EP1595362A1 - Verfahren zur verbindung virtueller privater netzwerke im nichtverbundenen modus - Google Patents

Verfahren zur verbindung virtueller privater netzwerke im nichtverbundenen modus

Info

Publication number
EP1595362A1
EP1595362A1 EP03816345A EP03816345A EP1595362A1 EP 1595362 A1 EP1595362 A1 EP 1595362A1 EP 03816345 A EP03816345 A EP 03816345A EP 03816345 A EP03816345 A EP 03816345A EP 1595362 A1 EP1595362 A1 EP 1595362A1
Authority
EP
European Patent Office
Prior art keywords
network
vpn
routing
networks
pref
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
EP03816345A
Other languages
English (en)
French (fr)
Inventor
Vincent Jardin
Alain Ritoux
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
6WIND
Original Assignee
6WIND
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 6WIND filed Critical 6WIND
Publication of EP1595362A1 publication Critical patent/EP1595362A1/de
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/02Topology update or discovery
    • H04L45/04Interdomain routing, e.g. hierarchical routing

Definitions

  • the present invention relates to a method for the interconnection of virtual private networks in unconnected mode.
  • VPN Virtual Private Network
  • VPN virtual private network architecture There are mainly two main families of VPN virtual private network architecture:
  • the first of these two families of architecture directly links customer sites through tunnels (for example GRE, L2TP, IPsec) starting and ending at the level of the customer access router (CPE - "Customer Premises Equipment") which, by definition, is the last access router of the customer site which connects it to one or more operators.
  • CPE Customer Premises Equipment
  • This method presents for the client a certain flexibility and greater security since the client keeps control of his equipment.
  • it can be relatively cumbersome to manage, in particular because of:
  • N N (N - 1 - the large number of tunnels to be managed: - in the case of a
  • mesh network (of “full-mesh” type) comprising a number N of client access routers (CPE), - the number and distance of network equipment to configure for customer access routers (CPE), which may involve the travel of a technician in the event of incorrect configuration.
  • CPE client access routers
  • CPE customer access routers
  • the solution proposed in the second family of architecture consists in establishing the links of virtual private networks (VPN), not from client access routers (CPE) to client access routers, but from operator access routers (PE - "Premises Equipment”) with operator access routers (PE).
  • VPN virtual private networks
  • CPE client access routers
  • PE operator access routers
  • MPLS Multi Protocol Label Switching
  • MPLS Multi Protocol Label Switching
  • LSP Label Switch Path
  • MPLS label switched network
  • PE operator access routers
  • CPE customer access routers
  • ISP Internet service provider
  • MPLS Platform-to-Network Interface
  • the invention therefore more particularly aims to eliminate these drawbacks.
  • this method consists in installing in the access router (CPE or PE) a simple encapsulation mechanism making it possible to calculate a header of the messages that a sending site Ai wishes to send to a receiving site A j this header comprising at least a prefix PREF serv i ce regarding the service offered by the operator, a VPN identifier (VPN), a network prefix N j a j of the receptor site and a suffix Sx which consists of a bit field which can take any value.
  • CPE access router
  • PE access router
  • this method could use IPv6 type addressing according to which the addresses are coded on 128 bits.
  • the method according to the invention does not imply a migration to IPv6 networks of existing IPv4 private networks. As a result, users will be able to continue to use their IPv4 infrastructure and their private addressing plan transparently.
  • This process does not imply for the operator to update all the routers of his core network (“Core Network”) as is the case for label switching techniques (MPLS).
  • MPLS label switching techniques
  • Interconnections between operators' IPv6 networks can be done using IPv6 / IPv4 migration tunnels.
  • This method provides network traffic engineering services comparable to current VPN-MPLS tag switched virtual private network services using only the quality of service (QoS) mechanisms already existing in IPv6 networks (for example with the "FlowLabel" field of IPv6 headers).
  • QoS quality of service
  • the IP packet stream can be routed in unconnected mode through the core network.
  • the VPN VPN interconnection service is cheaper to deploy.
  • the automaticity obtained by the process according to the invention constitutes an appreciable advantage.
  • the IP packet stream can also be routed beyond an operator administrative management entity (“autonomous system”), while being confined to certain autonomous systems by suitable routing policy rules ("EBGP").
  • autonomous system operator administrative management entity
  • EBGP routing policy rules
  • IPsec IP security
  • QoS (quality of service) services existing in IP architectures can be reused without modification. It is an alternative to traffic engineering of label switched networks for core networks.
  • the single figure is a diagram of a network environment linked to the method according to the invention.
  • the single figure shows two virtual networks VPN A , VPN B , respectively in broken lines and in dotted lines respectively comprising n, n 'sites, namely: Ai ... A n , Bi ... B n > as well as respectively m, m 'local networks Ni ... N m , N'i ... N' m > each having a coherent addressing.
  • These local networks are connected to p routers Ri ... R p of PE or CPE type, via n interfaces IF A ⁇ ... IF An and n 'interfaces IF B ⁇ , IF B2 • • • IF B ⁇ ' - IF A1 and are respectively the interfaces of sites A !
  • the interfaces IF B ⁇ , IF B2 , IF Bn r are respectively the interfaces of the sites B 15 B 2 , B n >.
  • These interfaces can be virtual or physical.
  • Several interfaces IF A ⁇ ... IF ⁇ - IF B1 , IF B2 ... IF Bn ' ) can be on the same router.
  • the routers Ri ... R p comprise the two stacks of Internet protocols IPv4 and IPv6.
  • the problem which the invention aims to solve can be stated as follows: "If we denote by Ni (1 ⁇ i ⁇ m) a network prefix of a site A k (1 ⁇ k ⁇ n) to which the site A j (1 ⁇ j ⁇ n) wishes to send messages in the form of IP parquets, one of the tasks which the method according to the invention will have to perform is the determination by the network of the manner in which an IP packet which arrives on the IF Aj interface can be transmitted to the IF Ak interface.
  • the solution that the invention proposes to solve this problem consists in constructing the destination address IF A from the prefix of the service PREF service offered by the operator, the identifier of the virtual private network VPN and the network prefix i of destination site A k .
  • This address which is then used to resolve routing problems, takes the following form:
  • PREF Serv i ce / M is the network prefix used for the service offered by the operator
  • Ni / Mi is one of the prefixes (IPv4 or IPv6) of the destination site A k which can be reached by the destination interface IF ⁇
  • VPN A is the identifier of the common virtual private network to which the sites A j and A k belong, VPN A being coded on M VPN bits
  • Sx is a bit field which can take any value and is a suffix of the address.
  • the single figure specifies the place where the mechanism intervenes in architecture. It presents the routing of IP packets in the network and highlights the modification made by the ME mechanism concerning the header (taking VPN B as an example here).
  • This ME mechanism for interconnection of virtual private networks is located in an operator access router (PE) located on the edge of the RC network (“Core Network”), here the router R 2 .
  • PE operator access router
  • This ME mechanism encapsulates the PA packets and assigns a new header to the packets thus encapsulated.
  • These PA packets can then be decapsulated by the operator access router (PE) here R p or by the client access router (CPE) associated with the destination network, here B n >.
  • the local area network Bi which wishes to send messages to the destination local area network B n . uses an R 2 access router for the encapsulation of packets, on the edge of the RC core network.
  • This encapsulation is carried out thanks to an interconnection mechanism using a routing table TR which makes it possible to determine by which nodes the IP packets pass inside the core network RC.
  • This mechanism makes it possible to associate with the original IP packet a new header including here the address of the interface IF Bn ' of the site B n ⁇ (@E DS ⁇ k ) to which the sending site Bi wishes to send the IP packets.
  • Examples I to VII illustrate the principle of determining an address of IF A in the case where an infrastructure of the IPv4 type is used:
  • VPN A / M VPN 6100/16 (common virtual private network identifier)
  • Nj / Mi 10.10.1.0/23 (0a.0a: 01.00 / 23) (site prefix A k )
  • PREF service / M 2001: baba: 1234 :: / 48
  • Ni / Mi 10.10.1.0/23 (0a.0a.01.00 / 23)
  • the PREF fee element allows you to have an IF ⁇ address of 128 bits for example.
  • VPN A / M VPN 6100/16
  • Ni / Mi fec0: cafe: deca: clc0 :: / 64
  • This example relates to an application of the invention to a 4in6 or 6in6 type encapsulation.
  • This type of encapsulation consists of transporting an IPv4 packet (case of a 4in6 encapsulation) or LPv6 (case of a 6rn6 encapsulation) inside an IPv6 packet.
  • E SRCj PREF service : PREF feed : VPN A : N n :: Sx
  • E DSTk PREF service : PREF feed: VPN A : Ni :: Sx
  • - PREF service / M is the network prefix used by the service offered by the operator
  • Ni are the addresses (in IPv4, the full address or in IPv6, only the first 64 bits) source and destination of a flow between two terminals of the sites A j and A k
  • - VPN A is the identifier of the common virtual private network to which the sites A j and A k belong, which is on M VPN bits.
  • This example concerns a transmission analogous to that of example V in the case of a virtual private network VPN of the IPv6 type.
  • E SRC J 2001: baba: 1234: 6100: fec0: cafe: deca: c2c0
  • E DSTk 2001: baba: 1234: 6100: fec0: cafe: deca: clc0.
  • the routing of data to its destination poses a problem which depends on the number of private virtual networks to be served. It involves the construction of a routing table which can use the existing routing of the operator or a routing protocol with distribution of the “multi-hop” type, it being understood that the first solution which uses the routing of the operator does not allow no aggregation, while the second solution evokes an aggregation solution.
  • the prefix of the IF Ak interface of the router R k is redistributed by a standard routing protocol (for example of the BGP, OSPFv3, RIPng type), then the frames which have a destination address E DSTk , which is included in this prefix, are routed naturally to the IF ⁇ interface.
  • a standard routing protocol for example of the BGP, OSPFv3, RIPng type
  • the routing tables all have approximately N times M more routes. This solution is acceptable as long as the product N - is much smaller than an IPv4 routing table (ie 120,000 entries) with a growth of around 20 entries per year.
  • This solution uses a routing protocol with “multi-hop” distribution corresponding to a version of routing protocol “RIPng or OSPFv3” modified to support a multipoint broadcast (“multicast”) beyond several nodes. They can also consist of proprietary protocols or the protocol called "MP-BGP4".
  • the problem is equivalent to the discovery of the addresses of the interfaces IF ⁇ of the router R in order to transmit the payload to it. Consequently, if one uses an IPv6 routing protocol, of the “multi-hop multicast” or “unicast full-mesh” type, it suffices to replace the next hop (“next-hop”) by the global address of the router R k . Thus, in non-connected mode, the reachability between IF Aj and IF ⁇ of the same private virtual network VPN A is extended without loading the routing tables of the internal routers.
  • This method therefore has two levels of encapsulation.
  • IPv6 header options such as the "Destination Option”
  • only one level of encapsulation is required.
  • An important advantage of the mechanism implemented by the method according to the invention is that it can be used to more easily deploy a virtual private network (VPN) service which is offered by the operator. It also makes it possible to deploy such virtual networks (offered by the operator) between several operators for the same virtual private network VPN.
  • VPN virtual private network
  • Another advantage conferred by the invention consists in that it can be used to deploy solutions for aggregating IPv4 addressing plans and IPv6, and in that it saves operators from having to broadcast the prefixes of IF ⁇ interfaces throughout the Internet.
  • MPLS label switched networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)
EP03816345A 2003-02-20 2003-12-24 Verfahren zur verbindung virtueller privater netzwerke im nichtverbundenen modus Ceased EP1595362A1 (de)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
FR0302116A FR2851706B1 (fr) 2003-02-20 2003-02-20 Procede pour l'interconnexion de reseaux prives virtuels en mode non connecte.
FR0302116 2003-02-20
PCT/FR2003/003907 WO2004084495A1 (fr) 2003-02-20 2003-12-24 Procede pour l’interconnexion de reseaux prives virtuels en mode non connecte

Publications (1)

Publication Number Publication Date
EP1595362A1 true EP1595362A1 (de) 2005-11-16

Family

ID=32799471

Family Applications (1)

Application Number Title Priority Date Filing Date
EP03816345A Ceased EP1595362A1 (de) 2003-02-20 2003-12-24 Verfahren zur verbindung virtueller privater netzwerke im nichtverbundenen modus

Country Status (8)

Country Link
US (1) US20060179480A1 (de)
EP (1) EP1595362A1 (de)
JP (1) JP2006514496A (de)
KR (1) KR20050098950A (de)
CN (1) CN1754350A (de)
AU (1) AU2003304002A1 (de)
FR (1) FR2851706B1 (de)
WO (1) WO2004084495A1 (de)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100739803B1 (ko) * 2006-04-21 2007-07-13 삼성전자주식회사 이동 노드에서의 핸드오버 장치 및 방법
CN101552727B (zh) * 2009-05-12 2011-06-22 杭州华三通信技术有限公司 一种报文发送和接收方法及运营商边缘路由器
US9210065B2 (en) * 2009-06-22 2015-12-08 Alcatel Lucent Providing cloud-based services using dynamic network virtualization
US20140122618A1 (en) * 2012-10-26 2014-05-01 Xiaojiang Duan User-aided learning chatbot system and method
US10749840B2 (en) * 2016-07-08 2020-08-18 Waldemar Augustyn Network communication method and apparatus

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6339595B1 (en) * 1997-12-23 2002-01-15 Cisco Technology, Inc. Peer-model support for virtual private networks with potentially overlapping addresses
US7110375B2 (en) * 2001-06-28 2006-09-19 Nortel Networks Limited Virtual private network identification extension

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO2004084495A1 *

Also Published As

Publication number Publication date
FR2851706B1 (fr) 2005-06-10
US20060179480A1 (en) 2006-08-10
JP2006514496A (ja) 2006-04-27
FR2851706A1 (fr) 2004-08-27
AU2003304002A1 (en) 2004-10-11
WO2004084495A1 (fr) 2004-09-30
KR20050098950A (ko) 2005-10-12
CN1754350A (zh) 2006-03-29

Similar Documents

Publication Publication Date Title
US7225259B2 (en) Service tunnel over a connectionless network
JP6009553B2 (ja) インターネットプロトコルネットワーク上でイーサネットパケットをルーティングするための集中型システム
JP5081576B2 (ja) Mac(メディアアクセスコントロール)トンネリング、その制御及び方法
US8194664B2 (en) Two-level load-balancing of network traffic over an MPLS network
US7512702B1 (en) Method and apparatus providing highly scalable server load balancing
US7590123B2 (en) Method of providing an encrypted multipoint VPN service
US8189585B2 (en) Techniques for virtual private network fast convergence
US7486659B1 (en) Method and apparatus for exchanging routing information between virtual private network sites
US8531941B2 (en) Intra-domain and inter-domain bridging over MPLS using MAC distribution via border gateway protocol
US20040177157A1 (en) Logical grouping of VPN tunnels
US20020150041A1 (en) Method and system for providing an improved quality of service for data transportation over the internet
US20050265308A1 (en) Selection techniques for logical grouping of VPN tunnels
US8014389B2 (en) Bidding network
FR2978003A1 (fr) Procede de routage d'un flux en mode non-stockage
EP2537299B1 (de) Verwaltung privater virtueller netzwerke
US20070133570A1 (en) System and/or method for bidding
US7280534B2 (en) Managed IP routing services for L2 overlay IP virtual private network (VPN) services
EP1595362A1 (de) Verfahren zur verbindung virtueller privater netzwerke im nichtverbundenen modus
FR2851705A1 (fr) Procede de transmission des donnees reposant sur la hierarchie sonet/sdh
Li Future internet services based on LIPS technology
FR2859340A1 (fr) Transmission de trafic multipoint au sein d'un reseau de communication
Phung et al. Internet acceleration with lisp traffic engineering and multipath tcp
US20220021599A1 (en) System and method for carrying and optimizing internet traffic over a source-selected path routing network
Guedrez Enabling traffic engineering over segment routing
WO2006090024A1 (fr) Procede de gestion d'une interconnexion entre reseaux de telecommunication et dispositif mettant en oeuvre ce procede

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20050809

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LI LU MC NL PT RO SE SI SK TR

AX Request for extension of the european patent

Extension state: AL LT LV MK

DAX Request for extension of the european patent (deleted)
17Q First examination report despatched

Effective date: 20060630

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED

18R Application refused

Effective date: 20070830