CN114051246B - SDN+VXLAN network and enterprise 5G network fusion-based method - Google Patents
SDN+VXLAN network and enterprise 5G network fusion-based method Download PDFInfo
- Publication number
- CN114051246B CN114051246B CN202111356272.1A CN202111356272A CN114051246B CN 114051246 B CN114051246 B CN 114051246B CN 202111356272 A CN202111356272 A CN 202111356272A CN 114051246 B CN114051246 B CN 114051246B
- Authority
- CN
- China
- Prior art keywords
- network
- sdn
- vxlan
- enterprise
- free
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 11
- 230000004927 fusion Effects 0.000 title description 6
- 230000002776 aggregation Effects 0.000 claims abstract description 20
- 238000004220 aggregation Methods 0.000 claims abstract description 20
- 238000005516 engineering process Methods 0.000 abstract description 12
- 230000010354 integration Effects 0.000 abstract description 3
- 238000004891 communication Methods 0.000 abstract description 2
- 238000007726 management method Methods 0.000 abstract 1
- 210000001503 joint Anatomy 0.000 description 3
- 230000002596 correlated effect Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W48/00—Access restriction; Network selection; Access point selection
- H04W48/02—Access restriction performed under specific conditions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W48/00—Access restriction; Network selection; Access point selection
- H04W48/02—Access restriction performed under specific conditions
- H04W48/06—Access restriction performed under specific conditions based on traffic conditions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W48/00—Access restriction; Network selection; Access point selection
- H04W48/18—Selecting a network or a communication service
Abstract
The invention relates to the technical field of network communication, in particular to a method based on the integration of an SDN+VXLAN network and an enterprise 5G network, wherein an access layer switch of the existing SDN+VLXAN network of the enterprise sets a port logic network accessed by a 5G network base station as a trunk type to carry out SDN+VXLAN authentication-free; the method comprises the steps that an aggregation switch of an existing SDN+VLXAN network of an enterprise sets a 5G network port as a trunk, and SDN+VXLAN authentication-free is carried out; the 5G network planning gateway is arranged in the VXLAN boundary switch, so that the 5G data can be completely authenticated-free in the SDN+VXLAN network and directly enter the 5G network core network, each 5G slice network is divided through the 5G network core, the problem that the 5G network slicing technology and the SDN+VXLAN network are fused to generate conflict at the logic network level is solved, all the access layer switch, the convergence layer switch and the VXLAN boundary switch where the enterprise SDN+VXLAN network is located are arranged in a related mode, the VLAN of the 5G network planning is authenticated-free, and the management of the enterprise SDN+VXLAN network is avoided.
Description
Technical Field
The invention relates to the technical field of network communication, in particular to a method for fusing an SDN+VXLAN network and an enterprise 5G network.
Background
The network slicing technology is the core characteristics and the capabilities of the 5G network, and the 5G network slicing technology can provide network services which are isolated from each other and have customizable functions for different clients and different services based on the requirements of field services. Different from the traditional quality of service QoS and differentiated service capability provided by an access point name APN/data network name DNN, network slicing can be used for providing special differentiated services for terminals in different areas according to the characteristics of the terminals by an end-to-end logic private network, and is a technology essentially using an sdn+vxlan network. If the enterprise content is formed by an independent local area network and 5G network functions are to be used inside the enterprise, the enterprise adopts a traditional VLAN technology network to directly fuse from a physical network and a logic network based on the 5G network slicing technology, but if the existing network of the enterprise is already an SDN+VXLAN network, the direct fusion with the 5G network slicing technology can generate conflict at the logic network level. It is therefore highly desirable to find a way how an enterprise merges with a 5G network under sdn+vxlan network conditions.
Disclosure of Invention
The invention aims to provide a method for fusing an SDN+VXLAN network and an enterprise 5G network, which realizes the fusion of the existing SDN+VLXAN network and the 5G network of the enterprise.
In order to achieve the technical effects, the method based on the integration of the SDN+VXLAN network and the enterprise 5G network comprises the following steps:
s1, setting an access layer logic network: setting network logic of an access port of a 5G network base station as a trunk type by an access layer switch of the conventional SDN+VLXAN network of an enterprise, adding the port of the conventional access layer switch of the SDN+VLXAN network of the enterprise into a pvid VLAN group free of SDN authentication, and enabling a user of the pvid VLAN group to define a group number by himself so as to carry out SDN+VXLAN authentication free;
s2, setting a convergence layer logic network: setting a 5G network port as a trunk by an aggregation switch of the existing SDN+VLXAN network of the enterprise, adding the 5G network port of the aggregation switch of the existing SDN+VLXAN network of the enterprise into a SDN authentication-free pvid VLAN group, and dividing the aggregation layer and an access layer in the step S1 into the same pvid VLAN group to carry out SDN+VXLAN authentication-free;
s3.vxlan border network setup: and setting the convergence layer of 5G network planning and the access layer SDN authentication-free pvid VLAN group gateway in the VXLAN boundary switch, and releasing the convergence layer and the access layer SDN authentication-free pvid VLAN group gateway by using the BGP protocol.
Further, the aggregation switch cascade port is configured to allow the aggregation layer and the access layer SDN authentication-free pvid VLAN group to pass.
Further, the VXLAN border switch cascade port is configured to allow the convergence layer and the access layer SDN to pass through the pvid VLAN without authentication.
The beneficial effects of the invention are as follows: setting network logic of an access port of a 5G network base station as a trunk type by an access layer switch of the conventional SDN+VLXAN network of an enterprise, adding the port of the conventional access layer switch of the SDN+VLXAN network of the enterprise into an SDN authentication-free pvid VLAN group, and enabling a user to define a group number by himself so as to perform SDN+VXLAN authentication-free; setting a 5G network port as a trunk by an existing convergence switch of the SDN+VLXAN network of the enterprise, adding the 5G network port of the existing convergence switch of the SDN+VLXAN network of the enterprise into a SDN authentication-free pvid VLAN group, and dividing the convergence layer and an access layer into the same pvid VLAN group to perform SDN+VXLAN authentication-free; setting a convergence layer of 5G network planning and an access layer SDN authentication-free pvid VLAN group gateway in a VXLAN boundary switch, and publishing the convergence layer and the access layer SDN authentication-free pvid VLAN group gateway by using a BGP protocol; the aggregation switch cascade port is set to allow the SDN to pass through the authentication-free pvid VLAN group (the aggregation layer and the access layer must be divided into the same pvid VLAN group); the cascade port of the VXLAN boundary switch is set to be allowed; the invention enables the 5G data to go through all authentication-free in the SDN+VXLAN network and directly enter the 5G network core network, and each 5G slicing network is divided by the 5G network core, thereby solving the problem that the 5G network slicing technology and the SDN+VXLAN network are fused to generate conflict at the logic network level. The invention realizes the fusion of the enterprise SDN+VLXAN network and the 5G network, and the VLXAN boundary switch is needed to be utilized or redeployed, so that the butt joint of the network of other technologies and the enterprise SDN+VXLAN backbone network is realized. Meanwhile, all the access layer switch, the convergence layer switch and the VXLAN boundary switch where the enterprise SDN+VXLAN network is located are arranged in a correlated mode, and the VLAN planned by the 5G network is subjected to authentication-free mode and is not managed by the existing SDN+VXLAN network of the enterprise.
Detailed Description
The method based on the integration of the SDN+VXLAN network and the enterprise 5G network comprises the following steps:
s1, setting an access layer logic network: setting network logic of an access port of a 5G network base station as a trunk type by an access layer switch of the conventional SDN+VLXAN network of an enterprise, adding the port of the conventional access layer switch of the SDN+VLXAN network of the enterprise into an SDN authentication-free pvid VLAN group, and enabling a user of the pvid VLAN group to define a group number by himself so as to perform SDN+VXLAN authentication-free;
s2, setting a convergence layer logic network: setting a 5G network port as a trunk by an aggregation switch of the existing SDN+VLXAN network of the enterprise, adding the 5G network port of the aggregation switch of the existing SDN+VLXAN network of the enterprise into a SDN authentication-free pvid VLAN group, and dividing the aggregation layer and an access layer in the step S1 into the same pvid VLAN group to carry out SDN+VXLAN authentication-free;
s3.vxlan border network setup: and setting the convergence layer of 5G network planning and the access layer SDN authentication-free pvid VLAN group gateway in the VXLAN boundary switch, and releasing the convergence layer and the access layer SDN authentication-free pvid VLAN group gateway by using the BGP protocol.
Further, the aggregation switch cascade port is configured to allow the aggregation layer and the access layer SDN authentication-free pvid VLAN group to pass.
Further, the VXLAN border switch cascade port is configured to allow the convergence layer and the access layer SDN to pass through the pvid VLAN without authentication.
The invention enables the 5G data to go through all authentication-free in the SDN+VXLAN network and directly enter the 5G network core network, and each 5G slicing network is divided by the 5G network core, thereby solving the problem that the 5G network slicing technology and the SDN+VXLAN network are fused to generate conflict at the logic network level.
The invention realizes the fusion of the enterprise SDN+VLXAN network and the 5G network, and the VLXAN boundary switch is needed to be utilized or redeployed, so that the butt joint of the network of other technologies and the enterprise SDN+VXLAN backbone network is realized. Meanwhile, all the access layer switch, the convergence layer switch and the VXLAN boundary switch where the enterprise SDN+VXLAN network is located are arranged in a correlated mode, and the VLAN planned by the 5G network is subjected to authentication-free mode and is not managed by the existing SDN+VXLAN network of the enterprise.
Embodiment one: and a certain enterprise local area network is in butt joint with a 5G private network of a telecom company in the home, part of a 5G transmission network utilizes the local area network of the enterprise to transmit, a park network of the enterprise is an SDN+VXLAN network of an H3C company, a data center network is a traditional VLAN network, and the network segment of the 5G network is planned to be 10.20.0.0/16.
Because the logical architecture of the 5G network of the carrier is also a VXLAN network, the carrier cannot be compatible with the sdn+vxlan network of the H3C company of the enterprise, the company cannot transmit the data in the campus network to the data center, and the enterprise builds a VXLAN border switch (H3C-S7504) between the data center network and the campus network for the data to traverse between the VXLAN network and the conventional VLAN network.
1. The enterprise sets the port logic network which is accessed by a 5G network base station as a trunk type by an access layer switch of the existing SDN+VLXAN network, and adds a special pvid VLAN 596-599 group to perform SDN+VXLAN authentication-free.
Is configured to:
interface GigabitEthernet0/0/2
port link-type trunk
port trunk pvid vlan 599
port trunk allow-pass vlan 2 to 4094
l2protocol-tunnel user-defined-protocol 802.1x enable
poe priority critical;
2. and setting a 5G network port as a trunk by an aggregation switch of the conventional SDN+VLXAN network of the enterprise, adding a special pvid VLAN 596-599 group, and performing SDN+VXLAN authentication-free.
Is configured to:
interface Ten-GigabitEthernet0/0/5
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2 to 4094
port-isolate enable group 1
undo stp enable
mirroring-group 1 mirroring-port both
mac-based ac
dot1x
undo dot1x handshake
undo dot1x multicast-trigger
mac-authentication
mac-authentication domain h3c
undo mac-authentication offline-detect enable
port-security free-vlan 1 118 596 to 599 3501 to 3555 4094
dhcp snooping trust;
3. the 5G network planned VLAN 596-599 gateway is set in the VXLAN border switch and the BGP protocol is used to publish the VLAN 596-599 gateway. The aggregation switch and VXLAN border switch tandem ports are set to allow VLAN 596-599 to pass through.
According to the method, the 5G data can be completely authenticated-free in the SDN+VXLAN network and directly enter the 5G network core network. Each 5G slicing network is divided through a 5G network core, so that the problem that the 5G network slicing technology and the SDN+VXLAN network are fused to generate conflict at a logic network level is solved.
Claims (1)
1. The method for fusing the SDN+VXLAN network and the enterprise 5G network is characterized in that: the method comprises the following steps:
s1, setting an access layer logic network: setting network logic of an access port of a 5G network base station as a trunk type by an access layer switch of the conventional SDN+VLXAN network of an enterprise, adding the port of the conventional access layer switch of the SDN+VLXAN network of the enterprise into a pvid VLAN group free of SDN authentication, and enabling a user of the pvid VLAN group to define a group number by himself so as to carry out SDN+VXLAN authentication free;
s2, setting a convergence layer logic network: setting a 5G network port as a trunk by an aggregation switch of the existing SDN+VLXAN network of the enterprise, adding the 5G network port of the aggregation switch of the existing SDN+VLXAN network of the enterprise into a SDN authentication-free pvid VLAN group, and dividing the aggregation layer and an access layer in the step S1 into the same pvid VLAN group to carry out SDN+VXLAN authentication-free;
s3.vxlan border network setup: setting a convergence layer of 5G network planning and an access layer SDN authentication-free pvid VLAN group gateway in a VXLAN boundary switch, and publishing the convergence layer and the access layer SDN authentication-free pvid VLAN group gateway by using a BGP protocol;
the aggregation switch cascading port is arranged to allow the aggregation layer and the access layer SDN to pass through the pvid VLAN group without authentication;
the VXLAN boundary switch cascade port is arranged to allow the convergence layer and the access layer SDN to pass through the pvid VLAN without authentication;
a VXLAN boundary switch is built between a traditional VLAN network and an SDN+VXLAN network and is used for data crossing between the VXLAN network and the traditional VLAN network;
the 5G data can be completely authenticated-free in the SDN+VXLAN network and directly enter the 5G network core network.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111356272.1A CN114051246B (en) | 2021-11-16 | 2021-11-16 | SDN+VXLAN network and enterprise 5G network fusion-based method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111356272.1A CN114051246B (en) | 2021-11-16 | 2021-11-16 | SDN+VXLAN network and enterprise 5G network fusion-based method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114051246A CN114051246A (en) | 2022-02-15 |
| CN114051246B true CN114051246B (en) | 2024-02-20 |
Family
ID=80209447
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111356272.1A Active CN114051246B (en) | 2021-11-16 | 2021-11-16 | SDN+VXLAN network and enterprise 5G network fusion-based method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114051246B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117439890B (en) * | 2023-12-20 | 2024-02-27 | 江苏未来网络集团有限公司 | End-to-end slicing network system of 5G private network |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104660527A (en) * | 2015-03-20 | 2015-05-27 | 上海斐讯数据通信技术有限公司 | Service switch, virtual local area network (VLAN)-spanning point-to-point protocol over Ethernet (PPPoE) network system and VLAN-spanning PPPoE network method |
| CN107332812A (en) * | 2016-04-29 | 2017-11-07 | 新华三技术有限公司 | The implementation method and device of NS software |
| CN107770064A (en) * | 2016-08-19 | 2018-03-06 | 华为技术有限公司 | A kind of method of internetwork communication, equipment |
| CN110661732A (en) * | 2019-09-20 | 2020-01-07 | 浪潮思科网络科技有限公司 | Device and method for scheduling traffic among working groups based on MAC (media access control) VLAN (virtual local area network) division |
| CN112929206A (en) * | 2021-01-22 | 2021-06-08 | 浪潮思科网络科技有限公司 | Method and device for configuring cloud physical machine in cloud network environment |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10257162B2 (en) * | 2015-02-16 | 2019-04-09 | Telefonaktiebolaget Lm Ericsson (Publ) | Method and system for providing “anywhere access” for fixed broadband subscribers |
| US10476699B2 (en) * | 2018-01-31 | 2019-11-12 | Hewlett Packard Enterprise Development Lp | VLAN to VXLAN translation using VLAN-aware virtual machines |
| CN110650076B (en) * | 2018-06-26 | 2021-12-24 | 华为技术有限公司 | VXLAN implementation method, network equipment and communication system |
-
2021
- 2021-11-16 CN CN202111356272.1A patent/CN114051246B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104660527A (en) * | 2015-03-20 | 2015-05-27 | 上海斐讯数据通信技术有限公司 | Service switch, virtual local area network (VLAN)-spanning point-to-point protocol over Ethernet (PPPoE) network system and VLAN-spanning PPPoE network method |
| CN107332812A (en) * | 2016-04-29 | 2017-11-07 | 新华三技术有限公司 | The implementation method and device of NS software |
| CN107770064A (en) * | 2016-08-19 | 2018-03-06 | 华为技术有限公司 | A kind of method of internetwork communication, equipment |
| CN110661732A (en) * | 2019-09-20 | 2020-01-07 | 浪潮思科网络科技有限公司 | Device and method for scheduling traffic among working groups based on MAC (media access control) VLAN (virtual local area network) division |
| CN112929206A (en) * | 2021-01-22 | 2021-06-08 | 浪潮思科网络科技有限公司 | Method and device for configuring cloud physical machine in cloud network environment |
Non-Patent Citations (3)
| Title |
|---|
| 5G 时代电信云资源池网络建设方案分析与探讨;孙沛龙等;《长江信息通信》(第第1期期);第1-3页 * |
| PVID在VLAN配置中的作用及影响分析;邵鹏飞;苗瑾超;金强山;;实验室研究与探索(04);全文 * |
| 基于SDN构架的校园网络的研究与设计;雍蕊萌;《中国优秀硕士论文电子期刊网》(第第2期期);第14-47页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114051246A (en) | 2022-02-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP1886447B1 (en) | System and method for authentication of sp ethernet aggregation networks | |
| JP4190421B2 (en) | Personal virtual bridge local area network | |
| US8176325B2 (en) | Peer-to-peer access control method based on ports | |
| US8085791B1 (en) | Using layer two control protocol (L2CP) for data plane MPLS within an L2 network access node | |
| US20040158735A1 (en) | System and method for IEEE 802.1X user authentication in a network entry device | |
| CN105812259B (en) | A kind of message forwarding method and equipment | |
| US20070133577A1 (en) | Virtual private network and method for controlling and forwarding route thereof | |
| CN101227376B (en) | Equipment and method for virtual special-purpose network multi-case safe access | |
| EP2701342A1 (en) | Method and system for implementing elastic network interface and interconnection | |
| US20060068799A1 (en) | Open-host wireless access system | |
| JP2005513915A6 (en) | Personal virtual bridge local area network | |
| WO2007016839A1 (en) | Method and system for carrying out hierarchical virtual private switch services | |
| EP2911355A1 (en) | Method and device for flow path negotiation in link aggregation group | |
| CN114051246B (en) | SDN+VXLAN network and enterprise 5G network fusion-based method | |
| US20110058559A1 (en) | Vlan data framing and transmission | |
| Tongkaw et al. | Multi-VLAN design over IPSec VPN for campus network | |
| US9736060B2 (en) | Method and device for negotiating traffic path in link aggregation group | |
| CN108023832A (en) | Method for sending information, apparatus and system | |
| CN109150829A (en) | Software definition cloud network trust data distribution method, readable storage medium storing program for executing and terminal | |
| CN201204611Y (en) | Control device for interconnect and intercommunication of telecom, China Union and CNC | |
| CN101421986B (en) | Methods and apparatus for cluster licensing in wireless switch architecture | |
| CN108900518A (en) | Believable software definition cloud network data distribution systems | |
| CN112040170B (en) | Remote off-site bid evaluation system based on 5G | |
| CN103095507B (en) | Based on message transmitting method and the edge device of Ethernet virtualization internet network | |
| Cao et al. | Traffic Offloading Technology Based on DNN and UL CL in 5G-Adv Network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |