CN103746914A - Method, device and system for building corresponding relationship between private network label and primary VRF (VPN (virtual private network) routing and forwarding table) - Google Patents
Method, device and system for building corresponding relationship between private network label and primary VRF (VPN (virtual private network) routing and forwarding table) Download PDFInfo
- Publication number
- CN103746914A CN103746914A CN201310753846.8A CN201310753846A CN103746914A CN 103746914 A CN103746914 A CN 103746914A CN 201310753846 A CN201310753846 A CN 201310753846A CN 103746914 A CN103746914 A CN 103746914A
- Authority
- CN
- China
- Prior art keywords
- vrf
- equipment
- original
- private network
- device identification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method, a device and a system for building a corresponding relationship between a private network label and a primary VRF (VPN (virtual private network) routing and forwarding table), relates to the technical field of communication, and improves the maintenance efficiency of the private network label to a certain degree. According to the concrete embodiment of the invention, the method comprises the steps that first VRF equipment sends equipment identifications of the first VRF equipment, the private network label corresponding to the first VRF equipment, equipment identifications of original VRF equipment and indexing information of original VRF to second VRF equipment; the second VRF equipment stores all the information and a corresponding relationship of the information. Further, VPN flow rate analysis equipment obtains the corresponding relationship, and can collect flow rate data from the second VRF equipment, and further, the equipment identifications of the original VRF equipment and the indexing information of the original VRF are obtained according to the flow rate, so a VPN example of the flow rate attribution is determined so that the VPN flow rate is determined. The technical scheme disclosed by the invention is mainly applied to the VPN flow rate statistical process.
Description
Technical field
The present invention relates to communication technical field, relate in particular to a kind of private network tags and original VRF(VPN Routing and Forwarding Table, VPN route forwarding table set up) method, the Apparatus and system of corresponding relation.
Background technology
At present, in order to improve the O&M safety of network, by disposing MPLS(Multiprotocol Label Switch, multiprotocol label switching) VPN(Virtual Private Network, virtual private networks) control user access, carry different business.Wherein, MPLS VPN is the IP-VPN based on MPLS technology, a kind of L3VPN(Layer3Virtual Private Network, 3 layers of VPN), it uses BGP(Border Gateway Protocol, Border Gateway Protocol) on service provider backbone, issue VPN route, use MPLS on service provider backbone, to forward VPN message.Such as, the PE1(Provider Edge of packet in network, while Provider Edge) transmitting between equipment and PE2 equipment, first, PE1 equipment will be noticed the VRF of deployment (the Autonomous System Boundary Router to other PE/ASBR, Autonomous System Boundary Router, AS Boundary Router) equipment is PE2 equipment, the VRF of PE1 equipment under the PE2 equipment records being advertised, further, packet by PE2 device transmission to PE1 equipment in, PE2 equipment just can utilize the VRF to PE1 equipment of its record that packet is passed through to MPLS Internet Transmission to PE1 equipment.
Because MPLS VPN networking is complicated, the vpn service carrying in network is also varied.Description in conjunction with above-mentioned existing implementation, VRF in network-wide basis on each PE equipment and the mapping relations of private network tags are unique, wherein, VRF is a VPN instance of PE its upper side administration, such as, when this PE equipment can be disposed two kinds of vpn services of voice and video, just can on this PE, configure VRF1, VRF2 is respectively used to represent two kinds of business of voice and video, and then PE equipment is bundled in these two VRF under interface, this PE equipment can receive CE(Customer Edge by this interface, client edge) routing iinformation of the issue of equipment, further, PE equipment is converted into VPN route by this routing iinformation receiving and is stored in corresponding VRF, and this VPN route is distributed to opposite end PE equipment, because these VPN routes are all privately owned, corresponding with private network tags, the VRF that so just can guarantee to have correlation can learn the route of opposite end PE equipment, and the VRF instance that can mutually learn opposite end route is regarded as and is belonged to a VPN.Further, when PE equipment arrives object PE equipment by Packet Generation, can from the heading of packet, obtain private network tags and object PE device identification, according to these information, just can know the IP of private network tags and object PE equipment, and then determine the VPN instance (being also vpn service) that this packet belongs to, thereby determine the flow of vpn service, but because the private network tags that under cross-domain scene, VRF is corresponding can change, like this when the operations such as statistic flow, need on a large amount of PE equipment, distribute private network tags scope, this just need to manually go to safeguard the private network tags information of distributing, cause private network tags maintenance of information efficiency low, also be unfavorable for the follow-up operations such as traffic statistics.
Summary of the invention
Embodiments of the invention provide a kind of method, Apparatus and system of setting up private network tags and original VRF corresponding relation, in order to improve to a certain extent the maintenance efficiency of private network tags.For achieving the above object, embodiments of the invention adopt following technical scheme:
First aspect, provides a kind of system of setting up private network tags and original VRF corresponding relation, comprising:
The first virtual private networks route forwarding table VRF equipment, for sending the device identification of a described VRF equipment, private network tags, the device identification of original VRF equipment and the index information of original VRF that a described VRF equipment is corresponding to the 2nd VRF equipment;
Described the 2nd VRF equipment, for receiving the described device identification of the described VRF equipment that a described VRF equipment sends, described private network tags, the described device identification of described original VRF equipment and the described index information of described original VRF that a described VRF equipment is corresponding, and store the described device identification of the described VRF equipment that a described VRF equipment sends, the corresponding relation of described private network tags, the described device identification of described original VRF equipment and the described index information of described original VRF that a described VRF equipment is corresponding;
Wherein, the VPN instance of the corresponding virtual private network VPN of described original VRF; Described original VRF equipment is the Provider Edge PE equipment of setting up described original VRF; The index information of described original VRF is for identifying the VPN instance on described original VRF equipment.
In the first possibility implementation of first aspect, described system also comprises described original VRF equipment;
Described original VRF equipment, for sending corresponding private network tags, the described device identification of described original VRF equipment and the described index information of described original VRF of described original VRF equipment to a described VRF equipment;
A described VRF equipment, corresponding described private network tags, the described device identification of described original VRF equipment and the described index information of described original VRF of described original VRF equipment also sending for receiving described original VRF equipment, and store the corresponding relation of described private network tags, the described device identification of described original VRF equipment and the described index information of described original VRF that described original VRF equipment is corresponding.
In the second possibility real mode of first aspect, described system also comprises:
VPN flow analysis equipment, for obtaining the described device identification of a described VRF equipment of described the 2nd VRF device storage, the described corresponding relation of described private network tags, the described device identification of described original VRF equipment and the described index information of described original VRF that a described VRF equipment is corresponding;
From described the 2nd VRF equipment, gather data on flows, described data on flows comprises described device identification and the described private network tags corresponding to a described VRF equipment of a described VRF equipment;
According to the described device identification of a described VRF equipment and described private network tags corresponding to a described VRF equipment, from the described corresponding relation obtaining, obtain the described device identification of described original VRF equipment and the described index information of described original VRF;
According to the described index information of the described device identification of described original VRF equipment and described original VRF, determine the VPN instance of described data on flows ownership, so that determine the flow of described VPN.
May implementation or any one or a few in may implementation of the second of first aspect in conjunction with the first of first aspect or first aspect, in the third possibility implementation of first aspect, a described VRF equipment and described the 2nd VRF equipment belong to different autonomous system AS.
May implementation or any one or a few in may implementation of the second of first aspect in conjunction with the first of first aspect or first aspect, in the 4th kind of possibility implementation of first aspect, a described VRF equipment adds the described index information of the described device identification of described original VRF equipment and described original VRF in MP-BGP MP-BGP extended community attribute to, by described MP-BGP agreement, to described the 2nd VRF equipment, sends the described device identification of described original VRF equipment and the described index information of described original VRF.
Second aspect, provides a kind of method of setting up private network tags and original VRF corresponding relation, comprising:
Original virtual private networks route forwarding table VRF equipment sends corresponding private network tags, the device identification of described original VRF equipment and the index information of described original VRF of described original VRF equipment to a VRF equipment, so that the corresponding relation of the described private network tags that described in a described VRF device storage, original VRF equipment is corresponding, the described device identification of described original VRF equipment and the described index information of described original VRF;
Wherein, the VPN instance of the corresponding virtual private network VPN of described original VRF; Described original VRF equipment is the Provider Edge PE equipment of setting up described original VRF; The index information of described original VRF is for identifying the VPN instance on described original VRF equipment.
In the first possibility implementation of second aspect, described original VRF equipment and a described VRF equipment belong to same autonomous system AS.
The third aspect, provides a kind of method of setting up private network tags and original VRF corresponding relation, comprising:
The first virtual private networks route forwarding table VRF equipment receives corresponding private network tags, the device identification of described original VRF equipment and the index information of described original VRF of described original VRF equipment that original VRF equipment sends;
The corresponding relation of the described private network tags that described in a described VRF device storage, original VRF equipment is corresponding, the described device identification of described original VRF equipment and the described index information of described original VRF.
In the first possibility implementation of the third aspect, also comprise:
To the 2nd VRF equipment, send the device identification of a described VRF equipment, private network tags, the described device identification of described original VRF equipment and the described index information of described original VRF that a described VRF equipment is corresponding, so that the corresponding relation of the described device identification of a VRF equipment described in described the 2nd VRF device storage, described private network tags, the described device identification of described original VRF equipment and the described index information of described original VRF that a described VRF equipment is corresponding.
Fourth aspect, provides a kind of method of definite virtual private network VPN flow, comprising:
From the second virtual private networks route forwarding table VRF equipment, obtain corresponding relation, described corresponding relation is the device identification of a VRF equipment, private network tags, the device identification of original VRF equipment and the index information of original VRF that a described VRF equipment is corresponding, wherein, a described VRF equipment is the next-hop device of described the 2nd VRF equipment;
From described the 2nd VRF equipment, obtain data on flows, described data on flows comprises described device identification and the described private network tags corresponding to a described VRF equipment of a described VRF equipment;
According to the described device identification of a described VRF equipment and described private network tags corresponding to a described VRF equipment, from the described corresponding relation obtaining, obtain the described device identification of described original VRF equipment and the described index information of described original VRF;
According to the described index information of the described device identification of described original VRF equipment and described original VRF, determine the VPN instance of described data on flows ownership, so that determine the flow of described VPN;
Wherein, the VPN instance of the corresponding virtual private network VPN of described original VRF; Described original VRF equipment is the Provider Edge PE equipment of setting up described original VRF; The index information of described original VRF is for identifying the VPN instance on described original VRF equipment.
The 5th aspect, provides a kind of device of setting up private network tags and original VRF corresponding relation, and described device comprises:
Transmitting element, for sending corresponding private network tags, the device identification of described original VRF equipment and the index information of described original VRF of described original VRF equipment to a VRF equipment, so that the corresponding relation of the described private network tags that described in a described VRF device storage, original VRF equipment is corresponding, the described device identification of described original VRF equipment and the described index information of described original VRF;
Memory cell, for storing private network tags, the device identification of described original VRF equipment and the index information of described original VRF that described original VRF equipment is corresponding;
Wherein, the VPN instance of the corresponding virtual private network VPN of described original VRF; Described original VRF equipment is the Provider Edge PE equipment of setting up described original VRF; The index information of described original VRF is for identifying the VPN instance on described original VRF equipment.
In the first possibility implementation aspect the 5th, described original VRF equipment and a described VRF equipment belong to same autonomous system AS.
The 6th aspect, provides a kind of device of setting up private network tags and original VRF corresponding relation, and described device comprises:
Receiving element, corresponding private network tags, the device identification of described original VRF equipment and the index information of described original VRF of described original VRF equipment sending for receiving original VRF equipment;
Memory cell, for storing the corresponding relation of described private network tags, the described device identification of described original VRF equipment and the described index information of described original VRF that described original VRF equipment is corresponding.
In the first possibility implementation aspect the 6th, described device also comprises:
Transmitting element, for sending the device identification of a described VRF equipment, private network tags, the described device identification of described original VRF equipment and the described index information of described original VRF that a described VRF equipment is corresponding to the 2nd VRF equipment, so that the corresponding relation of the described device identification of a VRF equipment described in described the 2nd VRF device storage, described private network tags, the described device identification of described original VRF equipment and the described index information of described original VRF that a described VRF equipment is corresponding.
The 7th aspect, provides a kind of device of definite virtual private network VPN flow, and described device comprises:
Acquiring unit, for obtaining corresponding relation from the second virtual private networks route forwarding table VRF equipment;
Described corresponding relation is the device identification of a VRF equipment, private network tags, the device identification of original VRF equipment and the index information of original VRF that a described VRF equipment is corresponding, wherein, a described VRF equipment is the next-hop device of described the 2nd VRF equipment;
Described acquiring unit, also for obtaining data on flows from described the 2nd VRF equipment, described data on flows comprises described device identification and the described private network tags corresponding to a described VRF equipment of a described VRF equipment; Also, for according to the described device identification of a described VRF equipment and described private network tags corresponding to a described VRF equipment, from the described corresponding relation obtaining, obtain the described device identification of described original VRF equipment and the described index information of described original VRF;
Determining unit, determines the VPN instance of described data on flows ownership for the described device identification of described original VRF equipment and the described index information of described original VRF that obtain according to described acquiring unit, so that determine the flow of described VPN;
Wherein, the VPN instance of the corresponding virtual private network VPN of described original VRF; Described original VRF equipment is the Provider Edge PE equipment of setting up described original VRF; The index information of described original VRF is for identifying the VPN instance on described original VRF equipment.
Visible, a kind of method, Apparatus and system of setting up private network tags and original VRF corresponding relation that the embodiment of the present invention provides, a VRF equipment sends the device identification of a VRF equipment, private network tags, the device identification of original VRF equipment and the index information of original VRF that a VRF equipment is corresponding to the 2nd VRF equipment; The 2nd these information of VRF device storage and corresponding relation thereof.In prior art, when the operations such as statistic flow, must go to safeguard distribution private network tags information by a large amount of manpowers, can cause the maintenance efficiency of private network tags information low, and technical scheme provided by the invention, a kind of method of setting up the corresponding relation of private network tags and original VRF is provided, has improved to a certain extent the maintenance efficiency of private network tags.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, to the accompanying drawing of required use in embodiment or description of the Prior Art be briefly described below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skills, do not paying under the prerequisite of creative work, can also obtain according to these accompanying drawings other accompanying drawing.
A kind of composition schematic diagram of setting up private network tags and original VRF corresponding relation system that Fig. 1 provides for one embodiment of the invention;
The another kind that Fig. 2 provides for another embodiment of the present invention is set up the composition schematic diagram of private network tags and original VRF corresponding relation system;
A kind of method flow diagram of setting up private network tags and original VRF corresponding relation that Fig. 3 provides for another embodiment of the present invention;
The another kind that Fig. 4 provides for another embodiment of the present invention is set up the method flow diagram of private network tags and original VRF corresponding relation;
The method flow diagram of a kind of definite virtual private network VPN flow that Fig. 5 provides for another embodiment of the present invention;
The composition schematic diagram of the network architecture of a kind of corresponding relation of setting up private network tags and original VRF that Fig. 6 provides for another embodiment of the present invention;
In a kind of network architecture in above-mentioned Fig. 6 that Fig. 7 provides for another embodiment of the present invention, set up the method flow diagram of the corresponding relation of private network tags and original VRF;
A kind of composition schematic diagram of setting up private network tags and original VRF corresponding relation device that Fig. 8 provides for another embodiment of the present invention;
The another kind that Fig. 9 provides for another embodiment of the present invention is set up the composition schematic diagram of private network tags and original VRF corresponding relation device;
The another kind that Figure 10 provides for another embodiment of the present invention is set up the composition schematic diagram of private network tags and original VRF corresponding relation device;
The composition schematic diagram of the device of a kind of definite virtual private network VPN flow that Figure 11 provides for another embodiment of the present invention;
The another kind that Figure 12 provides for another embodiment of the present invention is set up the composition schematic diagram of private network tags and original VRF corresponding relation device;
The another kind that Figure 13 provides for another embodiment of the present invention is set up the composition schematic diagram of private network tags and original VRF corresponding relation device;
The another kind that Figure 14 provides for another embodiment of the present invention is set up the composition schematic diagram of private network tags and original VRF corresponding relation device;
The composition schematic diagram of the device of a kind of definite virtual private network VPN flow that Figure 15 provides for another embodiment of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the present invention's part embodiment, rather than whole embodiment.Embodiment based in the present invention, those of ordinary skills, not making the every other embodiment obtaining under creative work prerequisite, belong to the scope of protection of the invention.
One embodiment of the invention provides a kind of system of setting up private network tags and original VRF corresponding relation, and as shown in Figure 1, this system comprises: a VRF equipment 01, the 2nd VRF equipment 02.
The one VRF equipment 01, for sending the device identification of a VRF equipment, private network tags, the device identification of original VRF equipment and the index information of original VRF that a VRF equipment is corresponding to the 2nd VRF equipment 02.
The 2nd VRF equipment 02, for receiving the device identification of the VRF equipment that a VRF equipment 01 sends, private network tags, the device identification of original VRF equipment and the index information of original VRF that a VRF equipment is corresponding, and the corresponding relation of the device identification of the VRF equipment that sends of the VRF equipment of storing, private network tags, the device identification of original VRF equipment and the index information of original VRF that a VRF equipment is corresponding.
What deserves to be explained is the corresponding VPN instance of original VRF; Original VRF equipment is the Provider Edge PE equipment of setting up original VRF; The index information of original VRF is for identifying the VPN instance on original VRF equipment.
Optionally, as shown in Figure 2, this system also comprises: original VRF equipment 03, VPN flow analysis equipment 04.
The one VRF equipment 01, corresponding private network tags, the device identification of original VRF equipment and the index information of original VRF of original VRF equipment also sending for receiving original VRF equipment 03, and store the corresponding relation of private network tags, the device identification of original VRF equipment and the index information of original VRF that this original VRF equipment is corresponding.
Further,
VPN flow analysis equipment 04, for obtaining the device identification of a VRF equipment of the 2nd VRF equipment 02 storage, the corresponding relation of private network tags, the device identification of original VRF equipment and the index information of original VRF that a VRF equipment is corresponding.
And this VPN flow analysis equipment 04, also for gathering data on flows from the 2nd VRF equipment 02.
Wherein, this data on flows comprises device identification and the private network tags corresponding to a VRF equipment of a VRF equipment.
Further, this VPN flow analysis equipment 04 also, for according to the device identification of a VRF equipment and private network tags corresponding to a VRF equipment, obtains the device identification of original VRF equipment and the index information of original VRF from the corresponding relation obtaining.And then determine according to the index information of the device identification of this original VRF equipment and original VRF the VPN instance that data on flows belongs to, so that determine the flow of VPN.
What deserves to be explained is, an above-mentioned VRF equipment 01 and the 2nd VRF equipment 02 belong to different self-control system AS(Autonomous System); Original VRF equipment 03 and a VRF equipment 01 belong to same AS.
In addition what deserves to be explained is, the VPN flow analysis equipment 04 that above-mentioned this system as shown in Figure 2 also comprises, can also be connected and communicate with original VRF equipment 03, a VRF equipment 01, and can analyze the flow of the VPN instance of these two equipment, that is to say this VPN flow analysis equipment 04, can be for analyzing the VPN flow of any one equipment in AS, the analysis process of concrete flow analysis flow process when above-mentioned this VPN flow analysis equipment 04 is connected with the 2nd VRF equipment is similar, is not repeated.
A kind of system of setting up private network tags and original VRF corresponding relation that the embodiment of the present invention provides, a VRF equipment sends the device identification of a VRF equipment, private network tags, the device identification of original VRF equipment and the index information of original VRF that a VRF equipment is corresponding to the 2nd VRF equipment; The 2nd these information of VRF device storage and corresponding relation thereof.In prior art, when the operations such as statistic flow, must go to safeguard distribution private network tags information by a large amount of manpowers, can cause the maintenance efficiency of private network tags information low, and technical scheme provided by the invention, realize a kind of method of setting up the corresponding relation of private network tags and original VRF, improved to a certain extent the maintenance efficiency of private network tags.
Further, when the operations such as statistics VPN instance flow, this system can also be obtained corresponding relation by VPN flow analysis equipment, and can gather data on flows from the 2nd VRF equipment, and then the device identification of original VRF equipment of obtaining according to this data on flows and the index information of original VRF, thereby determine the VPN instance of data on flows ownership, so that determine the flow of VPN instance.
A kind of method of setting up private network tags and original VRF corresponding relation that another embodiment of the present invention provides, in the method, the device identification of original VRF equipment and the index information of original VRF on original VRF equipment, have been determined, so that when this original VRF equipment sends VPN route to other VRF equipment, can carry all the time the device identification of this original VRF equipment and the index information of original VRF, so that follow-up definite VPN flow.As shown in Figure 3, the method comprises:
301, original VRF equipment sends to a VRF equipment private network tags, the device identification of original VRF equipment and the index information of original VRF that original VRF equipment is corresponding.
Wherein, private network tags corresponding to original VRF equipment, for realizing other PE equipment of AS or the communicating by letter of ASBR equipment at this original VRF equipment and its place, for instructing VPN route in the forwarding of private network VPN, by MP-BGP(Multiprotocol Border Gateway Protocol, MP-BGP) transmit, in this original VRF equipment, can have a plurality of private network tags, and private network tags and VRF are one to one on this original VRF equipment.
The corresponding relation of private network tags, the device identification of original VRF equipment and the index information of original VRF that 302, this original VRF equipment of a VRF device storage is corresponding.
Wherein, the corresponding VPN instance of original VRF; Original VRF equipment is the Provider Edge PE equipment of setting up original VRF; The index information of original VRF is for identifying the VPN instance on original VRF equipment.
Optionally, original VRF equipment and a VRF equipment belong to same autonomous system AS.And preferably a VRF equipment is ASBR equipment, this ASBR equipment can be realized ASBR equipment in another AS adjacent with this AS and communicate.
Another embodiment of the present invention provides a kind of method of setting up private network tags and original VRF corresponding relation, and the executive agent of the method is a VRF equipment, and as shown in Figure 4, the method comprises:
401, a VRF equipment receives corresponding private network tags, the device identification of original VRF equipment and the index information of original VRF of original VRF equipment that original VRF equipment sends.
The corresponding relation of private network tags, the device identification of original VRF equipment and the index information of original VRF that 402, the original VRF equipment of a VRF device storage is corresponding.
Optionally, a VRF equipment, can send the device identification of a VRF equipment, private network tags, the device identification of original VRF equipment and the index information of original VRF that a VRF equipment is corresponding to the 2nd VRF equipment.
And then make the 2nd VRF equipment can store the corresponding relation of the device identification of a VRF equipment, private network tags, the device identification of original VRF equipment and the index information of original VRF that a VRF equipment is corresponding.
Another embodiment of the present invention provides a kind of method of definite virtual private network VPN flow, and the method is applied to VPN traffic statistics equipment, and as shown in Figure 5, the method comprises:
501, VPN traffic statistics equipment obtains corresponding relation from the 2nd VRF equipment.
Wherein, this corresponding relation is the device identification of a VRF equipment, private network tags, the device identification of original VRF equipment and the index information of original VRF that a VRF equipment is corresponding.
And wherein, a VRF equipment is the next-hop device of the 2nd VRF equipment.
502, from the 2nd VRF equipment, obtain data on flows.
Wherein, data on flows comprises device identification and the private network tags corresponding to a VRF equipment of a VRF equipment.
503, according to the device identification of a VRF equipment and private network tags corresponding to a VRF equipment, from the corresponding relation obtaining, obtain the device identification of original VRF equipment and the index information of original VRF.
504, according to the index information of the device identification of original VRF equipment and original VRF, determine the VPN instance of data on flows ownership, so that determine the flow of VPN.
Wherein, the corresponding VPN instance of original VRF; Original VRF equipment is the Provider Edge PE equipment of setting up original VRF; The index information of original VRF is for identifying the VPN instance on original VRF equipment.
Another embodiment of the present invention provides a kind of method of setting up the corresponding relation of private network tags and original VRF, and that in conjunction with above-described embodiment, describes carries out in the scene of the method at original VRF equipment,
Preferably, original VRF equipment is PE equipment, and this PE equipment is that operator's equipment can be according to the vpn service request of subscriber equipment or CE equipment, at the VRF of this PE its upper side administration, VRF is VPN instance, and the preferred number of VRF of disposing is identical with the species number of vpn service.
Optionally, the device identification of original VPF equipment can be the Lookback port address of PE equipment, can be also unique contents that can identify PE equipment such as character string or router ID.The index information of original VRF can be the original VRF ID on original PE equipment, can be also original VRF title or private network tags corresponding to this original VRF.
Concrete, first PE equipment need to be VRF configuration name, and this title can, for which VPN instance that is specially that represents that this VRF represents, then configure the information of this VRF, and then this VRF is bundled on an interface on PE.What deserves to be explained is, CE equipment can be by this interface access PE equipment, and then PE equipment learns the route of CE equipment issue by this interface, PE equipment can also by this interface by study to the route of other CE equipment inform the CE equipment of above-mentioned access.
What deserves to be explained is, owing to carrying multiple vpn service in network, PE equipment router is logically divided into many virtual routers, i.e. a plurality of "VPN routing and forwarding (VRF) instance VRF, every kind of corresponding VRF of business.That is to say, the shared PE of a plurality of vpn services of Jiang Yitai is modeled to many special-purpose PE.
Further, for above-mentioned 301, and in conjunction with the foregoing description of the present embodiment, the index information of original VRF, is the sign that is the VRF distribution disposed at PE equipment, for identifying the VPN instance on original VRF equipment.
The above-mentioned 301 original VRF equipment of describing send to a VRF equipment private network tags, the device identification of original VRF equipment and the index information of original VRF that original VRF equipment is corresponding.
Concrete, original VRF equipment, when issue VPN route, in order to get original VRF device identification and original VRF index information, need, by MP-BGP extended community attribute, to add the field that represents the device identification of original VRF equipment and the index information of original VRF, and be carried in VRF route, send to a VRF equipment, in this VPN route, also comprise private network tags corresponding to original VRF equipment.
Further, in being carried at VPN route by above-mentioned information, original VRF equipment is distributed to after a VRF equipment corresponding relation of the private network tags that this original VRF equipment of a VRF device storage is corresponding, the device identification of original VRF equipment and the index information of original VRF.
What deserves to be explained is, when forwarding VPN route, this VPN route has been carried two-layer MPLS label, and vpn label is private network tags, and outer layer label is public network label.Concrete, in entry PE for message is stamped two-layer label: ground floor (skin) label exchanges in backbone network inside, has represented a tunnel from PE to opposite end PE, and VPN route is stamped the PE equipment that this layer of label just can reach opposite end; The second layer (internal layer) label, has indicated message should arrive which SITE, or arrives which CE equipment.When VPN route arrives PE like this, peel outer layer label off, at this moment, according to vpn label, just can find the interface of forwarding.
The method of describing in conjunction with a upper embodiment, further, after VRF route sends to a VRF equipment, and then a VRF equipment can be according to this VRF routing iinformation to original VRF equipment sending data bag.
Another embodiment of the present invention provides a kind of method of setting up private network tags and original VRF corresponding relation, in this method, original VRF equipment is original PE equipment, utilize the MPLS private network tags distribution capability of MPLS VPN, adopt the expandability of MP-BGP extended community attribute, when original PE equipment Publishing local VRF routing iinformation, by MP-BGP extended community attribute, in MP-BGP, increase new attribute field, in this newly-increased attribute field, record the device identification of original VRF equipment and the index information of original VRF.Further, the index information of the device identification of original VRF equipment, original VRF and private network tags corresponding to this original VRF equipment are transferred to opposite end PE/ASBR equipment in the lump.Like this, on each PE/ASBR equipment of whole VPN network, can store the VRF routing iinformation of original PE equipment corresponding to the private network tags of current device, owing to having affixed one's name to a plurality of VRF in original PE its upper side, and these VRF have each self-corresponding index information, PE equipment is according to private network tags, this original PE equipment is issued to the device identification of this original PE equipment and the index information of original VRF, and then in cross-domain issuing process, although private network tags can change, but carry the device identification of this original PE equipment and the index information of original VRF in the VPN route of issue always, thereby the private network tags of each PE/ASBR equipment and the mapping problems of original VRF have been solved, and then by these mapping relations, just can determine fast the VPN instance that current transmission packet is affiliated.
What deserves to be explained is, the method that the embodiment of the present invention provides, when original PE equipment Publishing local VRF routing iinformation, by MP-BGP extended community attribute, in MP-BGP, increase attribute field, realize the mapping of private network tags and VRF, also just explanation, the implementation procedure of the technical scheme that the present embodiment provides and VPN networking type are irrelevant, support the VPN networking of any networking type, especially PE/ASBR equipment in cross-domain networking and the VPN traffic statistics on P equipment have been solved, simultaneously, irrelevant with the tunnel type of carrying VPN, no matter be to use common MPLS tunnel or MPLS traffic engineering tunnel, by scheme, can both add up the VPN flow of each node in VPN network.
Preferably, the embodiment of the present invention adopts netstream or netflow to gather VPN network equipment flow.By disposing a set of or overlapping VPN flow analysis equipment more, the PE from VPN network, P and ASBR equipment gather data on flows.The data on flows packet packet header gathering comprises the private network tags information of object device identification, object equipment that flow is corresponding, and this VPN flow analysis equipment is preferably flow collection and analyzer.
Another embodiment of the present invention provides a kind of method of setting up the corresponding relation of private network tags and original VRF, the method can be applicable in the following network architecture, as shown in Figure 6, this network architecture comprises: flow collection and analyzer, two AS autonomous systems are respectively AS1 and AS2, wherein, flow volume gathers and analyzer is used for collecting device flow, and analyzes the vpn service under flow.Concrete, at AS1, comprise four PE equipment and four P equipment, concrete, these PE equipment are used respectively PE1, PE3, PE4, ASBR1 represents, P equipment is used respectively P1, P2, P3, P4 represents, wherein, ASBR1 is for communicating with the PE equipment of AS2, PE1 passes through P1, P2 is connected with ASBR1, PE3 passes through P3, P4 is connected with PE4, P1, P2, P3, P4 is orthogonal to arrange, respectively at two adjacent P equipment, communicate, and comprise PE equipment in AS1, P equipment each interior equipment can and flow collection and analyzer between transmit data, so that flow collection and analyzer carry out flow collection.In AS2, comprise equally PE2, PE5, PE6, tetra-PE equipment of ASBR2, P5, P6, P7, tetra-P equipment of P8, wherein, ASBR2 is for being connected with the ASBR1 of AS1, ASBR2 is connected with PE2 by P5, P6, and PE5 is connected with PE6 by P7, P8, and the arranging of the P equipment of arranging in the same AS of four P equipment in this AS2.What deserves to be explained is, a kind of network architecture form of just applying this mapping method that the present embodiment is described, and the embodiment of the present invention does not limit the number of the number of devices in the network architecture and the autonomous system that comprises.
The network architecture of describing in conjunction with above-mentioned Fig. 2, the present embodiment is there to be new CE equipment access on PE1, and the route that this CE equipment is issued to be up distributed to PE2 equipment be that example is described, wherein, original VRF equipment in the corresponding above-described embodiment of PE1, the VRF equipment that ASBR1 is corresponding above-mentioned, the 2nd VRF equipment that ASBR2 is corresponding above-mentioned, as shown in Figure 7, the method comprises:
701, PE1 sends to ASBR1 by the index information of original device sign, original VRF.
Preferably, the index information of this PE1 device identification, original VRF is carried in VRF routing iinformation and is sent.Wherein, in VRF routing iinformation, also comprise: the relevant informations such as the private network tags that current device sign, current device generate and Export-RT.
In conjunction with the description of upper above-described embodiment, in the newly-increased attribute field of the extended community attribute that this original device identifies, original VRF index information is added on MP-BGP.
In this example, current device is designated: PE1, and original device is designated PE1, preferred, and the private network tags that current device generates is L1, and original VRF index information is 10.
What deserves to be explained is, VRF index information is determined when setting up VPN network.
702, ASBR1 receives after VRF routing iinformation, generates the mapping relations table of ASBR1 private network tags and VRF.
Wherein, relation mapping table at least comprises ASBR1 private network tags, next-hop device sign, original device sign, original VRF index information quadrinomial parameter, according to comprising all the other any one or several parameters in this relation mapping table of actual conditions.
What deserves to be explained is, ASBR1 herein generates the mapping relations table of ASBR1 private network tags and VRF, represent the corresponding relation of the index information of the sign of the original PE equipment that the PE1 receiving of ASBR1 storage sends, the private network tags that original PE equipment is corresponding, original VRF.
Description in conjunction with above-mentioned 701, ASBR1 private network tags is herein L1, and next-hop device is designated PE1, and original device is designated PE1, and original VRF index information is 10.For clear, describe, the ASBR1 private network tags that this ASBR1 generates and the mapping relations table of VRF, as shown in table 1 below:
Table 1
| Private network tags | Next-hop device sign | Original?PE | VRF index |
| L1 | PE1 | PE1 | 10 |
What deserves to be explained is, in the mapping relations table of above-mentioned private network tags and VRF, this VRF routing iinformation sends to ASBR1 by PE1, and then when PE1 receives packet, this PE1 is the next-hop device of ASBR1 in route, and the down hop in this table 1 is designated PE1.
Further, because the PE device A SBR2 being connected with ASBR1 belongs to another autonomous system AS2, when ASBR1 sends to ASBR2 by VRF routing iinformation, can generate new private network tags, preferably by L2, represent the private network tags that this is new.
703, ASBR1 is distributed to ASBR2 together by new private network tags L2, current device sign ASBR1, original VRF index information and original device sign PE1.
704, ASBR2 receives after the VRF routing iinformation of ASBR1 transmission, generates the mapping relations table of ASBR2 private network tags and VRF.
Description in conjunction with above-mentioned 702, the ASBR2 private network tags that ASBR2 generates is similar with the content of above-mentioned table 1 loading with the mapping relations table of VRF, and the mapping relations souvenir of ASBR2 generation is table 2, and in this table 2, private network tags is L2, next-hop device is designated ASBR1, as shown in table 2 below:
Table 2
Further, when ASBR2 sends to PE2 by VRF routing iinformation, also can generate new private network tags, preferably by L3, represent the private network tags that this is new.
705, ASBR2 is distributed to PE2 together by new private network tags L3, current device sign ASBR2, original VRF index information and original device sign PE1.
706, PE2 receives after the VRF routing iinformation of ASBR2 transmission, generates the mapping relations table of PE2 private network tags and VRF.
Description in conjunction with above-mentioned 702, the PE2 private network tags that PE2 generates is similar with the content of above-mentioned table 1 loading with the mapping relations table of VRF, and the mapping relations souvenir of PE2 generation is table 3, and in this table 3, private network tags is L3, next-hop device is designated ASBR2, as shown in table 3 below:
Table 3
What deserves to be explained is, above-mentioned 701-706 describes is the transmission of the VRF routing iinformation that carries out between PE1, ASBR1, ASBR2, PE2, certain, PE1 can also and AS1 or AS2 in all the other any one or more PE equipment between communicate, in the VRF of each PE equipment routing table, can retain the private network tags of its object equipment and the mapping relations of original VRF like this.
In addition what deserves to be explained is, the private network tags of the transmission in same AS autonomous system is identical, only when VRF routing iinformation being sent to the ASBR in another AS autonomous system by ASBR, and the new private network tags that just can generate.Such as, in conjunction with the equipment in the present embodiment, describe, because the private network tags of PE1 is L1, when PE1 is by VRF routing iinformation, while sending in AS1 all PE equipment and ASBR1 equipment, its private network tags is L1, but the ASBR1 in AS1 be with another AS autonomous system AS2 in the equipment that communicates of ASBR2, can can generate new private network tags L2 at ASBR1 place, to realize communicating by letter of ASBR1 and ASBR2, when ASBR2 receives the VRF routing iinformation of ASBR1 transmission, can generate new private network tags L3, for with this ASBR2 and AS2 in all the other PE equipment communicate.
Further, the beneficial effect reaching in the process of adding up VPN flow for the more detailed description embodiment of the present invention.With example explanation below, such as, at two VRF:vpna of PE1 deploy and vpnb, on PE2, also dispose two VRF:vpna and vpnb.The scheme of prior art, when being PE classification of equipment private network tags scope, must divide different label range for different PE equipment.Such as, the private network tags scope that PE1 divides is L1-L10, the private network tags scope that PE2 divides is L11-L20, like this, PE1 is when issue VRF routing iinformation, the private network tags that its vpna and vpnb are corresponding can be L1, L2, and PE2 is when issue VRF routing iinformation, and the private network tags that vpna and vpnb are corresponding can be L11, L12.When the route of network changes, or the VRF on PE1 breaks down, and may cause PE1 to redistribute private network tags to the vpna on it and two VRF of vpnb, and the private network tags of distribution is L3, L4.That is to say, the distribution of private network tags can be dynamic, variation.So in the time of need to distributing private network tags scope on a large amount of PE equipment, just need to manually go to safeguard the private network tags information of distributing, further, safeguard private network tags, could realize VPN traffic statistics, that is to say that at statistics VPN flow be to expend great amount of cost, and statistical efficiency be low.
Further, PE2 equipment and CE2 equipment connection because PE1 is connected with CE1, and then according to the VRF routing iinformation of storing in above-mentioned PE1, ASBR1, ASBR2, PE2, can transmit at CE2 packet between CE1.The packet of take is transmitted to CE1 by CE2 and describes as example, the concrete following flow process of i.e. execution.
A, PE2 install to data envelope in MPLS packet by lsp tunnel, and to stamp vpn label be private network tags L3, and outer layer label is L ' 3, then by package forward to ASBR2.
On b, package forward path, there is the P equipment in AS2, P equipment is after receiving packet, the label of analyzing packet, according to outer layer label, searching object equipment is ASBR2, and object device A SBR2 sign and label memory L3 are added to netstream/netflow packet packet header.
C, in conjunction with above-mentioned sending method, this Packet Generation is to CE1 the most at last.
Further, in package forward process, by flow collection and analyzer, carry out flow collection, analysis.Concrete,
D, flow collection and analyzer, as table 1, table 2 and table 3 information, and store information from all PE device synchronization of VPN network.
E, flow collection and analyzer gather flow from VPN network public network equipment (PE, P and ASBR equipment), obtain down hop PE device identification and the private network tags of present flow rate from data on flows.
F, flow collection and analyzer, according to next-hop device sign and private network tags, obtain VRF corresponding to next-hop device and private network tags from above-mentioned e, thereby determine the VPN that current data packet flow belongs to.
A kind of method of setting up private network tags and original VRF corresponding relation that the embodiment of the present invention provides, the private network tags of wherein describing and the corresponding relation of VRF, the method for expressing of this corresponding relation is not limited by network model, can any private network tags of Rapid matching and the corresponding relation of original VRF by the method.And in implementation procedure, in the extended community attribute of MP-BGP, to add new attribute field, not needing people is the distribution of intervening private network tags, on the distribution mechanism of existing label, can not produce any impact, do not need maintenance service transmission path information simultaneously, only by above-mentioned corresponding relation, just can obtain the flow information that each jumps equipment, avoid complicated VPN transmission path computational problem.Utilize in embodiments of the present invention MP-BGP extended attribute ability and to VRF routing iinformation issue mechanism, can not produce any impact to the performance of equipment.
Another embodiment of the present invention provides a kind of device of setting up private network tags and original VRF corresponding relation, and as shown in Figure 8, this device comprises: transmitting element 81, memory cell 82.
Transmitting element 81, for sending private network tags, the device identification of original VRF equipment and the index information of original VRF that original VRF equipment is corresponding to a VRF equipment.
Further, by above-mentioned transmitting element 81, make the corresponding relation of private network tags, the device identification of original VRF equipment and the index information of original VRF that the original VRF equipment of a VRF device storage is corresponding.
Wherein, the corresponding VPN instance of original VRF; Original VRF equipment is the Provider Edge PE equipment of setting up original VRF; The index information of original VRF is for identifying the VPN instance on original VRF equipment.
Optionally, when above-mentioned transmitting element is carried out function, the original VRF equipment and the VRF equipment that relate to belong to same autonomous system AS.
Another embodiment of the present invention provides a kind of device of setting up private network tags and original VRF corresponding relation, and as shown in Figure 9, this device comprises: receiving element 91, memory cell 92.
Receiving element 91, corresponding private network tags, the device identification of original VRF equipment and the index information of original VRF of original VRF equipment sending for receiving original VRF equipment.
Optionally, as shown in figure 10, this device also comprises transmitting element 93.
Transmitting element 93, for sending the device identification of a VRF equipment, private network tags, the device identification of original VRF equipment and the index information of original VRF that a VRF equipment is corresponding to the 2nd VRF equipment, so that the corresponding relation of the device identification of the 2nd VRF device storage the one VRF equipment, private network tags, the device identification of original VRF equipment and the index information of original VRF that a VRF equipment is corresponding.
Another embodiment of the present invention provides a kind of device of definite virtual private network VPN flow, and as shown in figure 11, this device comprises: acquiring unit 11, determining unit 12.
Acquiring unit 11, for obtaining corresponding relation from the second virtual private networks route forwarding table VRF equipment.
Wherein, this corresponding relation is the device identification of a VRF equipment, private network tags, the device identification of original VRF equipment and the index information of original VRF that a VRF equipment is corresponding.
And a VRF equipment is the next-hop device of the 2nd VRF equipment.
Acquiring unit 11, also for obtaining data on flows from the 2nd VRF equipment.
Wherein, data on flows comprises device identification and the private network tags corresponding to a VRF equipment of a VRF equipment; Also, for according to the device identification of a VRF equipment and private network tags corresponding to a VRF equipment, from the corresponding relation obtaining, obtain the device identification of original VRF equipment and the index information of original VRF.
Determining unit 12, determines for the device identification of original VRF equipment and the index information of original VRF that obtain according to acquiring unit 11 VPN instance that data on flows belongs to, so that determine the flow of VPN.
Wherein, the corresponding VPN instance of original VRF; Original VRF equipment is the Provider Edge PE equipment of setting up original VRF; The index information of original VRF is for identifying the VPN instance on original VRF equipment.
Another embodiment of the present invention also provides a kind of system of setting up private network tags and original VRF corresponding relation, and this system comprises above-mentioned as the devices of setting up private network tags and original VRF corresponding relation of Fig. 8,9 descriptions and as the device of definite virtual private network VPN flow of Figure 11 description.
Another embodiment of the present invention provides a kind of device of setting up private network tags and original VRF corresponding relation, and as shown in figure 12, this device comprises reflector 01, memory 02, and reflector 01 is connected, is communicated by letter by bus with memory 02.
Further, by above-mentioned transmitting element 01, make the corresponding relation of private network tags, the device identification of original VRF equipment and the index information of original VRF that the original VRF equipment of a VRF device storage is corresponding.
Wherein, the corresponding VPN instance of original VRF; Original VRF equipment is the Provider Edge PE equipment of setting up original VRF; The index information of original VRF is for identifying the VPN instance on original VRF equipment.
Optionally, when above-mentioned transmitting element is carried out function, the original VRF equipment and the VRF equipment that relate to belong to same autonomous system AS.
Another embodiment of the present invention provides a kind of device of setting up private network tags and original VRF corresponding relation, and as shown in figure 13, this device comprises: receiver 1301, memory 1302.
Optionally, as shown in figure 14, this device also comprises reflector 1303.
Another embodiment of the present invention provides a kind of device of definite virtual private network VPN flow, and as shown in figure 15, this device comprises: processor 1501, memory 1502.
Wherein, this corresponding relation is the device identification of a VRF equipment, private network tags, the device identification of original VRF equipment and the index information of original VRF that a VRF equipment is corresponding.
And a VRF equipment is the next-hop device of the 2nd VRF equipment.
Wherein, data on flows comprises device identification and the private network tags corresponding to a VRF equipment of a VRF equipment; Also, for according to the device identification of a VRF equipment and private network tags corresponding to a VRF equipment, from the corresponding relation obtaining, obtain the device identification of original VRF equipment and the index information of original VRF.
Wherein, the corresponding VPN instance of original VRF; Original VRF equipment is the Provider Edge PE equipment of setting up original VRF; The index information of original VRF is for identifying the VPN instance on original VRF equipment.
Through the above description of the embodiments, those skilled in the art can be well understood to the mode that the present invention can add essential common hardware by software and realize, and can certainly pass through hardware, but in a lot of situation, the former is better execution mode.Understanding based on such, the part that technical scheme of the present invention contributes to prior art in essence in other words can embody with the form of software product, this computer software product is stored in the storage medium can read, as the floppy disk of computer, hard disk or CD etc., comprise some instructions with so that computer equipment (can be personal computer, server, or the network equipment etc.) carry out the method described in each embodiment of the present invention.
The above; be only the specific embodiment of the present invention, but protection scope of the present invention is not limited to this, is anyly familiar with those skilled in the art in the technical scope that the present invention discloses; can expect easily changing or replacing, within all should being encompassed in protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of described claim.
Claims (15)
1. a system of setting up private network tags and original VRF corresponding relation, is characterized in that, comprising:
The first virtual private networks route forwarding table VRF equipment, for sending the device identification of a described VRF equipment, private network tags, the device identification of original VRF equipment and the index information of original VRF that a described VRF equipment is corresponding to the 2nd VRF equipment;
Described the 2nd VRF equipment, for receiving the described device identification of the described VRF equipment that a described VRF equipment sends, described private network tags, the described device identification of described original VRF equipment and the described index information of described original VRF that a described VRF equipment is corresponding, and store the described device identification of the described VRF equipment that a described VRF equipment sends, the corresponding relation of described private network tags, the described device identification of described original VRF equipment and the described index information of described original VRF that a described VRF equipment is corresponding;
Wherein, the VPN instance of the corresponding virtual private network VPN of described original VRF; Described original VRF equipment is the Provider Edge PE equipment of setting up described original VRF; The index information of described original VRF is for identifying the VPN instance on described original VRF equipment.
2. system according to claim 1, is characterized in that, described system also comprises described original VRF equipment;
Described original VRF equipment, for sending corresponding private network tags, the described device identification of described original VRF equipment and the described index information of described original VRF of described original VRF equipment to a described VRF equipment;
A described VRF equipment, corresponding described private network tags, the described device identification of described original VRF equipment and the described index information of described original VRF of described original VRF equipment also sending for receiving described original VRF equipment, and store the corresponding relation of described private network tags, the described device identification of described original VRF equipment and the described index information of described original VRF that described original VRF equipment is corresponding.
3. system according to claim 1, is characterized in that, described system also comprises:
VPN flow analysis equipment, for obtaining the described device identification of a described VRF equipment of described the 2nd VRF device storage, the described corresponding relation of described private network tags, the described device identification of described original VRF equipment and the described index information of described original VRF that a described VRF equipment is corresponding;
From described the 2nd VRF equipment, gather data on flows, described data on flows comprises described device identification and the described private network tags corresponding to a described VRF equipment of a described VRF equipment;
According to the described device identification of a described VRF equipment and described private network tags corresponding to a described VRF equipment, from the described corresponding relation obtaining, obtain the described device identification of described original VRF equipment and the described index information of described original VRF;
According to the described index information of the described device identification of described original VRF equipment and described original VRF, determine the VPN instance of described data on flows ownership, so that determine the flow of described VPN.
4. according to the system described in claim 1-3 any one, it is characterized in that, a described VRF equipment and described the 2nd VRF equipment belong to different autonomous system AS.
5. according to the system described in claim 1-3 any one, it is characterized in that,
A described VRF equipment adds the described index information of the described device identification of described original VRF equipment and described original VRF in MP-BGP MP-BGP extended community attribute to, by described MP-BGP agreement, to described the 2nd VRF equipment, sends the described device identification of described original VRF equipment and the described index information of described original VRF.
6. a method of setting up private network tags and original VRF corresponding relation, is characterized in that, comprising:
Original virtual private networks route forwarding table VRF equipment sends corresponding private network tags, the device identification of described original VRF equipment and the index information of described original VRF of described original VRF equipment to a VRF equipment, so that the corresponding relation of the described private network tags that described in a described VRF device storage, original VRF equipment is corresponding, the described device identification of described original VRF equipment and the described index information of described original VRF;
Wherein, the VPN instance of the corresponding virtual private network VPN of described original VRF; Described original VRF equipment is the Provider Edge PE equipment of setting up described original VRF; The index information of described original VRF is for identifying the VPN instance on described original VRF equipment.
7. method according to claim 6, is characterized in that, described original VRF equipment and a described VRF equipment belong to same autonomous system AS.
8. a method of setting up private network tags and original VRF corresponding relation, is characterized in that, comprising:
The first virtual private networks route forwarding table VRF equipment receives corresponding private network tags, the device identification of described original VRF equipment and the index information of described original VRF of described original VRF equipment that original VRF equipment sends;
The corresponding relation of the described private network tags that described in a described VRF device storage, original VRF equipment is corresponding, the described device identification of described original VRF equipment and the described index information of described original VRF.
9. method according to claim 8, is characterized in that, also comprises:
To the 2nd VRF equipment, send the device identification of a described VRF equipment, private network tags, the described device identification of described original VRF equipment and the described index information of described original VRF that a described VRF equipment is corresponding, so that the corresponding relation of the described device identification of a VRF equipment described in described the 2nd VRF device storage, described private network tags, the described device identification of described original VRF equipment and the described index information of described original VRF that a described VRF equipment is corresponding.
10. a method for definite virtual private network VPN flow, is characterized in that,
From the second virtual private networks route forwarding table VRF equipment, obtain corresponding relation, described corresponding relation is the device identification of a VRF equipment, private network tags, the device identification of original VRF equipment and the index information of original VRF that a described VRF equipment is corresponding, wherein, a described VRF equipment is the next-hop device of described the 2nd VRF equipment;
From described the 2nd VRF equipment, obtain data on flows, described data on flows comprises described device identification and the described private network tags corresponding to a described VRF equipment of a described VRF equipment;
According to the described device identification of a described VRF equipment and described private network tags corresponding to a described VRF equipment, from the described corresponding relation obtaining, obtain the described device identification of described original VRF equipment and the described index information of described original VRF;
According to the described index information of the described device identification of described original VRF equipment and described original VRF, determine the VPN instance of described data on flows ownership, so that determine the flow of described VPN;
Wherein, the VPN instance of the corresponding virtual private network VPN of described original VRF; Described original VRF equipment is the Provider Edge PE equipment of setting up described original VRF; The index information of described original VRF is for identifying the VPN instance on described original VRF equipment.
11. 1 kinds of devices of setting up private network tags and original VRF corresponding relation, is characterized in that, described device comprises:
Transmitting element, for sending corresponding private network tags, the device identification of described original VRF equipment and the index information of described original VRF of described original VRF equipment to a VRF equipment, so that the corresponding relation of the described private network tags that described in a described VRF device storage, original VRF equipment is corresponding, the described device identification of described original VRF equipment and the described index information of described original VRF;
Memory cell, for storing private network tags, the device identification of described original VRF equipment and the index information of described original VRF that described original VRF equipment is corresponding;
Wherein, the VPN instance of the corresponding virtual private network VPN of described original VRF; Described original VRF equipment is the Provider Edge PE equipment of setting up described original VRF; The index information of described original VRF is for identifying the VPN instance on described original VRF equipment.
12. devices according to claim 11, is characterized in that, described original VRF equipment and a described VRF equipment belong to same autonomous system AS.
13. 1 kinds of devices of setting up private network tags and original VRF corresponding relation, is characterized in that, described device comprises:
Receiving element, corresponding private network tags, the device identification of described original VRF equipment and the index information of described original VRF of described original VRF equipment sending for receiving original VRF equipment;
Memory cell, for storing the corresponding relation of described private network tags, the described device identification of described original VRF equipment and the described index information of described original VRF that described original VRF equipment is corresponding.
14. devices according to claim 13, is characterized in that, described device also comprises:
Transmitting element, for sending the device identification of a described VRF equipment, private network tags, the described device identification of described original VRF equipment and the described index information of described original VRF that a described VRF equipment is corresponding to the 2nd VRF equipment, so that the corresponding relation of the described device identification of a VRF equipment described in described the 2nd VRF device storage, described private network tags, the described device identification of described original VRF equipment and the described index information of described original VRF that a described VRF equipment is corresponding.
The device of 15. 1 kinds of definite virtual private network VPN flows, is characterized in that, described device comprises:
Acquiring unit, for obtaining corresponding relation from the second virtual private networks route forwarding table VRF equipment;
Described corresponding relation is the device identification of a VRF equipment, private network tags, the device identification of original VRF equipment and the index information of original VRF that a described VRF equipment is corresponding, wherein, a described VRF equipment is the next-hop device of described the 2nd VRF equipment;
Described acquiring unit, also for obtaining data on flows from described the 2nd VRF equipment, described data on flows comprises described device identification and the described private network tags corresponding to a described VRF equipment of a described VRF equipment; Also, for according to the described device identification of a described VRF equipment and described private network tags corresponding to a described VRF equipment, from the described corresponding relation obtaining, obtain the described device identification of described original VRF equipment and the described index information of described original VRF;
Determining unit, determines the VPN instance of described data on flows ownership for the described device identification of described original VRF equipment and the described index information of described original VRF that obtain according to described acquiring unit, so that determine the flow of described VPN;
Wherein, the VPN instance of the corresponding virtual private network VPN of described original VRF; Described original VRF equipment is the Provider Edge PE equipment of setting up described original VRF; The index information of described original VRF is for identifying the VPN instance on described original VRF equipment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310753846.8A CN103746914B (en) | 2013-12-31 | 2013-12-31 | Set up method, the apparatus and system of private network tags and original VRF corresponding relations |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310753846.8A CN103746914B (en) | 2013-12-31 | 2013-12-31 | Set up method, the apparatus and system of private network tags and original VRF corresponding relations |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103746914A true CN103746914A (en) | 2014-04-23 |
| CN103746914B CN103746914B (en) | 2017-08-18 |
Family
ID=50503905
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310753846.8A Active CN103746914B (en) | 2013-12-31 | 2013-12-31 | Set up method, the apparatus and system of private network tags and original VRF corresponding relations |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103746914B (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104734981A (en) * | 2015-04-11 | 2015-06-24 | 广州咨元信息科技有限公司 | Device interconnectional relation-based method of precisely recognizing service traffic of MPLS VPN (multi-protocol label switching virtual private network) |
| CN105939262A (en) * | 2016-05-09 | 2016-09-14 | 杭州迪普科技有限公司 | Label allocation method and device |
| CN106470143A (en) * | 2016-08-26 | 2017-03-01 | 杭州迪普科技股份有限公司 | A kind of method and apparatus of MPLS VPN traffic filtering |
| WO2017054580A1 (en) * | 2015-09-28 | 2017-04-06 | 中兴通讯股份有限公司 | Method of acquiring data traffic data and device utilizing same |
| CN108429646A (en) * | 2018-03-07 | 2018-08-21 | 广州西麦科技股份有限公司 | A kind of method and device of optimization Ipsec VPN |
| CN110703817A (en) * | 2016-03-29 | 2020-01-17 | 华为技术有限公司 | Control method, device and system for statistical flow |
| CN111131041A (en) * | 2019-11-28 | 2020-05-08 | 中盈优创资讯科技有限公司 | VPN flow obtaining method and device based on NetFlow and BGP |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101605069B (en) * | 2009-06-30 | 2011-06-08 | 杭州华三通信技术有限公司 | Method and device for acquiring stream information |
| CN103259724B (en) * | 2012-02-15 | 2017-12-29 | 中兴通讯股份有限公司 | A kind of MPLS VPN implementation method, system and customer edge devices |
-
2013
- 2013-12-31 CN CN201310753846.8A patent/CN103746914B/en active Active
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104734981A (en) * | 2015-04-11 | 2015-06-24 | 广州咨元信息科技有限公司 | Device interconnectional relation-based method of precisely recognizing service traffic of MPLS VPN (multi-protocol label switching virtual private network) |
| CN104734981B (en) * | 2015-04-11 | 2017-10-27 | 广州咨元信息科技有限公司 | A kind of method that MPLS VPN service traffics are accurately recognized based on equipment interconnecting relation |
| WO2017054580A1 (en) * | 2015-09-28 | 2017-04-06 | 中兴通讯股份有限公司 | Method of acquiring data traffic data and device utilizing same |
| CN110703817A (en) * | 2016-03-29 | 2020-01-17 | 华为技术有限公司 | Control method, device and system for statistical flow |
| CN110703817B (en) * | 2016-03-29 | 2022-04-05 | 华为技术有限公司 | Control method, device and system for statistical flow |
| US11381480B2 (en) | 2016-03-29 | 2022-07-05 | Huawei Technologies Co., Ltd. | Control method, apparatus, and system for collecting traffic statistics |
| US11716262B2 (en) | 2016-03-29 | 2023-08-01 | Huawei Technologies Co., Ltd. | Control method, apparatus, and system for collecting traffic statistics |
| CN105939262A (en) * | 2016-05-09 | 2016-09-14 | 杭州迪普科技有限公司 | Label allocation method and device |
| CN106470143A (en) * | 2016-08-26 | 2017-03-01 | 杭州迪普科技股份有限公司 | A kind of method and apparatus of MPLS VPN traffic filtering |
| CN108429646A (en) * | 2018-03-07 | 2018-08-21 | 广州西麦科技股份有限公司 | A kind of method and device of optimization Ipsec VPN |
| CN111131041A (en) * | 2019-11-28 | 2020-05-08 | 中盈优创资讯科技有限公司 | VPN flow obtaining method and device based on NetFlow and BGP |
| CN111131041B (en) * | 2019-11-28 | 2022-05-17 | 中盈优创资讯科技有限公司 | VPN flow obtaining method and device based on NetFlow and BGP |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103746914B (en) | 2017-08-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103746914A (en) | Method, device and system for building corresponding relationship between private network label and primary VRF (VPN (virtual private network) routing and forwarding table) | |
| CN103748835B (en) | The dynamic renewal of label switched path | |
| CN103703722B (en) | The method and apparatus of fault detection conversation of booting on P2MP tunnels | |
| CN100596107C (en) | Packet forwarding method and border router of autonomous system | |
| CN107040462A (en) | Method for routing and intermediate router | |
| CN107222449A (en) | Communication means, equipment and system based on the regular agreement of stream | |
| CN100473040C (en) | VPN realizing method | |
| CN104954367A (en) | Internet omnidirectional cross-domain DDoS (distributed denial of service) attack defense method | |
| EP2214352A1 (en) | Layer two virtual private network cross-domain implementation (l2vpn) method, system and device | |
| CN102413060B (en) | User private line communication method and equipment used in VPLS (Virtual Private LAN (Local Area Network) Service) network | |
| CN103326915A (en) | Method, device and system for achieving three-layer VPN | |
| CN110868352B (en) | Private network application identification system and method, SDN controller and P device | |
| CN105594167A (en) | Method, controller, forwarding device, and network system for forwarding packets | |
| CN101631089B (en) | Flow calculating method, flow calculating device and flow calculating system based on private network VPN | |
| CN101667970A (en) | Protection switching method and equipment thereof | |
| CN107370673A (en) | Method, controller and the system of forward-path are established in a kind of network | |
| CN103326940A (en) | Method for forwarding message in network and edge device of operator | |
| CN108141392A (en) | The method and apparatus that pseudowire load is shared | |
| CN101471880B (en) | Method, system and routing device for processing data | |
| CN109639577A (en) | A kind of wide area network bandwidth stage division, apparatus and system | |
| CN100493022C (en) | Method for securing service quality in skeletal network of two-stage virtual special network | |
| CN101707554B (en) | Method and device for obtaining flow distribution of network | |
| CN102394804A (en) | VPN system building method and VPN system | |
| CN101729422B (en) | Method and device for realizing QoS (Quality of Service) by utilizing BGP (Border Gateway Protocol) | |
| CN101605087B (en) | Flow information extraction method, device and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |