CN109167716B - Two-layer virtual private network system based on BGP and use method - Google Patents
Two-layer virtual private network system based on BGP and use method Download PDFInfo
- Publication number
- CN109167716B CN109167716B CN201811231006.4A CN201811231006A CN109167716B CN 109167716 B CN109167716 B CN 109167716B CN 201811231006 A CN201811231006 A CN 201811231006A CN 109167716 B CN109167716 B CN 109167716B
- Authority
- CN
- China
- Prior art keywords
- protocol
- bgp
- layer
- vpn
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/50—Routing or path finding of packets in data switching networks using label swapping, e.g. multi-protocol label switch [MPLS]
Abstract
The invention relates to a two-layer virtual private network system based on BGP and a using method thereof, which solves the technical problem of incompatibility with TCP/IP standard, and better solves the problem by adopting the technical scheme that the two-layer virtual private network system comprises a network switching device at a transmitting end, a network switching device at a receiving end and an L2-BGP VPN two-layer tunnel connected between the network switching device at the transmitting end and the network switching device at the receiving end, and can be used in a virtual private network.
Description
Technical Field
The invention relates to the technical field of networks, in particular to a two-layer virtual private network system based on BGP and a using method thereof.
Background
MP-BGP VPN is an IP-VPN based on MPLS technology, also called BGP-mode MPLS VPN (virtual private network), which applies MPLS technology to network routing and switching devices, simplifies the routing mode of core routers, and utilizes label switching with traditional routing technology to implement IP virtual private network (IP VPN), thereby providing a dynamically established tunneling technique and solving the problem that different VPNs share the same address space.
Although the existing MP-BGP VPN solves the above two functions that other VPNs cannot solve, the problems of difficult deployment, high cost, and the like are brought because MPLS does not belong to the standard TCP/IP protocol, and the MPLS protocol is complex and requires hardware support.
Therefore, it is necessary to provide a BGP-based two-layer virtual private network system and a method of use that simultaneously provide a dynamically established tunneling technique and solve the problem of different VPNs sharing the same address space, and that are implemented on the TCP/IP standard without modifying the packet to a non-TCP/IP packet.
Disclosure of Invention
The technical problem to be solved by the invention is that the incompatible TCP/IP standard in the prior art needs to modify the TCP/IP standard message into MPLS message transmission, and the equipment hardware must support the MPLS function. The new BGP-based two-layer virtual private network system has the characteristics of direct compatibility with TCP/IP standards, no need of special hardware support, simple and convenient deployment and low cost.
In order to solve the technical problems, the technical scheme is as follows:
a two-layer virtual private network system based on BGP comprises a network exchange device at the transmitting end, a network exchange device at the receiving end and an L2-BGP VPN two-layer tunnel connected between the network exchange devices at the transmitting end and the receiving end.
The working principle of the invention is as follows: the invention forms a real two-layer tunnel by using L2-BGP VPN, so that the message is also a standard TCP/IP message, and can be deployed on any Ethernet supporting equipment. The deployment cost is reduced.
In the foregoing solution, for optimization, the L2-BGP VPN two-layer tunnel includes a network switching device PE, a network switching device P, and a network switching device PE that are connected in sequence;
the L2-BGP VPN two-layer tunnel further comprises an L2-BGP VPN protocol, and the L2-BGP VPN protocol comprises a Master protocol of the L2-BGP VPN and a Slaver protocol of the L2-BGP VPN;
the network switching equipment PE operates a Master protocol of L2-BGP VPN, the network switching equipment P operates, and a slave protocol of L2-BGP VPN;
the network switching equipment PE and the internal gateway protocol on the network switching equipment P send the carried MAC information to calculate a two-layer path through a formed path and a Master protocol, and issue a two-layer table item to form the L2-BGP VPN two-layer tunnel.
The L2-BGP VPN is implemented as a modification over an existing MP-BGP VPN. The MP-BGP VPN firstly runs an IGP (interior Gateway protocols) interior Gateway protocol between the PE and the P equipment, taking OSPF as an example, after OSPF convergence routing is opened, the MP-BGP VPN needs to open an MPLS protocol on each OSPF equipment node, and the MPLS calculates a 2.5-layer tunnel based on label switching on the basis of the OSPF. The L2-BGP VPN formed two-layer tunnel of the invention opens L2-BGP VPN protocol on each OSPF equipment node, L2-BGP VPN protocol forms true two-layer tunnel according to configured node information and two-layer exchange information generated by OSPF, and issues two-layer table. The rest parts still use the VRF function of BGP to realize the distribution of different VPNs like the existing MP-BGP VPN technology, and finally form a VPN path completely.
Further, the MAC information is MAC information of a plurality of interfaces on the network switching device PE, and the MAC information BGP of each interface is used to perform corresponding VPN distribution by a VRF method.
Further, the network switching device comprises a router or an ethernet switch.
The invention also provides a use method of the two-layer virtual private network system based on the BGP, which is based on the two-layer virtual private network system based on the BGP and comprises the following steps:
and 2, performing two-layer exchange of tunnel data on the L2-BGP VPN two-layer tunnel established in the step 1 by the network exchange equipment at the transmitting end and the network exchange equipment at the receiving end.
Further, step 1 comprises:
step S101: the Master protocol collects BGP information, and collects VPN information of VRF formed on PE equipment according to the BGP protocol;
step S102: the Master protocol sends protocol information, and sends protocol messages on the external IGP and bound interfaces of the formed access according to the collected VPN information;
step S103: the slave protocol receives the protocol message sent in step S101, and after receiving the protocol message, the slave protocol determines PE information and IP information corresponding to the Master protocol, and determines an MAC address range bound by the IP;
step S104: the slave protocol forwards the protocol message, and after receiving the protocol message, the slave protocol sends the protocol message to other interfaces according to the interface bound on the external IGP;
step S105: the Master protocol and the slave protocol issue a two-layer table, and the Master protocol and the slave protocol generate exchange information according to the received protocol message and IGP information and issue the exchange information to the two-layer table;
step S106: and forming the L2-BGP VPN two-layer tunnel.
The invention has the beneficial effects that: the invention does not need special hardware support, and the technology does not need MPLS hardware support like MP-BGP VPN to realize rapid forwarding. But may be deployed on standard ethernet devices. The invention can be compatible with standard Ethernet data packets, and the technology does not need to be modified into special messages of MPLS like MP-BGP VPN. But according to the standard ethernet protocol, it can realize the tunnel technology of dynamic establishment and solve the problem that different VPNs share the same address space.
Drawings
The invention is further illustrated with reference to the following figures and examples.
Fig. 1 is a schematic diagram of a BGP-based two-layer virtual private network system according to embodiment 1.
Fig. 2 is a schematic diagram of a L2-BGP VPN two-layer tunnel formation process in embodiment 1.
FIG. 3 is a schematic diagram of a conventional MP-BGP VPN structure.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Example 1
Fig. 3 is a schematic diagram of a conventional MP-BGP VPN architecture.
The present embodiment provides a BGP-based two-layer virtual private network system, which includes, as shown in fig. 1, an originating network switching device, a terminating network switching device, and an L2-BGP VPN two-layer tunnel connected between the originating network switching device and the terminating network switching device.
Specifically, the L2-BGP VPN two-layer tunnel includes a network switching device PE, a network switching device P, and a network switching device PE that are connected in sequence; the L2-BGP VPN two-layer tunnel further comprises an L2-BGP VPN protocol, and the L2-BGP VPN protocol comprises a Master protocol of the L2-BGP VPN and a Slaver protocol of the L2-BGP VPN; the network switching equipment PE operates a Master protocol of L2-BGP VPN, the network switching equipment P operates, and a slave protocol of L2-BGP VPN; the network switching equipment PE and the internal gateway protocol on the network switching equipment P send the carried MAC information to calculate a two-layer path through a formed path and a Master protocol, and issue a two-layer table item to form the L2-BGP VPN two-layer tunnel.
In the embodiment, the L2-BGP VPN is realized by modifying the existing MP-BGP VPN. The MP-BGP VPN first runs an interior gateway protocol between the PE and the P device, which takes OSPF as an example in this embodiment.
After the OSPF convergent route is opened, the MP-BGP VPN needs to open MPLS protocol on each OSPF device node, and the MPLS calculates 2.5 layer tunnel based on label switching based on OSPF. The L2-BGP VPN formed two-layer speed adjustment starts the L2-BGP VPN protocol on each OSPF equipment node, the L2-BGP VPN protocol forms a true two-layer tunnel according to the configured node information and the two-layer exchange information generated by OSPF, and issues a two-layer table. The rest parts still use the VRF function of BGP to realize the distribution of different VPNs like the existing MP-BGP VPN technology, and finally form a VPN path completely.
The MAC information is MAC information of a plurality of interfaces on the network switching equipment PE, and corresponding VPN distribution is carried out by utilizing the MAC information BGP of each interface through a VRF method.
In particular, the network switching device comprises a router or an ethernet switch.
The present embodiment further provides a use method of a BGP-based two-layer virtual private network system, where the use method is based on the BGP-based two-layer virtual private network system, and the use method includes:
and 2, performing two-layer exchange of tunnel data on the L2-BGP VPN two-layer tunnel established in the step 1 by the network exchange equipment at the transmitting end and the network exchange equipment at the receiving end.
As shown in fig. 2, the L2-BGP VPN two-layer tunnel forming process includes:
step S101: the Master protocol collects BGP information, and collects VPN information of VRF formed on PE equipment according to the BGP protocol;
step S102: the Master protocol sends protocol information, and sends protocol messages on the external IGP and bound interfaces of the formed access according to the collected VPN information;
step S103: the slave protocol receives the protocol message sent in step S101, and after receiving the protocol message, the slave protocol determines PE information and IP information corresponding to the Master protocol, and determines an MAC address range bound by the IP;
step S104: the slave protocol forwards the protocol message, and after receiving the protocol message, the slave protocol sends the protocol message to other interfaces according to the interface bound on the external IGP;
step S105: the Master protocol and the slave protocol issue a two-layer table, and the Master protocol and the slave protocol generate exchange information according to the received protocol message and IGP information and issue the exchange information to the two-layer table;
step S106: and forming the L2-BGP VPN two-layer tunnel.
Although the illustrative embodiments of the present invention have been described above to enable those skilled in the art to understand the present invention, the present invention is not limited to the scope of the embodiments, and various modifications can be made to the present invention by those skilled in the art within the spirit and scope of the present invention as defined and defined by the appended claims.
Claims (5)
1. A BGP-based two-layer virtual private network system, comprising: the two-layer virtual private network system comprises a transmitting end network exchange device, a receiving end network exchange device and an L2-BGP VPN two-layer tunnel connected between the transmitting end network exchange device and the receiving end network exchange device, wherein the L2-BGP VPN two-layer tunnel uses a standard TCP/IP message;
the L2-BGP VPN two-layer tunnel comprises a network switching device PE, a network switching device P and a network switching device PE which are connected in sequence;
the L2-BGP VPN two-layer tunnel further comprises an L2-BGP VPN protocol, and the L2-BGP VPN protocol comprises a Master protocol of the L2-BGP VPN and a Slaver protocol of the L2-BGP VPN;
the network switching equipment PE runs a Master protocol of L2-BGP VPN, and the network switching equipment P runs a slave protocol of L2-BGP VPN;
the network switching equipment PE and the internal gateway protocol on the network switching equipment P send the carried MAC information to calculate a two-layer path through a path formed by the internal gateway protocol and a Master protocol, and issue a two-layer table item to form the L2-BGP VPN two-layer tunnel;
the L2-BGP VPN protocol is started on each OSPF equipment node, and the L2-BGP VPN protocol sends a two-layer table to form a real two-layer tunnel according to the configured node information and the two-layer exchange information generated by OSPF.
2. The BGP-based two-layer virtual private network system according to claim 1, wherein: the MAC information is MAC information of a plurality of interfaces on the network switching equipment PE, and corresponding VPN distribution is carried out by utilizing the MAC information BGP of each interface through a VRF method.
3. The BGP-based two-layer virtual private network system according to claim 1, wherein: the network switching device comprises a router or an Ethernet switch.
4. A use method of a two-layer virtual private network system based on BGP is characterized in that: the using method is based on the BGP-based two-layer virtual private network system of any of claims 1-3, and the using method comprises the following steps:
step 1, establishing an L2-BGP VPN two-layer tunnel on a network switching device, wherein the L2-BGP VPN two-layer tunnel uses a standard TCP/IP message, and the L2-BGP VPN forms the two-layer tunnel, then starting an L2-BGP VPN protocol on each OSPF device node, and the L2-BGP VPN protocol forms a real two-layer tunnel according to configured node information and two-layer exchange information generated by OSPF and issuing a two-layer table;
and 2, performing two-layer exchange of tunnel data on the L2-BGP VPN two-layer tunnel established in the step 1 by the network exchange equipment at the transmitting end and the network exchange equipment at the receiving end.
5. The use method of a BGP-based two-layer virtual private network system according to claim 4, characterized in that: the step 1 comprises the following steps:
step S101: the Master protocol collects BGP information, and collects VPN information of VRF formed on PE equipment according to the BGP protocol;
step S102: the Master protocol sends protocol information, and sends protocol messages on the external IGP and bound interfaces of the formed access according to the collected VPN information;
step S103: the slave protocol receives the protocol message sent in step S101, and after receiving the protocol message, the slave protocol determines PE information and IP information corresponding to the Master protocol, and determines an MAC address range bound by the IP;
step S104: the slave protocol forwards the protocol message, and after receiving the protocol message, the slave protocol sends the protocol message to other interfaces according to the interface bound on the external IGP;
step S105: the Master protocol and the slave protocol issue a two-layer table, and the Master protocol and the slave protocol generate exchange information according to the received protocol message and IGP information and issue the exchange information to the two-layer table;
step S106: and forming the L2-BGP VPN two-layer tunnel.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811231006.4A CN109167716B (en) | 2018-10-22 | 2018-10-22 | Two-layer virtual private network system based on BGP and use method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811231006.4A CN109167716B (en) | 2018-10-22 | 2018-10-22 | Two-layer virtual private network system based on BGP and use method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109167716A CN109167716A (en) | 2019-01-08 |
CN109167716B true CN109167716B (en) | 2021-02-23 |
Family
ID=64878863
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811231006.4A Active CN109167716B (en) | 2018-10-22 | 2018-10-22 | Two-layer virtual private network system based on BGP and use method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109167716B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111695222B (en) * | 2020-05-25 | 2023-08-04 | 智强通达科技(北京)有限公司 | Finished oil storage optimization method based on cost limitation and auxiliary decision-making system |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1507230A (en) * | 2002-12-10 | 2004-06-23 | ��Ϊ��������˾ | Method of realizing special multiple-protocol label exchanging virtual network |
CN102804693A (en) * | 2009-06-26 | 2012-11-28 | 阿瓦雅公司 | Method and apparatus for implementing L2 VPNs on an ip network |
CN108880970A (en) * | 2017-05-12 | 2018-11-23 | 瞻博网络公司 | The routing signaling and EVPN of port expander restrain |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8024437B2 (en) * | 2003-10-30 | 2011-09-20 | Paul Unbehagen | Autodiscovery for virtual networks |
-
2018
- 2018-10-22 CN CN201811231006.4A patent/CN109167716B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1507230A (en) * | 2002-12-10 | 2004-06-23 | ��Ϊ��������˾ | Method of realizing special multiple-protocol label exchanging virtual network |
CN102804693A (en) * | 2009-06-26 | 2012-11-28 | 阿瓦雅公司 | Method and apparatus for implementing L2 VPNs on an ip network |
CN108880970A (en) * | 2017-05-12 | 2018-11-23 | 瞻博网络公司 | The routing signaling and EVPN of port expander restrain |
Also Published As
Publication number | Publication date |
---|---|
CN109167716A (en) | 2019-01-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11431526B2 (en) | Deterministic forwarding across L2 and L3 networks | |
CN111147383B (en) | Message forwarding method, message sending device and message receiving device | |
CN107637031B (en) | Path computation element central controller for network traffic | |
CN110635935B (en) | Using multiple EVPN routes for respective service interfaces of a user interface | |
US20160134591A1 (en) | VPN Implementation Processing Method and Device for Edge Device | |
CN109995654B (en) | Method and device for transmitting data based on tunnel | |
EP2632088B1 (en) | Method and device for storing and sending mac address entry | |
CN111614541B (en) | Method for adding public cloud network physical host into VPC | |
WO2017114153A1 (en) | Service function chaining (sfc) communication method and device | |
CN101110745A (en) | Method, device and system for engaging second layer network and third layer network | |
WO2015055016A1 (en) | Network element device configuration and management method, device and network element device | |
CN102694738B (en) | Virtual private network (VPN) gateway and method for forwarding messages at VPN gateway | |
CN107018076B (en) | A kind of monitoring messages method and apparatus | |
CN105357099A (en) | Implementation method of VPN (virtual private network) on basis of SDN (software defined network) | |
CN107040441B (en) | Cross-data-center data transmission method, device and system | |
WO2011160517A1 (en) | Tunnel switching method and system for multi-protocol label switching services | |
WO2007062592A1 (en) | A system, a method, and a router device of layer 2 virtual private network for interconnecting point/multi-points and multi-points | |
WO2011147342A1 (en) | Method, equipment and system for exchanging routing information | |
WO2020098611A1 (en) | Method and apparatus for acquiring routing information | |
WO2011054263A1 (en) | Access method and access system for layer 3 virtual private networks(vpn) | |
CN112218315A (en) | End-to-end QoS policy execution and Ethernet data forwarding method of 5G private network | |
WO2013139270A1 (en) | Method, device, and system for implementing layer3 virtual private network | |
CN102571375B (en) | Multicast forwarding method and device as well as network device | |
WO2013139234A1 (en) | Method, device and network system for multicast transmission | |
WO2012149854A1 (en) | Rt-based method, system, and router for establishing lsp |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |