CN1266887C - Virtual switch for supplying virtual LAN service and method - Google Patents
Virtual switch for supplying virtual LAN service and method Download PDFInfo
- Publication number
- CN1266887C CN1266887C CN 02123964 CN02123964A CN1266887C CN 1266887 C CN1266887 C CN 1266887C CN 02123964 CN02123964 CN 02123964 CN 02123964 A CN02123964 A CN 02123964A CN 1266887 C CN1266887 C CN 1266887C
- Authority
- CN
- China
- Prior art keywords
- virtual switch
- tunnel
- virtual
- ether
- layer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
The present invention relates to a virtual switch and a method for providing the virtual private local area network segment(VPLS)service, and the virtual switch comprises an ATM interface module, an Ether interface module, an Ether switching module and a three-layer tunnel interface module, wherein the three-layer tunnel interface module is connected with the Ether switching module, and completes the layer 3 tunnel protocol processing. In the method of using the virtual switch (VS) for spanning an IP wide area network and providing the virtual private local area network segment (VPLS)service, IP tunnels are established between different virtual switches by using the layer 3 tunnel protocol, and channels which take Ether packet data as the load of IP packets, and carry out transparent transmission are provided; Ether packet data needed to be transferred is encapsulated with the layer 3 tunnel protocol, namely that the Ether packets are encapsulated in IP messages for being forwarded, and the interconnection of the virtual switches spanning the IP network is completed. The present invention makes the virtual switch be capable of providing the virtual private local area network segment service under the environment of a plurality of networks, such as ATM networks, Ethernets and IP networks, and enhances the networking capability and the application area of the virtual switch.
Description
Technical field
The present invention relates to a kind of virtual switch and method that virtual LAN service is provided, belong to broadband network technology field in the data communication.
Background technology
Broadband network develops rapidly, and modern enterprise and government bodies need interconnect the computer network of a plurality of offices.Distance between these offices may be from one, two kilometer to several thousand kilometers, and the information point quantity in each place (that is: the number of computers of networking) is from several to thousands of.Typical major company need form the computer network that spreads all over the country, and the number of networked computer reaches several ten thousand.By enterprise's laying-out voluntarily, the dedicated network of building oneself separately is obviously very uneconomical, also unreasonable.Normally buy Virtual Private Network (VPN, the virtual private network) service that ISP (ISP, Internet Service Provider) provides, be used to set up the dedicated network of enterprise oneself by enterprise.
At present, Virtual Private Network VPN comprises four types:
(1) Virtual Private Dialup Network (VPDN, Virtual Private Dial Networks): the user utilizes Dial-up Network visit enterprise data center, each user obtains a privately owned address from enterprise data center, but user data can be crossed over public data network and transmits.
(2) virtual leased line (VLL, Virtual Lease Line): the simplest VPN type simulates a special line by IP tunnel between the two ends.
(3) virtual privately owned route network (VPRN, Virtual Private Routed Networks): enterprise utilizes public data network to set up the private firm's network of oneself, and the user can freely plan address between each branch of enterprise, routing policy, security mechanism etc.
(4) virtual private LAN section (VPLS, Virtual Private LAN Segment) a: local area network (LAN) that utilizes Internet to simulate.
Virtual switch (VS, virtual switch) is the functional entity that generates by configuration on the network equipment, and it can finish the function of Ethernet switch.Virtual switch is a kind of technological means that realizes virtual private network (VPN).Can mark off a plurality of virtual switches on a network equipment, each virtual switch can be realized virtual private LAN section (VPLS) business.At present, ATM and ethernet interconnect can only be crossed over by the Virtual Private Network system that utilizes virtual switch to realize, can not cross over IP network and interconnect.
One group of tables of data independently on the corresponding network equipment of each virtual switch, they comprise that virtual switch inserts channel table, virtual switch is transmitted control table, virtual switch address swap table.Wherein insert channel table and preserve the information of the data forwarding passage that belongs to this virtual switch, these information are called the port of virtual switch again.Transmit a port that control table preserves virtual switch whether can with the controlled flag of other port data intercommunications of same virtual switch.The address swap table is preserved the corresponding relation of ether address and virtual switch port.
The network equipment determines to handle the virtual switch of these data according to the port information that receives data.Look into " address swap table " at the destination address that virtual switch internal condition ethernet packet header carries and obtain outbound port information.If outbound port can with the inbound port intercommunication, then packet is forwarded to outbound port; The Address of outgoing port that does not have coupling if table look-up then can be transmitted with other ports of this inbound port intercommunication to all of this virtual switch.Each virtual switch has independently ethernet address study and function is eliminated in the address.Ethernet address that each virtual switch uses and shared system resource are to isolate mutually.Any one virtual switch all can not be subjected to the influence of other virtual switches, guarantees each Virtual Private Network safety of data.
Virtual switch is applied to the virtual private LAN section business is provided on atm device at first, so virtual switch system only has the ATM access function at first.Afterwards, virtual switch has added the function that ether inserts.Existing virtual switch system is made up of atm interface module, ether interface module and ether Switching Module.Insert for ATM, user data uses the 1483B protocol encapsulation to be input to the atm interface module, and the atm interface module is removed the 1483B encapsulation of packet, and taking-up ether bag data are given the ether Switching Module and handled.Insert for ether, user data is input to ether interface by the encapsulation of 802.Q standard and touches piece, and the ether interface module is removed the 802.Q encapsulation, and taking-up ether bag data are given the ether Switching Module and handled.In data when output,, if outbound port is an atm port, then the ether Switching Module is given the atm interface module ether bag data and is carried out sending after the 1483B encapsulation; If outbound port is the ether port, then the ether Switching Module is given ether bag data and is sent after the ether interface module encapsulates by the 802.Q standard.
At present when utilizing virtual switch to set up the virtual private LAN section, if two branches of user are connected respectively on the virtual switch that is positioned at two different network equipments, so, ATM net or Ethernet can only be crossed between these two virtual switches and interconnection could be realized.Because IP network is sought route according to the 3rd layer of information (IP address) when transmitting data.Therefore, the packet that sends from existing virtual switch system encapsulates through 1483B or 802.Q, can't be forwarded on IP network.Even encapsulation is the IP message in this packet, the IP address is the private net address of enterprises, also can't correctly be transmitted by equipment on the public network.
But because development of internet technology, the IP technology is dominate gradually, and the application of IP network and distribution are considerably beyond the ATM net.The defective that the packet that existing virtual switch sends can't be forwarded on IP network has greatly limited the development and the application of Virtual Private Network (VPN), has become the bottleneck of the market application of being badly in need of insider's solution and overcoming.
Summary of the invention
The purpose of this invention is to provide a kind of can overcome the prior art defective, provide virtual LAN (VPLS) professional virtual switch, to adapt to the communication environment of coexistence such as the multiple network that comprises ATM net, Ethernet and IP network at present.
Another object of the present invention provides a kind of virtual switch (VS) that utilizes provides virtual private LAN section (VPLS) professional method.
The object of the present invention is achieved like this: a kind of virtual switch that virtual LAN (VPLS) business is provided, and this virtual switch includes: atm interface module, ether interface module and ether Switching Module; It is characterized in that: this virtual switch also is provided with the three layer tunnel interface module that is connected with the ether Switching Module, finish the layer 3 Tunnel protocol processing, and this three layer tunnel interface module setting and maintenance have: three layer tunnel encapsulating sheet and key-virtual switch port binding table.
Described three layer tunnel encapsulating sheet stores the key value of tunnel local terminal, the IP address of opposite end, tunnel and the key value of opposite end, tunnel.
Described key-virtual switch port binding table stores the key value of this section of three layer tunnel, and the virtual switch sequence number and the virtual switch port sequence number of binding with it; The key value of this section of three layer tunnel and have one-to-one relationship with the virtual switch sequence number and the port sequence number thereof of its binding.
Described three layer tunnel interface module by its termination layer 3 Tunnel protocol, is taken out the ether bag of tunnel transmission for the data of input, and delivers the ether Switching Module and exchange; Touch piece when output as the ether bag from the three layer tunnel interface, the ether bag is carried out tunnel encapsulation, give IP forward module then and transmitted by it.
Described ether Switching Module is the core of this virtual switch system, is used to finish the function of exchange of management of virtual switch list item and ether bag.
This ether Switching Module is provided with one group of independently corresponding with virtual switch tables of data, when receiving from data that ATM, ether or three layer tunnel interface module are come, search corresponding virtual switch table according to the port information that carries in the data, transmit according to the information searching port of this virtual switch table record then.
Another goal of the invention of the present invention is achieved in that a kind of virtual switch (VS) that utilizes provides virtual private LAN section (VPLS) professional method, is characterized in that:
(1) between different virtual switches, uses layer 3 Tunnel protocol to set up three layer tunnel, the passage that ether bag data is carried out transparent transmission as the load of IP packet is provided;
(2) the ether bag data that needs are transmitted are carried out the layer 3 Tunnel protocol encapsulation, and transmit by three layer tunnel.
Described step (2) further comprises:
(21) local network device takes out the ether bag according to the ingress port information that receives data, and gives the local virtual switch it;
(22) after the local virtual switch is received the ether bag, this packet switch is gone to the output port corresponding with three layer tunnel according to purpose ether address;
(23) the three layer tunnel interface module obtains the layer 3 Tunnel protocol packaging information according to the output slogan, stipulate to add three layer tunnel sign-generic route encapsulation gre tunneling head and IP head by layer 3 Tunnel protocol then, and send by three layer tunnel to this ether bag;
(24) the three layer tunnel forwarding module of destination network equipment is received the IP message that sends by three layer tunnel, determines the destination virtual switch according to three layer tunnel sign and IP head, takes out the ether bag and gives the destination virtual switch;
(25) the destination virtual switch is delivered to destination network equipment to the ether bag.
The described employed layer 3 Tunnel protocol of IP tunnel of setting up includes: generic route encapsulation (GRE, Generic Routing Encapsulation) tunnel protocol, multi protocol label exchange (MPLS, MultiprotocolLabel Switching) technology and internet protocol secure (IPsec, Internet Protocol Security) technology.
Described three layer tunnel is designated generic route encapsulation (GRE) tunnel head.
Described IP head contains the IP address of the three layer tunnel interface module of three layer tunnel opposite end, is provided with verification and territory and key territory in the three layer tunnel sign, and verification uses the territory must be set to 1 with use territory and key.
Described verification and territory be used for to three layer tunnel sign and the check of ether bag data computation with, described key is provided with the key value that indicates three layer tunnel uniquely in the territory, and this key value is used for determining uniquely and the virtual switch sequence number of tunnel binding and the port sequence number of this virtual switch.
Can carry the authorization information that verification is used when being used for the three layer tunnel interface modules handle in the described key territory, prevent the attack of outer bound pair virtual private LAN section.
The characteristics of system of the present invention are to increase new functional interface module in original virtual switch system: the three layer tunnel interface module, thereby expanded the networking capability of original virtual exchange system, make the virtual switch system of expansion under the communication network environment of ATM, ether and IP number of different types, provide the virtual private LAN section business, strengthened the networking capability and the range of application of virtual switch.
The characteristics of the inventive method are to create three layer tunnel between virtual switch, make the virtual switch that is on the above-mentioned heterogeneous networks equipment can cross over wide area network forwarding ether bag, the method for utilizing virtual switch to set up the virtual private LAN section at wide area network is provided.This method is little to the influence of original virtual switch system, makes virtual switch system have very strong extensibility.The present invention can be applicable to equipment such as the access server equipment, edge service router of data communication field, has good application prospects.
Description of drawings
Fig. 1 is the virtual switch system structural representation that virtual LAN service is provided of the present invention.
Fig. 2 is the data message form schematic diagram that the IP of utilization agreement of the present invention transmits the ether bag.
Fig. 3 is a gre tunneling capitiform formula schematic diagram in the ether bag that uses of the present invention among Fig. 2.
Fig. 4 is that the embodiment of system of the present invention uses the networking schematic diagram.
Embodiment
Referring to the virtual switch system structure chart after the present invention's expansion shown in Figure 1, the present invention is a kind of virtual switch system that virtual LAN (VPLS) business is provided, it is on the basis of atm interface module 1, ether interface module 2 and ether Switching Module 3 at existing virtual switch, increased by 3 that be connected with the ether Switching Module, finish the three layer tunnel interface module 4 that layer 3 Tunnel protocol is handled.
Wherein atm interface module 1 is used to handle the 1483B agreement: when data are imported, remove the 1483B encapsulation of input data and take out the ether bag, and give the ether Switching Module ether bag and exchange; When output ether bag, then the ether bag is added the 1483B encapsulation, send by atm interface then.Ether interface module 2 is used to handle the 802.Q standard: when data are imported, remove the 802.Q encapsulation of input data and take out the ether bag, and give the ether Switching Module ether bag and exchange; When output ether bag, then the ether bag is added the 802.Q encapsulation, send by ether interface then.4 processing of finishing layer 3 Tunnel protocol of three layer tunnel interface module.This three layer tunnel interface module 4 is provided with and safeguards has three layer tunnel encapsulating sheet and key (key)-virtual switch port binding table, three layer tunnel encapsulating sheet to store key (key) value of tunnel local terminal, the IP address of opposite end, tunnel and key (key) value of opposite end, tunnel.Key (key)-virtual switch port binding table stores key (key) value of three layer tunnel local terminal, and the virtual switch sequence number and the virtual switch port sequence number of binding with it; The key of this section of three layer tunnel (key) value and have one-to-one relationship with the virtual switch sequence number and the port sequence number thereof of its binding.Three layer tunnel interface module 4 by its termination layer 3 Tunnel protocol, is taken out the ether bag of tunnel transmission for the data of input, and delivers the ether Switching Module and exchange; When ether Bao Yaocong three layer tunnel interface is touched piece output, by it ether bag is carried out tunnel encapsulation, give IP forward module then and transmitted.
Ether Switching Module 3 is cores of this virtual switch system, is used to finish the function of exchange of management of virtual switch list item and ether bag.Ether Switching Module 3 is provided with one group of independently corresponding with virtual switch tables of data, when receiving from data that ATM, ether or three layer tunnel interface module are come, search corresponding virtual switch table according to the port information that carries in the data, transmit according to the information searching port of this virtual switch table record then.If find, then transmit to this port, otherwise, transmit to the port that reaches that this virtual switch is all.
Each bar fine line among Fig. 1 has shown the interconnection that can realize crossing over ATM net, Ethernet and IP network respectively from the packet of number of different types communication networks such as ATM, ether or IP network by virtual switch of the present invention, the virtual private LAN section business is provided, has strengthened the networking capability and the range of application of virtual switch of the present invention greatly.
For making up Virtual Private Network (VPN), network tunnel (Tunnelling) technology is a key.The network tunnel technology is meant utilizes a kind of procotol to transmit another kind of procotol, and Virtual Private Network (VPN) mainly utilizes the network tunnel agreement to realize its function.The virtual switch (VS) that utilizes of the present invention is crossed over the method that wide area network provides virtual private LAN section (VPLS) business, utilize layer 3 Tunnel protocol exactly, internet engineering task group (IETF for example, Internet Engineering Task Force) generic route encapsulation (GRE that in RFC1701, proposes, Generic Routing Encapsulation) tunnel protocol, and multiprotocol label switching (mpls) technology and Internet protocol security (IPsec, Internet ProtocolSecurity) technology etc., ether bag data are carried out transparent transmission as the load of IP packet realize that present embodiment is an example with the gre tunneling agreement.
Referring to the form of the packed whole message of the present invention shown in Figure 2, it is that start-up portion in these ether bag data encapsulates three layer tunnel sign (being the gre tunneling head in the present embodiment) and IP head respectively.Wherein the IP head contains the IP address of the three layer tunnel interface module of gre tunneling opposite end, the form of gre tunneling head is then referring to shown in Figure 3, wherein C (bit 0) is verification and use (checksum present): if verification and use position are set to 1, comprise verification and territory in the gre tunneling head so, and be provided with effective value.R (bit 1) is that route is used (Routing Present): if route uses the position to be set to 1, then show to have comprised side-play amount territory (offset field) and routed domain (routing fields) in the gre tunneling head, and be provided with effective value.K (bit 2) is that key uses (key present): if key uses the position to be set to 1, then show to have comprised key territory (key field) in the gre tunneling head, otherwise the gre tunneling head does not contain the key territory.S (bit 3) is that sequence number uses (sequence number present): if sequence number uses the position to be set to 1, then show to have comprised sequence number territory (sequence number field) in the gre tunneling head, otherwise the gre tunneling head does not contain the sequence number territory.S (bit 4) is strict source routing (strict source route): if all routing iinformations all are made up of strict source routing, then recommend this bit to be set to 1.Recur (bit 5-7) is recurrence control (rescursion control): the signless integer that it comprises one 3 bit illustrate the number of times of the additional encapsulation of permission.This value should defaultly be made as 0.Flage (bit 8-12) is the territory of using reservation for future, and Flage must be set to 0.Ver (bit 13-15) is version number (version number): the version number territory must be set to 0.Protocol Type (2 byte) is a protocol type: the protocol type territory has comprised the protocol type of load message (payload packet).Protocol type of the present invention (Protocol Type) is set to according to the RFC1701 regulation: 6558.Checksum (2 byte) be verification and: verification and territory comprised to the IP of gre tunneling head and load message check and.Sequence Number (4 byte) is a sequence number: the integer that the sequence number territory comprises no symbol 32 bits, inserted by encapsulation person.Can the person of being received be used for determining that encapsulation person sends to recipient's message sequence.Offset (2 byte) is a side-play amount: the side-play amount territory has illustrated the side-play amount (its unit is a byte) from routed domain (routing field) section start to first byte of effective route route entry (activesource route entry) that needs check.Key (4 byte) is a key: the key territory comprises a numeral by the nybble of encapsulation person's insertion, and the recipient can use it to verify message sender's identity.Routing: route (variable length): routed domain is the tabulation of source routing item (source routeentry).
According to the explanation of RFC1701, verification and, side-play amount, key, route and sequence number territory all be optional.But the present invention must include verification and territory and key territory in the gre tunneling head when using the GRE agreement message is encapsulated, and verification and use and key use the territory must be set to 1.Side-play amount, route and sequence number territory then can be selected for use according to actual needs.
For the correctness that guarantees that data transmit, the present invention is provided with verification and (Checksum) territory in the GRE head, to gre tunneling head and the check of ether bag data computation and.In order to guarantee to transmit safety of data in virtual private LAN, the present invention is provided with key (Key) territory again in the gre tunneling head.Use this key (Key) territory can guarantee the fail safe of virtual private LAN section from two aspects:
1, can assist the band authorization information in key (Key) territory.Three layer tunnel interface module in the virtual switch of the present invention only can be handled the IP message that gre tunneling carries correct verification information in front, and other messages all are dropped.Can prevent the attack of outer bound pair virtual private LAN section like this.
2, the ether Switching Module in each virtual switch can configure a plurality of virtual switches, and these a plurality of virtual switches are shared a three layer tunnel interface module.In order to guarantee the isolation of each virtual private LAN segment data, need the mechanism of each gre tunneling and the binding of its corresponding virtual switch.The method that the present invention taked is: the management system of the network equipment is that different gre tunnelings distributes different key (Key) values, and key (Key) value that indicates this gre tunneling uniquely can be set in the key in each gre tunneling (Key) territory, this key (Key) value can be used for unique definite and the virtual switch sequence number of tunnel binding and the port sequence number of this virtual switch.Like this, when the three layer tunnel interface module is found key (Key) value of gre tunneling head, just can search the binding relationship table of key (Key) and virtual switch port, the ether bag is delivered to correct virtual switch exchange, thereby can distinguish the safety that transmits data in different user and the assurance virtual private LAN end.
Following brief description three layer tunnel interface module is to the handling process of packet: establish certain enterprise and be respectively equipped with A branch and B branch in A, B two places, use virtual switch system to set up the virtual private LAN section.Being provided with the IP wide area network between A, the B two places connects.ISP (is designated as A-VS for this enterprise disposes two virtual switches respectively on the network equipment of A, B two places, B-VS), and two branches of this enterprise are linked on the corresponding virtual switch, can use ATM to insert or the ether access way.Then, ISP disposes a gre tunneling of crossing over the IP wide area network between two virtual switch A-VS and B-VS, and key (Key) value is noted with the binding relationship of corresponding virtual switch port.
A branch transmission ether bag to the handling process of B branch is:.
(1) A zone network equipment takes out the ether bag according to the ingress port information that receives data, and gives local virtual switch A-VS it.
(2) after local virtual switch A-VS receives the ether bag, this packet switch is gone to the output port corresponding with gre tunneling according to purpose ether address.
(3) the three layer tunnel interface module is searched " key (Key)-virtual switch port binding table " according to the output slogan and is obtained key (Key) value, search " gre tunneling encapsulating sheet " by key (Key) value again and obtain GRE protocol encapsulation information, as the IP address and key (Key) value of this opposite end, tunnel, stipulate to add gre tunneling head and IP head by the gre tunneling agreement then to this ether bag.
(4) the three layer tunnel interface module is given the IP forward module forwarding IP message of carrying ether bag.
(5) the three layer tunnel forwarding module of B zone network equipment is received the IP message that A-VS sends by gre tunneling, analyzes the message that this message is the gre tunneling protocol encapsulation according to the protocol number in the IP head.
(6) the three layer tunnel interface module continue to be analyzed gre tunneling head content: utilize verification and territory in the gre tunneling head to check the correctness of message data, utilize key in the gre tunneling head (Key) value to verify the identity of transmitting apparatus; If message is made mistakes or transmit leg does not pass through checking, then dropping packets.
(7) the three layer tunnel interface module is searched " key (Key)-virtual switch port binding table " according to key (Key) value in the gre tunneling head, determine and to give local virtual switch b-VS this ether bag, remove the GRE encapsulation of message subsequently, take out the ether bag and give local virtual switch b-VS.
(8) local virtual switch b-VS searches virtual switch address swap table, on the port that the ether bag is delivered to this enterprise B branch links to each other.
Like this, this enterprise B branch just receives the ether bag that A branch sends.It is identical therewith to the flow process of A branch that B branch sends the ether bag, repeats no more.
Application Example schematic diagram referring to system of the present invention shown in Figure 4: each breakout of intranet user is by Digital Subscriber Line access server (DSLAM, Digital Subscriber Liner Multiplexer) Asymmetrical Digital Subscriber Line (ADSL, Asymmetric Digital Subscriber Loop) inserts or the ether access way of LAN gateway (LAN Switch) is linked on the virtual switch of edge service node of ISP.The virtual switch of these different edge service nodes can utilize the atm interface module to cross over ATM backbone and interconnect; Also can utilize the ether interface module to cross over Ethernet interconnects; Can also utilize three layer tunnel interface module of the present invention to set up gre tunneling leap IP wide area network interconnects.
Claims (13)
1, a kind ofly provide virtual LAN VPLS the virtual switch of business, this virtual switch includes: atm interface module, ether interface module and ether Switching Module; It is characterized in that: this virtual switch also is provided with the three layer tunnel interface module that is connected with the ether Switching Module, finish the layer 3 Tunnel protocol processing, and this three layer tunnel interface module setting and maintenance have: three layer tunnel encapsulating sheet and key-virtual switch port binding table.
2, the virtual switch that virtual LAN service is provided according to claim 1 is characterized in that: described three layer tunnel encapsulating sheet stores the key value of tunnel local terminal, the IP address of opposite end, tunnel and the key value of opposite end, tunnel.
3, the virtual switch that virtual LAN service is provided according to claim 1, it is characterized in that: described key-virtual switch port binding table stores the key value of this section of three layer tunnel, and the virtual switch sequence number and the virtual switch port sequence number of binding with it; The key value of this section of three layer tunnel and have one-to-one relationship with the virtual switch sequence number and the port sequence number thereof of its binding.
4, the virtual switch that virtual LAN service is provided according to claim 1, it is characterized in that: described three layer tunnel interface module is for the data of input, by its termination layer 3 Tunnel protocol, take out the ether bag of tunnel transmission, and deliver the ether Switching Module and exchange; Touch piece when output as the ether bag from the three layer tunnel interface, the ether bag is carried out tunnel encapsulation, give IP forward module then and transmitted by it.
5, the virtual switch that virtual LAN service is provided according to claim 1, it is characterized in that: described ether Switching Module is the core of this virtual switch system, is used to finish the function of exchange of management of virtual switch list item and ether bag.
6, the virtual switch of virtual LAN service is provided according to claim 1 or 5, it is characterized in that: this ether Switching Module is provided with one group of independently corresponding with virtual switch tables of data, when receiving from data that ATM, ether or three layer tunnel interface module are come, search corresponding virtual switch table according to the port information that carries in the data, transmit according to the information searching port of this virtual switch table record then.
7, a kind of virtual switch VS that utilizes provides virtual private LAN section VPLS the method for business, it is characterized in that:
(1) between different virtual switches, uses layer 3 Tunnel protocol to set up three layer tunnel, the passage that ether bag data is carried out transparent transmission as the load of IP packet is provided;
(2) the ether bag data that needs are transmitted are carried out the layer 3 Tunnel protocol encapsulation, and transmit by three layer tunnel.
8, leap IP wide area network according to claim 7 provides the method for virtual private LAN section business, and it is characterized in that: described step (2) further comprises:
(21) local network device takes out the ether bag according to the ingress port information that receives data, and gives the local virtual switch it;
(22) after the local virtual switch is received the ether bag, this packet switch is gone to the output port corresponding with three layer tunnel according to purpose ether address;
(23) the three layer tunnel interface module obtains the layer 3 Tunnel protocol packaging information according to the output slogan, stipulate to add three layer tunnel sign-generic route encapsulation gre tunneling head and IP head by layer 3 Tunnel protocol then, and send by three layer tunnel to this ether bag;
(24) the three layer tunnel forwarding module of destination network equipment is received the IP message that sends by three layer tunnel, determines the destination virtual switch according to three layer tunnel sign and IP head, takes out the ether bag and gives the destination virtual switch;
(25) the destination virtual switch is delivered to destination network equipment to the ether bag.
9, describedly provide virtual private LAN section VPLS the method for business according to claim 7 or 8, it is characterized in that: the described employed layer 3 Tunnel protocol of IP tunnel of setting up includes: generic route encapsulation gre tunneling agreement, multi protocol label exchange MPLS technology and internet protocol secure IPsec technology.
10, according to claim 9ly provide virtual private LAN section VPLS the method for business, it is characterized in that: described three layer tunnel is designated generic route encapsulation gre tunneling head.
11, according to claim 8ly provide virtual private LAN section VPLS the method for business, it is characterized in that: described IP head contains the IP address of the three layer tunnel interface module of three layer tunnel opposite end, be provided with verification and territory and key territory in the three layer tunnel sign, and verification uses the territory must be set to 1 with use territory and key.
12, according to claim 11ly provide virtual private LAN section VPLS the method for business, it is characterized in that: described verification and territory be used for to three layer tunnel sign and the check of ether bag data computation with, described key is provided with the key value that indicates three layer tunnel uniquely in the territory, and this key value is used for determining uniquely and the virtual switch sequence number of tunnel binding and the port sequence number of this virtual switch.
13, according to claim 12ly provide virtual private LAN section VPLS the method for business, it is characterized in that: can carry the authorization information that verification is used when being used for the three layer tunnel interface modules handle in the described key territory, prevent the attack of outer bound pair virtual private LAN section.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 02123964 CN1266887C (en) | 2002-07-10 | 2002-07-10 | Virtual switch for supplying virtual LAN service and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 02123964 CN1266887C (en) | 2002-07-10 | 2002-07-10 | Virtual switch for supplying virtual LAN service and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1468007A CN1468007A (en) | 2004-01-14 |
| CN1266887C true CN1266887C (en) | 2006-07-26 |
Family
ID=34142571
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 02123964 Expired - Fee Related CN1266887C (en) | 2002-07-10 | 2002-07-10 | Virtual switch for supplying virtual LAN service and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1266887C (en) |
Families Citing this family (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1816003A (en) | 2005-02-06 | 2006-08-09 | 华为技术有限公司 | Telecommunication method and apparatus of dissimilar chain protocol |
| CN100466599C (en) * | 2005-07-22 | 2009-03-04 | 上海贝尔阿尔卡特股份有限公司 | Safety access method for special local area net and device used for said method |
| CN100428739C (en) * | 2005-12-31 | 2008-10-22 | 华为技术有限公司 | Implementing method and system for support VPLS service on IP skeletal network |
| US10044841B2 (en) | 2011-11-11 | 2018-08-07 | Pismo Labs Technology Limited | Methods and systems for creating protocol header for embedded layer two packets |
| US9369550B2 (en) | 2011-11-11 | 2016-06-14 | Pismo Labs Technology Limited | Protocol for layer two multiple network links tunnelling |
| CN102801598B (en) * | 2012-07-25 | 2015-04-22 | 福建星网锐捷网络有限公司 | Method and device for constructing virtual switching system, and switching devices |
| CN103430498B (en) * | 2013-02-06 | 2016-05-25 | 华为技术有限公司 | A kind of method, equipment and route system of transfer of data of network virtualization |
| CN106230793A (en) * | 2016-07-22 | 2016-12-14 | 安徽皖通邮电股份有限公司 | A kind of MPLSVPN of realization operates in the method on the IPVPN of encryption |
| US10091904B2 (en) | 2016-07-22 | 2018-10-02 | Intel Corporation | Storage sled for data center |
| US20180150256A1 (en) | 2016-11-29 | 2018-05-31 | Intel Corporation | Technologies for data deduplication in disaggregated architectures |
| CN109412927B (en) * | 2018-12-04 | 2021-07-23 | 新华三技术有限公司 | Multi-VPN data transmission method and device and network equipment |
-
2002
- 2002-07-10 CN CN 02123964 patent/CN1266887C/en not_active Expired - Fee Related
Also Published As
| Publication number | Publication date |
|---|---|
| CN1468007A (en) | 2004-01-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7664108B2 (en) | Route once and cross-connect many | |
| EP2323342B1 (en) | Data transmission method and network node and data transmission system | |
| EP2400693B1 (en) | Routing and service performance management in an application acceleration environment | |
| EP2378720B1 (en) | Extranet networking method, system and device for multicast virtual private network | |
| CN1125545C (en) | Data forwarding method for implementing virtual channel transmission in LAN | |
| EP1875668B1 (en) | Scalable system method for dsl subscriber traffic over an ethernet network | |
| US20160337146A1 (en) | Method of data delivery across a network fabric in a router or ethernet bridge | |
| WO2013145167A1 (en) | Lan multiplexer apparatus | |
| CN1691630A (en) | Method and system for increasing available user VLAN space | |
| CN1266887C (en) | Virtual switch for supplying virtual LAN service and method | |
| CN1472938A (en) | Method and device for carrying out terminal to terminal connection between RPR net and MPLS net | |
| US20070165603A1 (en) | Access network system, subscriber station device, and network terminal device | |
| WO2006046576A1 (en) | Packet communication network and packet communication method | |
| CN1863127A (en) | Method for core network access to multi-protocol sign exchange virtual special network | |
| US20040025054A1 (en) | MPLS/BGP VPN gateway-based networking method | |
| CN107579898A (en) | The method and its device of interconnected communication between one kind of multiple containers | |
| CN1297105C (en) | Method for implementing multirole main machine based on virtual local network | |
| CN1697408A (en) | Method for managing routes in virtual private network based on IPv6 | |
| CN1184781C (en) | Packaging retransmission method of message in network communication | |
| CN101030915A (en) | Method for sharing V-Switch transparent-transferring data load | |
| CN1816003A (en) | Telecommunication method and apparatus of dissimilar chain protocol | |
| EP2600569A1 (en) | Method, apparatus and system for processing a tunnel packet | |
| KR100728292B1 (en) | Apparatus for Control of Virtual LAN and Method thereof | |
| CN1685665B (en) | Method for routing data packets, and devices for implementing the method | |
| CN100433652C (en) | Multiple data communication network system and its data transmission method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20060726 Termination date: 20170710 |