CN114051246A - Method for fusing SDN + VXLAN network and enterprise 5G network - Google Patents
Method for fusing SDN + VXLAN network and enterprise 5G network Download PDFInfo
- Publication number
- CN114051246A CN114051246A CN202111356272.1A CN202111356272A CN114051246A CN 114051246 A CN114051246 A CN 114051246A CN 202111356272 A CN202111356272 A CN 202111356272A CN 114051246 A CN114051246 A CN 114051246A
- Authority
- CN
- China
- Prior art keywords
- network
- sdn
- vxlan
- enterprise
- authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 14
- 230000004927 fusion Effects 0.000 claims abstract description 5
- 230000002776 aggregation Effects 0.000 claims description 9
- 238000004220 aggregation Methods 0.000 claims description 9
- 238000005516 engineering process Methods 0.000 abstract description 11
- 238000004891 communication Methods 0.000 abstract description 2
- 210000001503 joint Anatomy 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W48/00—Access restriction; Network selection; Access point selection
- H04W48/02—Access restriction performed under specific conditions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W48/00—Access restriction; Network selection; Access point selection
- H04W48/02—Access restriction performed under specific conditions
- H04W48/06—Access restriction performed under specific conditions based on traffic conditions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W48/00—Access restriction; Network selection; Access point selection
- H04W48/18—Selecting a network or a communication service
Abstract
The invention relates to the technical field of network communication, in particular to a method based on the fusion of an SDN + VXLAN network and an enterprise 5G network, wherein an access layer switch of the existing SDN + VLXAN network of an enterprise sets a port logic network accessed by a 5G network base station into a trunk type, and carries out SDN + VXLAN authentication-free; the convergence switch of the existing SDN + VLXAN network of an enterprise sets a 5G network port as trunk and carries out SDN + VXLAN authentication-free; the gateway of the 5G network planning is arranged in the VXLAN boundary switch, the invention ensures that 5G data can be completely authenticated in the SDN + VXLAN network and directly enter a core network of the 5G network, each 5G slice network is divided by the 5G network core, thereby solving the problem that the 5G network slice technology and the SDN + VXLAN network are fused to generate conflict on a logic network layer, all the access layer switch, the convergence layer switch and the VXLAN boundary switch where the SDN + VXLAN network of an enterprise is positioned are arranged in a relevant way, and the VLAN planned by the 5G network is authenticated without being managed by the existing SDN + VXLAN network of the enterprise.
Description
Technical Field
The invention relates to the technical field of network communication, in particular to a method for fusing an SDN + VXLAN network and an enterprise 5G network.
Background
The 5G network slicing technology is the core characteristic and capability of a 5G network, and can provide network services which are mutually isolated and have customizable functions for different customers and different services based on the requirements of field services. Different from the differentiated service capability provided by the traditional QoS (quality of service), APN (access point name)/DNN (data network name), the network slice can endow special differentiated services for terminals in different areas according to the end-to-end logic special network and the characteristics of the terminals, and the technology of the SDN + VXLAN network is substantially used. If the enterprise content is from an independent local area network and the 5G network function is to be used inside the enterprise, based on the 5G network slicing technology, the enterprise directly merges from the physical network and the logical network by using the traditional VLAN technology network, but if the existing network of the enterprise is already an SDN + VXLAN network, the direct merging with the 5G network slicing technology may generate a conflict at the logical network level. Therefore, a method for how an enterprise merges with a 5G network under the conditions of the SDN + VXLAN network is urgently needed to be found.
Disclosure of Invention
The invention aims to provide a method for fusing an SDN + VXLAN network and an enterprise 5G network, which is used for realizing the fusion of the existing SDN + VLXAN network and the 5G network of the enterprise.
In order to achieve the technical effect, the method for fusing the SDN + VXLAN network and the enterprise 5G network comprises the following steps:
s1, access layer logic network setting: an access layer switch of an existing SDN + VLXAN network of an enterprise sets a port logic network accessed by a 5G network base station to be trunk type, the access layer switch of the existing SDN + VLXAN network of the enterprise adds a pvid group which is free from SDN authentication, a user of the pvid group defines a group number by himself, and SDN + VXLAN authentication is carried out;
s2, setting a convergence layer logic network: the 5G network port is set to trunk by the convergence switch of the existing SDN + VLXAN network of the enterprise, the convergence switch of the existing SDN + VLXAN network of the enterprise is added into a pnid VLAN group without SDN authentication, a convergence layer and an access layer in the step S1 are divided into the same pnid VLAN group, and SDN + VXLAN authentication is carried out;
s3, setting a VXLAN boundary network: and setting a convergence layer of 5G network planning and an access layer SDN authentication-free pvid VLAN group gateway in a VXLAN boundary switch, and issuing the convergence layer and the access layer SDN authentication-free pvid VLAN group gateway by using a BGP protocol.
Further, the tandem port of the aggregation switch is set to allow the pass of the authentication-free pvid VLAN group in the aggregation layer and the access layer SDN.
Further, the VXLAN border switch cascade port is set to allow pass of the authentication-free pvid VLAN in the convergence layer and the access layer SDN.
The invention has the beneficial effects that: an access layer switch of an existing SDN + VLXAN network of an enterprise sets a port logic network accessed by a 5G network base station to be trunk type, the access layer switch of the existing SDN + VLXAN network of the enterprise adds an SDN authentication-free pvid group, a user defines a group number by self, and SDN + VXLAN authentication-free is carried out; the method comprises the steps that a 5G network port is set to trunk by a convergence switch of an existing SDN + VLXAN network of an enterprise, the convergence switch of the existing SDN + VLXAN network of the enterprise is added into a pnid VLAN group free of SDN authentication, a convergence layer and an access layer are divided into the same pnid VLAN group, and SDN + VXLAN authentication is carried out; setting a convergence layer of 5G network planning and an access layer SDN authentication-free pvid VLAN group gateway in a VXLAN boundary switch, and releasing the convergence layer and the access layer SDN authentication-free pvid VLAN group gateway by using a BGP protocol; the aggregation switch cascade port is set to allow an SDN authentication-free pvid VLAN group (an aggregation layer and an access layer are required to be divided into the same pvid VLAN group) to pass through; the VXLAN border switch cascade port is set as allowed; the invention can ensure that 5G data can be completely free from authentication in the SDN + VXLAN network and directly enter the 5G network core network, and each 5G slice network is divided by the 5G network core, thereby solving the problem that the 5G network slice technology and the SDN + VXLAN network are converged to generate conflict on the logic network level. The invention realizes the fusion of the enterprise SDN + VLXAN network and the 5G network, needs to utilize or redeploy the VLXAN boundary switch, and realizes the butt joint of the network of other technologies and the enterprise SDN + VXLAN backbone network. Meanwhile, all the access layer switches, convergence layer switches and VXLAN boundary switches where the SDN + VXLAN network of the enterprise is located are set in a related mode, authentication is avoided for the VLAN planned by the 5G network, and the management of the existing SDN + VXLAN network of the enterprise is avoided.
Detailed Description
The method for fusing the SDN + VXLAN network and the enterprise 5G network comprises the following steps:
s1, access layer logic network setting: an access layer switch of an existing SDN + VLXAN network of an enterprise sets a port logic network accessed by a 5G network base station to be trunk type, the access layer switch of the existing SDN + VLXAN network of the enterprise adds a pvid group which is free from SDN authentication, a user of the pvid group defines a group number by himself, and SDN + VXLAN authentication is carried out;
s2, setting a convergence layer logic network: the 5G network port is set to trunk by the convergence switch of the existing SDN + VLXAN network of the enterprise, the convergence switch of the existing SDN + VLXAN network of the enterprise is added into a pnid VLAN group without SDN authentication, a convergence layer and an access layer in the step S1 are divided into the same pnid VLAN group, and SDN + VXLAN authentication is carried out;
s3, setting a VXLAN boundary network: and setting a convergence layer of 5G network planning and an access layer SDN authentication-free pvid VLAN group gateway in a VXLAN boundary switch, and issuing the convergence layer and the access layer SDN authentication-free pvid VLAN group gateway by using a BGP protocol.
Further, the tandem port of the aggregation switch is set to allow the pass of the authentication-free pvid VLAN group in the aggregation layer and the access layer SDN.
Further, the VXLAN border switch cascade port is set to allow pass of the authentication-free pvid VLAN in the convergence layer and the access layer SDN.
The invention can ensure that 5G data can be completely free from authentication in the SDN + VXLAN network and directly enter the 5G network core network, and each 5G slice network is divided by the 5G network core, thereby solving the problem that the 5G network slice technology and the SDN + VXLAN network are converged to generate conflict on the logic network level.
The invention realizes the fusion of the enterprise SDN + VLXAN network and the 5G network, needs to utilize or redeploy the VLXAN boundary switch, and realizes the butt joint of the network of other technologies and the enterprise SDN + VXLAN backbone network. Meanwhile, all the access layer switches, convergence layer switches and VXLAN boundary switches where the SDN + VXLAN network of the enterprise is located are set in a related mode, authentication is avoided for the VLAN planned by the 5G network, and the management of the existing SDN + VXLAN network of the enterprise is avoided.
The first embodiment is as follows: the local area network of a certain enterprise is in butt joint with a 5G private network of a telecommunication company in the city, one part of a 5G transmission network utilizes the local area network of the enterprise for transmission, the campus network of the enterprise is an SDN + VXLAN network of H3C company, the data center network is a traditional VLAN network, and the network segment planning of the 5G network is 10.20.0.0/16.
Since the logical architecture of the 5G network of the carrier is also VXLAN network, it cannot be compatible with the SDN + VXLAN network of H3C company of the enterprise, the company cannot transmit data in the campus network to the data center, and the enterprise builds a VXLAN border switch (H3C-S7504) between the data center network and the campus network for data to traverse between the VXLAN network and the conventional VLAN network.
1. The enterprise sets a port logic network accessed by a 5G network base station to be trunk type according to the requirement of an access layer switch of the existing SDN + VLXAN network, and adds a special vlan pvid 596-.
Is configured to:
interface GigabitEthernet0/0/2
port link-type trunk
port trunk pvid vlan 599
port trunk allow-pass vlan 2 to 4094
l2protocol-tunnel user-defined-protocol 802.1x enable
poe priority critical;
2. the 5G network port is set as trunk by the existing convergence switch of the SDN + VLXAN network of an enterprise, and a special vlan pvid 596-599 group is added to perform SDN + VXLAN authentication-free.
Is configured to:
interface Ten-GigabitEthernet0/0/5
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2 to 4094
port-isolate enable group 1
undo stp enable
mirroring-group 1 mirroring-port both
mac-based ac
dot1x
undo dot1x handshake
undo dot1x multicast-trigger
mac-authentication
mac-authentication domain h3c
undo mac-authentication offline-detect enable
port-security free-vlan 1 118 596 to 599 3501 to 3555 4094
dhcp snooping trust;
3. and setting the VLAN 596-599 gateway for 5G network planning in the VXLAN boundary switch, and issuing the VLAN 596-599 gateway by using a BGP protocol. Meanwhile, the tandem port of the aggregation switch and the VXLAN boundary switch is set to allow the VLAN 596-.
According to the setting of the method, the 5G data can be completely free from authentication in the SDN + VXLAN network and directly enter the 5G network core network. Each 5G slice network is divided through a 5G network core, so that the problem that the 5G network slice technology and the SDN + VXLAN network are converged to generate conflict in a logic network layer is solved.
Claims (3)
1. The method based on the fusion of the SDN + VXLAN network and the enterprise 5G network is characterized in that: the method comprises the following steps:
s1, access layer logic network setting: an access layer switch of an existing SDN + VLXAN network of an enterprise sets a port logic network accessed by a 5G network base station to be trunk type, the access layer switch of the existing SDN + VLXAN network of the enterprise adds a pvid group which is free from SDN authentication, a user of the pvid group defines a group number by himself, and SDN + VXLAN authentication is carried out;
s2, setting a convergence layer logic network: the 5G network port is set to trunk by the convergence switch of the existing SDN + VLXAN network of the enterprise, the convergence switch of the existing SDN + VLXAN network of the enterprise is added into a pnid VLAN group without SDN authentication, a convergence layer and an access layer in the step S1 are divided into the same pnid VLAN group, and SDN + VXLAN authentication is carried out;
s3, setting a VXLAN boundary network: and setting a convergence layer of 5G network planning and an access layer SDN authentication-free pvid VLAN group gateway in a VXLAN boundary switch, and issuing the convergence layer and the access layer SDN authentication-free pvid VLAN group gateway by using a BGP protocol.
2. The SDN + VXLAN network and enterprise 5G network-based convergence method of claim 1, wherein: the aggregation switch cascade port is set to allow an authentication-free pvid VLAN group of an aggregation layer and an access layer SDN to pass through.
3. The SDN + VXLAN network and enterprise 5G network-based convergence method of claim 2, wherein: the VXLAN border switch cascade port is set to allow the authentication-free pvid VLAN of the convergence layer and the SDN of the access layer to pass through.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111356272.1A CN114051246B (en) | 2021-11-16 | 2021-11-16 | SDN+VXLAN network and enterprise 5G network fusion-based method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111356272.1A CN114051246B (en) | 2021-11-16 | 2021-11-16 | SDN+VXLAN network and enterprise 5G network fusion-based method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114051246A true CN114051246A (en) | 2022-02-15 |
| CN114051246B CN114051246B (en) | 2024-02-20 |
Family
ID=80209447
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111356272.1A Active CN114051246B (en) | 2021-11-16 | 2021-11-16 | SDN+VXLAN network and enterprise 5G network fusion-based method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114051246B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117439890A (en) * | 2023-12-20 | 2024-01-23 | 江苏未来网络集团有限公司 | End-to-end slicing network system of 5G private network |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104660527A (en) * | 2015-03-20 | 2015-05-27 | 上海斐讯数据通信技术有限公司 | Service switch, virtual local area network (VLAN)-spanning point-to-point protocol over Ethernet (PPPoE) network system and VLAN-spanning PPPoE network method |
| US20160241515A1 (en) * | 2015-02-16 | 2016-08-18 | Telefonaktiebolaget L M Ericsson (Publ) | Method and system for providing "anywhere access" for fixed broadband subscribers |
| CN107332812A (en) * | 2016-04-29 | 2017-11-07 | 新华三技术有限公司 | The implementation method and device of NS software |
| CN107770064A (en) * | 2016-08-19 | 2018-03-06 | 华为技术有限公司 | A kind of method of internetwork communication, equipment |
| US20190238365A1 (en) * | 2018-01-31 | 2019-08-01 | Hewlett Packard Enterprise Development Lp | Vlan to vxlan translation using vlan-aware virtual machines |
| US20190394067A1 (en) * | 2018-06-26 | 2019-12-26 | Huawei Technologies Co., Ltd. | VXLAN Implementation Method, Network Device, and Communications System |
| CN110661732A (en) * | 2019-09-20 | 2020-01-07 | 浪潮思科网络科技有限公司 | Device and method for scheduling traffic among working groups based on MAC (media access control) VLAN (virtual local area network) division |
| CN112929206A (en) * | 2021-01-22 | 2021-06-08 | 浪潮思科网络科技有限公司 | Method and device for configuring cloud physical machine in cloud network environment |
-
2021
- 2021-11-16 CN CN202111356272.1A patent/CN114051246B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160241515A1 (en) * | 2015-02-16 | 2016-08-18 | Telefonaktiebolaget L M Ericsson (Publ) | Method and system for providing "anywhere access" for fixed broadband subscribers |
| CN104660527A (en) * | 2015-03-20 | 2015-05-27 | 上海斐讯数据通信技术有限公司 | Service switch, virtual local area network (VLAN)-spanning point-to-point protocol over Ethernet (PPPoE) network system and VLAN-spanning PPPoE network method |
| CN107332812A (en) * | 2016-04-29 | 2017-11-07 | 新华三技术有限公司 | The implementation method and device of NS software |
| CN107770064A (en) * | 2016-08-19 | 2018-03-06 | 华为技术有限公司 | A kind of method of internetwork communication, equipment |
| US20190238365A1 (en) * | 2018-01-31 | 2019-08-01 | Hewlett Packard Enterprise Development Lp | Vlan to vxlan translation using vlan-aware virtual machines |
| US20190394067A1 (en) * | 2018-06-26 | 2019-12-26 | Huawei Technologies Co., Ltd. | VXLAN Implementation Method, Network Device, and Communications System |
| CN110661732A (en) * | 2019-09-20 | 2020-01-07 | 浪潮思科网络科技有限公司 | Device and method for scheduling traffic among working groups based on MAC (media access control) VLAN (virtual local area network) division |
| CN112929206A (en) * | 2021-01-22 | 2021-06-08 | 浪潮思科网络科技有限公司 | Method and device for configuring cloud physical machine in cloud network environment |
Non-Patent Citations (3)
| Title |
|---|
| 孙沛龙等: "5G 时代电信云资源池网络建设方案分析与探讨", 《长江信息通信》, no. 1, pages 1 - 3 * |
| 邵鹏飞;苗瑾超;金强山;: "PVID在VLAN配置中的作用及影响分析", 实验室研究与探索, no. 04 * |
| 雍蕊萌: "基于SDN构架的校园网络的研究与设计", 《中国优秀硕士论文电子期刊网》, no. 2, pages 14 - 47 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117439890A (en) * | 2023-12-20 | 2024-01-23 | 江苏未来网络集团有限公司 | End-to-end slicing network system of 5G private network |
| CN117439890B (en) * | 2023-12-20 | 2024-02-27 | 江苏未来网络集团有限公司 | End-to-end slicing network system of 5G private network |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114051246B (en) | 2024-02-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11025492B2 (en) | Packet data unit (PDU) structure for supporting distributed relay control protocol (DRCP) | |
| US8085791B1 (en) | Using layer two control protocol (L2CP) for data plane MPLS within an L2 network access node | |
| US8121126B1 (en) | Layer two (L2) network access node having data plane MPLS | |
| US8385342B2 (en) | System and method of virtual private network route target filtering | |
| EP1886447B1 (en) | System and method for authentication of sp ethernet aggregation networks | |
| CN100384172C (en) | System and its method for guaranteeing service quality in virtual special net based network | |
| US20160065407A1 (en) | Method and system for supporting distributed relay control protocol (drcp) operations upon misconfiguration | |
| EP1132844A2 (en) | E-commerce system facilitating service networks including broadband communication service networks | |
| US20070133577A1 (en) | Virtual private network and method for controlling and forwarding route thereof | |
| WO2007016839A1 (en) | Method and system for carrying out hierarchical virtual private switch services | |
| CN114051246A (en) | Method for fusing SDN + VXLAN network and enterprise 5G network | |
| CN108023832A (en) | Method for sending information, apparatus and system | |
| CN201204611Y (en) | Control device for interconnect and intercommunication of telecom, China Union and CNC | |
| CN108076459A (en) | Access control method, relevant device and system | |
| WO2020156579A1 (en) | Protocol processing method and apparatus, and storage medium | |
| Sequeira | CompTIA Network+ N10-006 Quick Refernce | |
| Headquarters | Services Ready Small Branch Network System Assurance Guide | |
| Headquarters | Services Ready Medium Branch Network System Assurance Guide | |
| Donohue | Ccnp Switch 642-813 Quick Reference | |
| Headquarters | Streamlined Small Branch Network System Assurance Guide |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |