CN104601431A - Access method of VPN business and network device - Google Patents

Access method of VPN business and network device Download PDF

Info

Publication number
CN104601431A
CN104601431A CN201410850003.4A CN201410850003A CN104601431A CN 104601431 A CN104601431 A CN 104601431A CN 201410850003 A CN201410850003 A CN 201410850003A CN 104601431 A CN104601431 A CN 104601431A
Authority
CN
China
Prior art keywords
edge device
vpn
vpn tunneling
port
tunneling
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201410850003.4A
Other languages
Chinese (zh)
Other versions
CN104601431B (en
Inventor
于德雷
赖晓
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN201410850003.4A priority Critical patent/CN104601431B/en
Publication of CN104601431A publication Critical patent/CN104601431A/en
Priority to PCT/CN2015/093091 priority patent/WO2016107261A1/en
Application granted granted Critical
Publication of CN104601431B publication Critical patent/CN104601431B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The invention provides an access method of VPN business and a network device. The method comprises the following steps: the network device receives the first access request sent by a first edge device, the first access request is the request of connecting the first user station connected with the first edge device to the VPN business; confirming the second user station for requesting the access to the VPN business; collocating the first edge device and the second edge device connected with the second user station, connecting the first user station and the second user station to the VPN business. The first user station and the second user station are connected to the VPN business after that the data is confirmed and transmitted between the first user station and the second user station after connecting the first user station to the VPN business, the occupation of the resource of the first edge device can be avoided as far as possible while the first user station cannot transmit the data and the waste of the resource is reduced.

Description

A kind of cut-in method of VPN traffic and the network equipment
Technical field
The present invention relates to the communication technology, especially relate to a kind of cut-in method and the network equipment of VPN traffic.
Background technology
Virtual Private Network is (English: Virtual Private Network, be called for short: VPN) be the technology building dedicated network on public data network, these dedicated networks are isolated mutually, and the data of a dedicated network can not be transferred in another dedicated network.And utilize VPN to carry out transfer of data between user site to make, need first user site to be accessed VPN traffic.
The usual way at present user site being accessed VPN traffic is, operator and user manual negotiations go out to need all user site accessing described VPN traffic, afterwards human configuration is carried out to the edge device that each described user site connects respectively, thus each described user site is accessed described VPN traffic.
But, need to be configured the edge device that this user site connects due to during user site access VPN traffic, the resource of edge device will inevitably be taken, and in above-mentioned access way, VPN traffic is accessed as required due to user site can not be realized, even if that is cannot transmit data after user site access VPN traffic, described operator also still by this user site access VPN traffic, thus can cause the wasting of resources.
Summary of the invention
The technical problem that the present invention solves is the cut-in method and the network equipment that provide a kind of VPN traffic, accesses VPN traffic as required to realize user site, thus reduces the wasting of resources.
For this reason, the technical scheme of technical solution problem of the present invention is:
First aspect, the invention provides a kind of cut-in method of virtual private network business, comprising:
The network equipment receives the first access request that the first edge device sends, and described first access request accesses described VPN traffic for asking the first user website by described first edge device connects;
The described network equipment has determined that the second user site request accesses described VPN traffic;
First edge device described in described network equipments configuration and the second edge device be connected with described second user site, to access described VPN traffic by described first user website and described second user site.
In the first possible implementation of first aspect, first edge device described in described network equipments configuration and the second edge device be connected with described second user site, so that described first user website and described second user site are accessed described VPN traffic, comprising:
The described network equipment is disposed from described first edge device to the first vpn tunneling of described second edge device, and dispose from described second edge device to the second vpn tunneling of described first edge device, the head end of described first vpn tunneling and described first port association, the tail end of described first vpn tunneling and described second port association, the head end of described second vpn tunneling and described second port association, the tail end of described second vpn tunneling and described first port association, described first port is the port that described first edge device is connected with described first user website, described second port is the port that described second edge device is connected with described second user site.
In conjunction with the first possible implementation of first aspect, in the implementation that the second of first aspect is possible, also comprise:
The described network equipment receives the second access request that the 3rd edge device sends, and described second access request accesses described VPN traffic for asking the 3rd user site by described 3rd edge device connects;
The described network equipment has determined that described first user website and described second user site access described VPN traffic;
The described network equipment is disposed from described first edge device to the 3rd vpn tunneling of described 3rd edge device, and the 4th vpn tunneling disposed from described 3rd edge device to described first edge device, the head end of described 3rd vpn tunneling and described first port association, the tail end of described 3rd vpn tunneling and the 3rd port association, the head end of described 4th vpn tunneling and described 3rd port association, the tail end of described 4th vpn tunneling and described first port association, described 3rd port is the port that described 3rd edge device is connected with described 3rd user site;
The described network equipment is disposed from described second edge device to the 5th vpn tunneling of described 3rd edge device, and the 6th vpn tunneling disposed from described 3rd edge device to described second edge device, the head end of described 5th vpn tunneling and described second port association, the tail end of described 5th vpn tunneling and described 3rd port association, the head end of described 6th vpn tunneling and described 3rd port association, the tail end of described 6th vpn tunneling and described second port association.
In conjunction with the implementation that the first or the second of first aspect are possible, in the third possible implementation of first aspect, described method also comprises:
The described network equipment is that described VPN traffic distributes vpn tunneling mark;
The described network equipment is disposed from described first edge device to the first vpn tunneling of described second edge device, and disposes from described second edge device to the second vpn tunneling of described first edge device, comprising:
The described network equipment sends the first configuration parameter to described first edge device, and described first configuration parameter comprises: described vpn tunneling mark, the port-mark of described first port and the device identification of described second edge device;
The described network equipment sends the second configuration parameter to described second edge device, and described second configuration parameter comprises: described vpn tunneling mark, the port-mark of described second port and the device identification of described first edge device.
In conjunction with the implementation that the first or the second of first aspect are possible, in the 4th kind of possible implementation of first aspect, the described network equipment is disposed from described first edge device to the first vpn tunneling of described second edge device, and dispose from described second edge device to the second vpn tunneling of described first edge device, comprising:
The described network equipment sends the request disposing described first vpn tunneling and described second vpn tunneling to controller, the request of described first vpn tunneling of described deployment and described second vpn tunneling comprises the device identification of the port-mark of described first port, the port-mark of described second port, the device identification of described first edge device and described second edge device.
In conjunction with the first of first aspect to the 4th kind of any one possible implementation, in the 5th kind of possible implementation of first aspect, also comprise:
The described network equipment receive that described first edge device sends first exit that request or described second edge device send second exit request, described first exits request exits described first user website from described VPN traffic for request, and described second exits request exits described second user site from described VPN traffic for request;
The described network equipment cancels described first vpn tunneling and described second vpn tunneling.
In conjunction with the 5th kind of possible implementation of first aspect, in the 6th kind of possible implementation of first aspect, also comprise:
The described network equipment obtains the relevant information of the deployment time for representing described first vpn tunneling and described second vpn tunneling;
Described relevant information is sent to counting equipment by the described network equipment.
In conjunction with the first of first aspect to the 6th kind of any one possible implementation, in the 7th kind of possible implementation of first aspect, described first access request also comprises the account that described first user site requests accesses described VPN traffic;
Described method also comprises:
The described network equipment obtains service quality QoS corresponding to described account;
The described network equipment is disposed from described first edge device to the first vpn tunneling of described second edge device, comprising:
The described network equipment, based on QoS corresponding to described account, disposes described first vpn tunneling from described first edge device to described second edge device.
In conjunction with first aspect, first aspect the first to the 7th kind of any one possible implementation, in the 8th kind of possible implementation of first aspect, also comprise:
The described network equipment stores the information that described first user site requests accesses described VPN traffic after receiving described first access request;
The described network equipment has determined that the second user site request accesses described VPN traffic, comprising:
The described network equipment is determined and is stored the information that described second user site request accesses described VPN traffic.
In conjunction with first aspect, first aspect the first to the 8th kind of any one possible implementation, in the 9th kind of possible implementation of first aspect, also comprise:
Described first edge device, after the request of reaching the standard grade receiving described first user website, sends described first access request to the described network equipment.
Second aspect, the invention provides a kind of network equipment, comprising:
Receiving element, for receiving the first access request that the first edge device sends, described first access request is for asking the first user website access virtual special network VPN traffic connected by described first edge device;
Processing unit, for when described receiving element receives described first access request, determine that the second user site request accesses described VPN traffic, the second edge device configuring described first edge device and be connected with described second user site, to access described VPN traffic by described first user website and described second user site.
In the first possible implementation of second aspect, when the second edge device configuring described first edge device and be connected with described second user site, during so that described first user website and described second user site are accessed described VPN traffic, described processing unit is specifically for disposing from described first edge device to the first vpn tunneling of described second edge device, and dispose from described second edge device to the second vpn tunneling of described first edge device, the head end of described first vpn tunneling and described first port association, the tail end of described first vpn tunneling and described second port association, the head end of described second vpn tunneling and described second port association, the tail end of described second vpn tunneling and described first port association, described first port is the port that described first edge device is connected with described first user website, described second port is the port that described second edge device is connected with described second user site.
In conjunction with the first possible implementation of second aspect, in the implementation that the second of second aspect is possible, described receiving element also for, receive the second access request that the 3rd edge device sends, described second access request accesses described VPN traffic for asking the 3rd user site by described 3rd edge device connects;
Described processing unit also for, when described receiving element receives described second access request, determine that described first user website and described second user site access described VPN traffic, dispose from described first edge device to the 3rd vpn tunneling of described 3rd edge device, dispose the 4th vpn tunneling from described 3rd edge device to described first edge device, dispose from described second edge device to the 5th vpn tunneling of described 3rd edge device, and dispose the 6th vpn tunneling from described 3rd edge device to described second edge device;
The head end of described 3rd vpn tunneling and described first port association, the tail end of described 3rd vpn tunneling and the 3rd port association, the head end of described 4th vpn tunneling and described 3rd port association, the tail end of described 4th vpn tunneling and described first port association, the head end of described 5th vpn tunneling and described second port association, the tail end of described 5th vpn tunneling and described 3rd port association, the head end of described 6th vpn tunneling and described 3rd port association, the tail end of described 6th vpn tunneling and described second port association, described 3rd port is the port that described 3rd edge device is connected with described 3rd user site.
In conjunction with the implementation that the first or the second of second aspect are possible, in the third possible implementation of second aspect, also comprise: transmitting element;
Described processing unit also for, be that described VPN traffic distributes vpn tunneling mark;
When disposing from described first edge device to the first vpn tunneling of described second edge device, and when disposing from described second edge device to the second vpn tunneling of described first edge device, described processing unit specifically for sending the first configuration parameter by described transmitting element to described first edge device, and sends the second configuration parameter by described transmitting element to described second edge device;
Described first configuration parameter comprises: described vpn tunneling mark, the port-mark of described first port and the device identification of described second edge device; Described second configuration parameter comprises: described vpn tunneling mark, the port-mark of described second port and the device identification of described first edge device.
In conjunction with the implementation that the first or the second of second aspect are possible, in the 4th kind of possible implementation of second aspect, also comprise: transmitting element;
When disposing from described first edge device to the first vpn tunneling of described second edge device, and when disposing from described second edge device to the second vpn tunneling of described first edge device, described processing unit is specifically for sending the request disposing described first vpn tunneling and described second vpn tunneling to controller by described transmitting element, the request of described first vpn tunneling of described deployment and described second vpn tunneling comprises the port-mark of described first port, the port-mark of described second port, the device identification of described first edge device and the device identification of described second edge device.
In conjunction with the first of second aspect to the 4th kind of any one possible implementation, in the 5th kind of possible implementation of second aspect, described receiving element also for, receive that described first edge device sends first exit that request or described second edge device send second exit request, described first exits request exits described first user website from described VPN traffic for request, and described second exits request exits described second user site from described VPN traffic for request;
Described processing unit also for, described receiving element receive described first exit request or described second exit request time, cancel described first vpn tunneling of deployment and described second vpn tunneling.
In conjunction with the 5th kind of possible implementation of second aspect, in the 6th kind of possible implementation of second aspect, also comprise: transmitting element;
Described processing unit also for, obtain the relevant information of the deployment time for representing described first vpn tunneling and described second vpn tunneling;
Described transmitting element, for being sent to counting equipment by described relevant information.
In conjunction with the first of second aspect to the 6th kind of any one possible implementation, in the 7th kind of possible implementation of second aspect, described first access request also comprises the account that described first user site requests accesses described VPN traffic;
Described processing unit also for, obtain the service quality QoS that described account is corresponding;
When disposing from described first edge device to the first vpn tunneling of described second edge device, described processing unit, specifically for based on QoS corresponding to described account, disposes described first vpn tunneling from described first edge device to described second edge device.
In conjunction with second aspect, second aspect the first to the 7th kind of any one possible implementation, in the 8th kind of possible implementation of second aspect, described processing unit also for, when described receiving element receives described first access request, store the information that described first user site requests accesses described VPN traffic;
When having determined that the second user site request accesses described VPN traffic, described processing unit has stored specifically for determining the information that described second user site request accesses described VPN traffic.
In conjunction with second aspect, second aspect the first to the 8th kind of any one possible implementation, in the 9th kind of possible implementation of second aspect, described first edge device is after the request of reaching the standard grade of the described first user website of reception, sends the equipment of described first access request to the described network equipment.
Known by technique scheme, when in the present invention, the network equipment receives for asking the first access request of first user website access VPN traffic, directly described first user website is not accessed described VPN traffic, but determine that the second user site request different from described first user website accesses described VPN traffic, namely illustrate when can transmit data with described second user site after described first user website accesses described VPN traffic, configure the first edge device be connected with described first user website and the second edge device be connected with described second user site, so that described first user website and described second user site are accessed described VPN traffic.In visible the present invention when data can be transmitted with described second user site after determining described first user website access VPN traffic, just described first user website and described second user site are accessed described VPN traffic, namely achieve described first user website and access described VPN traffic as required, thus avoid occupying the resource of described first edge device as much as possible but the situation that described first user website but can not transmit data occurs, because this reducing the wasting of resources.
Term " first ", " second ", " the 3rd " " 4th " etc. in specification of the present invention and claims and above-mentioned accompanying drawing are for distinguishing similar object, and need not be used for describing specific order or precedence.The embodiments described herein should be appreciated that the data used like this can be exchanged in the appropriate case, so that can be implemented with the order except the content except here diagram or description.In addition, term " comprises " and " having " and their any distortion, intention is to cover not exclusive comprising, such as, contain those or unit that the process of a series of or unit, method, system, product or equipment is not necessarily limited to clearly to list, but can comprise clearly do not list or for intrinsic other of these processes, method, product or equipment or unit.
Refer to Fig. 1, embodiments provide a kind of embodiment of the method for the cut-in method of VPN traffic.
The technical scheme of embodiment for a better understanding of the present invention, illustrates the optional network topology of one used for the present embodiment below by Fig. 2.It should be noted that, Fig. 2 is only a kind of exemplary explanation, and its concrete structure can't play restriction to the embodiment of the present invention.
As shown in Figure 2, the first edge device and the second edge device belong to the edge device of operator, are connected by backbone network.Described first edge device is connected with first user website by the mode of physical connection, in the art, described first user website also can be claimed to be attached on described first edge device.Wherein, the first port described first edge device is connected with described first user website can be called the access interface of described first user website.Similar with it, described second edge device is connected with the second user site, and the second port that described second edge device is connected with described second user site can be called the access interface of described second user site.The VPN data of described first user website and described second user site, needs to utilize described first edge device, described backbone network and described second edge device to transmit.It should be noted that, in Fig. 2 and Fig. 4 of the present invention, solid line represents physical connection, dotted line presentation logic relation, and namely mutual between indication equipment is control information.
The described method of the present embodiment comprises:
101: the network equipment receives the first access request that described first edge device sends, described first access request accesses described VPN traffic for asking the described first user website by described first edge device connects.
In embodiments of the present invention, can be when determining that described first user website needs to access described VPN traffic by described first edge device, such as, after receiving the request of reaching the standard grade of described first user website, send described first access request to the described network equipment.Wherein, the present embodiment can also comprise after described first edge device receives the request of reaching the standard grade of described first user website, sends described first access request to the described network equipment.
When specific implementation, user first to file can open described VPN traffic in advance, and such as user can apply for opening described VPN traffic on the website of operator.Wherein said VPN traffic can a corresponding register account number, also can corresponding multiple register account number.The described network equipment preserves the corresponding relation of described VPN traffic and the register account number opened.After described VPN traffic is opened, user can send to described first edge device the request of reaching the standard grade comprising register account number, described first edge device according to described in register account number in the request of reaching the standard grade determine that described first user website needs to access described VPN traffic, thus send described first access request to the described network equipment.Wherein, this register account number can also be sent to authenticating device and carry out certification by described first edge device, and certification sends described first access request again after passing through.
In embodiments of the present invention, the mark of described first user website and the mark of described VPN traffic can be comprised in described first access request.Wherein, the mark of described first user website is specifically as follows the port-mark of described first port.The mark of described VPN traffic specifically can be distributed by the described network equipment.Wherein the first access request can be included in charging and makes a copy in information and occur to the described network equipment.
102: the described network equipment has determined that described second user site request accesses described VPN traffic.Wherein, described second user site is the user site different from described first user website.
In embodiments of the present invention, after the described network equipment receives described first access request, be not directly described first user website is accessed described VPN traffic, but determine whether that described second user site different from described first user website accesses described VPN traffic further, if so, then represent that the described network equipment has determined that described second user site request accesses described VPN traffic.
If the described network equipment has determined that described second user site request accesses described VPN traffic, represent that described first user website and described second user site all ask to access described VPN traffic, now illustrate that after described first user website and described second user site are accessed described VPN traffic, described first user website can transmit data with described second user site.
It should be noted that, in the embodiment of the present invention, described second user site refers to the arbitrary user site different from described first user website.Namely when the network equipment described in this determines that the arbitrary user site different from described first user website accesses described VPN traffic, using described arbitrary user site as described second user site.
103: the first edge device described in described network equipments configuration and described second edge device be connected with described second user site, so that described first user website and described second user site are accessed described VPN traffic.
In embodiments of the present invention, when the described network equipment determines that the described second user site request different from described first user website accesses described VPN traffic, can determine that described first user website can transmit data with described second user site after accessing described VPN traffic further, therefore configure described first edge device and described second edge device, thus described first user website and described second user site are accessed described VPN traffic.
Optionally, also comprise in the present embodiment: if the described network equipment determines that the user site not except described first user website accesses described VPN traffic, illustrate when can not transmit data after described first user website accesses described VPN traffic, then do not perform 103, but directly can terminate the flow process of the present embodiment, also after predetermined period, can redefine and whether have described second user site different from described first user website to access described VPN traffic.
Known by technique scheme, when the described network equipment in the embodiment of the present invention receives for asking described first user website to access described first access request of described VPN traffic, directly described first user website is not accessed described VPN traffic, but determine that the described second user site request different from described first user website accesses described VPN traffic, namely illustrate when can transmit data with described second user site after described first user website accesses described VPN traffic, configure described first edge device be connected with described first user website and described second edge device be connected with described second user site, so that described first user website and described second user site are accessed described VPN traffic.In visible the present invention when data can be transmitted with described second user site after determining described first user website access VPN traffic, just described first user website and described second user site are accessed described VPN traffic, namely achieve described first user website and access described VPN traffic as required, thus avoid occupying the resource of described first edge device as much as possible but the situation that described first user website but can not transmit data occurs, because this reducing the wasting of resources.
In embodiments of the present invention, the described network equipment can be cooperative device, arranging equipment is (English: orchetrator), Network Management Equipment etc. has the equipment of coordinated management function.Described first edge device and described second edge device can be wideband network gateway (English: Broadband Network Gateway, to be called for short BNG).Described first user website and described second user site can be that customer premises equipment, CPE (is called for short: CPE).
In embodiments of the present invention, the described network equipment receives described first access request that described first edge device sends, the information that described first user site requests accesses described VPN traffic can also be stored, the such as concrete corresponding relation storing the port-mark of described VPN traffic and described first port, when after the access request again receiving the transmission of other edge devices, just can determine that described first user website accesses the information of described VPN traffic according to the described information stored.Therefore, the described network equipment in 102 has determined that the second user site request accesses described VPN traffic, can comprise: the described network equipment is determined and stored the information that described second user site request accesses described VPN traffic.
In embodiments of the present invention, the described network equipment receives described first access request, and when having determined that described second user site request accesses described VPN traffic, configure described first edge device and described second edge device, so that described first user website and described second user site are accessed described VPN traffic.The wherein said network equipment is when configuring described first edge device and described second edge device, two kinds of configuration modes can be had, the first configuration mode is that described first user website and described second user site are independently accessed described VPN traffic, and namely each user site does not know after accessing described VPN traffic that other access the subscriber equipment of described VPN traffic.The second configuration mode is the mode by disposing vpn tunneling between described first user website and described second user site, and described first user website and described second user site are accessed described VPN traffic.Introduce this two kinds of configuration modes below respectively.
The first configuration mode: the described network equipment can configure respectively to described first edge device and described second edge device, makes described first user website and described second user site independently access described VPN traffic.
Such as, the described network equipment sends configuration parameter to described first edge device, this configuration parameter only comprises the configuration parameter for described first user website being accessed described VPN traffic, the such as port-mark of described first port, and do not comprise the configuration parameter relevant to described second user site.The port-mark of wherein said first port can obtain from described first access request.Under some scenes, the described network equipment can also send to described first edge device: the described network equipment is that the first via that described first user website distributes is (English: Route Target by target component, be called for short: RT) and the first route-distinguisher parameter (English: Route Ditinguiher, abbreviation: RD).Similarly, the configuration parameter that the described network equipment sends to described second edge device, also only comprise the configuration parameter for described second user site being accessed described VPN traffic, the such as port-mark of the second port, and do not comprise the configuration parameter relevant to described first user website.The port-mark of wherein said second port can obtain from for asking described second user site to access the access request of described VPN traffic.Under some scenes, the described network equipment can also send to described second edge device: the described network equipment is the 2nd RT and the 2nd RD of described second user site distribution.The configuration parameter that described first edge device and described second edge device send according to the described network equipment, independently accesses described VPN traffic by described first edge device and described second edge device respectively.
The second configuration mode: in fact, under some scenes, such as user sets described VPN traffic when applying for described VPN traffic when being the type of service of point-to-point, can adopt above-mentioned the second configuration mode, the mode namely by disposing vpn tunneling between described first edge device and described second edge device accesses described VPN traffic.Illustrated below by an embodiment.
Refer to Fig. 3, embodiments provide the another kind of embodiment of the method for the cut-in method of VPN traffic.With other embodiments unlike, the present embodiment stresses that the mode by disposing vpn tunneling between described first edge device and described second edge device accesses described VPN traffic.
The described method of the present embodiment comprises 301 to 303, and wherein 301 and 302 and embodiment illustrated in fig. 1 101 and 102 is similar, therefore describes comparatively simple, the embodiment that relevant part is shown in Figure 1.The present embodiment emphasis describes 303.
301: the described network equipment receives the first access request that described first edge device sends, described first access request accesses described VPN traffic for asking the described first user website by described first edge device connects.
302: the described network equipment has determined that described second user site request accesses described VPN traffic, and described second user site is the user site different from described first user website.
303: the described network equipment is disposed from described first edge device to the first vpn tunneling of described second edge device, and dispose from described second edge device to the second vpn tunneling of described first edge device.
Wherein, the head end of described first vpn tunneling and described first port association, the tail end of described first vpn tunneling and described second port association, the head end of described second vpn tunneling and described second port association, the tail end of described second vpn tunneling and described first port association.Described first port is the port that described first edge device is connected with described first user website, the i.e. access interface of described first user website, described second port is the port that described second edge device is connected with described second user site, the i.e. access interface of described second user site.
Introduce below in the embodiment of the present invention, a kind of implementation of the head end of vpn tunneling or tail end and port association.The head end of described first vpn tunneling and described first port association, the mapping relations storing described first port and described first vpn tunneling on described first edge device can be embodied in, thus make described first edge device according to these mapping relations, the data received from described first port are transmitted by described first vpn tunneling.The tail end of described first vpn tunneling and described second port association, the mapping relations storing described second port and described first vpn tunneling on described second edge device can be embodied in, thus make described second edge device according to these mapping relations, the data of described first vpn tunneling transmission are exported to described second port.
Similarly, the head end of described second vpn tunneling and described second port association, tail end and described first port association of described second vpn tunneling also can be embodied in above-mentioned implementation, repeat no more here.
Due in embodiments of the present invention, after the described network equipment receives described first access request, be not directly described first user website is accessed described VPN traffic, but determined whether that described second user site request accesses described VPN traffic, if, then in fact the described network equipment gets two user site of the described VPN traffic of access, and these two user site can be accessed described VPN traffic by the mode of disposing described first vpn tunneling and described second vpn tunneling by the described network equipment.
Visible, this embodiment describes the implementation of described the second configuration mode, namely by disposing described first vpn tunneling and described second vpn tunneling between described first edge device and described second edge device, described first user website and described second user site have been accessed described VPN traffic.In fact, described first vpn tunneling and described second vpn tunneling are between described first user website and described second user site, the point-to-point vpn tunneling of known opposite end, therefore compared to the first configuration mode described, that is, described first user website and described second user site are independently accessed described VPN traffic, described the second configuration mode is without the need to automatically finding website, therefore without the need to running complicated discovery agreement, the equipment requirement of edge equipment is lower, and error rate is lower.
In the present embodiment, dispose described first vpn tunneling and described second vpn tunneling between described first edge device and described second edge device after, if there is other user site request to access described VPN traffic, the edge device that then other user site can be connected, respectively with described first edge device and described second edge deployed with devices vpn tunneling.Specific implementation is, the described network equipment receives the second access request that the 3rd edge device sends, and described second access request accesses described VPN traffic for asking the 3rd user site by described 3rd edge device connects; The described network equipment has determined that described first user website and described second user site access described VPN traffic; The described network equipment is disposed from described first edge device to the 3rd vpn tunneling of described 3rd edge device, and the 4th vpn tunneling disposed from described 3rd edge device to described first edge device, the head end of described 3rd vpn tunneling and described first port association, the tail end of described 3rd vpn tunneling and the 3rd port association, the head end of described 4th vpn tunneling and described 3rd port association, the tail end of described 4th vpn tunneling and described first port association, described 3rd port is the port that described 3rd edge device is connected with described 3rd user site; The described network equipment is disposed from described second edge device to the 5th vpn tunneling of described 3rd edge device, and the 6th vpn tunneling disposed from described 3rd edge device to described second edge device, the head end of described 5th vpn tunneling and described second port association, the tail end of described 5th vpn tunneling and described 3rd port association, the head end of described 6th vpn tunneling and described 3rd port association, the tail end of described 6th vpn tunneling and described second port association.Wherein, the concrete manifestation mode that port associates with head end or the tail end in tunnel, specifically refers to the head end of described first vpn tunneling and described first port association, and the concrete manifestation mode of the tail end of described second vpn tunneling and described second port association.Here repeat no more.
It should be noted that, the described network equipment can be such as, by directly configuring described first edge device and described second edge device to realize disposing described first vpn tunneling and described second vpn tunneling, sending configuration parameter to described first edge device and described second edge device.First edge device and described second edge device described in all right indirect configuration of the described network equipment, such as, mode by sending request to other equipment, by the first vpn tunneling described in other deployed with devices and described second vpn tunneling.Illustrate respectively below.
First the mode of directly configuration is described.The present embodiment can also comprise: the described network equipment is that described VPN traffic distributes vpn tunneling mark.303 of the present embodiment comprises 3031 and 3032.Wherein, vpn tunneling mark is used for unique expression vpn tunneling.Vpn tunneling refers to the vpn tunneling for carrying VPN traffic, and can be such as the lsp tunnel of MPLS, the traffic engineering tunnel, L2TP Tunnel, gre tunneling, IPSEC tunnel etc. of MPLS, the embodiment of the present invention be limited this.
3031: the described network equipment sends the first configuration parameter to described first edge device, described first configuration parameter comprises: described vpn tunneling mark, the port-mark of described first port and the device identification of described second edge device.The device identification of described second edge device is specifically as follows the IP address of described second edge device.
3032: the described network equipment sends the second configuration parameter to described second edge device, described second configuration parameter comprises: described vpn tunneling mark, the port-mark of described second port and the device identification of described first edge device.The device identification of described first edge device is specifically as follows the IP address of described first edge device.
Visible, comprise the configuration parameter relevant to described second user site at described first configuration parameter sent to described first edge device: the device identification of described second edge device, and comprise the configuration parameter relevant to described first user website to described second configuration parameter that described second edge device sends: the device identification of described first edge device.Wherein said first edge device and described second edge device dispose described first vpn tunneling and described second vpn tunneling according to described first configuration parameter and described second configuration parameter, can according to any one vpn tunneling deployment way current, the embodiment of the present invention is not limited this.In some scenarios, the described network equipment can also be sent as a RT and a RD of the distribution of described first user website to described first edge device, and is sent as the 2nd RT and the 2nd RD of described second user site distribution to described second edge device.
The following describes the mode of indirect configuration, specifically disposing described first vpn tunneling and described second vpn tunneling by by sending request to other equipment.Refer to shown in Fig. 4,303 of the present embodiment specifically can comprise: the described network equipment is sent in the request disposing described first vpn tunneling and described second vpn tunneling between described first edge device and described second edge device to controller 401, and the request of described first vpn tunneling of described deployment and described second vpn tunneling comprises the device identification of the port-mark of described first port, the port-mark of described second port, the device identification of described first edge device and described second edge device.The mark of described VPN traffic can also be comprised in the request of described first vpn tunneling of described deployment and described second vpn tunneling.
Described controller 401, after receiving described request, disposes described first vpn tunneling and described second vpn tunneling according to described request between described first edge device and described second edge device.Wherein said controller 401 is when disposing described first vpn tunneling and described second vpn tunneling, the concrete path of described first vpn tunneling and described second vpn tunneling can be obtained according to the device identification of the device identification of described first edge device and described second edge device, namely determine the approach equipment of described first vpn tunneling and described second vpn tunneling.Afterwards according to the port-mark of described path, described first port and the port-mark of described second port, generate and be that each described approach equipment issues forwarding-table item, to make each described approach equipment according to described forwarding-table item transmission data.Described controller 401 can be SDN controller.
Label and the output port of the distribution of described controller 401 can be comprised in described forwarding-table item.Below by an object lesson, the deployment way to described first vpn tunneling is described.As shown in Figure 5, the approach equipment of described first vpn tunneling of described controller 401 acquisition comprises successively: BNG1, router Router1, router Router2 and BNG2.Wherein said BNG1 and described BNG2 is respectively described first edge device and described second edge device.
The described request that the described network equipment sends to described controller 401 is:
port1/BNG1-->port2/BNG2
The forwarding-table item that described controller 401 sends to described BNG1 is:
port1-->port3,with Label100
The forwarding-table item that described controller 401 sends to described Router1 is:
port4with label 100-->port5with label 200
The forwarding-table item that described controller 401 sends to described Router2 is:
port6with label 200-->port7with labe 100
The forwarding-table item that described controller 401 sends to described BNG2 is:
port8with label 100-->port2
Wherein, described port1 is described first port, described port2 is described second port, described port3 with port4 is the port that described BNG1 is connected with described Router1, described port5 with port6 is the port that described Router1 is connected with described Router2, and described port7 with port8 is the port that described Router2 is connected with described BNG2.
Visible, issue described forwarding-table item by described controller 401 to each described approach equipment, achieve and dispose described first vpn tunneling between described first edge device and described second edge device.Wherein, described approach equipment comprises described first edge device and described second edge device.To the deployment way of described second vpn tunneling, with similar to the deployment way of described first vpn tunneling, repeat no more here.
Optionally, in the present embodiment, because described VPN traffic can corresponding one or more account, and the QoS that each account can be corresponding different, therefore when disposing described first vpn tunneling, the Qos corresponding to account that can also use based on user.Particularly, described first access request also comprises the account that described first user site requests accesses described VPN traffic; The present embodiment can also comprise: the described network equipment obtains QoS corresponding to described account; The described network equipment is disposed and is comprised from described first edge device to the first vpn tunneling of described second edge device: the described network equipment, based on QoS corresponding to described account, disposes the first vpn tunneling from described first edge device to described second edge device.Wherein, the account that described second user site request accesses described VPN traffic can also be obtained further, and the QoS corresponding according to this account disposes described second vpn tunneling.Described first vpn tunneling and described second vpn tunneling of final deployment can have different QoS.
Further alternative, in the present embodiment, when disposing described first vpn tunneling and described second vpn tunneling, can also be described first vpn tunneling and described second vpn tunneling bandwidth reserved, and when described first user website or described second user site need to exit described VPN traffic, when such as described first user website or described second user site request off-line, described first vpn tunneling and described second vpn tunneling can also be cancelled further, to be released to the reserved bandwidth of described first vpn tunneling and described second vpn tunneling.During specific implementation, the described network equipment receive that described first edge device sends first exit that request or described second edge device send second exit request, described first exits request exits described first user website from described VPN traffic for request, and described second exits request exits described second user site from described VPN traffic for request; The described network equipment cancels described first vpn tunneling and described second vpn tunneling disposed between described first edge device and described second edge device.
At present when carrying out charging to VPN traffic, owing to can not realize accessing VPN traffic as required, be therefore generally carry out charging according to the QoS of the VPN traffic opened.Further alternative, in the present embodiment, dispose and cancel described first vpn tunneling and described second vpn tunneling as required owing to achieving, therefore can according to the deployment time of described first vpn tunneling and described second vpn tunneling, namely the real time of the access VPN traffic of described first user website carries out charging.During specific implementation, the present embodiment also comprises: the described network equipment obtains the relevant information of the deployment time for representing described first vpn tunneling and described second vpn tunneling; Described relevant information is sent to counting equipment by the described network equipment, and described counting equipment can get the deployment time of described first vpn tunneling and described second vpn tunneling according to described relevant information, thus carries out charging according to described deployment time.Wherein, described relevant information, be specifically as follows the deployment time of described first vpn tunneling and described second vpn tunneling, or also can for disposing the moment of described first vpn tunneling and described second vpn tunneling and cancelling the moment of described first vpn tunneling and described second vpn tunneling, calculated the deployment time of described first vpn tunneling and described second vpn tunneling according to this two moment by described counting equipment.
Above the embodiment of the cut-in method of the VPN traffic in the embodiment of the present invention is described, below the device embodiment of angle to the network equipment in the embodiment of the present invention from modular functionality entity is described.
Refer to Fig. 6, embodiments provide a kind of device embodiment of the network equipment 600.
The technical scheme of embodiment for a better understanding of the present invention, illustrates the optional network topology of one used for the described network equipment of the present embodiment below by Fig. 2.It should be noted that, Fig. 2 is only a kind of exemplary explanation, and its concrete structure can't play restriction to the embodiment of the present invention.As shown in Figure 2, the network equipment respectively with the first edge device and the second edge equipment connection, described first edge device and described second edge device belong to the edge device of operator, by backbone network be connected.Described first edge device is connected with first user website by the mode of physical connection.Described second edge device is connected with the second user site by physical connection.
The described network equipment 600 of the present embodiment comprises: receiving element 601 and processing unit 602.
Described receiving element 601, for receiving the first access request that described first edge device sends, described first access request is for asking the described first user website access VPN traffic connected by described first edge device.
In embodiments of the present invention, can be when determining that described first user website needs to access described VPN traffic by described first edge device, such as, after receiving the request of reaching the standard grade of described first user website, send described first access request to the described network equipment 600.Wherein, described first edge device for after the request of reaching the standard grade of the described first user website of reception, can send the equipment of described first access request to the described network equipment 600.
When specific implementation, user first to file can open described VPN traffic in advance, and such as user can apply for opening described VPN traffic on the website of operator.Wherein said VPN traffic can a corresponding register account number, also can corresponding multiple register account number.The described network equipment 600 preserves the corresponding relation of described VPN traffic and the register account number opened.After described VPN traffic is opened, user can send to described first edge device the request of reaching the standard grade comprising register account number, described first edge device according to described in register account number in the request of reaching the standard grade determine that described first user website needs to access described VPN traffic, thus send described first access request to the described network equipment 600.Wherein, this register account number can also be sent to authenticating device and carry out certification by described first edge device, and certification sends described first access request again after passing through.
In embodiments of the present invention, the mark of described first user website and the mark of described VPN traffic can be comprised in described first access request.Wherein, the mark of described first user website is specifically as follows the port-mark of described first port.The mark of described VPN traffic specifically can be distributed by the described network equipment 600.
Described processing unit 602, for when described receiving element 601 receives described first access request, has determined that the second user site request accesses described VPN traffic.Wherein, described second user site is the user site different from described first user website.
In embodiments of the present invention, after described receiving element 601 receives described first access request, described processing unit 602 is not directly described first user website is accessed described VPN traffic, but determine whether that described second user site different from described first user website accesses described VPN traffic further, if so, then represent that described processing unit 602 has determined that described second user site request accesses described VPN traffic.
If described processing unit 602 has determined that described second user site request accesses described VPN traffic, represent that described first user website and described second user site all ask to access described VPN traffic, now illustrate that after described first user website and described second user site are accessed described VPN traffic, described first user website can transmit data with described second user site.
It should be noted that, in the embodiment of the present invention, described second user site refers to the arbitrary user site different from described first user website.Namely when described processing unit 602 is specifically for determining that the arbitrary user site different from described first user website accesses described VPN traffic, using described arbitrary user site as described second user site.
Described processing unit 602 also for, when having determined that described second user site request accesses described VPN traffic, described second edge device configuring described first edge device and be connected with described second user site, to access described VPN traffic by described first user website and described second user site.
In embodiments of the present invention, when described processing unit 602 determines that the described second user site request different from described first user website accesses described VPN traffic, can determine that described first user website can transmit data with described second user site after accessing described VPN traffic further, therefore configure described first edge device and described second edge device, thus described first user website and described second user site are accessed described VPN traffic.
Described processing unit 602 can also be used for: if determine, the user site not except described first user website accesses described VPN traffic, illustrate when can not transmit data after described first user website accesses described VPN traffic, then described first user website is not accessed described VPN traffic, but can power cut-off, also after predetermined period, can redefine and whether have described second user site different from described first user website to access described VPN traffic.
Known by technique scheme, when described receiving element 601 in the embodiment of the present invention receives for asking described first user website to access described first access request of described VPN traffic, described first user website is not directly accessed described VPN traffic by described processing unit 602, but determine that the described second user site request different from described first user website accesses described VPN traffic, namely illustrate when can transmit data with described second user site after described first user website accesses described VPN traffic, configure described first edge device be connected with described first user website and described second edge device be connected with described second user site, so that described first user website and described second user site are accessed described VPN traffic.In visible the present invention when data can be transmitted with described second user site after determining described first user website access VPN traffic, just described first user website and described second user site are accessed described VPN traffic, namely achieve described first user website and access described VPN traffic as required, thus avoid occupying the resource of described first edge device as much as possible but the situation that described first user website but can not transmit data occurs, because this reducing the wasting of resources.
In embodiments of the present invention, the described network equipment 600 can be the equipment that cooperative device, arranging equipment, Network Management Equipment etc. have coordinated management function.Described first edge device and described second edge device can be BNG, and described first user website and described second user site can be CPE.
In embodiments of the present invention, when described receiving element 601 receives described first access request of described first edge device transmission, described processing unit 602 can also be used for storing the information that described first user site requests accesses described VPN traffic, the such as concrete corresponding relation storing the port-mark of described VPN traffic and described first port, after described receiving element 601 receives the access request of other edge devices transmission again, according to the described information stored, described processing unit 602 just can determine that described first user website accesses the information of described VPN traffic.Therefore, when having determined that the second user site request accesses described VPN traffic, described processing unit 602 can store specifically for determining the information that described second user site request accesses described VPN traffic.
In embodiments of the present invention, described receiving element 601 receives described first access request, and when described processing unit 602 has determined that described second user site request accesses described VPN traffic, described processing unit 602 configures described first edge device and described second edge device, so that described first user website and described second user site are accessed described VPN traffic.Wherein said processing unit 602 is when configuring described first edge device and described second edge device, two kinds of configuration modes can be had, the first configuration mode is that described first user website and described second user site are independently accessed described VPN traffic, and namely each user site does not know after accessing described VPN traffic that other access the subscriber equipment of described VPN traffic.The second configuration mode is the mode by disposing vpn tunneling between described first user website and described second user site, and described first user website and described second user site are accessed described VPN traffic.Introduce this two kinds of configuration modes below respectively.
The first configuration mode: described processing unit 602 can configure respectively to described first edge device and described second edge device, makes described first user website and described second user site independently access described VPN traffic.
Such as, the described network equipment 600 can also comprise transmitting element, described processing unit 602 sends configuration parameter by described transmitting element to described first edge device, this configuration parameter only comprises the configuration parameter for described first user website being accessed described VPN traffic, the such as port-mark of described first port, and do not comprise the configuration parameter relevant to described second user site.The port-mark of wherein said first port can obtain from described first access request.Under some scenes, described processing unit 602 can also be sent to described first edge device by described transmitting element: the described network equipment 600 is a RT and a RD of the distribution of described first user website.Similarly, the configuration parameter that described processing unit 602 is sent to described second edge device by described transmitting element, also the configuration parameter for described second user site being accessed described VPN traffic is only comprised, the such as port-mark of described second port, and do not comprise the configuration parameter relevant to described first user website.The port-mark of wherein said second port can obtain from for asking described second user site to access the access request of described VPN traffic.Under some scenes, described processing unit 602 can also be sent to described second edge device by described transmitting element: the described network equipment 600 is the 2nd RT and the 2nd RD of described second user site distribution.The configuration parameter that described first edge device and described second edge device send according to the described network equipment 600, independently accesses described VPN traffic by described first edge device and described second edge device respectively.
The second configuration mode: in fact, under some scenes, such as user sets described VPN traffic when applying for described VPN traffic when being the type of service of point-to-point, can access described VPN traffic by the mode of disposing vpn tunneling between described first edge device and described second edge device.Illustrated below by an embodiment.
Refer to Fig. 7, embodiments provide the another kind of device embodiment of the network equipment 700.With other embodiments unlike, the present embodiment stresses that the mode by disposing vpn tunneling between described first edge device and described second edge device accesses described VPN traffic.
The network equipment 700 of the present embodiment comprises: receiving element 701 and processing unit 702.
Described receiving element 701 for, receive described first edge device send the first access request, described first access request for ask by described first edge device connect described first user website access described VPN traffic.
Described processing unit 702 for, when described receiving element 701 receives described first access request, determined that described second user site request accesses described VPN traffic, described second user site is the user site different from described first user website.
Described receiving element 601 in the above function of described receiving element 701 and described processing unit 702 and the embodiment shown in Fig. 6 and the correlation function of described processing unit 602 similar, therefore describe comparatively simple, the embodiment that relevant part is shown in Figure 6.
Described processing unit 702 also for, when having determined that described second user site request accesses described VPN traffic, dispose from described first edge device to the first vpn tunneling of described second edge device, and dispose from described second edge device to the second vpn tunneling of described first edge device.
Wherein, the head end of described first vpn tunneling and described first port association, the tail end of described first vpn tunneling and described second port association, the head end of described second vpn tunneling and described second port association, the tail end of described second vpn tunneling and described first port association.Described first port is the port that described first edge device is connected with described first user website, the i.e. access interface of described first user website, described second port is the port that described second edge device is connected with described second user site, the i.e. access interface of described second user site.
Introduce below in the embodiment of the present invention, a kind of implementation of the head end of vpn tunneling or tail end and port association.The head end of described first vpn tunneling and described first port association, the mapping relations storing described first port and described first vpn tunneling on described first edge device can be embodied in, thus make described first edge device according to these mapping relations, the data received from described first port are transmitted by described first vpn tunneling.The tail end of described first vpn tunneling and described second port association, the mapping relations storing described second port and described first vpn tunneling on described second edge device can be embodied in, thus make described second edge device according to these mapping relations, the data of described first vpn tunneling transmission are exported to described second port.
Similarly, the head end of described second vpn tunneling and described second port association, tail end and described first port association of described second vpn tunneling also can be embodied in above-mentioned implementation, repeat no more here.
Due in embodiments of the present invention, after described receiving element 701 receives described first access request, described processing unit 702 is not directly described first user website is accessed described VPN traffic, but determined whether that described second user site request accesses described VPN traffic, if, then in fact described processing unit 702 gets two user site of the described VPN traffic of access, and these two user site can be accessed described VPN traffic by the mode of disposing described first vpn tunneling and described second vpn tunneling by described processing unit 702.
Visible, the present embodiment introduces the implementation of described the second configuration mode, namely by disposing described first vpn tunneling and described second vpn tunneling between described first edge device and described second edge device, described first user website and described second user site have been accessed described VPN traffic.In fact, described first vpn tunneling and described second vpn tunneling are between described first user website and described second user site, the point-to-point vpn tunneling of known opposite end, therefore compared to the first configuration mode described, that is, described first user website and described second user site are independently accessed described VPN traffic, described the second configuration mode is without the need to automatically finding website, therefore without the need to running complicated discovery agreement, the equipment requirement of edge equipment is lower, and error rate is lower.
In the present embodiment, dispose described first vpn tunneling and described second vpn tunneling between described first edge device and described second edge device after, if there is other user site request to access described VPN traffic, the edge device that then other user site can be connected, respectively with described first edge device and described second edge deployed with devices vpn tunneling.Specific implementation is, described receiving element 701 also for, receive the 3rd edge device send the second access request, described second access request for ask by described 3rd edge device connect the 3rd user site access described VPN traffic; Described processing unit 702 also for, when described receiving element 701 receives described second access request, determine that described first user website and described second user site access described VPN traffic, dispose from described first edge device to the 3rd vpn tunneling of described 3rd edge device, dispose the 4th vpn tunneling from described 3rd edge device to described first edge device, dispose from described second edge device to the 5th vpn tunneling of described 3rd edge device, and dispose the 6th vpn tunneling from described 3rd edge device to described second edge device.The head end of described 3rd vpn tunneling and described first port association, the tail end of described 3rd vpn tunneling and the 3rd port association, the head end of described 4th vpn tunneling and described 3rd port association, the tail end of described 4th vpn tunneling and described first port association, the head end of described 5th vpn tunneling and described second port association, the tail end of described 5th vpn tunneling and described 3rd port association, the head end of described 6th vpn tunneling and described 3rd port association, the tail end of described 6th vpn tunneling and described second port association.Wherein, the concrete manifestation mode that port associates with head end or the tail end in tunnel, specifically refers to the head end of described first vpn tunneling and described first port association, and the concrete manifestation mode of the tail end of described second vpn tunneling and described second port association.Here repeat no more.
It should be noted that, processing unit 702 can be such as, by directly configuring described first edge device and described second edge device to realize disposing described first vpn tunneling and described second vpn tunneling, sending configuration parameter to described first edge device and described second edge device.First edge device and described second edge device described in all right indirect configuration of processing unit 702, such as, mode by sending request to other equipment, by the first vpn tunneling described in other deployed with devices and described second vpn tunneling.Illustrate respectively below.
First the mode of directly configuration is described.The described network equipment 700 of the present embodiment also comprises transmitting element.Described processing unit 702 also for, be that described VPN traffic distributes vpn tunneling mark.Wherein, vpn tunneling identifies unique expression vpn tunneling, and vpn tunneling refers to the vpn tunneling for carrying VPN traffic.
When disposing the first vpn tunneling of described VPN traffic and described second vpn tunneling between described first edge device and described second edge device, described processing unit 702 specifically for sending the first configuration parameter by described transmitting element to described first edge device, and sends the second configuration parameter by described transmitting element to described second edge device; Described first configuration parameter comprises: described vpn tunneling mark, the port-mark of described first port and the device identification of described second edge device; Described second configuration parameter comprises: described vpn tunneling mark, the port-mark of described second port and the device identification of described first edge device.
Visible, comprise the configuration parameter relevant to described second user site at described first configuration parameter sent to described first edge device: the device identification of described second edge device, and comprise the configuration parameter relevant to described first user website to described second configuration parameter that described second edge device sends: the device identification of described first edge device.Wherein said first edge device and described second edge device dispose described first vpn tunneling and described second vpn tunneling according to described first configuration parameter and described second configuration parameter, can according to any one vpn tunneling deployment way current, the embodiment of the present invention is not limited this.In some scenarios, described processing unit 702 can also be used for the RT from described transmitting element to described first edge device and the RD that are sent as the distribution of described first user website by, and is sent as the 2nd RT and the 2nd RD of described second user site distribution to described second edge device.
The following describes the mode of indirect configuration, specifically disposing described first vpn tunneling and described second vpn tunneling by by sending request to other equipment.The described network equipment 700 of the present embodiment also comprises transmitting element, when disposing the first vpn tunneling of described VPN traffic and described second vpn tunneling between described first edge device and described second edge device, described processing unit 702 is specifically for being sent in the request disposing described first vpn tunneling and described second vpn tunneling between described first edge device and described second edge device to controller by described transmitting element, the request of described first vpn tunneling of described deployment and described second vpn tunneling comprises the port-mark of described first port, the port-mark of described second port, the device identification of described first edge device and the device identification of described second edge device.Can also comprise in the request of described first vpn tunneling of described deployment and described second vpn tunneling: the mark of described VPN traffic.
Described controller, after receiving described request, disposes described first vpn tunneling and described second vpn tunneling according to described request between described first edge device and described second edge device.Wherein said controller is when disposing described first vpn tunneling and described second vpn tunneling, the concrete path of described first vpn tunneling and described second vpn tunneling can be obtained according to the device identification of the device identification of described first edge device and described second edge device, namely determine the approach equipment of described first vpn tunneling and described second vpn tunneling.Afterwards according to the port-mark of described path, described first port and the port-mark of described second port, generate and be that each described approach equipment issues forwarding-table item, to make each described approach equipment according to described forwarding-table item transmission data.Label and the output port of the distribution of described controller 401 can be comprised in wherein said forwarding-table item.The annexation of described controller and the described network equipment 700 can be as shown in Figure 4.Described controller is specifically as follows SDN controller.
Optionally, in the present embodiment, because described VPN traffic can corresponding one or more account, and the QoS that each account can be corresponding different, therefore when disposing described first vpn tunneling, the Qos corresponding to account that can also use based on user.Particularly, described first access request also comprises the account that described first user site requests accesses described VPN traffic; Described processing unit 702 also for, obtain the QoS that described account is corresponding; When disposing from described first edge device to the first vpn tunneling of described second edge device, described processing unit 702, specifically for based on QoS corresponding to described account, disposes the first vpn tunneling from described first edge device to described second edge device.Wherein, described processing unit 702 can also be used for obtaining the account that described second user site request accesses described VPN traffic, and the QoS corresponding according to this account disposes described second vpn tunneling.Described first vpn tunneling and described second vpn tunneling of final deployment can have different QoS.
Further alternative, in the present embodiment, when disposing described first vpn tunneling and described second vpn tunneling, can also be described first vpn tunneling and described second vpn tunneling bandwidth reserved, and when described first user website or described second user site need to exit described VPN traffic, when such as described first user website or described second user site request off-line, described first vpn tunneling and described second vpn tunneling can also be cancelled further, to be released to the reserved bandwidth of described first vpn tunneling and described second vpn tunneling.During specific implementation, described receiving element 701 also for, receive that described first edge device sends first exit that request or described second edge device send second exit request, described first exits request exits described first user website from described VPN traffic for request, and described second exits request exits described second user site from described VPN traffic for request; Described processing unit 702 also for, described receiving element 701 receives described first and exits request or described second when exiting request, cancels described first vpn tunneling and described second vpn tunneling disposed between described first edge device and described second edge device.
At present when carrying out charging to VPN traffic, owing to can not realize accessing VPN traffic as required, be therefore generally carry out charging according to the QoS of the VPN traffic opened.Further alternative, in the present embodiment, dispose and cancel described first vpn tunneling and described second vpn tunneling as required owing to achieving, therefore can according to the deployment time of described first vpn tunneling and described second vpn tunneling, namely the real time of the access VPN traffic of described first user website carries out charging.During specific implementation, the described network equipment 700 of the present embodiment, also comprises: transmitting element; Described processing unit 702 also for, obtain the relevant information of the deployment time for representing described first vpn tunneling and described second vpn tunneling; Described transmitting element, for being sent to counting equipment by described relevant information.Wherein, described relevant information, be specifically as follows the deployment time of described first vpn tunneling and described second vpn tunneling, or also can for disposing the moment of described first vpn tunneling and described second vpn tunneling and cancelling the moment of described first vpn tunneling and described second vpn tunneling, calculated the deployment time of described first vpn tunneling and described second vpn tunneling according to this two moment by described counting equipment.
Be described from the device embodiment of angle to the network equipment the embodiment of the present invention of modular functionality entity above.Below the device embodiment of angle to the network equipment in the embodiment of the present invention from hardware handles is described.
Please refer to Fig. 8, embodiments provide the another kind of device embodiment of the network equipment.The network equipment 800 of the present embodiment can be micro-process computer.Such as: the described network equipment 800 can be the one in the portable equipments such as all-purpose computer, customization machine, mobile phone terminal or purl machine.The described network equipment 800 comprises: processor 804, memory 806, communication interface 802 and bus 808.Described processor 804, described memory 806 and described communication interface 802 are connected by described bus 808 and complete mutual communication.
Described bus 808 can be industry standard architecture (Industry Standard Architecture, referred to as ISA) bus or peripheral component interconnect (Peripheral Component, referred to as PCI) bus or extended industry-standard architecture (Extended Industry Standard Architecture, referred to as EISA) bus etc.Described bus 808 can be divided in address bus, data/address bus, control bus one or more.For ease of representing, only representing with a thick line in Fig. 8, but not representing the bus only having a bus or a type.
Described memory 806 is for stores executable programs code, and this program code comprises computer-managed instruction.When the described network equipment 800 performs this program code, the described network equipment 800 can complete the embodiment shown in Fig. 1 or Fig. 3, also can realize all functions of the network equipment in the embodiment shown in Fig. 6 or Fig. 7.Memory 806 can comprise high-speed RAM (Ramdom Access Memory) memory.Alternatively, described memory 806 also can also comprise nonvolatile memory (non-volatilememory).Such as described memory 806 can comprise magnetic disc store.
Described processor 804 can be a central processing unit (Central Processing Unit, referred to as CPU), or described processor 804 can be specific integrated circuit (Application SpecificIntegrated Circuit, referred to as ASIC), or described processor 804 can be the one or more integrated circuits being configured to implement the embodiment of the present invention.
Described communication interface 802, for the first access request that reception first edge device performed in the embodiment shown in Fig. 1 and Fig. 3 sends, described first access request accesses described VPN traffic for asking the first user website by described first edge device connects.
Described processor 804, for reading the instruction stored in memory 806, thus perform and determined that the second user site request accesses described VPN traffic in the embodiment shown in Fig. 1 and Fig. 3, described second user site is the user site different from described first user website, the second edge device configuring described first edge device and be connected with described second user site, to access described VPN traffic by described first user website and described second user site.
What deserves to be explained is, each functional unit of the network equipment provided by the invention, it can be the specific implementation of the function possessed based on Fig. 1 or method embodiment illustrated in fig. 3 and Fig. 6 or device embodiment illustrated in fig. 7, the definition of term and to illustrate and the embodiment shown in Fig. 1, Fig. 3, Fig. 6 and Fig. 7 is consistent, repeats no more herein.
Those skilled in the art can be well understood to, and for convenience and simplicity of description, the system of foregoing description, the specific works process of device and unit, with reference to the corresponding process in preceding method embodiment, can not repeat them here.
In several embodiments that the application provides, should be understood that, disclosed system, apparatus and method, can realize by another way.Such as, device embodiment described above is only schematic, such as, the division of described unit, be only a kind of logic function to divide, actual can have other dividing mode when realizing, such as multiple unit or assembly can in conjunction with or another system can be integrated into, or some features can be ignored, or do not perform.Another point, shown or discussed coupling each other or direct-coupling or communication connection can be by some interfaces, and the indirect coupling of device or unit or communication connection can be electrical, machinery or other form.
The described unit illustrated as separating component or can may not be and physically separates, and the parts as unit display can be or may not be physical location, namely can be positioned at a place, or also can be distributed in multiple network element.Some or all of unit wherein can be selected according to the actual needs to realize the object of the present embodiment scheme.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, also can be that the independent physics of unit exists, also can two or more unit in a unit integrated.Above-mentioned integrated unit both can adopt the form of hardware to realize, and the form of SFU software functional unit also can be adopted to realize.
If described integrated unit using the form of SFU software functional unit realize and as independently production marketing or use time, can be stored in a computer read/write memory medium.Based on such understanding, the part that technical scheme of the present invention contributes to prior art in essence in other words or all or part of of this technical scheme can embody with the form of software product, this computer software product is stored in a storage medium, comprising some instructions in order to make a computer equipment (can be personal computer, server, or the network equipment etc.) perform all or part of of method described in each embodiment of the present invention.And aforesaid storage medium comprises: USB flash disk, portable hard drive, read-only memory (ROM, Read-OnlyMemory), random access memory (RAM, Random Access Memory), magnetic disc or CD etc. various can be program code stored medium.
The above, above embodiment only in order to technical scheme of the present invention to be described, is not intended to limit; Although with reference to previous embodiment to invention has been detailed description, those of ordinary skill in the art is to be understood that: it still can be modified to the technical scheme described in foregoing embodiments, or carries out equivalent replacement to wherein portion of techniques feature; And these amendments or replacement, do not make the essence of appropriate technical solution depart from the scope of various embodiments of the present invention technical scheme.
Accompanying drawing explanation
Fig. 1 is the schematic flow sheet of a kind of embodiment of the method provided by the invention;
Fig. 2 be the embodiment of the present invention for a kind of network topology;
Fig. 3 is the schematic flow sheet of another kind of embodiment of the method provided by the invention;
Fig. 4 be the embodiment of the present invention for another kind of network topology;
Fig. 5 is the concrete path of one of the first vpn tunneling that controller obtains;
Fig. 6 is the structural representation of a kind of device embodiment of the network equipment provided by the invention;
Fig. 7 is the structural representation of the another kind of device embodiment of the network equipment provided by the invention;
Fig. 8 is the structural representation of the another kind of device embodiment of the network equipment provided by the invention.
Embodiment
In order to make to utilize VPN to carry out transfer of data between user site, need first user site to be accessed VPN traffic.Wherein, user site is user side equipment, and each user site is generally connected with the edge device of operator by physical connection mode, and can transmit data by backbone network between the edge device of operator.
The usual way at present user site being accessed VPN traffic is, operator and user manual negotiations go out to need all user site accessing described VPN traffic, after all user site are determined, human configuration is carried out to the edge device that each described user site connects respectively, thus each described user site is accessed described VPN traffic.
But, inventor finds through research, need to be configured the edge device that this user site connects due to during user site access VPN traffic, the resource of edge device will inevitably be taken, and in above-mentioned access way, access VPN traffic as required owing to can not realize user site, even if that is user site access VPN traffic also cannot transmit data, described operator also still can by this user site access VPN traffic.Even if cause the resource occupying the edge device that this user site connects, this user site can not transmit data, thus causes the wasting of resources.Be illustrated below by an example, suppose to have 3 user site: user site 01, user site 02 and user site 03, if user site 02 and user site 03 are in off-line state or do not access VPN traffic, even if so user site 01 accesses above-mentioned VPN traffic, user site 01 also cannot transmit data with user site 02 and user site 03, but owing to still can be configured to make it access in above-mentioned VPN traffic to the edge device that user site 01 connects in above-mentioned access way, thus cause the wasting of resources.
And in embodiments of the present invention, provide a kind of cut-in method and network equipment of VPN traffic, access VPN traffic as required to realize user site, thus reduce the wasting of resources.
Below in conjunction with the accompanying drawing in the embodiment of the present invention, be clearly and completely described the technical scheme in the embodiment of the present invention, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those skilled in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.

Claims (20)

1. a cut-in method for virtual private network business, is characterized in that, comprising:
The network equipment receives the first access request that the first edge device sends, and described first access request accesses described VPN traffic for asking the first user website by described first edge device connects;
The described network equipment has determined that the second user site request accesses described VPN traffic;
First edge device described in described network equipments configuration and the second edge device be connected with described second user site, to access described VPN traffic by described first user website and described second user site.
2. method according to claim 1, it is characterized in that, first edge device described in described network equipments configuration and the second edge device be connected with described second user site, so that described first user website and described second user site are accessed described VPN traffic, comprising:
The described network equipment is disposed from described first edge device to the first vpn tunneling of described second edge device, and dispose from described second edge device to the second vpn tunneling of described first edge device, the head end of described first vpn tunneling and described first port association, the tail end of described first vpn tunneling and described second port association, the head end of described second vpn tunneling and described second port association, the tail end of described second vpn tunneling and described first port association, described first port is the port that described first edge device is connected with described first user website, described second port is the port that described second edge device is connected with described second user site.
3. method according to claim 2, is characterized in that, also comprises:
The described network equipment receives the second access request that the 3rd edge device sends, and described second access request accesses described VPN traffic for asking the 3rd user site by described 3rd edge device connects;
The described network equipment has determined that described first user website and described second user site access described VPN traffic;
The described network equipment is disposed from described first edge device to the 3rd vpn tunneling of described 3rd edge device, and the 4th vpn tunneling disposed from described 3rd edge device to described first edge device, the head end of described 3rd vpn tunneling and described first port association, the tail end of described 3rd vpn tunneling and the 3rd port association, the head end of described 4th vpn tunneling and described 3rd port association, the tail end of described 4th vpn tunneling and described first port association, described 3rd port is the port that described 3rd edge device is connected with described 3rd user site;
The described network equipment is disposed from described second edge device to the 5th vpn tunneling of described 3rd edge device, and the 6th vpn tunneling disposed from described 3rd edge device to described second edge device, the head end of described 5th vpn tunneling and described second port association, the tail end of described 5th vpn tunneling and described 3rd port association, the head end of described 6th vpn tunneling and described 3rd port association, the tail end of described 6th vpn tunneling and described second port association.
4. according to the method in claim 2 or 3, it is characterized in that, described method also comprises:
The described network equipment is that described VPN traffic distributes vpn tunneling mark;
The described network equipment is disposed from described first edge device to the first vpn tunneling of described second edge device, and disposes from described second edge device to the second vpn tunneling of described first edge device, comprising:
The described network equipment sends the first configuration parameter to described first edge device, and described first configuration parameter comprises: described vpn tunneling mark, the port-mark of described first port and the device identification of described second edge device;
The described network equipment sends the second configuration parameter to described second edge device, and described second configuration parameter comprises: described vpn tunneling mark, the port-mark of described second port and the device identification of described first edge device.
5. according to the method in claim 2 or 3, it is characterized in that, the described network equipment is disposed from described first edge device to the first vpn tunneling of described second edge device, and disposes from described second edge device to the second vpn tunneling of described first edge device, comprising:
The described network equipment sends the request disposing described first vpn tunneling and described second vpn tunneling to controller, the request of described first vpn tunneling of described deployment and described second vpn tunneling comprises the device identification of the port-mark of described first port, the port-mark of described second port, the device identification of described first edge device and described second edge device.
6. the method according to any one of claim 2 to 5, is characterized in that, also comprises:
The described network equipment receive that described first edge device sends first exit that request or described second edge device send second exit request, described first exits request exits described first user website from described VPN traffic for request, and described second exits request exits described second user site from described VPN traffic for request;
The described network equipment cancels described first vpn tunneling and described second vpn tunneling.
7. method according to claim 6, is characterized in that, also comprises:
The described network equipment obtains the relevant information of the deployment time for representing described first vpn tunneling and described second vpn tunneling;
Described relevant information is sent to counting equipment by the described network equipment.
8. the method according to any one of claim 2 to 7, is characterized in that, described first access request also comprises the account that described first user site requests accesses described VPN traffic;
Described method also comprises:
The described network equipment obtains service quality QoS corresponding to described account;
The described network equipment is disposed from described first edge device to the first vpn tunneling of described second edge device, comprising:
The described network equipment, based on QoS corresponding to described account, disposes described first vpn tunneling from described first edge device to described second edge device.
9. the method according to any one of claim 1 to 8, is characterized in that, also comprises:
The described network equipment stores the information that described first user site requests accesses described VPN traffic after receiving described first access request;
The described network equipment has determined that the second user site request accesses described VPN traffic, comprising:
The described network equipment is determined and is stored the information that described second user site request accesses described VPN traffic.
10. the method according to any one of claim 1 to 9, is characterized in that, also comprises:
Described first edge device, after the request of reaching the standard grade receiving described first user website, sends described first access request to the described network equipment.
11. 1 kinds of network equipments, is characterized in that, comprising:
Receiving element, for receiving the first access request that the first edge device sends, described first access request is for asking the first user website access virtual special network VPN traffic connected by described first edge device;
Processing unit, for when described receiving element receives described first access request, determine that the second user site request accesses described VPN traffic, the second edge device configuring described first edge device and be connected with described second user site, to access described VPN traffic by described first user website and described second user site.
12. network equipments according to claim 11, is characterized in that,
When the second edge device configuring described first edge device and be connected with described second user site, during so that described first user website and described second user site are accessed described VPN traffic, described processing unit is specifically for disposing from described first edge device to the first vpn tunneling of described second edge device, and dispose from described second edge device to the second vpn tunneling of described first edge device, the head end of described first vpn tunneling and described first port association, the tail end of described first vpn tunneling and described second port association, the head end of described second vpn tunneling and described second port association, the tail end of described second vpn tunneling and described first port association, described first port is the port that described first edge device is connected with described first user website, described second port is the port that described second edge device is connected with described second user site.
13. network equipments according to claim 12, is characterized in that,
Described receiving element also for, receive the 3rd edge device send the second access request, described second access request for ask by described 3rd edge device connect the 3rd user site access described VPN traffic;
Described processing unit also for, when described receiving element receives described second access request, determine that described first user website and described second user site access described VPN traffic, dispose from described first edge device to the 3rd vpn tunneling of described 3rd edge device, dispose the 4th vpn tunneling from described 3rd edge device to described first edge device, dispose from described second edge device to the 5th vpn tunneling of described 3rd edge device, and dispose the 6th vpn tunneling from described 3rd edge device to described second edge device;
The head end of described 3rd vpn tunneling and described first port association, the tail end of described 3rd vpn tunneling and the 3rd port association, the head end of described 4th vpn tunneling and described 3rd port association, the tail end of described 4th vpn tunneling and described first port association, the head end of described 5th vpn tunneling and described second port association, the tail end of described 5th vpn tunneling and described 3rd port association, the head end of described 6th vpn tunneling and described 3rd port association, the tail end of described 6th vpn tunneling and described second port association, described 3rd port is the port that described 3rd edge device is connected with described 3rd user site.
14. network equipments according to claim 12 or 13, is characterized in that, also comprise: transmitting element;
Described processing unit also for, be that described VPN traffic distributes vpn tunneling mark;
When disposing from described first edge device to the first vpn tunneling of described second edge device, and when disposing from described second edge device to the second vpn tunneling of described first edge device, described processing unit specifically for sending the first configuration parameter by described transmitting element to described first edge device, and sends the second configuration parameter by described transmitting element to described second edge device;
Described first configuration parameter comprises: described vpn tunneling mark, the port-mark of described first port and the device identification of described second edge device; Described second configuration parameter comprises: described vpn tunneling mark, the port-mark of described second port and the device identification of described first edge device.
15. network equipments according to claim 12 or 13, is characterized in that, also comprise: transmitting element;
When disposing from described first edge device to the first vpn tunneling of described second edge device, and when disposing from described second edge device to the second vpn tunneling of described first edge device, described processing unit is specifically for sending the request disposing described first vpn tunneling and described second vpn tunneling to controller by described transmitting element, the request of described first vpn tunneling of described deployment and described second vpn tunneling comprises the port-mark of described first port, the port-mark of described second port, the device identification of described first edge device and the device identification of described second edge device.
16., according to claim 12 to the network equipment described in 15 any one, is characterized in that,
Described receiving element also for, described first edge device send first exit that request or described second edge device send second exit request, described first exits request exits described first user website from described VPN traffic for request, and described second exits request exits described second user site from described VPN traffic for request;
Described processing unit also for, described receiving element receive described first exit request or described second exit request time, cancel described first vpn tunneling of deployment and described second vpn tunneling.
17. network equipments according to claim 16, is characterized in that, also comprise: transmitting element;
Described processing unit also for, obtain the relevant information of the deployment time for representing described first vpn tunneling and described second vpn tunneling;
Described transmitting element, for being sent to counting equipment by described relevant information.
18., according to claim 12 to the network equipment described in 17 any one, is characterized in that, described first access request also comprises the account that described first user site requests accesses described VPN traffic;
Described processing unit also for, obtain the service quality QoS that described account is corresponding;
When disposing from described first edge device to the first vpn tunneling of described second edge device, described processing unit, specifically for based on QoS corresponding to described account, disposes described first vpn tunneling from described first edge device to described second edge device.
19., according to claim 11 to the network equipment described in 18 any one, is characterized in that,
Described processing unit also for, when described receiving element receives described first access request, store the information that described first user site requests accesses described VPN traffic;
When having determined that the second user site request accesses described VPN traffic, described processing unit has stored specifically for determining the information that described second user site request accesses described VPN traffic.
20., according to claim 11 to the network equipment described in 19 any one, is characterized in that, described first edge device is after the request of reaching the standard grade of the described first user website of reception, sends the equipment of described first access request to the described network equipment.
CN201410850003.4A 2014-12-31 2014-12-31 The cut-in method and the network equipment of a kind of vpn service Active CN104601431B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201410850003.4A CN104601431B (en) 2014-12-31 2014-12-31 The cut-in method and the network equipment of a kind of vpn service
PCT/CN2015/093091 WO2016107261A1 (en) 2014-12-31 2015-10-28 Method for accessing vpn service, and network device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410850003.4A CN104601431B (en) 2014-12-31 2014-12-31 The cut-in method and the network equipment of a kind of vpn service

Publications (2)

Publication Number Publication Date
CN104601431A true CN104601431A (en) 2015-05-06
CN104601431B CN104601431B (en) 2018-04-20

Family

ID=53126952

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410850003.4A Active CN104601431B (en) 2014-12-31 2014-12-31 The cut-in method and the network equipment of a kind of vpn service

Country Status (2)

Country Link
CN (1) CN104601431B (en)
WO (1) WO2016107261A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016107261A1 (en) * 2014-12-31 2016-07-07 华为技术有限公司 Method for accessing vpn service, and network device
WO2018214854A1 (en) * 2017-05-22 2018-11-29 Huawei Technologies Co., Ltd. Elastic vpn that bridges remote islands
CN111884903A (en) * 2020-07-15 2020-11-03 迈普通信技术股份有限公司 Service isolation method and device, SDN network system and routing equipment
WO2021249242A1 (en) * 2020-06-09 2021-12-16 华为技术有限公司 Service deployment method and apparatus

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060069916A1 (en) * 2004-09-30 2006-03-30 Alcatel Mobile authentication for network access
CN1829176A (en) * 2005-03-01 2006-09-06 信息产业部电信研究院 Resource managing method based on signal mechanism in IP telecommunication network system
CN101114972A (en) * 2006-07-26 2008-01-30 成都迈普产业集团有限公司 Method for establishing and dismounting virtual private network in IP telecommunication network system
CN101330459A (en) * 2008-07-31 2008-12-24 电子科技大学 Method for controlling VPN consumer wideband based on Hose flexible pipe
US20090222892A1 (en) * 2008-02-29 2009-09-03 Nec Corporation Remote access system, method and program
CN102055639A (en) * 2009-11-10 2011-05-11 杭州华三通信技术有限公司 Method for establishing remote access virtual private network connection and local access concentrator
CN103001872A (en) * 2011-09-13 2013-03-27 华为技术有限公司 Label distribution method and aggregation unit

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6912232B1 (en) * 1998-10-19 2005-06-28 At&T Corp. Virtual private network
US7680934B2 (en) * 2004-03-26 2010-03-16 Nortel Networks Limited Method and apparatus for assigning and allocating network resources to layer 1 virtual private networks
CN100441030C (en) * 2004-06-10 2008-12-03 华为技术有限公司 Method for establishing privacy call
DE102010038228A1 (en) * 2010-10-15 2012-04-19 Phoenix Contact Gmbh & Co. Kg Method for establishing a VPN connection between two networks
CN103780467B (en) * 2012-10-19 2017-04-26 华为技术有限公司 communication connection method, communication device and communication system
CN104601431B (en) * 2014-12-31 2018-04-20 华为技术有限公司 The cut-in method and the network equipment of a kind of vpn service

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060069916A1 (en) * 2004-09-30 2006-03-30 Alcatel Mobile authentication for network access
CN1829176A (en) * 2005-03-01 2006-09-06 信息产业部电信研究院 Resource managing method based on signal mechanism in IP telecommunication network system
CN101114972A (en) * 2006-07-26 2008-01-30 成都迈普产业集团有限公司 Method for establishing and dismounting virtual private network in IP telecommunication network system
US20090222892A1 (en) * 2008-02-29 2009-09-03 Nec Corporation Remote access system, method and program
CN101330459A (en) * 2008-07-31 2008-12-24 电子科技大学 Method for controlling VPN consumer wideband based on Hose flexible pipe
CN102055639A (en) * 2009-11-10 2011-05-11 杭州华三通信技术有限公司 Method for establishing remote access virtual private network connection and local access concentrator
CN103001872A (en) * 2011-09-13 2013-03-27 华为技术有限公司 Label distribution method and aggregation unit

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016107261A1 (en) * 2014-12-31 2016-07-07 华为技术有限公司 Method for accessing vpn service, and network device
WO2018214854A1 (en) * 2017-05-22 2018-11-29 Huawei Technologies Co., Ltd. Elastic vpn that bridges remote islands
US10938599B2 (en) 2017-05-22 2021-03-02 Futurewei Technologies, Inc. Elastic VPN that bridges remote islands
US11792045B2 (en) 2017-05-22 2023-10-17 Futurewei Technologies, Inc. Elastic VPN that bridges remote islands
WO2021249242A1 (en) * 2020-06-09 2021-12-16 华为技术有限公司 Service deployment method and apparatus
CN111884903A (en) * 2020-07-15 2020-11-03 迈普通信技术股份有限公司 Service isolation method and device, SDN network system and routing equipment
CN111884903B (en) * 2020-07-15 2022-02-01 迈普通信技术股份有限公司 Service isolation method and device, SDN network system and routing equipment

Also Published As

Publication number Publication date
WO2016107261A1 (en) 2016-07-07
CN104601431B (en) 2018-04-20

Similar Documents

Publication Publication Date Title
CN106533883B (en) A kind of method for building up, the apparatus and system of network special line
CN104243210B (en) The method and system of remote access router administration page
EP3096490B1 (en) Method for realizing network virtualization and related device and communication system
EP3382942B1 (en) Network service configuration method and network management device
CN109088820B (en) Cross-device link aggregation method and device, computing device and storage medium
CN109412922B (en) Method, forwarding device, controller and system for transmitting message
WO2019178756A1 (en) Sd-wan system, use method of sd-wan system, and related apparatus
CN105577500B (en) The correlating method and device of VXLAN and tunnel
US10050906B2 (en) Virtual node having separate control and data planes
CN105763385A (en) Flow scheduling method and apparatus
CN104144096A (en) Virtual network layer construction method, device and system
WO2021174943A1 (en) Data forwarding method and apparatus, and device and storage medium
CN104601431A (en) Access method of VPN business and network device
CN107547665A (en) A kind of method, equipment and the system of dhcp address distribution
CN104333464B (en) Method of automatic configuration, load bearing equipment and the system that a kind of base station networks
CN110620706B (en) Parameter adjusting method and equipment
CN110391961B (en) Tunnel binding method, device and system
CN112511923A (en) Configuration and binding method, device, equipment, sending node, receiving node and medium
CN110351394B (en) Network data processing method and device, computer device and readable storage medium
CN108123865B (en) Message processing method and device
US20150109945A1 (en) On-demand transmission path providing system and method
EP4120637A1 (en) Dialing message processing method, network elements, system, and network device
CN109327375A (en) For establishing the methods, devices and systems in the tunnel VXLAN
CN116346294A (en) Communication method, device, related equipment and storage medium
CN105049241A (en) Method and system for terminal to access network

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant