CN1260916C - Method for realizing virtual specific network in ATM network - Google Patents
Method for realizing virtual specific network in ATM network Download PDFInfo
- Publication number
- CN1260916C CN1260916C CN 02149112 CN02149112A CN1260916C CN 1260916 C CN1260916 C CN 1260916C CN 02149112 CN02149112 CN 02149112 CN 02149112 A CN02149112 A CN 02149112A CN 1260916 C CN1260916 C CN 1260916C
- Authority
- CN
- China
- Prior art keywords
- message
- vlan
- atm
- atm network
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Abstract
The present invention relates to a method for realizing VPN on an Ethernet three-layer exchanger and on an ATM PVC (permanent virtual chain circuit). The method for realizing VPN on ATM networks is characterized in that a message identifier for identifying a VLAN where a message is added in the transferred message; a message receiving side identifies the VLAN where the message is through the message identifier. The message is reduced to make different VLAN share a transmission chain circuit of the same ATM. The present invention extends the application of RFC1483 in Ethernet and especially brings great convenience for the network construction application of VLAN widely used in the current three-layer exchanger.
Description
Technical field
The present invention relates to network equipment agreement and realize the field, relate in particular to a kind ofly on atm network, realize the method for VPN(Virtual Private Network).
Technical background
On the interface card of related exchange equipment such as switch, three-tier switch, router, focusing mostly on greatly provides Ethernet interface at present, as the electricity mouth of 10M/100M, gigabit (GIGABIT) electricity mouth and light mouth, 10GE light mouth etc.Along with extensive uses in network such as three-tier switch, require to be applied in convergence-level, the Ethernet switch of backbone layer can have different interface types, to adapt to the requirement of access devices different in the present network environment.The many equipment of utilization has ATM switch in network at present, so atm interface is provided on switching equipment such as three-tier switch, router, can use atm network, realize interconnection and interflow with wide area network, it is the competitiveness that improves switching equipment at present, reduce the network operation cost, expand the operation scope of metropolitan area network, have very large meaning.
As shown in Figure 1, be to utilize ATM to realize the connection diagram of VPN at present, mainly be to utilize ATM Permanent Virtual Circuit (PVC) to realize VPN, promptly in atm network,, create a specific PVC link according to VPN user; Utilize the specific Frame of ATM PVC carrying: in inlet VPN edge device (ingress pe) side,, then message is packaged into ATM cell, is forwarded in the atm network with the forwarding peer-to-peer (fec) of user with the corresponding VPN user of specific PVC; In p equipment, only carry out common ATM and transmit; In outlet VPN edge side (egress pe), according to the PVC of cell, message is changed into specific VPN user's message, through ce equipment message is forwarded to the user of appointment then.
This method characteristics are: the corresponding PVC link of VPN user is exactly to determine by the identification to PVC to user's identification; Because each user is shone upon specific PVC chain in atm network, and using IP and PVC to shine upon, is not easily, can not carry out transparent transmission to Ethernet, and the assembling message is cumbersome.
Utilize the PVC link to guarantee that specific VPN user data frame is not subjected to the interference of network like this, protection user's data information; But waste PVC resource; Sign to the user is also not so good; And also good inadequately for the support of Ethernet, need carry out remapping of ATM PVC and VPN user's peer-to-peer (FEC).
Summary of the invention
Purpose of the present invention is exactly to utilize atm interface to realize a kind of method of VPN in order to solve at present on switching equipment.
The solution of the present invention is as follows:
A kind of method that on atm network, realizes VPN, it is characterized in that in the message that transmits, adding the message identification of a sign message place VLAN, receiving the message side, discern this message place VLAN by this message identification, with the message reduction, so that different VLAN can share the transmission link of same ATM.
The described method that realizes VPN on atm network specifically may further comprise the steps:
A, in data message, add the message identification of a sign message place VLAN, and described data message is sent in the atm network;
B, atm network are searched mapping table according to entrained message identification, find corresponding PVC cross-join;
C, message is forwarded to corresponding VLAN;
D, find the tag operational of mapping table correspondence, the line operate of going forward side by side, the reduction message, thus realize that different VLAN can share the transmission link of same ATM.
The described method that on atm network, realizes VPN, among the step b, also comprise a step of adding two layers or multilayer label, described two layers or multilayer label is used for the VLAN of further identity protocol message, the corresponding step that also comprised described two layers or multilayer label of processing before steps d.
The described method that realizes VPN on atm network before the steps d, to the processing of these two layers of labels, is with this label deletion.
The described method that realizes VPN on atm network before the steps d, to the processing of these two layers of labels, is that this label is carried out do-nothing operation.
The described method that realizes VPN on atm network sends to the step of atm network with data message, is finished by three-tier switch.
Described message is the form of 802.1q regulation.
The present invention can make full use of the mapping of PVC and the Ethernet 802.1Q data frame VLAN TAG of ATM, realizes the identification to VPN user, guarantees different user on the basis of building PVC less, safety, the transparent transmission of realization data.
Description of drawings
Fig. 1 is the implementation of VPN in the prior art;
Fig. 2 is a flow chart of the present invention;
Fig. 3 is a message forwarding schematic diagram of the present invention;
Fig. 4 is the forwarding schematic diagram that adopts the transparent transmission mode;
Fig. 5 is that a message of the embodiment of the invention is transmitted schematic diagram;
Fig. 6 is the transmission flow figure of the message of the embodiment of the invention;
Fig. 7 is the reception flow process of the message of the embodiment of the invention.
Embodiment
Below in conjunction with Figure of description the specific embodiment of the present invention is described.
Purpose of the present invention is exactly in order to solve on switching equipment, utilizes atm interface to realize a kind of method of VPN.It can make full use of the mapping of PVC and the Ethernet 802.1Q data frame VLAN TAG of ATM, realizes the identification to VPN user, guarantees different user on the basis of building PVC less, safety, the transparent transmission of realization data.This mapping mainly is the mapping between the VLAN TAG of the PVC (vpi/vci---vcc index) of ATM and 802.1q; So just can make full use of PVC is the link that a plurality of VLAN carry out VPN.
The present invention adds the message identification of a sign message place VLAN in the message that transmits, receiving the message side, discern this message place VLAN by this message identification, with this message reduction, so that different VLAN can share the transmission link of same ATM.
As shown in table 1, be the message that the present invention uses, as seen, the present invention has increased a sign TAG in being shown by this, and according to the suggestion of rfc1483, our invention is expanded this, can utilize the 802.1q protocol massages of ATM transparent transmission band TAG;
| ? ? 0xaa-aa-03 | 0x00- 80-c2 | 0x00-01 or 0x00-02 | DEST- MAC- ADDRE SS | ? ? SRC-MAC-ADDR | ? ? VLAN-TAG1 | ? ? VLAN-TAGn | Ethernet frame | ? ?LAN ?FCS |
Table one
Wherein have TAG and partly represent it is the part that expands, do like this, just can in ATM PVC, utilize VLAN TAG to distinguish different VLAN, guarantee that different VLAN share in same ATM transmission link, realized the data transparency transmission of different VLAN.
As shown in Figure 2, be the present invention realizes the virtual private network method on ATM flow chart, Fig. 3 is a network diagram that realizes Virtual Private Network on ATM.
The specific embodiment of the present invention can may further comprise the steps:
A, data message is sent in the atm network;
This step can be finished by the various network switching equipment, such as being router, also can be switch, can also be to use three-tier switch comparatively widely at present, have atm interface, can support that the equipment of at present general vpn service can.
B, atm network are searched mapping table according to entrained message identification, find corresponding PVC cross-join;
In this step, can also comprise a step of adding two layers or multilayer label, this two layers or multilayer label is used for the VLAN of further identity protocol message, in fact is exactly in table, in the corresponding ethernet data frame, adds one layer or more VLAN TAG again; Such as the TAG7 among Fig. 3, why adopt multiple TAG, be/or the carrying of multiple TAG dual in order to realize, have very important significance for the spatial limitation that solves number of tags like this, because 802.1qTAG has only the 4k size, can solve the problem of the size in TAG space by carrying multiple TAG.
C, message is forwarded to corresponding VLAN;
D, find the tag operational of mapping table correspondence, the line operate of going forward side by side, reduction message.
After Frame is finished reorganization, form index, obtain VLAN TAG with VPI/VCI; Obtain processing operation then to TAG.
The step of two layers or multilayer label of processing that comprises in this steps d, be with step b in add the corresponding operation of two layers or multilayer label.Wherein, comprise three kinds of above-mentioned operations: add TAG, deletion TAG, do-nothing operation.Adding operation is to add the TAG sign in data; Deletion action is for the reduction of data and reorganization, the sign that deletion is added previously; This do-nothing operation is that two layers or multilayer label is left intact, directly transparent data.
The meaning of this transparent transmission is to receive fully the VLAN tag from the subscriber equipment input, does not make any change, directly transparent transmission.This can protect user's oneself privately owned configuration.The user can divide plurality of V LAN at the professional operational characteristics of oneself in actual use, can utilize this do-nothing operation to be transparent to distant-end node then, has guaranteed the reliability of communication like this, has reduced the complexity of configuration, is exemplified below:
As shown in Figure 4, on the switch of user side, as long as the identical VLAN (each having identical VLAN such as Finance Department/production department/CEO Office) of configuration disposes (such as two mechanisms of a company at the user two ends, be distributed in Beijing, Shanghai) just directly communication.This base attribute of business that so just meets user oneself definition oneself among the vpn is utilized directly transmission of public network (atm network), is transmitted accordingly by user side switch (pe or ce) behind the opposite end.
Above-described data message is the form of 802.1q regulation.
Below in conjunction with our realization on three-tier switch, the present invention is described further and analysis.
Fig. 5 is the processing capacity module diagram that a message of the embodiment of the invention is transmitted; Mainly contain the physical interface module of ATM, ATM physical layer process module (FRAMER module), ATM reorganization segmentation and forwarding module (ATM forwarding module and SAR), forwarding chip, main processing of the present invention all realizes at ATM forwarding logic and SAR (Segment and Reassemble, Segmentation and Reassembly) part.
Because current three-tier switch forwarding chip (ASIC) mainly concentrates on the Ethernet interface at present, many Wide Area Network interface can not provide.So we are in order to realize atm interface, as shown in Figure 5, present embodiment has adopted following pass-through mode:
In design, in order to realize interpolation/deletion/do-nothing operation of the VLANTAG of TAG in the LLC/SNAP frame of the AAL5 that is implemented in ATM, we have done following work on forwarding process, and step is as follows:
We are called downstream operation with message from the operation that forwarding chip sends to the ATM physical interface; Operation from the ATM physical interface to forwarding chip is called upstream operation, and then this message is transmitted and can be may further comprise the steps:
A, the Ethernet data message is forwarded in the ATM forwarding logic by forwarding chip;
In descending, we require forwarding chip ethernet data frame can be carried VLAN TAG and is forwarded in the ATM forwarding logic through the GMII bus.This realization is accomplished than being easier to most of forwarding chips, is exemplified below:
Separately as a VLAN 3, configuration is as follows in the QUIDWAY of Huawei series of switch with atm port:
<CONFIG〉#〉VLAN 3 # (creating VLAN 3)
<VLAN 3〉#SWITCH PORT ATM3/0/1 (this VLAN comprises port ATM 3/0/1)
Then with ATM 3/0/1 port as a VLAN trunk port.When other VLAN is set, when needs use the PVC of atm link and far-end to carry out communication, with the port member of ATM 3/0/1 as this VLAN.Example is as follows:
<CONFIG〉#〉VLAN 1000#<establishment VLAN 1000 〉
<VLAN 1000〉##〉#<with gi2/0/1gi2/0/3, ATM 3/0/1 is as the port member of VLAN 1000 for switch port gi2/0/1 gi2/0/3 ATM3/0/1 〉;
After setting up, utilize the MAC address learning of chip, just message can be forwarded to atm port, transmit.
B, in the ATM forwarding logic, according to entrained message identification, search mapping table, find corresponding PVC cross-join;
In the ATM forwarding logic, we need be according to entrained VLAN-TAG, and the VLAN-TAG---PVC mapping table of tabling look-up finds corresponding VCC (PVC cross-join); Find corresponding tag operational, just above-mentioned interpolation/deletion and do-nothing operation according to this table simultaneously.Wherein:
Adding TAG----is exactly in table, in the corresponding ethernet data frame, adds one layer or more VLANTAG again; So just can realize dual/or the carrying of multiple TAG, have very important significance for the spatial limitation that solves number of tags like this,, can solve the problem of the size in TAG space by carrying multiple TAG because 802.1qTAG has only the 4k size.Networking is used as shown in Figure 2;
TAG-----is under this interface in deletion, carries out the deletion of label, or at the network that does not have label to support, removes label, and ethernet data frame is carried out transparent transmission.
------carries out the do-nothing operation of label under this interface, like this transparent transmission 802.1Q Frame in do-nothing operation.Realize that a PVC can corresponding a plurality of VLAN.Especially for the application of enterprise network, very convenient, flexibly.
C, message is forwarded to corresponding VLAN by atm network;
D, find the tag operational of mapping table correspondence, the line operate of going forward side by side, reduction message.
Fig. 6 and Fig. 7 are the flow charts of present embodiment, and wherein Fig. 6 is the detailed description of downstream operation among Fig. 5, and Fig. 7 is the detailed description of upstream operation among Fig. 5.Can see that from flow chart present embodiment is in up, Frame forms index with VPI/VCI after reorganization is finished in ATM SAR unit, obtain VLAN TAG; Obtain operation then, comprise three kinds of above-mentioned operations: add TAG, deletion TAG, do-nothing operation TAG.
Handling process among Fig. 6 is:
A. the down direction forwarding chip is received the Ethernet message from the FE/GE port;
B. forwarding chip is inquired about according to the purpose MAC of Ethernet message, finds that this message should be forwarded to atm port, just is forwarded to this port with this message;
After the c.ATM forwarding module is received this message, analyze the VLAN of message, table look-up with this VLAN and shine upon the VPI/VCI that obtains this VLAN correspondence;
D. use the VPI/VCI that finds to check the attribute of this data flow, obtain this data flow need be added VLAN TAG7 in the porch operation;
Operation indication and VLAN TAG7 that the e.ATM forwarding module just obtains according to the d step are added on VLAN TAG7 in the former message;
F.ATM SAR module is carried out staged operation with the message that has added behind the VLAN TAG7; The ATM forwarding module ATM cell of burst is forwarded to the atm interface module by FRAMER, sends to atm network then.
Handling process among Fig. 7 is:
The a.ATM interface module receives ATM cell, obtains Ethernet message wherein after ATM SAR partly carries out the ATM reorganization;
B. the VPI/VCI according to this message place tables look-up, and the attribute that obtains this data flow is the VLAN TAG7 in the Ethernet message will be deleted in the exit;
C. according to the operation indication VLAN TAG7 in the Ethernet message is deleted;
D. the Ethernet message that will delete VLAN TAG7 is forwarded to forwarding chip;
E. forwarding chip is transmitted processing according to the purpose MAC of Ethernet message, is forwarded to corresponding FE/GE port.
In the realization of software, we have carried out following design:
1) we are divided into two configuration plane with the configuration of software for the VLAN of the PVC of ATM and Ethernet.ATM plane and ethernet vlan plane.
In the ATM configuration plane, we are configured PVC separately; In the VLAN configuration plane, we also dispose VLAN separately, and we are shining upon VLAN and PVC then, and the result of shining upon is configured in the PVC-VLAN TAG table.
Implementation method of the present invention has expanded the application of RFC1483 in Ethernet, especially use for the networking of widely used VLAN in the present three-tier switch, bring great convenience, it makes atm interface not only can be applied on router device or the ATM switch equipment, but also can be used on the three-tier switch, expanded the range of application of three-tier switch, for atm interface as wan interface, realize interconnecting between the enterprise VPN, have very big realistic meaning.
The above; only for the preferable embodiment of the present invention, but protection scope of the present invention is not limited thereto, and anyly is familiar with those skilled in the art in the technical scope that the present invention discloses; the variation that can expect easily or replacement all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of claims.
Claims (6)
1. method that realizes VPN on atm network is characterized in that may further comprise the steps:
A, in data message, add the message identification of a sign message place VLAN, and described data message is sent in the atm network;
B, atm network are searched mapping table according to entrained message identification, find corresponding PVC cross-join;
C, receiving the message side, discern this message place VLAN by this message identification, message is forwarded to corresponding VLAN;
D, find the tag operational of mapping table correspondence, the line operate of going forward side by side, the reduction message, thus realize that different VLAN can share the transmission link of same ATM.
2. the method that on atm network, realizes VPN as claimed in claim 1, it is characterized in that among the described step b, also comprise a step of adding two layers or multilayer label, described two layers or multilayer label is used for the VLAN of further identity protocol message, the corresponding step that also comprised described two layers or multilayer label of processing before steps d.
3. the method that realizes VPN on atm network as claimed in claim 2 is characterized in that before the described steps d, to the processing of these two layers of labels, is with this label deletion.
4. the method that realizes VPN on atm network as claimed in claim 2 is characterized in that before the described steps d, to the processing of these two layers of labels, is that this label is carried out do-nothing operation.
5. as any described method that on atm network, realizes VPN of claim 1-4, it is characterized in that described data message being sent to the step of atm network, finish by three-tier switch.
6. as any described method that on atm network, realizes VPN of claim 1-4, it is characterized in that described message, be the form of 802.1q regulation.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 02149112 CN1260916C (en) | 2002-11-21 | 2002-11-21 | Method for realizing virtual specific network in ATM network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 02149112 CN1260916C (en) | 2002-11-21 | 2002-11-21 | Method for realizing virtual specific network in ATM network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1503514A CN1503514A (en) | 2004-06-09 |
| CN1260916C true CN1260916C (en) | 2006-06-21 |
Family
ID=34233505
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 02149112 Expired - Fee Related CN1260916C (en) | 2002-11-21 | 2002-11-21 | Method for realizing virtual specific network in ATM network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1260916C (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100446503C (en) * | 2005-03-22 | 2008-12-24 | 杭州华三通信技术有限公司 | Enhanced VPN network optimization method and apparatus |
| CN101483641B (en) * | 2005-11-09 | 2012-11-21 | 华为技术有限公司 | Method for bearing multiple services on a permanent virtual connection |
| CN101102261A (en) * | 2006-07-03 | 2008-01-09 | 华为技术有限公司 | Method and device for Ethernet carrier asynchronization transmission mode |
| CN101355514B (en) * | 2008-09-03 | 2011-03-16 | 中兴通讯股份有限公司 | Method for transmitting data packet with VLAN label in two-layer VPN |
| CN101800945A (en) * | 2009-02-11 | 2010-08-11 | 阿尔卡特朗讯 | Method and device for distinguishing user equipment sharing identical public user identifier |
| CN103634213B (en) * | 2013-11-04 | 2017-04-19 | 天津汉柏信息技术有限公司 | Message forwarding method |
| CN110535746B (en) * | 2019-09-04 | 2021-10-22 | 达闼机器人有限公司 | Virtual private network VPN sharing method and device, electronic equipment and storage medium |
-
2002
- 2002-11-21 CN CN 02149112 patent/CN1260916C/en not_active Expired - Fee Related
Also Published As
| Publication number | Publication date |
|---|---|
| CN1503514A (en) | 2004-06-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1286297C (en) | Method of realizing sign delivery of user's position | |
| CN1125545C (en) | Data forwarding method for implementing virtual channel transmission in LAN | |
| CN1199400C (en) | Master-standby switching and load sharing system and method based on Ethernet access platform | |
| CN1863133A (en) | Method and apparatus for transmitting message | |
| CN1077832A (en) | Combined terminal adapter for smds and frame relay high speed data services | |
| CN1708957A (en) | Multi- tiered virtual local area network (VLAN) domain mapping mechanism | |
| CN1832443A (en) | Method for reducing VPN network arranging | |
| CN1838627A (en) | Method for realizing QinQ access | |
| CN1913523A (en) | Method for implementing layer level virtual private exchange service | |
| JP2005341591A (en) | Virtual private network, and multi-service provisioning platform and method | |
| CN1866923A (en) | Method and system for realizing binding interface edge-to-edge pseudo wire simulation service | |
| CN101056246A (en) | A method and device for realizing the load share | |
| CN1809032A (en) | Method of dynamically learning address on MAC layer | |
| CN1866904A (en) | Method and apparatus for astringing two layer MAC address | |
| CN1925456A (en) | System and method for realizing multi-service stack virtual local area network and method of use thereof | |
| CN101056267A (en) | Layer 2 forwarding method and forwarding device | |
| CN1691629A (en) | Method for implementing layer-2 equipment interconnection in resilient packet ring (RPR) based network | |
| CN1260916C (en) | Method for realizing virtual specific network in ATM network | |
| CN1863127A (en) | Method for core network access to multi-protocol sign exchange virtual special network | |
| CN101079775A (en) | Method for dividing virtual LAN, data transfer and wireless packet gateway | |
| CN1741499A (en) | Virtual circuit exchanging method based on MAC studying | |
| CN100446503C (en) | Enhanced VPN network optimization method and apparatus | |
| CN103457824A (en) | Message processing method and device | |
| CN1863089A (en) | Method for configurating slave node of virtual LAN | |
| CN1185831C (en) | Method for managing users in wide hand city network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20060621 Termination date: 20151121 |