EP1595362A1 - Verfahren zur verbindung virtueller privater netzwerke im nichtverbundenen modus - Google Patents
Verfahren zur verbindung virtueller privater netzwerke im nichtverbundenen modusInfo
- Publication number
- EP1595362A1 EP1595362A1 EP03816345A EP03816345A EP1595362A1 EP 1595362 A1 EP1595362 A1 EP 1595362A1 EP 03816345 A EP03816345 A EP 03816345A EP 03816345 A EP03816345 A EP 03816345A EP 1595362 A1 EP1595362 A1 EP 1595362A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- network
- vpn
- routing
- networks
- pref
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Ceased
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/02—Topology update or discovery
- H04L45/04—Interdomain routing, e.g. hierarchical routing
Definitions
- the present invention relates to a method for the interconnection of virtual private networks in unconnected mode.
- VPN Virtual Private Network
- VPN virtual private network architecture There are mainly two main families of VPN virtual private network architecture:
- the first of these two families of architecture directly links customer sites through tunnels (for example GRE, L2TP, IPsec) starting and ending at the level of the customer access router (CPE - "Customer Premises Equipment") which, by definition, is the last access router of the customer site which connects it to one or more operators.
- CPE Customer Premises Equipment
- This method presents for the client a certain flexibility and greater security since the client keeps control of his equipment.
- it can be relatively cumbersome to manage, in particular because of:
- N N (N - 1 - the large number of tunnels to be managed: - in the case of a
- mesh network (of “full-mesh” type) comprising a number N of client access routers (CPE), - the number and distance of network equipment to configure for customer access routers (CPE), which may involve the travel of a technician in the event of incorrect configuration.
- CPE client access routers
- CPE customer access routers
- the solution proposed in the second family of architecture consists in establishing the links of virtual private networks (VPN), not from client access routers (CPE) to client access routers, but from operator access routers (PE - "Premises Equipment”) with operator access routers (PE).
- VPN virtual private networks
- CPE client access routers
- PE operator access routers
- MPLS Multi Protocol Label Switching
- MPLS Multi Protocol Label Switching
- LSP Label Switch Path
- MPLS label switched network
- PE operator access routers
- CPE customer access routers
- ISP Internet service provider
- MPLS Platform-to-Network Interface
- the invention therefore more particularly aims to eliminate these drawbacks.
- this method consists in installing in the access router (CPE or PE) a simple encapsulation mechanism making it possible to calculate a header of the messages that a sending site Ai wishes to send to a receiving site A j this header comprising at least a prefix PREF serv i ce regarding the service offered by the operator, a VPN identifier (VPN), a network prefix N j a j of the receptor site and a suffix Sx which consists of a bit field which can take any value.
- CPE access router
- PE access router
- this method could use IPv6 type addressing according to which the addresses are coded on 128 bits.
- the method according to the invention does not imply a migration to IPv6 networks of existing IPv4 private networks. As a result, users will be able to continue to use their IPv4 infrastructure and their private addressing plan transparently.
- This process does not imply for the operator to update all the routers of his core network (“Core Network”) as is the case for label switching techniques (MPLS).
- MPLS label switching techniques
- Interconnections between operators' IPv6 networks can be done using IPv6 / IPv4 migration tunnels.
- This method provides network traffic engineering services comparable to current VPN-MPLS tag switched virtual private network services using only the quality of service (QoS) mechanisms already existing in IPv6 networks (for example with the "FlowLabel" field of IPv6 headers).
- QoS quality of service
- the IP packet stream can be routed in unconnected mode through the core network.
- the VPN VPN interconnection service is cheaper to deploy.
- the automaticity obtained by the process according to the invention constitutes an appreciable advantage.
- the IP packet stream can also be routed beyond an operator administrative management entity (“autonomous system”), while being confined to certain autonomous systems by suitable routing policy rules ("EBGP").
- autonomous system operator administrative management entity
- EBGP routing policy rules
- IPsec IP security
- QoS (quality of service) services existing in IP architectures can be reused without modification. It is an alternative to traffic engineering of label switched networks for core networks.
- the single figure is a diagram of a network environment linked to the method according to the invention.
- the single figure shows two virtual networks VPN A , VPN B , respectively in broken lines and in dotted lines respectively comprising n, n 'sites, namely: Ai ... A n , Bi ... B n > as well as respectively m, m 'local networks Ni ... N m , N'i ... N' m > each having a coherent addressing.
- These local networks are connected to p routers Ri ... R p of PE or CPE type, via n interfaces IF A ⁇ ... IF An and n 'interfaces IF B ⁇ , IF B2 • • • IF B ⁇ ' - IF A1 and are respectively the interfaces of sites A !
- the interfaces IF B ⁇ , IF B2 , IF Bn r are respectively the interfaces of the sites B 15 B 2 , B n >.
- These interfaces can be virtual or physical.
- Several interfaces IF A ⁇ ... IF ⁇ - IF B1 , IF B2 ... IF Bn ' ) can be on the same router.
- the routers Ri ... R p comprise the two stacks of Internet protocols IPv4 and IPv6.
- the problem which the invention aims to solve can be stated as follows: "If we denote by Ni (1 ⁇ i ⁇ m) a network prefix of a site A k (1 ⁇ k ⁇ n) to which the site A j (1 ⁇ j ⁇ n) wishes to send messages in the form of IP parquets, one of the tasks which the method according to the invention will have to perform is the determination by the network of the manner in which an IP packet which arrives on the IF Aj interface can be transmitted to the IF Ak interface.
- the solution that the invention proposes to solve this problem consists in constructing the destination address IF A from the prefix of the service PREF service offered by the operator, the identifier of the virtual private network VPN and the network prefix i of destination site A k .
- This address which is then used to resolve routing problems, takes the following form:
- PREF Serv i ce / M is the network prefix used for the service offered by the operator
- Ni / Mi is one of the prefixes (IPv4 or IPv6) of the destination site A k which can be reached by the destination interface IF ⁇
- VPN A is the identifier of the common virtual private network to which the sites A j and A k belong, VPN A being coded on M VPN bits
- Sx is a bit field which can take any value and is a suffix of the address.
- the single figure specifies the place where the mechanism intervenes in architecture. It presents the routing of IP packets in the network and highlights the modification made by the ME mechanism concerning the header (taking VPN B as an example here).
- This ME mechanism for interconnection of virtual private networks is located in an operator access router (PE) located on the edge of the RC network (“Core Network”), here the router R 2 .
- PE operator access router
- This ME mechanism encapsulates the PA packets and assigns a new header to the packets thus encapsulated.
- These PA packets can then be decapsulated by the operator access router (PE) here R p or by the client access router (CPE) associated with the destination network, here B n >.
- the local area network Bi which wishes to send messages to the destination local area network B n . uses an R 2 access router for the encapsulation of packets, on the edge of the RC core network.
- This encapsulation is carried out thanks to an interconnection mechanism using a routing table TR which makes it possible to determine by which nodes the IP packets pass inside the core network RC.
- This mechanism makes it possible to associate with the original IP packet a new header including here the address of the interface IF Bn ' of the site B n ⁇ (@E DS ⁇ k ) to which the sending site Bi wishes to send the IP packets.
- Examples I to VII illustrate the principle of determining an address of IF A in the case where an infrastructure of the IPv4 type is used:
- VPN A / M VPN 6100/16 (common virtual private network identifier)
- Nj / Mi 10.10.1.0/23 (0a.0a: 01.00 / 23) (site prefix A k )
- PREF service / M 2001: baba: 1234 :: / 48
- Ni / Mi 10.10.1.0/23 (0a.0a.01.00 / 23)
- the PREF fee element allows you to have an IF ⁇ address of 128 bits for example.
- VPN A / M VPN 6100/16
- Ni / Mi fec0: cafe: deca: clc0 :: / 64
- This example relates to an application of the invention to a 4in6 or 6in6 type encapsulation.
- This type of encapsulation consists of transporting an IPv4 packet (case of a 4in6 encapsulation) or LPv6 (case of a 6rn6 encapsulation) inside an IPv6 packet.
- E SRCj PREF service : PREF feed : VPN A : N n :: Sx
- E DSTk PREF service : PREF feed: VPN A : Ni :: Sx
- - PREF service / M is the network prefix used by the service offered by the operator
- Ni are the addresses (in IPv4, the full address or in IPv6, only the first 64 bits) source and destination of a flow between two terminals of the sites A j and A k
- - VPN A is the identifier of the common virtual private network to which the sites A j and A k belong, which is on M VPN bits.
- This example concerns a transmission analogous to that of example V in the case of a virtual private network VPN of the IPv6 type.
- E SRC J 2001: baba: 1234: 6100: fec0: cafe: deca: c2c0
- E DSTk 2001: baba: 1234: 6100: fec0: cafe: deca: clc0.
- the routing of data to its destination poses a problem which depends on the number of private virtual networks to be served. It involves the construction of a routing table which can use the existing routing of the operator or a routing protocol with distribution of the “multi-hop” type, it being understood that the first solution which uses the routing of the operator does not allow no aggregation, while the second solution evokes an aggregation solution.
- the prefix of the IF Ak interface of the router R k is redistributed by a standard routing protocol (for example of the BGP, OSPFv3, RIPng type), then the frames which have a destination address E DSTk , which is included in this prefix, are routed naturally to the IF ⁇ interface.
- a standard routing protocol for example of the BGP, OSPFv3, RIPng type
- the routing tables all have approximately N times M more routes. This solution is acceptable as long as the product N - is much smaller than an IPv4 routing table (ie 120,000 entries) with a growth of around 20 entries per year.
- This solution uses a routing protocol with “multi-hop” distribution corresponding to a version of routing protocol “RIPng or OSPFv3” modified to support a multipoint broadcast (“multicast”) beyond several nodes. They can also consist of proprietary protocols or the protocol called "MP-BGP4".
- the problem is equivalent to the discovery of the addresses of the interfaces IF ⁇ of the router R in order to transmit the payload to it. Consequently, if one uses an IPv6 routing protocol, of the “multi-hop multicast” or “unicast full-mesh” type, it suffices to replace the next hop (“next-hop”) by the global address of the router R k . Thus, in non-connected mode, the reachability between IF Aj and IF ⁇ of the same private virtual network VPN A is extended without loading the routing tables of the internal routers.
- This method therefore has two levels of encapsulation.
- IPv6 header options such as the "Destination Option”
- only one level of encapsulation is required.
- An important advantage of the mechanism implemented by the method according to the invention is that it can be used to more easily deploy a virtual private network (VPN) service which is offered by the operator. It also makes it possible to deploy such virtual networks (offered by the operator) between several operators for the same virtual private network VPN.
- VPN virtual private network
- Another advantage conferred by the invention consists in that it can be used to deploy solutions for aggregating IPv4 addressing plans and IPv6, and in that it saves operators from having to broadcast the prefixes of IF ⁇ interfaces throughout the Internet.
- MPLS label switched networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR0302116A FR2851706B1 (fr) | 2003-02-20 | 2003-02-20 | Procede pour l'interconnexion de reseaux prives virtuels en mode non connecte. |
FR0302116 | 2003-02-20 | ||
PCT/FR2003/003907 WO2004084495A1 (fr) | 2003-02-20 | 2003-12-24 | Procede pour l’interconnexion de reseaux prives virtuels en mode non connecte |
Publications (1)
Publication Number | Publication Date |
---|---|
EP1595362A1 true EP1595362A1 (de) | 2005-11-16 |
Family
ID=32799471
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP03816345A Ceased EP1595362A1 (de) | 2003-02-20 | 2003-12-24 | Verfahren zur verbindung virtueller privater netzwerke im nichtverbundenen modus |
Country Status (8)
Country | Link |
---|---|
US (1) | US20060179480A1 (de) |
EP (1) | EP1595362A1 (de) |
JP (1) | JP2006514496A (de) |
KR (1) | KR20050098950A (de) |
CN (1) | CN1754350A (de) |
AU (1) | AU2003304002A1 (de) |
FR (1) | FR2851706B1 (de) |
WO (1) | WO2004084495A1 (de) |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100739803B1 (ko) * | 2006-04-21 | 2007-07-13 | 삼성전자주식회사 | 이동 노드에서의 핸드오버 장치 및 방법 |
CN101552727B (zh) * | 2009-05-12 | 2011-06-22 | 杭州华三通信技术有限公司 | 一种报文发送和接收方法及运营商边缘路由器 |
US9210065B2 (en) * | 2009-06-22 | 2015-12-08 | Alcatel Lucent | Providing cloud-based services using dynamic network virtualization |
US20140122618A1 (en) * | 2012-10-26 | 2014-05-01 | Xiaojiang Duan | User-aided learning chatbot system and method |
US10749840B2 (en) * | 2016-07-08 | 2020-08-18 | Waldemar Augustyn | Network communication method and apparatus |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6339595B1 (en) * | 1997-12-23 | 2002-01-15 | Cisco Technology, Inc. | Peer-model support for virtual private networks with potentially overlapping addresses |
US7110375B2 (en) * | 2001-06-28 | 2006-09-19 | Nortel Networks Limited | Virtual private network identification extension |
-
2003
- 2003-02-20 FR FR0302116A patent/FR2851706B1/fr not_active Expired - Fee Related
- 2003-12-24 JP JP2004569500A patent/JP2006514496A/ja active Pending
- 2003-12-24 WO PCT/FR2003/003907 patent/WO2004084495A1/fr not_active Application Discontinuation
- 2003-12-24 EP EP03816345A patent/EP1595362A1/de not_active Ceased
- 2003-12-24 AU AU2003304002A patent/AU2003304002A1/en not_active Abandoned
- 2003-12-24 US US10/546,292 patent/US20060179480A1/en not_active Abandoned
- 2003-12-24 KR KR1020057015216A patent/KR20050098950A/ko not_active Application Discontinuation
- 2003-12-24 CN CNA2003801098632A patent/CN1754350A/zh active Pending
Non-Patent Citations (1)
Title |
---|
See references of WO2004084495A1 * |
Also Published As
Publication number | Publication date |
---|---|
FR2851706B1 (fr) | 2005-06-10 |
US20060179480A1 (en) | 2006-08-10 |
JP2006514496A (ja) | 2006-04-27 |
FR2851706A1 (fr) | 2004-08-27 |
AU2003304002A1 (en) | 2004-10-11 |
WO2004084495A1 (fr) | 2004-09-30 |
KR20050098950A (ko) | 2005-10-12 |
CN1754350A (zh) | 2006-03-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7225259B2 (en) | Service tunnel over a connectionless network | |
JP6009553B2 (ja) | インターネットプロトコルネットワーク上でイーサネットパケットをルーティングするための集中型システム | |
JP5081576B2 (ja) | Mac(メディアアクセスコントロール)トンネリング、その制御及び方法 | |
US8194664B2 (en) | Two-level load-balancing of network traffic over an MPLS network | |
US7512702B1 (en) | Method and apparatus providing highly scalable server load balancing | |
US7590123B2 (en) | Method of providing an encrypted multipoint VPN service | |
US8189585B2 (en) | Techniques for virtual private network fast convergence | |
US7486659B1 (en) | Method and apparatus for exchanging routing information between virtual private network sites | |
US8531941B2 (en) | Intra-domain and inter-domain bridging over MPLS using MAC distribution via border gateway protocol | |
US20040177157A1 (en) | Logical grouping of VPN tunnels | |
US20020150041A1 (en) | Method and system for providing an improved quality of service for data transportation over the internet | |
US20050265308A1 (en) | Selection techniques for logical grouping of VPN tunnels | |
US8014389B2 (en) | Bidding network | |
FR2978003A1 (fr) | Procede de routage d'un flux en mode non-stockage | |
EP2537299B1 (de) | Verwaltung privater virtueller netzwerke | |
US20070133570A1 (en) | System and/or method for bidding | |
US7280534B2 (en) | Managed IP routing services for L2 overlay IP virtual private network (VPN) services | |
EP1595362A1 (de) | Verfahren zur verbindung virtueller privater netzwerke im nichtverbundenen modus | |
FR2851705A1 (fr) | Procede de transmission des donnees reposant sur la hierarchie sonet/sdh | |
Li | Future internet services based on LIPS technology | |
FR2859340A1 (fr) | Transmission de trafic multipoint au sein d'un reseau de communication | |
Phung et al. | Internet acceleration with lisp traffic engineering and multipath tcp | |
US20220021599A1 (en) | System and method for carrying and optimizing internet traffic over a source-selected path routing network | |
Guedrez | Enabling traffic engineering over segment routing | |
WO2006090024A1 (fr) | Procede de gestion d'une interconnexion entre reseaux de telecommunication et dispositif mettant en oeuvre ce procede |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20050809 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LI LU MC NL PT RO SE SI SK TR |
|
AX | Request for extension of the european patent |
Extension state: AL LT LV MK |
|
DAX | Request for extension of the european patent (deleted) | ||
17Q | First examination report despatched |
Effective date: 20060630 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED |
|
18R | Application refused |
Effective date: 20070830 |