CN104040971B - A kind of method and device adding/leave Virtual Private Network for terminal - Google Patents

Abstract

A kind of terminal or network utilisation Border Gateway Protocol (Border Gateway Protocol, BGP) signaling perform the method being automatically added to and leaving function, and the method includes: send BGP and add request, add virtual network with request；Receive BGP and add response, represent that acceptance or refusal BGP add request；When BGP addition response expression accepts BGP addition request, terminal is added to virtual network；Send BGP and leave request, leave virtual network with request；Receive BGP and leave response, represent that accepting or refuse BGP leaves request；When BGP leave response expression accept BGP leave request time, terminal is removed from virtual network, wherein, BGP add request may also comprise service quality (QoS) require and bandwidth requirement.

Description

A kind of method and device adding/leave Virtual Private Network for terminal

Cross reference related application

This application claims by Susan Hull this et al. submit to USPO, Patent No. 61/555 on November 3rd, 2011,370, the priority of US provisional patent invention entitled " adding/leave the Border Gateway Protocol extension of Virtual Private Network for terminal ", entire contents is hereby incorporated by the application.

What federal government subsidized studies or the statement of exploitation

Inapplicable

Microfiche appendix reference

Inapplicable

Background technology

Virtual and stacking network technology is greatly promoted the development of information technology (information technology, IT) industry in terms of efficiency, cost and disposal ability.This technology makes various application or service can carry out in virtual environment.Such as, some operating system is by utilizing the multiple virtual environments associating same single CPU (central processing unit, CPU) can carry out parallel work-flow.Carry out Parallel application or service is possible not only to reduce indirect cost, it is also possible to improve disposal ability.Additionally, virtual and stacking network technology is while improving autgmentability and overall hardware resource utilization, it is also possible to centralized management task.When application and service run in virtual environment when, virtual resource can be redistributed or mobile, such as calculating, storage, network element etc..Therefore, for creating the IT environment that can manage independently, virtual most important with stacking network technology.

Servicing by buying VPN (virtual private network) (virtual private network, VPN) to Internet Service Provider, many companies and enterprise can use virtual and stacking network technology.VPN service includes Layer 2 virtual private network (Layer2VPN, L2VPN) and Layer3 Virtual Private Network (Layer3VPN, L3VPN), for providing safety and the most special connection between multi-client website.VPN service can utilize Border Gateway Protocol (Border Gateway Protocol, BGP) interconnective, different autonomous system (autonomous system is set up, AS) connection between, between different client sites, thus exchanges routing iinformation.When a bgp peer receives the route of the bgp peer being positioned at another autonomous system by external BGP (eBGP), this bgp peer typically can utilize iBGP connection or as the iBGP peer-to-peer of Router Reflector, the route received is reassigned to be positioned at all internal bgps (iBGP) peer-to-peer of same AS or client site.Ebgp peering can be to utilize eBGP to connect the bgp peer carrying out routing iinformation communication, and iBGP peer-to-peer can be to utilize iBGP to connect the bgp peer carrying out routing iinformation communication.

BGP can also be redistributed by multi-protocols extension and be exchanged multi-protocol information.Multi-protocols extension herein can also be called the multi-protocols extension of BGP-4, definition can be found in Internet engineering duty group (Internet Engineering Task Force, IETF) Request for Comment (Request for Comments, RFC) 4760, entire contents has been incorporated in the application.Such as, BGP multi-protocols propagation energy is enough exchanges private network information between multi-site.At present, the extension of BGP multi-protocols can include the prefix of herein below: Internet Protocol version 4 (IPv4), Internet Protocol version 6 (IPv6), multi protocol label exchange (Multiprotocol Label Switching, MPLS), L3VPN, MPLS L2VPN, endpoint of a tunnel, based on address go out outbound route filter and the mark of stream.BGP multi-protocols extend and may be configured to increase extra multi-protocols feature, thus the BGP feature generally acknowledged as private or standard.Additionally, BGP can also pass through the mode of operation message that Intranet realizes, including advisory message, operation information, communication message etc..As can be seen here, BGP can be flexile, can apply to various different virtual network.

Client can wish the private network using BGP is connected to data center (data center, DC).Data center can include server and other telecommunication apparatus, thus provide network function, calculate resource and data storage.During attempting reducing network overhead cost and/or improving network capacity and performance, client can select to order some data center services to data center services provider.By ordering these data center services, some special customer data center operations can be transferred to data center services provider by this client.And data center services provider can pass through virtual data center (virtual data center, vDC) and provide customer data center service.This client may require that the vDC by concrete is connected to the private network of client, and this private network includes the VPN service that Internet Service Provider provides.Additionally, vDC can help client that virtual and physics calculating resource, storage resource and network alliance are linked together by VPN technologies based on BGP.Consequently, it is possible to then can use eBGP between vDC and WAN VPN, wherein, DC network belongs to an AS, and WAN network belongs to another AS.To concrete virtual data center is connected to the private network of client, Internet Service Provider may need the position of VPN service extension to data center services provider.Nowadays, from Internet service provider, VPN service is expanded to data center services provider require between client and data central service provider, carry out manual configuration between Internet Service Provider and data central service provider.But, this configuration process is the biggest, error-prone, since it is desired that the multiple interface of manual configuration, and two coordination existing problems between service provider and client.Additionally, BGP be not configured as automatically performing manual configuration.Accordingly, it would be desirable to improve BGP further to carry out automatic preparation, configuration virtual data center and private network, thus reduce configuration complexity, improve allocative efficiency.

Summary of the invention

In one embodiment of the invention, a kind of method performing to be automatically added to and leave function about terminal or network utilisation BGP signaling is disclosed.Described method includes, sends BGP and adds request, represents that request adds a virtual network；Receive BGP and add response, represent that accepting or refuse described BGP adds request；If described BGP adds response expression accepts BGP addition request, terminal is added to described virtual network；Sending BGP and leave request, described virtual network is left in expression request；Receive BGP and leave response, represent and accept or refuse described BGP to leave request；If described BGP leaves response, expression accepts BGP and leaves request, terminal is removed from described virtual network, and wherein, described BGP adds request and includes that service quality (quality of service, QoS) requires and bandwidth requirement.

In another embodiment of the present invention, the device that a kind of BGP of utilization signaling asks to add terminal to virtual network is disclosed.Wherein, described device includes, processor, and transmitter and receptor are coupled.Wherein, described processor is used for supporting first group of BGP ability, and wherein, first group of BGP ability includes at least one BGP ability；Reception comprises the first of second group of BGP ability and opens message, and wherein, second group of BGP ability includes at least one BGP ability；Confirm to accept or refuse described first to open message, wherein, when first group of BGP ability is identical with second group of BGP ability, accepts first and open message；Sending and comprise the second of first group of BGP ability and open message, wherein, second opens message represents acceptance or refuses described first and open message；After accepting described first and opening message, sending a BGP route refresh request, wherein, the request of described BGP route refresh includes a departures route filtering field being associated with described virtual network；After sending the request of described BGP route refresh, receive the response of BGP route refresh, wherein, the response of BGP route refresh represents that at least one route of request carrys out transmitting data frame, further, when the response expression of BGP route refresh accepts the request of BGP route refresh, described terminal adds described virtual network.

In another embodiment of the present invention, one is disclosed for determining whether to utilize Border Gateway Protocol (Border Gateway Protocol, BGP) signaling to add the network device to virtual network.Wherein, described device includes processor, and transmitter and receptor are coupled.Wherein, described processor is used for supporting first group of BGP ability, and wherein, first group of BGP ability includes at least one BGP ability；Transmission comprises the first of described first group of BGP ability and opens message；Reception comprises the second of second group of BGP ability and opens message, and wherein, second group of BGP ability includes at least one BGP ability；Receiving the first bgp update message, described network is connected to described virtual network by request, and wherein, the first bgp update message includes that a plurality of Address-Family Identifier (Address Family Identifier, AFI) route；Confirming to accept or refuse described first bgp update message, wherein, when AFI route is rejected, the first bgp update message is rejected；Sending the second bgp update message, wherein, the second bgp update message represents reception or refusal the first bgp update message, wherein, when bgp update request is rejected, described network is added without described virtual network, but, when bgp update request is accepted, described network adds described virtual network, additionally, described network is when adding described virtual network, association service quality (quality of service, QoS) requirement.From the point of view of described further below, accompanying drawing and claim, it is possible to features above and other features are more clearly understood.

Accompanying drawing explanation

Brief description in conjunction with the following drawings and detailed description, it is possible to be more fully appreciated by content disclosed in this invention, wherein, similar reference represents similar part.

Fig. 1 is the schematic diagram of a kind of network supporting terminal to add/leave virtual network that the embodiment of the present invention provides.

Fig. 2 is the schematic diagram of a kind of network connecting VPN and data central service provider that the embodiment of the present invention provides.

Fig. 3 is the schematic diagram of the another kind of network supporting terminal to add/leave virtual network that the embodiment of the present invention provides.

Fig. 4 is the schematic diagram of the another kind of network supporting terminal to utilize Router Reflector to add/leave virtual network that the embodiment of the present invention provides.

A kind of the having that Fig. 5 A is that the embodiment of the present invention provides, adds/leaves the BGP of ability and open the schematic diagram of message 500.

Fig. 5 B is that the another kind that the embodiment of the present invention provides has and adds/leave the BGP of ability and open the schematic diagram of message.

Fig. 5 C is the schematic diagram of a kind of addition/leave capable field that the embodiment of the present invention provides.

Fig. 5 D is the schematic diagram of a kind of flag field that the embodiment of the present invention provides.

Fig. 6 is the schematic diagram that a kind of BGP that the embodiment of the present invention provides opens message interaction process.

Fig. 7 is the schematic diagram that the another kind of BGP that the embodiment of the present invention provides opens message interaction process.

Fig. 8 is the schematic diagram that the another kind of BGP that the embodiment of the present invention provides opens message interaction process.

Fig. 9 A is a kind of schematic diagram utilizing bgp update message to realize BGP interaction that the embodiment of the present invention provides.

A kind of schematic diagram utilizing addition/leave message and addition/the leave extended community path attribute that VPN attribute carries out encoding that Fig. 9 B is that the embodiment of the present invention provides.

Figure 10 is the schematic diagram of the another kind of bgp update message that the embodiment of the present invention provides.

Figure 11 is the schematic diagram of the another kind of bgp update message using extended community form that the embodiment of the present invention provides.

Figure 12 is the schematic diagram of the another kind of bgp update message using extended community form that the embodiment of the present invention provides.

Figure 13 is the schematic diagram of the another kind of bgp update message using extended community form that the embodiment of the present invention provides.

Figure 14 is the schematic diagram that the one that the embodiment of the present invention provides " regards as recalling " error processing procedure.

Figure 15 is the schematic diagram of the bgp update message that the another kind that the embodiment of the present invention provides comprises optional transitive property.

Figure 16 is a kind of schematic diagram having the BGP dynamic capability adding/leave VPN ability that the embodiment of the present invention provides.

Figure 17 is the schematic diagram of the another kind of variable-length capability value field that the embodiment of the present invention provides.

Figure 18 is that a kind of of embodiment of the present invention offer utilizes dynamic capability to realize the schematic diagram of BGP message interaction between two bgp peers.

Figure 19 is a kind of schematic diagram for transmitting the status message adding/leave bgp information that the embodiment of the present invention provides.

Figure 20 is that a kind of of embodiment of the present invention offer will add/leave the schematic diagram of departures route filtering (outbound route filtering, the ORF) field that VPN information is encoded in BGP route refresh messages.

Figure 21 is that the another kind that the embodiment of the present invention provides will add/leave the schematic diagram of departures route filtering (outbound route filtering, the ORF) field that VPN information is encoded in BGP route refresh messages.

Figure 22 is a kind of schematic diagram utilizing route refresh messages and ORF filter attribute thus add that the BGP message of VPN is mutual that the embodiment of the present invention provides.

Figure 23 is that the another kind that the embodiment of the present invention provides utilizes route refresh messages and filter ORF field to interact thus leaves the schematic diagram that the BGP message of VPN is mutual.

Figure 24 is the schematic diagram of a kind of multi purpose computer system being able to carry out various embodiments of the present invention that the embodiment of the present invention provides.

Detailed description of the invention

It is first noted that, although the implementation of one or more embodiment has been detailed below, and system disclosed in it and/or method also can be by other known or existing technology many and realize.The present invention is not necessarily limited by specific implementation described below, accompanying drawing and technology, and including preferred configuration and the executive mode of explanation described herein, but the four corner that can combine its corresponding content in the range of following claims is modified.

Disclosed herein is a kind of methods, devices and systems, be used for performing terminal call access control in data center and/or network.The present invention proposes, and the management utilizing BGP to carry out joining and departing from VPN instance controls, and this VPN instance is relevant with vDC or network.BGP can be used to transmission terminal-terminal and connects and/or reachability information, delivery network VPN instance, and association QoS or bandwidth requirement are to terminal or network, and inquire about terminal connectivity.Call access control allows terminal and/or network are automatically added to or leave certain specific virtual service instance.BGP can also be used to send that can realize by Intranet, about addition or leave the request of certain specific virtual service instance, and make network approve this request.

BGP can send one or more routing information bases (routing information base, RIB) by in-band mechanisms to each specific vDC VPN.RIB passes through Address-Family Identifier (Address Family Identifier, AFI) and subaddressing race mark (sub-address Family Identifier, SAFI) combination of the two is identified, the AFI/SAFI identifier of hereinafter referred to as RIB.

VDC VPN can utilize DC identifier, VPN identifier (ID), safe ID, nd various combinations thereof be identified.VPN ID can be integer or the monotonically increasing value obtained from vlan port ID or other mechanism.Safe ID can use the form of type-length-value (TLV) tlv triple, wherein, type represents concrete security protocol identifier (security protocol identifier, SPI), the length of lengths table indicating value, value can include SPI.

Can be realized by a kind of ability about the BGP in-band signaling joining and departing from function, such as BGP extended community, BGP dynamic capability, BGP add/leave attribute or mode of operation message etc..These the most each relate to the BGP signaling between two bgp peers.Before in-band signaling, bgp peer reciprocally negotiates and is opened by BGP the ability carried in message, i.e. opens ability, sets up BGP and connects.Being serviced by existing BGP, such as extended community or BGP negotiation service etc., a kind of ability of negotiation foundation is transmitted and is added/leave VPN service.Service includes but are not limited to BGP dynamic capability, BGP adds/leave VPN optional attribute and bgp state information transmission (such as, BGP advisory message) in BGP negotiation.

Signalling exchange relates to sending BGP message between two bgp peers and receiving response.One bgp peer can be asked to add VPN as sender.Recipient can accept or refuse this request in the response.The request of leaving can be sent by arbitrary bgp peer (i.e. sender or recipient), is selected accept or refuse this request by receiving this bgp peer leaving request.Signaling can utilize " regarding as recalling " ability, for abnormal BGP message or about the extended community of more new information and optional addition/leave transitive property, can carry out fault processing.The wrong signaling that grade is different, can include that refusal adds request or leaves request.

When BGP recipient refuses reachability information, addition request is rejected.Reachability information can include but are not limited to: terminal address, terminal-terminal route, network route, MAC Address, Ethernet (i.e. Institute of Electrical and Electronics Engineers (Institute of Electrical and Electronics Engineers, IEEE) or IEEE802.1aq) 802.1Q VPN, L3VPN information and L2VPN provisioning information.After BGP recipient accepts to add/leave request, confirm adding/leave signaling, thus allow concrete flow to circulate between bgp peer.The AFI/SAFI of RIB is to, VPN ID and the rule of safe ID to need the object confirmed to include.In conjunction with accompanying drawing, claim and described in detail below, it is possible to be more clearly understood that features above and other features.

Fig. 1 is the schematic diagram of a kind of network 100 supporting terminal to add/leave virtual network that the embodiment of the present invention provides.Network 100 can include bearer network 102, network virtual edge (network virtual edge, NVE) 104, server 106 and virtual machine (virtual machine, VM) 108.Bearer network 102 can be arbitrary physical network, it is possible to the multiple virtual network of superposition, such as IP/MPLS network, Ethernet, data center network etc..Bearer network 102 can be that one includes DC physical network, one or more LAN (local area network, LAN), Metropolitan Area Network (MAN) (metropolitan area network, and/or the network of wide area network (wide area network, WAN) MAN).Additionally, bearer network 102 can also operate in the second layer or the third layer of open system interconnection (Open Systems Interconnection, OSI) structure.

NVE104 may reside on the network equipment (i.e. bgp peer), such as router, switch, bridge, nd various combinations thereof.In FIG, NVE104 may reside in the outside of server 106.Terminal in network 100 can include server 106, VM108, storage device, data center and other kinds of, data can be created in the network 100 or receive the terminal unit of data of automatic network 100.Terminal may be located at outside bearer network 102.Server 106 can include the VM108 belonging to different virtual service instance (i.e. virtual network).VM108 and server 106 may be located at same data center or different data centers.Virtual service instance (i.e. virtual network) can pass through network virtual superposition (network virtual overlay, NVO3) example, L2VPN, L3VPN and/or other the stacking network technology of BGP arbitrarily can be utilized to build.

As it is shown in figure 1, server 106 (such as, terminal) and each leisure of NVE104 are outside each other, and within not being positioned at same hardware.Server 106 may reside in the outside of bearer network 102 and virtual service instance, and NVE104 may reside among the network equipment being positioned at bearer network 102 edge.Server 106 can utilize eBGP connection 110 to carry out communicating between two bgp peers with NVE104.Specifically, eBGP connects the 110 information exchanges that may be used between server 106 and NVE104, thus allows server 106 and/or VM108 (i.e. terminal) be automatically added to or leave virtual service instance.Server 106 can be used to send request to local NVE104, and VM108 is added virtual network by request.As it is known by the man skilled in the art that eBGP connects 110 and can exchange for information in about other embodiments of AS.

Fig. 1 also illustrates, and cover type tunnel 112 may be used for data transmission between the NVE104 of same intra-virtual-network.Different types of cover type tunnel 112 can include but are not limited to MPLS tunnel, label switched path (label switch path, LSP) tunnel, generic route encapsulation (Generic Routing Encapsulation, GRE) tunnel and IP tunnel.Use different cover type tunnels 112 to depend on the dissimilar of virtual service instance, and virtual service instance is used for realizing the transmission data of stacking network 102.May be used for issuing and the communicating of other routing decisions about route between different NVE104 as it has been described above, iBGP connects 114.

Fig. 2 is the schematic diagram of a kind of network 200 connecting VPN 222 and DC service provider 218 that the embodiment of the present invention provides.From generally, bearer network 202, cover type tunnel 212, eBGP connect the 210 and iBGP the most corresponding bearer networks 102 of connection 214, cover type tunnel 112, eBGP connection 110 and iBGP connection 114.VPN 222 can be private network, such as intranet, including station network A206 and B206.Station network 206 can be the network interconnected, and is not rely on VPN and is attached.Station network A206 and station network B206 can also be deployed in different geographical position, and now, if VPN Service Instance, the two just cannot be carried out communication interaction.The two station network A206 and B206 can utilize the bearer network 202 provided by Internet Service Provider to link together.Bearer network 202 can pass through VPN Service Instance, such as L2VPN or L3VPN, is linked together by station network A206 and B206.In other embodiments, station network 206 can associate more than a VPN Service Instance.

Station network 206, has VPN Service Instance, such as L3VPN and L2VPN, can include Provider Edge (provider edge, PE) equipment 204 and customer edge (Customer Edge, CE) equipment 208.CE equipment 208 and PE equipment 204 is all edge network equipment (i.e. bgp peer), such as router, switch, bridge nd various combinations thereof.These are all logical definition, do not imply that the retransmission protocol of any specific.PE equipment 204 can access circuit (attachment circuit, AC) by physical circuit or logic and be attached on CE equipment 208.One or more CE equipment 208 can couple one or more PE equipment by accessing circuit.Flow filter can be only fitted to PE equipment 204 and CE equipment 208 side, so that it is guaranteed that service provider or user can ratify the flow transmission between link.PE equipment 204 can be a part for bearer network 202, and CE equipment 208 may be located at the outside of bearer network 202.PE equipment 204 and CE equipment 208 can be subordinated to different management systems.By CE equipment 208 and PE equipment 204, eBGP connects 210 can promote station network 206 and communicating between Internet Service Provider.PE equipment 204 can by VPN 222, utilize cover type tunnel 212 to transmit data.

DC service provider 218 can utilize data center's gateway router (data center gateway router, DCGR) 216 to couple VPN 222.PE equipment 204 from bearer network 202 can couple DCGR216 by comprising the physical interface of multiple AC.DCGR216 can be as multiple CE equipment 208.DC service provider 218 can include one or more vDC220, using the teaching of the invention it is possible to provide calculates, store and other network services.VDC220 can be a logic entity, it is possible to operate in any hardware combination in a physical site, or on the hardware in multiple website, or on arbitrary virtualized networked devices.Such as, virtualized networked devices can be terminal, and this terminal or operation in management program, or be attached on the virtual switch in management program.The connection of logic entity is not confined to any physical or logical links set by the use of term vDC.

One or more vDC220 can be distributed to VPN 222.EBGP connects the 210 information exchanges that may be used between PE equipment 204 and DCGR216, thus allows another vDC220 to be automatically added to or leave WAN VPN 202.Other embodiments can also use eBGP to connect 210 between PE equipment 204 and CE equipment 208, thus the terminal in allowing network is automatically added to or leaves WAN VPN 202.The VPN that eBGP signal from PE equipment 204, for DCGR216 can be issued towards DCGR216 route, and the eBGP signal from DCGR216, for PE equipment 204 can perform to route call access control.In another embodiment, PE equipment 204 connects another PE equipment 204, and two PE equipment 204 can carry out route call access control.About in another embodiment of DC service provider 218, vDC220 can be distributed to different VPN, except the VPN 222 shown in Fig. 2.

Fig. 3 is the schematic diagram of the another kind of network 300 supporting terminal to add/leave virtual network that the embodiment of the present invention provides.Network 300 can include that bearer network 302, NVE304, server 306, VM308, cover type tunnel 312 and iBGP connect 314, generally, the most corresponding bearer network 102, NVE104, server 106, VM108, cover type tunnel 112 and iBGP connect 114.According to Fig. 3, NVE304 may reside on server 306, but cannot be present on the outside network device of Connection Service device 306.Server 306 can include server management system (being responsible for creating NVE), virtual network and VM.VM can be distributed to virtual service instance (virtual network) by server management system, and server software can be with security function and safety.It is positioned at the NVE304 (i.e. bgp peer) of server 306, it is possible to use iBGP connects 314 and other long-range NVE304 (i.e. bgp peer) and exchanges information, thus is automatically added to or leaves virtual service instance.

Fig. 4 is the schematic diagram of the another kind of network 400 supporting terminal to utilize Router Reflector 416 to add/leave virtual network that the embodiment of the present invention provides.Network 400 can include that bearer network 402, NVE404, server 406, VM408, cover type tunnel 412 and iBGP connect 414, generally, the most corresponding bearer network 302, NVE304, server 306, VM308, cover type tunnel 312 and iBGP connect 314.Similar with Fig. 3, it is internal that NVE404 is present in server 406.Additionally, network 400 may further include Router Reflector 416, connect 410 coupling server admin tissue systems 418 by eBGP.Additionally, Fig. 4 can also use Router Reflector 416 rather than the iBGP connection performing between NVE/PE (i.e. bgp peer) as shown in figures 1 and 3.It is basically identical that eBGP connection 410 and eBGP connects 110.

According to Fig. 4, server admin tissue system 418 can use eBGP to connect 414 and notify route Reflector 416 is about VM position in virtual network.Server admin tissue system 418 can be responsible for Servers-all and VM, such as, create, delete and mobile VM.Server admin tissue system 418 can also be by VM or server-assignment to virtual network, such as NVO3.Router Reflector 416 can receive the more new information from server admin tissue system 418, and by iBGP connection 414, this message is transmitted to associated server 406, peer group or other relevant group.NVE406 can receive more new information and update forward table.When receiving the more new information from NVE406, Router Reflector 416 will not forward that message to server admin tissue system 418.EBGP connects the 410 information exchanges that may be used between Router Reflector 416 and server management system 418, thus allows server 406 and/or VM408 (i.e. terminal) be automatically added to or leave virtual network.Management system can also utilize eBGP to inquire about VM position and terminal-terminal connectivity, and/or association QoS or bandwidth requirement.

Fig. 5 A is the schematic diagram that a kind of BGP that the embodiment of the present invention provides opens message 500.Bgp peer can be arbitrarily for running the network equipment of BGP Routing Protocol, such as, support NVE, server, PE equipment, CE equipment, the equipment of DCGR, as shown in Figures 1 to 4.After basic transmission control protocol (Transmission Control Protocol, TCP) is set up, BGP can be exchanged between two bgp peers and open message 500, thus create BGP and connect.BGP opens message 500 can include message header field 502, version field 504, AS field 506, retention time field 508, BGP identifier field 510, optional parameters length field 512 and optional parameters field (opening capabilities list shown in Fig. 5 A) 514.Message header field 502 can include header type field, represents type of message；Message header length field, represents the length of message header；And message header tag field, represent the entire length of message.In other embodiments, BGP message type may include turn on message, more new information, keep-alive message, notification message, dynamic capability message, route refresh messages and advisory message.The length of header type field, message header length field and message header tag field can be about an eight bit byte, two eight bit bytes and 16 eight bit bytes respectively.

The length of version field 504 can be about eight bit byte, and is without the positive and negative integer divided, and represents the protocol version of message.Such as, version field 504 can represent that bgp protocol version is 4.The length of autonomous system field 506 can be about two eight bit bytes, represents the autonomous system number of bgp peer sender.The length of retention time field 508 can be about two eight bit bytes, and this field is without the positive and negative integer divided, and represents the value about the retention time that BGP sender proposes, and unit is the second.The length of BGP identifier field 510 can be about four eight bit bytes, and can be used to identify the IP address distributing to bgp peer sender.The length of optional parameters length field 512 can be about eight bit byte, and is without the positive and negative integer divided, and represents the total length of optional parameters field 514.

Optional parameters field 514, indefinite length, depends on that BGP opens the quantity of the parameter of coding in message 500.Optional parameters can include ability optional parameters 516, helps to transmit new ability in a bgp session, it is also possible to being called and open Capability promulgation, as described in IETF RFC5492, entire contents has been incorporated in the application.Ability optional parameters 516 lists the ability 516 supported by bgp peer.Internet Assigned Number Authority (Internet Assigned Numbers Authority, IANA) can define different abilities and be registered in IANA capability code (see this website: www.iana.org/assignments/capability), entire contents has been incorporated in the application.Retain the parameter of some of them ability thus to make private between two bgp peers.The ability of these privates possibly cannot find in IANA capability code.Can be that a bgp session determines one group of general ability with handling capacity exchange between two bgp peers.Such as, add/leave (VPN in Fig. 5 A) opening ability 518 can be a kind of ability included in optional parameters field 514.

Fig. 5 B is the schematic diagram that the another kind of BGP that the embodiment of the present invention provides opens message 520.BGP opens message 520 can include optional parameters length 522 and extension optional parameters length field 524, is different from BGP and opens message 500.Optional parameters length 522 can include the value of 255 (0xFF), represents that extension BGP opens the form of message 520.The length of extension optional parameters length field 524 can be about two bytes, is used for representing the extension length of optional parameters 514.After extension optional parameters field 524 can be placed on optional parameters length 522, before opening capabilities list 514.BGP opens other fields of message 520 and BGP opens the basically identical of message 500.

BGP opens addition that message 500 and 520 can include in optional parameters 514/leave capable field 518.Fig. 5 C is the schematic diagram of a kind of addition/leave capable field that the embodiment of the present invention provides.As shown in Figure 5 C, add/leave capable field 518 and can include adding/leave parameter type 526, about eight bit byte of length；Add/leave parameter length 528, about eight bit byte of length；And add/leave parameter value 530.Adding/leave parameter type 526 can represent, ability parameter is to add/leave ability.Add/leave parameter length 528 and can represent the length adding/leave parameter value 530.

About adding/leave parameter value 530, size can be indefinite, can include a flag version field 532, about eight bit byte of length；Add/leave VPN unit digital section 534, about eight bit byte of length；And multiple unit 542, about five eight bit bytes of length.Flag version field 532 can represent the coded system adding/leave parameter value 530.In a certain embodiment, for the addition/leave parameter coding of version 0, flag version field 532 can be set to 0.Add/leave unit digital section 534 and can represent the quantity (such as, having n unit) adding/leave unit 542 in parameter value 530.Each unit 542 can associate a specific virtual network.

Fig. 5 D is the schematic diagram of a kind of flag field 536 that the embodiment of the present invention provides.Each unit 542 can include a flag field 536, about eight bit byte of length；One AFI field 538, about two eight bit bytes of length；And a SAFI field, about eight bit byte of length.As shown in Figure 5 D, AFI field 538 and SAFI field 540 may be used for the RIB of associated virtual network.Flag field 536 can include that All AFI/SAFI flag 544, extended community flag 546, optional transitive property flag 548, dynamic capability signaling flag 550, status message flag 552, bandwidth support flag 554, service quality (Quality of Service, QoS) flag 556 and route refresh flag 558.The length of each flag 544,546,548,550,552,554,556 and 558 may each be about a bit.Extended community flag 546 can represent, have sent BGP and opens the bgp peer of message 500 and 520 and extended community attribute will be used in bgp update message to transmit to add/leave VPN information.Optional transitive property flag 548 can represent, have sent BGP and opens the bgp peer of message 500 and 520 and can use and add/leave VPN BGP transitive property to transmit BGP bit value.Dynamic capability signaling flag 550 can represent, can transmit addition/leave message by dynamic capability mechanism, and this information can be dynamically to add ability or the VPN addition/leave message of reality.Status message flag 552 can represent, can transmit addition/leave message by bgp state message.BW supports that flag 554 can represent, the bandwidth demand of transmission in addition/leave message.QoS supports that flag 556 can represent, QoS information can be transmitted in VPN.As it is known by the man skilled in the art that other forms of flag field 536 can be applied to add/leave function.

Seeing Fig. 5 C and 5D, if already provided with All AFI/SAFI flag 544 (such as, data value is 1), this value represents, can ignore All AFI the field 538 and SAFI field 540 in corresponding units 542.Such as, if already provided with All AFI/SAFI flag 544 in the flag word of unit n542, then the data value of AFI field 538 and SAFI field 540 in unit n542 can be ignored.If All AFI/SAFI flag 544 is also not provided with (such as, data value is 0), then in unit 542, the byte of AFI field 538 and SAFI field 540 can serve as flag.Based on local policy, all AFI field 538 and SAFI fields 540 can be set to flag field 536, and AFI field 538 and SAFI field 540 is not the field of respective fictional network settings before.

Fig. 6 is the schematic diagram that a kind of BGP that the embodiment of the present invention provides opens message exchange procedure 600.Bgp peer 1602 can send BGP and open message 604a, and this message is carried and opened capabilities list 514, including route refresh ability 516a, dynamic capability 516b, consulting state capabilities 516c and addition/leave VPN ability 518.According to adding/leave the value shown in VPN ability 518, the flag of its unit 1542 is set to All AFI/SAF, extended community, dynamic capability, status message, BW supports, QoS supports (seeing Fig. 5 D).After receiving 604a, bgp peer 2602, according to local policy, determines which supporting function it has to adding/leave VPN ability, and beams back the 2nd BGP and open message 604b as the response to bgp peer 1602.BGP opens message 604b and can include adding/leave VPN ability 518, advisory capactiy 516c, dynamic capability 516b, but does not include route refresh ability 516a.No matter ability adds or removes, such as route refresh ability 516a, and the BGP sent by bgp peer 2 all without impact opens the addition carried in message 604b/leave VPN ability 518.As shown in Figure 6, BGP opens message 604a identical with the value of unit in 604b 1 (such as, having set all flags).After receiving and opening message 604b from the BGP of bgp peer 2602, bgp peer 1602 sends BGP keep-alive message 606 as response to BGP2602.

Fig. 7 is the schematic diagram that a kind of BGP that the embodiment of the present invention provides opens message exchange procedure 700.Dynamic capability 516b, advisory capactiy 516c and addition/leave VPN ability 518 are carried and are sent to bgp peer 2602 in BGP opens message 602 by bgp peer 1602.As it is shown in fig. 7, the identification bit position in unit 1542 is set to AllAFI/SAFI, extended community, dynamic capability, status message, BW supports, QoS supports (seeing Fig. 5 D).Bgp peer 2602 can not support to add/leave VPN ability 518 or advisory capactiy 516c, and sends carrying from the error code 710 and byte adding/leave ability 518 in notification message 708.Support to add/leave VPN ability 518 as it is shown in fig. 7, bgp peer 2602 will not set up bgp peer session together with bgp peer 1602.The BGP comprising the acceptable ability of opening 514 by sending another bar opens message 604, and bgp peer 1602 may proceed to set up bgp peer session.Nonrestrictive enumerating at this, the acceptable ability of opening 514 can be to add/leave VPN ability 518.It follows that bgp peer 2602 can send and carry the BGP of dynamic capability 516b and open message 604b as response, thus create bgp peer session.It follows that BGP keep-alive message 606 can be sent by bgp peer 1602.

Fig. 8 is the schematic diagram that the another kind of BGP that the embodiment of the present invention provides opens message exchange procedure 800.Fig. 8 illustrates and adds/leave VPN ability 518 and consult the ability of feature in BGP negotiations process.Bgp peer 1602 can send BGP and open message 602, and this message carries dynamic capability 516b, 516c and addition/leave VPN ability 518.Unit 1542 in adding/leave VPN ability, can be set to following field: All AFI/SAFI, extended community, dynamic capability, status message, BW support, QoS supports (seeing Fig. 5 D) by identification bit position.Bgp peer 2602 can be based on user policy signal, it is possible to utilize extended community attribute, only exchanges and adds/leave VPN information, it is also possible to do not support the bandwidth information about VPN or QoS information.In order to show this point, bgp peer 2602 sends BGP and opens message 604b, and this message carries and adds/leave VPN ability 518 and dynamic capability 516b.Carry the addition in BGP opens message 604b/leave VPN ability 518 and the flag in unit 1542 can be set to All AFI/SAFI field and extended community field.Bgp peer 1602, after receiving BGP and opening message 604b, accepts to add/leave VPN exchange, and only utilizes this feature of extended community.It follows that once bgp peer session establishment, bgp peer 1602 will send BGP keep-alive message 606.

Fig. 9 A is a kind of schematic diagram utilizing bgp update message 902 to realize BGP exchange process 900 that the embodiment of the present invention provides.Fig. 9 A illustrates, bgp peer 1602 sends bgp update message 902, and this message includes the field of normal bgp update message, as cancelled length 906, cancelling field 908, BGP path attribute 910 and Network Layer Reachable Information (network layer reachability information, NLRI) 918.BGP path attribute 910 can include three kinds of different BGP path attributes: multi-protocols reachability attribute 912, extended community add/leave VPN attribute 914 and add/leave VPN attribute 916.Those of ordinary skill in the art know about these attributes.After receiving bgp update message 902a, bgp peer 2602 beams back another bgp update message 902b.Direct corresponding relation is not had, only in addition to extended community adds/leaves VPN attribute 914 and adds/leave VPN attribute 916 between two required message.Nonrestrictive enumerate at this, be included in the VPN among bgp update message 902a and add request and can be added/leave VPN attribute 914 by bgp peer 1602 by extended community and add/leave VPN attribute 916 and send.Bgp peer 2602 sends bgp update message 902b as response, wherein comprises extended community and adds/leave VPN attribute 914 and add/leave VPN attribute 916.One request/response links together to passing through VPN identifier (i.e. DC ID, VPN ID and safe ID), it is not necessary to transmit.BGP transfer mechanism, as comprised the TCP of informative abstract 5 (Message Digest5, MD5), can be used to the order kept between different messages.

As shown in Figure 9 A, during bgp session, extended community add/leave VPN attribute 914 and add/leave VPN attribute 916 can be carried along with NLRI field 918.Therefore, bgp peer 1602 and bgp peer 2602 can perform control about the management of VPN rather than just confirm the demand to rule after loading rule when necessary.VPN rule can include the bar a series of, the thousands of project about rule.Automatically signaling can set up safety guarantee, safe ID represent, the most as shown in Figure 9 B.All types of accessibilities all can be filtered out by vDC, until VPN sets up, or the traffic load of vDC Intranet alleviates.Reachability information can be included in bgp update message 902a and 902b the reachability information transmitted or the reachability information from vDC this locality packet flow.If as shown in Figure 9 A, bgp peer 2602 is positioned at PE equipment side, and in this embodiment, automatic signaling can load about BGP filtration, packet filtering and the various types of rules flowing through filter.Additionally, utilize about 4, the length of 096 eight bit byte and about 65, the extension BGP packet bag of 535 eight bit byte length is long, and bgp update message 902a and 902b, while transmission BGP NLRI, can transmit the many bytes adding/leave VPN about BGP.The synchronization allowing data stream and automatically rule to set up is processed in band.

A kind of schematic diagram utilizing addition/leave message and addition/the leave extended community path attribute 914 that VPN attribute 916 carries out encoding that Fig. 9 B is that the embodiment of the present invention provides.Extended community path attribute 914 can be encoded to the opaque extended community of BGP.Extended community path attribute 914 utilizes addition/leave message to encode, and can include the type high field 920 of standard, about byte of length, and the low field of type 922, about byte of length.The low field of type 922 can connect and add/leave parameter value 932, about six eight bit bytes of length.Add/leave parameter value 932 and can include DC ID928 (about two eight bit bytes of length), VPN ID926 (about two eight bit bytes of length), safe ID924 (about eight bit byte of length) and flag bit 930 (about eight bit byte of length).DC ID924, VPN ID926 and safe ID928 collectively constitute a unique identifier, add/leave VPN for service in mark band.Type high field 920 and the low field of type 922 can be used to represent the type of extended community path attribute.DC ID924 can identify vDC, and VPN ID926 can identify VPN, safe ID928 and can identify concrete secure identifier.Such as, DC ID924, VPN ID926 and safe ID928 are encoded, DC ID924 can be set to 0x0100, VPNID926 is set to 0x0020, safe ID is set to 0x30.Fig. 9 B use flag bit 930 represents that VPN asks for All AFI/SAFI, adds request, searching acceptance, version 0 form, asks without bandwidth support, without QoS support request and route.Next will be discussed in detail extended community path attribute 914.

In another embodiment, flag bit 930 can be used to as response.Such as, in figure 9 a, bgp peer 2602 sends bgp update message 902b as response to bgp peer 1602.Consequently, it is possible to VPN can be identified by the value (respectively 0x0010,0x0020 and 0x30) of above DC ID924, VPN ID926 and safe ID928 (seeing Fig. 9 B).But, flag bit 930 can be used to as response, represents refusal and accepts.After bgp peer 1602 receives this information, bgp peer 1602 will know that, the VPN of bgp peer 2602 side automatically arranges and completes.This embodiment can also be according to locally configured, optionally by request/response order time-out.It follows that will specifically discuss the coding of flag bit 930 in Fig. 10.

The one that Fig. 9 B also illustrates the embodiment of the present invention and provides adds/leaves VPN attribute 916.Adding/leave VPN attribute 916 can be to add/leave VPN transitive property, including attribute type 934 (about two eight bit bytes of length), attribute length 936 (about two eight bit bytes of length), sub-type field 938 (about three eight bit bytes of length), add/leave group digital section 940 (about eight bit byte of length), and a series of addition/leave group field 942 (indefinite length).Attribute type 934 can represent the type of a kind of optional transitive property, and attribute length 936 can represent the length adding/leave VPN attribute 916.Sub-type field 938 can be used to receive extra addition/leave VPN group.In a certain embodiment, each group field 942 can be encoded to subtype 0.

Group field 942 is encoded, can include organizing ID944 (about two eight bit bytes of length), length field 946 (about two eight bit bytes of length), DC ID948 (about four eight bit bytes of length), VPN ID950 (about four eight bit bytes of length), safe ID952 (about four eight bit bytes of length), flag digital section 954 (about four eight bit bytes of length), list of gateways 956 (indefinite length), bandwidth profile list 958 (indefinite length) and QoS profile list 960 (indefinite length).Flag digital section 954 can include the addition of an eight bit byte/leave VPN flag, the gateway number of an eight bit byte, bandwidth profile number and QoS profile number.Such as, group field 942 is encoded, DC ID (x0020), VPN ID (x0030) and safe ID (x40) can be utilized, flag digital section 954 and flag bit are set to IPv4/ clean culture SAFI, including VPN add request, seek acceptances, version 0 form, without bandwidth support, point out without QoS support, gateway, without bandwidth profile (utilization value be 0 flag be configured), without QoS support (utilization value be 0 flag be configured), gateway prompt for 200.2.1.3/32IPv4.In another embodiment, can be using group coding as the response adding/leave attribute.Being with the difference of coding in above citing, identification bit position is set to response rather than request.Will be discussed in more detail in Fig. 10.

Group field 942 is encoded, bgp peer can be allowed to send the prompting of available gateway, be used for carrying out load sharing.Such as, in figure 9 a, bgp peer 1602 sends available gateway prompting to bgp peer 2602, for load traffic load.When bgp peer 2602 determines that gateway sends, load-sharing strategy can be generalized between 2 of network by bgp peer 1602, because knowing that bgp peer 2602 also can set up same strategy.If additionally, the gateway of the gateway sent in bgp peer 2602 list of gateways and bgp peer 1602 does not echoes, then these gateways are not available to the prompting as bgp peer 2602.The gateway of all promptings can be sent to bgp peer 2602 by bgp peer 1602, or is sent to bgp peer 1602 by bgp peer 2602, and the prompting of these gateways can be transferred through the local policy of bgp peer recipient and confirms.

Figure 10 is the schematic diagram of the another kind of bgp update message 1000 that the embodiment of the present invention provides.Bgp update message 1000 can include bgp update message header 904, cancel route length 906, cancel route 908, path attribute 910 and NLRI918.Extended community path attribute 1006 is encoded, it is possible to use extended community path attribute type 1008, path attribute length 1010, series group 1012 and add/leave extended community 1014.The indefinite length of extended community path attribute type 1008, series group 1012 is about eight eight bit bytes with the length adding/leave extended community 1014.Utilize extended community field to realize adding/leave function, can allow to encode across multiple bgp update fields.

Add/leave extended community function 1014 and can be encoded to opaque extended community, including type high field 1016, the low field of type 1018, DC ID1020, VPN ID1022, safe ID1024 and flag ID1026, generally, the field 920,922,924,926,928 and 930 in difference corresponding diagram 9B.Flag bit field 1026 can include owning/SAFI flag 1028, add/leave flag 1030, response/request flag 1032, accept/refusal flag 1034, the high flag of version/safety 1036, the low flag of version/safety 1038, BW support flag 1040 and QoS support flag 1042, all of length may each be about a bit.All AFI/SAFI flag in 1028 allows an independent item to support All AFI/SAFI.If with the addition of other more specifically AFI/SAFI, then can be created in VPN adds/leave interaction as the more specifically project about AFI/SAFI, this AFI/SAFI.Add/leave flag 1030 and represent that whether bgp update message is for adding/leave request or response.In one embodiment, be set to data value 1 when adding/leave flag 1030, then bgp update message is for adding request, and works as data value and be set to 0, then bgp update message is for leaving request.Response/request flag 1032 can indicate whether as the request (such as, data value is 0) in interaction or response (such as, data value is 1).Accept/refuse flag 1034 and can represent whether request is accepted (such as, data value is 0) or refusal (such as, data value is 1).The default value accepting/refuse flag can be set to " acceptance ".The high flag of version/safety 1036 and the low flag of version/safety 1038 can provide the version field of two bits, are used for representing the version of flag.BW supports that flag 1040 indicates whether bandwidth on demand support.QoS supports that flag 1042 can indicate whether to ask QoS to support.

Figure 11 is the schematic diagram of the another kind of bgp update message using extended community form that the embodiment of the present invention provides.BGP adds/leave VPN extended community field 1102 can use the AS route target extended community form of 2 bytes.Extended community field 1102 coding in embodiments can depend on VPN type.Type high field 1104 and the low field of type 1106 are in corresponding types high field 1016 and the low field of type 1018 generally respectively.But, the data value of type high field 1104 can be 0x40 or 0x00, and the data value of the low field of type 1106 can be 0x02.BGP adds/leaves VPN extended community field 1102 and can also include adding/leave parameter value 1118.Add/leave the DC ID of overall AS field that parameter value 1118 can include in 1108, VPN ID1112, safe ID1114 and addition/leave flag 1116.VPN ID1112, safe ID1114 and addition/leave flag 1116 can be set value by local administrator.Same, DC ID1108 in overall situation AS field, VPN ID1112, safe ID1114 and addition/leave the field 1020,1022,1024 and 1026 that flag 1116 is the most similar to Figure 10.In another embodiment, BGP adds/leaves the AS route origin that VPN extended community field 1102 can be two bytes, utilizing data value 0x00 or 0x02 to encode type high field 1104, field 1106 low to the type utilizing data value 0x03 to encode encodes.

Figure 12 is the schematic diagram of the another kind of bgp update message using extended community form that the embodiment of the present invention provides.BGP adds/leaves VPN extended community field 1202 and may be used for including route target 0x02 or the IPv4 address of route origin 0x03.Type high field 1204, the low field of type 1206, flag 1212 are generally distinguishing corresponding field 1104,1106,1116.Adding/leave the DC ID prefix field 1208 in parameter value 1214 can be with a length of four eight bit byte, consistent for identifying the global prefixes in extended community source.VPN id field 1210 is similar with VPN id field 1112, and simply VPN id field 1210 can shorten the length of about eight bit byte.The data value of type high field 1204 can be 0x40 or 0x02, and the data value of the low field of type 1206 can be 0x02 and 0x03.In another embodiment, BGP adds/leaves AS group route target/origin that VPN extended community field 1202 can be a length of four eight bit bytes.The data value of type high field 1204 can be 0x41 or 0x01, and about the data value of the low field of type 1206, during for route target, can be 0x02, during for route origin, can be 0x03.

Figure 13 is the schematic diagram of the another kind of bgp update message using extended community form that the embodiment of the present invention provides.It can be the address that IPv6 identifies for extended community attribute that BGP adds/leave VPN extended community field 1302.Corresponding field 1104,1106,1114 and 1116 is generally being distinguished in type high field 1304, the low field of type 1306, safe ID1312 and addition/leave flag 1314.Similar with Figure 12, for route target, the low field of type 1306 can utilize 0x02 to encode, and for route origin, it is possible to use 0x03 encodes.Add/leave parameter value 1318 and can include IPv6ID DC ID1308 and local administrator value 1316.IPv6ID DC ID1308 length in the IPv6 network address is about 14 bits.Local administrator value can include VPN ID1310, safe ID1312 and flag bit 1314.VPN ID1310 and VPN ID1210 is basically identical, and simply the length of VPN ID1310 is about four bytes.

Return Fig. 9 A, 9B and 10, for example, exchange about the BGP message between bgp peer 1602 and bgp peer 2602, BGP extended community attribute can be utilized to send addition VPN request to bgp peer 2602 by bgp peer 1602.Extended community attribute 914 can use opaque group form, the most as shown in Figure 9 B.Exchange between bgp peer 1602 and bgp peer 2602 can relate to DC ID (being equivalent to 0x0010), VPNID (being equivalent to 0x0020) and safe ID (being equivalent to 0x30).The form of flag bit 930 can be for the flag field 1026 shown in Figure 10, and simply the data value of type high field 1016 can be 0x43 or 0x03.Flag bit 930 can be sent by bgp peer 1602, and can BGP VPN information flag be set to: All AFI/SAFI, adds, ask, accept, version 0, support without BW, without QOS support.This shows that bgp peer 1602 asks to add identified VPN.As response, bgp peer 2602 will send following flag bit: all AFI/SAFI, adds, respond, accept, version 0 form, support without BW, without QOS support.In-band signaling successfully, and the automatically configuring and complete of agreement.Although Fig. 9 A illustrates the orderly exchange between two bgp update message 902, as it is known by the man skilled in the art that much bgp update message 902 to be still able to from bgp peer 1602 and send toward bgp peer 2602 between two message of display.VPN identifier (such as, DC ID, VPN ID and safe ID) and AFI/SAFI can follow the tracks of suitable information thus set up VPN.

After adding VPN, exchange about the BGP message between bgp peer 1602 and bgp peer 2602, it is possible to use BGP extended community attribute sends leaves VPN request.In order to realize leaving request, the value adding/leave VPN flag 1030 can be set to data value 0, represent that bgp peer 1602 is asking to leave VPN.Bgp peer 2602 can send the response of leaving including All AFI/SAFI, accepts to discharge this VPN.Similar with adding request, many bgp update message 902 can be transmitted between bgp peer 1602 and bgp peer 2602 back and forth.

Figure 14 is the schematic diagram that the one that the embodiment of the present invention provides " regards as recalling " fault processing.From generally, type high field 1406, the low field of type 1408, DC ID1410, VPN ID1412, safe ID1414, flag bit 1416 are the same with the field 1016,1018,1020,1022,1024,1026 shown in Figure 10.When an extra byte be inserted into extended community add/leave VPN field 1402 time, need perform " regarding as recalling " fault processing.As shown in figure 14, a low field of extra type 1404 has been placed on normal extended community and adds/leave before VPN field 1402.Bgp peer 2602 receives bgp update message 904, and adds/leave VPN field 1402 by the extended community of a length of nine eight bit bytes and regard as mistake, recalls the NLRI that BGP fault processing is issued.In view of the extra low field of type 1404, bgp peer 2602 have ignored extended community and adds/leave the value of VPN field 1402.Bgp peer 1602 can carry out Detectability loss by a period of time or other miscues.

When realizing extended community and adding/leave VPN field 1402, the another kind of mistake that processes includes, the illegal value in release format that flag bit 1416 is not supported and/or type field 1408.Bgp update message 902 can send between bgp peer 1602 and bgp peer 2602.Such as, bgp peer 1602 can send a bgp update message 902, carries the low field of type 1408 (including illegal value 77) and flag bit 1416 (including illegal version value " 02 ").All these parsing mistakes all may cause VPN addition request to be rejected.Bgp peer 2602 can send another bar bgp update message 902, carries same illegal type field 1408 and same flag field 1416, and this field is sent by bgp peer 1602.

Figure 15 is the schematic diagram that the another kind that the embodiment of the present invention provides utilizes the bgp update message 1500 of optional transitive property.From generally, bgp update message header 1502, cancel routes length field 1504, cancel the most corresponding field 904,906,908,1002 and 1004 shown in Figure 10 of route field 1506, total path attribute length 1508 and path attribute 11510.Addition shown in optional transitive property 1512 and Fig. 9 B/leave optional transitive property 916 is basically identical.NLRI1514 and NLRI918 is basically identical.In addition, from generally, add/leave optional transitive property Class1 516, add/leave optional transitive property length 1518, sub-type field 1520, number 1522, add/leave VPN group field 1524, ID1526, length 1528, DC ID1532, VPN ID1534, safe ID1536, flag bit 1538, gateway (Gateway, GW) list 1546, profile the list 1550 and QoS list 1554 respectively field 934,936,938,940,942,944,946,948,950,952,954,956,958 and 960 shown in corresponding diagram 9B.GW number 1540, BW number 1542 and QoS number 1565 represent gateway, BW profile and the quantity of QoS profile respectively.

GW list 1546 can include multiple GW profile 1548.BW profile 1552 comprises a bandwidth value field 1554 (length is about four eight bit bytes), associates the number 1556 (length is about an eight bit byte) of the prefix of this bandwidth, AFI field 1558 (length is about two eight bit bytes), SAFI field 1560 (length is about an eight bit byte) and a series of prefix length value (indefinite length), can be used to utilize bandwidth value 1554.QoS list 1565 can include multiple QoS profile 1566, wherein, each QoS profile 1566 can include a qos value 1568 (length is about four eight bit bytes), QoS prefix number 1570 (length is about an eight bit byte), AFI field 1572 (length is about two eight bit bytes), SAFI field 1574 (length is about an eight bit byte) and a series of prefix length 1576 and 1578 comprising qos value.The technical staff being familiar with bgp protocol field both knows about digital section 1556 and 1570, AFI field 1558 and 1572, SAFI1560 and 1574, a prefix length 1562,1564,1576 and 1578.

Return Fig. 9 A, for example, bgp update message 902 can send between bgp peer 1602 and bgp peer 2602, and this message includes adding/leave optional attribute 1512, is used for performing to add/leave VPN.BGP peer-to-peer 1602 sends bgp update message 902, uses the form that those of ordinary skill in the art know about, including cancelling routes length field 1504, cancelling route 1506, path attribute and NLRI1514.One group field 1524 can be encoded, DC ID1532 is 0x00002010, VPN ID1534 is 0x12341246, safe ID1536 is 0x30010203, the bit of flag bit 1538 be set to All AFI/SAFI, add, ask, version 0 form, gateway prompting number 2, bandwidth number 1, QOS number 1.The gateway of prompting can be 192.15.1.1 and 192.5.1.1.The value of first bandwidth profile 1552 can be 5, and individual digital section 1556 has a prefix.AFI/SAFI field 1558 and 1560 can identify VPN IPv4/ clean culture, and its prefix length value 1562 is 128.2/16.In QoS profile 1566, qos value 1568 can be 3, and individual digital section 1570 can be 1.AFI/SAFI field 1572 and 1574 can identify VPN IPv4/ clean culture value, and its prefix length value 1576 is 128.4/16.Bandwidth profile in this field allows to be automatically assigned to this bandwidth profile those for IPv4 unicast traffic, arbitrary network in 128.2/16 prefix ranges or terminal.When qos value is 3, QoS profile can be distributed to arbitrary network, wherein comprise the AFI/SAFI of IPv4 clean culture, and in the prefix ranges of 128.4/16.

After bgp peer 602 receives bgp update message 902, bgp peer 2602 can be beamed back a BGP and add/leave path attribute, wherein comprises identical DC ID1532, VPN ID1534, safe ID1536, BW profile 1550, GW profile 1546 and QoS profile 1554.But, flag bit word 1538 flag can be set to All AFI/SAFI, add, respond, accept, version 0 form.In bgp peer 2602 side, have been added in VPN, and send the bgp update message 902 comprising path attribute.Again, these attributes in bgp update message 902 can be dispersed in much bgp update message 902 or keep-alive message.Postpone the length of a bgp peer, can allow to beam back other bgp update message 902 or keep-alive message, be locally configured problem.

Bgp peer 1602 can send bgp update message 902 to bgp peer 2602, and this message is processed by optional transitive property leaves VPN request.Utilize DC ID1532 (data value is 0x00002010), VPN ID1534 (data value is 0x12451256) and safe ID1536 (data value is 0x30010203), as shown in 1524, bgp update message 902 can identify VPN.In bgp update message 902, the VPN information of transmission can also include two gateway promptings, i.e. 192.15.1.1 and 192.5.1.1, and the prompting of this gateway is transmitted together with a bandwidth profile and a QoS profile.Bgp peer 2602 is after receiving bgp update message 902, it may be determined that bgp update message 902 effectively, and identifies VPN in bgp update message 902.Then, bgp peer 2602 can send bgp update message 902, and bgp peer 1602 VPN to be left is described, and this VPN is identified by DC ID0x00002010, VPN ID0x12451256 and safe ID0x30010203.In the bgp update message 902 sent by bgp peer 2602, flag bit field 1538 can be set to All AFI/SAI, accept to leave request, version 0 form.

As it appears from the above, BGP signaling can use and adds/leave field longer in BGP VPN path attribute in band, therefore, it is possible to utilize a part for whole resources of VPN or VPN resource to perform in-band signaling.For convenience, above-mentioned non-limiting, employ enumerating of optional transitive property, elaborate about the joining and departing from of all resources associating same VPN.In other embodiments, add/leave BGP VPN path attribute and can include the increase/deletion to herein below: AFI/SAFI scope, the gateway of various joint-use, different bandwidth profile and QoS profile, these projects are combined by strategy at crew-served bgp peer and controlled.

Bgp peer 1602 can send bgp update message 902 to bgp peer 2602, including adding/leave attribute 1512, use the release format (such as, version 1) established in flag bit 1538, but, and addition/leave message that bgp peer 2602 is accepted do not mates.Bgp peer 2602 can beam back a bgp update message 902, and including adding/leave attribute 1512, the flag in flag bit 1538 is set to " leave, respond, refuse ", and wherein, the value of version number field is 1, and other fields are as shown in 1530.Consequently, it is possible to bgp peer 2602 can according to adding/leave release formats different in bgp attribute 1512, thus be refused to add/leave request.

Figure 16 is a kind of schematic diagram with the BGP dynamic capability 1600 adding/leave VPN ability that the embodiment of the present invention provides.In a certain embodiment, BGP dynamic capability 1600 can be encoded in flag version field 1628 the dynamic interpolation/deletion ability of the version 0 determined.Flag bit field 1630 in unit can be impacted by flag version field 1628.Dynamic capability data packet format is a kind of ietf standard, can include BGP dynamic message head 1602, first eight bit byte 1604, serial number 1606, open capabilities list 1608.The most standardized also have initial (initialization, INIT)/confirmation (acknowledge, ACK) field 1610, confirmation/request field 1612, reserved field 1614, action field 1616.This standard also includes, ability of being opened by BGP is included in the ability opened in capable field 1608.Those of ordinary skill in the art both know about the field length in critical field and using method.Add/leave and open capabilities list 1608 and can include adding/leaving capability class 1618, add/leave length 1620, variable-length capability value field 1622.Adding/leave specific flag in flag 1630 in range site, variable-length capability value field 1622 can be used to encode the ability of version 0.Encode about the version 0 adding/leave VPN dynamic capability in 1630, meet the coding opening ability in the field 536 shown in Fig. 5.From generally, field 1624,1626,1628,1629,1630,1632,1634,1636,1638,1640,1642,1644,1646,1648,1650 distinguishes corresponding field 526,528,532,534,536,538,540,544,546,548,550,552,554,556,558.

Figure 17 is the schematic diagram of the another kind of variable-length capability value field 1700 that the embodiment of the present invention provides.Variable-length capability value field 1700 and variable-length capability value field 1622 are basically identical, and simply flag version field 1736 is for version 1 rather than version 0, it is therefore desirable to different flag bit field 1702.Flag bit field 1702 includes AllAFI/SAFI field 1716, adds/leave field 1718, response/request field 1720, reception/refusal field 1722, the high field of version/safety 1724, the low field of version/safety 1726, BW support 1728, QoS support 1730.Add/leave VPN ability format version 1 to can be used to transmission and add/leave VPN information.Field 1732,1734,1736,1738,1714,1702,1704 and 1706 corresponding field 1618,1620,1624,1626,1628,1630,1632 and 1634 respectively.Field 1716,1718,1720,1722,1724,1726,1728 and 1730 corresponding field 1028,1030,1032,1034,1036,1038,1040 and 1042 respectively.Those of ordinary skill in the art both know about, and dynamic capability contributes to configuration and adds/leave dynamic capability and utilization adds/leave ability serial number to determine order.Additionally, use is dynamically added/leaves capacity scheme and addition/leaving signaling can be space-minimized by using in the range of dynamic capability.Dynamic order is responsible for arranging the order of these requests.

Figure 18 is a kind of schematic diagram utilizing dynamic capability to carry out BGP message exchange between two bgp peers 1802 that the embodiment of the present invention provides.Bgp peer 1802 and bgp peer 602 are basically identical.Dynamic capability shown in Figure 18 can utilize version 0 coding to configure and add/leave VPN function and feature.Bgp peer 11802 can send BGP dynamic capability message 1600a, including BGP message head field 1602, followed by first eight bit byte 1604, sequence-number field 1606, opens capabilities list field 1608.First eight octet field 1604 can include that ability 1616 and confirmation/request field 1612 are added in action, wherein, when being provided with flag, it is desirable to confirm.Open capabilities list field 1608 can include adding/leaving dynamic capability Class1 618, add/leave dynamic capability length field 1620, ability value 1622, take 0 coding (i.e. version 0).INT/ACK field 1610 and reserved field 1614 can occur in first eight octet field 1604.

When bgp peer 11802 sends BGP dynamic capability message 1600a to bgp peer 21802, represent that bgp peer 11802 wants to exchange the addition opened in capabilities list 1608/leave VPN information.BGP dynamic capability message 1600 can include, the some or all abilities consulted in BGP opens message.Based on local policy, bgp peer 21802 can need for exchanging the BGP ability adding/leave VPN feature with positive assurance.Thus, bgp peer 21802 can send the 2nd BGP dynamic capability message 1600b, echoing value identical in capable field 1618,1620,1622, these fields all use version 0 to encode, and carry out BGP dynamic capability message 1600a that free bgp peer 1 sends.By encoding the ability value 1622 of version 0, can exchange and add/leave VPN information, this information includes extended community attribute, dynamic capability attribute, addition/leave optional transitive property, status message, route refresh, BW configuration and QoS configuration.Bgp peer 2 may determine that and adds ability to adding/leave VPN information, and this information can be transmitted in extended community, dynamic capability, optional transitive property, status message and the route refresh using BW information and QoS information.

Those of ordinary skill in the art both know about, and extension can use certain feature to add/delete BGP ability, and this ability takies action field 1616.When action field 1616 is set to " interpolation " function, the later serial number that can merge thus update BGP ability.This interpolation feature can allow two bgp peers to consult the change of the ability of opening sent in version 0.If action field 1616 represents " removing " function, in the range of dynamic capability message can remove latest update, being had the ability of catenation sequence number.

In another embodiment, about the BGP dynamic capability message 1600 of exchange between bgp peer, the form of version 1 can be used.Bgp peer 11802 can be sent by BGP dynamic capability message 1600 and add a VPN, and this message comprises BGP dynamic capability message header 1602, first eight bit byte 1604, serial number 1606, opens capabilities list 1608.Open capabilities list 1608 can include adding/leave VPN information, including adding/leave capability class 1618, adding/leave length 1620, add/leave value 1622.Such as, add/leave VPN information can include adding/leave the type of ability, length (about eight eight bit bytes), flag version (version is 1), number (1 unit), one unit comprises a flag word, AFI be IPv4, SAFI be clean culture.Flag word can represent the value of AFI/SAFI be 0, ask, accept, version 1, support without BW profile, without QoS support, AFI be IPv4, SAFI be clean culture.In the message header of dynamic capability, the value of INIT can be 0, and the value of ACK is 1, and interpolation action is 1, Serial No. 0x0011.

Bgp peer 21602 can send BGP dynamic capability message 1600b as response, this message with receive similar from BGP dynamic capability message 1600a of bgp peer 11602.Such as, in dynamic capability message header 1602, the value of INIT can be 1, and the value of ACK is 1, and the value of interpolation action is 0, and the value of serial number is 0x0011.Add/leave VPN information and can include a message header, including adding/leave the type of ability, length (about eight eight bit bytes), flag version (version is 1), number (1 unit), one unit comprises a flag word, AFI be IPv4, SAFI be clean culture.Flag word can represent the value of AFI/SAFI be 0, add, respond, accept, version 1, without BW profile, without QoS profile.

As implied above, dynamic capability message can add, deletes and update transmission and add/leave the BGP ability of VPN information, this information uses version 0 form, thus adds/leave VPN by the addition in dynamic capability message shot/leave Capability promulgation, and this message uses version 1.Dual use to dynamic capability provides the signaling mechanism including that sequence and renewal assist.

Figure 19 is the schematic diagram of a kind of status message 1900 and 1908 that the embodiment of the present invention provides, and is used for transmitting adding/leave bgp information.Figure 19 illustrates and encodes the addition/leave VPN information in BGP consulting status message 1900 and BGP mode of operation message 1908.Status message 1900 and 1908 can utilize ASCII (American Standard Code for Information Interchange, ASCII) text, and the text is limited by space.BGP consulting 1900 can include a BGP advisory message 1902, (length is about two eight bit bytes to sub-type field 1904, it is set to 0x01, so that transmission state), state information field 1906 (length is about four eight bit bytes, in order to transmission adds/leave VPN information).State information field 1906 can include the status information comprised in state information field 1916, bandwidth profile list 1940 and QoS profile list 1944.

BGP operation information 1908 can include BGP operation information Class1 910, type field 1912 (length is about two eight bit bytes), length field 1914 (length is about two eight bit bytes), state information field 1916 (including addition/leave message).Figure 19 illustrates field 1918,1920,1922,1924,1926,1930,1932,1934,1938,1942,1946,1947,1948,1950,1952,1954,19561958,1960,1962,1964,1966,1968, and its length is all represented by " vs " (vchar)." vs " length represents suitable ascii character can be utilized to carry out the field encoded, and this character is limited by space.The length of flag field 1928 can be about being two eight bit bytes, and wherein, the bit value of an eight bit byte can be similar with flag field 1538 usage shown in Figure 15.Depending on status message coded method, another eight bit byte can be transmission state (TX) or not transmit state (NX).The bgp update message comprising optional transitive property provides for the method transmitting status message, additionally, the transmission of BGP dynamic capability provides request/response method.

State information field 1916 includes adding/leave VPN information, basically identical with the field shown in Figure 15, such as, the form of field 1918,1920,1922,1924,1926,1928,1930,1932,1934,1936,1940,1944 and field 1526,1528,1532,1534,1536,1538,1540,1542,1544,1546,1550,1554 field is basically identical.Similarly, basically identical to the extension of BW profile 1552 in the optional transitive property shown in the extension of BW profile field 1942 and Figure 15.Therefore, from generally, field 1958,1960,1962,1964,1966,1968 distinguishes corresponding field 1554,1556,1558,1560,1562,1564.From generally, field in QoS profile 1946 and the field in add/leave the QOS profile 1562 of optional attribute about BGP are basically identical.Therefore, from generally, the field 1568,1570,1572,1574,1576,1578 shown in field 1947,1948,1950,1952,1954,1956 and Figure 15 is basically identical.Those of ordinary skill in the art both know about, extended format for the addition/leave message sent in adding/leave VPN attribute at BGP, send the ability of this form for whether allowing to build bridge between the different piece of network, most important, support the mixing of both the optional transitive property of BGP and status message.

The addition that BGP route refresh messages 2010 can utilize subtype to be 0/leave ORF2020 encodes.Subtype coding can cause the appearance of ORF types value 2035, is equivalent to add/leave VPN optional transition group 1524.Figure 20 illustrates route refresh messages, and this message includes message header 2011, length 2012, route refresh field (AFI field 2014, reserved field 2015 and SAFI field 2016) and about the ORF field 2020 adding/leave ORF.Add/leave ORF field 2020 to include: when refresh 2022, type field 2024, the length 2026 (length is about two eight bit bytes) of ORF item, serial number 2031 and ORF item 2030.Each ORF item 2033 can each include ORF action-coupling-type (Action-Match-Type, AMT) 2034 (length is about an eight bit byte) and ORF types value 2035.ORF types value 2035 includes the ID2051 about addition/leave message, length field 2052, group ID2046, list of gateways 2040, profile list 2042, QoS list 2044, and these are basically identical with the field 1526,1528,1530,1546,1550,1565 of Figure 15.The BW profile 1552 adding/leave BW profile 2070 and Figure 15 is basically identical.Add/leave the field 2082,2083,28084,2085,2086,2088 and 1554,1556,1558,1560,1562,1564 in BW profile 2070 basically identical.Add/leave QoS profile 2072 and QoS profile 1566 basically identical.Add/leave 2091 in QoS profile 2072,2092,2093,2094,2095,2096 and 1568,1570,1572,1574,1576,1578 basically identical.

Figure 21 is that the another kind that the embodiment of the present invention provides will add/leave the schematic diagram of the ORF field that VPN information is encoded in BGP route refresh messages 2000.BGP route refresh messages 2000 can use version 1 to encode.Sequence field 2031 in BGP route refresh messages 2000 can be set to 1, and the subtype 2032 in BGP route refresh messages 2010 can be set to 0, as shown in Figure 20.BGP route refresh messages can utilize extended community addition/leave message 2102 to encode ORF types value 2035.It is basically identical that extended community addition/leave message 2102 and extended community add/leave VPN field 1014.Flag bit field 1026 in flag bit field 2156 and Figure 10 is basically identical.

BGP route refresh messages 2000 can include that BGP route refresh messages type 2011, length field 2012, AFI field 2014, reserved field 2015, SAFI2016, when refresh field 2022, ORF type add/leave VPN2024, ORF item length field 2031 and ORF item field 2030.ORF item field 2030 can include that a sequence-number field 2031, adds/leave sub-type field 2032 and multiple ORF item 2033.Each ORF item 2033 can include ORF action-coupling-type (Action-Match-Type, AMT) 2034 (length is about an eight bit byte) and ORF types value 2035.ORF types value can add/leave field 2102 by extended community and encode.Field 1016,1018,1020,1022,1024,1026,1028,1030,1032,1034,1036,1038,1040,1042 in field 2151,2152,2153,2154,2155,2156,2161,2162,2163,2164,2165,2166,2167,2168 and Figure 10 is basically identical.

Figure 20 and 21 illustrates the different embodiments about BGP route refresh messages.BGP route refresh messages can transmit the coding about addition/leave message between different bgp peer set, and the grade that this peer-to-peer support transmission adds/leave VPN information is different.Such as, about the configuration of bgp peer, could be arranged to that only some bgp peer can support to utilize extended community transmission to add/leave VPN information, BGP adds and leaves attribute support, by dynamic capability transmission BGP additions/leave message, by consulting status message transmission BGP additions/leave message or pass through route refresh business transmission BGP addition/leave message.Based on the multiple embodiments provided for different abilities, addition/leave message can add for delivery to all supports/leave the bgp peer of the automatic in-band signaling of VPN.

During route refresh, can be sent some about the ORF policing type filtered.During adding/leave ORF, VPN information can be sent tactful automatically configuring, including filtration is provided.Route refresh ORF process can allow to add, remove and all remove function.Route refresh adds function and can be used to carry the addition feature adding/leave VPN, and remove function can be used to carry add/leave VPN leave feature.Can also transmit while transmission Figure 20 adds/leave VPN flag bit field 2060 and flag bit field 2156 and add/leave function.

What Figure 22 was that the embodiment of the present invention provides a kind of utilizes route refresh messages and ORF filter attribute to the mutual schematic diagram of the BGP message adding VPN.Bgp peer 2201 and bgp peer 602 are basically identical.In an exchange process including adding/leave the route refresh messages of VPN information, bgp peer 12201 can exchange BGP route refresh messages 2000 (such as, request) with bgp peer 22201.BGP route refresh messages 2000 can include the information adding VPN, this VPN is identified by herein below: data center ID (0x01020304), VPN ID (0x00001000), safety (0x0001002), in this article can be as the VPN Blue-boy during route refresh.Bgp peer 12201 can be as CE equipment, coupling vDC, can also realize utilizing BGP route refresh messages 2000a to send addition/leave message to bgp peer 22201 by Intranet, and bgp peer 22201 can be used for sending the request that bgp peer 1 adds VPN Blue-boy as PE equipment.Bgp peer 22201 can be used to accept network and terminal route, and the IPv4/ clean culture prefix of this route is 200.15/16, relates to the bandwidth profile 1 and QoS profile 3 of VPN Blue-boy.Then, bgp peer 22201 can accept the request that bgp peer 12201 adds VPN Blue-boy, concurrently returns route refresh messages 2000b, represents the request accepting to add VPN Blue-boy and requires to send route immediately.

Then, bgp peer 12201 can process route refresh messages 2000b, then, sends bgp update message 2202a, wherein carries route 200.15.21.1/32 and 200.15.1.128/25, and this route is used for being diffused in VPN Blue Boy.Bgp peer 12201 can complete automatically configuring of its VPN Blue Boy, it is also possible to determines the local policy about VPN Blue Boy, it is desirable to utilizes bgp update message 2202 to send the Deny about prefix 200.15.1/2 to bgp peer 2 and filters.Additionally, bgp peer 12201 can pass through route refresh address prefix ORF, the 3rd BGP route refresh messages 2000c is asked as route refresh, send a Deny to bgp peer 2 and filter.3rd BGP route refresh messages 2000c can filter 200.15.1/24.After receiving route refresh messages, bgp peer 22201 can send bgp update message 2202b to filter 200.15.1/24, unless occurred filtering about the Deny of 200.15.1/24.The route refresh cycle can stop route flow by in-band signaling, until existing VPN Blue Boy's has automatically configured.Filtration for route 200.15.1/25 ensure that PE equipment will not send this route to CE equipment.

As shown in figure 22, adding VPN when, it is also possible to add three routes: 200.15.2.1/32,200.15.128/25 and 200.15/16.The addition of associated bandwidth profile and QoS profile/leave VPN information can be transmitted together with prefix, such as, and prefix 200.15/16.Bgp peer 12201 and bgp peer 22201 can using the prefix of front transfer as network prefix main for VPN Blue Boy.

Figure 23 is that the another kind that the embodiment of the present invention provides utilizes route refresh messages and ORF filter attribute to the mutual schematic diagram of the BGP message adding VPN.Bgp peer 12201 can send route refresh messages 2000a to bgp peer 22201, including the addition/leave VPN ORF left in VPN Blue Boy request.Bgp peer 22201 can receive the route refresh messages 2000a about VPN Blue Boy, beams back route refresh messages 2000b to bgp peer 12201, including adding/leave VPN ORF, and asks to send immediately the route required by route refresh.As response, bgp peer 12201 sends bgp update message 2302, including cancelling route 200.15.2.1/32 about IPv4/ clean culture SAFI, 200.15.1.28/25 and 200.15/16.Bgp peer 12201 can proceed to process, and determines VPN Blue Boy strategy, for bgp peer 22201, needs 200.15.1/24 is carried out Deny filtration.Needing to remove this filtration, bgp peer 12201 can send secondary route refresh message 2000c to bgp peer 22201, remove filtration including address prefix ORF.Bgp peer 12201 can arrange the middle flag in route refresh messages 2000c, in order to bgp peer 22201 sends arbitrary ORF and filters the route blocked.After finding this route filtering, bgp peer 22201 can send bgp update message 2302b comprising NLRI200.15.1/24.Those of ordinary skill in the art both know about the flag needed for filtering and realize route refresh process, as depicted in figures 22 and 23.

In fig 23, after bgp peer 12201 removes VPN Blue-Boy, bgp peer 12201 can send request to cancel 20015.2.1/32,200.15.128/25 and 200.15/16.The VPN that these prefixes can be used to including BW profile and QoS profile encodes, thus combines all additions in addition/leave message/leave part necessary to VPN.

Route refresh adds/leave VPN ORF can echo the serial number adding/leaving in ORF VPN, and request is responded by this addition/leave VPN ORF.Such as, in fig. 22, bgp peer 12201 the route refresh addition request sent can send and add/leave ORF, and wherein, the value of serial number is 0x0010.Bgp peer 22201 can send and add/leave ORF, and wherein, the value of serial number is 0x0010.So ensure that adding request accepts consistent with what addition response accepted.Figure 23 can also echo the serial number that route refresh leaves in request.Addition in route refresh/leave VPN ORF can be encoded by bgp peer 12201, i.e. Serial No. 0x0020 adds/leave flag for leaving, ask, accepting.Bgp peer 22201 can beam back the route refresh messages including adding/leave VPN ORF, wherein Serial No. 0x0020, adds/leave flag for leaving, respond, accepting.

Figure 24 illustrates a kind of typical case, general network element 2400, and this element is corresponding, can be maybe a part for arbitrary network element described herein, such as server, switch, router or other arbitrary network nodes.Network element 2400 can include processor 2402 (may also be referred to as central processing unit or CPU), communicate with memory device, memory device includes: second memory 2404, read only memory (read only memory, ROM) 2406, random access memory (random access memory, RAM) 2408, input/output (input/output, I/O) equipment 2410 (such as transmitter and receiver) and network access device 2412.This generic network elements 2400 can also include, other elements any of generic network elements 2400.

Processor 2402 can realize as one or more cpu chips, can also be as one or more special ICs (application specific integrated circuit, and/or a part for digital signal processor (digital signal processor, DSP) ASIC).Processor 2402 can include a central processing unit or CPU.Processor 2402 can include a central processing unit or CPU.This processor can realize as one or more cpu chips.Generally, second memory 2404 includes one or more disc driver or magnetic tape controller, is used for processing the non-volatile memories of data, it is also possible to when the size of RAM2408 cannot accommodate all working data, as overflow data storage device.Second memory 2404 can be used to store the program being loaded into RAM2408, and the selected execution of these programs.ROM2406 can be used to be stored in the instruction being read in program process, it is also possible to data.ROM2406 belongs to non-volatile memory device, and for the large storage capacity of second memory 2404, the memory capacity of usual ROM2406 is less.RAM2408 is used for storing volatile data, it is also possible to instruction.The speed accessing ROM2406 and RAM2408 is typically faster than access second memory 2404.

At least one embodiment is disclosed herein, and, those of ordinary skill in the art the change the feature of embodiment and/or embodiment made, merge and/or revise all in scope disclosed by the invention.By merging, merge and/or ignore some feature of embodiment thus the embodiment generated is also in scope disclosed by the invention.Wherein, scope or restriction for numeral have all carried out clear and definite statement, these scopes or restriction can be understood as comprising the restriction of scope or equal number repeatedly, it is all the scope clearly stated or limits i.e., include 2,3,4 etc. from about 1 to about 10, include 0.11,0.12,0.13 etc. more than 0.10).Such as, as the lower limit R disclosing digital scope_lWith upper limit R_u, specify Any Digit the most within the range.Especially, the following numeral in the range of disclosed herein is: R=R_l+k*(R_u-R_l), wherein, k is a variable, indefinite from 1% to 100%, has the growth of 1%, i.e. k is 1%, 2%, 3%, 4%, 5% ..., 70%, 71%, 72% ..., 95%, 96%, 97%, 98%, 99% or 100%.Additionally, specifically also disclose the digital scope drawn by two R numerals defined above.In literary composition, " (greatly) about " represents and ensuing numeral carries out ± 10%, unless expressly specified otherwise.Vocabulary " alternatively " used in arbitrary key element of claim, represents that this key element is necessary, or, it is not necessary to, both belong in the range of claim.Use generic term, such as " include/comprise/have ... etc. " it can be understood as to narrow sense vocabulary, such as " by ... composition ", " substantially by ... composition " and " substantially by ... constitute " support supplement.Correspondingly, protection domain is not limited to above description, but is defined by claims below, and this scope includes the content of all corresponding claims themes.Hereafter further disclosing claim, the content of each claim all combines in the description, and claim elements belongs to embodiment disclosed by the invention.Discussion for quoting in literary composition not approves that it is prior art, especially to those date issueds of quoting after the priority date of the application.The content of all patents referred to herein, patent application and publication is all to be combined by quoting, thus be provided herein is preferably, in program and the supplementing of other details.

Although the invention provides some embodiments, but it is to be understood that system and method disclosed in it can realize, without departing from the spirit and scope of the present invention with other specific forms many.The embodiments herein is used only to illustrate, and and unrestricted, intention should be confined to the details gone out given in literary composition.Such as, in another system, various elements or device can be merged or merge, it is also possible to ignore or do not realize some feature.

Additionally, about various embodiments separately or individually describe the technology of explanation, system, subsystem, method, can merge with other system, techniques or methods or merge, and without departing from the scope.Other items shown or discuss, such as coupling, direct-coupling, intercommunication, can be to utilize some interfaces, equipment or intermediary device, by electric power, machinery or other means, carries out INDIRECT COUPLING or communication.These embodiments can be modified, replace and change by those skilled in the art, and without departing from the spirit and scope of the present invention.

Claims (23)

1. terminal or network utilisation Border Gateway Protocol (BGP) signaling perform the method being automatically added to and leaving function, It is characterized in that, including:

Sending a BGP and add request, request adds a virtual network；

Receive a BGP and add response, represent that accepting or refuse described BGP adds request；

When described BGP addition response expression accepts BGP addition request, described terminal is added extremely described virtual network；

Sending a BGP and leave request, described virtual network is left in request；

Receive a BGP and leave response, represent and accept or refuse described BGP to leave request；

When described BGP leave response represent accept described BGP leave request time, described terminal is moved from affiliated virtual network Remove,

Wherein, described BGP adds request and includes that service quality (QoS) requires and bandwidth requirement.

Method the most according to claim 1, it is characterised in that farther include: send BGP and open message request, Including the first addition/leave capable field, represent multiple mechanism that described terminal or network can be made to add described virtual network In at least one, wherein, described BGP open message request represent request create a bgp session.

Method the most according to claim 2, it is characterised in that farther include: receive BGP and open message response, Including the second addition/leave capable field, represent at least one about adding mechanism of virtual network, wherein, if described the One adds/leave capable field and second adds/leaves the mechanism that capable field represents identical, and the most described bgp session creates into Merit.

Method the most according to claim 1, it is characterised in that wherein, described BGP adds request and includes that first adds Enter/leave extended community field, be used for representing and utilize BGP extended community mechanism to ask to add described virtual network, wherein, Described BGP adds response and includes the second addition/leave extended community field, is used for representing acceptance or refuse described BGP and adds Request.

Method the most according to claim 4, it is characterised in that wherein, described BGP leaves request and includes Acanthopanan trifoliatus (L.) Merr. Entering/leave extended community field, be used for representing that described virtual network is left in request, wherein, described BGP leaves response and includes 4th adds/leaves extended community field, accepts or refuse described BGP to leave request for representing.

Method the most according to claim 1, it is characterised in that wherein, described BGP add request include add/ Leave extended community field, be used for representing and utilize BGP extended community mechanism to ask to add described virtual network, wherein, The method farther includes, and when described addition/leave extended community field length is 9 byte, ignores described BGP and adds Request.

Method the most according to claim 1, it is characterised in that wherein, described BGP add request include add/ Leave extended community field, be used for representing and utilize BGP extended community mechanism to ask to add described virtual network, wherein, When described addition/leave exists mistake in extended community field, described BGP adds and adds request described in response reject.

Method the most according to claim 1, it is characterised in that described BGP adds request and includes the first optional transition Attribute field, utilizes the optional transit mechanism of BGP to ask to add described virtual network, wherein, described BGP for representing The request of leaving includes the second optional transitive property field, is used for representing and utilizes the optional transit mechanism of BGP to ask to leave described Virtual network.

Method the most according to claim 8, it is characterised in that wherein, described first optional transitive property field bag Include version field, represent that described BGP adds the release format of request, wherein, add request when receiving described BGP The when that node not supporting described release format, described BGP adds BGP described in response reject and adds request.

Method the most according to claim 1, it is characterised in that wherein, described BGP adds request and includes that first moves State capable field, utilizes BGP dynamic capability mechanism to ask to add described virtual network, wherein, described BGP for representing The request of leaving includes the second dynamic capability field, is used for representing and utilizes BGP dynamic capability mechanism to ask to leave described virtual Network.

11. methods according to claim 10, it is characterised in that wherein, the first dynamic capability field includes for marking Know data center's identifier field of data center, for identifying Virtual Private Network (the virtual private of Virtual Private Network Network, VPN) identifier field and be used for identifying the secure identifier field of security protocol.

12. methods according to claim 1, it is characterised in that wherein, described BGP adds request, BGP adds Enter response, BGP leaves request and BGP leaves response and broadly falls into bgp state message.

13. methods according to claim 1, it is characterised in that wherein, described BGP adds request, BGP adds Enter response, BGP leaves request and BGP to leave response be all to be transmitted by the in-band mechanisms of routing information base (RIB).

14. methods according to claim 1, it is characterised in that farther include: before sending BGP flow frame Confirming that described BGP adds request, wherein, described BGP adds request and includes Network Layer Reachable Information field, represents described The address of virtual network.

The device that 15. 1 kinds of requests utilize Border Gateway Protocol (BGP) signaling that terminal adds virtual network, its feature exists In, including:

Processor, and transmitter and receptor be coupled, wherein, described processor is used for:

Supporting first group of BGP ability, wherein, described first group of BGP ability includes at least one BGP ability；

Receiving first and open message, including second group of BGP ability, wherein, described second group of BGP ability includes at least one Plant BGP ability；

Determine and accept or refuse described first to open message, wherein, if described first group of BGP ability and second group of BGP energy Power is consistent, accepts described first and opens message；

Transmission includes that the second of described first group of BGP ability opens message, and wherein, described second opens message represents acceptance Or refuse described first and open message；

After accepting described first and opening message, sending a BGP route refresh request, wherein, described BGP route Refresh requests includes the departures route filtering field associating described virtual network；

After transmitting the request of described BGP route refresh, receive the response of BGP route refresh, wherein, described BGP road Represented that request at least one route carrys out transmitting data frame by refresh response,

Wherein, if the response of described BGP route refresh represents accepts the request of described BGP route refresh, described terminal adds institute State virtual network.

16. devices according to claim 15, it is characterised in that wherein, described processor is further utilized to send Bgp update message, including a route being used for transmitting data frame.

17. devices according to claim 16, it is characterised in that wherein, described processor is further utilized to send 2nd BGP route refresh request, in order to removing the filtration of route, wherein, described route filtering is used for preventing Frame warp Purpose is transmitted.

18. devices according to claim 15, it is characterised in that wherein, a described BGP route refresh request Including version field (a kind of mode of presentation code) and interpolation function field, wherein, described first group of BGP ability It is indicated with field including a New function.

19. devices according to claim 18, it is characterised in that wherein, described version field represents and adds/leave Optional transition group, is used for described terminal is added described virtual network.

20. devices according to claim 18, it is characterised in that wherein, a described BGP route refresh request Including First ray number, wherein, the response of described BGP route refresh includes the second serial number, wherein, described First ray Number consistent with the second serial number.

21. 1 kinds are used for the device determining whether to utilize Border Gateway Protocol (BGP) signaling that network adds virtual network, It is characterized in that, including:

Processor, and transmitter and receptor be coupled, wherein, processor is used for:

Supporting first group of BGP ability, wherein, described first group of BGP ability includes at least one BGP ability；

Send first and open message, including described first group of BGP ability；

Receive and second open message, including second group of BGP ability, wherein, described second group of BGP ability include to Few a kind of BGP ability；

Receiving the first bgp update message, described first bgp update message is used for asking described network is connected to virtual net Network, wherein, described first bgp update message includes a plurality of Address-Family Identifier (Address Family Identifier, AFI) Route；

Determine acceptance or refuse described first bgp update message, wherein, when AFI route is rejected, refusing described the One bgp update message；

Sending the second bgp update message, wherein, described second bgp update message represents acceptance or refuses described first Bgp update message,

Wherein, when described bgp update request is rejected, described network is added without described virtual network,

Wherein, when described bgp update request is accepted, described network adds described virtual network,

Wherein, when described network adds described virtual network, association service quality (QoS) requirement.

22. devices according to claim 21, it is characterised in that wherein, described first bgp update message includes Extended community field, wherein, as wrong in described extended community field length, described processor is arranged to cancel.

23. devices according to claim 21, it is characterised in that wherein, described first bgp update message includes Network Layer Reachable Information (NLRI) field, when described network adds described virtual network, bandwidth requirement is virtual with described Network associate.