CN102932342B - Realize method and the network equipment of isolation multi-user virtual local area network (LAN) - Google Patents

Realize method and the network equipment of isolation multi-user virtual local area network (LAN) Download PDF

Info

Publication number
CN102932342B
CN102932342B CN201210416983.8A CN201210416983A CN102932342B CN 102932342 B CN102932342 B CN 102932342B CN 201210416983 A CN201210416983 A CN 201210416983A CN 102932342 B CN102932342 B CN 102932342B
Authority
CN
China
Prior art keywords
vlan
network equipment
user
numerical value
tag identifier
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201210416983.8A
Other languages
Chinese (zh)
Other versions
CN102932342A (en
Inventor
阴元斌
纪晓峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN201210416983.8A priority Critical patent/CN102932342B/en
Publication of CN102932342A publication Critical patent/CN102932342A/en
Application granted granted Critical
Publication of CN102932342B publication Critical patent/CN102932342B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Abstract

Realize method and a network equipment of isolating multi-user virtual local area network (LAN), comprising: first network equipment receives the data that user sends; First network equipment, according to the VLAN ID scope VLAN MASK numerical value of setting, determines the quantity of virtual LAN VLAN; First network equipment encapsulates data Ethernet header and obtains Ethernet message, carries VLAN MASK numerical value and VLAN quantity in Ethernet header; First network equipment identifies for user configures VLAN according to VLAN quantity; Ethernet message is sent to second network equipment by first network equipment, carries the VLAN mark that user is corresponding in Ethernet message.The method of this realization isolation multi-user virtual local area network (LAN), the scope that can define VLAN according to actual needs flexibly carrys out the isolation of satisfying magnanimity user.

Description

Realize method and the network equipment of isolation multi-user virtual local area network (LAN)
Technical field
The embodiment of the present invention relates to communication technical field, particularly relates to a kind of method and the network equipment that realize isolating multi-user virtual local area network (LAN).
Background technology
The arrival in cloud computing epoch changes traditional IT working way, have also been changed the information-based networking mode of existing enterprise IT.In the cloud computing epoch, a lot of large-scale publicly-owned cloud can be there is, these superhuge clouds provide rental service can to a lot of medium-sized and small enterprises or personal user, medium-sized and small enterprises can rent the Internet resources of publicly-owned cloud to complete the IT informatization of oneself, the IT that greatly will reduce Enterprise Network like this changes into this, and this pattern is the major way of following medium-sized and small enterprises ITization.But meet this commercial system, one of them problem needs to provide service to a lot of user exactly in same network, needs to isolate each user, to ensure the safety of user data.
Existing multi-user's isolation scheme is exactly by VLAN (VirtualLocal Area Network in double layer network, hereinafter referred to as: VLAN) realize, realize isolating different users by providing different VLAN for each user, the scope of VLAN is maximum is 4094, so data center network uses can only at most 4094 users, cannot the demand of satisfying magnanimity user.
Summary of the invention
The embodiment of the present invention provides a kind of method and the network equipment that realize isolating multi-user virtual local area network (LAN), carrys out satisfying magnanimity user isolation by defining VLAN scope flexibly.
On the one hand, a kind of method realizing isolation multi-user virtual local area network (LAN), comprising:
First network equipment receives the data that user sends;
Described first network equipment, according to the VLAN ID scope VLAN MASK numerical value of setting, determines the quantity of described virtual LAN VLAN;
Described data encapsulation Ethernet header is obtained Ethernet message by described first network equipment, carries described VLAN MASK numerical value and described VLAN quantity in described Ethernet header;
Described first network equipment is that described user configures VLAN mark according to described VLAN quantity;
Described Ethernet message is sent to second network equipment by described first network equipment, carries the VLAN mark that described user is corresponding in described Ethernet message.
In conjunction with first aspect, described first network equipment, according to the virtual LAN VLAN MASK numerical value of setting, is determined the quantity of described virtual LAN VLAN, being comprised:
Described first network equipment determines the quantity of described outer virtual LAN VLAN according to described VLAN MASK numerical value; Or,
Described first network equipment determines quantity and the inner VLAN quantity of described outer virtual LAN VLAN according to described VLAN MASK numerical value.
In conjunction with first aspect, described VLAN MASK numerical value is 5 bits, and span is 0-31.
In conjunction with first aspect, described Ethernet header comprises type sign and at least one tag identifier, and described type sign is used to indicate the type of described Ethernet header;
If comprise a described tag identifier, then described tag identifier comprises: precedence information, described VLAN MASK numerical information, described outside VLAN quantity information and described inner VLAN quantity information; Or, if comprise two described tag identifiers, then a described tag identifier comprises: canonical format indicator CFI, outside VLAN priority, inner VLAN priority, reservation position, described VLANMASK numerical information, described in another, tag identifier comprises: described outside VLAN quantity information and described inner VLAN quantity information.
On the other hand, a kind of method realizing isolation multi-user virtual local area network (LAN), comprising:
Second network equipment receives the Ethernet message that first network equipment sends, and carries the virtual LAN VLAN mark that user is corresponding in described Ethernet message;
Ethernet message described in described second network device parses, obtains the VLAN MASK numerical value and VLAN mark that carry in Ethernet header in described Ethernet message, identifies mate with the VLAN of configuration described on second network equipment interface.
In conjunction with second aspect, described VLAN mark comprises outer VLAN identification, or, comprise outer VLAN identification and inner VLAN identification.
In conjunction with second aspect, described VLAN MASK numerical value is 5 bits, and span is 0-31.
In conjunction with second aspect, described Ethernet header comprises type sign and at least one tag identifier, and described type sign is used to indicate the type of described Ethernet header;
If comprise a described tag identifier, then described tag identifier comprises: precedence information, described VLAN MASK numerical information, described outside VLAN quantity information and described inner VLAN quantity information; Or, if comprise two described tag identifiers, then a described tag identifier comprises: canonical format indicator CFI, outside VLAN priority, inner VLAN priority, reservation position, described VLANMASK numerical information, described in another, tag identifier comprises: described outside VLAN quantity information and described inner VLAN quantity information.
Again on the one hand, a kind of network equipment, comprising:
Receiver module, receives the data of user's transmission for first network equipment;
Determination module, for the virtual LAN VLAN MASK numerical value of described first network equipment according to setting, determines the quantity of described virtual LAN VLAN;
Processing module, obtains Ethernet message for described first network equipment by described data encapsulation Ethernet header, carries described VLAN MASK numerical value and described VLAN quantity in described Ethernet header;
Configuration module, for described first network equipment according to described VLAN quantity be described user configure VLAN mark;
Sending module, sends to second network equipment for described first network equipment by described Ethernet message, carries the VLAN mark that described user is corresponding in described Ethernet message.
In conjunction with the third aspect, determination module determines the quantity of described outer virtual LAN VLAN according to described VLANMASK numerical value specifically for described first network equipment; Or,
Determination module determines quantity and the inner VLAN quantity of described outer virtual LAN VLAN according to described VLAN MASK numerical value specifically for described first network equipment.
In conjunction with the third aspect, described VLAN MASK numerical value is 5 bits, and span is 0-31.
In conjunction with the third aspect, described Ethernet header comprises type sign and at least one tag identifier, and described type sign is used to indicate the type of described Ethernet header;
If comprise a described tag identifier, then described tag identifier comprises: precedence information, described VLAN MASK numerical information, described outside VLAN quantity information and described inner VLAN quantity information; Or, if comprise two described tag identifiers, then a described tag identifier comprises: canonical format indicator CFI, outside VLAN priority, inner VLAN priority, reservation position, described VLANMASK numerical information, described in another, tag identifier comprises: described outside VLAN quantity information and described inner VLAN quantity information.
Another aspect, a kind of network equipment, comprising:
Receiver module, receives the Ethernet message of first network equipment transmission for second network equipment, carry the virtual LAN VLAN mark that user is corresponding in described Ethernet message;
Processing module, for Ethernet message described in described second network device parses, obtains the VLAN MASK numerical value and VLAN mark that carry in Ethernet header in described Ethernet message, identifies mate with the VLAN of configuration described on second network equipment interface.
In conjunction with fourth aspect, described VLAN mark comprises outer VLAN identification, or, comprise outer VLAN identification and inner VLAN identification.
In conjunction with fourth aspect, described VLAN MASK numerical value is 5 bits, and span is 0-31.
In conjunction with fourth aspect, described Ethernet header comprises type sign and at least one tag identifier, and described type sign is used to indicate the type of described Ethernet header;
If comprise a described tag identifier, then described tag identifier comprises: precedence information, described VLAN MASK numerical information, described outside VLAN quantity information and described inner VLAN quantity information; Or, if comprise two described tag identifiers, then a described tag identifier comprises: canonical format indicator CFI, outside VLAN priority, inner VLAN priority, reservation position, described VLANMASK numerical information, described in another, tag identifier comprises: described outside VLAN quantity information and described inner VLAN quantity information.
The method of the realization isolation multi-user virtual local area network (LAN) of the embodiment of the present invention and the network equipment, the quantity of virtual LAN VLAN is determined by pre-setting VLAN ID scope VLAN MASK numerical value according to actual needs, first network equipment encapsulates data into the Ethernet header carrying VLAN MASK numerical value and VLAN quantity and obtains Ethernet message, then first network equipment identifies for user configures VLAN according to VLAN quantity, again the Ethernet message carrying VLAN mark corresponding to user is sent to second network equipment, the message of different user just has different VLAN marks in the heart in the data, therefore just different user is isolated from first network equipment to the message of second network equipment.Achieve the isolation that the scope that can define VLAN according to actual needs flexibly carrys out satisfying magnanimity user.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, accompanying drawing in the following describes is some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
Fig. 1 is the flow chart that the present invention realizes the embodiment of the method one of isolating multi-user virtual local area network (LAN);
Fig. 2 is the flow chart that the present invention realizes the embodiment of the method two of isolating multi-user virtual local area network (LAN);
Fig. 3 is the flow chart that the present invention realizes the embodiment of the method three of isolating multi-user virtual local area network (LAN);
Fig. 4 is the structural representation of Ethernet header embodiment one of the present invention;
Fig. 5 is the structural representation of Ethernet header embodiment two of the present invention;
Fig. 6 is that to realize isolating data center in the method for multi-user virtual local area network (LAN) be the schematic diagram of the embodiment one of two layers of networking in the present invention;
Fig. 7 is the structural representation of network equipment embodiment one of the present invention;
Fig. 8 is the structural representation of network equipment embodiment two of the present invention.
Embodiment
For making the object of the embodiment of the present invention, technical scheme and advantage clearly, below in conjunction with the accompanying drawing in the embodiment of the present invention, technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
The method of the realization isolation multi-user virtual local area network (LAN) of the embodiment of the present invention and the network equipment, under being mainly used in the scene of number of users more than 4094.
Fig. 1 is the flow chart that the present invention realizes the embodiment of the method one of isolating multi-user virtual local area network (LAN), and as shown in Figure 1, the method for the present embodiment can comprise:
S101, first network equipment receive the data that user sends.
In S101, first network equipment is server.
S102, first network equipment, according to the VLAN ID scope VLAN MASK numerical value of setting, determine the quantity of virtual LAN VLAN.
In S102, the setting of the value of VLAN MASK numerical value sets according to the quantity of the VLAN of actual required user, configured in advance by network manager needed for reality.Such as: VLAN MASK numerical value can be set to 5 bits, span is 0-31.
First network equipment according to the virtual LAN VLAN MASK numerical value of setting, can determine the quantity of virtual LAN VLAN.As the optional execution mode of one, first network equipment can determine the quantity of outer virtual LAN VLAN according to VLAN MASK numerical value; As the optional execution mode of another kind, first network equipment can also determine quantity and the inner VLAN quantity of outer virtual LAN VLAN according to VLAN MASK numerical value, concrete defining method is: VLAN MASK value is X, so the quantity of outside VLAN is the X power of 2, and the quantity of inner VLAN is (32-X) power of 2.The value of VLAN MASK numerical value just determines the quantitative range of outer virtual LAN VLAN herein, such as the value of VLAN MASK numerical value is configured to 20, so outer virtual LAN VLAN is just 20 bits (bits), internal layer virtual LAN VLAN is just 12bits, the maximum magnitude of outer virtual LAN VLAN is 20 powers of 2, the maximum magnitude of internal layer virtual LAN VLAN is 12 powers of 2, if the value of VLAN MASK numerical value is configured to 0, then represent to be all outer virtual LAN VLAN, there is no internal layer virtual LAN VLAN.It should be noted that, outside VLAN may be used for the isolation of different user, and internal layer virtual LAN VLAN can be used for user inside and isolates, and can set according to actual needs.
S103, first network equipment encapsulate data Ethernet header and obtain Ethernet message, carry VLAN MASK numerical value and VLAN quantity in Ethernet header.
In S103, can comprise type sign and at least one tag identifier in Ethernet header (Ethernet header), type sign is used to indicate the type of Ethernet header.As the optional execution mode of one, can comprise a tag identifier in Ethernet header, this tag identifier comprises: precedence information, VLANMASK numerical information, outside VLAN quantity information and inner VLAN quantity information.As the optional execution mode of another kind, two tag identifiers can be comprised in Ethernet header, wherein the first tag identifier can comprise: canonical format indicator CFI(Canonical Format Indicator, be called for short: CFI), outside VLAN priority, inner VLAN priority, retain position, VLAN MASK numerical information, second tag identifier can comprise: outside VLAN quantity information and inner VLAN quantity information, because the second tag identifier is 4 bytes (Bytes), if the value of VLAN MASK numerical value is configured to 0, it is all then outside VLAN, the maximum magnitude of outside VLAN is 24 powers of 2, the demand of more users isolation can be met.
S104, first network equipment identify for user configures VLAN according to VLAN quantity.
In S104, first network equipment comprises first network equipment according to VLAN quantity identify for user configures VLAN according to outside VLAN quantity and/or inner VLAN quantity for user configures VLAN mark.Such as the value of VLAN MASK numerical value is configured to 20, so outer virtual LAN VLAN is just 20bits, internal layer virtual LAN VLAN is just 12bits, the maximum magnitude of outer virtual LAN VLAN is 20 powers of 2, the number of users of 1,000,000 can be reached, such as user 1 is configured to outside VLAN 100000, user 2 is configured to outer 100001, the maximum magnitude of internal layer virtual LAN VLAN is 12 powers of 2, quantitative range is 0-4096, generally need not 0, therefore 4096 quantity can be reached, inner VLAN 4093 is configured to by enterprises demand such as internal layer VLAN internal user 1, internal user 2 is configured to VLAN4094.
Ethernet message is sent to second network equipment by S105, first network equipment, carries the VLAN mark that user is corresponding in Ethernet message.
Second network equipment can be switch or router, and the Ethernet message carrying VLAN mark corresponding to user is sent to second network equipment by first network equipment, and the message of different user just has different VLAN marks in the heart so in the data.
The method of the realization isolation multi-user virtual local area network (LAN) of the present embodiment, the quantity of virtual LAN VLAN is determined by pre-setting VLAN ID scope VLAN MASK numerical value according to actual needs, first network equipment encapsulates data into the Ethernet header carrying VLAN MASK numerical value and VLAN quantity and obtains Ethernet message, then first network equipment identifies for user configures VLAN according to VLAN quantity, again the Ethernet message carrying VLAN mark corresponding to user is sent to second network equipment, the message of different user just has different VLAN marks in the heart in the data, therefore just different user is isolated from first network equipment to the message of second network equipment.Achieve the isolation that the scope that can define VLAN according to actual needs flexibly carrys out satisfying magnanimity user.
Fig. 2 is the flow chart that the present invention realizes the embodiment of the method two of isolating multi-user virtual local area network (LAN), and as shown in Figure 2, the method for the present embodiment can comprise:
S201, second network equipment receive the Ethernet message that first network equipment sends, and carry the virtual LAN VLAN mark that user is corresponding in Ethernet message.
In the present embodiment, second network equipment can be switch or router, first network equipment is server, second network equipment receives the Ethernet message carrying VLAN mark corresponding to user that first network equipment sends, the message of different user just has different VLAN marks in the heart so in the data, is therefore just isolated from first network equipment to the message of second network equipment by different user.
S202, second network device parses Ethernet message, obtain the VLAN MASK numerical value and VLAN mark that carry in Ethernet header in Ethernet message, identify mate with the VLAN that second network equipment interface configures.
In S202, VLAN mark comprises outer VLAN identification or comprises outer VLAN identification and inner VLAN identification, the setting of the value of VLAN MASK numerical value sets according to the quantity of the VLAN of actual required user, configured in advance by network manager needed for reality.Such as: VLAN MASK numerical value can be set to 5 bits, span is 0-31, and Ethernet header comprises type sign and at least one tag identifier, and type sign is used to indicate the type of Ethernet header.As the optional execution mode of one, can comprise a tag identifier in Ethernet header, this tag identifier comprises: precedence information, VLAN MASK numerical information, outside VLAN quantity information and inner VLAN quantity information; As the optional execution mode of another kind, two tag identifiers can also be comprised in Ethernet header, a tag identifier comprises: canonical format indicator CFI, outside VLAN priority, inner VLAN priority, reservation position, VLAN MASK numerical information, another tag identifier comprises: outside VLAN quantity information and inner VLAN quantity information.
Second network equipment is resolved the Ethernet message that first network equipment sends, obtain the VLAN MASK numerical value and VLAN mark that carry in Ethernet header in Ethernet message, identify with the VLAN that second network equipment interface configures and mate, if coupling, is for further processing, if can not mate, abandons.
The method of the realization isolation multi-user virtual local area network (LAN) of the present embodiment, by second network equipment, the Ethernet message that first network equipment sends is resolved, obtain the VLAN MASK numerical value and VLAN mark that carry in Ethernet header in Ethernet message, identify with the VLAN that second network equipment interface configures and mate, if coupling, is for further processing, if can not mate, abandon, so just achieve in the data in the heart to the isolation of user.
Adopt several specific embodiment below, the technical scheme of embodiment of the method shown in Fig. 1 and Fig. 2 is described in detail.
Fig. 3 is the flow chart that the present invention realizes the embodiment of the method three of isolating multi-user virtual local area network (LAN), and as shown in Figure 3, the method for the present embodiment can comprise:
S301, first network equipment receive the data that user sends.
In the present embodiment, first network equipment is server, and second network equipment can be switch or router.
S302, first network equipment, according to the VLAN ID scope VLAN MASK numerical value of setting, determine the quantity of virtual LAN VLAN.
In S302, the setting of the value of VLAN MASK numerical value sets according to the quantity of the VLAN of actual required user, configured in advance by network manager needed for reality.Such as: VLAN MASK numerical value can be set to 5 bits, span is 0-31.Fig. 4 is the structural representation of Ethernet header embodiment one of the present invention, and as shown in Figure 4, Ethernet header comprises:
ETYPE: type sign, 2Bytes, can oneself define, such as 0X8500, the tag identifier TAG that expression is followed below is 4Bytes.
TAG: tag identifier, 4Bytes is defined as follows:
Priority: precedence information, span is 0 ~ 7, and it is higher to be worth larger priority.
VLAN MASK: numerical information, 5bits, span is 0 ~ 31,0 identical with value 24 with the implication of 25-31.This value represents the figure place of outside VLAN below, and such as VLAN MASK value is set to 18, and represent that outside VLAN is 18bits below, inner VLAN is exactly 6Bits, if VLAN MASK value is set to 24, just represents that 24 are all expressed as outside VLAN below.
Outside VLAN: numerical value decides according to the value of VLAN MASK.
Inner VLAN: numerical value decides according to the value of VLAN MASK.
As the optional mode of another kind, Fig. 5 is the structural representation of Ethernet header embodiment two of the present invention, and as shown in Figure 5, Ethernet header comprises:
ETYPE: type sign, is a kind of new ETYPE, can defines as required, such as 0X8500 etc., represents the tag identifier TAG of two 4Bytes below.
Wherein, a TAG:
CFI: (Canonical Format Indicator is called for short: CFI), 1bits, the value of CFI is 0 in ethernet networks canonical format indicator.
Outside VLAN priority: the priority representing outside VLAN frame, 3bits, span is 0 ~ 7, and it is higher to be worth larger priority.
Inner VLAN priority: the priority representing inner VLAN frame, 3bits, span is 0 ~ 7, and it is higher to be worth larger priority.
Retaining position: 6bits, is later use.
VLAN MASK: numerical information, 5bits, span is 0-31.This value represents the figure place of the TAG ectomesoderm VLAN of 4Bytes below, and such as VLAN MASK value is set to 18, and represent that outside VLAN is 20bits below, inner VLAN is exactly 12Bits.If be 0, represent that 32 is all outside VLAN.
2nd TAG, 4Bytes:
Outside VLAN: numerical value decides according to the value of VLAN MASK.
Inner VLAN: numerical value decides according to the value of VLAN MASK.The TAG of second 4Bytes is in order to outside VLAN and inner VLAN, and scope can be larger.
First network equipment, according to the virtual LAN VLAN MASK numerical value of setting, is determined the quantity of virtual LAN VLAN, being comprised: first network equipment determines the quantity of outer virtual LAN VLAN according to VLAN MASK numerical value; Or first network equipment determines quantity and the inner VLAN quantity of outer virtual LAN VLAN according to VLAN MASK numerical value.The value of VLAN MASK numerical value just determines the quantitative range of outer virtual LAN VLAN herein, such as the value of VLAN MASK numerical value is configured to 20, so outer virtual LAN VLAN is just 20bits, internal layer virtual LAN VLAN is just 12bits, the maximum magnitude of outer virtual LAN VLAN is 20 powers of 2, the maximum magnitude of internal layer virtual LAN VLAN is 12 powers of 2, if the value of VLAN MASK numerical value is configured to 0, then represent to be all outer virtual LAN VLAN, there is no internal layer virtual LAN VLAN, internal layer virtual LAN VLAN can be used for user inside and isolates, can set according to actual needs.
S303, first network equipment encapsulate data Ethernet header and obtain Ethernet message, carry VLAN MASK numerical value and VLAN quantity in Ethernet header.
S304, first network equipment identify for user configures VLAN according to VLAN quantity.
In S304, first network equipment comprises first network equipment according to VLAN quantity identify for user configures VLAN according to outside VLAN quantity or inner VLAN quantity for user configures VLAN mark.Such as the value of VLAN MASK numerical value is configured to 20, so outer virtual LAN VLAN is just 20bits, internal layer virtual LAN VLAN is just 12bits, the maximum magnitude of outer virtual LAN VLAN is 20 powers of 2, the number of users of 1,000,000 can be reached, such as user 1 is configured to outside VLAN 100000, user 2 is configured to outer 100001, the maximum magnitude of internal layer virtual LAN VLAN is 12 powers of 2,4096 quantity can be reached, such as internal layer VLAN internal user 1 is configured to inner VLAN 4093, and internal user 2 is configured to VLAN4094.
Ethernet message is sent to second network equipment by S305, first network equipment, carries the VLAN mark that user is corresponding in Ethernet message.
Second network equipment can be switch or router, and the Ethernet message carrying VLAN mark corresponding to user is sent to second network equipment by first network equipment, and the message of different user just has different VLAN marks in the heart so in the data.
S306, second network equipment receive the Ethernet message that first network equipment sends, and carry the virtual LAN VLAN mark that user is corresponding in Ethernet message.
In the present embodiment, second network equipment can be switch or router, second network equipment receives the Ethernet message carrying VLAN mark corresponding to user that first network equipment sends, the message of different user just has different VLAN marks in the heart so in the data, is therefore just isolated from first network equipment to the message of second network equipment by different user.
S307, second network device parses Ethernet message, obtain the VLAN MASK numerical value and VLAN mark that carry in Ethernet header in Ethernet message, identify mate with the VLAN that second network equipment interface configures.
Second network equipment is resolved the Ethernet message that first network equipment sends, obtain the VLAN MASK numerical value and VLAN mark that carry in Ethernet header in Ethernet message, identify with the VLAN that second network equipment interface configures and mate, if coupling, is for further processing, if can not mate, abandons.
The process realizing user isolation is described below in detail by a specific embodiment, Fig. 6 is that to realize isolating carrier data central site network in the method for multi-user virtual local area network (LAN) be the schematic diagram of the embodiment one of two layers of networking in the present invention, as shown in Figure 6, there are two users, user 1 and user 2, TOR1, TOR2, TOR3, TOR4, TOR5, TOR6 are respectively switch, and AGG1, AGG2 are two switches, and Core1, Core2 are two routers.The process realizing user isolation is as follows:
TOR1, TOR2, TOR3, TOR4, TOR5, TOR6 can enable flexible VLAN(Flexible-VLAN) function, that is, flexible configuration can be carried out to the numerical value of VLAN MASK, to expand VLAN quantity.The present embodiment configuration VLAN MASK is configured to 20, and can support that 20 powers of 2 subtract a user, concrete value can be defined by client oneself.After each TOR receives the data of user's transmission, VLAN mark can be configured for user.Such as: at TOR1, TOR5, TOR6 is upper can be each user's flexible configuration (Flexible) outer VLAN identification according to VLAN MASK numerical value, such as: can configure VLAN mark for user 1: VLAN10000, for user 2 configures VLAN mark: VLAN10001.TOR2 can be that each user configures Flexible outer VLAN identification according to VLAN MASK numerical value, such as can configure VLAN mark for user 1: VLAN10000, at TOR3, TOR4 is upper can be that each user configures Flexible outer VLAN identification according to VLAN MASK numerical value, such as, for user 2 configures VLAN mark: VLAN 10001.
Wherein, TOR1, TOR2, TOR3, TOR4, TOR5, TOR6 all can arrange VLAN module and forwarding module.VLAN module obtains the enable flag of the Flexible-VLAN that switch pre-sets, and obtains the VLAN MASK numerical value of setting.VLAN module can according to VLAN MASK numerical computations outside VLAN quantity and inner VLAN quantity.And by Flexible-VLAN enable flag, VLAN MASK numerical value is handed down to forwarding module.
Forwarding module can read the Flexible-VLAN enable flag and VLANMASK numerical value that issue from VLAN module.Under a kind of enforcement scene, when interface receives Ethernet header message, can according to the format analysis message of such as Fig. 4 or Fig. 5 definition, outside VLAN and inner VLAN is obtained according to VLAN MASK numerical value, mate with the outside VLAN quantity that this interface configures and inner VLAN quantity, if coupling, carry out next step forwarding operation, if can not mate, abandon this message.Under another kind of enforcement scene, when interface needs to send Ethernet header message, according to VLAN MASK number range, according to the form encapsulated message of such as Fig. 4 or Fig. 5 definition, to this message encapsulation Ethernet header, then the message of encapsulation Ethernet header can be forwarded.
AGG1 and AGG2 can enable Flexible-VLAN function, that is, flexible configuration can be carried out to the numerical value of VLANMASK, to expand VLAN quantity.The present embodiment configuration VLAN MASK is 20, AGG1 and AGG2 can identify for user 1 configures VLAN according to VLAN MASK numerical value: VLAN10000, for user 2 configures VLAN mark: VLAN10001.
Flexible-VLAN function is enabled at Core1 and Core2, configure two virtual flow-line and forward (abbreviation: VRF), VRF1 representative of consumer 1, VRF2 representative of consumer 2, the interface that Core1 and AGG1 is connected creates two sub-interfaces, according to VLAN MASK numerical value configuration VLAN mark: VLAN10000 on sub-interface 1, and binds VRF1, according to VLAN MASK numerical value configuration VLAN mark: VLAN10001 on sub-interface 2, and bind VRF2.According to VLAN MASK numerical value configuration VLAN mark: VLAN10000 on sub-interface 1, and bind VRF1, according to VLAN MASK numerical value configuration VLAN mark: VLAN10001 on sub-interface 2, and bind VRF2 and on the interface that Core2 and AGG2 is connected, also create two sub-interfaces equally, according to VLAN MASK numerical value configuration VLAN mark: VLAN10000 on sub-interface 1, and bind VRF1, according to VLAN MASK numerical value configuration VLAN mark: VLAN10001 on sub-interface 2, and bind VRF2.
After completing above-mentioned configuration, user 1 and user 2 are from multi-protocol sign exchange virtual private network (Multiprotocol Label Switching Virtual Private Network, hereinafter referred to as: message MPLS/VPN) entering data center stamps the tag identifier of VLAN10000 and VLAN10001 respectively, just the message of user 1 and user 2 is isolated in heart network so in the data, achieve the function of multi-user, by the above-mentioned definition of the embodiment of the present invention, VLAN scope can be very large.
On the basis of Fig. 6, when carrier data central site network is three layers of networking, the process realizing user isolation is as follows:
TOR1, TOR2, TOR3, TOR4, TOR5, TOR6 can enable Flexible-VLAN function, that is, flexible configuration can be carried out to the numerical value of VLAN MASK, to expand VLAN quantity.The present embodiment configuration VLAN MASK is configured to 20, and can support that 20 powers of 2 subtract a user, concrete value can be defined by client oneself.After each TOR receives the data of user's transmission, VLAN mark can be configured for user.Such as: on TOR1, configure two VRF, the interface that TOR1 and AGG1 is connected creates two sub-interfaces, according to VLAN MASK numerical value configuration VLAN mark: VLAN10000 on sub-interface 1, be tied on VRF1, according to VLAN MASK numerical value configuration VLAN mark on sub-interface 2: VLAN10001, is tied to VRF2.TOR2 configures VRF1, the interface that TOR1 and AGG2 is connected creates a sub-interface, according to VLAN MASK numerical value configuration VLAN mark on sub-interface: VLAN10000, is tied to VRF1.TOR3, TOR4 configure VRF2, the interface that the interface be connected at TOR3 and AGG1, TOR4 and AGG2 are connected creates a sub-interface, according to VLAN MASK numerical value configuration VLAN mark on sub-interface: VLAN10001, is tied to VRF2.At TOR5, the upper configuration of TOR6 two VRF, the interface that the interface that TOR5 and AGG1 is connected, TOR6 and AGG2 are connected creates two sub-interfaces, according to VLAN MASK numerical value configuration VLAN mark: VLAN10000 on sub-interface 1, be tied on VRF1, according to VLAN MASK numerical value configuration VLAN mark on sub-interface 2: VLAN10001, is tied to VRF2.
Then on AGG1 and AGG2, enable Flexible-VLAN function, that is, flexible configuration can be carried out to the numerical value of VLANMASK, to expand VLAN quantity.The present embodiment configuration VLAN MASK is 20, AGG1 and AGG2 configures two VRF, at AGG1 and TOR1, the interface that TOR5 is connected creates sub-interface 1 and sub-interface 2, according to VLAN MASK numerical value configuration VLAN mark: VLAN10000 on sub-interface 1, be tied on VRF1, representative of consumer 1, according to VLAN MASK numerical value configuration VLAN mark: VLAN10001 on sub-interface 2, be tied to VRF2, representative of consumer 2, the interface that AGG1 and TOR3 is connected creates a sub-interface, according to VLAN MASK numerical value configuration VLAN mark: VLAN10001 on sub-interface, be tied to VRF2, representative of consumer 2, the interface that AGG2 and TOR5, TOR6 are connected creates sub-interface 1 and sub-interface 2, according to VLAN MASK numerical value configuration VLAN mark: VLAN10000 on sub-interface 1, be tied on VRF1, representative of consumer 1, sub-interface 2 configures VLAN mark: VLAN10001, be tied to VRF2, representative of consumer 2, the interface that AGG2 and TOR2 is connected creates a sub-interface, according to VLAN MASK numerical value configuration VLAN mark: VLAN10000 on sub-interface, be tied to VRF1, representative of consumer 1, the interface that AGG2 and TOR3, TOR4 are connected creates a sub-interface, according to VLAN MASK numerical value configuration VLAN mark on sub-interface: VLAN10001, is tied to VRF2, representative of consumer 2.
Finally on AGG1 and AGG2, enable Flexible-VLAN function, configuration VLAN MASK is 20, two VRF are configured at Core1 and Core2, VRF1 representative of consumer 1, VRF2 representative of consumer 2, the interface that Core1 and AGG1 is connected creates sub-interface 1 and sub-interface 2, according to VLAN MASK numerical value configuration VLAN mark: VLAN10000 on sub-interface 1, and bind VRF1, according to VLANMASK numerical value configuration VLAN mark: VLAN10001 on sub-interface 2, and bind VRF2.Also two sub-interfaces are created equally on the interface that Core2 and AGG2 is connected, according to VLAN MASK numerical value configuration VLAN mark: VLAN 10000 on sub-interface 1, and bind VRF 1, according to VLAN MASK numerical value configuration VLAN mark: VLAN10001 on sub-interface 2, and bind VRF2.
After completing above-mentioned configuration, user 1 and user 2 can enter two different VRF instances from the message that MPLS/VPN network enters data center, stamp the tag identifier of VLAN10000 and VLAN10001 respectively, just the message of user 1 and user 2 is isolated in heart network so in the data, achieve the function of multi-user.
The method of the realization isolation multi-user virtual local area network (LAN) of the present embodiment, by enabling Flexible-VLAN function respectively on each TOR, AGG, Core, and carry out every configuration by the number of users of actual demand, thus the message making different user enter data center from MPLS/VPN network stamps the different tag identifier pre-set respectively, just the message of different user is isolated in heart network so in the data, achieve the function of multi-user, by the standard definition of the embodiment of the present invention, VLAN scope can be very large, can the demand of satisfying magnanimity user.
One of ordinary skill in the art will appreciate that: all or part of step realizing above-mentioned each embodiment of the method can have been come by the hardware that program command is relevant.Aforesaid program can be stored in a computer read/write memory medium.This program, when performing, performs the step comprising above-mentioned each embodiment of the method; And aforesaid storage medium comprises: ROM, RAM, magnetic disc or CD etc. various can be program code stored medium.
Fig. 7 is the structural representation of network equipment embodiment one of the present invention, and as shown in Figure 7, the network equipment of the present embodiment can comprise: receiver module 11, determination module 12, processing module 13, configuration module 14, sending module 15;
Wherein, receiver module 11 receives the data of user's transmission for first network equipment.
Determination module 12 is for the virtual LAN VLAN MASK numerical value of first network equipment according to setting, determine the quantity of virtual LAN VLAN, the setting of the value of VLAN MASK numerical value sets according to the quantity of the VLAN of actual required user, configured in advance by network manager needed for reality.Such as: VLAN MASK numerical value can be set to 5 bits, span is 0-31.Determination module 12 determines the quantity of described outer virtual LAN VLAN according to described VLAN MASK numerical value specifically for described first network equipment; Or determination module 12 determines quantity and the inner VLAN quantity of described outer virtual LAN VLAN according to described VLAN MASK numerical value specifically for described first network equipment.
Processing module 13 encapsulates data Ethernet header for first network equipment and obtains Ethernet message, carries VLAN MASK numerical value and VLAN quantity in Ethernet header.Can comprise type sign and at least one tag identifier in Ethernet header, type sign is used to indicate the type of Ethernet header.As the optional execution mode of one, can comprise a tag identifier in Ethernet header, this tag identifier comprises: precedence information, VLAN MASK numerical information, outside VLAN quantity information and inner VLAN quantity information, as the optional execution mode of another kind, two tag identifiers can also be comprised in Ethernet header, one of them tag identifier can comprise: canonical format indicator CFI, outside VLAN priority, inner VLAN priority, retain position, VLAN MASK numerical information, another tag identifier can comprise: outside VLAN quantity information and inner VLAN quantity information, this kind of situation due to another tag identifier be 4 bytes (Bytes), if the value of VLAN MASK numerical value is configured to 0, then represent to be all outer virtual LAN VLAN, the maximum magnitude of outer virtual LAN VLAN is 24 powers of 2, the demand of more users isolation can be met.
Configuration module 14 identifies for user configures VLAN according to VLAN quantity for first network equipment.
Ethernet message is sent to second network equipment for first network equipment by sending module 15, carries the VLAN mark that user is corresponding in Ethernet message.
The network equipment of the present embodiment, may be used for the technical scheme performing embodiment of the method shown in Fig. 1, it is similar that it realizes principle, repeats no more herein.
The network equipment of the present embodiment, the quantity that VLAN ID scope VLAN MASK numerical value determines virtual LAN VLAN is pre-set according to actual needs by determination module, processing module encapsulates data into the Ethernet header carrying VLAN MASK numerical value and VLAN quantity and obtains Ethernet message, then configuration module identifies for user configures VLAN according to VLAN quantity, the Ethernet message carrying VLAN mark corresponding to user is sent to second network equipment by sending module again, the message of different user just has different VLAN marks in the heart in the data, therefore just different user is isolated from first network equipment to the message of second network equipment, achieve the isolation that the scope that can define VLAN according to actual needs flexibly carrys out satisfying magnanimity user.
Fig. 8 is the structural representation of network equipment embodiment two of the present invention, and as shown in Figure 8, the network equipment of the present embodiment comprises: receiver module 16 and processing module 17; Wherein, receiver module 16 receives the Ethernet message of first network equipment transmission for second network equipment, carry the virtual LAN VLAN mark that user is corresponding in Ethernet message, VLAN mark comprises outer VLAN identification, or comprises outer VLAN identification and inner VLAN identification.
Processing module 17, for second network device parses Ethernet message, obtains the VLAN MASK numerical value and VLAN mark that carry in Ethernet header in Ethernet message, identifies mate with the VLAN that second network equipment interface configures.The setting of the value of VLAN MASK numerical value sets according to the quantity of the VLAN of actual required user, configured in advance by network manager needed for reality.Such as: VLAN MASK numerical value can be set to 5 bits, span is 0-31.Can comprise type sign and at least one tag identifier in Ethernet header, type sign is used to indicate the type of Ethernet header.As the optional execution mode of one, can comprise a tag identifier in Ethernet header, this tag identifier comprises: precedence information, VLAN MASK numerical information, outside VLAN quantity information and inner VLAN quantity information; As the optional execution mode of another kind, two tag identifiers can also be comprised in Ethernet header, one of them tag identifier can comprise: canonical format indicator CFI, outside VLAN priority, inner VLAN priority, reservation position, VLAN MASK numerical information, another tag identifier can comprise: outside VLAN quantity information and inner VLAN quantity information.
The network equipment of the present embodiment, may be used for the technical scheme performing embodiment of the method shown in Fig. 2, it is similar that it realizes principle, repeats no more herein.
The network equipment of the present embodiment, the Ethernet message of first network equipment transmission is received by receiver module, processing module is resolved the Ethernet message received, obtain the VLAN MASK numerical value and VLAN mark that carry in Ethernet header in Ethernet message, identify with the VLAN that second network equipment interface configures and mate, if coupling, is for further processing, if can not mate, dropping packets, carry out the isolation of satisfying magnanimity user like this with regard to achieving the scope that can define VLAN according to actual needs flexibly.
In the cloud computing epoch, a lot of large-scale publicly-owned cloud can be there is, these superhuge clouds provide rental service can to a lot of medium-sized and small enterprises or personal user, medium-sized and small enterprises the Internet resources of the publicly-owned cloud of tenant can complete oneself IT informatization, oneself need not buy the network equipment again, oneself recruits network personnel, and oneself is safeguarded, the IT greatly reducing Enterprise Network is changed into this, the major way of this pattern following medium-sized and small enterprises ITization in future.But meet this commercial system, super large cloud (data center) needs to possess such ability, but present network technology can't support and realize such function, one of them topmost problem needs to provide service to a lot of tenant exactly in same network, need to isolate each tenant, to ensure the safety of tenant data, following tenant can be magnanimity, the scale of 100,000 grades can be reached, this proposes very large challenge to current technology, the current good technology of neither one of going back can solve this problem, above all embodiments in the application, all can be applicable to there is the scene that multiple extensive publicly-owned cloud rents multiple user.
Last it is noted that above each embodiment is only in order to illustrate technical scheme of the present invention, be not intended to limit; Although with reference to foregoing embodiments to invention has been detailed description, those of ordinary skill in the art is to be understood that: it still can be modified to the technical scheme described in foregoing embodiments, or carries out equivalent replacement to wherein some or all of technical characteristic; And these amendments or replacement, do not make the essence of appropriate technical solution depart from the scope of various embodiments of the present invention technical scheme.

Claims (12)

1. realize a method of isolating multi-user virtual local area network (LAN), it is characterized in that, comprising:
First network equipment receives the data that user sends;
Described first network equipment, according to the VLAN ID scope VLAN MASK numerical value of setting, determines the quantity of virtual LAN VLAN;
Described data encapsulation Ethernet header is obtained Ethernet message by described first network equipment, carries described VLAN MASK numerical value and described VLAN quantity in described Ethernet header;
Described first network equipment is that described user configures VLAN mark according to described VLAN quantity;
Described Ethernet message is sent to second network equipment by described first network equipment, carries the VLAN mark that described user is corresponding in described Ethernet message;
Wherein, described Ethernet header comprises type sign and at least one tag identifier, and described type sign is used to indicate the type of described Ethernet header;
If comprise a described tag identifier, then described tag identifier comprises: precedence information, described VLAN MASK numerical information, outside VLAN quantity information and inner VLAN quantity information; Or, if comprise two described tag identifiers, then a described tag identifier comprises: canonical format indicator CFI, outside VLAN priority, inner VLAN priority, reservation position, described VLAN MASK numerical information, described in another, tag identifier comprises: outside VLAN quantity information and inner VLAN quantity information.
2. method according to claim 1, is characterized in that, described first network equipment, according to the VLAN ID scope VLAN MASK numerical value of setting, is determined the quantity of virtual LAN VLAN, being comprised:
Described first network equipment determines the quantity of outer virtual LAN VLAN according to described VLAN MASK numerical value; Or,
Described first network equipment determines quantity and the inner VLAN quantity of outer virtual LAN VLAN according to described VLAN MASK numerical value.
3. the method according to right 1 or 2, is characterized in that, described VLAN MASK numerical value is 5 bits, and span is 0-31.
4. realize a method of isolating multi-user virtual local area network (LAN), it is characterized in that, comprising:
Second network equipment receives the Ethernet message that first network equipment sends, and carries the virtual LAN VLAN mark that user is corresponding in described Ethernet message;
Ethernet message described in described second network device parses, obtains the VLAN MASK numerical value and VLAN mark that carry in Ethernet header in described Ethernet message, identifies mate with the VLAN that second network equipment interface configures;
Wherein, described Ethernet header comprises type sign and at least one tag identifier, and described type sign is used to indicate the type of described Ethernet header;
If comprise a described tag identifier, then described tag identifier comprises: precedence information, described VLAN MASK numerical information, outside VLAN quantity information and inner VLAN quantity information; Or, if comprise two described tag identifiers, then a described tag identifier comprises: canonical format indicator CFI, outside VLAN priority, inner VLAN priority, reservation position, described VLAN MASK numerical information, described in another, tag identifier comprises: outside VLAN quantity information and inner VLAN quantity information.
5. method according to claim 4, is characterized in that, described VLAN mark comprises outer VLAN identification, or, comprise outer VLAN identification and inner VLAN identification.
6. the method according to claim 4 or 5, is characterized in that, described VLAN MASK numerical value is 5 bits, and span is 0-31.
7. a network equipment, is characterized in that, comprising:
Receiver module, receives the data of user's transmission for first network equipment;
Determination module, for the VLAN ID scope VLAN MASK numerical value of described first network equipment according to setting, determines the quantity of virtual LAN VLAN;
Processing module, obtains Ethernet message for described first network equipment by described data encapsulation Ethernet header, carries described VLAN MASK numerical value and described VLAN quantity in described Ethernet header;
Configuration module, for described first network equipment according to described VLAN quantity be described user configure VLAN mark;
Sending module, sends to second network equipment for described first network equipment by described Ethernet message, carries the VLAN mark that described user is corresponding in described Ethernet message;
Wherein, described Ethernet header comprises type sign and at least one tag identifier, and described type sign is used to indicate the type of described Ethernet header;
If comprise a described tag identifier, then described tag identifier comprises: precedence information, described VLAN MASK numerical information, outside VLAN quantity information and inner VLAN quantity information; Or, if comprise two described tag identifiers, then a described tag identifier comprises: canonical format indicator CFI, outside VLAN priority, inner VLAN priority, reservation position, described VLAN MASK numerical information, described in another, tag identifier comprises: outside VLAN quantity information and inner VLAN quantity information.
8. the network equipment according to claim 7, is characterized in that, determination module determines the quantity of outer virtual LAN VLAN according to described VLAN MASK numerical value specifically for described first network equipment; Or,
Determination module determines quantity and the inner VLAN quantity of outer virtual LAN VLAN according to described VLAN MASK numerical value specifically for described first network equipment.
9. the network equipment according to right 7 or 8, is characterized in that, described VLAN MASK numerical value is 5 bits, and span is 0-31.
10. a network equipment, is characterized in that, comprising:
Receiver module, receives the Ethernet message of first network equipment transmission for second network equipment, carry the virtual LAN VLAN mark that user is corresponding in described Ethernet message;
Processing module, for Ethernet message described in described second network device parses, obtains the VLAN MASK numerical value and VLAN mark that carry in Ethernet header in described Ethernet message, identifies mate with the VLAN that second network equipment interface configures;
Described Ethernet header comprises type sign and at least one tag identifier, and described type sign is used to indicate the type of described Ethernet header;
If comprise a described tag identifier, then described tag identifier comprises: precedence information, described VLAN MASK numerical information, outside VLAN quantity information and inner VLAN quantity information; Or, if comprise two described tag identifiers, then a described tag identifier comprises: canonical format indicator CFI, outside VLAN priority, inner VLAN priority, reservation position, described VLAN MASK numerical information, described in another, tag identifier comprises: outside VLAN quantity information and inner VLAN quantity information.
11. network equipments according to claim 10, is characterized in that, described VLAN mark comprises outer VLAN identification, or, comprise outer VLAN identification and inner VLAN identification.
12. network equipments according to claim 10 or 11, it is characterized in that, described VLANMASK numerical value is 5 bits, and span is 0-31.
CN201210416983.8A 2012-10-26 2012-10-26 Realize method and the network equipment of isolation multi-user virtual local area network (LAN) Active CN102932342B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210416983.8A CN102932342B (en) 2012-10-26 2012-10-26 Realize method and the network equipment of isolation multi-user virtual local area network (LAN)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210416983.8A CN102932342B (en) 2012-10-26 2012-10-26 Realize method and the network equipment of isolation multi-user virtual local area network (LAN)

Publications (2)

Publication Number Publication Date
CN102932342A CN102932342A (en) 2013-02-13
CN102932342B true CN102932342B (en) 2015-08-26

Family

ID=47647044

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210416983.8A Active CN102932342B (en) 2012-10-26 2012-10-26 Realize method and the network equipment of isolation multi-user virtual local area network (LAN)

Country Status (1)

Country Link
CN (1) CN102932342B (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104618209A (en) * 2013-11-05 2015-05-13 华为技术有限公司 Virtual local area network interface processing method and network device
CN104113460A (en) * 2014-02-20 2014-10-22 西安未来国际信息股份有限公司 Design of tenant exclusive VPN under cloud computation
CN103841186B (en) * 2014-02-25 2018-05-01 汉柏科技有限公司 The group technology and system of a kind of private clound
CN104734953B (en) * 2015-03-24 2019-07-23 福建星网锐捷网络有限公司 The method, apparatus and interchanger of two layers of message isolation are realized based on VLAN
CN106331199B (en) * 2015-06-29 2019-08-06 中兴通讯股份有限公司 The addressing method and device of virtual network
CN105591874B (en) * 2015-12-22 2020-10-13 新华三技术有限公司 Data sending method and device
CN108197493A (en) * 2017-12-30 2018-06-22 中建材信息技术股份有限公司 A kind of upgrade method of publicly-owned cloud system
CN114024898B (en) * 2021-11-09 2023-06-30 湖北天融信网络安全技术有限公司 Message transmission method, device, equipment and storage medium

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6681262B1 (en) * 2002-05-06 2004-01-20 Infinicon Systems Network data flow optimization
CN100377548C (en) * 2005-07-15 2008-03-26 华为技术有限公司 Method and device for realizing virtual exchange
CN101127696B (en) * 2006-08-15 2012-06-27 华为技术有限公司 Data forwarding method for layer 2 network and network and node devices
CN101510855B (en) * 2009-04-10 2011-06-15 华为技术有限公司 Method and apparatus for processing QinQ message
CN101567854B (en) * 2009-05-26 2011-06-29 武汉烽火网络有限责任公司 Ethernet data frame VLAN double-layer label processing device and method based on flow classification

Also Published As

Publication number Publication date
CN102932342A (en) 2013-02-13

Similar Documents

Publication Publication Date Title
CN102932342B (en) Realize method and the network equipment of isolation multi-user virtual local area network (LAN)
CN104639470B (en) Traffic identifier packaging method and system
CN105376154B (en) Gradual MAC address learning
CN105812259B (en) A kind of message forwarding method and equipment
CN102857416B (en) A kind of realize the method for virtual network, controller and virtual network
CN105553849B (en) A kind of traditional IP and SPTN network intercommunication method and system
CN105284080A (en) Data center system and virtual network management method of data center
CN104243362B (en) A kind of message forwarding method and device
CN105610710A (en) Methods and apparatus for standard protocol validation mechanisms deployed over switch fabric system
CN107370642A (en) One kind is based on cloud platform multi-tenant network smoothness monitoring system and method
CN103369027A (en) Location-aware virtual service provisioning in a hybrid cloud environment
CN104301251A (en) QoS processing method, system and device
CN103067245A (en) Flow table spatial isolation device and method for network virtualization
CN104365066B (en) Method and apparatus for ether Virtual Private Network
CN106941437A (en) A kind of information transferring method and device
CN103023779B (en) A kind of data message processing method and device
CN107566237A (en) A kind of data message processing method and device
CN106134133A (en) Tunnel passes through WAN time-critical message between substation
CN104954186A (en) Application-oriented SDN (software defined network) strategy control method
CN106685903A (en) Data transmission method based on SDN, SDN controller and SDN system
CN108141392A (en) The method and apparatus that pseudowire load is shared
CN107968751A (en) A kind of information processing method and device
CN107181691A (en) The method, apparatus and system of message routing are realized in a kind of network
CN107948042A (en) A kind of message forwarding method and device
CN104144157B (en) A kind of TCP session establishing method, device, multihome node and satellite node

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant