CN109167716B - Two-layer virtual private network system based on BGP and use method - Google Patents

Two-layer virtual private network system based on BGP and use method Download PDF

Info

Publication number
CN109167716B
CN109167716B CN201811231006.4A CN201811231006A CN109167716B CN 109167716 B CN109167716 B CN 109167716B CN 201811231006 A CN201811231006 A CN 201811231006A CN 109167716 B CN109167716 B CN 109167716B
Authority
CN
China
Prior art keywords
protocol
bgp
layer
vpn
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811231006.4A
Other languages
Chinese (zh)
Other versions
CN109167716A (en
Inventor
范维庭
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhiqiang Tongda Technology Beijing Co ltd
Original Assignee
Zhiqiang Tongda Technology Beijing Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhiqiang Tongda Technology Beijing Co ltd filed Critical Zhiqiang Tongda Technology Beijing Co ltd
Priority to CN201811231006.4A priority Critical patent/CN109167716B/en
Publication of CN109167716A publication Critical patent/CN109167716A/en
Application granted granted Critical
Publication of CN109167716B publication Critical patent/CN109167716B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/50Routing or path finding of packets in data switching networks using label swapping, e.g. multi-protocol label switch [MPLS]

Abstract

The invention relates to a two-layer virtual private network system based on BGP and a using method thereof, which solves the technical problem of incompatibility with TCP/IP standard, and better solves the problem by adopting the technical scheme that the two-layer virtual private network system comprises a network switching device at a transmitting end, a network switching device at a receiving end and an L2-BGP VPN two-layer tunnel connected between the network switching device at the transmitting end and the network switching device at the receiving end, and can be used in a virtual private network.

Description

Two-layer virtual private network system based on BGP and use method
Technical Field
The invention relates to the technical field of networks, in particular to a two-layer virtual private network system based on BGP and a using method thereof.
Background
MP-BGP VPN is an IP-VPN based on MPLS technology, also called BGP-mode MPLS VPN (virtual private network), which applies MPLS technology to network routing and switching devices, simplifies the routing mode of core routers, and utilizes label switching with traditional routing technology to implement IP virtual private network (IP VPN), thereby providing a dynamically established tunneling technique and solving the problem that different VPNs share the same address space.
Although the existing MP-BGP VPN solves the above two functions that other VPNs cannot solve, the problems of difficult deployment, high cost, and the like are brought because MPLS does not belong to the standard TCP/IP protocol, and the MPLS protocol is complex and requires hardware support.
Therefore, it is necessary to provide a BGP-based two-layer virtual private network system and a method of use that simultaneously provide a dynamically established tunneling technique and solve the problem of different VPNs sharing the same address space, and that are implemented on the TCP/IP standard without modifying the packet to a non-TCP/IP packet.
Disclosure of Invention
The technical problem to be solved by the invention is that the incompatible TCP/IP standard in the prior art needs to modify the TCP/IP standard message into MPLS message transmission, and the equipment hardware must support the MPLS function. The new BGP-based two-layer virtual private network system has the characteristics of direct compatibility with TCP/IP standards, no need of special hardware support, simple and convenient deployment and low cost.
In order to solve the technical problems, the technical scheme is as follows:
a two-layer virtual private network system based on BGP comprises a network exchange device at the transmitting end, a network exchange device at the receiving end and an L2-BGP VPN two-layer tunnel connected between the network exchange devices at the transmitting end and the receiving end.
The working principle of the invention is as follows: the invention forms a real two-layer tunnel by using L2-BGP VPN, so that the message is also a standard TCP/IP message, and can be deployed on any Ethernet supporting equipment. The deployment cost is reduced.
In the foregoing solution, for optimization, the L2-BGP VPN two-layer tunnel includes a network switching device PE, a network switching device P, and a network switching device PE that are connected in sequence;
the L2-BGP VPN two-layer tunnel further comprises an L2-BGP VPN protocol, and the L2-BGP VPN protocol comprises a Master protocol of the L2-BGP VPN and a Slaver protocol of the L2-BGP VPN;
the network switching equipment PE operates a Master protocol of L2-BGP VPN, the network switching equipment P operates, and a slave protocol of L2-BGP VPN;
the network switching equipment PE and the internal gateway protocol on the network switching equipment P send the carried MAC information to calculate a two-layer path through a formed path and a Master protocol, and issue a two-layer table item to form the L2-BGP VPN two-layer tunnel.
The L2-BGP VPN is implemented as a modification over an existing MP-BGP VPN. The MP-BGP VPN firstly runs an IGP (interior Gateway protocols) interior Gateway protocol between the PE and the P equipment, taking OSPF as an example, after OSPF convergence routing is opened, the MP-BGP VPN needs to open an MPLS protocol on each OSPF equipment node, and the MPLS calculates a 2.5-layer tunnel based on label switching on the basis of the OSPF. The L2-BGP VPN formed two-layer tunnel of the invention opens L2-BGP VPN protocol on each OSPF equipment node, L2-BGP VPN protocol forms true two-layer tunnel according to configured node information and two-layer exchange information generated by OSPF, and issues two-layer table. The rest parts still use the VRF function of BGP to realize the distribution of different VPNs like the existing MP-BGP VPN technology, and finally form a VPN path completely.
Further, the MAC information is MAC information of a plurality of interfaces on the network switching device PE, and the MAC information BGP of each interface is used to perform corresponding VPN distribution by a VRF method.
Further, the network switching device comprises a router or an ethernet switch.
The invention also provides a use method of the two-layer virtual private network system based on the BGP, which is based on the two-layer virtual private network system based on the BGP and comprises the following steps:
step 1, establishing an L2-BGP VPN two-layer tunnel on network switching equipment;
and 2, performing two-layer exchange of tunnel data on the L2-BGP VPN two-layer tunnel established in the step 1 by the network exchange equipment at the transmitting end and the network exchange equipment at the receiving end.
Further, step 1 comprises:
step S101: the Master protocol collects BGP information, and collects VPN information of VRF formed on PE equipment according to the BGP protocol;
step S102: the Master protocol sends protocol information, and sends protocol messages on the external IGP and bound interfaces of the formed access according to the collected VPN information;
step S103: the slave protocol receives the protocol message sent in step S101, and after receiving the protocol message, the slave protocol determines PE information and IP information corresponding to the Master protocol, and determines an MAC address range bound by the IP;
step S104: the slave protocol forwards the protocol message, and after receiving the protocol message, the slave protocol sends the protocol message to other interfaces according to the interface bound on the external IGP;
step S105: the Master protocol and the slave protocol issue a two-layer table, and the Master protocol and the slave protocol generate exchange information according to the received protocol message and IGP information and issue the exchange information to the two-layer table;
step S106: and forming the L2-BGP VPN two-layer tunnel.
The invention has the beneficial effects that: the invention does not need special hardware support, and the technology does not need MPLS hardware support like MP-BGP VPN to realize rapid forwarding. But may be deployed on standard ethernet devices. The invention can be compatible with standard Ethernet data packets, and the technology does not need to be modified into special messages of MPLS like MP-BGP VPN. But according to the standard ethernet protocol, it can realize the tunnel technology of dynamic establishment and solve the problem that different VPNs share the same address space.
Drawings
The invention is further illustrated with reference to the following figures and examples.
Fig. 1 is a schematic diagram of a BGP-based two-layer virtual private network system according to embodiment 1.
Fig. 2 is a schematic diagram of a L2-BGP VPN two-layer tunnel formation process in embodiment 1.
FIG. 3 is a schematic diagram of a conventional MP-BGP VPN structure.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Example 1
Fig. 3 is a schematic diagram of a conventional MP-BGP VPN architecture.
The present embodiment provides a BGP-based two-layer virtual private network system, which includes, as shown in fig. 1, an originating network switching device, a terminating network switching device, and an L2-BGP VPN two-layer tunnel connected between the originating network switching device and the terminating network switching device.
Specifically, the L2-BGP VPN two-layer tunnel includes a network switching device PE, a network switching device P, and a network switching device PE that are connected in sequence; the L2-BGP VPN two-layer tunnel further comprises an L2-BGP VPN protocol, and the L2-BGP VPN protocol comprises a Master protocol of the L2-BGP VPN and a Slaver protocol of the L2-BGP VPN; the network switching equipment PE operates a Master protocol of L2-BGP VPN, the network switching equipment P operates, and a slave protocol of L2-BGP VPN; the network switching equipment PE and the internal gateway protocol on the network switching equipment P send the carried MAC information to calculate a two-layer path through a formed path and a Master protocol, and issue a two-layer table item to form the L2-BGP VPN two-layer tunnel.
In the embodiment, the L2-BGP VPN is realized by modifying the existing MP-BGP VPN. The MP-BGP VPN first runs an interior gateway protocol between the PE and the P device, which takes OSPF as an example in this embodiment.
After the OSPF convergent route is opened, the MP-BGP VPN needs to open MPLS protocol on each OSPF device node, and the MPLS calculates 2.5 layer tunnel based on label switching based on OSPF. The L2-BGP VPN formed two-layer speed adjustment starts the L2-BGP VPN protocol on each OSPF equipment node, the L2-BGP VPN protocol forms a true two-layer tunnel according to the configured node information and the two-layer exchange information generated by OSPF, and issues a two-layer table. The rest parts still use the VRF function of BGP to realize the distribution of different VPNs like the existing MP-BGP VPN technology, and finally form a VPN path completely.
The MAC information is MAC information of a plurality of interfaces on the network switching equipment PE, and corresponding VPN distribution is carried out by utilizing the MAC information BGP of each interface through a VRF method.
In particular, the network switching device comprises a router or an ethernet switch.
The present embodiment further provides a use method of a BGP-based two-layer virtual private network system, where the use method is based on the BGP-based two-layer virtual private network system, and the use method includes:
step 1, establishing an L2-BGP VPN two-layer tunnel on network switching equipment;
and 2, performing two-layer exchange of tunnel data on the L2-BGP VPN two-layer tunnel established in the step 1 by the network exchange equipment at the transmitting end and the network exchange equipment at the receiving end.
As shown in fig. 2, the L2-BGP VPN two-layer tunnel forming process includes:
step S101: the Master protocol collects BGP information, and collects VPN information of VRF formed on PE equipment according to the BGP protocol;
step S102: the Master protocol sends protocol information, and sends protocol messages on the external IGP and bound interfaces of the formed access according to the collected VPN information;
step S103: the slave protocol receives the protocol message sent in step S101, and after receiving the protocol message, the slave protocol determines PE information and IP information corresponding to the Master protocol, and determines an MAC address range bound by the IP;
step S104: the slave protocol forwards the protocol message, and after receiving the protocol message, the slave protocol sends the protocol message to other interfaces according to the interface bound on the external IGP;
step S105: the Master protocol and the slave protocol issue a two-layer table, and the Master protocol and the slave protocol generate exchange information according to the received protocol message and IGP information and issue the exchange information to the two-layer table;
step S106: and forming the L2-BGP VPN two-layer tunnel.
Although the illustrative embodiments of the present invention have been described above to enable those skilled in the art to understand the present invention, the present invention is not limited to the scope of the embodiments, and various modifications can be made to the present invention by those skilled in the art within the spirit and scope of the present invention as defined and defined by the appended claims.

Claims (5)

1. A BGP-based two-layer virtual private network system, comprising: the two-layer virtual private network system comprises a transmitting end network exchange device, a receiving end network exchange device and an L2-BGP VPN two-layer tunnel connected between the transmitting end network exchange device and the receiving end network exchange device, wherein the L2-BGP VPN two-layer tunnel uses a standard TCP/IP message;
the L2-BGP VPN two-layer tunnel comprises a network switching device PE, a network switching device P and a network switching device PE which are connected in sequence;
the L2-BGP VPN two-layer tunnel further comprises an L2-BGP VPN protocol, and the L2-BGP VPN protocol comprises a Master protocol of the L2-BGP VPN and a Slaver protocol of the L2-BGP VPN;
the network switching equipment PE runs a Master protocol of L2-BGP VPN, and the network switching equipment P runs a slave protocol of L2-BGP VPN;
the network switching equipment PE and the internal gateway protocol on the network switching equipment P send the carried MAC information to calculate a two-layer path through a path formed by the internal gateway protocol and a Master protocol, and issue a two-layer table item to form the L2-BGP VPN two-layer tunnel;
the L2-BGP VPN protocol is started on each OSPF equipment node, and the L2-BGP VPN protocol sends a two-layer table to form a real two-layer tunnel according to the configured node information and the two-layer exchange information generated by OSPF.
2. The BGP-based two-layer virtual private network system according to claim 1, wherein: the MAC information is MAC information of a plurality of interfaces on the network switching equipment PE, and corresponding VPN distribution is carried out by utilizing the MAC information BGP of each interface through a VRF method.
3. The BGP-based two-layer virtual private network system according to claim 1, wherein: the network switching device comprises a router or an Ethernet switch.
4. A use method of a two-layer virtual private network system based on BGP is characterized in that: the using method is based on the BGP-based two-layer virtual private network system of any of claims 1-3, and the using method comprises the following steps:
step 1, establishing an L2-BGP VPN two-layer tunnel on a network switching device, wherein the L2-BGP VPN two-layer tunnel uses a standard TCP/IP message, and the L2-BGP VPN forms the two-layer tunnel, then starting an L2-BGP VPN protocol on each OSPF device node, and the L2-BGP VPN protocol forms a real two-layer tunnel according to configured node information and two-layer exchange information generated by OSPF and issuing a two-layer table;
and 2, performing two-layer exchange of tunnel data on the L2-BGP VPN two-layer tunnel established in the step 1 by the network exchange equipment at the transmitting end and the network exchange equipment at the receiving end.
5. The use method of a BGP-based two-layer virtual private network system according to claim 4, characterized in that: the step 1 comprises the following steps:
step S101: the Master protocol collects BGP information, and collects VPN information of VRF formed on PE equipment according to the BGP protocol;
step S102: the Master protocol sends protocol information, and sends protocol messages on the external IGP and bound interfaces of the formed access according to the collected VPN information;
step S103: the slave protocol receives the protocol message sent in step S101, and after receiving the protocol message, the slave protocol determines PE information and IP information corresponding to the Master protocol, and determines an MAC address range bound by the IP;
step S104: the slave protocol forwards the protocol message, and after receiving the protocol message, the slave protocol sends the protocol message to other interfaces according to the interface bound on the external IGP;
step S105: the Master protocol and the slave protocol issue a two-layer table, and the Master protocol and the slave protocol generate exchange information according to the received protocol message and IGP information and issue the exchange information to the two-layer table;
step S106: and forming the L2-BGP VPN two-layer tunnel.
CN201811231006.4A 2018-10-22 2018-10-22 Two-layer virtual private network system based on BGP and use method Active CN109167716B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811231006.4A CN109167716B (en) 2018-10-22 2018-10-22 Two-layer virtual private network system based on BGP and use method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811231006.4A CN109167716B (en) 2018-10-22 2018-10-22 Two-layer virtual private network system based on BGP and use method

Publications (2)

Publication Number Publication Date
CN109167716A CN109167716A (en) 2019-01-08
CN109167716B true CN109167716B (en) 2021-02-23

Family

ID=64878863

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811231006.4A Active CN109167716B (en) 2018-10-22 2018-10-22 Two-layer virtual private network system based on BGP and use method

Country Status (1)

Country Link
CN (1) CN109167716B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111695222B (en) * 2020-05-25 2023-08-04 智强通达科技(北京)有限公司 Finished oil storage optimization method based on cost limitation and auxiliary decision-making system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1507230A (en) * 2002-12-10 2004-06-23 ��Ϊ�������޹�˾ Method of realizing special multiple-protocol label exchanging virtual network
CN102804693A (en) * 2009-06-26 2012-11-28 阿瓦雅公司 Method and apparatus for implementing L2 VPNs on an ip network
CN108880970A (en) * 2017-05-12 2018-11-23 瞻博网络公司 The routing signaling and EVPN of port expander restrain

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8024437B2 (en) * 2003-10-30 2011-09-20 Paul Unbehagen Autodiscovery for virtual networks

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1507230A (en) * 2002-12-10 2004-06-23 ��Ϊ�������޹�˾ Method of realizing special multiple-protocol label exchanging virtual network
CN102804693A (en) * 2009-06-26 2012-11-28 阿瓦雅公司 Method and apparatus for implementing L2 VPNs on an ip network
CN108880970A (en) * 2017-05-12 2018-11-23 瞻博网络公司 The routing signaling and EVPN of port expander restrain

Also Published As

Publication number Publication date
CN109167716A (en) 2019-01-08

Similar Documents

Publication Publication Date Title
US11431526B2 (en) Deterministic forwarding across L2 and L3 networks
CN111147383B (en) Message forwarding method, message sending device and message receiving device
CN107637031B (en) Path computation element central controller for network traffic
CN110635935B (en) Using multiple EVPN routes for respective service interfaces of a user interface
US20160134591A1 (en) VPN Implementation Processing Method and Device for Edge Device
CN109995654B (en) Method and device for transmitting data based on tunnel
EP2632088B1 (en) Method and device for storing and sending mac address entry
CN111614541B (en) Method for adding public cloud network physical host into VPC
WO2017114153A1 (en) Service function chaining (sfc) communication method and device
CN101110745A (en) Method, device and system for engaging second layer network and third layer network
WO2015055016A1 (en) Network element device configuration and management method, device and network element device
CN102694738B (en) Virtual private network (VPN) gateway and method for forwarding messages at VPN gateway
CN107018076B (en) A kind of monitoring messages method and apparatus
CN105357099A (en) Implementation method of VPN (virtual private network) on basis of SDN (software defined network)
CN107040441B (en) Cross-data-center data transmission method, device and system
WO2011160517A1 (en) Tunnel switching method and system for multi-protocol label switching services
WO2007062592A1 (en) A system, a method, and a router device of layer 2 virtual private network for interconnecting point/multi-points and multi-points
WO2011147342A1 (en) Method, equipment and system for exchanging routing information
WO2020098611A1 (en) Method and apparatus for acquiring routing information
WO2011054263A1 (en) Access method and access system for layer 3 virtual private networks(vpn)
CN112218315A (en) End-to-end QoS policy execution and Ethernet data forwarding method of 5G private network
WO2013139270A1 (en) Method, device, and system for implementing layer3 virtual private network
CN102571375B (en) Multicast forwarding method and device as well as network device
WO2013139234A1 (en) Method, device and network system for multicast transmission
WO2012149854A1 (en) Rt-based method, system, and router for establishing lsp

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant