CN106034075B - Method and device for distributing label for VPN route - Google Patents
Method and device for distributing label for VPN route Download PDFInfo
- Publication number
- CN106034075B CN106034075B CN201510103125.1A CN201510103125A CN106034075B CN 106034075 B CN106034075 B CN 106034075B CN 201510103125 A CN201510103125 A CN 201510103125A CN 106034075 B CN106034075 B CN 106034075B
- Authority
- CN
- China
- Prior art keywords
- vrf
- label
- vpn route
- vpn
- route
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method and a device for distributing labels for VPN (virtual private network) routing, which relate to the network communication technology, and the method comprises the following steps: the upper-layer backbone network edge SPE device detects a VPN route from a lower-layer backbone network edge UPE device; when a VPN route from UPE equipment is detected, SPE equipment judges whether a virtual private network route forwarding instance VRF capable of importing the VPN route exists or not; and if the VRF capable of importing the VPN route is judged to exist, importing the VPN route into the corresponding VRF, and taking the label of the VRF as an inner layer label of the VPN route. The invention can save a large amount of label resources.
Description
Technical Field
The present invention relates to network communication technologies, and in particular, to a method and a related device for assigning a label to a VPN route.
Background
A Virtual Private Network (VPN) is a Private Network constructed by using a public Network, and it gains more and more extensive application with its unique advantages, and can reduce the cost for the user to use the VPN, and is convenient for management. For operators, the value-added service can be provided by using the existing infrastructure, the operation service volume can be enlarged, and meanwhile, a new business opportunity is created.
The Multi-Protocol Label Switching (MPLS) is a classified Forwarding technology that classifies packets having the same Forwarding processing manner into one Class, i.e., Forwarding Equivalent Class (FEC). MPLS was originally a protocol proposed to increase the forwarding speed of routers, but has increasingly become an important standard for scaling IP networks due to its superior performance in both traffic engineering and VPN, two very critical technologies in current IP networks. The key to the MPLS protocol is the introduction of the Label (Label) switching concept, where an MPLS edge router analyzes the content of IP packets and selects the appropriate Label for those IP packets upon entering the first MPLS device. This label is then transported in the MPLS network as a forwarding basis, with the label being separated by the edge router as the IP packet leaves the MPLS network. In the MPLS network, network devices are divided into edge network devices and core network devices, and the edge network devices provide functions of traffic classification and label mapping, and label removal. The core network device provides label switching and label distribution functions.
The MPLS VPN network, MPLS is an efficient IP backbone network technology platform, and provides a flexible and extensible technology base for realizing VPN. In the MPLS VPN network, when a VPN route is forwarded, if a next hop needs to become itself, a label needs to be allocated to the VPN route.
Fig. 1 is a diagram of a model architecture of an MPLS VPN network provided in the prior art, and as shown in fig. 1, a typical networking of the MPLS VPN network is shown, where Customer Edge (CE) devices are Edge devices in the customer network directly connected to a service Provider, backbone Edge (PE) devices are directly connected to the CE devices of the customer, and backbone core (Provider, P) devices are devices in the backbone network not directly connected to the CE.
Fig. 2 is a relationship diagram between a VPN Routing and forwarding instance (VRF) and each VPN in a PE router, where a corresponding VRF is created on the PE router for each VPN, and each VRF includes a Routing table, a forwarding table, and an interface.
Fig. 3 is a schematic diagram of VPN route distribution provided by the prior art, and as shown in fig. 3, a process of forming a BGP VPNv4 route on a PE1 device is as follows: the VPNv4 routing process for Border Gateway Protocol (BGP) over PE1 is as follows: 1. forming a VPNv4 Route by the Route prefix and a Route-Distinguisher (RD) of the VRF; 2. label L1 is assigned for VPNv4 routing; 3. organizing the RT attribute of the Route according to the Route-Target (RT) configuration of the VRF where the Route is located; 4. sets the next hop of the route to itself and organizes other attributes of the route, VPNv4 route formation. The processing of the VPNv4 route on PE2 that receives BGP is as follows: 1. corresponding routes are solved from the VPNv4 routes, and according to the RT attributes of the routes, the VRFs to which the routes are required are determined; 2. the carried label L1 is an inner layer label of the data message; 3. according to the next hop information of the route, inquiring a label to be used in a label switching channel, namely an outer layer label in label switching; 4. and transmitting the obtained information to a forwarding table for use in forwarding.
Fig. 4 is a schematic diagram of forwarding a VPN packet in an MPLS VPN network in the prior art, and as shown in fig. 4, when a CE2 sends a data packet to a CE1, the processing procedures at PEs 2 and P, PE1 are as follows:
processing at PE 2: 1. obtaining a VPN ID number according to the VRF attribute of the message input interface; 2. using the VPN ID number and the destination IP address to search a VRF table to obtain an outgoing interface, an inner outgoing label (namely a VPN label) and an outer outgoing label (namely a label distributed to PE1 by P); 3. packaging the inner layer label and the outer layer label into a message; 4. and forwarding the message from the outgoing interface. Assuming that the found inner layer label and outer layer label are 17 and 23, respectively, the message structure after encapsulation is as follows:
| 23 | 17 | Ip packet |
processing on P: 1. judging that the data packet is a label packet; 2. fetching a first layer MPLS forwarding label, e.g., 23; 3. searching a label forwarding table according to the label to obtain an output interface, a next hop and an output label; 4. if the outgoing label is not 3, it indicates that the next hop is not the last node of the LSP, then the outer label of the data packet needs to be removed, and a new outer label is encapsulated; if the outgoing label is a 3 label, it indicates that the next hop is the last node in the LSP, and the outer label of the packet needs to be removed according to the next last hop popping rule and then directly forwarded, taking the second case as an example, the outer label of 23 is removed and forwarded from the outgoing interface. The forwarded message structure is as follows:
| 17 | Ip packet |
processing at PE 1: 1. judging that the data packet is a label packet; 2. fetching a first layer MPLS forwarding label, e.g., 17; 3. judging whether a secondary searching mark exists or not, if so, acquiring a VPN ID number according to the label, then carrying out route matching searching and forwarding according to a destination address in the message, and if not, directly searching an outlet interface according to the label to carry out message forwarding; 4. and forwarding the message from the outgoing interface according to the found outgoing interface. Here, label 17 is stripped and the message is forwarded to CE 1. The forwarded message structure is as follows:
| Ip packet |
to solve the scalability problem, MPLS L3 VPNs must be transformed from a flat model to a layered model. In the field of MPLS L3VPN, a hierarchical VPN (hierarchical of VPN, hopvpn) provides a solution to distribute functions of a PE to a plurality of PE devices, and the plurality of PEs assume different roles and form a hierarchical structure to collectively perform the functions of one PE.
Fig. 5 is a schematic diagram of a routing distribution of a VPN, which is provided in the prior art, and as shown in fig. 5, in a HoPE architecture, a PE device of a conventional MPLS L3VPN is evolved from one device to multiple devices. The PE device directly connected to the CE device of the User is called a lower PE (User-side PE, UPE), and the device connected to the UPE and located inside the network is called an upper PE (Super-Stratum PE, Service Provider-side PE, SPE). A plurality of UPEs and an SPE form a layered PE, and the functions of one PE in the prior art are completed together. In the route transfer direction as shown in fig. 5, the processing procedure on the SPE device is as follows: and the SPE imports the VPN into a corresponding VRF of the SPE, forwards the UPE VPN route to the PE on the SPE, modifies the next hop to be the SPE, and redistributes a VPN route label L2.
Fig. 6 is a schematic view of the hopvpn data forwarding provided in the prior art, and as shown in fig. 6, when a CE2 sends a data packet to a CE1, the processing procedures on a PE, an SPE, and a UPE are as follows:
processing on the PE: 1. obtaining a VPN ID number according to the VRF attribute of the message input interface; 2. using VPN ID number and destination IP address to search VRF table to obtain outlet interface, inner layer outlet label (VPN label) and outer layer outlet label (SPE label distributed to PE, if it is 3 label not packaged); 3. packaging the inner layer label and the outer layer label into a message; 4. and forwarding the message from the outgoing interface. Assuming that the found inner layer label and outer layer label are 17 and 23, respectively, the message structure after encapsulation is as follows:
| 23 | 17 | Ip packet |
processing on SPE: 1. and finding an inner layer VPN label. Outer labels may also be present; 2. finding out a route corresponding to the VPN according to the VPN label; 3. searching for a corresponding inner layer label and a next hop, and searching for a corresponding outer layer label according to the next hop; 4. and forwarding the message from the outgoing interface. Assuming that the found inner layer label and outer layer label are 30 and 26 respectively, the message structure after encapsulation is as follows:
| 26 | 30 | Ip packet |
processing on UPE: 1. judging that the data packet is a label packet; 2. the outer label may also exist; 3. judging whether a secondary search mark exists or not, if so, acquiring a vpn ID number according to the label, then carrying out route matching search forwarding according to a destination address in the message, and if not, directly searching an outgoing interface according to the label to carry out message forwarding; 4. and forwarding the message from the outgoing interface according to the found outgoing interface. And stripping the label when forwarding. The forwarded message structure is as follows:
| Ip packet |
since each VPN has an independent address space, when a PE processes a received data packet in an MPLS VPN network, it needs to support a function of nesting multiple labels by using MPLS to distinguish which VPN the packet belongs to, that is, an inner label is allocated to a route in the VPN through MP-BGP, and the inner label is issued together with the VPN route.
Label Distribution is a core part of router devices in MPLS networks, and particularly for PE devices, labels are distributed to public network routes through protocols such as Label Distribution Protocol (LDP), labels are also required to be distributed to private network routes through multi-Protocol border gateway Protocol (MP-BGP), and certainly, other labels distributed statically are also required. The label resource is limited, and when the route is forwarded on the existing HoVPN, the label resource is distributed according to each label of each route, and when the number of routes is large, the label resource is easy to be tense.
Disclosure of Invention
The invention aims to provide a method and a device for distributing labels for VPN (virtual private network) routes, which can better solve the problem of label resource shortage.
According to an aspect of the present invention, there is provided a method of assigning a label to a VPN route, comprising:
SPE equipment detects a VPN route from UPE equipment;
when a VPN route from UPE equipment is detected, SPE equipment judges whether a VRF capable of importing the VPN route exists or not;
and if the VRF capable of importing the VPN route is judged to exist, importing the VPN route into the corresponding VRF, and taking the label of the VRF as an inner layer label of the VPN route.
Preferably, before the SPE device detects the VPN route from the UPE device, the method further includes:
on SPE equipment, creating a VRF;
setting a route distinguisher RD to enable the created VRF to be effective;
a label is taken from the label pool and assigned to the active VRF.
Preferably, the step of determining, by the SPE device, whether a VRF capable of importing the VPN route exists includes:
the SPE equipment judges whether the created VRF exists or not;
when the created VRF exists, matching a routing target attribute RT carried by the VPN route with the RT in the created VRF;
and if the RT carried by the VPN route is matched with the RT in the created VRF, judging that the VRF capable of importing the VPN route exists.
Preferably, when there are a plurality of VRFs capable of importing the VPN route, the SPE device imports the VPN route into the plurality of VRFs respectively, and selects a label of any one of the VRFs as an inner label of the VPN route.
Preferably, the method further comprises the following steps:
and when no VRF capable of importing the VPN route exists or no label is allocated to the VRF capable of importing the VPN route, the SPE device applies for an inner-layer label for the VPN route in a default mode.
According to another aspect of the present invention, there is provided an apparatus for assigning a label to a VPN route, including:
the detection module is used for detecting a VPN route from UPE equipment at the edge of a lower-layer backbone network;
the judging module is used for judging whether a virtual private network route forwarding instance VRF capable of importing the VPN route exists or not when the VPN route from the UPE equipment is detected;
and the distribution module is used for importing the VPN route into the corresponding VRF when judging that the VRF capable of importing the VPN route exists, and taking the label of the VRF as the inner layer label of the VPN route.
Preferably, the method further comprises the following steps:
and the VRF creating module is used for creating VRF before detecting the VPN route from the UPE equipment, enabling the created VRF to be effective by setting a route distinguisher RD, taking out a label from the label pool and distributing the label to the effective VRF.
Preferably, the determining module determines whether a created VRF exists, matches the route target attribute RT carried by the VPN route with the RT in the created VRF when the created VRF exists, and determines that a VRF capable of importing the VPN route exists if the RT carried by the VPN route matches with the RT in the created VRF.
Preferably, when there are a plurality of VRFs capable of importing the VPN route, the allocating module imports the VPN route into the plurality of VRFs respectively, and selects a label of any one of the VRFs as an inner label of the VPN route.
Preferably, when there is no VRF capable of importing the VPN route or there is no label assigned to the VRF capable of importing the VPN route, the assignment module applies for an inner-layer label for the VPN route by default.
Compared with the prior art, the invention has the beneficial effects that:
1. the invention adopts the mode of multiplexing the label of the imported VRF as the label of the VPN route when the VPN route is forwarded on the SPE equipment in the MPLS network, thereby saving the label application, leading the label resource to be fully utilized, being particularly suitable for the equipment such as routers or exchangers with limited hardware resources and smaller label forwarding table space, leading the original equipment which can not realize the MPLS VPN function due to resource limitation to be capable of starting the MPLS VPN function, saving the resource in a large amount and leading the limited resource to be fully utilized;
2. the invention can save the time of applying the label and improve the efficiency.
Drawings
Fig. 1 is a diagram of a prior art MPLS VPN network architecture model;
figure 2 is a diagram of the relationship between VPN route forwarding instances and individual VPNs in backbone edge routers as provided by the prior art;
FIG. 3 is a prior art diagram of VPN route distribution provided;
fig. 4 is a schematic diagram illustrating forwarding of a VPN packet in an MPLS VPN network according to the prior art;
FIG. 5 is a schematic diagram of HoVPN route distribution provided by the prior art;
FIG. 6 is a schematic diagram of HoVPN data forwarding provided by the prior art;
FIG. 7 is a functional block diagram of a method for assigning labels to VPN routes according to the present invention;
fig. 8 is a block diagram of an apparatus for assigning labels to VPN routes according to the present invention;
FIG. 9 is a schematic diagram of a HoVPN route distribution after the inner label manner using VRF labels described in the present invention is adopted;
fig. 10 is a schematic diagram of the hop vpn data forwarding after the method of using the VRF label as the inner label described in the present invention is adopted.
Detailed Description
The preferred embodiments of the present invention will be described in detail below with reference to the accompanying drawings, and it should be understood that the preferred embodiments described below are only for the purpose of illustrating and explaining the present invention, and are not to be construed as limiting the present invention.
Fig. 7 is a schematic block diagram of a method for assigning a label to a VPN route according to the present invention, as shown in fig. 1, the steps include:
step S101: in the hierarchical virtual private network HoVPN, the SPE equipment at the edge of an upper-layer backbone network detects a VPN route from UPE equipment at the edge of a lower-layer backbone network.
Before executing the step S101, a VRF needs to be created on the SPE device; setting a route distinguisher RD to enable the created VRF to be effective; a label is taken from the label pool and assigned to the active VRF.
Step S102: when detecting the VPN route from the UPE equipment, the SPE equipment judges whether a virtual private network route forwarding instance VRF capable of importing the VPN route exists or not.
The step S102 includes: the SPE equipment judges whether the created VRF exists or not; when the created VRF exists, matching a routing target attribute RT carried by the VPN route with the RT in the created VRF; and if the RT carried by the VPN route is matched with the RT in the created VRF, judging that the VRF capable of importing the VPN route exists.
Step S103: and if the VRF capable of importing the VPN route is judged to exist, importing the VPN route into the corresponding VRF, and taking the label of the VRF as an inner layer label of the VPN route.
Further, when a plurality of VRFs capable of importing the VPN route exist, the SPE device imports the VPN route into the plurality of VRFs respectively, and selects a label of any one VRF as an inner layer label of the VPN route.
And when judging that no VRF capable of importing the VPN route exists or the VRF capable of importing the VPN route does not distribute the label, the SPE device applies for an inner layer label for the VPN route in a default mode.
Fig. 8 is a block diagram of a structure of an apparatus for allocating a label to a VPN route according to the present invention, and as shown in fig. 8, the apparatus is disposed on an SPE, and includes: a VRF creation module 10, a detection module 20, a determination module 30, and an assignment module 40.
The VRF creation module 10 is used to create VRFs before detecting VPN routes from UPE devices, validate the created VRFs by setting a route distinguisher RD, and retrieve a label from the label pool to assign to the valid VRFs.
The detection module 20 is configured to detect, in a hierarchical VPN, a VPN route from a lower backbone edge UPE device.
The determining module 30 is configured to determine whether a virtual private network forwarding instance VRF capable of importing a VPN route exists when the VPN route from the UPE device is detected. Specifically, the determining module 30 determines whether there is a created VRF, and when there is a created VRF, matches the route target attribute RT carried by the VPN route with the RT in the created VRF, and if the RT carried by the VPN route matches with the RT in the created VRF, determines that there is a VRF capable of importing the VPN route, otherwise, determines that there is no VRF capable of importing the VPN route.
The allocating module 40 is configured to import the VPN route to a corresponding VRF and use a label of the VRF as an inner label of the VPN route when determining that there is a VRF capable of importing the VPN route. Further, when there are a plurality of VRFs capable of importing the VPN route, the allocating module 40 imports the VPN route into the plurality of VRFs, respectively, and selects a label of any one of the VRFs as an inner label of the VPN route. When no VRF capable of importing the VPN route exists or no label is allocated to the VRF capable of importing the VPN route, the allocation module applies for an inner-layer label for the VPN route in a default mode.
The invention allocates labels for the received VPN route in the forwarding process, and can save unnecessary label application when forwarding the VPN route.
In the VPN route forwarding process under the HoVPN environment, when labels need to be allocated in the next hop, the forwarding of the VPN route is realized by using as few labels as possible, and a VPN network is established, so that the forwarding of the VPN route can be realized on equipment with a small label forwarding table space, and the MPLS VPN network is established. Of course, the label resources can be more fully and effectively utilized by using the method on the equipment with larger space of the label forwarding table. The invention is particularly suitable for forwarding the UPE route to the topology of the next hop modified by the PE route by the SPE in the layered L3VPN network. That is, in order to more effectively utilize limited tag resources on the SPE of the vpn network, the method and the corresponding apparatus provided by the present invention can be used. Specifically, in the HoVPN network, when the SPE device receives the UPE route and forwards the UPE route to the PE, if the next hop needs to be changed to the SPE device, the SPE device needs to reapply the inner layer label at this time. When the VRF exists on the SPE and the VRF already acquires the label, if the VPN route can be imported into the VRF, the label of the VRF can be used as a new inner-layer label to be notified to the PE, so that a large amount of label resources can be saved, and meanwhile, if the route is frequently notified and cancelled, the label forwarding table does not need to be modified, so that the system efficiency is further improved.
The VPN route label distribution mode is that all route entries capable of being led into VRF share the label of VRF. The label of the VRF can be used as a route label because forwarding through a second route match lookup can distinguish VPNs and determine the next hop-out interface. To implement this function of using the label of the VRF as a routing label, the following problems need to be considered and solved:
1. if a route in a VPN can import multiple VRFs, then should the label of which VRF should be selected for forwarding the route be the route forwarding label (i.e. the inner label)?
2. How should a label be selected as a route forwarding label for forwarding a route if the route in a VPN does not have any import VRF or VRF does not apply for a label?
For the first problem, if the route can be imported to multiple VRFs, the label of one of the labeled VRFs can be arbitrarily selected as the route forwarding label of the VPN route. For the second problem, if the VRF does not apply for a label, or the route does not have an importable VRF. The route can only apply for the label by default.
The invention uses VRF label as route forwarding label distribution technique, without considering the creation and recovery of route label, the route creation and recovery do not modify label forwarding table, the creation and recovery of label are only affected by VRF creation and deletion.
The invention uses VRF label as forwarding label distribution technology, and can be set by static and dynamic setting modes, wherein the static setting is to set the label of VRF when the VRF has label and the route can be imported into the VRF when compiling the version, and the dynamic mode is to dynamically set the route imported into the VRF by command to use the VRF label. The difference between the two is that the static setting makes the system always use the label distribution technology of the invention from the beginning of operation, the dynamic setting only adopts the label distribution technology of the invention during the setting, that is, the VPN route generated during the setting is distributed by using the label of the imported VRF, and the VPN route generated before the setting is cleared and the setting is still distributed according to the default mode.
The following is described in detail with reference to fig. 9 and 10.
Fig. 9 is a schematic diagram of a routing distribution of a vpn after the method of using a VRF label as an inner label described in the present invention is used, fig. 10 is a schematic diagram of forwarding vpn data after the method of using a VRF label as an inner label described in the present invention is used, as shown in fig. 9 and fig. 10, a hardware part is composed of five routers, of which 2 serve as private network clients, namely CE1 and CE 2; one as edge router UPE; one as a PE router; one as SPE router. This embodiment is only used as an example to construct a most basic MPLS network, and the technique of the present invention is used to perform VPN routing label allocation on PE devices in a static configuration manner, and then, the CE at both ends mutually transmit VPN data packets, so that traffic can be intercommunicated. The processing steps of the software part are as follows:
step 1: MPLS is opened between PE and UPE, MPLS label switching channel LSP is established, and BGP neighbor is established.
Step 2: on a UPE router, a VRF is created for CE1, and on a PE router, a VRF is created for CE2, with the same RT settings on PE and UPE.
And 3, step 3: the CE1 and CE2 establish EBGP neighbors with the UPE and the PE respectively, and pour VPN routes from the CE1 and CE2 to the UPE and the PE respectively, for example, pour 2 VPN routes of 192.168.1.0/24 and 192.168.2.0/24.
And 4, step 4: using the method provided by the present invention, a VRF is created on an SPE and RD is set, and only if RD is set, it indicates that the VRF is valid, and at this time, a label is allocated to the VRF from the label pool, and this example allocates a label 300 to the VRF. At this time, the SPE receives the two VPN routes from the UPE, and can see that the two VPN routes imported into the VRF use the same label, i.e., VRF label 300.
The processing procedure on the SPE device is shown in fig. 7 (fig. 7 takes only 192.168.1.0/24 as an example): the SPE imports the routes 192.168.1.0/24 and 192.168.2.0/24 into the corresponding VRF of the SPE, the VPN route forwarding UPE on the SPE is sent to the PE, the next hop is modified to be the SPE, and the label value L2, namely 300 of the corresponding VRF is used as a new inner label and is announced to the PE.
In the existing VPN scheme shown in fig. 5, a SPE performs label allocation for each VPN route, where in this example, labels 100 and 200 are allocated to two routes, and the allocation flow is shown in fig. 5. Compared with the existing HoVPN scheme, the VPN route which can be imported into the corresponding VRF adopts the label of the VRF as an inner layer label, thereby saving the use amount of the label.
And 6, step 6: the CE1 and CE2 are mutually packaged, the flow can be communicated, and at the moment, the label forwarding table space occupied by the VPN route in the SPE equipment is only 1. As shown in fig. 10, when the CE2 sends a data packet to the CE1, the processing procedures on the PE, SPE, and UPE are as follows:
the processing procedure of the CE2 on the PE for sending the data message to the CE1 is as follows: 1. obtaining a VPNID number according to the VRF attribute of the message incoming interface; 2. using the VPN ID number and the destination IP address to search a VRF table to obtain an outgoing interface, an inner outgoing label (namely a VPN label) and an outer outgoing label (namely a label distributed to PE by SPE, if the label is 3, the label is not packaged); 3. packaging the inner layer label and the outer layer label into a message; 4. and forwarding the message from the outgoing interface. Assuming that the found inner layer label and outer layer label are 17 and 23, respectively, the message structure after encapsulation is as follows:
| 23 | 17 | Ip packet |
processing on SPE: 1. finding an inner VPN label, wherein the outer label possibly exists; 2. finding out a corresponding VRF according to the VPN label, and rerouting in the VRF; 3. according to the newly found route in VRF, inner and outer layer labels are searched in a way similar to that on PE; 4. and forwarding the message from the outgoing interface. Assuming that the found inner layer label and outer layer label are 30 and 26 respectively, the message structure after encapsulation is as follows:
| 26 | 30 | Ip packet |
processing on UPE: 1. judging that the data packet is a label packet; 2. the outer label may also exist; 3. judging whether a secondary searching mark exists or not, if so, acquiring a VPN ID number according to the label, then carrying out route matching searching and forwarding according to a destination address in the message, and if not, directly searching an outlet interface according to the label to carry out message forwarding; 4. and forwarding the message from the outgoing interface according to the found outgoing interface. And stripping the label when forwarding. The forwarded message structure is as follows:
| Ip packet |
further, deleting the VPN route 192.168.1.0/24, and keeping the message transmission on the route 192.168.2.0/24 in the deleting process, at this time, it can be found that there is no packet loss phenomenon, which indicates that the corresponding label forwarding table is always kept normal when the VPN route is not completely deleted.
Further, all VPN routes are deleted, and then the label forwarding table is checked, so that the label corresponding to the VPN is deleted from the label forwarding table. And deleting the VPN configuration on the SPE, and checking the label pool to see that the label originally distributed to the VPN is recycled into the label pool.
Further, the route in the VPN is not deleted, but the configuration of the VPN is directly deleted on the SPE, at this time, it is found that when the configuration of the VPN is deleted, the label pool is checked to see that the label allocated to the VPN is recovered, and the two VPN routes apply for labels to the label pool again in a manner of each label of each route.
In summary, the present invention has the following technical effects: the invention can realize the forwarding of the VPN route by using as few labels as possible.
Although the present invention has been described in detail hereinabove, the present invention is not limited thereto, and various modifications can be made by those skilled in the art in light of the principle of the present invention. Thus, modifications made in accordance with the principles of the present invention should be understood to fall within the scope of the present invention.
Claims (10)
1. A method for assigning labels to VPN routes, comprising:
when the upper-layer backbone network edge SPE equipment detects a VPN route from the lower-layer backbone network edge UPE equipment, the SPE equipment judges whether a created virtual private network routing forwarding instance VRF exists or not;
if the created VRF exists, the SPE equipment judges whether the VRF capable of importing the VPN route exists or not;
and if the VRF capable of importing the VPN route is judged to exist, importing the VPN route into the corresponding VRF, and taking the label of the VRF as an inner layer label of the VPN route.
2. The method of claim 1, before the SPE device detects the VPN route from the UPE device, further comprising:
on SPE equipment, creating a VRF;
setting a route distinguisher RD to enable the created VRF to be effective;
a label is taken from the label pool and assigned to the active VRF.
3. The method of claim 2 wherein the step of the SPE device determining whether there is a VRF capable of importing the VPN route comprises:
when the created VRF exists, matching a routing target attribute RT carried by the VPN route with the RT in the created VRF;
and if the RT carried by the VPN route is matched with the RT in the created VRF, judging that the VRF capable of importing the VPN route exists.
4. The method according to any one of claims 1-3, wherein when there are multiple VRFs capable of importing the VPN route, the SPE device imports the VPN route into the multiple VRFs respectively, and selects a label of any one VRF as an inner label of the VPN route.
5. The method of claim 4, further comprising:
and when no VRF capable of importing the VPN route exists or no label is allocated to the VRF capable of importing the VPN route, the SPE device applies for an inner-layer label for the VPN route in a default mode.
6. An apparatus for assigning labels to VPN routes, comprising:
the detection module is used for detecting a VPN route from UPE equipment at the edge of a lower-layer backbone network;
the judging module is used for judging whether a created VRF exists in a virtual private network routing forwarding instance when a VPN route from UPE equipment is detected, and judging whether a VRF capable of importing the VPN route exists if the created VRF exists;
and the distribution module is used for importing the VPN route into the corresponding VRF when judging that the VRF capable of importing the VPN route exists, and taking the label of the VRF as the inner layer label of the VPN route.
7. The apparatus of claim 6, further comprising:
and the VRF creating module is used for creating VRF before detecting the VPN route from the UPE equipment, enabling the created VRF to be effective by setting a route distinguisher RD, taking out a label from the label pool and distributing the label to the effective VRF.
8. The apparatus according to claim 7, wherein the determining module matches the RT carried by the VPN route with the RT in the created VRF when determining that the created VRF exists, and determines that a VRF capable of importing the VPN route exists if the RT carried by the VPN route matches the RT in the created VRF.
9. The apparatus according to any of claims 6-8, wherein when there are multiple VRFs that can import the VPN route, the assignment module imports the VPN route into the multiple VRFs respectively, and selects a label of any one VRF as an inner label of the VPN route.
10. The apparatus of claim 9, wherein the assignment module applies for a label by default for the VPN route when there is no VRF capable of importing the VPN route or there is no label assigned to the VRF capable of importing the VPN route.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510103125.1A CN106034075B (en) | 2015-03-09 | 2015-03-09 | Method and device for distributing label for VPN route |
| PCT/CN2015/087408 WO2016141678A1 (en) | 2015-03-09 | 2015-08-18 | Method and apparatus for allocating label to vpn route |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510103125.1A CN106034075B (en) | 2015-03-09 | 2015-03-09 | Method and device for distributing label for VPN route |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106034075A CN106034075A (en) | 2016-10-19 |
| CN106034075B true CN106034075B (en) | 2020-03-27 |
Family
ID=56879954
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510103125.1A Active CN106034075B (en) | 2015-03-09 | 2015-03-09 | Method and device for distributing label for VPN route |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN106034075B (en) |
| WO (1) | WO2016141678A1 (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111200549B (en) * | 2018-11-16 | 2021-04-20 | 华为技术有限公司 | Method and device for acquiring routing information |
| US11502946B2 (en) * | 2020-03-10 | 2022-11-15 | Juniper Networks, Inc. | Distributed label assignment for labeled routing protocol routes |
| CN112787929B (en) * | 2020-12-31 | 2022-10-04 | 中盈优创资讯科技有限公司 | Three-layer VPN service resource automatic allocation and management method and device |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1214583C (en) * | 2002-08-23 | 2005-08-10 | 华为技术有限公司 | Three layer virtual private network and its construction method |
| CN100550841C (en) * | 2006-07-12 | 2009-10-14 | 华为技术有限公司 | Autonomous System Boundary Router, AS Boundary Router route issuing method and Autonomous System Boundary Router, AS Boundary Router |
| US7804766B2 (en) * | 2007-11-16 | 2010-09-28 | At&T Intellectual Property Ii, L.P. | Devices, systems, and/or methods regarding virtual routing forwarding |
| CN101572669A (en) * | 2009-05-27 | 2009-11-04 | 中兴通讯股份有限公司 | Transmitting method of VPN message as well as allocating and deleting method of the router marks thereof |
| CN101692669A (en) * | 2009-07-23 | 2010-04-07 | 中兴通讯股份有限公司 | Method and device for virtual private network label distribution |
| CN103001872B (en) * | 2011-09-13 | 2016-03-30 | 华为技术有限公司 | A kind of label distribution method and polymerization unit |
| CN102724118B (en) * | 2012-06-06 | 2014-12-31 | 华为技术有限公司 | Label distribution method and device |
-
2015
- 2015-03-09 CN CN201510103125.1A patent/CN106034075B/en active Active
- 2015-08-18 WO PCT/CN2015/087408 patent/WO2016141678A1/en active Application Filing
Also Published As
| Publication number | Publication date |
|---|---|
| WO2016141678A1 (en) | 2016-09-15 |
| CN106034075A (en) | 2016-10-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| TWI803687B (en) | System for routing optimization and method thereof | |
| CN107222449B (en) | Communication method, device and system based on flow rule protocol | |
| CN105871721B (en) | Segment routing processing method, processing device and sending device | |
| US7756998B2 (en) | Managing L3 VPN virtual routing tables | |
| CN1992676B (en) | Method and device for forwarding state sharing between multiple traffic paths in a communication network | |
| CN107968752B (en) | SID acquisition method and device | |
| CN107483345B (en) | Service processing method, device and system | |
| CN107026796B (en) | VPN route notification method, data flow forwarding method and related equipment | |
| CN106921572B (en) | A kind of method, apparatus and system for propagating qos policy | |
| CN106453025A (en) | Tunnel creating method and device | |
| WO2010135957A1 (en) | Virtual private network message forwarding method and routing label assignment and deletion method thereof | |
| CN112511444A (en) | Multicast traffic transmission method, device, communication node and storage medium | |
| CN110912796A (en) | Communication method, device and system | |
| WO2013139270A1 (en) | Method, device, and system for implementing layer3 virtual private network | |
| WO2017193848A1 (en) | Route establishment and message sending | |
| CN103731349A (en) | Method for conducting Ethernet virtualized message transmission between interconnection neighbors and edge device | |
| CN112511423A (en) | Message processing method, boundary device and computer readable medium | |
| CN106034075B (en) | Method and device for distributing label for VPN route | |
| CN102394804A (en) | VPN system building method and VPN system | |
| CN113904981B (en) | Routing information processing method and device, electronic equipment and storage medium | |
| CN113395206B (en) | Route determining method, device and network equipment | |
| CN106230730B (en) | Multicast transmission method and device | |
| WO2018010576A1 (en) | Path establishment method and device, and network node | |
| CN110460507A (en) | Service bearer method, apparatus | |
| CN102739519A (en) | Rooted multipoint service implementation method, device and system, and provider edge equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |