CN107026796B

CN107026796B - VPN route notification method, data flow forwarding method and related equipment

Info

Publication number: CN107026796B
Application number: CN201610070633.9A
Authority: CN
Inventors: 王海波
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2016-02-01
Filing date: 2016-02-01
Publication date: 2021-01-05
Anticipated expiration: 2036-02-01
Also published as: CN112787935A; CN112787935B; CN107026796A

Abstract

The embodiment of the invention discloses a VPN route notification method, a data flow forwarding method and related equipment, wherein the VPN route notification method comprises the following steps: the first network equipment establishes a VPN neighbor with the second network equipment through a non-VRF instance interface; and the first network equipment sends a BGP UPDATE message to the second network equipment through the VPN neighbor, wherein the BGP UPDATE message comprises VPN routing information and a redirected next hop, and the redirected next hop is a VRF instance interface address, so that the second network equipment leads the VPN routing information and the redirected next hop into a VRF instance, and redirects a data stream to an address corresponding to the VRF instance interface according to the VRF instance for forwarding when receiving the data stream containing the VPN routing information. The embodiment of the invention can avoid establishing a large number of BGP neighbors to transfer the routes, and improve the route transfer efficiency.

Description

VPN route notification method, data flow forwarding method and related equipment

Technical Field

The embodiment of the invention relates to the technical field of communication, in particular to a Virtual Private Network (VPN) route notification method, a data flow forwarding method and related equipment.

Background

In a network System interconnected across Autonomous domains without a controller, a user usually does not want traffic to go through a Multi-Protocol Label Switching (MPLS) path Forwarding and wants traffic to go through an Internet Protocol (IP) path Forwarding between networks, and for this problem, a commonly adopted solution is optina, that is, a large number of Virtual Routing Forwarding (VRF) instance interfaces (also referred to as private network interfaces, which refer to interfaces associated with VRF instances) are deployed between ASBRs, each VRF instance interface binds a corresponding BGP interface, and then a Border Gateway Protocol (BGP) Protocol is established between the ASBRs for each VPN through the corresponding VRF instance interface, and a neighbor VPN is used to transfer route information corresponding to each VPN, after the routing information is transferred, the flow is forwarded by IP between ASBRs. In the Option scheme, BGP neighbors need to be added to ASBRs every time VPN is added, and when the number of VPNs is large, the neighbor pressure of the ASBRs is high, and the routing transmission efficiency is low.

In a Network system with a controller, for example, in a Software Defined Network (SDN), the controller controls forwarding between repeaters, and the controller sends routing information to a corresponding repeater, in some scenarios, a user wants traffic to go IP forwarding instead of MPLS forwarding between repeaters, so the controller can issue a route to the corresponding repeater as needed, if there are multiple VPNs, a BGP neighbor needs to be established between the controller and each corresponding repeater for each VPN to issue a route of the corresponding VPN, and when there are multiple VPNs, the management pressure of the controller is large, and the route transmission efficiency is low.

That is, in the prior art, when there are multiple VPNs and it is required that traffic between devices is forwarded using IP but not MPLS, a BGP neighbor needs to be established for each VPN between two devices that transmit routes of different VPNs, and the BGP neighbor established for the corresponding VPN is used to transmit the route of the corresponding VPN, which results in low route transmission efficiency.

Disclosure of Invention

In view of this, embodiments of the present invention provide a VPN route notification method, a data flow forwarding method, and related devices, which can avoid establishing a large number of BGP neighbors to transfer routes, and improve route transfer efficiency.

In a first aspect, an embodiment of the present invention provides a virtual private network VPN route advertisement method, including:

the first network equipment establishes a VPN neighbor with the second network equipment through a non-virtual route forwarding VRF instance interface;

the first network device sends a BGP UPDATE UPDATE message to the second network device through the VPN neighbor, wherein the BGP UPDATE message comprises VPN routing information and a redirected next hop, the redirected next hop is a VRF instance interface address, so that the second network device can introduce the VPN routing information and the redirected next hop into a VRF instance, and redirect the data stream to an address corresponding to the VRF instance interface according to the VRF instance corresponding to the VPN routing information for forwarding when receiving the data stream containing the VPN routing information.

With reference to the first aspect, in a first implementation manner of the first aspect, the BGP UPDATE packet includes a private network redirection attribute, where the private network redirection attribute includes an attribute flag field, an attribute type field, and an attribute value field, where the attribute flag field is used to indicate that an attribute is not transferred, the attribute type field is used to indicate that the type of the attribute is redirection, and the attribute value field is used to carry the redirected VRF instance interface address and a route import condition.

With reference to the first implementation manner of the first aspect, in a second implementation manner of the first aspect, the route import condition includes: importing when a route target RT in the VPN route information is matched with the RT of the VRF instance;

or the RT in the VPN routing information is matched with the RT of the VRF instance, and the route distinguisher RD in the VPN routing information is imported when the RD of the VRF instance is matched with the RT of the VPN routing information.

With reference to the first implementation manner of the first aspect, in a third implementation manner of the first aspect, the first network device is a controller or a repeater, and the second network device is a repeater;

when the first network equipment is a repeater, the first network equipment and the second network equipment are not in the same autonomous domain, and the VRF instance interface address is the VRF instance interface address of the first network equipment;

when the first network device is a controller, the VRF instance interface address is a VRF instance interface address of a third network device in the same autonomous domain as the second network device.

With reference to the third implementation manner of the first aspect, in a fourth implementation manner of the first aspect, when the first network device is a forwarder, the attribute value field further carries a processing manner of a forwarding label and a route forwarding manner.

With reference to the fourth implementation manner of the first aspect, in a fifth implementation manner of the first aspect, the forwarding label is processed in an ignoring manner, and the route forwarding manner is a forwarding reassignment forwarding label.

With reference to the first aspect, or the first, second, third, fourth, or fifth implementation manner of the first aspect, in a sixth implementation manner of the first aspect, the method for providing a BGP UPDATE message includes that the first network device supports the private network redirection attribute, and before the first network device sends the BGP UPDATE message to the second network device through the VPN neighbor, the method further includes:

and the first network device determines that the second network device supports the private network redirection attribute according to a capability negotiation parameter carried in a BGP OPEN OPEN message sent by the second network device, or the first network device determines that the second network device supports the private network redirection attribute according to static configuration of the second network device.

In a second aspect, an embodiment of the present invention provides a data stream forwarding method, including:

the second network equipment establishes a Virtual Private Network (VPN) neighbor with the first network equipment through a non-Virtual Routing Forwarding (VRF) instance interface;

the second network equipment receives a BGP UPDATE UPDATE message sent by the first network equipment through the VPN neighbor, wherein the BGP UPDATE message comprises VPN routing information and a redirected next hop, and the redirected next hop is a VRF instance interface address;

the second network equipment leads the VPN routing information and the redirected next hop into a VRF instance;

when receiving a data stream containing the VPN routing information, the second network device redirects the data stream to an address corresponding to the VRF instance interface according to the VRF instance corresponding to the VPN routing information for forwarding.

With reference to the second aspect, in a first implementation manner of the second aspect, the BGP UPDATE packet includes a private network redirection attribute, where the private network redirection attribute includes an attribute flag field, an attribute type field, and an attribute value field, the attribute flag field is used to indicate that an attribute is not transferred, the attribute type field is used to indicate that the type of the attribute is redirection, and the attribute value field is used to carry the redirected VRF instance interface address and a route import condition.

With reference to the first implementation manner of the second aspect, in a second implementation manner of the second aspect, the route import condition includes:

importing when a route target RT in the VPN route information is matched with the RT of the VRF instance;

With reference to the first implementation manner of the second aspect, in a third implementation manner of the second aspect, the second network device is a repeater, and the first network device is a controller or a repeater;

With reference to the third implementation manner of the second aspect, in a fourth implementation manner of the second aspect, when the first network device is a forwarder, the attribute value field further carries a processing manner of a forwarding label and a route forwarding manner.

With reference to the fourth implementation manner of the second aspect, in a fifth implementation manner of the second aspect, the forwarding label is processed in an ignoring manner, and the route forwarding manner is a forwarding reassignment forwarding label.

With reference to the second aspect, or the first, second, third, fourth, or fifth implementation manner of the second aspect, in a sixth implementation manner of the second aspect, before the second network device receives, by the VPN neighbor, the BGP UPDATE packet sent by the first network device, the method further includes:

and the second network device determines that the first network device supports the private network redirection attribute according to a BGP OPEN OPEN message sent by the first network device, or determines that the first network device supports the private network redirection attribute according to the static configuration of the first network device.

In a third aspect, an embodiment of the present invention provides a first network device, where the first network device is a controller or a repeater, and the first network device includes:

the establishing unit is used for establishing a Virtual Private Network (VPN) neighbor with the second network equipment through the non-virtual route forwarding VRF instance interface;

a sending unit, configured to send a BGP UPDATE packet to the second network device through the VPN neighbor, where the BGP UPDATE packet includes VPN routing information and a redirected next hop, and the redirected next hop is a VRF instance interface address, so that the second network device imports the VPN routing information and the redirected next hop into a VRF instance, and redirects a data stream to an address corresponding to the VRF instance interface according to the VRF instance corresponding to the VPN routing information to forward the data stream when receiving the data stream including the VPN routing information.

With reference to the third aspect, in a first implementation manner of the third aspect, the BGP UPDATE packet includes a private network redirection attribute, where the private network redirection attribute includes an attribute flag field, an attribute type field, and an attribute value field, the attribute flag field is used to indicate that an attribute is not transferred, the attribute type field is used to indicate that the type of the attribute is redirection, and the attribute value field is used to carry the redirected VRF instance interface address and the route importing condition.

With reference to the first implementation manner of the third aspect, in a second implementation manner of the third aspect, the route import condition includes:

With reference to the first implementation manner of the third aspect, in a third implementation manner of the third aspect, when the first network device is a repeater, the first network device and the second network device are not in the same autonomous domain, and the VRF instance interface address is a VRF instance interface address of the first network device;

With reference to the third implementation manner of the third aspect, in a fourth implementation manner of the third aspect, when the first network device is a forwarder, the attribute value field further carries a processing manner of a forwarding label and a route forwarding manner.

With reference to the fourth implementation manner of the third aspect, in a fifth implementation manner of the third aspect, the forwarding label is processed in an ignoring manner, and the route forwarding manner is a forwarding reassignment forwarding label.

With reference to the third aspect, or the first, second, third, fourth, or fifth implementation manner of the third aspect, in a sixth implementation manner of the third aspect, the first network device supports the private network redirection attribute, and the first network device further includes a determining unit;

the determining unit is configured to determine, according to a BGP OPEN message sent by the second network device, that the second network device supports the private network redirection attribute, or determine, according to a static configuration of the second network device, that the second network device supports the private network redirection attribute.

In a fourth aspect, an embodiment of the present invention provides a second network device, where the second network device is a repeater, and the second network device includes:

the establishing unit is used for establishing a Virtual Private Network (VPN) neighbor with the first network equipment through a non-virtual route forwarding VRF instance interface;

a receiving unit, configured to receive, by the VPN neighbor, a BGP UPDATE packet sent by the first network device, where the BGP UPDATE packet includes VPN routing information and a redirected next hop, and the redirected next hop is a VRF instance interface address;

the importing unit is used for importing the VPN routing information and the redirected next hop into a VRF instance;

and the sending unit is used for redirecting the data stream to an address corresponding to the VRF instance interface for forwarding according to the VRF instance corresponding to the VPN routing information when the receiving unit receives the data stream containing the VPN routing information.

With reference to the fourth aspect, in a first implementation manner of the fourth aspect, the BGP UPDATE packet includes a private network redirection attribute, where the private network redirection attribute includes an attribute flag field, an attribute type field, and an attribute value field, the attribute flag field is used to indicate that an attribute is not transferred, the attribute type field is used to indicate that the type of the attribute is redirection, and the attribute value field is used to carry the redirected VRF instance interface address and a route import condition.

With reference to the first implementation manner of the fourth aspect, in a second implementation manner of the fourth aspect, the route import condition includes:

With reference to the first implementation manner of the fourth aspect, in a third implementation manner of the fourth aspect, the first network device is a controller or a repeater;

With reference to the third implementation manner of the fourth aspect, in a fourth implementation manner of the fourth aspect, when the first network device is a forwarder, the attribute value field further carries a processing manner of a forwarding label and a route forwarding manner.

With reference to the fourth implementation manner of the fourth aspect, in a fifth implementation manner of the fourth aspect, the forwarding label is processed in an ignoring manner, and the route forwarding manner is a forwarding reassignment forwarding label.

With reference to the fourth aspect, or the first, second, third, fourth, or fifth implementation manner of the fourth aspect, in a sixth implementation manner of the fourth aspect, the second network device supports the private network redirection attribute, and the second network device further includes a determining unit;

the determining unit is configured to determine, according to a BGP OPEN message sent by the first network device, that the first network device supports the private network redirection attribute, or determine, according to a static configuration of the first network device, that the first network device supports the private network redirection attribute.

In a fifth aspect, an embodiment of the present invention provides a network system, including the first network device described in any one of the third aspect and the third aspect, and the second network device described in any one of the fourth aspect and the fourth aspect.

According to the technical scheme, the embodiment of the invention has the following advantages:

in the embodiment of the invention, only a VPN neighbor is needed to be established between required network devices through a non-VRF instance interface (also called a public network interface, which means that no interface associated with a VRF instance exists), then a BGP UPDATE message carrying VPN routing information is sent through the VPN neighbor, meanwhile, a redirected next hop is also carried in the BGP UPDATE message, the redirected next hop is a VRF instance interface address, so as to tell an opposite end network device that after receiving the BGP UPDATE message, the VPN routing information is written into a corresponding VRF instance and the next hop is redirected to the VRF instance interface address, then when the opposite end network device receives a data stream carrying the VPN routing information, the data stream can be redirected to the corresponding VRF instance interface address according to the VRF instance for forwarding, routes of a plurality of VPNs can be forwarded through one VPN neighbor, thereby avoiding the establishment of a large number of BGP neighbors to transfer routes between the network devices, the routing transmission efficiency is improved.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings needed in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings without creative efforts.

FIG. 1 is a network diagram of an embodiment of the present invention;

FIG. 2 is a schematic diagram of another network according to an embodiment of the present invention;

fig. 3 is a flowchart illustrating a VPN route advertisement method according to an embodiment of the present invention;

FIG. 4 is a flowchart illustrating a data stream forwarding method according to an embodiment of the present invention;

fig. 5 is a schematic structural diagram of a first network device according to an embodiment of the present invention;

fig. 6 is another schematic structural diagram of a first network device according to an embodiment of the present invention;

fig. 7 is a schematic structural diagram of a second network device according to an embodiment of the present invention;

fig. 8 is another schematic structural diagram of a second network device according to an embodiment of the present invention.

Detailed Description

The technical solutions in the embodiments of the present invention will be described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

Before the technical solution of the embodiment of the present invention is introduced, a specific application scenario of the embodiment of the present invention is briefly introduced. The technical scheme of the embodiment of the invention can be applied to a network scene with integrated control and forwarding, such as the network scene shown in fig. 1, and can also be applied to a network scene with separated control and forwarding, such as the network scene shown in fig. 2.

Referring to fig. 1, for example, two VPNs exist in the network of this embodiment, the VPNs in which the Customer Edge (CE) devices CE1 and CE4 are located are VPN1, and the VPNs in which CE2 and CE3 are located are VPN2, the VPNs in which CE1 and CE4, CE2 and CE3 are interconnected with the AS200 through an Autonomous System (AS) AS100, the network devices in the AS100 include Provider Edge (PE) devices PE1 and ASBR1, the network devices in the AS200 include ASBR2 and PE2, ASBR1 and ASBR2 are network-side Edge devices for interconnecting the Autonomous domains AS100 and AS200, and the AS100 and the AS200 may also include Provider devices P. The network devices in the AS100 and the AS200 may be network forwarding devices (i.e., repeaters) such AS routers and switches, and the technical solution of the embodiment of the present invention may be applied to network-side edge devices ASBR1 and ASBR2 that interconnect the AS100 and the AS 200. When CE4 wants to transmit data to CE1, CE4 needs to first obtain the routing information of CE1, and when CE3 wants to transmit data to CE2, CE3 needs to first obtain the routing information of CE 2. The message for transferring the routing information of CE1 and CE2 may be BGP UPDATE message, for example, the routing information may include at least the following fields: network prefix (network prefix), Multi Exit Discriminator (MED), Next Hop (NH), etc. The prefix field is used to carry a destination reachable address, which may be an IP address or a network segment address. The MED field is used to carry the MED value. The NH field is used to carry an identifier of a next hop when forwarding the packet, for example, the identifier of the next hop may be an IP address, an identity of the device, a port identifier of the device, or the like. In the prior art, in order to forward a data stream between ASBRs 1 and 2 through IP, two BGP neighbors need to be established between ASBRs 1 and 2 for the two VPNs, route information of the corresponding VPNs is transferred through the two BGP neighbors, and if the number of VPNs is greater, more BGP neighbors need to be established between ASBRs.

Referring to fig. 2, for example, two VPNs also exist in the network of this embodiment, the VPNs where the CE1 and the CE4 are located are VPN1, the VPNs where the CE2 and the CE3 are located are VPN2, the CE1 and the CE4, and the CE2 and the CE3 are interconnected through an autonomous domain AS100, a controller governs network devices in the AS100, the network devices in the AS100 include PE1 and PE2, of course, the AS100 may further include a provider device P, and the network devices in the AS100 may be network forwarding devices (i.e., repeaters) such AS routers and switches. The controller may be an independent device, or the controller may also be a Route Reflector (RR), PE, BR, or P device integrated with a controller function, and the existence form of the controller in the network is not specifically limited in the embodiment of the present invention. The technical scheme of the embodiment of the invention can be applied to the controller, the PE1 and the PE 2. When CE4 wants to transmit data to CE1, the controller needs to send down the routing information of CE1 to CE4, and when CE3 wants to transmit data to CE2, the controller needs to send down the routing information of CE2 to CE3, and the routing information of CE1 and CE2 can be sent down through BGP UPDATE messages. In the prior art, in order to forward a data stream between PE1 and PE2 through IP, two BGP neighbors need to be established between a controller and PE1 for the two VPNs, route information of the corresponding VPNs is transmitted through the two BGP neighbors, two BGP neighbors also need to be established between the controller and PE2 for the two VPNs, and if the number of VPNs is greater, more BGP neighbors need to be established between the controller and the PE.

Embodiments of the present invention provide a VPN route notification method, a data flow forwarding method, and related devices, which can avoid establishing a large number of BGP neighbors to transfer routes, and improve route transfer efficiency.

Referring to fig. 3, fig. 3 is a simplified flowchart of a route advertisement method according to an embodiment of the present invention, which may be applied to a network scenario similar to that shown in fig. 1 or fig. 2, including the operations described below. It should be noted that the method shown in fig. 3 may be applied not only to the network scenarios shown in fig. 1 or fig. 2, but also to other types of network scenarios, such as a network system consisting of network devices that do not employ replaceable components.

301. The first network equipment establishes a VPN neighbor with the second network equipment through a non-VRF instance interface;

in a specific implementation, the first network device may be a controller or a repeater, and the second network device may be a repeater. The non-VRF instance interface can also be called a public network interface, which means that no interface associated with the VRF instance exists, and the established VPN neighbor can be a VPN-IPv4 neighbor or a VPN-IPv6 neighbor.

302. The first network device sends a BGP UPDATE message to the second network device through the VPN neighbor, wherein the BGP UPDATE message comprises VPN routing information and a redirected next hop, the redirected next hop is a VRF instance interface address, so that the second network device leads the VPN routing information and the redirected next hop into a VRF instance, and redirects a data stream to an address corresponding to the VRF instance interface according to the VRF instance corresponding to the VPN routing information for forwarding when receiving the data stream containing the VPN routing information.

The VRF instance interface may also be referred to as a private network interface, referring to the interface associated with the VRF instance.

Specifically, before step 302, the first network device and the second network device may determine whether both support the private network redirection attribute according to a static configuration of the first network device and the other (the static configuration may be pre-configured by a user and is used to indicate whether the corresponding network device supports the private network redirection attribute); or the first network device and the second network device may determine whether both of them support the private network redirection attribute through BGP OPEN message negotiation, that is, the first network device may notify the second network device that the first network device supports the private network redirection attribute by sending a BGP OPEN message to the second network device, and the second network device may also send a BGP OPEN message to the first network device to notify the first network device that the second network device supports the private network redirection attribute. And when both sides support the private network redirection attribute, the first network equipment sends a BGP UPDATE message carrying the VPN routing information and the private network redirection attribute to the second network equipment.

In this embodiment, the BGP OPEN message carries a redirection negotiation attribute, which is shown in table 1 and includes a capability type field, a length field of a capability value field, and a capability value field, where the capability type field indicates that the capability type is private network redirection, the length field of the capability value field indicates the length of the capability value field, and the capability value field carries the redirection value field.

Capability type (1octet)
	Capacity Length (1octet)
Capability value area capability value (2octets)

TABLE 1

In this embodiment, the BGP UPDATE message carries a private network redirection attribute, which may be as shown in table 2 and includes an attribute flag field, an attribute type field, and an attribute value field, where the attribute flag field is used to indicate that an attribute is not transferred, the attribute type field is used to indicate that the type of the attribute is redirection, and the attribute value field is used to carry the redirected VRF instance interface address (e.g., an IPv4 address or an IPv6 address), and a route import condition.

Attribute flag (1octet)
	Attribute type (1octet)
Attribute value field attribute value (variable)

TABLE 2

Wherein, when the first network device is a controller, the carried redirection next-hop VRF instance interface address is a VRF instance interface address of a third network device in the same autonomous domain as the second network device; when the first network equipment is a repeater, the first network equipment and the second network equipment are not in the same autonomous domain, and the carried redirection next-hop VRF instance interface address is the VRF instance interface address of the first network equipment.

The Route importing condition includes Route-Target (RT) matching import, that is, RT of an imported VRF instance is matched with RT in the Route information (which may be called non-strict redirection), at this time, the same VPN Route information may be imported into multiple VRF instances, which VPN needs to be additionally specified for redirection, if the redirection is specified to the present VPN, the next hop for redirection is imported into the VRF instance of the present VPN, and when data stream is forwarded, the next hop is redirected to the next hop for forwarding according to the VRF instance of the present VPN; if the original VPN is appointed to be redirected, a VRF instance of the original VPN needs to be found according to a Route Distinguisher (RD) of a Route during redirection, a redirected next hop is led into the VRF instance of the original VPN, and when data flow is forwarded, the redirected VRF instance of the original VPN is found according to the VRF instance of the VPN, and the redirected VRF instance of the original VPN is redirected to the next hop for forwarding. Or the import condition comprises that both RT and RD are matched for import, that is, RT and RD of the imported VRF are matched with both RT and RD in the routing information (which may be called strict redirection).

In addition, when the first network device is a forwarder, the attribute value field in the private network redirection attribute also carries a processing mode of forwarding labels and a route forwarding mode.

The processing mode of the forwarding label is neglected, and the forwarding label is redistributed to the forwarding mode of the corresponding route. That is, in the BGP UPDATE message sent by the first Network device to the second Network device, a label field of Network Layer Reachability Information (NLRI) may carry an empty label or a normal label, and the first Network device notifies the second Network device to ignore the forwarding label through a processing method of the forwarding label in the private Network redirection attribute, and notifies the second Network device to reallocate the forwarding label when transmitting the VPN routing Information to the next Network device through a route forwarding method in the private Network redirection attribute.

In addition, the processing mode of the forwarding label can be continuous use, and the forwarding label is reallocated for forwarding in the corresponding routing forwarding mode and is exchanged. That is, in a BGP UPDATE message sent by the first network device to the second network device, a label field of the NLRI carries a normal label, the first network device notifies the second network device to continue using the forwarding label in a processing manner of the forwarding label in the private network redirection attribute, and notifies the second network device to reallocate the forwarding label when transmitting the VPN routing information to the next network device in a route-before-forwarding manner in the private network redirection attribute, and replaces the forwarding label allocated by the first network device with the reallocated forwarding label.

It should be noted that the attribute value field in the private network redirection attribute may include multiple sub-attributes, where the multiple sub-attributes are respectively used to carry the VRF instance interface address, the route import condition, the label processing manner, and the route forwarding manner. The format of each sub-attribute may be as shown in Table 3:

genus ZiType of gender sub-attribute type (1octet)
	Sub-attribute length (1octet)
Sub attribute value field sub-attribute value (variable)

TABLE 3

Each sub-attribute comprises a sub-attribute type, a sub-attribute length and a sub-attribute value; the sub-attribute type is used for carrying the specific type of the sub-attribute, and the type is, for example, an IPv4 address, an IPv6 address, a route import condition, a label processing mode or a route forwarding mode; the sub-attribute length indicates the length of the sub-attribute value range; the sub-attribute value field carries a value of a specific attribute, such as a specific IPv4 address, an IPv6 address, a specific value field of a route import condition (for example, 0 may be used to indicate RT matching import, 1 may be used to indicate both RT and RD matching import), a specific value field of a label processing manner (for example, 0 may be used to indicate ignore label, and 1 may be used to indicate continued use of label), or a specific value field of a route forwarding manner (for example, 0 may be used to indicate forward reassignment label, and 1 may be used to indicate forward reassignment forwarding label and exchange).

Referring to fig. 4, fig. 4 is a simplified flowchart of a data stream forwarding method according to an embodiment of the present invention, which can be applied to a network scenario similar to that shown in fig. 1 or fig. 2, including the following operations. It should be noted that the method shown in fig. 4 may be applied not only to the network scenarios shown in fig. 1 or fig. 2, but also to other types of network scenarios, such as a network system consisting of network devices that do not employ replaceable components.

401. The second network equipment establishes a VPN neighbor with the first network equipment through a non-VRF instance interface;

in a specific implementation, the second network device may be a repeater. The non-VRF instance interface can also be called a public network interface, which means that no interface associated with the VRF instance exists, and the established VPN neighbor can be a VPN-IPv4 neighbor or a VPN-IPv6 neighbor.

402. The second network equipment receives a BGP UPDATE message sent by the first network equipment through the VPN neighbor, wherein the BGP UPDATE message comprises VPN routing information and a redirected next hop, and the redirected next hop is a VRF instance interface address;

Before step 402, it is also necessary to determine whether both sides support the private network redirection attribute between the second network device and the first network device, and the specific determination method may refer to the foregoing embodiment, which is not described herein again.

403. The second network equipment leads the VPN routing information and the redirected next hop into a VRF instance;

404. when receiving a data stream containing the VPN routing information, the second network device redirects the data stream to an address corresponding to the VRF instance interface according to the VRF instance corresponding to the VPN routing information for forwarding.

The BGP UPDATE message received by the second network device carries a private network redirection attribute, which is as described in the foregoing embodiment. When the route import condition carried in the private network redirection attribute is RT matching import, the second network device imports the VPN route information and the redirected next hop into a VRF instance with the RT matching with the RT carried in the VPN route information, and specifically imports the VPN route information and the redirected next hop into a route forwarding table of the VRF instance; and when the route import mode carried in the private network redirection attribute is that both RT and RD are matched and imported, the second network equipment imports the VPN route information and the redirected next hop into a VRF instance in which both RT and RD are matched with both RT and RD carried in the VPN route information.

And if the private network redirection attribute indicates that the attribute is not transferred, the second network device does not carry the private network redirection attribute when transferring the VPN routing information or other information to other network devices.

Further, the first network device may be a repeater or a controller, and when the first network device is a repeater, the attribute value field in the private network redirection attribute further carries a processing mode of a forwarding label and a route forwarding mode.

If the processing mode of the forwarding label carried in the private network redirection attribute is neglected, and the routing forwarding mode is forwarding redistribution, the second network device redistributes the forwarding label for the VPN when sending the VPN routing information to other network devices. And when the second network equipment receives the data stream containing the VPN routing information, redirecting the data stream to the address corresponding to the VRF instance interface according to the corresponding VRF instance for IP forwarding.

If the processing mode of the forwarding label carried in the private network redirection attribute is continuous use, and the route forwarding mode is forwarding reassignment and switching, the second network device assigns the forwarding label for the VPN, and replaces the forwarding label assigned to the VPN by the first network device with the reassigned forwarding label. And when the second network equipment receives the data stream containing the VPN routing information, forwarding the data stream in an MPLS mode according to the forwarding label distributed to the VPN by the first network equipment.

The following takes the network scenarios shown in fig. 1 and fig. 2 as examples, and details the technical solutions provided by the embodiments of the present invention.

In fig. 1, S1 and S2 are VRF instance interfaces of ASBRs, and respectively associate a VRF instance of VPN1 with a VRF instance of VPN2, B is a non-VRF instance interface of an ASBR, CE4 needs to send a data stream with a destination IP of 20.21.1.1 to CE1, and CE3 needs to send a data stream with a destination IP of 20.30.1.1 to CE2, so that only one VPN neighbor needs to be established between ASBRs 1 and ASBRs 2 through respective non-VRF instance interfaces B, that is, notification of two VPN routes can be achieved, and it is ensured that data streams between ASBRs are forwarded by taking an IP path. In the following example, the default forwarding label is ignored, and the route forwarding method is to reassign the forwarding label to forwarding.

The process by which CE1 advertises route 20.21.1.1 to CE4 may be as follows:

CE1 advertises route 20.21.1.1 to PE1, PE1 imports route 20.21.1.1 to a VRF instance of VPN1 on PE1, and assigns forwarding label 1024 to route 20.21.1.1, after PE1 adds parameters such as RT and RD to route 20.21.1.1, advertises route 20.21.1.1 with forwarding label 1024 to ASBR1, after ASBR1 receives route 20.21.1.1 with forwarding label 1024, an entry shown in table 4 may be written in a route forwarding table of the VRF instance of VPN1 on ASBR 1:

destination IP	Outlet interface	Next hop	Forwarding labels
				20.21.1.1	E0	IP Address of PE1	1024

TABLE 4

ASBR1 adds RT, RD, etc. parameters to route 20.21.1.1 and adds a private network redirection attribute, the next hop in the private network redirection attribute carries the address of VRF instance interface S1 of ASBR1, sends the VPN neighbor established by route 20.21.1.1 through non-VRF instance interface B to ASBR2, after ASBR2 receives route 20.21.1.1 with the private network redirection attribute, introduces route 20.21.1.1 into the matching VRF instance, for example, the matching VRF instance is the VRF instance of VPN1, then the entry shown in table 5 may be written in the route forwarding table of the VRF instance of VPN1 on ASBR 2:

destination IP	Outlet interface	Next hop	Redirected next hop
				20.21.1.1	B interface of ASBR2	B interface address of ASBR1	S1 interface Address of ASBR1

TABLE 5

ASBR2 assigns a forwarding label 1026 to route 20.21.1.1, adds parameters such as RT and RD to route 20.21.1.1, and then advertises route 20.21.1.1 with forwarding label 1026 to PE2, and after PE2 receives route 20.21.1.1 with forwarding label 1026, it imports route 20.21.1.1 to a VRF instance of VPN1 on PE2, pops up forwarding label 1026, and advertises route 20.21.1.1 to CE 4.

During forwarding, CE4 sends a data stream with a destination IP of 20.21.1.1 to PE2, PE2 searches for a VRF instance corresponding to a VPN, encapsulates the data stream with a label 1026 and forwards the data stream to ASBR2, ASBR2 receives a data stream with a destination IP of 20.21.1.1, searches for a VRF instance corresponding to a VPN (as shown in table 5), redirects the data stream to S1 interface of ASBR1 and forwards the data stream through an IP path between ASBRs, after the data stream reaches ASBR1, ASBR1 searches for a VRF instance corresponding to a VPN (as shown in table 4), encapsulates the data stream with a label 1024 and forwards the data stream to PE1, and after PE1 receives the data stream with a destination IP of 20.21.1.1, pops up a forwarding label 1024, and sends the data stream to CE 1.

The process by which CE2 advertises route 20.30.1.1 to CE3 may be as follows:

CE2 advertises route 20.30.1.1 to PE1, PE1 imports route 20.30.1.1 to a VRF instance of VPN2 on PE1, and assigns forwarding label 1034 to route 20.30.1.1, after PE1 adds parameters such as RT and RD to route 20.30.1.1, advertises route 20.30.1.1 with forwarding label 1034 to ASBR1, and after ASBR1 receives route 20.30.1.1 with forwarding label 1034, an entry shown in table 6 may be written in a route forwarding table of the VRF instance of VPN2 on ASBR 1:

destination IP	Outlet interface	Next hop	Forwarding labels
				20.30.1.1	E0	IP Address of PE1	1034

TABLE 6

ASBR1 adds RT, RD, etc. parameters to route 20.30.1.1 and adds a private network redirection attribute, the next hop in the private network redirection attribute carries the address of VRF instance interface S2 of ASBR1, sends the VPN neighbor established by route 20.30.1.1 through non-VRF instance interface B to ASBR2, after ASBR2 receives route 20.30.1.1 with the private network redirection attribute, introduces route 20.30.1.1 into the matching VRF instance, for example, the matching VRF instance is the VRF instance of VPN2, then the entry shown in table 7 may be written in the route forwarding table of the VRF instance of VPN2 on ASBR 2:

destination IP	Outlet interface	Next hop	Redirected next hop
				20.30.1.1	B interface of ASBR2	B interface address of ASBR1	S2 interface Address of ASBR1

TABLE 7

ASBR2 assigns forwarding label 1036 to route 20.30.1.1, adds parameters such as RT and RD to route 20.30.1.1, and then advertises route 20.30.1.1 with forwarding label 1036 to PE2, and after PE2 receives route 20.30.1.1 with forwarding label 1036, imports route 20.30.1.1 to VRF instance of VPN2 on PE2, pops up forwarding label 1036, and advertises route 20.30.1.1 to CE 3.

During forwarding, CE3 sends a data stream with a destination IP of 20.30.1.1 to PE2, PE2 searches for a VRF instance corresponding to a VPN, encapsulates the data stream with a label 1036 and forwards the data stream to ASBR2, ASBR2 receives a data stream with a destination IP of 20.30.1.1, searches for a VRF instance corresponding to a VPN (as shown in table 7), redirects the data stream to S2 interface of ASBR1 and forwards the data stream through an IP path between ASBRs, after the data stream reaches ASBR1, ASBR1 searches for a VRF instance corresponding to a VPN (as shown in table 6), encapsulates the data stream with a label 1034 and forwards the data stream to PE1, and after PE1 receives the data stream with a destination IP of 20.30.1.1, pops up a forwarding label 1034, and sends the data stream to CE 2.

In fig. 3, VRF instance interfaces of PE1 and PE2 are S1, non-VRF instance interfaces are B, CE4 needs to send a data stream whose destination IP is 20.21.1.1 to CE1, and CE3 needs to send a data stream whose destination IP is 20.30.1.1 to CE2, so that a VPN neighbor only needs to be established between the controller and PE1 through the respective non-VRF instance interface B, and a VPN neighbor only needs to be established between the controller and PE2 through the respective non-VRF instance interface B, so that notification of two VPN routes can be implemented, and data stream between PEs is guaranteed to be forwarded along a private network IP path.

When CE4 wants to send a data flow with destination IP 20.21.1.1 to CE1, the controller advertises, to PE2, a route 20.21.1.1 carrying a private network redirection attribute through a VPN neighbor established with non-VRF instance interface B of PE2, and when PE2 receives route 20.21.1.1, an entry shown in table 8 is imported in a route forwarding table of a VRF instance of VPN1 on PE 2:

destination IP	Outlet interface	Next hop	Redirected next hop
				20.21.1.1	B interface of PE2	B interface address of PE1	S1 interface address of PE1

TABLE 8

In addition, the controller advertises route 20.21.1.1 to PE1 through a VPN neighbor established with non-VRF instance interface B of PE 1.

During forwarding, CE4 sends a data stream with a destination IP of 20.21.1.1 to PE2, after PE2 receives a data stream with a destination IP of 20.21.1.1, searches for a VRF instance corresponding to a VPN (as shown in table 8), redirects the data stream to an S1 interface of PE1, and forwards the data stream through a private network IP path between PEs, and after the data stream reaches PE1, PE1 searches for a VRF instance corresponding to a VPN, and sends the data stream to CE 1.

When CE3 wants to send a data flow with destination IP 20.30.1.1 to CE2, the controller advertises, to PE2, a route 20.30.1.1 carrying a private network redirection attribute through a VPN neighbor established with non-VRF instance interface B of PE2, and when PE2 receives route 20.30.1.1, an entry shown in table 9 is imported in a route forwarding table of a VRF instance of VPN2 on PE 2:

destination IP	Outlet interface	Next hop	Redirected next hop
				20.30.1.1	B interface of PE2	B interface address of PE1	S1 interface address of PE1

TABLE 9

In addition, the controller advertises route 20.30.1.1 to PE1 through a VPN neighbor established with non-VRF instance interface B of PE 1.

During forwarding, CE4 sends a data stream with a destination IP of 20.30.1.1 to PE2, after PE2 receives a data stream with a destination IP of 20.30.1.1, searches for a VRF instance corresponding to a VPN (as shown in table 9), redirects the data stream to an S1 interface of PE1, and forwards the data stream through an IP path between PEs, and after the data stream reaches PE1, PE1 searches for a VRF instance corresponding to a VPN, and sends the data stream to CE 1.

Referring to fig. 5, a first network device 500 of the present embodiment is described below, which is used to implement the VPN route advertisement method shown in fig. 3, where the first network device is a repeater or a controller, and includes:

an establishing unit 501, configured to establish a Virtual Private Network (VPN) neighbor with a second network device through a non-VRF instance interface;

a sending unit 502, configured to send a BGP UPDATE packet to the second network device through the VPN neighbor, where the BGP UPDATE packet includes VPN routing information and a redirected next hop, and the redirected next hop is a VRF instance interface address, so that the second network device imports the VPN routing information and the redirected next hop into a VRF instance, and redirects a data stream to an address corresponding to the VRF instance interface according to the VRF instance corresponding to the VPN routing information to forward the data stream when receiving the data stream including the VPN routing information.

Further, the BGP UPDATE packet includes a private network redirection attribute, where the private network redirection attribute includes an attribute flag field, an attribute type field, and an attribute value field, where the attribute flag field is used to indicate that an attribute is not transferred, the attribute type field is used to indicate that the type of the attribute is redirection, and the attribute value field is used to carry the redirected VRF instance interface address and route import condition.

Further, the route import condition includes: importing when a route target RT in the VPN route information is matched with the RT of the VRF instance;

Further, when the first network device is a repeater, the first network device and the second network device are not in the same autonomous domain, and the VRF instance interface address is a VRF instance interface address of the first network device;

Further, when the first network device is a forwarder, the attribute value field also carries a processing mode of forwarding a label and a route forwarding mode.

Further, the forwarding label is processed in an ignoring manner, and the route forwarding manner is a forwarding reassignment.

Further, the first network device supports the private network redirection attribute, and the first network device further includes a determining unit 503, where the determining unit 503 is configured to determine that the second network device supports the private network redirection attribute according to a BGP OPEN message sent by the second network device, or determine that the second network device supports the private network redirection attribute according to a static configuration of the second network device.

It should be noted that, steps that are not described in detail in this embodiment may refer to the description of the method embodiment shown in fig. 3, and are not described again here.

Corresponding to the method shown in fig. 3, fig. 6 shows a schematic diagram of another embodiment of the first network device 600 provided in the present invention, and the first network device 600 of the present embodiment includes a communication port 601, a processor 602, a memory 603, and a bus 604. The processor 602, the memory 603 and the communication interface 601 are connected via the bus 604 and communicate with each other.

The bus 604 may be an Industry Standard Architecture (ISA) bus, a Peripheral Component Interconnect (PCI) bus, an Extended ISA (EISA) bus, or the like. The bus may be divided into one or more of an address bus, a data bus, and a control bus. For ease of illustration, only one thick line is shown in FIG. 6, but this is not intended to represent only one bus or type of bus.

The memory 603 is used to store executable program code, which includes computer operating instructions. When the first network device 600 executes the program code, the first network device 600 may complete steps 301 to 302 of the embodiment in fig. 3, or may implement all functions of the first network device 500 in the embodiment in fig. 5. The memory 603 may comprise a high-speed ram (random Access memory) memory. Optionally, the memory 603 may further include a non-volatile memory (non-volatile memory). The memory 603 may comprise, for example, disk storage.

The processor 602 may be a Central Processing Unit (CPU), or the processor 602 may be an Application Specific Integrated Circuit (ASIC), or the processor 602 may be one or more Integrated circuits configured to implement embodiments of the present invention.

The processor 602 is configured to execute all operations executed by the establishing unit 501 and the determining unit 503 of the first network device 500 shown in fig. 5, which are not described herein again.

The communication interface 601 is configured to perform all operations performed by the sending unit 502 in the first network device 500 shown in fig. 5, which is not described herein again.

Referring to fig. 7, a second network device for implementing the data stream forwarding method shown in fig. 4 is described below, where the second network device is a repeater, and a second network device 700 in this embodiment includes:

an establishing unit 701, configured to establish a Virtual Private Network (VPN) neighbor with a first network device through a non-VRF instance interface;

a receiving unit 702, configured to receive, by the VPN neighbor, a BGP UPDATE packet sent by the first network device, where the BGP UPDATE packet includes VPN routing information and a redirected next hop, and the redirected next hop is a VRF instance interface address;

an importing unit 703, configured to import the VPN routing information and the redirected next hop into a VRF instance;

a sending unit 704, configured to redirect, when the receiving unit 702 receives a data stream including the VPN routing information, the data stream to an address corresponding to the VRF instance interface according to the VRF instance corresponding to the VPN routing information for forwarding.

Further, the first network device is a controller or a repeater;

Further, the second network device supports the private network redirection attribute, and the second network device further includes a determining unit 705, where the determining unit 705 is configured to determine that the first network device supports the private network redirection attribute according to a BGP OPEN message sent by the first network device, or determine that the first network device supports the private network redirection attribute according to a static configuration of the first network device.

It should be noted that, steps that are not described in detail in this embodiment may refer to the description of the method embodiment shown in fig. 4, and are not described herein again.

Corresponding to the method shown in fig. 4, fig. 8 shows a schematic diagram of another embodiment of a second network device 800 provided in the present invention, where the second network device 800 of the present embodiment includes a communication port 801, a processor 802, a memory 803, and a bus 804. The processor 802, the memory 803, and the communication interface 801 are coupled via the bus 804 and communicate with each other.

The bus 804 may be an Industry Standard Architecture (ISA) bus, a Peripheral Component Interconnect (PCI) bus, an Extended ISA (Extended Industry Standard Architecture) bus, or the like. The bus may be divided into one or more of an address bus, a data bus, and a control bus. For ease of illustration, only one thick line is shown in FIG. 8, but this is not intended to represent only one bus or type of bus.

The memory 803 is used to store executable program code, which includes computer operating instructions. When the second network device 800 executes the program code, the second network device 800 may complete steps 401 to 404 in the embodiment of fig. 4, or may implement all functions of the second network device 700 in the embodiment of fig. 7. The memory 803 may comprise a high-speed ram (random Access memory) memory. Optionally, the memory 803 may further include a non-volatile memory (non-volatile memory). The memory 803 may comprise, for example, disk storage.

The processor 802 may be a Central Processing Unit (CPU), or the processor 802 may be an Application Specific Integrated Circuit (ASIC), or the processor 802 may be one or more Integrated circuits configured to implement embodiments of the present invention.

The processor 802 is configured to execute all operations executed by the establishing unit 701, the importing unit 703, and the determining unit 705 of the second network device 700 shown in fig. 7, which are not described herein again.

The communication interface 801 is configured to perform all operations performed by the receiving unit 702 and the sending unit 704 in the second network device 700 shown in fig. 7, which are not described herein again.

It should be noted that the above-described embodiments of the apparatus are merely schematic, where the units described as separate parts may or may not be physically separate, and the parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. In addition, in the drawings of the embodiment of the apparatus provided by the present invention, the connection relationship between the modules indicates that there is a communication connection between them, and may be specifically implemented as one or more communication buses or signal lines. One of ordinary skill in the art can understand and implement it without inventive effort.

Through the above description of the embodiments, those skilled in the art will clearly understand that the present invention may be implemented by software plus necessary general hardware, and may also be implemented by special hardware including special integrated circuits, special CPUs, special memories, special components and the like. Generally, functions performed by computer programs can be easily implemented by corresponding hardware, and specific hardware structures for implementing the same functions may be various, such as analog circuits, digital circuits, or dedicated circuits. However, the implementation of a software program is a more preferable embodiment for the present invention. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a readable storage medium, such as a floppy disk, a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk of a computer, and includes instructions for enabling a computer device (which may be a personal computer, a server, or a network device) to execute the methods according to the embodiments of the present invention.

As described above, the VPN route notification method, the data flow forwarding method and the related device provided in the embodiments of the present invention are described in detail, and a person having ordinary skill in the art may change the specific implementation and application scope according to the idea of the embodiments of the present invention, so the content of this specification should not be construed as limiting the present invention.

Claims

1. A Virtual Private Network (VPN) route advertisement method is characterized by comprising the following steps:

2. The method of claim 1, wherein the BGP UPDATE message includes a private network redirection attribute, the private network redirection attribute includes an attribute flag field, an attribute type field, and an attribute value field, the attribute flag field is used to indicate that an attribute is not transferred, the attribute type field is used to indicate that the type of the attribute is redirection, and the attribute value field is used to carry the redirected VRF instance interface address and route import condition.

3. The method of claim 2, wherein the route import condition comprises: importing when a route target RT in the VPN route information is matched with the RT of the VRF instance;

4. The method of claim 2, wherein the first network device is a controller or a repeater and the second network device is a repeater;

5. The method of claim 4, wherein when the first network device is a forwarder, the attribute value field further carries a processing mode of forwarding label and a routing forwarding mode.

6. The method of claim 5, wherein the forwarding label is processed in an ignoring manner, and wherein the routing forwarding manner is a forwarding reassignment.

7. The method according to any of claims 2 to 6, wherein the first network device supports the private network redirection attribute, and before the first network device sends a BGP UPDATE message to the second network device through the VPN neighbor, the method further comprises:

8. A method for forwarding a data stream, comprising:

9. The method of claim 8, wherein the BGP UPDATE message includes a private network redirection attribute, and wherein the private network redirection attribute includes an attribute flag field, an attribute type field, and an attribute value field, and wherein the attribute flag field is used to indicate that an attribute is not transferred, the attribute type field is used to indicate that the type of the attribute is redirection, and the attribute value field is used to carry the redirected VRF instance interface address and route import condition.

10. The method of claim 9, wherein the route import condition comprises:

11. The method of claim 9, wherein the second network device is a repeater and the first network device is a controller or a repeater;

12. The method of claim 11, wherein when the first network device is a forwarder, the attribute value field further carries a processing method of forwarding label and a routing forwarding method.

13. The method of claim 12, wherein the forwarding label is handled as ignored, and wherein the routing forwarding scheme is a forwarding reassignment.

14. The method according to any of claims 9 to 13, wherein the second network device supports the private network redirection attribute, and before the second network device receives the BGP UPDATE packet sent by the first network device through the VPN neighbor, the method further comprises:

15. A first network device, wherein the first network device is a controller or a repeater, the first network device comprising:

16. The first network device of claim 15, wherein the BGP UPDATE packet includes a private network redirection attribute, the private network redirection attribute includes an attribute flag field, an attribute type field, and an attribute value field, the attribute flag field is used to indicate that an attribute is not transferred, the attribute type field is used to indicate that the type of the attribute is redirection, and the attribute value field is used to carry the redirected VRF instance interface address and a route import condition.

17. The first network device of claim 16, wherein the route import condition comprises:

18. The first network device of claim 16,

19. The first network device of claim 18, wherein when the first network device is a forwarder, the attribute value field further carries a processing method of forwarding labels and a routing forwarding method.

20. The first network device of claim 19, wherein the forwarding label is handled as ignored and the routing-forwarding scheme is forwarding reassignment.

21. The first network device according to any one of claims 16 to 20, wherein the first network device supports the private network redirection attribute, the first network device further comprising a determining unit;

22. A second network device, wherein the second network device is a repeater, the second network device comprising:

23. The second network device of claim 22, wherein the BGP UPDATE packet includes a private network redirection attribute, the private network redirection attribute includes an attribute flag field, an attribute type field, and an attribute value field, the attribute flag field is used to indicate that an attribute is not transferred, the attribute type field is used to indicate that the type of the attribute is redirection, and the attribute value field is used to carry the redirected VRF instance interface address and a route import condition.

24. The second network device of claim 23, wherein the route import condition comprises:

25. The second network device of claim 23, wherein the first network device is a controller or a repeater;

26. The second network device of claim 25, wherein when the first network device is a forwarder, the attribute value field further carries a processing method of forwarding labels and a routing forwarding method.

27. The second network device of claim 26, wherein the forwarding label is handled as ignored and the routing-forwarding scheme is forwarding reassignment.

28. The second network device according to any one of claims 23 to 27, wherein the second network device supports the private network redirection attribute, the second network device further comprising a determining unit;

29. A network system comprising a first network device according to any one of claims 15 to 21 and a second network device according to any one of claims 22 to 28.