CN103746914B - Set up method, the apparatus and system of private network tags and original VRF corresponding relations - Google Patents

Set up method, the apparatus and system of private network tags and original VRF corresponding relations Download PDF

Info

Publication number
CN103746914B
CN103746914B CN201310753846.8A CN201310753846A CN103746914B CN 103746914 B CN103746914 B CN 103746914B CN 201310753846 A CN201310753846 A CN 201310753846A CN 103746914 B CN103746914 B CN 103746914B
Authority
CN
China
Prior art keywords
vrf
original
equipment
vrf equipment
private network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201310753846.8A
Other languages
Chinese (zh)
Other versions
CN103746914A (en
Inventor
王丙胜
丁振群
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN201310753846.8A priority Critical patent/CN103746914B/en
Publication of CN103746914A publication Critical patent/CN103746914A/en
Application granted granted Critical
Publication of CN103746914B publication Critical patent/CN103746914B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a kind of method for setting up private network tags with original VRF corresponding relations, apparatus and system, it is related to communication technical field, the maintenance efficiency of private network tags is improved to a certain extent.The specific embodiment of the present invention includes:First VRF equipment sends the device identification of the first VRF equipment, the corresponding private network tags of the first VRF equipment, the device identification of original VRF equipment and original VRF index information to the 2nd VRF equipment;2nd VRF equipment stores these information and its corresponding relation.Further, VPN flow analysis equipments obtain this corresponding relation, and data on flows can be gathered from the 2nd VRF equipment, and then the device identification and the original VRF index information of the original VRF equipment obtained according to the data on flows, so that it is determined that the VPN instance of data on flows ownership, in order to determine the flow of the VPN.Technical solution of the present invention is mainly used in VPN traffic statistics flows.

Description

Set up method, the apparatus and system of private network tags and original VRF corresponding relations
Technical field
Private network tags and original VRF are set up the present invention relates to communication technical field, more particularly to one kind(VPN Routing And Forwarding Table, VPN route forwarding tables)The method of corresponding relation, apparatus and system.
Background technology
At present, in order to which the O&M for improving network is safe, by disposing MPLS(Multiprotocol Label Switch, Multiprotocol label switching)VPN(Virtual Private Network, virtual private networks)To control access, the carrying of user Different business.Wherein, MPLS VPN are the IP-VPN based on MPLS technology, are a kind of L3VPN(Layer3Virtual Private Network, 3 layers of VPN), it uses BGP(Border Gateway Protocol, Border Gateway Protocol)In service Provider's backbone's Web realease VPN routes, VPN messages are forwarded using MPLS on service provider backbone.Such as, packet PE1 in a network(Provider Edge, Provider Edge)When being transmitted between equipment and PE2 equipment, first, PE1 is set It is standby that the VRF of deployment is advertised to other PE/ASBR (Autonomous System Boundary Router, autonomous system side Boundary's router) equipment is PE2 equipment, the PE2 equipment being advertised records the VRF of PE1 equipment, further, packet by When PE2 equipment is transferred to PE1 equipment, PE2 equipment can just be led to packet using the VRF to PE1 equipment of its record Cross MPLS network and be transferred to PE1 equipment.
Because MPLS VPN networkings are complicated, the vpn service carried in network is also varied.With reference to above-mentioned existing realization The mapping relations of VRF and private network tags in the description of scheme, network-wide basis in each PE equipment are unique, wherein, VRF is One VPN instance of PE its upper sides administration, such as, when the PE equipment can dispose two kinds of vpn services of voice and video, so that it may It is respectively used to represent two kinds of business of voice and video to configure VRF1, VRF2 on the PE, and then PE equipment ties up the two VRF It is scheduled under interface, then the PE equipment can pass through interface CE(Customer Edge, customer edges)The issue of equipment The routing iinformation received is converted into VPN routes and is stored in corresponding VRF by routing iinformation, further, PE equipment, and By the VPN route be distributed to opposite end PE equipment, due to these VPN route be all it is privately owned, corresponding with private network tags, thus It ensure that the VRF with correlation can learn the route to opposite end PE equipment, and be possible to mutually study to opposite end road By VRF instance regard as and belong to a VPN.Further, can when PE equipment delivers a packet to purpose PE equipment To obtain private network tags and purpose PE device identifications from the heading of packet, according to these information with regard to private network tags can be known With the IP of purpose PE equipment, and then the VPN instance that the packet is belonged to is determined(Namely vpn service), so that it is determined that vpn service Flow, but be due to that the corresponding private network tags of VRF can change under cross-domain scene, so when counting the operation such as flow, Need to distribute private network tags scope in substantial amounts of PE equipment, this is accomplished by manually going to safeguard the private network tags information distributed, and leads Cause private network tags maintenance of information efficiency low, be also unfavorable for the operation such as follow-up traffic statistics.
The content of the invention
Set up private network tags and the method for original VRF corresponding relations, device The embodiment provides a kind of and be System, the maintenance efficiency to improve private network tags to a certain extent.To reach above-mentioned purpose, embodiments of the invention are using as follows Technical scheme:
First aspect there is provided a kind of system for setting up private network tags and original VRF corresponding relations, including:
First virtual private networks route forwarding table VRF equipment, sets for sending the first VRF to the 2nd VRF equipment Standby device identification, the corresponding private network tags of the first VRF equipment, the device identification of original VRF equipment and original VRF Index information;
The 2nd VRF equipment, sets for receiving described in the first VRF equipment that the first VRF equipment is sent Standby mark, the corresponding private network tags of the first VRF equipment, the device identification of the original VRF equipment and institute The original VRF index information is stated, and stores the equipment for the first VRF equipment that the first VRF equipment is sent Mark, the corresponding private network tags of the first VRF equipment, the device identification of the original VRF equipment and described The corresponding relation of the original VRF index information;
Wherein, the VPN instance of the original VRF correspondences virtual private network VPN;The original VRF equipment is sets up State original VRF Provider Edge PE equipment;The index information of the original VRF is used to identify in the original VRF equipment VPN instance.
In the first possible implementation of first aspect, the system also includes the original VRF equipment;
The original VRF equipment, for sending the corresponding private network mark of the original VRF equipment to the first VRF equipment The index information of label, the device identification of the original VRF equipment and the original VRF;
The first VRF equipment, the original VRF equipment for being additionally operable to receive the original VRF equipment transmission is corresponding The index information of the private network tags, the device identification of the original VRF equipment and the original VRF, and deposit Store up the corresponding private network tags of the original VRF equipment, the device identification of the original VRF equipment and described original The corresponding relation of the VRF index information.
In second of possible real mode of first aspect, the system also includes:
VPN flow analysis equipments, set for obtaining described in the first VRF equipment of the 2nd VRF equipment storage Standby mark, the corresponding private network tags of the first VRF equipment, the device identification of the original VRF equipment and institute State the corresponding relation of the original VRF index information;
Data on flows is gathered from the 2nd VRF equipment, the data on flows includes the institute of the first VRF equipment State device identification and the corresponding private network tags of the first VRF equipment;
According to the device identification of the first VRF equipment and the corresponding private network tags of the first VRF equipment, The device identification of the original VRF equipment and the rope of the original VRF are obtained from the corresponding relation of acquisition Fuse ceases;
Institute is determined according to the index information of the device identification of the original VRF equipment and the original VRF The VPN instance of data on flows ownership is stated, in order to determine the flow of the VPN.
Second with reference to the first possible implementation or first aspect of first aspect or first aspect may realization Any one or a few in mode, in the third possible implementation of first aspect, the first VRF equipment and described 2nd VRF equipment belongs to different autonomous system AS.
Second with reference to the first possible implementation or first aspect of first aspect or first aspect may realization Any one or a few in mode, in the 4th kind of possible implementation of first aspect, the first VRF equipment will be described The device identification of original VRF equipment and the original VRF index information are added to MP-BGP In MP-BGP extended community attributes, the original VRF equipment is sent to the 2nd VRF equipment by the MP-BGP agreements The device identification and the index information of the original VRF.
Second aspect there is provided a kind of method for setting up private network tags and original VRF corresponding relations, including:
Original virtual private network route forwarding table VRF equipment sends the original VRF equipment correspondence to the first VRF equipment Private network tags, the device identification of the original VRF equipment and the original VRF index information, in order to described first The corresponding private network tags of the VRF equipment storage original VRF equipment, the original VRF equipment the device identification with And the corresponding relation of the index information of the original VRF;
Wherein, the VPN instance of the original VRF correspondences virtual private network VPN;The original VRF equipment is sets up State original VRF Provider Edge PE equipment;The index information of the original VRF is used to identify in the original VRF equipment VPN instance.
In the first possible implementation of second aspect, the original VRF equipment and the first VRF equipment belong to Same autonomous system AS.
The third aspect there is provided a kind of method for setting up private network tags and original VRF corresponding relations, including:
First virtual private networks route forwarding table VRF equipment receives the original VRF equipment that original VRF equipment is sent The index information of corresponding private network tags, the device identification of the original VRF equipment and the original VRF;
The first VRF equipment stores the corresponding private network tags of the original VRF equipment, the original VRF equipment The device identification and the original VRF the index information corresponding relation.
In the first possible implementation of the third aspect, in addition to:
Device identification, the corresponding private network of the first VRF equipment of the first VRF equipment are sent to the 2nd VRF equipment The index information of label, the device identification of the original VRF equipment and the original VRF, in order to described Two VRF equipment store the device identification of the first VRF equipment, the corresponding private network tags of the first VRF equipment, The device identification of the original VRF equipment and the corresponding relation of the index information of the original VRF.
Fourth aspect there is provided it is a kind of determine virtual private network VPN flow method, including:
Corresponding relation is obtained from the second virtual private networks route forwarding table VRF equipment, the corresponding relation is first The device identification of VRF equipment, the corresponding private network tags of the first VRF equipment, the device identification of original VRF equipment and original VRF index information, wherein, the first VRF equipment is the next-hop device of the 2nd VRF equipment;
Data on flows is obtained from the 2nd VRF equipment, the data on flows includes the described of the first VRF equipment Device identification and the corresponding private network tags of the first VRF equipment;
According to the device identification of the first VRF equipment and the corresponding private network tags of the first VRF equipment, The device identification of the original VRF equipment and the rope of the original VRF are obtained from the corresponding relation of acquisition Fuse ceases;
Institute is determined according to the index information of the device identification of the original VRF equipment and the original VRF The VPN instance of data on flows ownership is stated, in order to determine the flow of the VPN;
Wherein, the VPN instance of the original VRF correspondences virtual private network VPN;The original VRF equipment is sets up State original VRF Provider Edge PE equipment;The index information of the original VRF is used to identify in the original VRF equipment VPN instance.
5th aspect is there is provided a kind of device for setting up private network tags and original VRF corresponding relations, and described device includes:
Transmitting element, for sending the corresponding private network tags of the original VRF equipment to the first VRF equipment, described original The device identification of VRF equipment and the index information of the original VRF, in order to which the first VRF equipment stores described original The corresponding private network tags of VRF equipment, the device identification of the original VRF equipment and the original VRF it is described The corresponding relation of index information;
Memory cell, for storing the corresponding private network tags of the original VRF equipment, the equipment of the original VRF equipment The index information of mark and the original VRF;
Wherein, the VPN instance of the original VRF correspondences virtual private network VPN;The original VRF equipment is sets up State original VRF Provider Edge PE equipment;The index information of the original VRF is used to identify in the original VRF equipment VPN instance.
In the first possible implementation of the 5th aspect, the original VRF equipment and the first VRF equipment belong to Same autonomous system AS.
6th aspect is there is provided a kind of device for setting up private network tags and original VRF corresponding relations, and described device includes:
Receiving unit, for the corresponding private network tags of the original VRF equipment, described for receiving that original VRF equipment sends The device identification of original VRF equipment and the index information of the original VRF;
Memory cell, for storing the original VRF equipment corresponding private network tags, the original VRF equipment The corresponding relation of the device identification and the original VRF index information.
In the first possible implementation of the 6th aspect, described device also includes:
Transmitting element, sets for sending the device identification of the first VRF equipment, the first VRF to the 2nd VRF equipment The index information of standby corresponding private network tags, the device identification of the original VRF equipment and the original VRF, In order to the 2nd VRF equipment, to store the device identification of the first VRF equipment, the first VRF equipment corresponding The correspondence of the index information of the private network tags, the device identification of the original VRF equipment and the original VRF Relation.
7th aspect includes there is provided a kind of device for determining virtual private network VPN flow, described device:
Acquiring unit, for obtaining corresponding relation from the second virtual private networks route forwarding table VRF equipment;
The corresponding relation is the device identification of the first VRF equipment, the corresponding private network tags of the first VRF equipment, original The device identification of beginning VRF equipment and original VRF index information, wherein, the first VRF equipment is that the 2nd VRF is set Standby next-hop device;
The acquiring unit, is additionally operable to obtain data on flows from the 2nd VRF equipment, the data on flows includes institute State the device identification and the corresponding private network tags of the first VRF equipment of the first VRF equipment;It is additionally operable to according to described The device identification of first VRF equipment and the corresponding private network tags of the first VRF equipment, from the correspondence of acquisition The device identification of the original VRF equipment and the index information of the original VRF are obtained in relation;
Determining unit, for the device identification of the original VRF equipment that is obtained according to the acquiring unit and The index information of the original VRF determines the VPN instance of the data on flows ownership, in order to determine the stream of the VPN Amount;
Wherein, the VPN instance of the original VRF correspondences virtual private network VPN;The original VRF equipment is sets up State original VRF Provider Edge PE equipment;The index information of the original VRF is used to identify in the original VRF equipment VPN instance.
It can be seen that, a kind of method for setting up private network tags and original VRF corresponding relations provided in an embodiment of the present invention, device and System, the first VRF equipment sends the device identification of the first VRF equipment, the corresponding private of the first VRF equipment to the 2nd VRF equipment The index information of network mark label, the device identification of original VRF equipment and original VRF;2nd VRF equipment store these information and its Corresponding relation.Relative in the prior art, when counting the operation such as flow, it is necessary to go to safeguard distribution private network mark by a large amount of manpowers Information is signed, the maintenance efficiency of private network tags information can be caused low, and the technical scheme that the present invention is provided sets up private there is provided one kind The method of network mark label and original VRF corresponding relation, improves the maintenance efficiency of private network tags to a certain extent.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing There is the accompanying drawing used required in technology description to be briefly described, it should be apparent that, drawings in the following description are only this Some embodiments of invention, for those of ordinary skill in the art, on the premise of not paying creative work, can be with Other accompanying drawings are obtained according to these accompanying drawings.
A kind of composition for setting up private network tags and original VRF corresponding relations system that Fig. 1 provides for one embodiment of the invention Schematic diagram;
Another private network tags and the original VRF corresponding relations system set up that Fig. 2 provides for another embodiment of the present invention Composition schematic diagram;
A kind of method stream for setting up private network tags and original VRF corresponding relations that Fig. 3 provides for another embodiment of the present invention Cheng Tu;
Another method for setting up private network tags and original VRF corresponding relations that Fig. 4 provides for another embodiment of the present invention Flow chart;
A kind of method flow diagram for determination virtual private network VPN flow that Fig. 5 provides for another embodiment of the present invention;
A kind of network for setting up private network tags and original VRF corresponding relation that Fig. 6 provides for another embodiment of the present invention The composition schematic diagram of framework;
Set up in a kind of network architecture in above-mentioned Fig. 6 that Fig. 7 provides for another embodiment of the present invention private network tags with The method flow diagram of original VRF corresponding relation;
A kind of group for setting up private network tags and original VRF corresponding relations device that Fig. 8 provides for another embodiment of the present invention Into schematic diagram;
Another private network tags and the original VRF corresponding relations device set up that Fig. 9 provides for another embodiment of the present invention Composition schematic diagram;
Another private network tags and the original VRF corresponding relations device set up that Figure 10 provides for another embodiment of the present invention Composition schematic diagram;
A kind of composition of the device for determination virtual private network VPN flow that Figure 11 provides for another embodiment of the present invention shows It is intended to;
Another private network tags and the original VRF corresponding relations device set up that Figure 12 provides for another embodiment of the present invention Composition schematic diagram;
Another private network tags and the original VRF corresponding relations device set up that Figure 13 provides for another embodiment of the present invention Composition schematic diagram;
Another private network tags and the original VRF corresponding relations device set up that Figure 14 provides for another embodiment of the present invention Composition schematic diagram;
A kind of composition of the device for determination virtual private network VPN flow that Figure 15 provides for another embodiment of the present invention shows It is intended to.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete Site preparation is described, it is clear that described embodiment is only a part of embodiment of the invention, rather than whole embodiments.It is based on Embodiment in the present invention, it is every other that those of ordinary skill in the art are obtained under the premise of creative work is not made Embodiment, belongs to the scope of protection of the invention.
One embodiment of the invention provides a kind of system for setting up private network tags and original VRF corresponding relations, such as Fig. 1 institutes Show, the system includes:First VRF equipment 01, the 2nd VRF equipment 02.
First VRF equipment 01, sets for sending the device identification of the first VRF equipment, the first VRF to the 2nd VRF equipment 02 The index information of standby corresponding private network tags, the device identification of original VRF equipment and original VRF.
2nd VRF equipment 02, the device identification of the first VRF equipment for receiving the transmission of the first VRF equipment 01, first The index information of the corresponding private network tags of VRF equipment, the device identification of original VRF equipment and original VRF, and store this first The device identification of the first VRF equipment that VRF equipment is sent, the corresponding private network tags of the first VRF equipment, original VRF equipment are set The corresponding relation of standby mark and original VRF index information.
What deserves to be explained is, original VRF correspondences VPN instance;Original VRF equipment is to set up original VRF Provider Edge PE equipment;Original VRF index information is used to identify the VPN instance in original VRF equipment.
Optionally, as shown in Fig. 2 the system also includes:Original VRF equipment 03, VPN flow analysis equipments 04.
Original VRF equipment 03, for sending the corresponding private network tags of original VRF equipment to the first VRF equipment 01, original The device identification of VRF equipment and original VRF index information.
First VRF equipment 01, be additionally operable to receive corresponding private network tags of original VRF equipment that original VRF equipment 03 sends, The device identification of original VRF equipment and original VRF index information, and store the corresponding private network tags of the original VRF equipment, The device identification of original VRF equipment and the corresponding relation of original VRF index information.
Further,
VPN flow analysis equipments 04, the device identification of the first VRF equipment for obtaining the storage of the 2nd VRF equipment 02, the The corresponding relation of the index information of the corresponding private network tags of one VRF equipment, the device identification of original VRF equipment and original VRF.
And the VPN flow analysis equipments 04, it is additionally operable to gather data on flows from the 2nd VRF equipment 02.
Wherein, the data on flows includes device identification and the corresponding private network mark of the first VRF equipment of the first VRF equipment Label.
Further, the VPN flow analysis equipments 04, are additionally operable to the device identification according to the first VRF equipment and the first VRF The corresponding private network tags of equipment, obtain the device identification of original VRF equipment and original VRF index from the corresponding relation of acquisition Information.And then device identification according to the original VRF equipment and original VRF index information determine data on flows ownership VPN instance, in order to determine VPN flow.
What deserves to be explained is, the first above-mentioned VRF equipment 01 belongs to different self-control system AS from the 2nd VRF equipment 02 (Autonomous System);The original VRF equipment 01 of VRF equipment 03 and the first belongs to same AS.
In addition what deserves to be explained is, the above-mentioned also included VPN flow analysis equipments 04 of this system as shown in Figure 2, also It can be connected and be communicated with original VRF equipment 03, the first VRF equipment 01, and the VPN instance of the two equipment can be analyzed Flow, that is to say, that the VPN flow analysis equipments 04, can be used for analyze AS in any one equipment VPN flows, tool Analysis process when the flow analysis flow of body is attached with the above-mentioned VRF equipment of VPN flow analysis equipments 04 and the 2nd It is similar, it is not repeated.
A kind of system for setting up private network tags and original VRF corresponding relations provided in an embodiment of the present invention, the first VRF equipment The device identification of the first VRF equipment, the corresponding private network tags of the first VRF equipment, original VRF are sent to the 2nd VRF equipment to set Standby device identification and original VRF index information;2nd VRF equipment stores these information and its corresponding relation.Relative to In the prior art, when counting the operation such as flow, it is necessary to go to safeguard distribution private network tags information by a large amount of manpowers, private can be caused The maintenance efficiency of net label information is low, and the technical scheme that the present invention is provided, and realizes one kind and sets up private network tags and original VRF Corresponding relation method, the maintenance efficiency of private network tags is improved to a certain extent.
Further, when counting the operation such as VPN instance flow, the system can also be obtained by VPN flow analysis equipments Corresponding relation is taken, and data on flows, and then the original VRF obtained according to the data on flows can be gathered from the 2nd VRF equipment The device identification of equipment and original VRF index information, so that it is determined that the VPN instance of data on flows ownership, in order to determine The flow of VPN instance.
A kind of method for setting up private network tags and original VRF corresponding relations that another embodiment of the present invention is provided, in the party In method, the device identification of original VRF equipment and original VRF index information are determined in original VRF equipment, in order to The original VRF equipment to other VRF equipment send VPN route when, can carry all the time the device identification of the original VRF equipment with And original VRF index information, in order to follow-up determination VPN flows.As shown in figure 3, this method includes:
301st, original VRF equipment sends the corresponding private network tags of original VRF equipment, original VRF equipment to the first VRF equipment Device identification and original VRF index information.
It is therein, the corresponding private network tags of original VRF equipment, for realize the original VRF equipment with the AS where it Other PE equipment or ASBR equipment communication, for instructing VPN to route forwarding in private network VPN, by MP-BGP (Multiprotocol Border Gateway Protocol, MP-BGP)Transmission, the original VRF equipment In there may be multiple private network tags, and private network tags are one-to-one with VRF in this original VRF equipment.
302nd, the first VRF equipment stores the corresponding private network tags of the original VRF equipment, the device identification of original VRF equipment And the corresponding relation of original VRF index information.
Wherein, original VRF correspondences VPN instance;Original VRF equipment is to set up original VRF Provider Edge PE equipment;It is former Beginning VRF index information is used to identify the VPN instance in original VRF equipment.
Optionally, original VRF equipment and the first VRF equipment belong to same autonomous system AS.And the first VRF preferably Equipment is ASBR equipment, and the ASBR equipment can realize that ASBR equipment is communicated in another AS adjacent with the AS.
Another embodiment of the present invention provides a kind of method for setting up private network tags and original VRF corresponding relations, this method Executive agent be the first VRF equipment, as shown in figure 4, this method includes:
401st, the first VRF equipment receives the corresponding private network tags of original VRF equipment, the original VRF that original VRF equipment is sent The device identification of equipment and original VRF index information.
402nd, the first VRF equipment store the corresponding private network tags of original VRF equipment, original VRF equipment device identification with And the corresponding relation of original VRF index information.
Optionally, the first VRF equipment, can send device identification, the first VRF of the first VRF equipment to the 2nd VRF equipment The index information of the corresponding private network tags of equipment, the device identification of original VRF equipment and original VRF.
And then it is corresponding to enable the 2nd VRF equipment to store the device identification of the first VRF equipment, the first VRF equipment The corresponding relation of the index information of private network tags, the device identification of original VRF equipment and original VRF.
Another embodiment of the present invention provides a kind of method for determining virtual private network VPN flow, and this method is applied to VPN flow statistical equipments, as shown in figure 5, this method includes:
501st, VPN flow statistical equipments obtain corresponding relation from the 2nd VRF equipment.
Wherein, the corresponding relation be the device identification of the first VRF equipment, it is the corresponding private network tags of the first VRF equipment, original The device identification of VRF equipment and original VRF index information.
And wherein, the first VRF equipment is the next-hop device of the 2nd VRF equipment.
502nd, data on flows is obtained from the 2nd VRF equipment.
Wherein, data on flows includes device identification and the corresponding private network tags of the first VRF equipment of the first VRF equipment.
503rd, according to the device identification of the first VRF equipment and the corresponding private network tags of the first VRF equipment, from the correspondence of acquisition The device identification of original VRF equipment and original VRF index information are obtained in relation.
504th, determine what data on flows belonged to according to the index information of the device identification of original VRF equipment and original VRF VPN instance, in order to determine VPN flow.
Wherein, original VRF correspondences VPN instance;Original VRF equipment is to set up original VRF Provider Edge PE equipment;It is former Beginning VRF index information is used to identify the VPN instance in original VRF equipment.
Another embodiment of the present invention provides a kind of method for setting up private network tags and original VRF corresponding relation, with reference to Above-described embodiment description in original VRF equipment performs the scene of this method,
It is preferred that, original VRF equipment is PE equipment, and the PE equipment is that Provider Equipment can be according to user equipment or CE The vpn service request of equipment, affixes one's name to VRF, VRF is VPN instance, the VRF of deployment preferably number and VPN in the PE its upper sides The species number of business is identical.
Optionally, the device identification of original VPF equipment can be the Lookback port address or character of PE equipment The unique contents that can be identified for that PE equipment of string either router ID etc..Original VRF index information can be original PE equipment On original VRF ID or the original VRF titles either corresponding private network tags of the original VRF.
Specifically, PE equipment first is needed for VRF configuration names, it is specific that the title can be used to indicate that the VRF table shows Which, for VPN instance, then configure in the information of the VRF, and then the interface that the VRF is bundled on PE.It is worth explanation , CE equipment can access PE equipment by the interface, and then PE equipment is learnt to the road of CE equipment issue by the interface By PE equipment can also inform the route of the other CE equipment learnt by the interface CE equipment of above-mentioned access.
What deserves to be explained is, due to carrying a variety of vpn services in network, PE equipment routers are logically divided into many Virtual router, i.e., multiple "VPN routing and forwarding (VRF) instance VRF, one VRF of every kind of business correspondence.That is, multiple by one The shared PE of vpn service is modeled to many special PE.
Further, for above-mentioned 301, and the foregoing description of the present embodiment is combined, original VRF index information is In the mark that PE equipment is the VRF distribution disposed, for identifying the VPN instance in original VRF equipment.
The original VRF equipment of above-mentioned 301 description sends the corresponding private network tags of original VRF equipment, original to the first VRF equipment The device identification of beginning VRF equipment and original VRF index information.
Specifically, original VRF equipment, when issuing VPN routes, in order to get original VRF device identifications and original Beginning VRF index information, it is necessary to by MP-BGP extended community attributes, addition represent original VRF equipment device identification and The field of original VRF index information, and carry in VRF routes, the first VRF equipment is sent to, is also included in VPN routes The corresponding private network tags of original VRF equipment.
Further, above-mentioned information is carried in original VRF equipment and is distributed to the first VRF equipment in VPN routes Afterwards, the first VRF equipment stores the corresponding private network tags of the original VRF equipment, the device identification of original VRF equipment and original The corresponding relation of VRF index information.
What deserves to be explained is, when forwarding VPN routes, VPN routes carry two layers of MPLS label, i.e. internal layer mark Sign as private network tags, outer layer label is public network label.Specifically, stamping two layers of label in entry PE for message:First layer(Outside Layer)Label is swapped inside backbone network, represents a tunnel from PE to opposite end PE, and VPN routes stamp this layer of label The PE equipment of opposite end can just be reached;The second layer(Internal layer)Label, indicates which SITE messages should reach, or which is reached One CE equipment.So VPN stripped of outer layer label when being routed to up to PE, at this moment, and forwarding can be just found according to vpn label Interface.
The method described with reference to a upper embodiment, further, after VRF routes are sent to the first VRF equipment, and then First VRF equipment can according to the VRF routing iinformations to original VRF equipment send packet.
Another embodiment of the present invention provides a kind of method for setting up private network tags and original VRF corresponding relations, at this In method, original VRF equipment is original PE equipment, using MPLS VPN MPLS private network tags distribution capabilities, using MP-BGP The expandability of extended community attribute, when original PE equipment issues local VRF routing iinformations, passes through MP-BGP extended communitys Attribute, increases new attribute field in MP-BGP, and device identification and the original of original VRF equipment are recorded in the newly-increased attribute field Beginning VRF index information.Further, by the device identification of original VRF equipment, original VRF index information and this is original The corresponding private network tags of VRF equipment are transferred to opposite end PE/ASBR equipment in the lump.So, in each PE/ of whole VPN The VRF routing iinformations of the corresponding original PE equipment of private network tags of current device can be all stored in ASBR equipment, due to original PE its upper sides have affixed one's name to multiple VRF, and these VRF have each self-corresponding index information, and PE equipment is according to private network tags, by the original Beginning PE equipment issues the device identification of the original PE equipment and original VRF index information, and then in cross-domain issuing process, Although private network tags can change, issue VPN route in carry always the original PE equipment device identification and Original VRF index information, so that the private network tags of each PE/ASBR equipment and original VRF mapping problems are solved, and then Pass through the mapping relations, it becomes possible to the quick VPN instance determined belonging to current transmission packet.
What deserves to be explained is, method provided in an embodiment of the present invention is to issue local VRF routing iinformations in original PE equipment When, by MP-BGP extended community attributes, increase attribute field in MP-BGP, to realize the mapping of private network tags and VRF, Just illustrate, the implementation process for the technical scheme that the present embodiment is provided is unrelated with VPN networking types, support any networking types VPN networkings, especially solve the VPN traffic statistics in the PE/ASBR equipment and P equipment in cross-domain networking, meanwhile, with holding The tunnel type for carrying VPN is unrelated, either using common MPLS tunnels or MPLS traffic engineering tunnels, can be united by scheme Count the VPN flows of each node in VPN.
It is preferred that, the embodiment of the present invention is using netstream or netflow collection VPN equipment flows.Pass through portion A set of or many set VPN flow analysis equipments are affixed one's name to, data on flows is gathered from PE, P and ASBR equipment in VPN.Collection Data on flows packet header include purpose equipment mark, the private network tags information of the corresponding purpose equipment of flow, and the VPN Flow analysis equipment is preferably flow collection and analyzer.
Another embodiment of the present invention provides a kind of method for setting up private network tags and original VRF corresponding relation, the party Method can be applied in the following network architecture, as shown in fig. 6, the network architecture includes:Flow collection and analyzer, two AS autonomies System is respectively AS1 and AS2, wherein, the collection of flow volume and analyzer are used for collecting device flow, and analyze belonging to flow Vpn service.Specifically, include four PE equipment and four P equipment in AS1, specifically, these PE equipment respectively with PE1, PE3, PE4, ASBR1 represent that P equipment is represented with P1, P2, P3, P4 respectively, wherein, ASBR1 is used to enter with the PE equipment in AS2 Row communication, PE1 is connected by P1, P2 with ASBR1, and PE3 is connected by P3, P4 with PE4, the rectangular arrangement of P1, P2, P3, P4, point Do not communicated in two adjacent P equipment, and each equipment including PE equipment, P equipment in AS1 can be with Data are transmitted between flow collection and analyzer, in order to flow collection and analyzer progress flow collection.In AS2, equally Including tetra- PE equipment of PE2, PE5, PE6, ASBR2, tetra- P equipment of P5, P6, P7, P8, wherein, ASBR2 be used for in AS1 ASBR1 connections, ASBR2 is connected by P5, P6 and PE2, and PE5 is connected by P7, P8 and PE6, and four P in the AS2 are set The arrangement of P equipment in the standby ibid AS that arranges.What deserves to be explained is, the present embodiment description is to apply the mapping method A kind of network architecture form, and the embodiment of the present invention to the number of devices in the network architecture and comprising autonomous system number It is not limited.
The network architecture described with reference to above-mentioned Fig. 2, the present embodiment is to there is new CE equipment to access on PE1, and by this CE The route that equipment issue comes up is described exemplified by being distributed to PE2 equipment, wherein, the original VRF in PE1 correspondence above-described embodiments Equipment, the first above-mentioned VRF equipment of ASBR1 correspondences, the 2nd above-mentioned VRF equipment of ASBR2 correspondences, as shown in fig. 7, this method bag Include:
701st, PE1 identifies original device, original VRF index information is sent to ASBR1.
It is preferred that, the PE1 device identifications, original VRF index information are carried and sent in VRF routing iinformations.Wherein, Also include in VRF routing iinformations:The related letters such as current device mark, the private network tags of current device generation and Export-RT Breath.
With reference to the description of upper above-described embodiment, original device mark, original VRF index informations add the expansion in MP-BGP In the newly-increased attribute field for opening up group attribute.
In this example, current device is designated:PE1, original device is designated PE1, it is preferred that current device generation Private network tags are L1, and original VRF index informations are 10.
What deserves to be explained is, VRF index informations are determined when setting up VPN.
702nd, ASBR1 is received after VRF routing iinformations, generation ASBR1 private network tags and VRF mapping table.
Wherein, relation mapping table is at least identified including ASBR1 private network tags, next-hop device, original device is identified, original VRF index information quadrinomial parameters, according to remaining any one or several ginsengs can also be included in the actual conditions relation mapping tables Number.
What deserves to be explained is, ASBR1 generation ASBR1 private network tags and VRF mapping table herein, expression, The identifying of the original PE equipment that the PE1 that receives of ASBR1 storages is sent, the corresponding private network tags of original PE equipment, original VRF Index information corresponding relation.
With reference to above-mentioned 701 description, ASBR1 private network tags herein are L1, and next-hop device is designated PE1, original to set Standby to be designated PE1, original VRF index informations are 10.In order to clearly describe, the ASBR1 private network tags and VRF of ASBR1 generations Mapping table, it is as shown in table 1 below:
Table 1
Private network tags Next-hop device is identified Original PE VRF indexes
L1 PE1 PE1 10
What deserves to be explained is, in above-mentioned private network tags and VRF mapping table, the VRF routing iinformations are sent out by PE1 ASBR1 is given, and then in PE1 received data packets, the PE1 is next-hop devices of the ASBR1 in route, in this table 1 Next-hop be designated PE1.
Further, will in ASBR1 because the PE device As SBR2 being connected with ASBR1 belongs to another autonomous system AS2 When VRF routing iinformations are sent to ASBR2, new private network tags can be generated, the new private network tags are preferably represented by L2.
703rd, new private network tags L2, current device are identified ASBR1, original VRF index informations and original set by ASBR1 Standby mark PE1 is distributed to ASBR2 together.
704th, ASBR2 is received after the VRF routing iinformations of ASBR1 transmissions, generation ASBR2 private network tags and VRF mapping Relation table.
With reference to above-mentioned 702 description, the ASBR2 private network tags of ASBR2 generations and VRF mapping table and above-mentioned table 1 The content of loading is similar, and the mapping table of ASBR2 generations is designated as table 2, and private network tags are L2, next-hop device in the table 2 ASBR1 is designated, it is as shown in table 2 below:
Table 2
Further, when VRF routing iinformations are sent to PE2 by ASBR2, new private network tags can be also generated, are preferably passed through L3 represents the new private network tags.
705th, new private network tags L3, current device are identified ASBR2, original VRF index informations and original set by ASBR2 Standby mark PE1 is distributed to PE2 together.
706th, PE2 is received after the VRF routing iinformations of ASBR2 transmissions, generation PE2 private network tags and VRF mapping relations Table.
With reference to above-mentioned 702 description, the PE2 private network tags of PE2 generations and VRF mapping table are loaded with above-mentioned table 1 Content it is similar, and the mapping table of PE2 generations is designated as table 3, and private network tags are L3 in the table 3, and next-hop device is designated ASBR2, it is as shown in table 3 below:
Table 3
What deserves to be explained is, above-mentioned 701-706 describes the VRF routes carried out between PE1, ASBR1, ASBR2, PE2 The transmission of information, certain, PE1 can also be led between any one or more PE equipment of remaining in AS1 or AS2 Letter, can so retain the private network tags of its purpose equipment in the VRF routing tables of each PE equipment and original VRF mapping is closed System.
In addition what deserves to be explained is, the private network tags of the transmission in same AS autonomous systems are identicals, are only existed When VRF routing iinformations being sent into the ASBR in another AS autonomous system by ASBR, the new private network tags that can just generate. Such as, illustrate, because PE1 private network tags are L1, when PE1 is by VRF routing iinformations, send out with reference to the equipment in the present embodiment When giving all PE equipment and ASBR1 equipment in AS1, its private network tags is L1, but the ASBR1 in AS1 be with it is another The equipment that ASBR2 in individual AS autonomous systems AS2 is communicated, then can generate new private network tags L2, with reality at ASBR1 Existing ASBR1 and ASBR2 communication, when ASBR2 receives the VRF routing iinformations of ASBR1 transmissions, can generate new private network tags L3, for being communicated with the ASBR2 with remaining PE equipment in AS2.
Further, in order to the more detailed description embodiment of the present invention statistics VPN flows process reached it is beneficial Effect.Illustrated with following example, such as, two VRF are disposed on PE1:Two VRF are also disposed on vpna and vpnb, PE2: Vpna and vpnb.The scheme of prior art, when dividing private network tags scope for PE equipment, must draw for different PE equipment Divide different label ranges.Such as, the private network tags scope that PE1 is divided is L1-L10, and the private network tags scope that PE2 is divided is L11-L20, so, PE1 is when issuing VRF routing iinformations, and its vpna and the corresponding private network tags of vpnb can be L1, L2, PE2 When issuing VRF routing iinformations, vpna and the corresponding private network tags of vpnb can be L11, L12.When the route of network becomes Change, or the VRF on PE1 breaks down, and may result in PE1 and redistributes private network to two VRF of vpna thereon and vpnb Label, the private network tags of distribution are L3, L4.That is, the distribution of private network tags can be dynamic, change.So needing When distributing private network tags scope in substantial amounts of PE equipment, it is necessary to artificial to go to safeguard the private network tags information distributed, enter one Step, safeguard private network tags, VPN traffic statistics could be realized, that is to say, that statistics VPN flows be expend great amount of cost, And statistical efficiency is low.
Further, PE2 equipment is connected with CE2 equipment, because PE1 is connected with CE1, so according to above-mentioned PE1, The VRF routing iinformations stored in ASBR1, ASBR2, PE2, can in CE2 between CE1 transmission packet.With packet by CE2 It is transmitted to exemplified by CE1 and illustrates, it is specific to perform following flows.
Data envelope is attached in MPLS packets by a, PE2 by lsp tunnel, and stamps vpn label for private network tags L3, outer layer label is L ' 3, and packet then is transmitted into ASBR2.
Have the P equipment in AS2 on b, packet forward-path, P equipment after reception of the data packet, analyze data bag Label, it is ASBR2 to search purpose equipment according to outer layer label, and purpose equipment ASBR2 marks and label memory L3 are added Netstream/netflow packet headers.
C, with reference to above-mentioned sending method, finally send the packet to CE1.
Further, in packet repeating process, flow collection, analysis are carried out by flow collection and analyzer. Specifically,
D, flow collection and analyzer, from all PE equipment of VPN synchronous such as table 1, table 2 and the information of table 3, and store letter Breath.
E, flow collection and analyzer are from VPN public network equipment(PE, P and ASBR equipment)Flow is gathered, from flow Next-hop PE device identifications and the private network tags of present flow rate are obtained in data.
F, flow collection and analyzer are identified and private network tags according to next-hop device, and next-hop is obtained from above-mentioned e and is set Standby VRF corresponding with private network tags, so that it is determined that the VPN that current data packet flow belongs to.
A kind of method for setting up private network tags and original VRF corresponding relations provided in an embodiment of the present invention, described in it The corresponding relation of private network tags and VRF, the method for expressing of the corresponding relation is not limited by network model, can be fast by the method Speed matches any private network tags and original VRF corresponding relation.And it is the extended community category in MP-BGP in implementation process Property in add new attribute field, it is not necessary to the artificial distribution for going to intervene private network tags, the distribution mechanism to existing label will not Any influence is produced, without the need for maintenance service transmission path information, only can just obtain every by above-mentioned corresponding relation One jumps the flow information of equipment, it is to avoid complicated VPN transmission paths computational problem.Expanded in embodiments of the present invention using MP-BGP Open up attribute ability and to VRF routing iinformation issue mechanisms, any influence will not be produced on the performance of equipment.
Another embodiment of the present invention provides a kind of device for setting up private network tags and original VRF corresponding relations, such as Fig. 8 institutes Show, the device includes:Transmitting element 81, memory cell 82.
Transmitting element 81, for sending the corresponding private network tags of original VRF equipment, original VRF equipment to the first VRF equipment Device identification and original VRF index information.
Further, above-mentioned transmitting element 81 is passed through so that the first VRF equipment stores the corresponding private of original VRF equipment The corresponding relation of the index information of network mark label, the device identification of original VRF equipment and original VRF.
Memory cell 82, for store the corresponding private network tags of original VRF equipment, original VRF equipment device identification with And original VRF index information.
Wherein, original VRF correspondences VPN instance;Original VRF equipment is to set up original VRF Provider Edge PE equipment;It is former Beginning VRF index information is used to identify the VPN instance in original VRF equipment.
Optionally, the original VRF equipment and the first VRF equipment being related to during above-mentioned transmitting element perform function belong to same One autonomous system AS.
Another embodiment of the present invention provides a kind of device for setting up private network tags and original VRF corresponding relations, such as Fig. 9 institutes Show, the device includes:Receiving unit 91, memory cell 92.
Receiving unit 91, for receiving the corresponding private network tags of original VRF equipment, the original VRF that original VRF equipment is sent The device identification of equipment and original VRF index information.
Memory cell 92, for store the corresponding private network tags of original VRF equipment, original VRF equipment device identification with And the corresponding relation of original VRF index information.
Optionally, as shown in Figure 10, the device also includes transmitting element 93.
Transmitting element 93, device identification from the first VRF equipment to the 2nd VRF equipment, the first VRF equipment correspondence for sending Private network tags, the device identification of original VRF equipment and original VRF index information, in order to the 2nd VRF equipment storage the The device identification of one VRF equipment, the corresponding private network tags of the first VRF equipment, the device identification of original VRF equipment and original The corresponding relation of VRF index information.
Another embodiment of the present invention provides a kind of device for determining virtual private network VPN flow, as shown in figure 11, should Device includes:Acquiring unit 11, determining unit 12.
Acquiring unit 11, for obtaining corresponding relation from the second virtual private networks route forwarding table VRF equipment.
Wherein, the corresponding relation be the device identification of the first VRF equipment, it is the corresponding private network tags of the first VRF equipment, original The device identification of VRF equipment and original VRF index information.
And the first VRF equipment be the 2nd VRF equipment next-hop device.
Acquiring unit 11, is additionally operable to obtain data on flows from the 2nd VRF equipment.
Wherein, data on flows includes device identification and the corresponding private network tags of the first VRF equipment of the first VRF equipment; The device identification according to the first VRF equipment and the corresponding private network tags of the first VRF equipment are additionally operable to, from the corresponding relation of acquisition Obtain the device identification of original VRF equipment and original VRF index information.
Determining unit 12, for the device identification of original VRF equipment that is obtained according to acquiring unit 11 and original VRF Index information determines the VPN instance of data on flows ownership, in order to determine VPN flow.
Wherein, original VRF correspondences VPN instance;Original VRF equipment is to set up original VRF Provider Edge PE equipment;It is former Beginning VRF index information is used to identify the VPN instance in original VRF equipment.
Another embodiment of the present invention additionally provides a kind of system for setting up private network tags and original VRF corresponding relations, and this is System includes the above-mentioned device for setting up private network tags and original VRF corresponding relations as described in Fig. 8,9 and such as Figure 11 is described really Determine the device of virtual private network VPN flow.
Another embodiment of the present invention provides a kind of device for setting up private network tags and original VRF corresponding relations, such as Figure 12 Shown, the device includes transmitter 01, memory 02, and transmitter 01 is connected by bus with memory 02, communicated.
Transmitter 01, for sending original VRF equipment corresponding private network tags, original VRF equipment to the first VRF equipment Device identification and original VRF index information.
Further, above-mentioned transmitting element 01 is passed through so that the first VRF equipment stores the corresponding private of original VRF equipment The corresponding relation of the index information of network mark label, the device identification of original VRF equipment and original VRF.
Memory 02, for store the corresponding private network tags of original VRF equipment, the device identification of original VRF equipment and Original VRF index information.
Wherein, original VRF correspondences VPN instance;Original VRF equipment is to set up original VRF Provider Edge PE equipment;It is former Beginning VRF index information is used to identify the VPN instance in original VRF equipment.
Optionally, the original VRF equipment and the first VRF equipment being related to during above-mentioned transmitting element perform function belong to same One autonomous system AS.
Another embodiment of the present invention provides a kind of device for setting up private network tags and original VRF corresponding relations, such as Figure 13 Shown, the device includes:Receiver 1301, memory 1302.
Receiver 1301, for receiving the corresponding private network tags of original VRF equipment, the original VRF that original VRF equipment is sent The device identification of equipment and original VRF index information.
Memory 1302, for store the corresponding private network tags of original VRF equipment, original VRF equipment device identification with And the corresponding relation of original VRF index information.
Optionally, as shown in figure 14, the device also includes transmitter 1303.
Transmitter 1303, device identification from the first VRF equipment to the 2nd VRF equipment, the first VRF equipment correspondence for sending Private network tags, the device identification of original VRF equipment and original VRF index information, in order to the 2nd VRF equipment storage the The device identification of one VRF equipment, the corresponding private network tags of the first VRF equipment, the device identification of original VRF equipment and original The corresponding relation of VRF index information.
Another embodiment of the present invention provides a kind of device for determining virtual private network VPN flow, as shown in figure 15, should Device includes:Processor 1501, memory 1502.
Processor 1501, for obtaining corresponding relation from the second virtual private networks route forwarding table VRF equipment.
Wherein, the corresponding relation be the device identification of the first VRF equipment, it is the corresponding private network tags of the first VRF equipment, original The device identification of VRF equipment and original VRF index information.
And the first VRF equipment be the 2nd VRF equipment next-hop device.
Processor 1501, is additionally operable to obtain data on flows from the 2nd VRF equipment.
Wherein, data on flows includes device identification and the corresponding private network tags of the first VRF equipment of the first VRF equipment; The device identification according to the first VRF equipment and the corresponding private network tags of the first VRF equipment are additionally operable to, from the corresponding relation of acquisition Obtain the device identification of original VRF equipment and original VRF index information.
Processor 1501, it is true for the device identification of the original VRF equipment according to acquisition and original VRF index information The VPN instance of constant flow attribution data, in order to determine VPN flow.
Wherein, original VRF correspondences VPN instance;Original VRF equipment is to set up original VRF Provider Edge PE equipment;It is former Beginning VRF index information is used to identify the VPN instance in original VRF equipment.
Memory 1502, for storing the corresponding relation of the acquisition of processor 1501 and obtaining flow from the 2nd VRF equipment Data.
Through the above description of the embodiments, it is apparent to those skilled in the art that the present invention can be borrowed Software is helped to add the mode of required common hardware to realize, naturally it is also possible to which the former is more preferably by hardware, but in many cases Embodiment.Understood based on such, the portion that technical scheme substantially contributes to prior art in other words Dividing can be embodied in the form of software product, and the computer software product is stored in the storage medium that can be read, and such as be counted The floppy disk of calculation machine, hard disk or CD etc., including some instructions are to cause a computer equipment(Can be personal computer, Server, or the network equipment etc.)Perform the method described in each embodiment of the invention.
The foregoing is only a specific embodiment of the invention, but protection scope of the present invention is not limited thereto, any Those familiar with the art the invention discloses technical scope in, change or replacement can be readily occurred in, should all be contained Cover within protection scope of the present invention.Therefore, protection scope of the present invention should be based on the protection scope of the described claims.

Claims (13)

1. a kind of system for setting up private network tags and original VRF corresponding relations, it is characterised in that including:
First virtual private networks route forwarding table VRF equipment, for sending the first VRF equipment to the 2nd VRF equipment Device identification, the corresponding private network tags of the first VRF equipment, the device identification of original VRF equipment and original VRF index Information;
The 2nd VRF equipment, the equipment mark for receiving the first VRF equipment that the first VRF equipment is sent Knowledge, the corresponding private network tags of the first VRF equipment, the device identification of the original VRF equipment and the original The beginning VRF index information, and store the first VRF equipment that the first VRF equipment is sent the device identification, The corresponding private network tags of the first VRF equipment, the device identification of the original VRF equipment and described original The corresponding relation of the VRF index information;
VPN flow analysis equipments, for the device identification according to the original VRF equipment and the institute of the original VRF The VPN instance that index information determines the data on flows ownership is stated, in order to determine the flow of the VPN;
Wherein, the VPN instance of the original VRF correspondences virtual private network VPN;The original VRF equipment is to set up the original Beginning VRF Provider Edge PE equipment;The VPN that the index information of the original VRF is used to identify in the original VRF equipment is real Example.
2. system according to claim 1, it is characterised in that the system also includes the original VRF equipment;
The original VRF equipment, for sending the corresponding private network tags of the original VRF equipment, institute to the first VRF equipment State the device identification of original VRF equipment and the index information of the original VRF;
The first VRF equipment, the original VRF equipment for being additionally operable to receive the original VRF equipment transmission is corresponding described The index information of private network tags, the device identification of the original VRF equipment and the original VRF, and store institute State the corresponding private network tags of original VRF equipment, the device identification of the original VRF equipment and the original VRF The index information corresponding relation.
3. system according to claim 1, it is characterised in that
The VPN flow analysis equipments, set for obtaining described in the first VRF equipment of the 2nd VRF equipment storage Standby mark, the corresponding private network tags of the first VRF equipment, the device identification of the original VRF equipment and institute State the corresponding relation of the original VRF index information;
Data on flows is gathered from the 2nd VRF equipment, the data on flows includes the described of the first VRF equipment and set It is standby to identify the private network tags corresponding with the first VRF equipment;
According to the device identification of the first VRF equipment and the corresponding private network tags of the first VRF equipment, from obtaining The device identification of the original VRF equipment and the index letter of the original VRF are obtained in the corresponding relation taken Breath;
The stream is determined according to the index information of the device identification of the original VRF equipment and the original VRF The VPN instance of attribution data is measured, in order to determine the flow of the VPN.
4. the system according to claim 1-3 any one, it is characterised in that the first VRF equipment and described second VRF equipment belongs to different autonomous system AS.
5. the system according to claim 1-3 any one, it is characterised in that
The first VRF equipment is by the device identification of the original VRF equipment and the index information of the original VRF It is added in MP-BGP MP-BGP extended community attributes, by the MP-BGP agreements to the 2nd VRF Equipment sends the device identification of the original VRF equipment and the index information of the original VRF.
6. a kind of method for setting up private network tags and original VRF corresponding relations, it is characterised in that including:
First virtual private networks route forwarding table VRF equipment receives the original VRF equipment correspondence that original VRF equipment is sent Private network tags, the device identification of the original VRF equipment and the original VRF index information;
The first VRF equipment stores the corresponding private network tags of the original VRF equipment, the institute of the original VRF equipment State the corresponding relation of device identification and the index information of the original VRF;
The first VRF equipment sends the device identification of the first VRF equipment, the first VRF equipment to the 2nd VRF equipment The index information of corresponding private network tags, the device identification of the original VRF equipment and the original VRF;
The 2nd VRF equipment receives the device identification for the first VRF equipment that the first VRF equipment is sent, institute State the corresponding private network tags of the first VRF equipment, the device identification of the original VRF equipment and the original VRF The index information, and it is corresponding described to store the device identification of the first VRF equipment, the first VRF equipment The correspondence pass of the index information of private network tags, the device identification of the original VRF equipment and the original VRF System;
VPN flow analysis equipments are according to the device identification of the original VRF equipment and the index of the original VRF Information determines the VPN instance of the data on flows ownership, in order to determine the flow of the VPN;
Wherein, the VPN instance of the original VRF correspondences virtual private network VPN;The original VRF equipment is to set up the original Beginning VRF Provider Edge PE equipment;The VPN that the index information of the original VRF is used to identify in the original VRF equipment is real Example.
7. method according to claim 6, it is characterised in that receive original VRF equipment in the first VRF equipment and send The corresponding private network tags of the original VRF equipment, the device identification of the original VRF equipment and the original VRF rope Before fuse breath, methods described also includes:
The original VRF equipment sends the corresponding private network tags of the original VRF equipment, the original VRF to the first VRF equipment The device identification of equipment and the index information of the original VRF, in order to which the first VRF equipment stores the original VRF The index of the corresponding private network tags of equipment, the device identification of the original VRF equipment and the original VRF Information corresponding relation.
8. method according to claim 7, it is characterised in that the original VRF equipment and the first VRF equipment belong to Same autonomous system AS.
9. method according to claim 6, it is characterised in that in the VPN flow analysis equipments according to the original VRF The device identification of equipment and the original VRF index information determine the VPN instance of the data on flows ownership, Before flow in order to determine the VPN, methods described also includes:
Corresponding relation is obtained from the second virtual private networks route forwarding table VRF equipment, the corresponding relation is that the first VRF is set Standby device identification, the corresponding private network tags of the first VRF equipment, the device identification of original VRF equipment and original VRF Corresponding relation between index information, wherein, the first VRF equipment is the next-hop device of the 2nd VRF equipment;
Data on flows is obtained from the 2nd VRF equipment, the data on flows includes the equipment of the first VRF equipment The mark private network tags corresponding with the first VRF equipment;
According to the device identification of the first VRF equipment and the corresponding private network tags of the first VRF equipment, from obtaining The device identification of the original VRF equipment and the index letter of the original VRF are obtained in the corresponding relation taken Breath.
10. a kind of device for setting up private network tags and original VRF corresponding relations, it is characterised in that described device includes:
The receiving unit of first VRF equipment, for the corresponding private network of the original VRF equipment for receiving that original VRF equipment sends The index information of label, the device identification of the original VRF equipment and the original VRF;
The memory cell of the first VRF equipment, for store the first VRF equipment receiving unit receive it is described original The corresponding private network tags of VRF equipment, the device identification of the original VRF equipment and the original VRF it is described The corresponding relation of index information;
The transmitting element of the first VRF equipment, the memory cell for sending the first VRF equipment to the 2nd VRF equipment The device identification of the first VRF equipment of storage, the corresponding private network tags of the first VRF equipment, the original VRF equipment The device identification and the original VRF the index information, in order to the 2nd VRF equipment storage described first The device identification of VRF equipment, the corresponding private network tags of the first VRF equipment, the original VRF equipment it is described The corresponding relation of device identification and the original VRF index information;
The receiving unit of the 2nd VRF equipment, for receiving the transmitting element of the first VRF equipment is sent described first The device identification of VRF equipment, the corresponding private network tags of the first VRF equipment, the device identification of the original VRF equipment And the index information of the original VRF;
The memory cell of the 2nd VRF equipment, for storing the receiving unit of the 2nd VRF equipment is received described first The device identification of VRF equipment, the corresponding private network tags of the first VRF equipment, the original VRF equipment it is described The corresponding relation of device identification and the original VRF index information;
The determining unit of VPN flow analysis equipments, for according to the memory cell of the 2nd VRF equipment store it is described original The device identification of VRF equipment and the original VRF index information determine that the VPN of the data on flows ownership is real Example, in order to determine the flow of the VPN;
Wherein, the VPN instance of the original VRF correspondences virtual private network VPN;The original VRF equipment is to set up the original Beginning VRF Provider Edge PE equipment;The VPN that the index information of the original VRF is used to identify in the original VRF equipment is real Example.
11. device according to claim 10, it is characterised in that described device also includes original VRF equipment, described original VRF equipment is specifically included:
The transmitting element of the original VRF equipment, for sending the corresponding private network of the original VRF equipment to the first VRF equipment The index information of label, the device identification of the original VRF equipment and the original VRF, in order to the first VRF equipment Store the corresponding private network tags of the original VRF equipment, the device identification of the original VRF equipment and the original The corresponding relation of the beginning VRF index information;
The memory cell of the original VRF equipment, for storing the corresponding private network tags of the original VRF equipment, described original The device identification of VRF equipment and the index information of the original VRF.
12. device according to claim 11, it is characterised in that original VRF equipment and the first VRF equipment category In same autonomous system AS.
13. device according to claim 10, it is characterised in that described device also includes:
The acquiring unit of the VPN flow analysis equipments, for being obtained from the second virtual private networks route forwarding table VRF equipment Take corresponding relation;The corresponding relation is the device identification of the first VRF equipment, the corresponding private network tags of the first VRF equipment, Corresponding relation between the device identification of original VRF equipment and original VRF index information, wherein, the first VRF equipment For the next-hop device of the 2nd VRF equipment;
The acquiring unit of the VPN flow analysis equipments, is additionally operable to obtain data on flows, the stream from the 2nd VRF equipment Amount data include the device identification and the corresponding private network tags of the first VRF equipment of the first VRF equipment;
The acquiring unit of the VPN flow analysis equipments, is additionally operable to the device identification according to the first VRF equipment and institute The corresponding private network tags of the first VRF equipment are stated, the institute of the original VRF equipment is obtained from the corresponding relation of acquisition State device identification and the original VRF index information.
CN201310753846.8A 2013-12-31 2013-12-31 Set up method, the apparatus and system of private network tags and original VRF corresponding relations Active CN103746914B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310753846.8A CN103746914B (en) 2013-12-31 2013-12-31 Set up method, the apparatus and system of private network tags and original VRF corresponding relations

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310753846.8A CN103746914B (en) 2013-12-31 2013-12-31 Set up method, the apparatus and system of private network tags and original VRF corresponding relations

Publications (2)

Publication Number Publication Date
CN103746914A CN103746914A (en) 2014-04-23
CN103746914B true CN103746914B (en) 2017-08-18

Family

ID=50503905

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310753846.8A Active CN103746914B (en) 2013-12-31 2013-12-31 Set up method, the apparatus and system of private network tags and original VRF corresponding relations

Country Status (1)

Country Link
CN (1) CN103746914B (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104734981B (en) * 2015-04-11 2017-10-27 广州咨元信息科技有限公司 A kind of method that MPLS VPN service traffics are accurately recognized based on equipment interconnecting relation
CN106559237A (en) * 2015-09-28 2017-04-05 中兴通讯股份有限公司 A kind of method and device for obtaining data on flows
CN105871602B (en) 2016-03-29 2019-10-18 华为技术有限公司 A kind of control method, device and system counting flow
CN105939262B (en) * 2016-05-09 2020-03-06 杭州迪普科技股份有限公司 Label distribution method and device
CN106470143A (en) * 2016-08-26 2017-03-01 杭州迪普科技股份有限公司 A kind of method and apparatus of MPLS VPN traffic filtering
CN108429646B (en) * 2018-03-07 2021-05-11 广州西麦科技股份有限公司 Method and device for optimizing Ipsec VPN
CN111131041B (en) * 2019-11-28 2022-05-17 中盈优创资讯科技有限公司 VPN flow obtaining method and device based on NetFlow and BGP

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101605069A (en) * 2009-06-30 2009-12-16 杭州华三通信技术有限公司 A kind of method and apparatus of gathering flow information
WO2013120427A1 (en) * 2012-02-15 2013-08-22 中兴通讯股份有限公司 Mpls vpn realizing method, system and customer edge

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101605069A (en) * 2009-06-30 2009-12-16 杭州华三通信技术有限公司 A kind of method and apparatus of gathering flow information
WO2013120427A1 (en) * 2012-02-15 2013-08-22 中兴通讯股份有限公司 Mpls vpn realizing method, system and customer edge

Also Published As

Publication number Publication date
CN103746914A (en) 2014-04-23

Similar Documents

Publication Publication Date Title
CN103746914B (en) Set up method, the apparatus and system of private network tags and original VRF corresponding relations
CN104780066B (en) Determined for the physical pathway of virtual network stream of packets
CN100596107C (en) Packet forwarding method and border router of autonomous system
US7027448B2 (en) System and method for deriving traffic demands for a packet-switched network
CN103748835B (en) The dynamic renewal of label switched path
CN109861926A (en) The transmission of message, processing method and processing device, PE node, node
CN107222449A (en) Communication means, equipment and system based on the regular agreement of stream
CN107026791A (en) VPN vpn service optimization method and equipment
CN107040462A (en) Method for routing and intermediate router
CN106921572B (en) A kind of method, apparatus and system for propagating qos policy
CN106464522A (en) A method and system for network function placement
CN102413060B (en) User private line communication method and equipment used in VPLS (Virtual Private LAN (Local Area Network) Service) network
CN104380658A (en) Stream classifier, service routing trigger, and message processing method and system
CN106464585A (en) A method and system for compressing forward state of a data network
CN102437931A (en) Detection method and device of service path
CN103326900A (en) Traffic playback method and system for virtual network
CN101834793A (en) Virtual private network implementation method based on MPLS/OPS
CN102694732B (en) Method and system for constructing virtual network based on local virtualization
CN103326915A (en) Method, device and system for achieving three-layer VPN
CN109639577A (en) A kind of wide area network bandwidth stage division, apparatus and system
CN101692669A (en) Method and device for virtual private network label distribution
CN108141392A (en) The method and apparatus that pseudowire load is shared
CN103684959A (en) VPN realization method and PE device
CN102546433A (en) Data forwarding method based on MPLS (Multi Protocol Label Switching) VPN (Virtual Private Network) and PEs (Provider Edges)
CN107659484A (en) From the method, apparatus and system of vlan network access VXLAN networks

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant