current VPC provides generally adopts IPSecVPN technology, these VPN technologies only need enterprise customer's gateway (hereinafter referred to as gateway) and IDC two-end-point egress network equipment to support that IPSec is just passable, telecom operators are not needed to provide any service, as shown in Figure 1, enterprise customer 1 is set up by gateway 1 and IDC exports CE(hereinafter referred to as CE) between IPSecVPN passage 1, VPC1 is accessed by this IPSecVPN passage 1, enterprise customer 2 sets up the IPSecVPN passage 2 between CE by gateway 2, accesses VPC2 by this IPSecVPN passage 2.But adopt this technology IDC to need to set up IPSecVPN between each enterprise customer, one is take resource to cause the wasting of resources, and two is that cost is higher.
[summary of the invention]
In view of this, the invention provides VPN virtual method and the system of the privately owned cloud of a kind of accesses virtual, so that economize on resources, reduce costs.
Concrete technical scheme is as follows:
Access a VPN virtual method of VPC, the corresponding relation between QinQVLAN and the MPLSVPN of pre-configured enterprise customer's application, the method comprises:
By data flow mutual between enterprise customer and the VPC of data center being stamped the mode of QinQVLAN label, in the MPLSVPN between described data center and BNG, carry out the transmission of described data flow.
According to one preferred embodiment of the present invention, the method also comprises network configuration process, specifically comprises:
Cloud management platform sends the configuring request of the QinQVLAN label comprising enterprise customer's application to gateway management platform;
Described configuring request is handed down to enterprise customer's gateway by described gateway management platform.
According to one preferred embodiment of the present invention, the method also comprises network configuration process, specifically comprises:
Cloud management platform sends to VPN management platform and comprises the QinQVLAN label of enterprise customer's application and the configuring request of MPLSVPN information;
Described configuring request is handed down to the edge router PE of described BNG and data center's interface by described VPN management platform.
According to one preferred embodiment of the present invention, the method also comprises network configuration process, specifically comprises:
Cloud management platform issues to data center outlet CE the configuring request comprising the QinQVLAN label of enterprise customer's application and the VPC information of correspondence.
According to one preferred embodiment of the present invention, describedly data flow mutual between enterprise customer and the VPC of data center is stamped QinQVLAN label specifically comprise: the upstream of enterprise customer being accessed to VPC, enterprise customer's gateway is forwarded to BNG after described upstream is stamped QinQVLAN label;
The method also comprises: for the downstream data flow from described VPC, and described enterprise customer's gateway is transmitted to described enterprise customer after the described downstream data flow that BNG forwarding comes is removed QinQVLAN label.
According to one preferred embodiment of the present invention, the transmission carrying out described data flow in the MPLSVPN between described data center and BNG specifically comprises:
Enterprise customer is accessed to the upstream of VPC, after described upstream is stamped MPLS label by BNG, be forwarded to the PE of data center's interface by the MPLSVPN passage that described QinQVLAN label is corresponding, described PE is forwarded to CE after removing the MPLS label of described upstream;
For the downstream data flow from described VPC, be forwarded to described BNG by the MPLSVPN passage that described QinQVLAN label is corresponding after described downstream data flow is stamped MPLS label by described PE, described BNG is forwarded to enterprise customer's gateway after removing the MPLS label of described downstream data flow.
According to one preferred embodiment of the present invention, describedly data flow mutual between enterprise customer and the VPC of data center is stamped QinQVLAN label specifically comprise: for the downstream data flow from described VPC, after described downstream data flow is stamped QinQVLAN label by data center outlet CE, be forwarded to the PE of data center's interface;
Enterprise customer is accessed to the upstream of VPC, described CE is transmitted to corresponding VPC after the upstream that described PE forwarding comes is removed QinQVLAN label.
According to one preferred embodiment of the present invention, also comprise in described configuring request: QoS control information;
The method also comprises: the PE of BNG, data center's interface or data center outlet CE carries out the forwarding of data flow according to described QoS control information.
A VPN virtualization system of the privately owned VPC of accesses virtual, this system comprises:
QinQVLAN tag processes equipment, for stamping QinQVLAN label by data flow mutual between enterprise customer and the VPC of data center;
MPLSVPN transmission equipment, for transmitting in the MPLSVPN of the data flow stamping QinQVLAN label between described data center and broadband networks gateway BNG.
According to one preferred embodiment of the present invention, this system also comprises:
Cloud management platform, for sending the configuring request of the QinQVLAN label comprising enterprise customer's application to gateway management platform;
Gateway management platform, for being handed down to enterprise customer's gateway by described configuring request.
According to one preferred embodiment of the present invention, this system also comprises:
Cloud management platform, comprises the QinQVLAN label of enterprise customer's application and the configuring request of MPLSVPN information for sending to VPN management platform;
VPN management platform, for being handed down to the edge router PE of wideband network gateway BNG and data center's interface by described configuring request.
According to one preferred embodiment of the present invention, this system also comprises:
Cloud management platform, for issuing to data center outlet CE the configuring request comprising the QinQVLAN label of enterprise customer's application and the VPC information of correspondence.
According to one preferred embodiment of the present invention, described QinQVLAN tag processes equipment comprises enterprise customer's gateway;
Enterprise customer is accessed to the upstream of VPC, after upstream is stamped QinQVLAN label by described enterprise customer's gateway, be forwarded to BNG;
For the downstream data flow from described VPC, described enterprise customer's gateway is transmitted to described enterprise customer after the described downstream data flow that BNG forwarding comes is removed QinQVLAN label.
According to one preferred embodiment of the present invention, described MPLSVPN transmission equipment comprises: the PE of BNG and data center's interface;
Enterprise customer is accessed to the upstream of VPC, after described upstream is stamped MPLS label by BNG, the MPLSVPN passage corresponding by described QinQVLAN label is forwarded to described PE, and described PE is forwarded to CE after removing the MPLS label of described upstream;
For the downstream data flow from described VPC, be forwarded to described BNG by the MPLSVPN passage that described QinQVLAN label is corresponding after described downstream data flow is stamped MPLS label by described PE, described BNG is forwarded to enterprise customer's gateway after removing the MPLS label of described downstream data flow.
According to one preferred embodiment of the present invention, described QinQVLAN tag processes equipment comprises data center outlet CE;
For the downstream data flow from described VPC, after described downstream data flow is stamped QinQVLAN label by data center outlet CE, be forwarded to the PE of data center's interface;
The method also comprises: the upstream of enterprise customer being accessed to VPC, and described CE is transmitted to corresponding VPC after the upstream that described PE forwarding comes is removed QinQVLAN label.
According to one preferred embodiment of the present invention, also comprise in described configuring request: QoS control information;
The PE of BNG, data center's interface or data center outlet CE carries out the forwarding of data flow according to described QoS control information.
As can be seen from the above technical solutions, by data flow mutual between enterprise customer and the VPC of data center being stamped the mode of QinQVLAN label, the transmission of data flow is carried out in the MPLSVPN that enterprise customer has applied for, data center only needs to rent to operator the VPC access that a MPLSVPN just can realize multiple enterprise customer in this way, reduce taking of resource, save cost.
[accompanying drawing explanation]
Fig. 1 is the system diagram of access VPC of the prior art;
The VPN virtualization system structure chart of the access VPC that Fig. 2 provides for the embodiment of the present invention;
The schematic diagram of the layoutprocedure that Fig. 3 provides for the embodiment of the present invention one;
The schematic diagram of the upstream data repeating process that Fig. 4 provides for the embodiment of the present invention two;
The schematic diagram of the downlink data repeating process that Fig. 5 provides for the embodiment of the present invention two.
[embodiment]
In order to make the object, technical solutions and advantages of the present invention clearly, describe the present invention below in conjunction with the drawings and specific embodiments.
The present invention is based on system as shown in Figure 2, its core concept is, the mutual MPLS two-layer VPN of multiprotocol label is realized between the heart and broadband networks gateway (BNG) in the data by QinQVLAN label, namely utilize QinQVLAN label the MPLSVPN between data center and BNG to be virtualized into the MPLSVPN passage of several little bandwidth, realize the access of different enterprise customer to VPC.
Particularly, at the edge router PE(of BNG and IDC interface hereinafter referred to as PE) on store MPLSVPN information corresponding to QinQVLAN label, such as MPLSVPNID, CE equipment stores the VPC information that QinQVLAN label is corresponding, wherein QinQVLAN label configures for enterprise customer, the corresponding QinQVLAN label of a usual enterprise, does not certainly get rid of an enterprise yet and buys multiple VLAN, and this just exists the corresponding multiple QinQVLAN label of an enterprise.When gateway receives the data flow from the access VPC of enterprise customer, this data flow is stamped the QinQVLAN label that this enterprise customer is corresponding, when BNG receives this data flow, MPLSVPN is forwarded to after this data flow being stamped the MPLS label (MPLSVPNID can be adopted to identify) corresponding to QinQVLAN label that this data flow carries, PE peels off MPLS label and is forwarded to CE when receiving this data flow, and this stream compression is sent to the VPC corresponding to QinQVLAN label by CE.
The MPLS of access VPC provided by the invention is virtual comprises two processes: network configuration process and data forwarding process, be described in detail this two parts content respectively respectively by two embodiments below.
Embodiment one,
As shown in Figure 2, in order to realize network configuration process, cloud management platform adds and the interface of VPN management platform and the interface with gateway management platform.Cloud management platform is configuration and the management platform of data center's cloud resource, for the QinQVLAN label of VPC and gateway in universal formulation data center, comprises the MPLSVPN information that enterprise customer rents, comprise MPLSID in this cloud management platform; QinQVLAN label and MPLSVPNID are sent to VPN management platform as configuration information, and the QinQVLAN label of gateway is sent to gateway management platform as QinQ parameter, the VPC information of QinQVLAN label and correspondence is handed down to CE.
CE is MPLS user network boundary device, is deployed in data center's outlet, supports the transmission of QinQ label.
QinQ parameter is handed down to corresponding gateway by gateway management platform, and gateway completes the configuration of QinQVLAN label.Gateway herein refers in particular to enterprise gateway, i.e. the outlet device of enterprise's accessing to wide band network, requires that gateway supports QinQ technology in the present embodiment.Simply introduce QinQ technology at this: QinQ technology comes from IEEE802.1ad, it realizes user private network VLAN Tag Packaging in public network VLAN label, makes message with the backbone network (public network) of two-layer VLAN label passing through provider.QinQVLAN label and MPLS label form this two-layer VLAN label passing through provider network in embodiments of the present invention.
Configuration information is handed down to BNG and PE by VPN management platform, and the corresponding relation between BNG and PE store M PLSVPN information and QinQVLAN label is to transmitting, BNG and PE completes the configuration of transmitting with this.BNG is the gateway device of broadband access metropolitan area network, includes but not limited to the access devices such as BRAS, SR, requires to support QinQ technology and MPLSVPN technology.PE is the edge router of MPLS service provider, and be deployed in outlet access carrier MPLS network place of data center, same requirement supports QinQ technology and MPLSVPN technology.
Preferably, the QoS control information of QinQVLAN label can also be sent to VPN management platform by cloud management platform, BNG and PE is handed down to by VPN management platform, the QoS completed based on QinQVLAN label for BNG and PE controls, in addition, QoS control information also can be sent to CE by cloud management platform, and the QoS completed based on QinQVLAN label for CE controls.Wherein QoS control information can comprise: the qos parameters such as nominated bandwidth information, Delay, precedence information.
Be described in detail this layoutprocedure below by Fig. 3, as shown in Figure 3, this layoutprocedure mainly comprises:
Enterprise customer has applied for operator the MPLSVPN that IDC is interconnected in advance, namely ensures to use MPLSVPN passage, and relevant PE lays all in communication network.
Configuration 1: cloud management platform sends configuring request to VPN management platform, this configuring request comprises: the MPLSVPN information that enterprise customer rents and QinQVLAN label, wherein can comprise the bundle relation of MPLSID and source IP, object IP address in MPLSVPN information, wherein source IP, object IP are respectively the corresponding IP of gateway IP and IDC, for setting up MPLSVPN passage.The QoS control informations such as nominated bandwidth information, Delay, precedence information can also be comprised in addition in this configuring request.
Configuring request is handed down to BNG and PE by VPN management platform, and the MPLSVPN information that enterprise customer rents by BNG and PE and QinQVLAN tag storage, to transmitting, can also store QoS control information in addition further.Like this, the content that BNG and PE stores just comprises:
The MPLSVPN information that user rents, QinQVLAN label, the corresponding IP of gateway IP, IDC and qos parameter.
Configuration 2: cloud management platform sends configuring request to gateway management platform, and this configuring request comprises: the QinQVLAN label of enterprise customer's application.Configuring request is handed down to corresponding gateway by gateway management platform, and the QinQVLAN label of corresponding enterprise customer stores by gateway.
Configuration 3: cloud management platform issues configuring request to CE, this configuring request comprises the QinQVLAN label of enterprise customer's application and the VPC information of correspondence, can also comprise QoS control information.CE stores the VPC information of QinQVLAN label and correspondence to transmitting, and can also store QoS control information further.The content that such CE stores comprises:
QinQVLAN label, VPC information and qos parameter.
Above-mentioned configuration 1, configuration 2 and configuration 3 do not have fixing sequencing, are only a kind of example in figure.
The virtual MPLSVPN passage that enterprise customer rents is after cloud management platform notice VPN management platform, notifies that what BNG and PE set up, BNG and PE utilize the corresponding IP of gateway IP and IDC to set up virtual MPLSVPN passage by VPN management platform.
When enterprise customer no longer rents VPC or MPLSVPN, cloud management platform can delete corresponding configuration via VPN management platform notice BNG and PE, corresponding configuration is deleted via gateway management platform notification gateway, directly notify that CE deletes corresponding configuration, thus corresponding resource can be discharged for other enterprise customers.
Embodiment two,
The schematic diagram of the upstream data repeating process that Fig. 4 provides for the embodiment of the present invention two, namely enterprise customer accesses VPC, as shown in Figure 4, comprises following flow process:
Step 401: gateway is forwarded to BNG after the data flow of the access VPC from enterprise customer is stamped QinQVLAN label.
Because gateway has stored the QinQVLAN label of corresponding enterprise customer in the layoutprocedure described in embodiment one, therefore after receiving the data flow from the access VPC of enterprise customer, this data flow is stamped QinQVLAN label.
After step 402:BNG receives this data flow, forwarded by the MPLSVPN that QinQVLAN label is corresponding after this data flow being stamped MPLS label.
Because in the layoutprocedure described in embodiment one, BNG has stored MPLSVPN information, QinQVLAN label, gateway IP, the corresponding IP of IDC and qos parameter, therefore can first judge whether to need to use MPLSVPN according to QinQVLAN label after receiving data flow, namely judge whether to find MPLSVPN information corresponding to QinQVLAN label, can also judge further in addition the source IP of data flow and object IP whether with binding relationship (the gateway IP that stores in BNG, the binding relationship of corresponding IP and the QinQVLAN label of IDC) consistent, if, then this data flow is stamped MPLS label, this MPLS label is used for identifying MPLSVPN, then corresponding MPLSVPN passage is sent to.
After step 403:PE receives this data flow by MPLSVPN, after removing MPLS label, be forwarded to CE.
Step 404:CE to remove data flow after the QinQVLAN label in data flow to VPC corresponding to QinQVLAN label.
Because in the layoutprocedure described in embodiment one, CE has stored QinQVLAN label, VPC information and qos parameter, therefore, CE can determine corresponding VPC according to the QinQVLAN label in data flow.
In addition, above-mentioned BNG, PE and CE, when forwarding this data flow, can carry out corresponding QoS control according to the qos parameter stored to data stream, such as, forward according to the bandwidth of specifying in qos parameter, time delay or priority etc.
The schematic diagram of the downlink data repeating process that Fig. 5 provides for the embodiment of the present invention two, namely in IDC, VPC return data, to enterprise customer, as shown in Figure 5, comprises following flow process:
Step 501:CE is forwarded to PE after the data flow from VPC being stamped QinQVLAN label corresponding to VPC.
Because in the layoutprocedure described in embodiment one, CE has stored QinQVLAN label, VPC information and qos parameter, therefore, CE can according to data flow from VPC determine corresponding QinQVLAN label.
After step 502:PE receives this data flow, forwarded by the MPLSVPN that QinQVLAN label is corresponding after this data flow being stamped MPLS label.
Because in the layoutprocedure described in embodiment one, PE has stored MPLSVPN information, QinQVLAN label, gateway IP, the corresponding IP of IDC and qos parameter, therefore can first judge whether to need to use MPLSVPN according to QinQVLAN label after receiving data flow, namely judge whether to find MPLSVPN information corresponding to QinQVLAN label, can also judge further in addition the source IP of data flow and object IP whether with binding relationship (the gateway IP that stores in BNG, the binding relationship of corresponding IP and the QinQVLAN label of IDC) consistent, if, then this data flow is stamped MPLS label, this MPLS label is used for identifying MPLSVPN, then corresponding MPLSVPN passage is sent to.
After step 503:BNG receives this data flow by MPLSVPN, after removing MPLS label, be forwarded to gateway.
Step 504: give corresponding enterprise customer by data flow after gateway removal QinQVLAN label.
Equally, above-mentioned BNG, PE and CE, when forwarding this data flow, can carry out corresponding QoS control according to the qos parameter stored to data stream further, such as, forward according to the bandwidth of specifying in qos parameter, time delay or priority etc.
In fact, above-mentioned gateway and CE are QinQVLAN tag processes equipment, for data flow mutual between enterprise customer and the VPC of data center is stamped QinQVLAN label.BNG and PE is MPLSVPN transmission equipment, for transmitting in the MPLSVPN of the data flow stamping QinQVLAN label in the data between the heart and BNG.
Above-described embodiment is not only applicable to the access at forms data center, is also applicable to the access of cross-domain privately owned cloud.The BNG of enterprise customer's access of the plurality of branch is not only applicable to the access of single enterprise customer, is also applicable to the access of the enterprise customer of multiple branch, as long as can access a MPLS network.
Described as can be seen from above, the method and system that the above embodiment of the present invention provides possesses following advantage:
1) IDC only needs to rent to operator the VPC access that a MPLSVPN just can realize multiple enterprise customer, reduces taking of resource, has saved cost.
2) owing to employing MPLSVPN, QoS can be realized easily control on the equipment such as BNG, PE and CE, the high qos requirement of enterprise customer is guaranteed.
3) in data transmission procedure without the need to encryption, the IPSecVPN transport overhead that must encrypt of comparing is less.
4) carry out virtual on existing MPLSVPN basis, without the need to the complex configurations of operator, can accomplish namely to open and namely lead to, such as client can apply for renting the VPN that QoS ensures while application VPC, then realizes the open-minded in real time of VPN by cloud management platform.In addition when enterprise customer stops renting, mode releasing resource correspondence configuration deleted can be passed through, for other enterprise customers.
The foregoing is only preferred embodiment of the present invention, not in order to limit the present invention, within the spirit and principles in the present invention all, any amendment made, equivalent replacement, improvement etc., all should be included within the scope of protection of the invention.
Claims (10)
1. a VPN virtual method of the privately owned cloud VPC of accesses virtual, is characterized in that, the corresponding relation between QinQVLAN and the MPLSVPN of pre-configured enterprise customer's application, and the method comprises:
By data flow mutual between enterprise customer and the VPC of data center being stamped the mode of QinQVLAN label, in the MPLSVPN between described data center and broadband networks gateway BNG, carry out the transmission of described data flow;
Wherein, network configuration process comprises:
Cloud management platform sends the configuring request of the QinQVLAN label comprising enterprise customer's application to gateway management platform, the configuring request received is handed down to enterprise customer's gateway by gateway management platform;
Cloud management platform sends to VPN management platform and comprises the QinQVLAN label of enterprise customer's application and the configuring request of MPLSVPN information, and the configuring request received is handed down to the edge router PE of BNG and data center's interface by VPN management platform;
Cloud management platform issues to data center outlet CE the configuring request comprising the QinQVLAN label of enterprise customer's application and the VPC information of correspondence.
2. method according to claim 1, it is characterized in that, describedly data flow mutual between enterprise customer and the VPC of data center is stamped QinQVLAN label specifically comprise: the upstream of enterprise customer being accessed to VPC, enterprise customer's gateway is forwarded to BNG after described upstream is stamped QinQVLAN label;
The method also comprises: for the downstream data flow from described VPC, and described enterprise customer's gateway is transmitted to described enterprise customer after the described downstream data flow that BNG forwarding comes is removed QinQVLAN label.
3. method according to claim 1, is characterized in that, the transmission carrying out described data flow in the MPLSVPN between described data center and BNG specifically comprises:
Enterprise customer is accessed to the upstream of VPC, after described upstream is stamped MPLS label by BNG, be forwarded to the PE of data center's interface by the MPLSVPN passage that described QinQVLAN label is corresponding, described PE is forwarded to CE after removing the MPLS label of described upstream;
For the downstream data flow from described VPC, be forwarded to described BNG by the MPLSVPN passage that described QinQVLAN label is corresponding after described downstream data flow is stamped MPLS label by described PE, described BNG is forwarded to enterprise customer's gateway after removing the MPLS label of described downstream data flow.
4. method according to claim 1, it is characterized in that, describedly data flow mutual between enterprise customer and the VPC of data center is stamped QinQVLAN label specifically comprise: for the downstream data flow from described VPC, after described downstream data flow is stamped QinQVLAN label by data center outlet CE, be forwarded to the PE of data center's interface;
The method also comprises: the upstream of enterprise customer being accessed to VPC, and described CE is transmitted to corresponding VPC after the upstream that described PE forwarding comes is removed QinQVLAN label.
5. method according to claim 1, is characterized in that, also comprises in described configuring request: QoS control information;
The method also comprises: the PE of BNG, data center's interface or data center outlet CE carries out the forwarding of data flow according to described QoS control information.
6. a VPN virtualization system of the privately owned cloud VPC of accesses virtual, is characterized in that, this system comprises QinQVLAN tag processes equipment, MPLSVPN transmission equipment, cloud management platform, gateway management platform, VPN management platform, wherein:
QinQVLAN tag processes equipment, for stamping QinQVLAN label by data flow mutual between enterprise customer and the VPC of data center;
MPLSVPN transmission equipment, for transmitting in the MPLSVPN of the data flow stamping QinQVLAN label between described data center and broadband networks gateway BNG;
Cloud management platform, for sending the configuring request of the QinQVLAN label comprising enterprise customer's application to gateway management platform; Send to VPN management platform and comprise the QinQVLAN label of enterprise customer's application and the configuring request of MPLSVPN information; The configuring request comprising the QinQVLAN label of enterprise customer's application and the VPC information of correspondence is issued to data center outlet CE;
Gateway management platform, for being handed down to enterprise customer's gateway by the configuring request received;
VPN management platform, for being handed down to the edge router PE of wideband network gateway BNG and data center's interface by the configuring request received.
7. system according to claim 6, is characterized in that, described QinQVLAN tag processes equipment comprises enterprise customer's gateway;
Enterprise customer is accessed to the upstream of VPC, after upstream is stamped QinQVLAN label by described enterprise customer's gateway, be forwarded to BNG;
For the downstream data flow from described VPC, described enterprise customer's gateway is transmitted to described enterprise customer after the described downstream data flow that BNG forwarding comes is removed QinQVLAN label.
8. system according to claim 6, is characterized in that, described MPLSVPN transmission equipment comprises: the PE of BNG and data center's interface;
Enterprise customer is accessed to the upstream of VPC, after described upstream is stamped MPLS label by BNG, the MPLSVPN passage corresponding by described QinQVLAN label is forwarded to described PE, and described PE is forwarded to CE after removing the MPLS label of described upstream;
For the downstream data flow from described VPC, be forwarded to described BNG by the MPLSVPN passage that described QinQVLAN label is corresponding after described downstream data flow is stamped MPLS label by described PE, described BNG is forwarded to enterprise customer's gateway after removing the MPLS label of described downstream data flow.
9. system according to claim 6, is characterized in that, described QinQVLAN tag processes equipment comprises data center outlet CE;
For the downstream data flow from described VPC, after described downstream data flow is stamped QinQVLAN label by data center outlet CE, be forwarded to the PE of data center's interface;
Enterprise customer is accessed to the upstream of VPC, described CE is transmitted to corresponding VPC after the upstream that described PE forwarding comes is removed QinQVLAN label.
10. system according to claim 6, is characterized in that, also comprises in described configuring request: QoS control information;
The PE of BNG, data center's interface or data center outlet CE carries out the forwarding of data flow according to described QoS control information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210356632.2A CN102891790B (en) | 2012-09-21 | 2012-09-21 | The VPN virtual method of the privately owned cloud of a kind of accesses virtual and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210356632.2A CN102891790B (en) | 2012-09-21 | 2012-09-21 | The VPN virtual method of the privately owned cloud of a kind of accesses virtual and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102891790A CN102891790A (en) | 2013-01-23 |
| CN102891790B true CN102891790B (en) | 2016-03-02 |
Family
ID=47535164
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210356632.2A Active CN102891790B (en) | 2012-09-21 | 2012-09-21 | The VPN virtual method of the privately owned cloud of a kind of accesses virtual and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102891790B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107483339A (en) * | 2017-09-15 | 2017-12-15 | 中国联合网络通信集团有限公司 | A kind of cloud platform and video frequency monitoring method |
Families Citing this family (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104283755B (en) * | 2013-07-01 | 2018-10-30 | 阿里巴巴集团控股有限公司 | A kind of virtual private cloud access method and system |
| CN104113460A (en) * | 2014-02-20 | 2014-10-22 | 西安未来国际信息股份有限公司 | Design of tenant exclusive VPN under cloud computation |
| CN104320258B (en) * | 2014-10-24 | 2018-02-02 | 西安未来国际信息股份有限公司 | A kind of method of cloud computing service access gateway |
| CN104363233A (en) * | 2014-11-20 | 2015-02-18 | 成都卫士通信息安全技术有限公司 | Safety cross-domain communication method for application servers in VPN gateways |
| CN105704053B (en) * | 2014-11-28 | 2019-05-21 | 中国电信股份有限公司 | Application traffic guard method and system and gateway |
| CN106330499A (en) * | 2015-06-25 | 2017-01-11 | 中兴通讯股份有限公司 | Time division multiplexing data transmission method and device, as well as network-side edge devices |
| US9571457B1 (en) * | 2015-12-15 | 2017-02-14 | International Business Machines Corporation | Dynamically defined virtual private network tunnels in hybrid cloud environments |
| CN106130864B (en) * | 2016-07-06 | 2019-02-26 | 北京国电通网络技术有限公司 | A kind of private clound cut-in method and device based on VPN |
| CN108011801B (en) * | 2016-11-01 | 2020-12-04 | 阿里巴巴集团控股有限公司 | Data transmission method, equipment, device and system |
| CN106789367A (en) * | 2017-02-23 | 2017-05-31 | 郑州云海信息技术有限公司 | The construction method and device of a kind of network system |
| CN107580065B (en) * | 2017-09-15 | 2019-06-14 | 中国联合网络通信集团有限公司 | A kind of private clound cut-in method and equipment |
| CN108833278B (en) * | 2018-07-17 | 2020-12-01 | 中国联合网络通信集团有限公司 | Platform equipment and establishing method for MPLS L3VPN service |
| CN115396336A (en) * | 2022-08-01 | 2022-11-25 | 南京网元通信技术有限公司 | MPLS VPN (Multi-protocol Label switching virtual private network) passenger gathering special line active test method based on software simulation |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1414753A (en) * | 2002-08-05 | 2003-04-30 | 华为技术有限公司 | Network organizing method based on multi protocol label exchange virtual private network |
| CN1652542A (en) * | 2004-02-07 | 2005-08-10 | 华为技术有限公司 | Method for implement virtual leased line |
| CN1863127A (en) * | 2005-05-12 | 2006-11-15 | 中兴通讯股份有限公司 | Method for core network access to multi-protocol sign exchange virtual special network |
| CN101808042A (en) * | 2010-03-16 | 2010-08-18 | 中兴通讯股份有限公司 | Access method and device of multiprotocol label switching double-layer virtual private network |
-
2012
- 2012-09-21 CN CN201210356632.2A patent/CN102891790B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1414753A (en) * | 2002-08-05 | 2003-04-30 | 华为技术有限公司 | Network organizing method based on multi protocol label exchange virtual private network |
| CN1652542A (en) * | 2004-02-07 | 2005-08-10 | 华为技术有限公司 | Method for implement virtual leased line |
| CN1863127A (en) * | 2005-05-12 | 2006-11-15 | 中兴通讯股份有限公司 | Method for core network access to multi-protocol sign exchange virtual special network |
| CN101808042A (en) * | 2010-03-16 | 2010-08-18 | 中兴通讯股份有限公司 | Access method and device of multiprotocol label switching double-layer virtual private network |
Non-Patent Citations (2)
| Title |
|---|
| 以太网VPN技术在云数据中心互联网应用的研究;何晓明 等;《电信科学》;20120831(第8期);正文第4章,图3 * |
| 面向企业虚拟私有云的虚拟专用网技术研究;丁靖宇;《中国优秀博士学位论文全文数据库信息科技辑》;20120731(第7期);摘要,正文第1-3章 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107483339A (en) * | 2017-09-15 | 2017-12-15 | 中国联合网络通信集团有限公司 | A kind of cloud platform and video frequency monitoring method |
| CN107483339B (en) * | 2017-09-15 | 2020-03-13 | 中国联合网络通信集团有限公司 | Cloud platform and video monitoring method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102891790A (en) | 2013-01-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102891790B (en) | The VPN virtual method of the privately owned cloud of a kind of accesses virtual and system | |
| US20230224246A1 (en) | System, apparatus and method for providing a virtual network edge and overlay with virtual control plane | |
| US20210111998A1 (en) | System, apparatus and method for providing a virtual network edge and overlay with virtual control plane | |
| CN111106991B (en) | Cloud special line system and service issuing and opening method thereof | |
| CN110719185B (en) | Network slice control method and device and computer readable storage medium | |
| US10523593B2 (en) | System, apparatus and method for providing a virtual network edge and overlay | |
| CN102882758B (en) | Method, network side equipment and the data center apparatus of virtual private cloud access network | |
| US9929964B2 (en) | System, apparatus and method for providing aggregation of connections with a secure and trusted virtual network overlay | |
| CN102143035B (en) | Data traffic processing method, network device and network system | |
| US20140334495A1 (en) | Direct Connect Virtual Private Interface for a One to Many Connection with Multiple Virtual Private Clouds | |
| US20140317276A1 (en) | Application based data traffic routing using network tunneling | |
| US20110142017A1 (en) | Differentiated QoS for Wi-Fi clients connected to a cable/DSL network | |
| US20140269564A1 (en) | Preventing asymmetric routing using network tunneling | |
| US9100214B1 (en) | Performing customer bandwidth profiling in computer networks | |
| CN110391997A (en) | A kind of message forwarding method and device | |
| WO2016050109A1 (en) | Communication method, cloud management server and virtual switch | |
| CN103634171A (en) | Dynamic configuration method, device and system | |
| CN102571375B (en) | Multicast forwarding method and device as well as network device | |
| WO2020048348A1 (en) | Data transmission method and system | |
| CN109076019A (en) | Addressing for customer rs premise LAN extension | |
| EP2897328A1 (en) | Method, system and apparatus for establishing communication link | |
| JP5164744B2 (en) | Communication network system and bandwidth control method for inter-base communication | |
| WO2015100585A1 (en) | Fiber-to-the-distribution point device and communication method therefor | |
| CA2912643A1 (en) | System, apparatus and method for providing a virtual network edge and overlay with virtual control plane | |
| CA2990045C (en) | System, apparatus and method for providing a virtual network edge and overlay |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| ASS | Succession or assignment of patent right |
Owner name: CHINA TELECOMMUNICATION CO., LTD. Free format text: FORMER OWNER: CLOUD COMPUTING BRANCH OF CHINA TELECOM CORPORATION LTD. Effective date: 20140820 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 100093 HAIDIAN, BEIJING TO: 100033 XICHENG, BEIJING |
|
| TA01 | Transfer of patent application right |
Effective date of registration: 20140820 Address after: 100033 Beijing Finance Street, No. 31, Xicheng District Applicant after: China Telecommunication Co., Ltd. Address before: 100093, Beijing, Haidian District apricot Road, No. 99, West win government house, E block, 4 Applicant before: Cloud Computing Branch of China Telecom Corporation Limited |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220217 Address after: 100007 room 205-32, floor 2, building 2, No. 1 and No. 3, qinglonghutong a, Dongcheng District, Beijing Patentee after: Tianyiyun Technology Co.,Ltd. Address before: No.31, Financial Street, Xicheng District, Beijing, 100033 Patentee before: CHINA TELECOM Corp.,Ltd. |