CN107959611A - A kind of method to E-Packet, apparatus and system - Google Patents
A kind of method to E-Packet, apparatus and system Download PDFInfo
- Publication number
- CN107959611A CN107959611A CN201610902960.6A CN201610902960A CN107959611A CN 107959611 A CN107959611 A CN 107959611A CN 201610902960 A CN201610902960 A CN 201610902960A CN 107959611 A CN107959611 A CN 107959611A
- Authority
- CN
- China
- Prior art keywords
- network equipment
- message
- l3vpn
- equipment
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/20—Hop count for routing purposes, e.g. TTL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/50—Routing or path finding of packets in data switching networks using label swapping, e.g. multi-protocol label switch [MPLS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/35—Switches specially adapted for specific applications
- H04L49/354—Switches specially adapted for specific applications for supporting virtual local area networks [VLAN]
Abstract
This application provides the methods, devices and systems to E-Packet in a kind of L3VPN.This method includes:Configuration strategy is route in the VPN instance of Provider Edge PE equipment so that the message that PE equipment is received according to policybased routing forwarding.Therefore, the message forwarding method that the application provides can guide L3VPN tunnel communication of the message by splicing, meet the communication requirement across multiple L3VPN tunnels.And then realize access control of the tenant to network so that networking is more flexible.
Description
Technical field
This application involves field of communication technology, more particularly to a kind of method, apparatus and system to E-Packet.
Background technology
VPN is Virtual Private Network (the Virtual Private that operator is provided a user by its public network
Network, VPN), i.e., the angle in user, VPN are the proprietary networks of user.For operator, public network includes public affairs
Common backbone network and public operator edge device.The VPN member stations being geographically separated from one another pass through customer edge
(Customer Edge, CE) equipment is connected to corresponding Provider Edge (Provider Edge, PE) equipment, passes through operator
Public network composition client VPN network.
Three-layer VPN (Layer 3Virtual Private Network, L3VPN) is applied to the private network industry for having L3 demands
Business.L3VPN business carries out Internet protocol (Internet Protocol, IP) packet by the way of traditional routing is similar to
Forwarding.After router receives IP data packets, the destination address of IP data packets is searched in forwarding table, using pre-establishing
Passage carry out IP data packets transmission.
Existing L3VPN technologies are the implementations of a virtual network, and the signaling protocol of L3VPN is Border Gateway Protocol
(Border Gateway Protocol, BGP), is Internal BGP (Internal Border between PE equipment
Gateway Protocol, IBGP) peer-to-peer (PEER) relation.Path black hole in order to prevent, bgp protocol regulation, PE equipment from
One received route of IBGP peer-to-peers cannot be issued to another IBGP peer-to-peer again.Therefore, PE equipment only has oneself IBGP
The route of peer-to-peer, the route of the PE equipment outside being jumped without one.
For business networking for the user realized using L3VPN, if led between service node by L3VPN tunnels
Letter, then not establishing between the node in direct-connected L3VPN tunnels to communicate.
The content of the invention
This application provides the methods, devices and systems to E-Packet in a kind of L3VPN, disclosure satisfy that across multiple
Communication requirement between the node in L3VPN tunnels.
In a first aspect, this application provides a kind of method to E-Packet in L3VPN.The L3VPN is set including first network
Standby, second network equipment and the 3rd network equipment, first is established between the first network equipment and second network equipment
L3VPN tunnels, the 2nd L3VPN tunnels are established between second network equipment and the 3rd network equipment.First, this first
The network equipment receives message, then according to receive the incoming interface of the message and the destination address of the message with it is described enter
Searched and matched first policybased routing of the message in the VPN instance of interface binding.First policybased routing is used to indicate
The next-hop for reaching the destination address of the message is second network equipment.Find and the message matched described
After one policybased routing, according to the instruction of first policybased routing, which will by the first L3VPN tunnels
The message is sent to second network equipment.Wherein, second network equipment is stored with the purpose for reaching the message
The forwarding-table item of address, the forwarding-table item are used to indicate described in second network equipment to the 3rd network equipment forwarding
Message, the 2nd L3VPN tunnels are used for second network equipment and send the message to the 3rd network equipment.
With reference to first aspect, in the first possible implementation of first aspect, the first network equipment is PE
Equipment, the PE equipment receive the message that CE equipment is sent.
With reference to first aspect, in second of possible implementation of first aspect, the first network equipment receives
The message that 4th network equipment is sent.4th network equipments configuration has the second policybased routing, the described second tactful road
Next-hop by the destination address for indicating to reach the message is the first network equipment.4th network equipment and
Being established between the first network equipment has the 3rd L3VPN tunnels.4th network equipment passes through the 3rd L3VPN tunnels
The message is sent to the first network equipment.
With reference to first aspect and above-mentioned possible mode, in the third possible implementation of first aspect,
Before the first network equipment receives the message, the first network equipment receives the configuration that control management equipment is sent and disappears
Breath.The configuration message carries first policybased routing.The first network equipment, according to obtaining the configuration message
First policybased routing.
By configuring first policybased routing in the VPN instance of the first network equipment, guiding message passes through spelling
The first L3VPN tunnels and the 2nd L3VPN tunnel communications connect, realizes access control of the tenant to network.Tenant is in VPN
It can realize and communicate between interior each website.Business networking in VPN can carry out topology according to the demand of user, without
Traditional whole station point full mesh or wheel hub-spoke hub-spoke networkings are confined to, therefore, networking mode is more flexible.
Second aspect, this application provides a kind of method to E-Packet in L3VPN.The L3VPN includes first network
Equipment, second network equipment and the 3rd network equipment, establish between the first network equipment and second network equipment
One L3VPN tunnels, the 2nd L3VPN tunnels are established between second network equipment and the 3rd network equipment.First, control management
Equipment generation configuration message.The configuration message is used in the VPN instance with the binding of the first interface of the first network equipment
Middle configuration strategy route, the next-hop that the policybased routing is used to indicate to reach the destination address of the message is second net
Network equipment.Then, which sends the configuration message to the first network equipment.Wherein, the first L3VPN
Tunnel is used for the first network equipment and sends the message to second network equipment.Second network equipment is stored with
Reach the forwarding-table item of the destination address of the message, the forwarding-table item is used to indicating second network equipment to described the
Three network equipments forward the message.The 2nd L3VPN tunnels are set for second network equipment to the 3rd network
Preparation send the message.
By controlling management equipment configuration strategy in the VPN instance of first network equipment to route, guiding message passes through spelling
The first L3VPN tunnels and the 2nd L3VPN tunnel communications connect, realizes access control of the tenant to network.Tenant may be used also
To optimize network bandwidth according to demand, individual business chain etc. is set, and tenant can realize between each website in VPN and mutually communicate
Believe, the business networking in VPN can carry out topology according to the demand of user so that networking is more flexible.
The third aspect, this application provides a kind of device to E-Packet, which is applied in L3VPN, for performing
The module of first aspect and the method in the arbitrarily possible implementation of first aspect.
Fourth aspect, this application provides a kind of communication system, and the communication system applications are in Layer3 Virtual Private Network L3VPN
In, the communication system includes control management equipment, first network equipment, second network equipment and the 3rd network equipment.It is described
The first L3VPN tunnels are established between first network equipment and second network equipment.Second network equipment and described
The 2nd L3VPN tunnels are established between three network equipments.Wherein,
The control management equipment, for sending the first configuration message to the first network equipment.First configuration
Message carries the first policybased routing, the first configuration message be used for the binding of the first interface of the first network equipment
First policybased routing is configured in first VPN instance.First policybased routing is used to indicate the purpose for reaching the message
The next-hop of address is second network equipment.The first network equipment, for receiving the report from the first interface
Text, and according to the destination address of the message, searched and matched first plan of the message in first VPN instance
Slightly it route.The first network equipment, is additionally operable to the instruction according to first policybased routing, passes through the first L3VPN tunnels
Road sends the message to second network equipment.Second network equipment is stored with the destination address for reaching the message
Forwarding-table item.The forwarding-table item is used to indicate that second network equipment forwards the report to the 3rd network equipment
Text.The 2nd L3VPN tunnels are used for second network equipment and send the message to the 3rd network equipment.It is optional
, the control management equipment can be controller or network management device.
The communication system provided according to the application, by controlling management equipment in the VPN instance of the first network equipment
Interior configuration strategy route, the first L3VPN tunnel and twoth L3VPN tunnel communication of the guiding message by splicing, realize
Access control of the tenant to network.Tenant can realize between each website in VPN and communicate, the business networking energy in VPN
It is enough that topology is carried out according to the demand of user so that networking is more flexible.
With reference to fourth aspect, in the first possible implementation of fourth aspect, the communication system further includes
Four network equipments, being established between the 4th network equipment and the first network equipment has the 3rd L3VPN tunnels.Wherein, institute
Control management equipment is stated, is additionally operable to send the second configuration message to the 4th network equipment.The second configuration message carries
Second policybased routing, the second configuration message are used in the 2nd VPN with the binding of the second interface of the 4th network equipment
Second policybased routing is bound in example.Second policybased routing is used under the destination address that instruction reaches the message
One jump is the first network equipment.4th network equipment, for receiving the message from the second interface, and according to
The destination address of the message, is searched and matched second policybased routing of the message in second VPN instance.Institute
The 4th network equipment is stated, is additionally operable to the instruction according to second policybased routing, by the 3rd L3VPN tunnels to described
One network equipment forwards the message.The first network equipment, the institute specifically for receiving the 4th network equipment forwarding
State message.
5th aspect, this application provides a kind of device to E-Packet, which is applied in L3VPN, the device bag
Include:Input interface, output interface, processor and memory.Wherein, input interface, output interface, processor and the storage
It can be connected between device by bus system.The memory is used for storage program, instruction or code, and the processor is used to perform
Program, instruction or code in the memory, complete first aspect, the side of any possible implementation of first aspect
Method.
6th aspect, this application provides one kind to control management equipment, which is used in L3VPN, the control
Management equipment processed includes:Input interface, output interface, processor and memory.Wherein, input interface, output interface, processor
And it can be connected between the memory by bus system.The memory is used for storage program, instruction or code, the place
Reason device is used to perform program, instruction or the code in the memory, the method for completing second aspect.
7th aspect, the embodiment of the present application provides a kind of computer-readable recording medium, for storing computer program,
The computer program is used to perform first aspect, the method for any possible implementation and second aspect of first aspect
Instruction.
Brief description of the drawings
, below will be to needed in the embodiment attached in order to illustrate more clearly of the technical solution of the embodiment of the present application
Figure is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the present application, for this area
For those of ordinary skill, without creative efforts, other attached drawings can also be obtained according to these attached drawings.
Fig. 1 is the application scenarios schematic diagram according to the embodiment of the present application;
Fig. 2 (a) is according to a kind of for the flow diagram of the method to E-Packet of the embodiment of the present application;
Fig. 2 (b) is according to a kind of for the flow diagram of the method to E-Packet of the embodiment of the present application;
Fig. 3 is for the flow diagram of the method to E-Packet according to the another kind of the embodiment of the present application
Fig. 4 is according to a kind of for the schematic diagram of the device to E-Packet of the embodiment of the present application;
Fig. 5 is according to a kind of for the schematic diagram of the device to E-Packet of the embodiment of the present application;
Fig. 6 is according to a kind of for the hardware architecture diagram of the device to E-Packet of the embodiment of the present application;
Fig. 7 is according to a kind of for the hardware architecture diagram of the device to E-Packet of the embodiment of the present application.
Embodiment
The embodiment of the present application description application scenarios be in order to more clearly explanation the embodiment of the present application technical solution,
The restriction for technical solution provided by the embodiments of the present application is not formed, those of ordinary skill in the art understand, with network
The differentiation of framework and the appearance of new business scene, technical solution provided by the embodiments of the present application is for similar technical problem, together
Sample is applicable in.
Unless indicated to the contrary, the embodiment of the present application refers to " first ", " second ", " the 3rd ", " the 4th " and "
The ordinal numbers such as five " are used to distinguish multiple objects, are not used in the order for limiting multiple objects.
" VPN instance (VPN Instance) " described in the embodiment of the present application is that PE equipment is the VPN stations being connected directly
The entity that point is established and safeguarded, each VPN site has oneself independent VPN instance in PE equipment, i.e., in PE equipment
VPN instance has been safeguarded respectively for different VPN sites.In general, VPN instance is also referred to as VPN route forwarding tables (VPN
Routing and Forwarding table, VRF), each VRF corresponds to a VPN, have independent routing table, forwarding table,
Corresponding interface and management information etc..The management information includes but not limited to member interface list, route filtering strategy.It is logical
Cross and affix one's name to VRF in PE its upper sides, the route of different VPN is stored in different VRF, can reach VPN routes or flow isolation
Purpose.
" control management equipment " described in the embodiment of the present application, for being controlled to the resource of forwarding unit in network
And/or management, include but not limited to software defined network (Software-Defined network, SDN) controller, network pipe
Manage equipment (hereinafter referred to as " webmaster ").The forwarding unit is used to be forwarded to message processing, is specifically as follows tradition
Path-calculating element (English:Path Computation Element, PCE) road such as conventional router in network, interchanger
By forwarding unit or based on the routing forwarding equipment such as the router in the separated SDN of control forwarding, interchanger, this Shen
Please embodiment this is not limited.
Exemplary explanation is carried out to the application scenarios of the embodiment of the present application with reference to Fig. 1.
Fig. 1 shows the L3VPN networks 100 of the embodiment of the present application application, and the network 100 includes the bone that service provider provides
Dry net and multiple VPN sites.The backbone network includes first network equipment PE1, the second network equipment PE2, the 3rd network equipment
PE3, the 4th network equipment PE4, the 5th network equipment PE5 and multiple P (Provider) equipment 110.The multiple VPN site
Including site1-site6.Wherein, site1, site2, site3 and site4 belong to VPN1, site5 and site6 and belong to VPN2.
PE1 is Provider Edge (Provider Edge, PE) equipment direct-connected with CE1;PE2 is PE direct-connected with CE2 and CE5 respectively
Equipment;PE3 is the PE equipment direct-connected with CE3;PE4 is the PE equipment direct-connected with CE4;PE5 is the PE equipment direct-connected with CE6.
IP address is that the host A of 1.1.1.1 is communicated by CE1 with PE1 in site1.IP address is that the host B of 1.1.1.2 leads in Site3
CE3 is crossed to communicate with PE3.PE1 and PE2 is that IBGP peer-to-peers, PE1 and PE2 pass through L3VPN tunnel communications.PE1 and PE4 is IBGP
Peer-to-peer, PE1 and PE4 pass through L3VPN tunnel communications.PE2 and PE3 is that IBGP peer-to-peers, PE2 and PE3 are led to by L3VPN tunnels
Letter.PE2 and PE4 is that IBGP peer-to-peers, PE2 and PE4 pass through L3VPN tunnel communications.There is no direct-connected L3VPN between PE1 and PE3
Tunnel, also without direct-connected L3VPN tunnels between PE4 and PE3.According to the regulation of bgp protocol, PE2 receives IBGP peer-to-peers PE3
After the route of issue, it is impossible to the route is distributed to another IBGP peer-to-peer PE1, similarly, the route can not be distributed to
IBGP peer-to-peers PE4.Therefore, PE1 and PE4 only has the route for reaching PE2, but without the route for reaching PE3.In PE1 and PE3
Between there is no direct-connected L3VPN tunnels in the case of, even if there is bandwidth resources between PE2 and PE3, host A can not also access master
Machine B.Arbitrary access control can not be realized between website in VPN1.
" L3VPN tunnels " described herein refer to be used for the tunnel for carrying L3VPN business between PE equipment, such as can
To be static label switched path (Lable Switched Path, LSP) tunnel, based on Generic Routing Encapsulation
The tunnel of (Generic Routing Encapsulation, GRE), MPLS label distribution protocol (Lable Distribution
Protocol, LDP) lsp tunnel, and MPLS be directed to Traffic Engineering extensions Resource Reservation Protocol (Resource
Reservation Protocol-Traffic Engineering, RSVP-TE) tunnel etc., the embodiment of the present application does not do this
It is specific to limit.
Multiple P equipment 110 shown in Fig. 1, such as P routers, are the backbone router in backbone network, not with user's
CE equipment is connected directly.P equipment possesses basic MPLS transfer capabilities, is maintained into the route of PE, it is not necessary to understand any VPN's
Routing iinformation.
CE equipment is user network boundary device, has interface to be directly connected with PE equipment.CE equipment can be router or
Interchanger or a host.The presence of CE equipment " perception " less than VPN, without support multiprotocol label switching
(Multiprotocol Label Switching, MPLS).
PE equipment is the edge device of service provider network, is typically a router.It is direct with the CE equipment of user
It is connected, all processing to VPN all occur on PE.After CE and the PE being connected directly establish syntople, CE is this node
VPN routes be distributed to PE, and from PE study to the route of distal end VPN.BGP or Interior Gateway Protocol are used between CE and PE
(Interior Gateway Protocol, IGP) exchanges routing iinformation, can also use static routing.PE acquires CE's from CE
After VPN routing iinformations, by BGP and other PE switched vpcs N routing iinformations, pe router safeguards the VPN being connected directly with it
The VPN routing iinformations that routing iinformation and far-end PE issue come, but VPN roads all in service provider network are not safeguarded
By information.
It is to be understood that merely exemplary in Fig. 1 show 5 PE equipment, 2 VPN, 5 P equipment, 6 CE equipment and 6
A VPN site, the network can include any other number of PE equipment, VPN, P equipment, CE equipment and VPN site, this Shen
Please embodiment this is not limited.
The method 200 to E-Packet in a kind of L3VPN provided by the embodiments of the present application is carried out in detail with reference to Fig. 2 (a)
Describe in detail bright.This method 200 can be applied to the network 100 shown in Fig. 1.But the embodiment of the present application not limited to this.Such as Fig. 2 (a) institutes
Show, the method 200 includes:
S201, control management equipment generation the first configuration message.
Specifically, which includes first network equipment, second network equipment and the 3rd network equipment, and described first
The first L3VPN tunnels are established between the network equipment and second network equipment, second network equipment and the 3rd network are set
The 2nd L3VPN tunnels are established between standby.Management equipment generation the first configuration message is controlled, which carries the first plan
Slightly it route.The first configuration message is used to match somebody with somebody in the first VPN instance bound with the first interface of the first network equipment
Put first policybased routing.Deserve first network equipment from the first interface receive message when, according to first policybased routing
Instruction forward the message.Hereinafter, the first VPN instance is referred to as VRF1.First policybased routing is used to indicate institute
State first network equipment will be received from the first interface be sent to the matched message of the first policybased routing it is described
Second network equipment.The message is sent to second net by the first network equipment by the first L3VPN tunnels
Network equipment.Second network equipment is stored with the forwarding-table item for the destination address for reaching the message, and second network is set
The standby instruction according to the forwarding-table item, the 3rd network equipment is transmitted to by the message.Second network equipment leads to
Cross the 2nd L3VPN tunnels and the message is transmitted to the 3rd network equipment.
In a specific embodiment, with reference to Fig. 1, which for example can be the PE1 shown in Fig. 1.
In another particular embodiment of the invention, with reference to Fig. 1, which for example can be the PE4 shown in Fig. 1.First
The first interface of the network equipment, such as interface 1, bind VRF1, and the network equipment configures first policybased routing in the VRF1.
First policybased routing for example can be:It is the message of 1.1.1.2 for destination address, from second interface, such as interface 2, hair
It is sent to second network equipment.Second network equipment for example can be the PE2 shown in Fig. 1.Optionally, can also be in first plan
The bandwidth that can be taken when communicating between first network equipment and second network equipment is configured in slightly routeing.Art technology
Personnel, which are appreciated that, to carry out concrete configuration to the first policybased routing according to the actual demand of user, and the application does not make this
It is specific to limit.
In a specific embodiment, the control management equipment can be software defined network (Software-
Defined Networking, SDN) controller.Controller is further referred to as control device, control system, control node etc..
Alternatively, which can be specially intelligent network controller (Smart Network Controller, SNC).Another
In a specific embodiment, the control management equipment can be webmaster.But the embodiment of the present application not limited to this.With reference to Fig. 1,
The demand across multiple L3VPN tunnel communications is needed for tenant, such as, host A will access host B, it is necessary to splice multiple
Its requirements for access is realized in L3VPN tunnels.First policybased routing is configured in first network equipment by controller or webmaster, is referred to
First network equipment is led to forward the packet to second network equipment.
It is to be understood that in the embodiment of the present application, the controller can pass through southbound interface with the first network equipment
Agreement, for example, open flows OpenFlow agreements, bgp protocol or path-calculating element interaction protocol (Path Computation
Element Communication Protocol, PCEP), to send the configuration message, to configure the described first tactful road
By, but the application not limited to this.
Further, in the embodiment of the present application, can be based between the webmaster and the first network equipment simple
Network Management Protocol (Simple network management protocol, SNMP) or network configuration protocol (Network
Configuration Protocol, NETCONF) the configuration message is sent, to configure first policybased routing, but this
Apply for not limited to this.
S202, control management equipment send the first configuration message to the first network equipment.
S203, first network equipment receive the first configuration message.
S204, the first network equipment obtain first policybased routing according to the described first configuration message.
The first network equipment obtains first policybased routing according to the described first configuration message, by the first tactful road
By being saved in the policybased routing table of VRF1, message is instructed to forward.The policybased routing tableau format for example can be such as the institute of table 1
Show.
| Route prefix | Agreement | Outgoing interface | Next-hop |
| 192.168.2.0/24 | Direct | GE0/0/3 | 192.168.2.254 |
| 1.1.1.2/24 | Direct | GE0/0/4 | 192.168.200.1 |
It is to be understood that with reference to Fig. 1, when host A desires access to host B, controller or webmaster can only configure institute on PE1
The first policybased routing is stated, at this time, PE1 corresponds to above-mentioned first network equipment, and first policybased routing instructs the message
PE2 is forwarded to via PE1.There is the route for reaching host B on PE2, therefore, after PE2 receives the message of PE1 transmissions,
The forwarding-table item prestored by being inquired about in VPN instance, determines to forward the packet to PE3, to complete host A to host B
Access.Optionally, the controller or webmaster can also configure first policybased routing on the PE4, in the PE1
The second policybased routing of upper configuration, the next-hop which is used to indicate to reach the destination address of the message is PE4.
At this time, PE4 corresponds to above-mentioned first network equipment.When PE1 receives the message that CE1 is sent, according to the described second tactful road
By forwarding the packet to PE4.After PE4 receives the message of PE1 transmissions, according to the instruction of first policybased routing, by message
PE2 is forwarded to, is finally forwarded the packet via PE2 to PE3, to complete access of the host A to host B.
In the embodiment of the present application, the first L3VPN tunnels are passed through between the first network equipment and second network equipment
Road communicates, and by the 2nd L3VPN tunnel communications between second network equipment and the 3rd network equipment, and the first network is set
It is standby there is no direct-connected L3VPN tunnels between the 3rd network equipment in the case of.By controlling management equipment in first network
Configuration strategy is route in the VPN instance of equipment, the first L3VPN tunnel and twoth L3VPN tunnel of the guiding message by splicing
Road communicates, and realizes access control of the tenant to network.Tenant can also optimize network bandwidth according to demand, set personalized industry
Business chain etc., tenant can realize between each website in VPN and communicate, and the business networking in VPN can be according to the need of user
Seek progress topology so that networking is more flexible.
Optionally, the L3VPN can also include the 4th network equipment.4th network equipment and the first network
The 3rd L3VPN tunnels are established between equipment.In a specific embodiment, with reference to Fig. 1, the first network equipment is
PE4, second network equipment is PE2, and the 3rd network equipment is PE3, and the 4th network equipment is PE1.Such as Fig. 2
(b) shown in, the method 200 can also include S205-S208.
S205, control management equipment generation the second configuration message.
Specifically, control management equipment generates the second configuration message, which carries the second policybased routing.
The first configuration message is used to configure described the in the second VPN instance bound with the second interface of the 4th network equipment
Two policybased routings.Deserve the 4th network equipment from the second interface receive message when, according to the instruction of second policybased routing turn
Send out message described.Second policybased routing be used for indicate the 4th network equipment will be received from the second interface with
The matched message of second policybased routing is sent to the first network equipment.4th network equipment passes through the described 3rd
The message is sent to the first network equipment by L3VPN tunnels.
S206, control management equipment send the second configuration message to the 4th network equipment.
S207, the 4th network equipment receive the second configuration message.
S208, the 4th network equipment obtain second policybased routing according to the described second configuration message.
Specific implementation on S205-S208 is similar with S201-S204, and details are not described herein again.The application is to S205-
The execution sequence of S208 and S201-S204 is not especially limited, i.e. S205-S208 can be performed before S201-S204, also may be used
To be performed after S201-S204.
The method 300 to E-Packet in a kind of L3VPN provided by the embodiments of the present application is carried out specifically with reference to Fig. 3
Bright, which includes first network equipment, second network equipment and the 3rd network equipment, the first network equipment with it is described
The first L3VPN tunnels are established between second network equipment, are established between second network equipment and the 3rd network equipment
2nd L3VPN tunnels.This method can be used for the network 100 shown in Fig. 1, but not apply for embodiment not limited to this.Such as Fig. 3 institutes
Show, the described method includes:S301-S303.
S301, first network equipment receive message.
In a specific embodiment, the first network equipment is PE equipment, receives what the first CE equipment was sent
The message.The first CE equipment and the first network equipment are direct-connected.With reference to Fig. 1, the first PE equipment specifically can be with
It is PE1, the first CE equipment can be specifically CE1.
In another particular embodiment of the invention, the first network equipment receives the report that the 4th network equipment is sent
Text.4th network equipments configuration has the second policybased routing, and second policybased routing is used to indicate to reach the message
The next-hop of destination address is the first network equipment.Established between 4th network equipment and the first network equipment
There are the 3rd L3VPN tunnels, the 3rd L3VPN tunnels are used for the 4th network equipment and send institute to the first network equipment
State message.With reference to Fig. 1, the 4th network equipment can be specifically PE1, and the first network equipment can be specifically PE4.
S302, the first network equipment are looked into according to the incoming interface for receiving the message and the destination address of the message
Look for and matched first policybased routing of the message.
Specifically, the first network equipment receives the incoming interface of the message, such as interface 1, and the first VPN of binding is real
Example, abbreviation VRF1, is configured with first policybased routing in VRF1.First policybased routing for example can be:For purpose
Address is the message of 1.1.1.2, from second interface, such as interface 2, is sent to second network equipment.The first network equipment
Receive after stating message, according to the destination address of the message, searched and the message matched first in the VRF1
Policybased routing.
S303, the first network equipment forward the message to second network equipment.
Specifically, which determines to send the outgoing interface of the message according to first policybased routing, and
It is second network equipment to determine next-hop device.The first network equipment is by the first L3VPN tunnels by described in
Message is sent to second network equipment.For example, when transmitting the message using MPLS network, which is
The message encapsulation outer layer MPLS label and internal layer VPN label, MPLS network utilize the outer layer label of message, pass through described first
L3VPN tunnels, the message is sent to second network equipment.When second network equipment receives the first network equipment hair
During the message sent, forwarding-table item is searched according to the purpose IP address of message, the message is forwarded to the 3rd network equipment.
The message is sent to the 3rd network equipment by second network equipment by the 2nd L3VPN tunnels.When described
After 3rd network equipment receives the message that second network equipment is sent, send the messages to direct-connected with it
2nd CE equipment.After the 2nd CE equipment receives the message, message is sent out according to the forwarding process of normal IP packet
It is sent to destination.With reference to Fig. 1, second network equipment can be specifically the PE2 shown in Fig. 1, the 3rd network equipment tool
Body can be the PE3 shown in Fig. 1, and the 2nd CE equipment can be specifically the CE3 shown in Fig. 1.
According to the above method provided by the embodiments of the present application, described in being configured in the VRF of the first network equipment
First policybased routing, the first L3VPN tunnel and twoth L3VPN tunnel communication of the guiding message by splicing, realizes rent
Access control of the family to network.Tenant can realize between each website in VPN and communicate.Business networking in VPN can
Topology is carried out according to the demand of user, without being confined to traditional the whole network point full mesh or wheel hub-spoke hub-
Spoke networkings, therefore, networking mode is more flexible.
Fig. 4 is for the schematic diagram of the control management equipment to E-Packet in L3VPN according to one embodiment of the application.
The L3VPN includes first network equipment, second network equipment and the 3rd network equipment, the first network equipment and described second
The first L3VPN tunnels are established between the network equipment, the 2nd L3VPN is established between second network equipment and the 3rd network equipment
Tunnel.The equipment can be used for performing the method 200 shown in Fig. 2.As shown in figure 4, the equipment includes:Processing module 401 and hair
Send module 402.
The processing module 401, for generate first configuration message, it is described first configuration message be used for first net
First policybased routing is configured in the VPN instance of the first interface binding of network equipment, which arrives for instruction
Next-hop up to the destination address of the message is second network equipment.
The sending module 402, for sending the first configuration message to the first network equipment.
The first L3VPN tunnels are used for the first network equipment and send the message to second network equipment,
Second network equipment is stored with the forwarding-table item for the destination address for reaching the message, and the forwarding-table item is used to indicate institute
State second network equipment and forward the message to the 3rd network equipment, the 2nd L3VPN tunnels are used for second net
Network equipment sends the message to the 3rd network equipment.
According to above-mentioned control management equipment provided by the embodiments of the present application, by the VRF of the first network equipment
First policybased routing is configured, guides the first L3VPN tunnel and twoth L3VPN tunnel communication of the message by splicing,
Realize access control of the tenant to network.Tenant can realize between each website in VPN and communicate.Business in VPN
Networking can carry out topology according to the demand of user, without being confined to traditional full mesh or hub-spoke networkings,
Therefore, networking mode is more flexible.
In the embodiment of the present application, the first L3VPN tunnels are passed through between the first network equipment and second network equipment
Road communicates, and by the 2nd L3VPN tunnel communications between second network equipment and the 3rd network equipment, and the first network is set
It is standby there is no direct-connected L3VPN tunnels between the 3rd network equipment in the case of.By controlling management equipment in first network
Configuration strategy is route in the VPN instance of equipment, the first L3VPN tunnel and twoth L3VPN tunnel of the guiding message by splicing
Road communicates, and realizes access control of the tenant to network.Tenant can also optimize network bandwidth according to demand, set personalized industry
Business chain etc., tenant can realize between each website in VPN and communicate, and the business networking in VPN can be according to the need of user
Seek progress topology so that networking is more flexible.
Optionally, the L3VPN further includes the 4th network equipment, the 4th network equipment and the first network equipment
Between establish the 3rd L3VPN tunnels.The processing module 401, is additionally operable to the configuration message of generation second, and the second configuration message is used
The second policybased routing is configured in second VPN instance of the second interface binding of the 4th network equipment described in Yu Yu.Described second
The next-hop that policybased routing is used to indicate to reach the destination address of the message is the first network equipment.4th network
Equipment receives the message by the second interface, according to the destination address of the message, is looked into second VPN instance
Look for and matched second policybased routing of the message.According to the instruction of second policybased routing, the 4th network is set
It is standby that the message is sent to by the first network equipment by the 3rd L3VPN tunnels.
Fig. 5 is for the schematic diagram of the device 500 to E-Packet according to another embodiment offer of the application.The device
500 are applied in L3VPN, and the L3VPN includes first network equipment, second network equipment and the 3rd network equipment.Described
The first L3VPN tunnels, second network equipment and the described 3rd are established between one network equipment and second network equipment
The 2nd L3VPN tunnels are established between the network equipment.Described device 500 is located in the first network equipment.The first network is set
Standby for example can be the equipment PE1 or PE4 shown in Fig. 1, which can be used for performing the method 300 shown in Fig. 3.The dress
Putting 500 includes:Receiving module 501, processing module 502 and sending module 503.
The receiving module 501 is used to receive message.The processing module 502, for entering according to the reception message
The destination address of interface and the message, is searched matched with the message in the VPN instance bound with the incoming interface
First policybased routing.The next-hop that first policybased routing is used to indicate to reach the destination address of the message is described second
The network equipment.The sending module 503, for by the first L3VPN tunnels, the message to be sent to second net
Network equipment.In a specific embodiment, the receiving module 501, the institute sent specifically for receiving the first CE equipment
State message.I.e. described first network equipment is the first PE equipment direct-connected with the CE equipment.In another specific embodiment party
In formula, the L3VPN further includes the 4th network equipment, and the receiving module is used to receive what the 4th network equipment was sent
The message, wherein, the 4th network equipments configuration has the second policybased routing, and second policybased routing is used to indicate to reach
The next-hop of the destination address of the message is the first network equipment, and the 4th network equipment and the first network are set
Being established between standby has the 3rd L3VPN tunnels, and the 3rd L3VPN tunnels are used for the 4th network equipment to the first network
Equipment sends the message.Specifically, in the embodiment of the present application, the first network equipment can be to be set with the first CE
Standby the first direct-connected PE equipment, second network equipment can be the twoth PE equipment direct-connected with the 2nd CE equipment, and the 3rd network is set
Standby can be the threeth PE equipment direct-connected with the 3rd CE equipment, and the 4th network equipment can be four direct-connected with the 4th CE equipment
PE equipment.The first to fourth CE equipment is respectively in 4 different VPN sites, but belong to same VPN.
Fig. 6 is according to a kind of schematic diagram of the device 600 to E-Packet provided by the embodiments of the present application.The device 600 should
For in L3VPN.The device 600 can be used for performing the method 200 shown in Fig. 2.As shown in fig. 6, the device 600 includes:It is defeated
Incoming interface 601, output interface 602, processor 603 and memory 604.The input interface 601,602 processor 603 of output interface
It can be connected with memory 604 by bus system 605.
The memory 604, which is used to store, includes program, instruction or code.The processor 603, for performing described deposit
Program, instruction or code in reservoir 604, receive signal, control output interface 602 sends signal with control input interface 601
With the relevant operation in Method Of Accomplishment 200.
Fig. 7 is according to a kind of schematic diagram of the device 700 to E-Packet provided by the embodiments of the present application.The device 700 should
For in L3VPN.The L3VPN includes first network equipment, second network equipment and the 3rd network equipment.The first network
The first L3VPN tunnels are established between equipment and second network equipment, second network equipment and the 3rd network are set
The 2nd L3VPN tunnels are established between standby.Described device 700 is located in the first network equipment.The first network equipment is for example
Can be the PE1 or PE4 shown in Fig. 1, which can be used for performing the method 200 shown in Fig. 2 and the side shown in Fig. 3
Method 300.The device 700 includes:Input interface 701, output interface 702, processor 703 and memory 704.The input interface
701st, 702 processor 703 of output interface can be connected with memory 704 by bus system 705.
The memory 704, which is used to store, includes program, instruction or code.The processor 703, for performing described deposit
Program, instruction or code in reservoir 704, receive signal, control output interface 702 sends signal with control input interface 701
And the relevant operation in Method Of Accomplishment 200 and method 300.
It is to be understood that in the embodiment of the present application, above-mentioned processor 603 and processor 703 can be central processing unit
(Central Processing Unit, referred to as " CPU "), can also be other general processors, digital signal processor
(DSP), application-specific integrated circuit (ASIC), ready-made programmable gate array (FPGA) or other programmable logic device, discrete gate
Or transistor logic, discrete hardware components etc..General processor can be that microprocessor or the processor can also
It is any conventional processor etc..
Memory 604 and memory 704 can include read-only storage and random access memory, and respectively to each right
The processor answered provides instruction and data.A memory part can also include nonvolatile RAM.For example, deposit
Reservoir can be with the information of storage device type.
Bus system 605 and bus system 705 can also include power bus, control always in addition to including data/address bus
Line and status signal bus in addition etc..But for the sake of clear explanation, various buses are all designated as bus system in figure.
During realization, each step of method 200 and 300 can be by hard in processor 603 and processor 703
The integrated logic circuit of part or the instruction of software form are completed.The step of localization method with reference to disclosed in the embodiment of the present application
Hardware processor can be embodied directly in and perform completion, or completion is performed with the hardware in processor and software module combination.
Software module can be located at random access memory, flash memory, read-only storage, programmable read only memory or electrically erasable programmable
In the storage medium of this areas such as memory, register maturation.The storage medium is located in above-mentioned each memory respectively, above-mentioned each
Processor reads the information in corresponding memory, with reference to the step of its hardware completion above method 200 and 300.To avoid
Repeat, be not detailed herein.
It should be noted that the device that Fig. 4-7 is provided, applied in the network 100 shown in Fig. 1, realizes what is E-Packeted
Method.In one concrete implementation mode, the processing module 401 in Fig. 4 can be realized with the processor 603 in Fig. 6, send mould
Block 402 can be realized by the output interface 602 in Fig. 6.Processing module 502 in Fig. 5 can use the processor 703 in Fig. 7 real
Existing, sending module 503 can be realized that receiving module 501 can be by the input interface in Fig. 7 by the output interface 702 in Fig. 7
701 realize.
Present invention also provides a kind of communication system, including for the control management equipment of PE device configuration policybased routings
And PE equipment.The control management equipment can be the equipment that the corresponding embodiment of Fig. 4, Fig. 6 is provided.The PE equipment can
To be device that the corresponding embodiment of Fig. 5, Fig. 7 is provided.The communication system is used to perform the corresponding embodiments of Fig. 2-Fig. 3
Method 200 and method 300.
It is to be understood that in the various embodiments of the application, the size of the sequence number of each process is not meant to execution sequence
Successively, the execution sequence of each process should be determined with its function and internal logic, the implementation process without tackling the embodiment of the present application
Form any restriction.
Those of ordinary skill in the art may realize that each exemplary mould described with reference to the embodiments described herein
Block and method and step, can be realized with the combination of electronic hardware or computer software and electronic hardware.These functions are actually
Performed with hardware or software mode, application-specific and design constraint depending on technical solution.Professional technician
Described function can be realized using distinct methods to each specific application, but this realization is it is not considered that exceed
Scope of the present application.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description,
The specific work process of device and module, may be referred to the corresponding process in preceding method embodiment, details are not described herein.
Those skilled in the art are it will be appreciated that in said one or multiple examples, work(described herein
It is able to can be realized with hardware, software or their any combination.If the function is realized in the form of software function module
And as independent production marketing or in use, it can be stored in a computer read/write memory medium.Based on such
Understand, the part or the part of the technical solution that the technical solution of the application substantially in other words contributes the prior art
It can be embodied in the form of software product, which is stored in a storage medium, including some fingers
Order is used so that computer equipment (can be personal computer, server, or network equipment an etc.) execution the application is each
The all or part of step of a embodiment the method.And foregoing storage medium includes:USB flash disk, mobile hard disk, read-only storage
(ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disc or CD
Etc. it is various can be with the medium of store program codes.
The various pieces of this specification are described by the way of progressive, identical similar portion between each embodiment
Divide mutually referring to what each embodiment introduced is and other embodiment difference.Especially for device and it is
For embodiment of uniting, since it is substantially similar to embodiment of the method, so description is fairly simple, related part is real referring to method
Apply the explanation of example part.
Finally, it is necessary to which explanation is:The foregoing is merely the preferred embodiment of technical scheme, it is not intended to
Limit the protection domain of the application.Obviously, those skilled in the art can carry out the application various modification and variations without de-
From scope of the present application.If these modifications and variations of the application belong to the scope of the application claim and its equivalent technologies
Within, then any modification, equivalent replacement, improvement and so on, should be included within the protection domain of the application.
Claims (10)
1. a kind of method to E-Packet in Layer3 Virtual Private Network L3VPN, it is characterised in that the L3VPN includes the first net
Network equipment, second network equipment and the 3rd network equipment, are established between the first network equipment and second network equipment
First L3VPN tunnels, establish the 2nd L3VPN tunnels, the side between second network equipment and the 3rd network equipment
Method includes::
The first network equipment receives message, and according to the incoming interface and the destination address of the message for receiving the message
Searched in the VPN instance bound with the incoming interface and matched first policybased routing of the message, the described first tactful road
Next-hop by the destination address for indicating to reach the message is second network equipment;
The message is sent to second network equipment by the first network equipment by the first L3VPN tunnels;Its
In,
Second network equipment is stored with the forwarding-table item for the destination address for reaching the message, and the forwarding-table item is used to refer to
Show that second network equipment forwards the message to the 3rd network equipment, the 2nd L3VPN tunnels are used for described the
Two network equipments send the message to the 3rd network equipment.
2. according to the method described in claim 1, it is characterized in that, the first network equipment is Provider Edge PE equipment,
The first network equipment receives message, specifically includes:
The PE equipment receives the message that customer edge CE equipment is sent.
3. according to the method described in claim 1, it is characterized in that, first network equipment reception message, specifically includes:
The first network equipment receives the message that the 4th network equipment is sent, and the 4th network equipments configuration has second
Policybased routing, the next-hop that second policybased routing is used to indicate to reach the destination address of the message is the first network
Equipment, being established between the 4th network equipment and the first network equipment has the 3rd L3VPN tunnels, the 3rd L3VPN
Tunnel is used for the 4th network equipment and sends the message to the first network equipment.
4. according to claim 1-3 any one of them methods, it is characterised in that receive the report in the first network equipment
Before text, the method further includes:
The first network equipment receives the configuration message that control management equipment is sent, and the configuration message carries first plan
Slightly it route;
The first network equipment, first policybased routing is obtained according to the configuration message.
5. a kind of device to E-Packet, it is characterised in that described device is applied in Layer3 Virtual Private Network L3VPN, described
L3VPN includes first network equipment, second network equipment and the 3rd network equipment, the first network equipment and second net
The first L3VPN tunnels are established between network equipment, second is established between second network equipment and the 3rd network equipment
L3VPN tunnels, described device are located in the first network equipment, which includes receiving module, processing module and transmission mould
Block, wherein,
The receiving module, for receiving message;
The processing module, for according to the incoming interface and the destination address of the message for receiving the message, with it is described
Searched in the VPN instance of incoming interface binding and be used to refer to matched first policybased routing of the message, first policybased routing
The next-hop for showing the destination address for reaching the message is second network equipment;
The sending module, for by the first L3VPN tunnels, the message to be sent to second network equipment;
Wherein,
Second network equipment is stored with the forwarding-table item for the destination address for reaching the message, and the forwarding-table item is used to refer to
Show that second network equipment forwards the message to the 3rd network equipment, the 2nd L3VPN tunnels are used for described the
Two network equipments send the message to the 3rd network equipment.
6. device according to claim 5, it is characterised in that:The first network equipment is Provider Edge PE equipment,
The receiving module is specifically used for receiving the message that customer edge CE equipment is sent.
7. device according to claim 5, it is characterised in that the L3VPN further includes the 4th network equipment, the reception
Module is used to receive the message that the 4th network equipment is sent, wherein, the 4th network equipments configuration has the second plan
Slightly it route, the next-hop that second policybased routing is used to indicate to reach the destination address of the message sets for the first network
Standby, being established between the 4th network equipment and the first network equipment has the 3rd L3VPN tunnels, the 3rd L3VPN tunnels
Road is used for the 4th network equipment and sends the message to the first network equipment.
8. a kind of communication system to E-Packet, the communication system applications are in Layer3 Virtual Private Network L3VPN, the communication system
System includes controlling management equipment, first network equipment, second network equipment and the 3rd network equipment, the first network equipment and
The first L3VPN tunnels are established between second network equipment, between second network equipment and the 3rd network equipment
The 2nd L3VPN tunnels are established, wherein,
The control management equipment, for sending the first configuration message, the first configuration message to the first network equipment
The first policybased routing is carried, the first configuration message is used in first with the binding of the first interface of the first network equipment
First policybased routing is configured in VPN instance;
The first network equipment, for receiving message from the first interface, and according to the destination address of the message, in institute
State to search in the first VPN instance and be used to indicate with matched first policybased routing of the message, first policybased routing
The next-hop for reaching the destination address of the message is second network equipment;
The first network equipment, is additionally operable to the instruction according to first policybased routing, by the first L3VPN tunnels to
Second network equipment sends the message;Wherein,
Second network equipment is stored with the forwarding-table item for the destination address for reaching the message, and the forwarding-table item is used to refer to
Show that second network equipment forwards the message to the 3rd network equipment, the 2nd L3VPN tunnels are used for described the
Two network equipments send the message to the 3rd network equipment.
9. communication system according to claim 8, it is characterised in that the first network equipment sets for Provider Edge PE
Standby, the first network equipment is specifically used for receiving the message that customer edge CE equipment is sent.
10. the communication system according to right wants 8, it is characterised in that the communication system further includes the 4th network equipment, institute
State and establish the 3rd L3VPN tunnels between the 4th network equipment and the first network equipment, wherein,
The control management equipment, is additionally operable to send the second configuration message to the 4th network equipment, second configuration disappears
Breath carries the second policybased routing, and the second configuration message is used in the with the binding of the second interface of the 4th network equipment
Second policybased routing is bound in two VPN instance;
4th network equipment, for receiving the message from the second interface, and according to the destination address of the message,
Search in second VPN instance and be used for matched second policybased routing of the message, second policybased routing
The next-hop for indicating to reach the destination address of the message is the first network equipment;
4th network equipment, is additionally operable to the instruction according to second policybased routing, by the 3rd L3VPN tunnels to
Message described in the first network device forwards;
The first network equipment, the message specifically for receiving the 4th network equipment forwarding.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610902960.6A CN107959611B (en) | 2016-10-17 | 2016-10-17 | Method, device and system for forwarding message |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610902960.6A CN107959611B (en) | 2016-10-17 | 2016-10-17 | Method, device and system for forwarding message |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107959611A true CN107959611A (en) | 2018-04-24 |
| CN107959611B CN107959611B (en) | 2021-03-23 |
Family
ID=61953830
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610902960.6A Active CN107959611B (en) | 2016-10-17 | 2016-10-17 | Method, device and system for forwarding message |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107959611B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108768861A (en) * | 2018-06-29 | 2018-11-06 | 新华三信息安全技术有限公司 | A kind of method and device sending service message |
| CN109617814A (en) * | 2019-01-11 | 2019-04-12 | 安徽皖兴通信息技术有限公司 | A kind of method of packet access network strategy forwarding |
| WO2020083016A1 (en) * | 2018-10-23 | 2020-04-30 | 华为技术有限公司 | Data transmission method and device |
| WO2022042547A1 (en) * | 2020-08-28 | 2022-03-03 | 华为技术有限公司 | Traffic forwarding processing method, and device |
| CN115118655A (en) * | 2022-06-21 | 2022-09-27 | 阿里巴巴(中国)有限公司 | Cross-network message forwarding method and device, electronic equipment and readable storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100284305A1 (en) * | 2008-01-09 | 2010-11-11 | Oktavian Papp | Setting up a virtual private network |
| CN102394804A (en) * | 2011-11-02 | 2012-03-28 | 中兴通讯股份有限公司 | VPN system building method and VPN system |
| CN102449964A (en) * | 2011-07-22 | 2012-05-09 | 华为技术有限公司 | Three-layer virtual exclusive network routing control method, apparatus and system |
| WO2013154813A1 (en) * | 2012-04-13 | 2013-10-17 | Nicira, Inc. | Extension of logical networks across layer 3 virtual private networks |
| CN104980347A (en) * | 2014-04-04 | 2015-10-14 | 华为技术有限公司 | Tunnel establishing method and tunnel establishing device |
-
2016
- 2016-10-17 CN CN201610902960.6A patent/CN107959611B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100284305A1 (en) * | 2008-01-09 | 2010-11-11 | Oktavian Papp | Setting up a virtual private network |
| CN102449964A (en) * | 2011-07-22 | 2012-05-09 | 华为技术有限公司 | Three-layer virtual exclusive network routing control method, apparatus and system |
| CN102394804A (en) * | 2011-11-02 | 2012-03-28 | 中兴通讯股份有限公司 | VPN system building method and VPN system |
| WO2013154813A1 (en) * | 2012-04-13 | 2013-10-17 | Nicira, Inc. | Extension of logical networks across layer 3 virtual private networks |
| CN104980347A (en) * | 2014-04-04 | 2015-10-14 | 华为技术有限公司 | Tunnel establishing method and tunnel establishing device |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108768861A (en) * | 2018-06-29 | 2018-11-06 | 新华三信息安全技术有限公司 | A kind of method and device sending service message |
| CN108768861B (en) * | 2018-06-29 | 2021-01-08 | 新华三信息安全技术有限公司 | Method and device for sending service message |
| WO2020083016A1 (en) * | 2018-10-23 | 2020-04-30 | 华为技术有限公司 | Data transmission method and device |
| CN113411243A (en) * | 2018-10-23 | 2021-09-17 | 华为技术有限公司 | Data transmission method and device |
| US11750515B2 (en) | 2018-10-23 | 2023-09-05 | Huawei Technologies Co., Ltd. | Data transmission method and apparatus |
| CN113411243B (en) * | 2018-10-23 | 2024-03-19 | 华为技术有限公司 | Data transmission method and device |
| CN109617814A (en) * | 2019-01-11 | 2019-04-12 | 安徽皖兴通信息技术有限公司 | A kind of method of packet access network strategy forwarding |
| WO2022042547A1 (en) * | 2020-08-28 | 2022-03-03 | 华为技术有限公司 | Traffic forwarding processing method, and device |
| CN115118655A (en) * | 2022-06-21 | 2022-09-27 | 阿里巴巴(中国)有限公司 | Cross-network message forwarding method and device, electronic equipment and readable storage medium |
| CN115118655B (en) * | 2022-06-21 | 2023-12-12 | 阿里巴巴(中国)有限公司 | Cross-network message forwarding method and device, electronic equipment and readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107959611B (en) | 2021-03-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3300317B1 (en) | Method, device and system for realizing service link | |
| CN103607349B (en) | Method for determining route in virtual network and provider edge equipment | |
| CN107306222B (en) | Method and equipment for establishing traffic engineering tunnel on label switching path | |
| CN107959611A (en) | A kind of method to E-Packet, apparatus and system | |
| CN106982157B (en) | Traffic engineering tunnel establishment method and device | |
| CN102291307B (en) | An inter-VPN multicast implementation method, apparatus and network device | |
| CN107026796B (en) | VPN route notification method, data flow forwarding method and related equipment | |
| CN108702328A (en) | The IS-IS extensions of the splicing of flexible path and the selection of business for passing through Segment routing and MPLS network | |
| CN103621022B (en) | For Virtual Private LAN Service to use influenza to know the system and method for pseudo-wire | |
| US20100329252A1 (en) | Method and Apparatus for Enabling Multicast Route Leaking Between VRFs in Different VPNs | |
| CN102724117A (en) | Multi-protocol label switching (MPLS) traffic engineering (TE) tunnel building method and device | |
| CN102739501B (en) | Message forwarding method and system in two three layer virtual private networks | |
| CN107547333B (en) | Method and apparatus for implementing a combined virtual private network VPN | |
| CN103326940A (en) | Method for forwarding message in network and edge device of operator | |
| CN106936713A (en) | A kind of label management method, data flow processing method and equipment | |
| EP3863233A1 (en) | Method and device used for ethernet virtual private network | |
| CN102571375B (en) | Multicast forwarding method and device as well as network device | |
| CN103326944B (en) | A kind of multicast transmission method, device and network system | |
| CN107483338A (en) | A kind of method, apparatus and system for determining cross-domain label switched path tunnel | |
| CN106936714A (en) | The processing method and PE equipment and system of a kind of VPN | |
| CN114465920A (en) | Method, device and system for determining corresponding relation | |
| CN103795630B (en) | The message transmitting method and device of a kind of label exchange network | |
| CN104092554A (en) | Multicast distribution tree establishment method and device | |
| CN103634210B (en) | Find the method and apparatus of the opposite end PE equipment of VPLS example | |
| CN102487351A (en) | Establishment method of end-to-end multicast label switched path, apparatus thereof and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |