CN106789921A - A kind of exchange method and interchanger for supporting that member port is isolated in VLAN - Google Patents

A kind of exchange method and interchanger for supporting that member port is isolated in VLAN Download PDF

Info

Publication number
CN106789921A
CN106789921A CN201611061433.3A CN201611061433A CN106789921A CN 106789921 A CN106789921 A CN 106789921A CN 201611061433 A CN201611061433 A CN 201611061433A CN 106789921 A CN106789921 A CN 106789921A
Authority
CN
China
Prior art keywords
port
vlan
down going
mac address
message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201611061433.3A
Other languages
Chinese (zh)
Inventor
李渊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu Guangda New Network Technology Co Ltd
Original Assignee
Chengdu Guangda New Network Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu Guangda New Network Technology Co Ltd filed Critical Chengdu Guangda New Network Technology Co Ltd
Priority to CN201611061433.3A priority Critical patent/CN106789921A/en
Publication of CN106789921A publication Critical patent/CN106789921A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/30Peripheral units, e.g. input or output ports
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/35Switches specially adapted for specific applications
    • H04L49/351Switches specially adapted for specific applications for local area network [LAN], e.g. Ethernet switches

Abstract

The invention discloses a kind of exchange method and interchanger for supporting that member port is isolated in VLAN, it is related to Layer2 switching machine equipment in switch technology, more particularly to broadcasting and TV data communication field(L2 Switch).Technical key point:Set up going port, multiple down going ports and the filtering port of interchanger;Interactive VOD network connection wherein in up going port and CHINA RFTCOM Co Ltd, multiple down going ports are connected with each local side apparatus respectively, and filtering port is hanging;Multiple down going ports belong to same functionality of vlan domain;It is the MAC Address that filtering port distribution is fixed;Open the vlan tunnel functions of each down going port;When the MAC Address that the source address of message is certain down going port, forwarded the MAC Address of filtering port as the new destination address of the message when destination address of message is the MAC Address of another down going port.

Description

A kind of exchange method and interchanger for supporting that member port is isolated in VLAN
Technical field
The present invention relates to Layer2 switching machine equipment in switch technology, especially broadcasting and TV data communication field(L2 Switch).
Background technology
Explanation of technical terms:
EOC:Ethernet Over Cable, Ethernet cable.
CPE:Customer Premise Equipment, customer terminal equipment.
VOD:Video on Demand, video request program.
VLAN:Virtual Local Area Network, VLAN refers to one group of equipment and use in logic Family.
Internet:Internet.
OLT:Optical Line Terminal, optical line terminal, the terminal device for connecting fiber optic backbone.
ONU:Optical Network Unit, optical network unit.
CATV:Community Antenna Television, the country refers generally to broadcasting and TV cable television system, or broadcasting and TV Cable TV network.
HFC:The abbreviation of Hybrid Fiber-Coaxial, i.e. hybrid fiber coax.
STB:Set Top Box, Set Top Box.
Referring to Fig. 1, the Layer2 switching machine equipment in CHINA RFTCOM Co Ltd(L2 Switch)Be normally at cell corridor, under be connected to Multiple local side apparatus(EOC), local side apparatus connect terminal device under belonging to different resident families, local side apparatus(CPE), terminal device (CPE)In the family of resident family.Interactive VOD network is connected with switch device, by online and demand (telecommunication) service data by exchanging Machine is distributed to the local side apparatus of each user, and these business are to enter its corresponding VLAN according to different service flows.Such as Fig. 1 In, business of networking correspondence VLAN B, demand (telecommunication) service correspondence VLAN A.One up going port of interchanger can receive and dispatch the number of multiple VLAN According to message;Multiple down going ports of interchanger can only receive and dispatch the data message of VLAN where this downlink port.Direct satellite television broadcasing net The live telecast business datum of network is transmitted directly to local side apparatus, and local side apparatus are supplied to user's multiple business, such as:Online, High definition VOD program requests, live telecast etc..
For interchanger, each local side apparatus message carries different VLAN and is in layer transmitted to interaction by interchanger The upper-layer service communication server in program request network, such as Internet or VOD VOD systems, please by the online or program request of user Implore and know the upper-layer service communication server.The upper-layer service communication server returns to corresponding online, demand (telecommunication) service data, interchanger Equipment is again by online, demand (telecommunication) service data distribution to specified local side apparatus.It can be seen that the work of switch device is exactly mainly Form a connecting link.
Switch device in existing CHINA RFTCOM Co Ltd has a up going port and multiple down going ports, referring to Fig. 2, up going port ONU equipment is accessed, down going port port1 ~ 8 correspondence accesses the EOC local-side device of 8 family families, between up going port and each down going port Data exchange can be carried out.
As it was previously stated, the online of broadcasting and TV existing network, high definition VOD program requests and live telecast are all to divide respective using VLAN Function neighborhood, if the port1 and port2 in Fig. 2 have opened high definition VOD program requests, then port1 and port2 will add height VLAN groups where clear VOD program requests, such as VLAN A groups.Now, the user for being connect under port1 and port2 i.e. can be in high definition VOD Exchanged visits in VLAN A groups where program request, this potential communication between port1 and port2 has been indicated with dotted line in Fig. 2 Passage.But for the consideration of network security, this is not allowed, it is necessary to which member port in VLAN is isolated.
Existing exchange opportunity solves the problem with VLAN QinQ functions, but possesses the exchange chip of VLAN QinQ functions Price it is not low.For Layer 2 switch, stability and realize that above-mentioned simple functions meet and require, so designing Shi Douhui tries one's best using some very inexpensive exchange chips.
So how to realize that member port isolation is urgent problem in VLAN on these inexpensive interchangers.
The content of the invention
The technical problems to be solved by the invention are:For above-mentioned problem, there is provided one kind supports member in VLAN The exchange method and interchanger of port isolation.
Wherein method includes:
Step 1:Set up going port, multiple down going ports and the filtering port of interchanger;Wherein in up going port and CHINA RFTCOM Co Ltd Interactive VOD network connection, multiple down going ports are connected with each local side apparatus respectively, and filtering port is hanging;Multiple down going ports belong to Same functionality of vlan domain;It is the MAC Address that filtering port distribution is fixed;
Step 2:Open the vlan tunnel functions of each down going port;
Step 3:The port mapping mechanism set up inside interchanger:When message source address is the MAC Address of up going port, message target Address E-Packets when being the MAC Address of certain down going port according to destination address;When message source address is the MAC Address of down going port, The destination address of message E-Packets when being the MAC Address of up going port according to destination address;Under the source address of message is for certain The MAC Address of row mouth, when the destination address of message is the MAC Address of another down going port using the MAC Address of filtering port as The new destination address of the message is forwarded.
Further, up going port is connected with the ONU equipment in interactive VOD network.
Further, down going port is connected with EOC local-side device;Each EOC local-side device adheres to different resident families separately.
Further, the interchanger possesses Qvaln patterns.
Further, the up going port is configured as trunk vlan, and down going port and filtering port are configured as access vlan。
It is descending present invention also offers a kind of interchanger for supporting that member port is isolated in VLAN, including up going port, multiple Mouth and filtering port;Interactive VOD network connection wherein in up going port and CHINA RFTCOM Co Ltd, multiple down going ports respectively with each Local side apparatus are connected, and filtering port is hanging;Multiple down going ports belong to same vlan functional domains;It is filtering port distribution fixation MAC Address;The vlan tunnel functions of each down going port are opening;
The interchanger E-Packets according to following mechanism:When message source address is the MAC Address of up going port, message destination address For certain down going port MAC Address when E-Packeted according to destination address;When message source address is the MAC Address of down going port, message Destination address for up going port MAC Address when E-Packeted according to destination address;When the source address of message is certain down going port MAC Address, using the MAC Address of filtering port as the report when destination address of message is the MAC Address of another down going port The destination address of Wen Xin is forwarded.
In sum, by adopting the above-described technical solution, the beneficial effects of the invention are as follows:
The present invention, using the vlan tunnel functions of port, realizes member end in VLAN in original interchanger Qvaln patterns The isolation of mouth.Vlan tunnel functions are collapsed a kind of Method means that different VLAN groups communicate for switch ports themselves originally, its Purpose is that the port for adhering to different VLAN separately can be in communication with each other.
The present invention is hanging by Single port on interchanger, that is, any equipment is not connected to, as filtering port(We it be called black Hole port, is not presented to user), it is empty equivalent to reserved on switches one to exchange mouth, it is that filtering port binding one is static The message that interchanger up-downgoing mouthful is exchanged visits, is redirect to filtering port, due to black hole by MAC Address by Valn tunnel functions Port is hanging, so message is dropped.It is former using general switch so as to the chip of VLAN QinQ functions need not be increased Some functions are to be capable of achieving, with the isolation of VLAN middle ports, effectively to prevent malicious attack of the certain user to other users.
Brief description of the drawings
Examples of the present invention will be described by way of reference to the accompanying drawings, wherein:
Fig. 1 is existing CHINA RFTCOM Co Ltd topological diagram.
Fig. 2 is that existing interchanger is connected and commuting mappings relation schematic diagram.
Fig. 3 is the connection of each port of interchanger and commuting mappings relation schematic diagram in the present invention.
Specific embodiment
All features disclosed in this specification, or disclosed all methods or during the step of, except mutually exclusive Feature and/or step beyond, can combine by any way.
Any feature disclosed in this specification, unless specifically stated otherwise, can be equivalent or with similar purpose by other Alternative features are replaced.I.e., unless specifically stated otherwise, each feature is an example in a series of equivalent or similar characteristics .
Referring to Fig. 3, the present invention starts the vlan tunnel functions of down going port in the Qvlan patterns of general switch, And set filtering port realize same functionality of vlan domain middle port between isolation, specific means is as follows:
First, the up going port of setting interchanger, multiple down going ports and filtering port, these ports are all the communication on interchanger Port, different ports is respectively configured, and can obtain above-mentioned three generic port, it is preferred that up going port is configured into trunk Vlan, then up going port can receive and send the message in different functionality of vlan domains, and down going port, filtering port are both configured to Access vlan, down going port port1, port2 belongs to high definition VOD program request functionality of vlans domain in the present embodiment, and filtering port is not Belong to the functionality of vlan domain.Interactive VOD network connection wherein in up going port and CHINA RFTCOM Co Ltd, connected mode is referring to Fig. 1.It is many Individual down going port is connected with each local side apparatus respectively, referring also to such as 1.Filtering port is hanging, and is filtering port distribution fixation MAC Address.
Because setting up the travelling across VLAN data exchange of down going port and filtering port, it is therefore desirable to open filtering port and each The vlan tunnel functions of down going port.
The port mapping mechanism set up inside interchanger:When message source address is the MAC Address of up going port, message target ground Location E-Packets when being the MAC Address of certain down going port according to destination address;When message source address is the MAC Address of down going port, report The destination address of text E-Packets when being the MAC Address of up going port according to destination address;When the source address of message is that certain is descending Mouthful MAC Address, when the destination address of message is the MAC Address of another down going port using the MAC Address of filtering port as this The new destination address of message is forwarded.Originally it is that the message exchanged between down going port is all directed to filtering port, due to Filtering port is hanging, then the message for being directed to this port is all abandoned, and can not exchange between down going port so as to reached The function of data, reaches the effect of isolation.
More specifically, the MAC Address of each local side apparatus is first collected, the mac learning function of interchanger is opened, makes interchanger " remembeing " above-mentioned port mapping mechanism, is then shut off the Qvaln patterns that learning functionality opens interchanger, has thus set Row mouth is communicated with down going port, and down going port is communicated with filtering port, is not communicated between down going port.
The invention is not limited in foregoing specific embodiment.The present invention is expanded to and any in this manual disclosed New feature or any new combination, and disclose any new method or process the step of or any new combination.

Claims (10)

1. a kind of exchange method for supporting the isolation of member port in VLAN, it is characterised in that including:
Step 1:Set up going port, multiple down going ports and the filtering port of interchanger;Wherein in up going port and CHINA RFTCOM Co Ltd Interactive VOD network connection, multiple down going ports are connected with each local side apparatus respectively, and filtering port is hanging;Multiple down going ports belong to Same functionality of vlan domain;It is the MAC Address that filtering port distribution is fixed;
Step 2:Open the valn tunnel functions of each down going port;
Step 3:The port mapping mechanism set up inside interchanger:When message source address is the MAC Address of up going port, message target Address E-Packets when being the MAC Address of certain down going port according to destination address;When message source address is the MAC Address of down going port, The destination address of message E-Packets when being the MAC Address of up going port according to destination address;Under the source address of message is for certain The MAC Address of row mouth, when the destination address of message is the MAC Address of another down going port using the MAC Address of filtering port as The new destination address of the message is forwarded.
2. a kind of exchange method for supporting the isolation of member port in VLAN according to claim 1, it is characterised in that up Mouth is connected with the ONU equipment in interactive VOD network.
3. a kind of exchange method for supporting the isolation of member port in VLAN according to claim 1, it is characterised in that descending Mouth is connected with EOC local-side device;Each EOC local-side device adheres to different resident families separately.
4. a kind of exchange method for supporting the isolation of member port in VLAN according to claim 1, it is characterised in that described Interchanger possesses Qvaln patterns.
5. a kind of exchange method for supporting the isolation of member port in VLAN according to claim 1, it is characterised in that described Up going port is configured as trunk vlan, and down going port and filtering port are configured as access vlan.
6. a kind of interchanger for supporting the isolation of member port in VLAN, it is characterised in that including up going port, multiple down going ports and Filtering port;Interactive VOD network connection wherein in up going port and CHINA RFTCOM Co Ltd, multiple down going ports set with each local side respectively Standby connection, filtering port is hanging;Multiple down going ports belong to same functionality of vlan domain;It is the MAC ground that filtering port distribution is fixed Location;The vlan tunnel functions of each down going port are opening;
The interchanger E-Packets according to following mechanism:When message source address is the MAC Address of up going port, message destination address For certain down going port MAC Address when E-Packeted according to destination address;When message source address is the MAC Address of down going port, message Destination address for up going port MAC Address when E-Packeted according to destination address;When the source address of message is certain down going port MAC Address, using the MAC Address of filtering port as the report when destination address of message is the MAC Address of another down going port The destination address of Wen Xin is forwarded.
7. a kind of interchanger for supporting the isolation of member port in VLAN according to claim 6, it is characterised in that up going port It is connected with the ONU equipment in interactive VOD network.
8. a kind of interchanger for supporting the isolation of member port in VLAN according to claim 1, it is characterised in that down going port It is connected with EOC local-side device;Each EOC local-side device adheres to different resident families separately.
9. a kind of interchanger for supporting the isolation of member port in VLAN according to claim 1, it is characterised in that the friendship Change planes and possess Qvaln patterns.
10. a kind of interchanger for supporting the isolation of member port in VLAN according to claim 1, it is characterised in that described Up going port is configured as trunk vlan, and down going port and filtering port are configured as access vlan.
CN201611061433.3A 2016-11-28 2016-11-28 A kind of exchange method and interchanger for supporting that member port is isolated in VLAN Pending CN106789921A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611061433.3A CN106789921A (en) 2016-11-28 2016-11-28 A kind of exchange method and interchanger for supporting that member port is isolated in VLAN

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611061433.3A CN106789921A (en) 2016-11-28 2016-11-28 A kind of exchange method and interchanger for supporting that member port is isolated in VLAN

Publications (1)

Publication Number Publication Date
CN106789921A true CN106789921A (en) 2017-05-31

Family

ID=58913269

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611061433.3A Pending CN106789921A (en) 2016-11-28 2016-11-28 A kind of exchange method and interchanger for supporting that member port is isolated in VLAN

Country Status (1)

Country Link
CN (1) CN106789921A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109257664A (en) * 2018-10-26 2019-01-22 武汉长光科技有限公司 A method of supporting PON system port isolation
CN110149263A (en) * 2019-04-17 2019-08-20 浪潮思科网络科技有限公司 A kind of device and method of VLAN ACCESS port function extension
CN112290989A (en) * 2020-09-23 2021-01-29 中国空间技术研究院 Satellite-ground communication method and device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7095741B1 (en) * 2000-12-20 2006-08-22 Cisco Technology, Inc. Port isolation for restricting traffic flow on layer 2 switches
CN101035052A (en) * 2007-04-25 2007-09-12 中兴通讯股份有限公司 Port separation method based on the virtual LAN
CN101510845A (en) * 2009-03-27 2009-08-19 北京星网锐捷网络技术有限公司 Method and apparatus for forwarding label
CN101702679A (en) * 2009-11-26 2010-05-05 福建星网锐捷网络有限公司 Message processing method and exchange apparatus based on virtual local area network
CN102480485A (en) * 2010-11-30 2012-05-30 杭州华三通信技术有限公司 System, method and switching device for realizing cross-device isolation of ports in same VLAN (virtual local area network)

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7095741B1 (en) * 2000-12-20 2006-08-22 Cisco Technology, Inc. Port isolation for restricting traffic flow on layer 2 switches
CN101035052A (en) * 2007-04-25 2007-09-12 中兴通讯股份有限公司 Port separation method based on the virtual LAN
CN101510845A (en) * 2009-03-27 2009-08-19 北京星网锐捷网络技术有限公司 Method and apparatus for forwarding label
CN101702679A (en) * 2009-11-26 2010-05-05 福建星网锐捷网络有限公司 Message processing method and exchange apparatus based on virtual local area network
CN102480485A (en) * 2010-11-30 2012-05-30 杭州华三通信技术有限公司 System, method and switching device for realizing cross-device isolation of ports in same VLAN (virtual local area network)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109257664A (en) * 2018-10-26 2019-01-22 武汉长光科技有限公司 A method of supporting PON system port isolation
CN110149263A (en) * 2019-04-17 2019-08-20 浪潮思科网络科技有限公司 A kind of device and method of VLAN ACCESS port function extension
CN110149263B (en) * 2019-04-17 2021-08-06 浪潮思科网络科技有限公司 VLAN ACCESS port function expansion device and method
CN112290989A (en) * 2020-09-23 2021-01-29 中国空间技术研究院 Satellite-ground communication method and device

Similar Documents

Publication Publication Date Title
CN102739436B (en) Unified network management system and method of hybrid fiber coaxial (hfc) network
CN100461732C (en) Ethernet technology switching and forwarding method, system and equipment
CN102106122B (en) System and method for DSL subcriber identification over Ethernet network
EP2355374B1 (en) Method, system and optical line terminal for message transmission in an optical communication system
CN100536399C (en) A distributed controllable multicast system of passive optical network and its implementation method
CN101697555B (en) Solution to VLAN ID convergence conversion
CN100450080C (en) Method and apparatus for astringing two layer MAC address
CN103957142B (en) System, method and device for achieving three-network integration of PON system
JP5295273B2 (en) Data stream filtering apparatus and method
CN104767637B (en) A kind of method of EOC terminal configuration
CN100586088C (en) Method for realizing virtual LAN aggregation and aggregation exchanger
CN102227137A (en) Network digital set top box and method for realizing multiple network access
CN103701679B (en) A kind of method for realizing VLAN conversions
CN106789921A (en) A kind of exchange method and interchanger for supporting that member port is isolated in VLAN
CN106330724A (en) Network topology joining method and network topology joining device
CN102104528B (en) Network system applied in rural area and service message transmission method
CN109121026A (en) Realize the method and system of VOLT in a kind of logic-based port
US20230188875A1 (en) Mutually secure optical data network and method
CN100382491C (en) Service isolation transfer method
CN101488899B (en) MAC address learning limitation method and apparatus used in 1:1 VLAN access network
CN101931831B (en) Optical network unit and IP managing method of optical network unit
CN102611591A (en) Hybrid fiber-coax accessing system capable of replacing ONU (Optical Network Unit)
CN104054303B (en) Gateway suitable for VOD
CN103595600B (en) A kind of clustering methods and photoelectricity Two-way Network suitable for EOC large-scale network-estabilishings
KR20090097901A (en) An ip multicast route monitoring system and the method thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20170531