CN1960313A - Periphery devices of service provider of combining network address conversion, and method of application - Google Patents
Periphery devices of service provider of combining network address conversion, and method of application Download PDFInfo
- Publication number
- CN1960313A CN1960313A CN200510086767.1A CN200510086767A CN1960313A CN 1960313 A CN1960313 A CN 1960313A CN 200510086767 A CN200510086767 A CN 200510086767A CN 1960313 A CN1960313 A CN 1960313A
- Authority
- CN
- China
- Prior art keywords
- network address
- module
- network
- address translation
- route
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The apparatus comprises: a network address conversion module used for binding the network address conversion rule to the virtual privacy network and generating the network address conversion mapping item list according to the network address conversion rule; a routing module used for generating and informing the network address conversion routing and generating the network address conversion routing tag list; an access control list module used for binding the access control list to the network address conversion module and deciding if the network address conversion needs to be executed; a message relay module for making message process according to the network address conversion mapping item list and the tag list.
Description
Technical field
The present invention relates to a kind of at MPLS VPN (Multi-Protocol Label Switching VirtualPrivate Network, the mutual Virtual Private Network of multiprotocol label) technology, support NAT (Network Address Translation among particularly a kind of MPLS VPN, network address translation) and the PE of MPLS VPN (Provider Edge, the provider edge) equipment, it supports the public service of the VPN visit private network of private network visit Internet network and address overlap.
Background technology
The MPLS technology combines the simplicity of the hop-by-hop label exchange of the rich and frame relay of IP Route Selection or ATM (AsynchronousTransfer Mode, asynchronous transfer mode), and the seamless combination of connection-oriented forwarding and IP network can be provided.
MPLS VPN is a kind of technology that the connectionless VPN between user and the service provider and the connection-oriented VPN in the network core are combined, it uses MP-BGP (Multi Protocol BorderGateway Protocol, MP-BGP) issue user's routing information and MPLS label, and by VRF (VPN Routing and Forwarding Instances, virtual routing forwarding) route of isolation different VPN, VRF be with PE on one or more sub-interfaces corresponding, be used to deposit the routing iinformation of the affiliated VPN of these sub-interfaces, solved the overlapping problem of address space between the different VPN.
For MPLS VPN network, there are following two problems: the one, how to support the VPN private network directly to visit the Internet network, the 2nd, how under the situation of VPN address overlap, to support the public service of visit private network.
For first problem, general solution has two: the one, some private network user that need visit the Internet network is directly distributed public network address, and this method needs a large amount of public network addresses, is unpractical under many circumstances; The 2nd, when inserting provider network, user network carries out network address translation, be CE-NAT, this needs CE equipment (Customer Edge Device, customer edge) to support nat feature, and the NAT of a plurality of CE equipment has improved the difficulty of upgrading and maintenance greatly.
For second problem, especially common in the network of major company, the branch that is distributed in various places all sets up the VPN of oneself, needs some public services of visited company simultaneously.At this moment generally need the address of each VPN not overlapping, otherwise when returning, public server do not have to unique return path of the user of these address overlaps, address this problem and require unified management and planning, but this solution has not only increased management cost, and has run counter to VPN and can independently plan the basic demand of address.
Summary of the invention
The object of the present invention is to provide a kind of provider's edge device and using method thereof of combining network address conversion, be used to solve the problem that occurs when MPLS VPN private network is directly visited the public service of visiting private network under the situation of Internet network and VPN address overlap.
To achieve these goals, the invention provides a kind of provider's edge device of combining network address conversion, comprise network address conversion module, routing module, Access Control List (ACL) module and packet forwarding module,
Wherein:
Network address conversion module, be used for the network address translation rule is tied to Virtual Private Network, generate network address translation map entry table according to the network address translation rule simultaneously, network address translation map entry table is distinguished the Virtual Private Network of address overlap according to Virtual Private Network ID;
Routing module is used for generating and advertised network address transition route, generates the label list of network address translation route simultaneously;
The Access Control List (ACL) module is used to bind Access Control List (ACL) to network address conversion module, and is used to judge whether to carry out network address translation;
Packet forwarding module is used for carrying out the processing of message according to network address translation map entry table and label list.
Simultaneously, also provide a kind of using method of provider's edge device of combining network address conversion, comprised the steps:
The map entry administration module is set up network address translation map entry table according to the network address translation rule, and network address translation map entry table is distinguished the Virtual Private Network of address overlap according to Virtual Private Network ID;
The network address translation command processing module is tied to Virtual Private Network with the network address translation rule;
Routing module generation and advertised network address transition route and the label list that generates according to the network address translation route;
Access Control List (ACL) module binding Access Control List (ACL) arrives network address conversion module, and judges whether to carry out network address translation;
Packet forwarding module is searched described map entry table and label list according to IP address, port numbers and described Virtual Private Network ID, and message is carried out transmitting after network address translation and the tag processes.
The provider's edge device and the using method thereof of combining network address conversion of the present invention, at provider's edge device the NAT module is set, make CE equipment need not support nat feature, and carry out NAT by the unification of PE equipment, this has not only reduced user's upgrade maintenance cost, and makes that management is more flexible.By supporting VRF NAT, the problem that the VPN address can not be overlapping when having solved the visit public service has made things convenient for the planning and the management of network simultaneously.
Description of drawings
Fig. 1 is provider's edge device structure chart of combining network address conversion of the present invention;
Fig. 2 is provider's edge device using method flow chart of combining network address conversion of the present invention;
Fig. 3 is the message process chart from NAT INSIDE interface to NAT OUTSIDE interface;
Fig. 4 is the message process chart from NAT OUTSIDE interface to NAT INSIDE interface;
Fig. 5 is to be the networking schematic diagram of MPLS VPN private network visit Internet network;
Fig. 6 is the networking schematic diagram of the VPN visit private network public service of address conflict.
Embodiment
As shown in Figure 1, provider's edge device of combining network address conversion of the present invention comprises NAT module 10, routing module 20, and ACL (Access Control List, Access Control List (ACL)) module 30, packet forwarding module 40, wherein:
NAT command processing module 101, response user's NAT related command configuration, when configuration VRF NAT transformation rule, this rule is tied to certain VPN by the VRF parameter, notify routing module 20 to generate NAT route (the address route that the address in the nat address pool generates simultaneously, this route has special NAT mark), this route is with in the VPN under adding to, and the ACL that 30 bindings of notice ACL module are correlated with is to NAT;
Map entry administration module 102 according to the generation of tables such as the relevant map entry table of user configured VRF NAT transformation rule management, deletion, aging etc., and is distinguished the map entry of the VPN of address overlap by VPN ID;
ACL module 30, be responsible for the NAT strategy, promptly judge according to the five-tuple (source address, source port, destination address, destination interface, agreement) of message whether this message mates the ACL of NAT binding, if, then need to carry out the NAT conversion, otherwise do not need to carry out the NAT conversion;
Packet forwarding module 40 by searching routing module and ACL, judge whether message needs to carry out the NAT conversion, whether needs to carry out tag processes, and according to NAT map entry table and label list, the correct message that carries out is changed and tag processes.
Wherein, after NAT module 10, routing module 20 and ACL module 30 are handled route entry and corresponding label thereof, the tables at different levels after RFC (recursive-flow category) algorithm computation are written to NP (network processing unit), packet forwarding module carries out searching fast of route, ACL at NP, to the message that can't handle (as IP option message etc.) transmitted to CPU, other messages are then directly transmitted after the NAT conversion.
The present invention only relates to PE equipment, and for CE equipment and P equipment, need not to carry out any modification, and is the same with common MPLS networking, and promptly dynamic the or static routing protocol of operation between CE and the PE moves mpls protocol between PE and the P.
Simultaneously, ACL module 30 also can be used route-map (routing policy) to substitute ACL and need judge whether the NAT conversion, can realize selecting different NAT strategies at outgoing interface, next jumping etc.; For the situation that public service is arranged, can import by limiting some NAT route at routing module more, realize user capture control, promptly have only the user of appointment could visit public service.
For ease of describing, among the present invention with PE equipment and CE equipment connected interface called after NAT INSIDE interface, PE equipment and provider equipment (P equipment) connected interface called after NAT OUTSIDE interface.
As shown in Figure 2, the method for the public service of provider's edge device support visit Internet network of combining network address conversion of the present invention or visit private network comprises the steps:
Step S1, the map entry administration module is set up the map entry table, and definition has the VPNID field in this map entry table, is used to distinguish the map entry of the VPN of address overlap;
Step S2, the NAT command processing module is tied to VPN by the VRF parameter with the NAT transformation rule, and by routing module this NAT route is added among the corresponding VPN, and generates label according to this NAT route, for the situation of visit Internet network, this NAT route is also added in the public network route;
Step S3, corresponding Routing Protocol must support to announce the NAT route, situation for visit Internet network, routing module disposes corresponding Routing Protocol (as ospf protocol: Open Shortest PathFirst, preferential open shortest path agreement) announcement NAT public network route, for the situation of visit private network public service, dispose corresponding Routing Protocol (as MP-BGP) announcement NAT VPN route and label;
Step S4, packet forwarding module is searched map entry table and Label Forwarding Information Base according to IP address, port numbers and VPN ID, and message is carried out transmitting after NAT conversion and the tag processes.
The message that needs among the step S4 to handle has two kinds of situations, and a kind of is message from NAT INSIDE interface to NAT OUTSIDE interface, another kind of message for receiving from NAT OUTSIDE interface, and the handling process of two kinds of messages is respectively as shown in Figure 3 and Figure 4.
As shown in Figure 3, when receiving message, for message from NAT INSIDE interface to NAT OUTSIDE interface, packet forwarding module is searched the map entry table according to IP address, port numbers and VPN ID, if there is map entry, after according to map entry message being changed, transmit the back that labels; If there is no map entry, give this message NAT module then, search the NAT transformation rule by the NAT module according to ACL and VPN ID, and generate map entry according to this NAT transformation rule by the map entry administration module, and after according to the map entry that generates message being changed, transmit the back that labels.For the situation of visit Internet, only beat one deck outer layer label, the situation for the public service of visit private network has two-layer label.
As shown in Figure 4, when receiving message, for message from NAT OUTSIDE interface to NAT INSIDE interface, at first judged whether label, if the situation of visit Internet, then there is not label (because the inferior short of one deck label goes out), search route according to destination address, if corresponding route has the NAT mark, then carry out the message conversion according to map entry, carry out transmitting after the quadratic search route according to address and VPN ID after the conversion then,, then handle according to common message forwarding process if corresponding route does not have the NAT mark; If the situation of visit private network public service, one deck vpn label is then arranged, search this label, the route of finding this label correspondence has the NAT mark, searches the map entry table according to IP address, port numbers and VPN ID after then ejecting label, under the situation that has the map entry table, carrying out message conversion back according to this map entry table transmits, if do not have the map entry table then abandon this message,, then handle according to common message forwarding process if corresponding route does not have the NAT mark.
Respectively the method for the public service of provider's edge device support visit Internet network of combining network address of the present invention conversion or visit private network is described in detail below.
Provider's edge device of combining network address conversion of the present invention supports the method for MPLS VPN private network visit Internet network may further comprise the steps:
Step S11 disposes nat address pool on PE equipment, this moment, address pool must be a public network address, and by NAT command processing module configuration VRF NAT transformation rule, generates the NAT route by routing module according to the address in the nat address pool simultaneously;
Step S12, configuration VPN private network is to the route of public network;
Step S13, routing module by Routing Protocol with the NAT advertising of route to public network;
Step S14, map entry administration module generate the NAT map entry according to the VRF NAT transformation rule of configuration;
Step S15, packet forwarding module search NAT map entry table and Label Forwarding Information Base, and message is carried out transmitting after NAT conversion and the tag processes.
Provider of the present invention edge device supports the method for the MPLS VPN visit public service of address overlap to comprise the steps:
Step 21, it on PE equipment different nat address pool of VPN configuration of each address overlap, the NAT command processing module generates the NAT route by routing module according to the address in the nat address pool simultaneously to the VPN configuration VRF NAT transformation rule of each address overlap;
Step 22, routing module is communicated to opposite end PE equipment by Routing Protocol with NAT route and corresponding label;
Step 24, map entry administration module generate different NAT map entrys according to VRF NAT transformation rule to different VPN;
Step 25, packet forwarding module carry out transmitting after NAT conversion and the tag processes to message according to NAT map entry table and Label Forwarding Information Base.
The present invention will be described below in conjunction with applied environment more specifically:
First kind of situation is to support MPLS VPN private network visit Internet network by provider's edge device of combining network address conversion of the present invention, as shown in Figure 5, under original MPLS VPN network configuration environment, carries out following steps:
The first step, configuration PE1 and CE1 connected interface are NAT INSIDE interface, configuration PE1 and P connected interface are NAT OUTSIDE interface, and dispose NAT public network address pond on PE1:
ip?nat?pool?internet-pool?61.1.1.161.1.1.254?prefix-length?24
Configuration VRF NAT transformation rule on PE1:
ip?nat?inside?source?list?1?pool?internet-pool?vrf?vpn-nat?overload
In second step, on PEl, dispose of the static routing of VPN private network to public network:
ip?route?vrf?vpn-nat?218.1.1.0?255.255.255.0?193.1.1.2?global
The 3rd step, on PE1 the configuration Routing Protocol with the NAT advertising of route to public network:
router?ospf?100
network?61.1.1.0?0.0.0.255?area?0.0.0.0
redistribute?connected
The 4th step after the NAT module is received the message that needs network address translation, by the VRF NAT transformation rule of map entry administration module according to configuration, generated the NAT map entry, used show ip nattranslations vrf vpn-nat order to observe as follows:
Pro Inside?global Inside?local TYPE VPN
--- 10.1.1.19:1024 61.1.1.19:7254 D/e 1
In the 5th step, packet forwarding module is searched NAT map entry table and Label Forwarding Information Base, and message is carried out transmitting after NAT conversion and the tag processes.
Second kind of situation is to support the MPLS VPN visit public service of address overlap by provider's edge device of combining network address conversion of the present invention, as shown in Figure 6.Under original MPLS VPN network configuration environment, carry out following steps:
The first step, configuration PE1 and CE1 and CE2 connected interface are NAT INSIDE interface, configuration PE1 and P connected interface are NAT OUTSIDE interface, are different nat address pool of VPN configuration of each address overlap on PE1:
ip?nat?pool?vpn-nat1?11.1.1.1?11.1.1.254?prefix-length?24
ip?nat?pool?vpn-nat2?12.1.1.1?12.1.1.254?prefix-length?24
On PE1,, bind different nat address pools, and generate the NAT route the VPN configuration VRF NAT transformation rule of each address overlap:
ip?nat?inside?source?list?1?pool?vpn-nat1?vrf?vpn-nat1?overload
ip?nat?inside?source?list?1?pool?vpn-nat2?vrf?vpn-nat2?overload
Second step: routing module is communicated to opposite end PE2 equipment: router bgp 100 by Routing Protocol with NAT route and corresponding label
address-family?ipv4?vrf?vpn-nat1
redistribute?connected?route-map?nat-route1
address-family?ipv4?vrf?vpn-nat2
redistribute?connected?route-map?nat-route2 ip?access-list?standard?11
permit?11.1.1.0?0.0.0.255
deny?any ip?access-list?standard?12
permit?12.1.1.0?0.0.0.255
deny?any route-map?nat-route1?permit?11 match?ip?address?11 route-map?nat-route2?permit?12
match?ip?address?12
In the 3rd step, the configuration route imports more, and the VPN route of public server is imported each user VPN, the NAT route of each user VPN correspondence is imported the VPN of public server:
On PE1: ip vrf vpn-nat1
rd?100:1
route-target?import?100:1
route-target?export?100:1
route-target?import?100:3
route-target?export?100:3 ip?vrf?vpn-nat2
rd?100:2
route-target?import?100:2
route-target?export?100:2
route-target?import?100:3
route-target?export?100:3
On PE2: router bgp 100
address-family?ipv4?vrf?vpn
redistribute?connected ip?vrfvpn
rd?100:3
route-target?import?100:3
route-target?export?100:3
route-target?import?100:1
route-target?export?100:1
route-target?import?100:2
route-target?export?100:2
The 4th step, receive the message that needs NAT conversion after, according to the VRF NAT transformation rule of configuration, different VPN is generated different NAT map entrys.Use show ip nat translations order to observe as follows:
Pro Inside?global Inside?local TYPE VPN
--- 10.1.1.19:1024 11.1.1.19:7254 D/e 1
--- 10.1.1.19:1424 12.1.1.19:8654 D/e 2
In the 5th step, packet forwarding module is searched NAT map entry table and Label Forwarding Information Base, and message is carried out transmitting after NAT conversion and the tag processes.
Simultaneously, the present invention can need judge whether the NAT conversion by using route-map to substitute ACL, can realize selecting different NAT strategies at outgoing interface, next jumping etc., can realize NAT strategy more flexibly; For the situation that public service is arranged, can in routing management, import by limiting some NAT route more, can realize user capture control, promptly have only the user of appointment could visit public service, improved fail safe to a certain extent.
Certainly; the present invention also can have other various embodiments; under the situation that does not deviate from spirit of the present invention and essence thereof; those of ordinary skill in the art work as can make various corresponding changes and distortion according to the present invention, but these corresponding changes and distortion all should belong to the protection range of the appended claim of the present invention.
Claims (11)
1, a kind of provider's edge device of combining network address conversion is characterized in that, comprising: network address conversion module, and routing module, Access Control List (ACL) module and packet forwarding module, wherein:
Described network address conversion module, be used for the network address translation rule is tied to Virtual Private Network, generate network address translation map entry table according to described network address translation rule simultaneously, described network address translation map entry table is distinguished the Virtual Private Network of address overlap according to Virtual Private Network ID;
Described routing module is used for generating and advertised network address transition route, generates the label list of described network address translation route simultaneously;
Described Access Control List (ACL) module is used to bind Access Control List (ACL) to network address conversion module, and is used to judge whether to carry out network address translation;
Described packet forwarding module is used for carrying out the processing of message according to described network address translation map entry table and label list.
2, provider's edge device of combining network address conversion according to claim 1 is characterized in that described Access Control List (ACL) module specifically is used to carry out following operation:
Judge according to source address, source port, destination address, destination slogan and the agreement of message whether described message mates described Access Control List (ACL), if be judged as and carry out network address translation, otherwise need not carry out network address translation.
3, the using method of provider's edge device of the described combining network address conversion of claim 1 comprises the steps:
Step 1, the map entry administration module is set up network address translation map entry table according to described network address translation rule, and described network address translation map entry table is distinguished the Virtual Private Network of address overlap according to Virtual Private Network ID;
Step 2, the network address translation command processing module is tied to Virtual Private Network with described network address translation rule;
Step 3, routing module generation and advertised network address transition route and the label list that generates according to described network address translation route;
Step 4, Access Control List (ACL) module binding Access Control List (ACL) arrives network address conversion module, and judges whether to carry out network address translation;
Step 5, packet forwarding module is searched described map entry table and label list according to IP address, port numbers and described Virtual Private Network ID, and message is carried out transmitting after network address translation and the tag processes.
4, the using method of provider's edge device of combining network address conversion according to claim 3, it is characterized in that, when provider's edge device of described combining network address conversion is used to realize the mutual Virtual Private Network private network visit of multiprotocol label Internet network, also comprise the described Virtual Private Network of configuration to the step of the static routing of public network and the step in the network address translation address pond of configuration public network address, described routing module generates described network address translation route and label list according to the address in the described network address translation address pond.
5, the using method of provider's edge device of combining network address conversion according to claim 4 is characterized in that, described routing module is carried out announcement by Routing Protocol.
6, the using method of provider's edge device of combining network address conversion according to claim 5 is characterized in that described Routing Protocol is preferential open shortest path agreement.
7, the using method of provider's edge device of combining network address conversion according to claim 3, it is characterized in that, when provider's edge device of described combining network address conversion is used to realize the mutual virtual special net access public service of the multiprotocol label of address overlap, also be included as different network address translation address pond and the step of network address translation rule and the steps of the many importings of configuration route of Virtual Private Network configuration of address overlap, described routing module generates described network address translation route and label list according to the address in the described network address translation address pond.
8, the using method of provider's edge device of combining network address conversion according to claim 7 is characterized in that, described routing module is carried out announcement by Routing Protocol.
9, the using method of provider's edge device of combining network address conversion according to claim 8 is characterized in that described route Routing Protocol is a MP-BGP.
10, according to the using method of provider's edge device of claim 3,4,5,6,7, the conversion of 8 or 9 described combining network address, it is characterized in that, in the described step 5, for message from first interface to second interface, operation below concrete the execution: packet forwarding module is searched described map entry table according to described IP address, port numbers and described Virtual Private Network ID, if there is map entry, after according to map entry described message being changed, transmit the back that labels; If there is no map entry, give this message to described network address conversion module then, by described network address conversion module according to Access Control List (ACL) and described Virtual Private Network ID Network Search address translation rule, and generate map entry according to network address translation rule by the map entry administration module, and after according to the map entry that generates message being changed, the back forwarding labels, described first interface is the interface that described provider edge device links to each other with customer edge, and described first interface is the interface that described provider edge device links to each other with provider equipment.
11, the using method of provider's edge device of combining network address conversion according to claim 10, it is characterized in that, the following operation of the concrete execution of described step 5, for message from second interface to first interface, operation below concrete execution the: judge at first whether described message has label, if not then search route according to destination address, if corresponding route has the network address translation mark, then carry out the message conversion according to map entry, carry out transmitting after the quadratic search route according to address and described Virtual Private Network ID after the conversion then, if corresponding route does not have described network address translation mark, then handle according to common message forwarding process; If described message has one deck label, and the route of described label correspondence has the network address translation mark, search described map entry table according to described IP address, port numbers and Virtual Private Network ID after then ejecting described label, under the situation that has the map entry table, carrying out message conversion back according to described map entry table transmits, if do not have the map entry table then abandon this message,, then handle according to common message forwarding process if corresponding route does not have described network address translation mark.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200510086767.1A CN100571197C (en) | 2005-11-03 | 2005-11-03 | A kind of provider's edge device and using method thereof of combining network address conversion |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200510086767.1A CN100571197C (en) | 2005-11-03 | 2005-11-03 | A kind of provider's edge device and using method thereof of combining network address conversion |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1960313A true CN1960313A (en) | 2007-05-09 |
| CN100571197C CN100571197C (en) | 2009-12-16 |
Family
ID=38071813
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200510086767.1A Expired - Fee Related CN100571197C (en) | 2005-11-03 | 2005-11-03 | A kind of provider's edge device and using method thereof of combining network address conversion |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100571197C (en) |
Cited By (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101267437B (en) * | 2008-04-28 | 2011-01-19 | 杭州华三通信技术有限公司 | Packet access control method and system for network devices |
| WO2011026344A1 (en) * | 2009-09-03 | 2011-03-10 | 中兴通讯股份有限公司 | Method and device for reassembling ip fragment datagrams |
| CN101299772B (en) * | 2008-06-04 | 2011-05-11 | 中兴通讯股份有限公司 | System and method for processing network address conversion preferable regulation |
| CN101355490B (en) * | 2007-07-25 | 2012-05-23 | 华为技术有限公司 | Method, system and node equipment for routing information |
| CN101616190B (en) * | 2008-06-25 | 2012-07-11 | 英业达股份有限公司 | Network equipment with address network segment recognizing function |
| CN101729369B (en) * | 2008-10-31 | 2012-10-17 | 华为技术有限公司 | Method and equipment for routing messages |
| CN101150513B (en) * | 2007-10-17 | 2013-03-27 | 中兴通讯股份有限公司 | Method for realizing PPTP ALG under PAT |
| CN103004145A (en) * | 2011-07-21 | 2013-03-27 | 华为技术有限公司 | Flow distribution method, flow distribution device and flow distribution system for virtual private network |
| CN103532879A (en) * | 2013-10-17 | 2014-01-22 | 阳光凯讯(北京)科技有限公司 | Integrated channel control equipment |
| CN103731348A (en) * | 2012-10-15 | 2014-04-16 | 中国移动通信集团江苏有限公司 | IMS network message distribution method and device |
| CN104253751A (en) * | 2014-09-04 | 2014-12-31 | 杭州华三通信技术有限公司 | Multi-role host-based message transmission method and multi-role host-based message transmission equipment |
| CN107370680A (en) * | 2016-05-12 | 2017-11-21 | 中兴通讯股份有限公司 | A kind of multicast routing entry control method, device and communication system |
| CN107733795A (en) * | 2016-08-12 | 2018-02-23 | 新华三技术有限公司 | Ethernet virtual private networks EVPN and public network interoperability methods and its device |
| CN108833472A (en) * | 2018-05-07 | 2018-11-16 | 杭州数梦工场科技有限公司 | System is established in the connection of cloud host |
| CN111131038A (en) * | 2018-10-31 | 2020-05-08 | 中国电信股份有限公司 | Cross-domain message forwarding method, system and storage system |
| CN111641721A (en) * | 2020-06-02 | 2020-09-08 | 中国工商银行股份有限公司 | Security detection method, security detection apparatus, computing device, and medium |
| CN113660356A (en) * | 2021-08-16 | 2021-11-16 | 迈普通信技术股份有限公司 | Network access method, system, electronic device and computer readable storage medium |
| WO2022193682A1 (en) * | 2021-03-19 | 2022-09-22 | 中国电信股份有限公司 | Vpn route control method and router |
| CN115426313A (en) * | 2022-08-31 | 2022-12-02 | 中电云数智科技有限公司 | NAT optimization device and method based on OVN virtual machine network |
-
2005
- 2005-11-03 CN CN200510086767.1A patent/CN100571197C/en not_active Expired - Fee Related
Cited By (28)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8401016B2 (en) | 2007-07-25 | 2013-03-19 | Huawei Technologies Co., Ltd. | Method, system and peer device for message routing |
| CN101355490B (en) * | 2007-07-25 | 2012-05-23 | 华为技术有限公司 | Method, system and node equipment for routing information |
| CN101150513B (en) * | 2007-10-17 | 2013-03-27 | 中兴通讯股份有限公司 | Method for realizing PPTP ALG under PAT |
| CN101267437B (en) * | 2008-04-28 | 2011-01-19 | 杭州华三通信技术有限公司 | Packet access control method and system for network devices |
| CN101299772B (en) * | 2008-06-04 | 2011-05-11 | 中兴通讯股份有限公司 | System and method for processing network address conversion preferable regulation |
| CN101616190B (en) * | 2008-06-25 | 2012-07-11 | 英业达股份有限公司 | Network equipment with address network segment recognizing function |
| CN101729369B (en) * | 2008-10-31 | 2012-10-17 | 华为技术有限公司 | Method and equipment for routing messages |
| WO2011026344A1 (en) * | 2009-09-03 | 2011-03-10 | 中兴通讯股份有限公司 | Method and device for reassembling ip fragment datagrams |
| CN103004145A (en) * | 2011-07-21 | 2013-03-27 | 华为技术有限公司 | Flow distribution method, flow distribution device and flow distribution system for virtual private network |
| CN103004145B (en) * | 2011-07-21 | 2015-04-08 | 华为技术有限公司 | Flow distribution method, flow distribution device and flow distribution system for virtual private network |
| CN103731348A (en) * | 2012-10-15 | 2014-04-16 | 中国移动通信集团江苏有限公司 | IMS network message distribution method and device |
| CN103532879A (en) * | 2013-10-17 | 2014-01-22 | 阳光凯讯(北京)科技有限公司 | Integrated channel control equipment |
| CN104253751A (en) * | 2014-09-04 | 2014-12-31 | 杭州华三通信技术有限公司 | Multi-role host-based message transmission method and multi-role host-based message transmission equipment |
| CN104253751B (en) * | 2014-09-04 | 2018-04-06 | 新华三技术有限公司 | A kind of message transmitting method and equipment based on multi-role host |
| CN107370680A (en) * | 2016-05-12 | 2017-11-21 | 中兴通讯股份有限公司 | A kind of multicast routing entry control method, device and communication system |
| CN107733795A (en) * | 2016-08-12 | 2018-02-23 | 新华三技术有限公司 | Ethernet virtual private networks EVPN and public network interoperability methods and its device |
| CN107733795B (en) * | 2016-08-12 | 2020-05-12 | 新华三技术有限公司 | Ethernet virtual private network EVPN and public network intercommunication method and device |
| CN108833472A (en) * | 2018-05-07 | 2018-11-16 | 杭州数梦工场科技有限公司 | System is established in the connection of cloud host |
| CN108833472B (en) * | 2018-05-07 | 2019-09-17 | 杭州数梦工场科技有限公司 | System is established in the connection of cloud host |
| CN111131038A (en) * | 2018-10-31 | 2020-05-08 | 中国电信股份有限公司 | Cross-domain message forwarding method, system and storage system |
| CN111131038B (en) * | 2018-10-31 | 2022-04-19 | 中国电信股份有限公司 | Cross-domain message forwarding method, system and storage system |
| CN111641721A (en) * | 2020-06-02 | 2020-09-08 | 中国工商银行股份有限公司 | Security detection method, security detection apparatus, computing device, and medium |
| CN111641721B (en) * | 2020-06-02 | 2022-03-08 | 中国工商银行股份有限公司 | Security detection method, security detection apparatus, computing device, and medium |
| WO2022193682A1 (en) * | 2021-03-19 | 2022-09-22 | 中国电信股份有限公司 | Vpn route control method and router |
| CN113660356A (en) * | 2021-08-16 | 2021-11-16 | 迈普通信技术股份有限公司 | Network access method, system, electronic device and computer readable storage medium |
| CN113660356B (en) * | 2021-08-16 | 2024-01-23 | 迈普通信技术股份有限公司 | Network access method, system, electronic device and computer readable storage medium |
| CN115426313A (en) * | 2022-08-31 | 2022-12-02 | 中电云数智科技有限公司 | NAT optimization device and method based on OVN virtual machine network |
| CN115426313B (en) * | 2022-08-31 | 2023-08-18 | 中电云数智科技有限公司 | NAT optimization device and method based on OVN virtual machine network |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100571197C (en) | 2009-12-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1960313A (en) | Periphery devices of service provider of combining network address conversion, and method of application | |
| CN1277395C (en) | Communication system | |
| CN1266913C (en) | Tunneling through access network | |
| CN1848792A (en) | Method for realizing cross-mixed network multi-protocol tag exchange virtual special network | |
| CN1292566C (en) | Router and address identification information management server | |
| CN1140090C (en) | Packet network interfacing | |
| CN1863143A (en) | Method, system and apparatus for implementing Web server access | |
| CN1855872A (en) | Communication method and system between mixed network VPN stations across different autonomous systems | |
| CN1581818A (en) | Method for supporting multi-port virtual LAN by multi-protocol label swtich | |
| CN1661987A (en) | Communication controller,communication network and updating method of package transferring control information | |
| CN1976313A (en) | High performance router routing protocol distribution parallel realizing method | |
| CN101052022A (en) | System and method for virtual special net user to access public net | |
| CN101047651A (en) | Method, system and equipment for setting IP priority level | |
| CN1929444A (en) | Operator's boundary notes, virtual special LAN service communication method and system | |
| CN1297105C (en) | Method for implementing multirole main machine based on virtual local network | |
| US20140269730A1 (en) | Communication networks that provide a common transport domain for use by multiple service domains and methods and computer program products for using the same | |
| CN1870588A (en) | Implementing method and system for support VPLS service on IP skeletal network | |
| CN1852213A (en) | Method for realizing virtual special network of over-muti-autonomous system mixed network | |
| CN101043462A (en) | Method for processing link condition announcement and router | |
| CN1905509A (en) | Method and system of user access virtual special LAN service | |
| CN101075964A (en) | Method and system for realizing port re-direction by router interface address | |
| CN1404263A (en) | Realizing method and system of special network in wideband virtual network | |
| CN1741500A (en) | Virtual exchanging method capable of routing | |
| CN1852255A (en) | System and method for providing QoS service to virtual special line | |
| CN1870634A (en) | Double-attach/multi-attach logical packet network method and supplier equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20091216 Termination date: 20151103 |
|
| EXPY | Termination of patent right or utility model |