WO2006002598A1 - Systeme vpn de reseau federateur hybride a site hybride et son procede de mise en oeuvre - Google Patents

Systeme vpn de reseau federateur hybride a site hybride et son procede de mise en oeuvre Download PDF

Info

Publication number
WO2006002598A1
WO2006002598A1 PCT/CN2005/000959 CN2005000959W WO2006002598A1 WO 2006002598 A1 WO2006002598 A1 WO 2006002598A1 CN 2005000959 W CN2005000959 W CN 2005000959W WO 2006002598 A1 WO2006002598 A1 WO 2006002598A1
Authority
WO
WIPO (PCT)
Prior art keywords
ipv4
ipv6
route
domain
site
Prior art date
Application number
PCT/CN2005/000959
Other languages
English (en)
Chinese (zh)
Inventor
Defeng Li
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Publication of WO2006002598A1 publication Critical patent/WO2006002598A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4604LAN interconnection over a backbone network, e.g. Internet, Frame Relay
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/02Topology update or discovery
    • H04L45/04Interdomain routing, e.g. hierarchical routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/167Adaptation for transition between two IP versions, e.g. between IPv4 and IPv6

Definitions

  • the present invention relates to a virtual private network technology, and in particular, to a virtual network hybrid network of the Internet Protocol version 4 (IPv4) and the Internet Protocol version 6, IPv6 hybrid network. Private network system and its implementation method. Background of the invention
  • VPN Virtual Private Networking
  • Internet Internet public network or carrier network resources as a continuation of the enterprise-specific network, saving expensive leased line charges, while VPN can be guaranteed by tunneling protocols, authentication and data encryption technologies. The security of communication is welcomed by business users.
  • VPN virtual private network
  • enterprises can bring many benefits. For example, by using VPN, enterprises can save a lot of daily communication costs of enterprises; can conduct distance education and remote monitoring to achieve unified management of enterprises; safety. It can be foreseen that VPN is an inevitable trend of enterprise internal network design, information management and circulation.
  • the applied VPNs are based on IPv4 networks, that is, the backbone networks and sites that make up the VPN are all in the IPv4 network.
  • RFC Request for Comments
  • the VPN device is located on the network side.
  • the carrier provides VPN services for users.
  • the user equipment does not need to be aware of VPN. It is only connected to the PE provided by the operator. Ready.
  • the following is a brief introduction to the basic principles of implementing this solution.
  • the model of Multi-Protocol Label Switching (MPLS) Layer 3 (L3) VPN defined by RFC2547bis is shown in Figure 1.
  • the model consists of three components: The edge of the user network at the edge of the customer premises network A Custom Edge Router (CE), a Provider Edge Router (PE) at the edge layer of the backbone network, and a Provider Router (P) at the core layer of the backbone network.
  • CE Custom Edge Router
  • PE Provider Edge Router
  • P Provider Router
  • the CE router is an integral part of the customer premises network.
  • the interface is directly connected to the carrier's backbone network.
  • the CE router does not know the existence of the VPN and does not need to maintain the entire routing information of the VPN.
  • the PE router is the carrier.
  • the edge device of the network is directly connected to the CE router of the user.
  • the MPLS network all processing of the VPN is performed on the PE router; the P router is in the carrier network and is not directly connected to the CE router, and the P. router has MPLS. Basic signaling capabilities and forwarding capabilities.
  • Those skilled in the art can understand that the division of CE and PE is mainly divided by the management scope of operators and users, and CE and PE are the boundaries of the management scope of both.
  • An external border gateway protocol can be used between the CE router and the PE router (External
  • BGP EBGP
  • IGP Interior Gateway Protocol
  • Static routes can also be used.
  • the CE does not need to support MPLS. It does not need to perceive the entire network route of the VPN.
  • the entire network route of the VPN is outsourced to the operator.
  • the PE exchanges the entire network routing information of the VPN through the Multi-Protocol Border Gateway Protocol (MP-BGP).
  • MP-BGP Multi-Protocol Border Gateway Protocol
  • the VPN is composed of multiple user sites (Site).
  • each site corresponds to a VPN routing/forwarding instance (VRF), which mainly includes: Protocol (Internet Protocol, IP) routing table, labeling of the forwarding table, a series of interfaces using the label forwarding table, and management information.
  • the interface and management information includes a route distinguisher (RD), a route filtering policy, and Member interface list, etc.
  • RD route distinguisher
  • RD route filtering policy
  • Member interface list etc.
  • each site is associated with a separate VRF.
  • the VRJF of the Site in the VPN actually integrates the VPN membership and routing rules of the site.
  • the system maintains a separate routing table and label forwarding table for each VRF, and stores packet forwarding information in each VRF routing table and label forwarding table. This prevents data from leaking out of the VPN and prevents data from entering outside the VPN.
  • the routers use the Border Gateway Protocol (BGP) to advertise VPN routes.
  • BGP communication is performed at two levels.
  • the internal autonomous system (AS) uses the internal border gateway protocol (IBGP), AS.
  • EBGP is used between.
  • a PE-PE session is an IBGP session, and IGP or BGP can be used between the PE and the CE.
  • the VPN composition information and route propagation between BGP routers are implemented by BGP (Multiprotocol extensions BGP, MP-BGP).
  • MP-BGP Multiprotocol extensions BGP, MP-BGP is backward compatible. It can support both traditional IPv4 address families and other address families, such as VPN-IPv4 address families.
  • the route target carried by MP-BGP ensures that the route of a specific VPN can only be known by other members of the VPN, making communication between BGP MPLS VPN members possible. For details about MP-BGP, see RFC2283.
  • CE and PE communicate routing information through Interior Gateway Protocol (IGP) or EBGP.
  • IGP Interior Gateway Protocol
  • EBGP EBGP
  • the PE obtains the routing table of the VPN and stores it in a separate VRF.
  • Each PE uses IGP to ensure normal IP connectivity, and IBGP is used to propagate VPN composition information and 'routes' and complete their VRF updates.
  • the PE then updates the routing table of the CE through the routing exchange with the directly connected CE, thereby completing the routing exchange between the CEs.
  • a VPN-IPv4 address has 12 bytes, starting with an 8-byte RD, followed by ' 4-byte IPv4 address.
  • the PE uses RD to identify routing information from different VPNs. Operators can allocate RDs independently, but they need to use their dedicated AS number as part of the RD to guarantee the global uniqueness of each RD.
  • a VPN-IPv4 address with zero RD is synonymous with a globally unique IPv4 address.
  • the VPN-IPv4 address can remain globally unique even if the 4-byte IPv4 address contained in the VPN-IPv4 address overlaps.
  • the route that the PE receives from the CE is an IPv4 route and needs to be imported into the VRF routing table. In this case, an R is required. In a typical implementation, the same RD is set for all routes from the same user site.
  • the Route Target attribute is used to identify the set of sites that can use a route, that is, which stations can be received by the site, and which PE routers can receive which routes are transmitted by the site.
  • a PE router connected to the site specified in the Route Target will receive a route with this attribute. After receiving the route containing this attribute, the PE router adds it to the corresponding routing table.
  • a PE router has two sets of Route Target attributes: one set is attached to the route received from a certain site, called Export Route Targets; the other set is used to determine which routes can be imported into the routing table of the site, You can obtain the VPN membership by using the Route Target attribute carried in the route.
  • the matching route target attribute can be used to filter the routing information received by the PE router.
  • Figure 2 is a schematic diagram of filtering received routes by matching the Route Target attribute.
  • the MPLS VPN routing information enters the PE router, if the Export Route Targets collection has the same item as the Import Route Targets collection, the route is received. If the Export Route Targets collection has no identical items with the Import Route Targets collection, the route is rejected.
  • VPN packet forwarding uses a two-layer labeling method.
  • the first layer that is, the outer label is exchanged inside the backbone network, and represents a Label Switched Path (LSP) from the PE to the peer (PEER) PE.
  • LSP Label Switched Path
  • PEER peer
  • the VPN packet uses this layer.
  • the tag can then reach the peer PE along the LSP.
  • the second layer that is, the inner layer label, is used when the peer PE arrives at the CE.
  • the inner label indicates which station the message arrives, or more specifically, which CE is reached. In this way, according to the inner label, the interface for forwarding the message can be found.
  • the problem of how to reach the peer PE does not exist. It only needs to be solved how to reach the peer CE.
  • IPv4 Internet Engineering Task Force
  • IPv6 In order to continue to provide various services in the IPv4 environment during the evolution from IPv4 to IPv6, the VPN solution on the IPv6 network must be studied simultaneously. Since IPv6 itself is still in the experimental stage, there is no formal large-scale commercial use, and there is no formal VPN service application under the IPv6 network.
  • Each IPv6 site is connected to at least one dual stack of the IPv4 backbone network and supports MP-BGP PE routers, that is, the 6PE routers shown in FIG.
  • the 6PE router is called a double stack BGP (DS-BGP) router, that is, a DS-BGP router.
  • the DS-BGP router has at least one IPv4 address on the IPv4 side and at least one IPv6 address on the IPv6 side, and the IPv4 address must be routable in the IPv4 network.
  • Routes in IPv6 sites follow standard IPv6 routing protocols, such as Open Shortest Path First Version 3 (OSPFv3), Information Society Initiatives in Standardization version 6, ISISv6, or Next Generation Routing Information Protocol Information Protocol next generation (RIPng), which does not need to be advertised to the IPv4 backbone network. It only needs to be terminated by BGP4+ on the DS-BGP router, but it needs to exchange IPv6 network layer reachability information through the MP-BGP4 between the DS-BGP routers.
  • OSPFv3 Open Shortest Path First Version 3
  • ISISv6 Information Society Initiatives in Standardization version 6
  • RIPng Next Generation Routing Information Protocol Information Protocol next generation
  • the outgoing DS-BGP router uses its own address as the next hop for these routes when advertising routes to the ingress DS-BGP router; IPv6 data from the ingress DS-BGP router when the packet is forwarded
  • the packet is transparently transmitted to the egress DS-BGP router through an MPLS tunnel, that is, an LSP.
  • the DS-BGP router advertises its own address as the next hop of the BGP route. It can use the IPv4 address and use the MPLS tunnel or other IPv4 address-based tunnels, such as the Generic Route Encapsulation (GRE) protocol tunnel, and the IP security protocol.
  • GRE Generic Route Encapsulation
  • IP Security Protocol IPsec
  • IPsec IP Security Protocol
  • IASATAP Intra-Site Automatic Tunnel Access Protocol
  • IPv4 networks and IPv6 networks both user networks and backbone networks may be IPv4 networks or IPv6 networks, or IPv4/IPv6 hybrid networks. This requires VPN services under the new generation network to adapt to complex network environments and can be applied to IPv4 networks, IPv6 networks, or IPv4/IPv6 hybrid networks.
  • the DS-BGP used in this solution cannot support the IPv4 site. If the ordinary BGP router is used instead, the NLRI exchange cannot be implemented.
  • the function and the routing learning and publishing of the VPN in the existing technical solution are performed in the IPv4 network, and the router learning and publishing in the hybrid backbone network cannot be supported, so the routing learning release of the VPN based on the hybrid backbone network is not supported and Data forwarding. Summary of the invention
  • a main object of the present invention is to provide a virtual private network system of a hybrid site hybrid backbone network, in which sites based on different IP versions can access each other and perform VPN through backbone networks based on different IP versions. business.
  • Another main object of the present invention is to provide a method for implementing a virtual private network of a hybrid site hybrid backbone network, which enables sites based on different IP versions to access each other and perform VPN services through backbone networks based on different IP versions. .
  • the present invention provides a virtual private network system of a hybrid site hybrid backbone network, including a virtual private network user site, a user network edge router CE, a backbone network edge router PE, and a bone network.
  • the user sites transmit data to each other through the CE and the PE accessing the backbone network
  • the virtual private network system includes a user site based on the Internetwork Interconnection Protocol version 4 IPv4 and the sixth version IPv6;
  • the backbone network includes multiple IPv4 autonomous domains and IPv6 autonomous domains;
  • An autonomous domain in the backbone network is the primary autonomous domain PAS, and the non-PAS autonomous domain in the backbone network is the secondary autonomous domain DAS; the PAS and the DAS communicate with each other through an autonomous system border router ASBR supporting IPv4 and IPv6 dual protocol stacks. Connection
  • the ASBR of the PAS stores an inter-domain route established by the PE with the DAS;
  • the CE supports an IPv4 protocol stack or an IPv6 protocol stack or an IPv4 and IPv6 dual protocol stack, which stores IPv4 routes or/and IPv6 routes;
  • the PE supports an IPv4 protocol stack or an IPv6 protocol stack or an IPv4 and IPv6 dual protocol stack, and the PE of the PAS stores an IPv4 route and an IPv6 route; the PE of the DAS stores an IPv4 route, an IPv6 route, and an ASBR established with the PAS. Cross-domain routing;
  • the user sites transmit data according to routes stored by the CE and the PE.
  • the primary autonomous domain may be an IPv6 autonomous domain that includes the most PEs connecting the sites in the backbone network.
  • the DAS directly connected to the PAS in the backbone network may be a first layer of DAS; the system further includes one or more layers of DAS, and the next layer of DAS is connected to the upper layer of DAS through the ASBR;
  • the ASBR of the upper-layer DAS stores the inter-domain routes established with the PEs of the next-layer DAS.
  • the PEs of the next-layer DAS store the IPv4 routes, IPv6 routes, and inter-domain routes established with the ASBRs of the upper-layer DAS.
  • the CE and the PE that are connected to the user site and the autonomous domain support an IPv4 and IPv6 dual protocol stack.
  • the CE stores IPv4 routes and IPv6 routes for the IPv4 user sites that need to access the IPv6 user site.
  • the CE that stores IPv6 user sites that need to access IPv4 user sites only stores IPv6 routes.
  • the CE For a IPv4 user site that only accesses an IPv4 user site, the CE only stores IPv4 routes.
  • the present invention provides a method for implementing a virtual private network of a hybrid site hybrid backbone network.
  • the method uses the above-mentioned virtual private network system.
  • the process of the virtual private network service includes the following steps:
  • IPv4 and IPv6 user sites Addressing IPv4 and IPv6 user sites to form IPv4 and IPv6 address information in a uniform format
  • the user site and the backbone network learn and advertise the routes, and advertise the inter-domain routes established by the IPv4 routing, the IPv6 routing, and the ASBR of the PAS and the PE of the DAS to the PE in the system and the CE connected to the PE;
  • the data packet of the user site is based on the path learned by the CE and the PE in the step B.
  • the method for addressing the IPv4 and IPv6 user sites in the step A may be:
  • the IPv4 user site adopts a "router classifier + IPv4 address" form to form an IPv4 address with an address family identifier of 1; a route distinction is used between an IPv4 user site and an IPv6 user site, and between IPv6 user sites.
  • the format of the character + IPv6 address which constitutes an IPv6 address with an address family identifier of 2.
  • the IPv4 user site that communicates with the IPv6 user site, after mapping the IPv4 address A.B.C.D to the IPv6 address in the form of 0::A:B:C:D, combines with the route specifier to form an IPv6 address with an address family identifier of 2.
  • the method may further include: layering the backbone network when the backbone network further includes a DAS not directly connected to the PAS; setting the DAS directly connected to the PAS as the first layer DAS, and the DAS connected to the first layer DAS For the second layer, and so on;
  • the step B may include:
  • the CE advertises the route of the aggregated IPv4 user site or IPv6 user site to the PE connected to it;
  • the PE of the upper layer advertises the route learned by the CE to the PE and/or ASBR of the local domain.
  • the PE of the next layer advertises the route from the CE or the learned PE to the PE in the local domain and the upper-layer autonomous domain and the local domain. Connected ASBR;
  • the ASBR in the upper-layer autonomous domain advertises the route learned from the local domain to the PE of the lower-layer autonomous domain, and advertises the route learned from the lower-layer autonomous domain to the PE of the local domain.
  • the PE routers in each autonomous domain advertise routes learned from other PE routers or / and ASBRs to the CE routers connected to them; the CE routers save them after receiving IPv4 routes or / and IPv6 routes.
  • the step B2 may further include:
  • the 'inter-area route between the next-layer PE and the ASBR connected to the local domain in the upper-layer autonomous domain is stored.
  • the step B2 may further include: The PE router learns the IPv4 route and the IPv6 route learned from the CE router according to the VPN and route IP version to which the route identifier D, the address family identifier AFL, and the subsequent address family identifier SAFI are formed.
  • the RD, the AFL SAFI, and the route target group are formed. Route information of the route type, IPv4 address, or IPv6 address.
  • step B2 routing between the PE and the PE in the autonomous domain, and between the PE and the ASBR through the internal border gateway protocol based on the IP version of the local autonomous domain, and the user site of the CE connected to the PE;
  • the next-layer PE advertises the route to the ASBR connected to the local domain in the upper-layer autonomous domain by using the multi-protocol external border gateway protocol based on the IP version of the local autonomous domain.
  • the ASBR in the upper-layer autonomous domain advertises the route to the PE of the lower-layer autonomous domain through the multi-protocol external border gateway protocol based on the IP version of the next-layer autonomous domain; and the internal version based on the IP version of the local autonomous domain
  • the border gateway protocol advertises the learned route to the PE of the local domain
  • the PE advertises the learned route to the peer PE in the domain through the internal border gateway protocol based on the IP version of the local autonomous domain.
  • the step B4 may include the following substeps:
  • the CE connected to the IPv4 user site and the PE connected to the CE, and run the IPv6-based routing protocol to learn the route; the PE converts the saved IPv4 user site route from the ABCD/H form to 0::A: B: C: D / (96 + n) IPv6 routing, issued to the CE through the IPv6 routing protocol;
  • the CE restores the IPv6 route to the IPv4 route in the form of ABCD/n, and saves the route of the IPv6 user site as IPv6. routing.
  • the step B4 may be packaged.
  • the following substeps are included:
  • the CE connected to the IPv6 user site and the PE connected to the CE, and run an IPv6-based routing protocol to learn the route;
  • the CE directly stores the route of the IPv4 user site as an IPv6 route in the form of 0::A:B:C:D/(96+n), and saves the route of the IPv6 user site to the original form.
  • step B For an IPv4 user site that only accesses the IPv4 user site, in the step B, only the IPv4 routing protocol is run between the CE connected to the IPv4 user site and the PE connected to the CE, and only other IPv4 user sites are learned and saved. IPv4 routes, dropping IPv6 routes.
  • the PE determines whether to learn and publish to the user site according to the route target extended community attribute of the multi-protocol border gateway protocol.
  • step C the inner label is allocated by the ingress PE, and is used to distinguish different user sites that are connected by the same ingress PE, and the inner label is advertised to the corresponding egress PE along with the route when the route is advertised;
  • the outer label is allocated in autonomous domain by a label distribution protocol running a label distribution protocol, a resource reservation protocol-traffic engineering or a constraint routing, and between different autonomous domains, the ASBR passes between the autonomous domains.
  • the protocol external border gateway protocol is allocated for the bidirectional connection of the ASBR, and is used for forwarding data packets in the backbone network.
  • the step D may include the following sub-steps:
  • the egress PE performs data forwarding of the inter-network interconnection protocol between the egress PE and the destination user site according to the inner layer label and the stored routing table.
  • the step D2 may include the following sub-steps: D21, after adding the inner layer label of the destination station to the data packet on the ingress PE, adding an outer label allocated in the autonomous domain where the ingress PE is located;
  • the ASBR forwards the data packet to an ASBR of a next adjacent autonomous domain according to an outer label allocated between the ASBRs;
  • the ASBR forwards the data packet to the egress PE.
  • the topology relationship between the user sites can be implemented by matching route target community attributes.
  • the virtual private network system of the hybrid site hybrid backbone network of the present invention and the implementation method thereof are different from the prior art in that: the present invention performs a master-slave relationship on the autonomous domain of the multi-domain backbone network.
  • the route is advertised by the corresponding MP-IBGP according to the IP version of the local autonomous domain.
  • Multi-hop MP-EBGP is used to advertise routes between neighboring autonomous domains, and IPv4/IPv6 dual routes are run on the CE and PE.
  • the VPN forwards the VPN data according to the IP address distribution label in the autonomous domain, so as to implement the VPN of the multi-domain backbone network of the hybrid site.
  • the VPN can be formed when the user network and the backbone network transition from IPv4 to IPv6, so that the solution of the VPN during the transition period has greater flexibility.
  • FIG. 1 is a schematic diagram of a system composition of an MPLS L3 VPN defined by RFC 2547 bis;
  • FIG. 2 is a schematic diagram of filtering received routes by matching a Route Target attribute;
  • 3 is a schematic diagram of a system configuration of a 6PE solution implementing BGP/MPLS VPN;
  • FIG. 4 is a schematic diagram of a VPN system configuration of a hybrid site hybrid backbone network according to a first preferred embodiment of the present invention;
  • FIG. 5 is a schematic diagram of a VPN system composition of a hybrid site hybrid backbone network according to a second preferred embodiment of the present invention.
  • FIG. 6 is a schematic diagram of a VPN system composition of a hybrid site hybrid backbone network according to a third preferred embodiment of the present invention.
  • FIG. 7 is a schematic diagram of a VPN system composition of a hybrid site hybrid backbone network according to a fourth preferred embodiment of the present invention. Mode for carrying out the invention
  • DAS Dependent ASs
  • the hierarchical relationship of each DAS can also be determined according to the connection relationship between the DAS and the PAS.
  • the DAS directly connected to the PAS is the first layer DAS
  • the DAS connected to the first layer DAS and not directly connected to the PAS is the second layer DAS, and so on, determining the hierarchical relationship of each autonomous domain in the backbone network.
  • Multi-Probt External BGP (Multi-hop MP) is established between the Autonomous System Border Router (ASBR) in the PAS or the upper-layer DAS and the PE in the next-layer DAS.
  • -EBGP Autonomous System Border Router
  • -EBGP Internet Engineering Task Force
  • Data forwarding, and the VPN route advertisement and data forwarding between the PEs in each autonomous domain respectively pass the multi-protocol internal border gateway protocol based on the IP protocol version (IPv4 or IPv6) of the local autonomous domain in the local autonomous domain (Multi- Protocol Internal BGP, MP-IBGP) and intra-domain tunneling.
  • IPv4 or IPv6 IP protocol version
  • MP-IBGP Multi- Protocol Internal BGP
  • a certain address and route conversion processing is also performed.
  • the virtual private network system of the hybrid site hybrid backbone network of the present invention comprises a backbone network and a user network.
  • the backbone network is used to advertise VPN routes, establish switching paths, and complete data exchange.
  • the backbone network consists of autonomous domains with different address families.
  • the ASs are connected by ASBRs at the edge of the autonomous domain. That is, the backbone network may include one or more IPv4 autonomous domains and one or more IPv6 autonomous domains.
  • the IPv4 autonomous domain and the IPv6 autonomous domain are connected by an ASBR that supports the IPv4 and IPv6 dual protocol stacks.
  • each autonomous domain also includes the original P router and PE router.
  • the PE router configures the IPv4 protocol stack or the IPv6 protocol stack or the IPv4 and IPv6 dual protocol stacks according to the network connection.
  • the routes advertised by the backbone network include VPN-IPv4 routes and VPN-IPv6 routes. Route learning is performed on the backbone network to establish a VPN switching path.
  • the route of the user site connected to the PE router is advertised.
  • the PE of the upper-layer autonomous system and the ASBR also advertise the routes of the user sites connected to the PE routers based on the MP-IBGP version of the IP protocol of the local autonomous domain.
  • the ASBR of the upper-layer autonomous system advertises the received route to the PE of the local autonomous domain and the ASBR of the upper-layer autonomous system (if any), and then the ASBR of the upper-layer autonomous system advertises the received route to the PE of the local autonomous domain.
  • the ASBR of the upper-level autonomous system (if any) is issued in turn until the PE and ASBR in the PAS.
  • the user network contains the CE router connected to the backbone network and the user stations connected to it.
  • the user site has both an IPv4 site and an IPv6 site, and each user site contains multiple hosts with different addresses.
  • the CE router supports the corresponding protocol stack according to the IP version of the user network and the IP version of the autonomous system to which it is connected.
  • the PE router supports the corresponding protocol stack according to the IP version of the autonomous system to which it belongs and the IP version of the user site to which it is connected. For example, the CE router and the corresponding PE router of the IPv4 site connected to the IPv4 backbone network only need to support the IPv4 protocol stack.
  • the CE and the corresponding PE of the IPv6 site connected to the IPv6 backbone network only need to support the IPv6 protocol stack and connect to the IPv4 backbone.
  • the CE of the IPv6 site of the network and the CE of the IPv4 site connected to the IPv6 backbone network and the PE device accessing these CEs all need to support the IPv4/IPv6 dual protocol stack.
  • routers in IPv4 sites that need to access IPv6 sites need to save IPv6 routes. That is, these IPv4 sites need to support IPv4-IPv6 hybrid address scheme.
  • the backbone network includes an IPv4 autonomous domain and an IPv6 autonomous domain two autonomous domains.
  • the IPv6 autonomous domain is the PAS
  • the IPv4 autonomous domain is the DAS.
  • the multi-hop MP-EBGP and the inter-domain tunnel are established between the ASBR in the PAS and the PE in the DAS.
  • the route advertisement and VPN data forwarding of the inter-AS VPN are respectively performed, and the VPN route advertisement and data forwarding between the PEs in each autonomous domain respectively pass the IP protocol version (IPv4 or IPv6) based on the local autonomous domain.
  • IPv4 or IPv6 IP protocol version
  • FIG. 4 is a hybrid site hybrid backbone network according to a first preferred embodiment of the present invention.
  • the solid double arrow in Figure 4 indicates multi-hop MP-EBGP between the upper layer ASBR and the adjacent DAS domain PE; the dashed double arrow indicates MP-IBGP in the PAS or DAS domain, as shown in Figure 5 to Figure 7.
  • the backbone network is dual-domain. It includes: a backbone network that includes an IPv4 autonomous domain and an IPv6 autonomous domain, and a PE router at the edge of the backbone network: PE1 ⁇ PE4; P router inside the backbone network. (not shown in Figure 1); CE router at the edge of the customer network: CE1 CE8; and user sites connected to the PE through the CE; each user site contains one or more hosts with different addresses.
  • the IPv4 domain and the IPv6 domain are connected to each other through ASBR1 and ASBR2.
  • the system shown in Figure 4 contains two VPNs, VPNA and VPNB.
  • the VPNA includes IPv4 and IPv6 sites: IPv6 stations connected to CE1, IPv4 stations connected to CE4, IPv6 stations connected to CE5, and IPv4 stations connected to CE8.
  • the IPv4 site is included in the VPNB.
  • only the VPNA and the VPNB are used as an example.
  • the physical network may include only one IPv4 domain and one IPv6 domain.
  • the system may include more than four VPNs, and the backbone network may also include multiple domains.
  • the CE router and the corresponding PE router of the IPv4 site connected to the IPv4 backbone network support only the IPv4 protocol stack.
  • the CE and the corresponding PE of the IPv6 site connected to the IPv6 backbone network only support the IPv6 protocol stack and connect to the IPv4 backbone.
  • the CE of the IPv6 site of the network and the CE of the IPv4 site connected to the IPv6 backbone network and the PE device accessing these CEs all need to support the IPv4/IPv6 dual protocol stack.
  • the CE router that connects to the IPv4 site and connects to the IPv6 site also stores the IPv4 and IPv6 routes of other user sites in the VPN learned from the PE router, and performs routing matching when accessing other sites.
  • the following embodiment implements hybrid site mixing.
  • the method of the backbone network VPN is described in detail.
  • the user site addressing method of the VPN system of the embodiment shown in FIG. 4 will be described.
  • only the VPN user is considered to perform unicast communication, and the hosts in each site of the VPN are required to use a unicast address, that is, only one IPv4 address or one IPv6 address is used.
  • the Address Family Identifier (AFI) domain in the MP-BGP uses the value assigned by the RFC1700 to the IPv4 address family.
  • the mutual communication between the IPv6 sites and the mutual communication between the two IPv6 sites uses the IPv6 address.
  • the AFI domain in the MP-BGP can use the value 2 assigned by the RPC 1700 to the IPv6 address family. It should be noted that when an IPv4 site and an IPv6 site communicate with each other, the IPv4 address A.B.C.D in the IPv4 site is mapped to the corresponding IPv6 address in the form of 0::A:B:C:D.
  • the Subsequence Address Family Identifier (SAFI) field of the subsequent VPN address uses 128, which indicates the VPN-IPv4 address or the VPN-IPv6 address.
  • SAFI Subsequence Address Family Identifier
  • IPv4 sites in the VPN are allowed to continue to use private IPv4 addresses, and sites of different VPNs are allowed to use the same private. IPv4 address.
  • a VPN-IPV4 address with AFI of 1 is formed by using RD+ (IPv4 address), and AFI is 2 by using RD+ (IPv6 address) between IPv4 sites and IPv6 sites or between two IPv6 sites.
  • IPv4 address IPv4 address
  • IPv6 address IPv6 address
  • IPv4 address ABCD in the IPv4 site that communicates with the IPv6 site is mapped to the IPv6 address in the form of 0::A:B:C:D, and then combined with the RD to form the VPN-IPv6. address.
  • each MP-BGP speaker It can parse the corresponding IPv4/IPv6 routing entries according to AFI and support the simultaneous storage of IPv4/IPv6 routing tables. IPv4 routes and IPv6 routes can be stored in different routing tables respectively.
  • each CE router aggregates the addresses of the user sites to form corresponding routing entries. Then, routing learning and distribution processing of the VPN site, processing of label distribution, and processing of VPN data forwarding can be performed. These processes are described in detail below.
  • the method includes the following process:
  • the CE router advertises the aggregated route to the PE router connected to it.
  • the CE of the IPv6 site connected to the IPv4 backbone network and the CE of the IPv4 site connected to the IPv6 backbone network and the PE devices accessing the CEs all support the IPv4/IPv6 dual protocol stack. Therefore, PE can learn IPv4 or / and IPv6 routes issued by CE.
  • CE1 and CE2 advertise routes to PE1, CE3, and CE4 to advertise routes to PE2.
  • CE5 and CE6 advertise the route to PE3, CE7, and CE8 to advertise the route to process 2.
  • the egress PE adds a corresponding inner label to the route received from the CE.
  • the inner label is allocated by the PE to the site connected to the CE. It is used to distinguish between different sites, and the routes carrying the labels are advertised to the ingress PE or ASBR in the local domain through the MP-IBGP or advertised to the ASBR in the upper-layer autonomous domain to connect to the local domain through the Multi-hop MP-EBGP.
  • the PE routers in the DAS send IPv4 routes and IPv6 routes learned from the CE routers to other PE routers in the AS and ASBRs of the upper-layer autonomous system.
  • PAS is the upper layer
  • DAS is the next layer.
  • the PE router in the PAS sends IPv4 routes and IPv6 routes learned from the CE router. Bring to other PE routers and ABSRs within the autonomous system.
  • PE1 of the DAS advertises the route to PE2 of the autonomous system and its upper-layer autonomous system: ASBR2 of the PAS; PE2 of the DAS advertises the route to the PE1 of the autonomous system and the ASBR2 of the PAS.
  • PE3 in the PAS advertises routes to PE4 and ASBR2.
  • PE4 advertises routes to PE3 and ASBR2.
  • the PE router learns the IPv4 routes and IPv6 routes learned from the CE routers based on the VPN and routing IP versions plus RD, AFI, and SAFI to form RD, AFI, SAFI, Route Target, and IPv4/IPv6 routes. Unified form of routing information.
  • the PE router still uses the VRF to save routes of different VPNs.
  • the 'VRF separate IPv4 routes and IPv6 routes are saved for different AFIs of each VPN.
  • PE routers For PE routers to advertise routes to PE routers: Since other PE routers also support dual protocol stacks, other PE routers can receive IPv4 routes and IPv6 routes.
  • the PE router advertises the route to the ASBR in the local AS: When the PE is an IPv4 network, the IPv4-based PE4 and the ASBR of the local AS pass the IPv4-based fully-connected multi-protocol internal border gateway protocol. Multi-Protocol Internal BGP, MP-IBGP) or route reflectors are used to advertise routes to VPN user sites connected to PEs of the IPv4 network; when the autonomous system where the PE is located is an IPv6 network, the PE routers and protocols in the IPv6 network The ASBRs within the autonomous domain advertise the routes of the VPN sites connected to the PE routers of the IPv6 network through the IPv6-based fully-connected MP-IBGP or the applicable route reflector.
  • MP-IBGP MP-IBGP
  • IPv4 routes and IPv6 routes are only sent as transmitted data when MP-IBGP is used to advertise routes.
  • IPv4-based MP-IBGP or IPv6-based MP-IBGP is used. Only related to the version of the network is independent of the specific data, so no matter which data is transmitted, it is specifically IPv4 routing and
  • the PE router advertises the route to the ASBR of the upper-layer autonomous domain.
  • the PE router of the IPv4 network and the upper-layer ASBR advertise the PE connection with the IPv4 network through the IPv4-based Multi-hop MP-EBGP.
  • Routing of the VPN user site when the autonomous system of the PE is an IPv6 network, the VPN router connected to the PE router of the IPv6 network is advertised between the PE router and the upper-layer ASBR in the IPv6 network through the IPv6-based Multi-hop MP-EBGP. The route to the site.
  • the inter-domain route of the VPN to which the PE1 and the PE2 belong to the DAS in which the MP-EBGP PEER is established is reserved.
  • the inter-domain routes established by the ASBR2 with the PAS are also stored in the PE1 and the PE2.
  • Procedure 3 The ASBR in the upper-layer autonomous domain advertises the route learned from the local domain to the PE in the next-level autonomous domain, and advertises the route learned from the next-layer autonomous domain to the PE in the local domain.
  • the ASBR in the upper-layer autonomous domain can advertise routes to the PEs of the next-level autonomous domain based on the IP-based Multi-hop MP-EBGP of the next-layer autonomous domain.
  • the MP-IBGP based on the local IP version is applied to the local domain.
  • the PE issues routes.
  • the ASBR2 of the PAS in Figure 4 advertises the routes learned from PE4 and PE3 to PE1 and PE2 in the DAS.
  • the routes learned from PE1 and PE2 are advertised to PE3 and PE4.
  • Procedure 4 The PE routers in each autonomous domain advertise routes learned from other PE routers or / and ASBRs to the CE routers connected to them. The CE router saves after receiving IPv4 routing or / and IPv6 routes.
  • PE1 in the DAS advertises the routes received from ASBR2 of PE2 and PAS to CE1 and CE2.
  • the PE2 in the DAS advertises the routes received from ASBR2 of PE1 and PAS to CE3 and CE4.
  • the PE3 in the PAS advertises the routes received from PE4 and ASBR2 to CE5 and CE6.
  • PE4 in the PAS advertises the routes received from PE3 and ASBR2 to CE7 and CE8.
  • the corresponding IPv4 route and the IPv6 route are saved in the CE router in the IPv4 site of the VPN, and the CE router is used as a proxy (Proxy) when the VPN site accesses other sites.
  • the destination user site included in the access is an IPv4 user site or an IPv6 user site that matches IPv4 routes or IPv6 routes, respectively.
  • the CE router of the IPv6 user site in the VPN only saves the IPv6 route. Before the PE router accessing the IPv6 site advertises the routes of other IPv4 sites to the site, the IPv4 route ABCD/n needs to be converted to 0::A: B: C: D / (96 + n) IPv6 route.
  • the CE router and the PE router that need to access the IPv4 user site of the IPv6 VPN user site run IPv6-based routing protocols to learn IPv6 routes and IPv4 routes simultaneously, and route IPv4 in the VRF of the PE router.
  • ABCD/n is converted to 0::A:B:C:D/(96+n) IPv6 routes, which are advertised to the CE router through the IPv6 routing protocol, and restored to the ABCD/n IPv4 route in the CE router.
  • the IPv6 routes of other IPv6 user sites are still saved as IPv6 routes in the CE router.
  • the IPv4 route is matched when the IPv4 user site accesses the IPv4 site, and the IPv6 route is matched when the IPv6 site is accessed.
  • an IPv6 user site that needs to access an IPv4 VPN user site is also required to run an IPv6-based routing protocol between the CE router and the PE router to learn routes of other sites, and directly store the routes of other IPv4 user sites as 0::A:B:C:D/(96+n).
  • the form of IPv6 route is saved to the original IPv6 user site.
  • A.B.C.D/n mentioned above, A.B.C.D is the network segment address, and n is the mask.
  • the CE also routes the router to the user site, and is stored by the router of the user site.
  • the routing table of the user site if the user site connected by the CE does not include a router, in process five, the CE stores the routing table of the user site.
  • IPv4-based routing protocol needs to be run between the CE router and the PE router, and only the learning protocol is required. And save IPv4 routes of other IPv4 user sites, and discard them for IPv6 routes.
  • the PE router After receiving the VPN route, the PE router determines whether to learn and publish to the corresponding user site according to the MP-BGP route target extension community attribute.
  • BGP PEER BGP peer
  • the egress PE advertises a VPN route to its BGP peer (BGP PEER)
  • BGP PEER BGP peer
  • the inner layer label is allocated, and the BGP PEER receives the corresponding route.
  • the Import Route Target configured on the BGP PEER is matched. If the match is successful, the route is received and advertised to the corresponding VRF site. If the BGP PEER is an ASBR between the two ASs, the route needs to be advertised.
  • BGP PEER is an ASBR between the two ASs
  • PEER in the DAS domain and the MP-IBGP PEER in the PAS domain, these PEERs perform Route Target matching to determine whether to accept and publish these cross-domain VPN routes to the connected sites. This process is the same as the prior art and will not be described here.
  • processing of label distribution can be performed in the manner described below.
  • packets are forwarded in the backbone network based on the outer label.
  • the distribution of the outer label is the same as in the prior art, and includes label distribution in the autonomous domain and label distribution between the autonomous domains.
  • the outer label in the PAS domain and the DAS domain can be followed by the Label Distribution Protocol (LDP) or the Resource Reservation Protocol (RSVP)-Traffic Engineering (TE)/Constrained Routing
  • LDP Label Distribution Protocol
  • RSVP Resource Reservation Protocol
  • TE Resource Reservation Protocol
  • TE Resource Reservation Protocol
  • TE Resource Reservation Protocol
  • TE Resource Reservation Protocol
  • C-LDP Constraint-Routing Label Distribution Protocol
  • Each next-hop router in the autonomous domain distributes outer labels for its previous hop router, including label distribution between P routers, label distribution between P routers and PEs, and label distribution between PE routers and ASBRs.
  • the assignment of the outer labels of the two ASBRs between adjacent autonomous domains is allocated through the BGP protocol between the autonomous domains.
  • the present invention adopts label forwarding. Therefore, a tunnel is determined between the PE routers in each domain or between the PE routers and the ASBRs and between the ASBRs in the adjacent domains through the exchange relationship of the outer labels.
  • the data forwarding between the VPN sites connected to the PE routers in the domain is performed through the intra-domain tunnels.
  • the data forwarding between the VPN sites connected to the PE routers of different autonomous domains passes through the intra-domain tunnels of the ingress PE and the egress PE.
  • the ASBR between the two autonomous domains is completed by the inter-domain tunnel determined by the label allocated by MP-BGP.
  • the specific data forwarding process is also basically the same as the prior art, including the following types of forwarding: IP data forwarding between the source user site to the ingress PE router; the Ingress PE router to the Egress PE router. Label data forwarding between; Egress PE to IP data forwarding between destination user sites. The following are described separately.
  • the IP packet forwarding between PE routers follows the 'normal IP forwarding process.
  • the IPv4/IPv6 routing table is saved in the user site.
  • the destination user site can be IPv4 or IPv6.
  • the site queries the corresponding routing table and forwards the packet to the Ingress PE according to the corresponding routing table.
  • the access between the VPN sites in a single autonomous domain can be forwarded by using the intra-domain data forwarding mode in the prior art.
  • the outer label of the label distribution protocol (LDP/RSVP-TE/CR-LDP) in the autonomous domain of the ingress PE forwards the data packet to the Egress PE along the outer label of the LSR of the LSP.
  • the ingress PE After the access between the VPN sites in the different autonomous domains, the ingress PE adds the egress PE to the inner label of the site where the destination is located, and then adds the label distribution protocol (LDP RSVP) in the autonomous domain where the ingress PE resides.
  • LDP RSVP label distribution protocol
  • -TE/CR-LDP The outer label is allocated, and the data packet is forwarded along the outer label of the LSP according to the outer label to the local ASBR of the neighboring autonomous domain, and then according to the ASBR of the neighboring autonomous domain.
  • the outer label assigned by the MP-EBGP between the ASBRs is forwarded to the ASBR of the next neighboring autonomous domain, and then the LSP is forwarded to the egress PE along the LSP in the next neighboring autonomous domain.
  • the egress PE determines the destination user site by distinguishing the inner layer label after receiving the data packet containing the inner layer label, and follows the corresponding source user site and destination user site type.
  • the routing table is forwarded to the destination host. In this step, the IPv4 routing table is queried only when the source user site and the destination user site are both IPv4 sites. In other cases, the IPv6 routing table is queried.
  • the method in RFC 2547bis can still be used, that is, by matching Route Target is implemented. This is the same as the mechanism for routing and learning between the PEs mentioned above. That is, according to the topology relationship of the VPN, it is determined whether to learn the routing table, and the topology relationship of the VPN is implemented according to the routing table.
  • IPv4/IPv6 which are called Basic Hybrid Network (BHN).
  • IPv6 domains containing a large number of PE devices will be included.
  • the other autonomous domains are DAS.
  • the DAS in BHN is the first layer of DAS, and the DAS connected to it and not directly connected to the PAS is the Layer 2 DAS.
  • a VPN system with a hybrid site with three autonomous domains There are two cases for a VPN system with a hybrid site with three autonomous domains: The first one: A DAS is connected to a DAS in the BHN and is not directly connected to the PAS in the BHN. The second type: A DAS is connected to the PAS in the BHN and is not directly connected to the 'DAS in the BHN. The following description will be respectively made.
  • FIG. 5 is a schematic structural diagram of a VPN system of a hybrid site hybrid backbone network according to a second preferred embodiment of the present invention. This embodiment is the first case described above.
  • the backbone network includes three autonomous domains: two IPv4 autonomous domains and one IPv6 autonomous domain.
  • the IPv6 autonomous domain that has many PEs connected to the VPN site is set to PAS, and the other two IPv4 autonomous domains are set to DAS1 and DAS2.
  • PAS and DAS2 are included in the BHN, and DAS1 is only connected to DAS2 and not connected to PAS. That is to say, this embodiment is divided into three layers: the highest layer is PAS, the first layer is DAS2, and the second layer is DAS1.
  • the user site addressing method of the VPN system of this embodiment is exactly the same as that of the embodiment shown in FIG. 4, and the repeated description is not repeated here.
  • each CE router aggregates the addresses of the user sites to form corresponding routing entries. Then, it is possible to perform routing learning and processing of the VPN site, processing of label distribution, and processing of VPN data forwarding.
  • routing learning and publishing processing methods of the VPN site are described in detail.
  • the principle of routing learning and publishing of the VPN site is the same as that of the embodiment shown in FIG. 4, and the method includes the following processes:
  • Procedure 1 The CE router advertises the aggregated route to the PE router connected to it. For example, in Figure 5, CE1 and CE2 advertise the route to PE1, CE3, and CE4 to advertise the route to PE2.
  • CE5 advertises the route to PE3, CE6, and CE7 to advertise the route to PE4.
  • CE8 And CE9 issues the route to PE5.
  • the egress PE adds a corresponding inner label to the route received from the CE, where the inner label is allocated by the PE to the station connected to the CE, and is used to distinguish different sites, and route the labels. It is advertised to the ingress PE or ASBR in the local domain through MP-IBGP or advertised to the ASBR in the upper-layer autonomous domain through the Multi-hop MP-EBGP.
  • PE1 in DAS1 advertises the routes received from CE1 and CE2 to ASBR2 of PE2 and DAS2.
  • PE2 advertises the routes received from CE3 and CE4 to ASBR2 of PE1 and DAS2.
  • PE3 advertises the routes learned from CE5 to ASBR4 in ABSR2 and PAS.
  • ASBR2 advertises the routes learned from PE1 and PE2 to ASBR4 in PAS.
  • PE4 advertises the routes learned from CE6 and CE7 to PE5 and ASBR4.
  • PE5 advertises the routes learned from CE8 and CE9 to PE4 and ASBR4.
  • the inter-domain route of the VPN established with the PE1 and the PE2 in the DAS1 is stored.
  • the inter-domain routes established by the ASBR2' of the PAS are also stored in the PE1 and the PE2.
  • the ASBR4 in the PAS stores the inter-domain routes established between it and the ASBR4.
  • the PE3 and the ASBR2 store the inter-AS routes established with ASBR4.
  • the ASBR in the upper-layer autonomous domain advertises the route learned from the local domain to the PE in the lower-layer autonomous domain, and advertises the route learned from the lower-layer autonomous domain to the PE in the local domain.
  • DAS2 in Figure 5 is used as the upper-layer domain of DAS1.
  • the routes learned from PE3 and ASBR4 are advertised to PE1 and PE2.
  • the routes learned from PE1 and PE2 are advertised to PE3.
  • the PAS advertises the routes learned from PE4 and PE5 to PE3 and ABSR2.
  • the routes learned from PE3 and ABSR2 are advertised to PE5 and PE4.
  • PE routers in each autonomous domain will be from other PE routers or/and ASBs.
  • the learned route is published to the CE router connected to it.
  • the CE router saves after receiving IPv4 routes or / and IPv6 routes.
  • PE1 advertises the routes learned from PE2 and ASBR2 to CE1 and CE2.
  • PE2 advertises the routes learned from PE1 and ASBR2 to CE3 and CE4.
  • PE3 advertises the routes learned from ASBR2 and ASBR4 to PE3.
  • PE4 advertises the routes learned from PE5 and ASBR4 to CE6 and CE7.
  • PE5 advertises the routes learned from PE4 and ASBR4 to CE8 and CE9.
  • the processing of the label distribution and the processing of the VPN data forwarding in this embodiment are basically the same as those in the embodiment shown in FIG. 4, and those skilled in the art can refer to the process for processing, and the description is not repeated here.
  • Figure 6 is a schematic diagram showing the composition of a VPN system of a hybrid site hybrid backbone network according to a preferred embodiment of the present invention. This embodiment is the first case described above.
  • the backbone network includes three autonomous domains: two IPv4 autonomous domains and one IPv6 autonomous domain.
  • the IPv6 autonomous domain that has many PEs connected to the VPN site is set to PAS, and the other two IPv4 autonomous domains are set to DAS1 and DAS2.
  • PAS and DAS2 are included in the BHN, and DAS1 is connected to the PAS. That is to say, the embodiment is divided into two layers: The highest layer is PAS, DAS1 and DAS2 are the first layer DAS.
  • the user site addressing method of the VPN system of this embodiment is exactly the same as that of the embodiment shown in FIG. 4, and the repeated description is not repeated here.
  • each CE router aggregates the addresses of the user sites to form corresponding routing entries. Then, routing learning and distribution processing of the VPN site, processing of label distribution, and processing of VPN data forwarding can be performed.
  • Procedure 1 The CE router advertises the aggregated route to the PE router connected to it. This process is the same as the previous two embodiments and will not be repeated here.
  • the egress PE adds a corresponding inner label to the route received from the CE.
  • the inner label is allocated by the PE to the site connected to the CE, and is used to distinguish different sites, and the routes carrying the labels are passed.
  • the MP-IBGP is advertised to the ingress PE or the ASBR in the local domain or advertised to the ASBR in the upper-layer autonomous domain through the Multi-hop MP-EBGP.
  • PE1 in DAS1 advertises the routes received from CE1 and CE2 to ASBR2 of PE2 and DAS2.
  • PE2 advertises the routes received from CE3 and CE4 to ASBR2 of PE1 and DAS2.
  • PE4 in the PAS advertises the routes learned from CE7 to PE3, ASBR2, and ASBR3; ASBR2 and ASBR3.
  • PE5 advertises the routes learned from CE8 and CE9 to ASBR3.
  • the ASBR in the upper-layer autonomous domain advertises the route learned from the local domain to the PE in the lower-layer autonomous domain, and advertises the route learned from the lower-layer autonomous domain to the PE in the local domain.
  • ASBR2 advertises the routes learned from PE3, PE4, and ASBR3 to PE1 and PE2 in DAS1.
  • ASBR3 advertises the routes learned from PE3, PE4, and ASBR2 to PE5 in DAS2.
  • ASBR3 advertises the routes learned from PE5 to PE3, PE4, and ASBR2.
  • ASBR2 advertises routes learned from PE1 and PE2 to PE3, PE4, and ASBR3.
  • Process 4 The PE routers in each autonomous domain advertise routes learned from other PE routers or/and ASBRs to the CE routers connected to them.
  • the CE router saves after receiving IPv4 routes or / and IPv6 routes.
  • This process is basically the same as that shown in Figure 5 and will not be repeated here.
  • the illustrated embodiment is basically the same, and those skilled in the art can refer to the process for processing, and the description is not repeated here.
  • FIG. 7 is a schematic diagram showing the composition of a VPN system of a hybrid site hybrid backbone network according to a fourth preferred embodiment of the present invention.
  • This embodiment also includes two slave domains of DAS1 and DAS2, and the hierarchical relationship between DAS and PAS is the same as that of the embodiment shown in FIG. 6.
  • the difference between this embodiment and the embodiment shown in FIG. 6 is that in the PAS, the two ports of the ASBR2 are connected to the ASBR1 of the DAS1 and the ASBR4 of the DAS2, respectively.
  • PE2 in DAS1 and ASBR2 in PAS establish MP-EBGP connections through one port of ASBR2, and pass VPN routes to each other, and pass data to each other through the port;
  • PE5 in DAS2 and ASB 2 in PAS pass through ASBR2.
  • a port establishes an MP-EBGP connection, passes VPN routes to each other, and passes data to each other through the port.
  • the virtual private network system of the hybrid site hybrid backbone network of the present invention and the implementation method thereof can form a VPN when the user network and the backbone network transition from IPv4 to IPv6, so that the network transition period
  • the VPN solution has greater flexibility, reduces the complexity of network equipment upgrades, smoothes the transition from IPv4 to IPv6, and greatly improves the economics and feasibility of network upgrades.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

L'invention concerne un système VPN (réseautage priv?virtuelapos;un réseau fédérateur hybride ?site hybride et son procéd?dseoeuvre relatif ?la technologie VPN, permettant ?des sites basés sr différentes versions IP d'accéder les uns aux autret de déopper un service VPN par le réseau fédérateur selon diftes versioIP. Ce système peut résoudre le problème du service de réseau hyb pendant la période de transition. Le système Vd'un réseau fteur hybride ?site hybride et son procéd?dse en oeuvre permettentde diviser le domaine autonome du réseau édérateur multidomaine en réseau primaire et dépendant, de proe le trajet au moyen du MP-GP correspondant selon la version IP du domaine autonome propre parmi les domaines autonomes, et de produire le trajet au moyen de MP-EBGP ?sauts multiples entre les domaines autonomes adjacents. La liste d'acheminement double IPv4/IPv6 sur CE et PE est réalisée de manière synchrone, et le voi en tunnel des données VPNon leur marque de distribution e version IP est réalis?dans les dmaines autonomes. Ainsi, le VPNdu réseau fédérateur multidomaine te hybride peut être mis en re.
PCT/CN2005/000959 2004-06-30 2005-06-30 Systeme vpn de reseau federateur hybride a site hybride et son procede de mise en oeuvre WO2006002598A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200410069535.0 2004-06-30
CNB2004100695350A CN100364292C (zh) 2004-06-30 2004-06-30 混合站点混合骨干网的虚拟专用网系统及其实现方法

Publications (1)

Publication Number Publication Date
WO2006002598A1 true WO2006002598A1 (fr) 2006-01-12

Family

ID=35782472

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2005/000959 WO2006002598A1 (fr) 2004-06-30 2005-06-30 Systeme vpn de reseau federateur hybride a site hybride et son procede de mise en oeuvre

Country Status (2)

Country Link
CN (1) CN100364292C (fr)
WO (1) WO2006002598A1 (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018010519A1 (fr) * 2016-07-12 2018-01-18 华为技术有限公司 Procédé et appareil pour établir un tunnel de diffusion groupée
CN111865698A (zh) * 2020-07-30 2020-10-30 中国电子信息产业集团有限公司第六研究所 一种基于地理信息的自治域级互联网拓扑可视化方法
CN114285778A (zh) * 2021-11-23 2022-04-05 南瑞集团有限公司 一种电力调度数据网组网安全测试系统及测试方法

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100596107C (zh) * 2007-02-09 2010-03-24 华为技术有限公司 报文转发方法以及自治系统边界路由器
CN101360037B (zh) * 2007-08-03 2010-12-08 中国移动通信集团公司 数据业务网络系统及数据业务的访问方法
CN101159741B (zh) * 2007-11-05 2012-07-04 中兴通讯股份有限公司 用于vrrp装置接入vpn的pe装置和接入方法
CN101442468B (zh) * 2007-11-20 2011-06-01 华为技术有限公司 虚拟私有网络路由本地交叉处理的方法及装置
CN101499951B (zh) * 2008-02-01 2012-05-23 华为技术有限公司 隧道配置方法、虚拟接入节点、虚拟边缘节点以及系统
EP2494747B1 (fr) * 2009-10-30 2023-08-16 Transpacific IP Group Limited PROCÉDÉS ET DISPOSITIFS DE ROUTAGE DE PAQUETS DE DONNÉES ENTRE RÉSEAUX IPv4 ET IPv6
CN102457425A (zh) * 2010-10-25 2012-05-16 北京系统工程研究所 大规模虚拟网络拓扑生成方法
CN104378292B (zh) * 2013-08-15 2018-01-23 华为技术有限公司 一种转发mpls数据包的方法及装置
CN106713130B (zh) * 2015-11-13 2019-11-22 华为技术有限公司 一种路由表更新方法、evpn控制设备及evpn系统
CN111865786B (zh) * 2020-06-30 2022-07-12 北京华三通信技术有限公司 传播链路标记的方法及装置
CN113098750A (zh) * 2021-03-11 2021-07-09 网宿科技股份有限公司 一种站点互连方法、系统及中转设备
CN115941383B (zh) * 2022-11-28 2023-12-22 北京神经元网络技术有限公司 宽带现场总线多域交换系统网络域分配方法、装置和设备

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020181464A1 (en) * 2000-07-21 2002-12-05 Hitachi, Ltd. Multicast routing method and apparatus for routing multicast packet
JP2003198639A (ja) * 2001-12-27 2003-07-11 Kddi Corp 代理ネームサーバ、プロトコル変換装置およびインタフェース装置
CN1476206A (zh) * 2003-07-14 2004-02-18 中国科学院计算技术研究所 一种利用双重隧道机制穿透nat的方法

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020181464A1 (en) * 2000-07-21 2002-12-05 Hitachi, Ltd. Multicast routing method and apparatus for routing multicast packet
JP2003198639A (ja) * 2001-12-27 2003-07-11 Kddi Corp 代理ネームサーバ、プロトコル変換装置およびインタフェース装置
CN1476206A (zh) * 2003-07-14 2004-02-18 中国科学院计算技术研究所 一种利用双重隧道机制穿透nat的方法

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018010519A1 (fr) * 2016-07-12 2018-01-18 华为技术有限公司 Procédé et appareil pour établir un tunnel de diffusion groupée
CN111865698A (zh) * 2020-07-30 2020-10-30 中国电子信息产业集团有限公司第六研究所 一种基于地理信息的自治域级互联网拓扑可视化方法
CN111865698B (zh) * 2020-07-30 2023-10-17 中国电子信息产业集团有限公司第六研究所 一种基于地理信息的自治域级互联网拓扑可视化方法
CN114285778A (zh) * 2021-11-23 2022-04-05 南瑞集团有限公司 一种电力调度数据网组网安全测试系统及测试方法

Also Published As

Publication number Publication date
CN100364292C (zh) 2008-01-23
CN1716901A (zh) 2006-01-04

Similar Documents

Publication Publication Date Title
WO2006002598A1 (fr) Systeme vpn de reseau federateur hybride a site hybride et son procede de mise en oeuvre
ES2830182T3 (es) Controladores centrales de elementos de cálculo de rutas (PCECC) para servicios de red
CN111865898B (zh) 基于流规则协议的通信方法、设备和系统
JP5237391B2 (ja) リンク状態プロトコル制御型イーサネット・ネットワーク上でのvpnの実装
US6789121B2 (en) Method of providing a virtual private network service through a shared network, and provider edge device for such network
Gleeson et al. A framework for IP based virtual private networks
US9843507B2 (en) Enhanced hierarchical virtual private local area network service (VPLS) system and method for ethernet-tree (E-tree) services
US7266124B2 (en) Method for setting up QoS supported bi-directional tunnel and distributing L2VPN membership information for L2VPN using extended LDP
CN100372336C (zh) 多协议标签交换虚拟专用网及其控制和转发方法
US20070115913A1 (en) Method for implementing the virtual leased line
WO2005122490A1 (fr) Procede de mise eu place d'un reseau prive virtuel
EP1811728B2 (fr) Procédé, système et dispositif de gestion de trafic dans un réseau de commutation d'étiquette à protocoles multiples
WO2014194749A1 (fr) Procédé et appareil de traitement d'implémentation de vpn pour dispositif de bordure
WO2005101730A1 (fr) Systeme et procede permettant d'assurer une qualite de service dans un reseau virtuel prive
WO2006105718A1 (fr) Procede d'adaptation d'un mpls-vpn a un reseau hybride
WO2005112350A1 (fr) Procede de gestion de chemin dans un reseau prive virtuel utilisant le protocole ipv6
WO2008011818A1 (fr) Procédé de fourniture d'un service réseau local privé virtuel à hiérarchie et système réseau
WO2007112691A1 (fr) Système, procédé et dispositif réseau permettant à un client de réseau privé virtuel (vpn) d'accéder à un réseau public
WO2005125103A1 (fr) Systeme de reseau prive virtuel d'un site hybride et reseau de base hybride et procede de mise en oeuvre associe
WO2013139270A1 (fr) Procédé, dispositif et système pour implémenter un réseau privé virtuel en couche 3
WO2005114944A1 (fr) Procede de mise en place d'un reseau prive virtuel de sites ipv4 et ipv6
Wu et al. YANG data model for L3VPN service delivery
US9054896B2 (en) SVC-L2 VPNs: flexible on demand switched MPLS/IP layer-2 VPNs for ethernet SVC, ATM and frame relay
Wu et al. Research on the application of cross-domain VPN technology based on MPLS BGP
Gleeson et al. RFC2764: A framework for IP based virtual private networks

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

WWW Wipo information: withdrawn in national office

Country of ref document: DE

122 Ep: pct application non-entry in european phase