WO2006094440A1 - Procede et dispositif d’echange de reseau local virtuel - Google Patents

Procede et dispositif d’echange de reseau local virtuel Download PDF

Info

Publication number
WO2006094440A1
WO2006094440A1 PCT/CN2005/002067 CN2005002067W WO2006094440A1 WO 2006094440 A1 WO2006094440 A1 WO 2006094440A1 CN 2005002067 W CN2005002067 W CN 2005002067W WO 2006094440 A1 WO2006094440 A1 WO 2006094440A1
Authority
WO
WIPO (PCT)
Prior art keywords
vlan
vpn
information
switching
network
Prior art date
Application number
PCT/CN2005/002067
Other languages
English (en)
Chinese (zh)
Inventor
Yang Yu
Wei Wang
Haitao Zhang
Jianfeng Liu
Guoqiang Zhuang
Jianfeng Zhang
Kuncheng Peng
Shengwen Lu
Gang Cao
Xiao Li
Original Assignee
Hangzhou H3C Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from CNB2005100513520A external-priority patent/CN100428737C/zh
Priority claimed from CNB2005100564166A external-priority patent/CN100446503C/zh
Priority claimed from CNB200510056722XA external-priority patent/CN100413281C/zh
Priority claimed from CNB200510069487XA external-priority patent/CN100358322C/zh
Application filed by Hangzhou H3C Technologies Co., Ltd. filed Critical Hangzhou H3C Technologies Co., Ltd.
Publication of WO2006094440A1 publication Critical patent/WO2006094440A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • H04L12/4675Dynamic sharing of VLAN information amongst network nodes

Definitions

  • the present invention relates to the field of network communication technologies, and in particular, to a method for virtual LAN exchange and a network to device. Background technique
  • VLAN Virtual Local Area Network
  • a VLAN forms a logical subnet, that is, a logical broadcast domain, which can cover multiple network devices and allows network users in different geographical locations to join a logical subnet.
  • the division of VLANs can be based on different principles. There are three main types:
  • Port-based VLAN partitioning which divides several ports on one or more switches into one logical group.
  • the MAC address refers to the identifier of the network card.
  • the MAC address of each network card is unique and is fixed on the network card.
  • Route-based VLAN division The routing protocol works at the network layer.
  • the corresponding working devices are routers and routing switches (ie, Layer 3 switches). This approach allows one VLAN to span multiple switches, or one port to be in multiple VLANs.
  • VLANs Although the devices connected to the VLANs come from different network segments, they can communicate directly with each other as if they are in the same network segment. Because VLANs reverse-separate devices rather than physically into network segments, they provide flexible user/host management, bandwidth allocation, and resource optimization.
  • a LAN in the same physical form can be divided into multiple VLANs (Virtual Local Area Network). Each VLAN cannot be directly accessed and can only be accessed through a routing device. This improves network security and reliability.
  • VLANs Virtual Local Area Network
  • VPN Virtual Private Networks
  • Layer 2 VPN technologies include V-switch technology (VLAN switching technology, a technology that uses VLAN tag switching for forwarding) and QinQ technology (two-layer IEEE 802.1Q label encapsulation technology, that is, on a data packet.
  • V-switch technology VLAN switching technology, a technology that uses VLAN tag switching for forwarding
  • QinQ technology two-layer IEEE 802.1Q label encapsulation technology, that is, on a data packet.
  • Two-layer VLAN tag also known as 802.1 Q tunneling technology
  • MPLS Multi-Protocol Label Switch
  • V-switch technology is a simple VPN technology, the basic principle of its implementation.
  • the management is implemented by directly switching one or two layers of VLAN tags of an ingress Ethernet data frame to corresponding VLAN tags of the egress port.
  • the Layer 2 switching device exchanges one or two layers of VLAN tags belonging to a specific VPN carried by the data frames coming in from the ingress port into a new layer or two of another local area network belonging to the specific VPN.
  • Layer VLAN tags are then sent out from the output port, so that LANs with different VLAN tags in different regions form a large VPN network.
  • V-switch to implement VPN has the following disadvantages: (1) It can only implement point-to-point VPN; (2) It needs manual configuration to implement multi-hop traversal of operators, so that when multiple carriers need to cross If the device is configured, it needs to be configured on each device. After the configuration is completed at the carrier's network portal, it can be self-routing. (3) The VPN user service is not exchanged, that is, the VPN user is not used. MAC address learning and MAC address forwarding.
  • the 802.1Q standard addresses the problem of how large networks can be divided into smaller parts.
  • the 802.1Q-enabled switch ports can be configured to transport tagged or unlabeled frames.
  • a tag field containing VLAN information can be inserted into the Ethernet frame. If a port has an 802.1Q-capable device (such as another switch) connected, these tag frames can carry VLAN membership information between switches.
  • the tag control information field TCI includes a user priority (User Priority), a Canonical Format Indicator, and a VLAN ID.
  • QinQ Double Tag
  • QinQ technology (a technology that uses two layers of IEEE 802.1Q tags for encapsulation, which is a two-layer VLAN tag on a data packet, also known as 802.1Q tunneling technology) is another type of VPN technology that uses L2 layer technology.
  • the two-layer IEEE 802.1Q standard label encapsulation technology encapsulates a public network VLAN tag in addition to the private network VLAN tag, so that the private network VLAN can be transparently transmitted from the public network to other private networks that need to be connected. Because it does not require additional signaling support, it can implement a simple VPN function, and can form a large VPLS (Virtual Private LAN Service) in a local area network (LAN). So it is very simple and convenient.
  • VPLS Virtual Private LAN Service
  • VLAN planning is required for the entire VPLS when planning the network.
  • such a plan requires not only professionals to complete, but also greatly inconveniences the networking of the entire network, which may affect the development of the business; in addition, due to configuration changes, new errors may be introduced in the network. It is very difficult for users to accept.
  • the MPLS-based VPN technology is implemented using MPLS labels.
  • mainstream technologies for MPLS-based Layer 2 VPNs include point-to-point VPN (VLL, Virtual Leased Private Line) technology and point-to-multipoint VPN (VPLS, Virtual Private LAN Service) technology.
  • VLL Virtual Leased Private Line
  • VPLS Virtual Private LAN Service
  • MPLS-based VLL Virtual Leased Line
  • the data frame of the user service is transmitted in the normal Ethernet data frame of the CE (the consumer edge device).
  • the PE Provider Edge, Vendor Edge
  • the PE is based on the user VLAN information.
  • the destination MAC address is searched for the forwarding table, a double-layer MPLS label is obtained.
  • the destination MAC address and VLAN information of the next hop are obtained, and then encapsulated and sent from the corresponding sending port of the device to the peer end.
  • PE equipment Table 1 below shows the user's normal data frame, and Table 2 shows the MPLS data frame.
  • the PE device After the MPLS encapsulated data packet is sent to the peer PE device, the PE device removes the label of the two layers of MPLS, and obtains the final outgoing port information of the VPN user service on the device from the inner layer label of the two layers of the MPLS label.
  • the Layer 2 Ethernet data frame of the user VPN is sent out from the corresponding physical port intact.
  • MPLS-based VPN technology requires that the device must support MPLS labels, which puts higher requirements on the device.
  • MPLS labels require users to mark the same service within the same VPN.
  • the tags must be globally unified and cannot be different.
  • the location of the location (meaning different outlets of the device) and the VLAN value in the form of service flags are different, which in turn brings difficulties to the VPN network implementation.
  • the VPN logo and the internal service logo of the VPN are configured by the operator and the enterprise customer, Cannot be completed by one party.
  • the user VPN service from a CE access point of a VPN user is based on the Layer 2 destination MAC information of the service.
  • there are multiple destination CEs to choose from that is, each CE is connected to multiple CE points, and can communicate with hosts under multiple VPN users under multiple CE points.
  • Table 3 shows the normal data frames for the user and Table 4 shows the MPLS data frames.
  • the point-to-multipoint VPLS VPN is the same process as the point-to-point VLL VPN encapsulation. That is to say, at the source PE device, the incoming Layer 2 Ether is coming.
  • the network data frame encapsulates two layers of MPLS labels and sends them to the peer PE device.
  • the PE device strips the two layers of MPLS labels and obtains the destination physical port information from the corresponding physical port based on the information carried in the MPLS label.
  • the user's Layer 2 Ethernet information and VLAN information cannot be changed during the entire forwarding process because the information is the VPN user's information.
  • the provider or operator of the service should only be responsible for providing the communication channel of the Layer 2 connectivity, but not the user. Any information. This is the original intention and purpose of the MPLS Layer 2 VPN solution.
  • the Layer 2 VLAN information in some environments is added by the Layer 2 VPN service provider or the carrier itself.
  • the carrier either provides a physical port to the VPN user or the existing VLAN of the user.
  • Adding a layer of VLA information on top of the information In short, there are more and more common applications where operators can control one or two layers of VLAN information. In this case, all VLA information is still used. Treated and treated as information of VPN users, it will bring a lot of unreasonable and inconvenient VPN deployment in the application.
  • interworking between VLANs can only be achieved by configuring Layer 3 (Protocol Layer) routing.
  • Layer 3 Virtual Private Network
  • a Layer 3 VPN technology is usually adopted.
  • MPLS L3 VPN 3-layer VPN based on multi-protocol label switching
  • Equipment has higher performance, increasing equipment costs and maintenance costs.
  • This scheme is not limited by geography and network.
  • the backbone network is required to support MPLS. It is too complicated for the metropolitan area network with Ethernet networking; and the interoperability and flexibility of Layer 3 interworking is not as good as that of Layer 2 (link layer).
  • VLAN conversion technology which converts the incoming VLAN into another VLAN, which is mainly used for converting the public network VLAN ID and the private network VLAN ID.
  • the feature is to configure the VLAN ID conversion attribute on the ingress port. For example, on port 2, VLAN 2 is converted to VLAN 200, so when VLAN 2 reaches port 2, it is converted to VLAN 200.
  • This type of conversion requires that the converted VLAN ID must be the public network VLAN ID, which occupies the VLAN ID resource of the switch itself. It only supports the conversion of one VLAN ID. It does not support the conversion of multiple VLAN IDs.
  • the feature is to convert the VLAN ID. A VLAN ID of a private network can only be converted into a public network VLAN ID, which realizes one-to-one conversion and lacks flexibility. Summary of the invention
  • the technical problem to be solved by the present invention is to provide a method for multi-layer virtual local area network switching and a network device to overcome the disadvantages of low efficiency and complicated equipment in the prior art for implementing VLAN interworking, and flexible implementation of multi-point and multi-layer virtual local area networks. Automatic exchange between.
  • the present invention provides the following technical solution: a method for virtual local area network switching, including the steps:
  • the exchange related information includes a VPN ID, a VPN ID and an outgoing physical port, public network VLAN information, data frame identification information, a switching domain identifier, a switching domain identifier, and a destination MAC address.
  • the VPN ID or VLAN information is carried in an MPLS label.
  • the switching domain identifier is obtained according to a data frame query configuration table.
  • the present invention also provides a method for switching a virtual local area network, which is used to transparently transmit a VLAN of a private network from a public network to another private network that needs to be connected.
  • the public network includes at least one network device ingress port and one network device out. Port, including steps:
  • mapping described in step 21) specifically includes:
  • the user VLAN tag carried in the replacement data frame is a VPN ID.
  • the mapping in step 23) specifically includes: 41) a mapping table configured on an egress port of the network device, such that the VPN ID and the egress port number correspond to the VLAN tag used by the VPN user;
  • the egress port of the network device After receiving the data frame carrying the VPN ID, the egress port of the network device queries the mapping table.
  • the VPN ID carried in the replacement data frame is a user VLAN tag.
  • the VPN ID is a new one or two layer VLAN tag.
  • the present invention also provides a method for virtual local area network switching, which is based on an existing MPLS-based Layer 2 VPN wide area network, where the network includes at least one source PE (office) device and a pair of end PEs (office) ) equipment, including steps:
  • the source PE device After receiving the Layer 2 data frame with the VLAN information, the source PE device obtains the VPN ID by using the mapping relationship between the VLAN and the VPN; The forwarding of the destination MAC address is performed by using the ID of the VPN, and the information of the destination PE and the information of the MPLS two-layer label are encapsulated.
  • the peer PE device After receiving the encapsulated Layer 2 data frame, the peer PE device changes the encapsulated VLAN information and forwards the packet through the mapping relationship between the VPN ID and the VLAN.
  • the MPLS two-layer label is further encapsulated on the layer 2 data frame.
  • the VLAN information carried by the Layer 2 Ethernet data frame is original VLAN information or VPN ID information, according to a specific transmission environment.
  • the peer PE device before changing the encapsulated VLAN information, the peer PE device further needs to use the VPN ID and the destination MAC address information to find the forwarding destination physical port on the peer PE device; According to the physical port information, the mapping table of the VPN I to the VLAN under the physical port is obtained, and the VLAN information that needs to be encapsulated when the port is output is obtained, and is encapsulated and sent from the corresponding physical port.
  • the VLAN information carried by the encapsulated Layer 2 Ethernet data frame may be one layer or two layers.
  • the source PE device further learns the source MAC address by using the VPN ID, and learns the corresponding MAC address to the corresponding port of the VPN user under the source PE device.
  • the peer PE device further learns the corresponding source MAC address under the corresponding corresponding remote PE according to the VPN ID information and the source information of the MPLS label switching path.
  • the invention also provides a method for virtual local area network exchange, comprising the steps of:
  • VLAN switching path forwarding table configuring a VLAN switching path forwarding table on the VLAN switching device, where the VLAN switching path forwarding table includes VLAN information of all switching domains participating in the switching;
  • the step 163) specifically includes:
  • the step 163) is specifically:
  • the method further comprises: stripping the multi-layer VLAN tag of the input data packet.
  • the step 164) includes:
  • the encapsulated input data packets are respectively forwarded through the corresponding exit path.
  • the method further comprises the steps of:
  • the step 162) includes:
  • the multi-layer VLAN tag of the input data packet and the ingress port query the VLAN switching path table to obtain the corresponding switching domain identifier.
  • the VLAN switching path table is queried according to the multi-layer VLAN tag of the input data packet, and the corresponding switching domain identifier is obtained.
  • the step 162) further includes:
  • the VLAN tags in the VLAN switching path table are preferentially matched according to the label depth priority or in the configuration order.
  • the invention also provides a method for virtual local area network exchange, comprising the steps of:
  • the QinQ VLAN exchange table includes a public network VLAN ID, an outbound port number, a private network VLAN ID, and a switched private network VLAN ID information, or a public network VPN identifier, an outbound port number, a private network VLAN ID, and The VLAN ID of the new private network after the exchange, or the public network VLAN ID, the outbound port number, the MAC address, the user address, and the exchanged VLAN ID information.
  • the QinQ VLAN switch table is uniformly configured in the switching device, or the table is split into one table configured on each port.
  • the QinQ VLAN exchange table is queried by the stripped outer public network VLAN ID + the outbound port number + the private network VLAN ID, and a new private network VLAN ID is obtained.
  • the outer public network VLAN refers to the outermost public network VLAN.
  • the present invention also provides a network device, which is applied at the edge of an operator to provide services for VPN users, and includes:
  • a forwarding module configured to forward the data frame from the corresponding port according to the internal forwarding table
  • a storage unit configured to store a mapping relationship between the user information and the local user VLAN;
  • the conversion module acquires user information in the data frame of the operator network, and updates the current user VLAN information in the data frame according to the mapping relationship, so as to carry the local
  • the user VLAN information is sent to the forwarding module for processing; or the local user VLAN information in the data frame from the user is obtained, and the data frame is updated according to the mapping relationship to carry the user information, and then submitted to the forwarding module for processing.
  • the user information is included in an MPLS label of the data frame or included in a carrier VLAN tag of the data frame.
  • the VLAN carried by the user is double-layered.
  • the present invention also provides a virtual local area network switching method, which is applied to an edge device of an operator, and includes the following steps:
  • the VLAN is replaced with the VLAN of the user recorded on the device and then forwarded to the user.
  • the user information is in an operator VLAN or an MPLS label.
  • the beneficial effects of the present invention are as follows: Since the correspondence between the exchange information and the VLAN information is configured in the network device, the data frame is updated according to the corresponding relationship, thereby improving the VLAN interworking. Time efficiency, flexible implementation of automatic exchange between multi-point, multi-layer virtual LAN.
  • the method for configuring the mapping table on the ingress port and the egress port respectively can change the value of the user VLAN tag, so that the user service category inside a VPN is marked on different physical ports (corresponding to different physical locations).
  • Different representations and centralized configuration on only one device simplify network deployment.
  • the point-to-multipoint VPN method provided by the solution does not require the use of a switch with MPLS function, and can be applied to many current low-end and mid-range devices, thereby greatly reducing the cost of the network operator.
  • VPN ID can be represented by mapping two layers of VLAN tags in the Layer 2 data frame
  • 4K*4K VPNs can be implemented, which greatly expands the number of VPNs and improves the number of VPN users. support.
  • the carrier is added to the Layer 2 Ethernet.
  • the control of the VLAN information in the network data frame so that the type of VPN service required by the local party to be configured separately can be completed without the cooperation of the other party (user), thus making the deployment of the VPN more convenient and flexible.
  • the correspondence between the switching domain identifier and the multi-layer VLAN tag and the port is established, so that different paths in the same switching domain can implement Layer 2 interworking, and are exchanged.
  • a VLAN does not occupy the VLAN resources of the device itself. That is, the number of VLANs to be accessed is not limited by the 4094 VLAN resources of the VLAN switching device.
  • the VPN operation can be easily implemented, and the VPN configuration mode can be flexibly designated without the VLAN planning of the VPN in advance, so that the operator can perform VLAN division according to different regions according to its own plan, without the configuration text of the existing network. Any tampering, convenient VPN networking.
  • the table includes the VLAN information that is involved in the exchange in all switching domains: the switching domain identifier, the MAC address, the VLAN label, and possibly the port number.
  • MAC address learning through the multi-layer VLAN tag based on the ingress can not only learn the MAC address and port, but also learn the VLAN tag of the corresponding egress, so as to realize automatic exchange between multiple points and different layers of VLANs on the 2nd layer. Improve the connection efficiency between VLANs.
  • the QinQ VLAN switching table effectively solves the problem that the user networks with different VLAN IDs cannot communicate flexibly, and the VLANs of different regions can be configured to form a large VPN network through QinQ technology instead of You need to make any changes to the network configuration, and the private network in different areas can independently plan its own VLAN.
  • the planning is simple and the networking is flexible.
  • FIG. 1 is a schematic diagram of an internal hardware structure of a device embodying the present invention
  • Figure 2 is a schematic illustration of a typical environment to which the second embodiment of the method of the present invention is applied;
  • Figure 3 is a flow chart of a second embodiment of the method of the present invention.
  • FIG. 4 is a flowchart showing an implementation of a third embodiment of the method of the present invention.
  • FIG. 5 is a flow chart of querying and learning an exit path in a third embodiment of the method of the present invention.
  • FIG. 6 is a schematic diagram of VLAN networking
  • FIG. 7 is a flowchart of a process of receiving data forwarding in the VLAN network shown in FIG. 6.
  • FIG. 8 is a flowchart of a process of forwarding data in the VLAN network shown in FIG. 6.
  • FIG. 9 is a third embodiment of the present invention in a VPN network. Schematic diagram of the application. detailed description
  • the typical implementation steps include three steps of the operator network ingress port processing, the carrier network internal forwarding, and the operator network out port processing.
  • the carrier network here can be any network with Layer 2 VPN function.
  • the ingress port and the egress port of the network operator may be physical ports on different network devices in the same network, or different physical ports on the same network device in the same network, or even the same network device in the same network.
  • the network device here is usually a switch or router.
  • a table is added to complete the identification of the VPN user and the replacement of the VLAN tag.
  • the input to this table is the ingress port of the user VPN data frame and the one or two layers of VLAN tags it carries.
  • the output after the lookup table is another layer or two layers of VLAN tags used by the operator representing the VPN logo. It should be noted that the table may be manually configured or implemented by other methods as long as the above logical mapping function can be implemented.
  • the VLAN tag of the replaced Layer 2 data frame is one layer, then 4096 VPNs are supported; if the replaced VLAN tag is two layers, then 4K*4K VPNs are supported.
  • Table 5 is an example of the operator ingress port mapping table.
  • the replaced one or two layers of VLAN tags represent VPN VPN I must be unified in the carrier's internal network.
  • the VPN ID referred to here is a logical concept. For example, in Table 5, enter physical port 1.
  • the user's dual VLAN tag is mapped to the VPN ID 301, 302, 301+302 to form the VPN ID, 4 " ⁇ VPN1, it can be known that the dual VLAN tag of the physical port 3 is also mapped to 301+.
  • VPN1 of 302 so in Table 5, the users represented by physical ports 1 and 3 belong to the same VPN user.
  • the VLAN tag before the replacement is configured according to the specific ingress port, and the VLAN tag of multiple different ports is mapped to the same VPN ID.
  • the self-learning forwarding is performed according to the converted VLAN tag, and is forwarded to the egress of the carrier network. This process is no different from the internal forwarding process of the Layer 2 VPN provided by the common carrier. No longer.
  • a table is added to complete the conversion of the VPN logo used by the operator and the VLAN tag used by the user.
  • the input to this table is one or two layers of VLAN tags representing the VPN ID flag, and the output is the user's representation of the VPN port label (one or two layers) at the output port.
  • Table 6 is an example of an operator outgoing port mapping table. : Input . , Output ', : : : ' Out port VPN flag VPN flag User VLAN1 : : User VLA 2
  • This table of output directions is also configured according to the specific outgoing port. That is to say, the same VPN ID, the translated two-layer user VLAN tags can be the same on different physical output ports, and of course can be different.
  • the technical solution provided by the present invention can support a data frame with one or two layers of VLAN tags, if the label of the carrier network entry port is replaced by only one layer, and then only according to the layer label.
  • MAC address learning and forwarding then only support 4096 VPNs, which is currently supported by all chips on the market.
  • the label after the replacement of the ingress port table has two layers, and then the MAC address learning and forwarding are performed according to the two layers of labels, then 4096*4096 VPNs can be supported, which is for the device connected to the carrier network and the user network.
  • the forwarding chip function puts forward higher requirements. This is a general network data switching device, especially a switch with a commercial L2/L3 forwarding chip.
  • the present invention provides an apparatus dedicated to the implementation of the method provided by the present invention.
  • the internal structure of the device for implementing the method for providing a point-to-multipoint layer 2 VPN using the dual VLAN tag of the present invention will be described in detail below with reference to the accompanying drawings.
  • the current commercial L2/L3 layer switch forwarding chip supports VLAN-based forwarding.
  • the present invention adds a conversion module in front of the forwarding chip (which may be referred to as a forwarding module), thereby realizing the forwarding of user data frames with dual VLAN tags.
  • the conversion module here can be implemented by hardware or software.
  • the present invention provides a network device (not shown) having a forwarding module, a conversion module, and a storage module.
  • the forwarding module is configured to forward the data frame from the corresponding port according to the internal forwarding table;
  • the storage unit stores the mapping relationship between the user information and the local user VLAN;
  • the conversion module acquires the user information from the carrier network data frame, and according to the foregoing
  • the mapping relationship updates the current user VLAN information in the data frame to carry the local user VLAN information, and then sends the information to the forwarding module; or obtains the local user VLAN information in the data frame from the user, and updates the data according to the mapping relationship.
  • the frame is carried to carry the user information and then handed over to the forwarding module for processing.
  • the specific functions implemented by the conversion module are described as follows: In the direction of each physical port of the switch, according to the mapping table of the two-layer VLAN tag configured by the CPU to the one-layer (or two-layer) VLAN tag, it is mapped to the representative. The new VLAN of the Layer 2 VPN ID is then recalculated and handed over to the subsequent commercial ASIC for subsequent forwarding. At each GE (Gigabit Ethernet) exit, the new VLAN tag representing the Layer 2 VPN ID is used. According to the mapping table configured by the CPU on each port, two layers of labels are regenerated, and then the CRC is recalculated and issued.
  • the FPGA Field program gate array in the conversion module does a simple job (mapping and CRC) at a lower cost. And the table is configured on each physical port, so the FPGA can only perform the in/out conversion of the dual VLAN tag VPN port as needed, instead of having to be implemented on all ports.
  • the method and device provided by the first embodiment of the present invention can enhance the functions provided by the existing Layer 2 VPN network at a lower cost, in particular, can handle the Layer 2 with dual VLAN tags.
  • Ethernet data frames can implement 4K*4K VPNs, and the network configuration method is more flexible and simple.
  • the core idea is to configure a mapping relationship between the VLAN and the VPN ID in the source device and the peer device, and the VPN ID is used as an intermediary.
  • the VLAN ID information of the source and the peer can be different, so that the deployment of the VPN network by the operator is more flexible and convenient.
  • the networking application environment provided by the second embodiment of the present invention is the same as the traditional VPN network based on the existing MPLS, but the VPN network deployment is more flexible and convenient.
  • Figure 2 shows that enterprise users A and B connect to their respective three branch office LANs through the VPLS service.
  • a VLAN placed under a port of a device in a certain equipment room of user A is placed in another VLAN.
  • a VLAN under a port of a device in a computer room (the values of the two VLANs are different) belong to the same VPN user and need to communicate with their Layer 2 services.
  • the communication between the equipment room and the equipment room needs to pass through the operator's MPLS network, and the networking application supports a multi-point to multi-point application mode, that is, one VPN user may have multiple service access points, from each The service data frames coming in by the service access point may be interconnected with more than two destination access points.
  • the VPN user's Layer 2 data frame format coming in from the source PE device is as follows: Table 7 shows the format of the Layer 2 data frame of the VPN user at the egress of the peer PE.
  • Table 8 shows the format of the Layer 2 data frame with two VLAN tags as shown in Table 9 and Table 10. .
  • Table 9 shows the format of the Layer 2 data frame of the VPN user that the PE device enters.
  • Table 10 shows the format of the Layer 2 data frame of the VPN user at the egress of the destination PE.
  • the Layer 2 data frame format of the VPN user at the egress of the PE device enters the original Layer 2 data frame of the MPLS-based Layer 2 VPN network service provider. Depending on the packet transmission mode, it may have a VLAN tag. It may also be with two layers of VLAN tags or no VLAN tags. In the case of a VLAN tag, the Ethernet switch automatically adds a default VLAN information to the incoming Layer 2 data frame based on the incoming physical port information. Therefore, the original Layer 2 data frame without VLAN information is described later. Both are considered according to a layer of VLAN tags.
  • the complete technical solution of the second embodiment of the present invention includes a layer of VLAN tag and two (multi) layer VLAN tags.
  • the following takes the case of a layer of VLAN tags as an example.
  • VLAN 1 of source PE1 that is, user A branch LAN 1 (or VLAN 1 below a physical port) corresponds to VPN user A
  • VLAN 2 below destination PE2 is user A branch LAN 2 ( Or on a physical port
  • the following VLAN 2) also corresponds to VPN user A
  • the VLAN 3 under the destination PE4 that is, user A branch LAN 3 (or VLAN 3 below a physical port) also corresponds to VPN user A, within the entire carrier network, from three Different VLANs of different PEs form the VPN ID1 of user A. All the nodes in the VPN are based on the Layer 2 communication of the Layer 2 Ethernet data frames, and the Layer 2 MAC address can be automatically learned and aged, just like the ordinary two.
  • Layer data forwarding is the same. That is to say, the MAC address of each node is learned under the corresponding physical port in the form of VPN ID1 joining port.
  • VPN ID1 is replaced with the corresponding physical port.
  • the VPN user A is in the process of interworking between VLAN 1 and PE3.
  • the process of forwarding is as follows:
  • the PE1 device After receiving the Layer 2 data frame with VLAN1, the PE1 device uses the mapping table of VLAN1 to VPN ID1 to obtain the VPN IDL.
  • PE information and information about the MPLS two-layer label.
  • the VLAN information data bits in the Layer 2 Ethernet data frame can be one layer, two layers, or none, because the specific hardware environment in the network is different. Therefore, the corresponding encapsulation process may be The following package changes: a.
  • the encapsulated Layer 2 data frame carries the original VLAN1 information.
  • the encapsulated Layer 2 data frame carries the information of VPN ID1.
  • VLAN1 or VPN ID1 information that is, the original VLAN location or an empty VLAN value (all zeros), or no VLAN information at all, that is, the format is not encapsulated with VLAN information.
  • VPN ID1 Use VPN ID1 to learn the source MAC address, and learn the MAC address to the corresponding port of the VPN user under the corresponding PE.
  • the VPN ID1 information needs to be obtained from the MPLS label.
  • mapping table with the VLAN obtains the VLAN information to be encapsulated when the port is output, and is encapsulated and sent from the corresponding physical port.
  • the MAC address of the destination port is learned under the corresponding remote PE, that is, the PE that sends the Ethernet data frame connected to the source PE1 device.
  • the MPLS label of the Layer 2 data frame of the VPN user with the two layers of MPLS label encapsulation through the carrier network already carries the VLAN and the VPN ID.
  • Information so the information carried in the corresponding VLAN information data bits in the Layer 2 data frame can be very flexible.
  • the original VLAN information may be carried, or may not be carried, or the VPN ID information may be used. Therefore, the specific processing situation and means are A variety of, the following are considered in several cases o
  • VPN ID information is already carried in the MPLS label, this information may not be carried in the VLAN information. Whether it is carried, sometimes associated with the specific implementation of the hardware forwarding ASIC. Because some hardware forwarding ASIC chips are handled smoothly without VLAN information, if the Layer 2 data frame does not carry VLAN information internally, at this time, the peer chip processing action is relatively simple, only a new layer of VLAN tag needs to be inserted. That's it.
  • the information carried can be more. Because the user VPN ID information is carried in the MPLS label at this time, other information can be carried in the VLAN. For example, if there are multiple VLANs under one CE, MPLS carries the VPN ID information, and the location of the VLAN label can carry different VLAN information under the CE.
  • the VLAN information can be provided through the carrier network to provide a VPN user with multiple VLAN application requirements, and the multiple VLANs have different representations at different CE points.
  • the peer PE obtains the VPN ID information from the MPLS label to further obtain the local VLAN information
  • the specific implementation manner may be various, for example, the peer PE device.
  • the VPN ID information or VLAN information may be carried in other parts of the Layer 2 Ethernet data frame, and the information may be used to implement local VLAN information. It is to be understood that these modifications and applications are intended to be included within the scope of the appended claims.
  • the VLAN information of multiple points may be different, and the principle of Layer 2 forwarding is that multiple MAC addresses need to be interoperable in one VLAN.
  • the VLAN information that has passed through the MPLS network preferably represents the VPN ID, rather than the localized VLAN information of each point, because this will cause the MAC address learning problem at the destination point. If the past is localized information, then the device itself can handle this situation, for example, processing the localized VLAN information and learning and forwarding the Layer 2 VPN.
  • both VLAN tags are only localized. That is to say, only a specific fixed value is available on one access point, and at the other access point, the two layers of labels marking the VPN user or user service need to be replaced with the values of the other two VLAN tags.
  • the second embodiment of the present invention is added to the source PE device.
  • the mapping between the VLAN and the VPN ID is performed, and the mapping relationship is resolved in the peer PE device.
  • the control of the VLAN information in the Layer 2 Ethernet data frame is implemented by the carrier.
  • the implementation can be performed by one party (the party).
  • the type of VPN service required for configuration can be completed without the cooperation of the other party (user), thus making the deployment of the VPN easier and more flexible.
  • the core of the third embodiment of the present invention is to establish a VLAN switching path table, in which the VLAN information involved in the switching in all switching domains is included in the table: a switching domain identifier, a MAC address, a VLAN label, and possibly a port number, thereby establishing Corresponding relationship between the switching domain identifier and the multi-layer VLAN tag and the port; after receiving the input data packet, querying the VLAN switching path table according to the multi-layer VLAN tag of the data packet to obtain the corresponding switching domain identifier; The destination MAC address of the input packet selects the egress path of the input packet and the corresponding VLAN tag; strips the multi-layer VLAN tag of the input packet, encapsulates it by the selected VLAN tag, and forwards the encapsulated input through the egress path. Packets, which enable Layer 2 interconnection of multiple VLANs, for example, one VLAN and multiple VLANs (one VLAN, two VLANs, three VLANs, etc.), and the exchange between
  • step 101 configuring a virtual local area network VLAN switching path table, where the VLAN switching path table includes VLAN information involved in switching in all switching domains: Domain ID, VLAN tag, and corresponding port information.
  • VLAN switching path table includes VLAN information involved in switching in all switching domains: Domain ID, VLAN tag, and corresponding port information.
  • the support of the outer VLAN is not limited by the 4094, each port You can independently support 4094 outer VLANs.
  • the outer VLAN of the multi-layer VLAN occupies the VLAN configured by the VLAN switching device
  • the outer VLAN can only support a maximum of 4094.
  • the VLAN switching path table only needs to contain the VLAN information to be exchanged. All the paths in the switching domain to which the VLAN belongs can be easily found by the mapping between the VLAN tag and the port configured on the switch.
  • the so-called switched domain refers to the range of VLAN switching. Different VLANs in the same switching domain can be exchanged without any restrictions on the VLAN characteristics of the ingress and egress ports.
  • the multi-layer virtual local area network is a private network or a public network.
  • VLAN switch path table configured is as follows:
  • the VLAN information of the exchange domain IDs 2 and 3 is exchanged.
  • the VLAN tag and the Layer 2 VLAN tag (the number of VLANs are the same as the number of VLAN layers to be supported) and the port number. Composition.
  • the value of each VLAN is 1 - 4094. 0 indicates that the VLAN of the layer can be arbitrarily matched.
  • the configuration information of the switching domain with the exchange domain ID 2 is as follows:
  • the first configuration information indicates that the first layer VLAN of port 1 is VLAN 7, and the second layer VLAN is any VLAN.
  • the second configuration information indicates that the first layer VLAN of port 2 is VLAN 100, and the second layer VLAN is VLAN 2.
  • the third configuration information indicates that the first layer VLAN of port 3 is VLAN 10 and the second layer VLAN is VLAN 5.
  • the configuration information of the switching domain with the exchange domain ID 3 is as follows:
  • the fourth configuration information indicates that the first layer VLAN of port 3 is VLAN 10, and the second layer VLAN is any VLAN.
  • the path information of the input packet and the associated switching domain can be known from the table. If the outer VLAN of the multi-layer VLAN participating in the exchange belongs to the switching device itself
  • a VLAN can be configured to exchange all the ports included in the VLAN by querying the VLAN configuration table of the switch.
  • the port and VLAN tag information can be combined to automatically generate the switch.
  • the exchange path under the domain can be configured to exchange all the ports included in the VLAN by querying the VLAN configuration table of the switch.
  • Step 102 Extract the multi-layer VLAN tag corresponding to the configured number of switching path support layers from the input data packet.
  • the configured switching path can support several layers of VLAN tags, and the maximum number of VLAN tags of the packet can be taken.
  • step 103 Query the VLAN switching path table to obtain the corresponding switching domain identifier.
  • the mapping between the multi-layer label and the port needs to be configured in the VLAN switching path table.
  • the multi-layer VLAN tag of the packet and the inbound port query VLAN switching path table can obtain the corresponding switching domain identifier.
  • the outer VLAN of the multi-layer VLAN occupies the VLAN to which the VLAN switching device belongs, only the VLAN switching path table is needed. This includes the information about the switching domain ID and the VLAN tag. Therefore, you only need to query the VLAN switching path table based on the multi-layer VLAN tag of the input data packet to obtain the corresponding switching domain identifier.
  • the VLAN switching device After receiving the input data packet, the VLAN switching device knows which port the data packet comes from, and queries the VLAN switching path table according to the port number and the multi-layer VLAN tag obtained, and matches the VLAN tag in the VLAN switching path table to obtain a corresponding exchange. Domain ID, which gives you which switching domain this VLAN belongs to.
  • the VLAN tag hits can be matched in depth-first or in the order of configuration priority when matching VLAN tags.
  • the so-called depth-first principle refers to a VLAN tag with a high priority and a high priority.
  • the data packet received from port 3 is a two-layer VLAN tag data packet of VLAN 10/VLAN 5
  • the third record and the fourth record in the above Table 11 are all in compliance, but the accuracy of the third record is higher than that of the fourth record. Record, so select the exchange domain ID in the record to be 2. At this time, you need to strip off the two layers of VLAN tags.
  • the data packet received by port 3 is a VLAN 10/VLAN 6 VLAN tag packet, you can only hit the fourth record VLAN 10/VLAN 0. In this case, the switch domain ID is 3, and only the outer VLAN 10 of the hit is stripped. label.
  • the principle of configuration order priority refers to matching according to the configuration order in the VLAN switching path table. Who configures first and who matches first.
  • Step 104 Select an exit path of the input packet according to the switching domain identifier and the destination MAC address of the input packet.
  • Step 105 Forward the input data packet by selecting an egress path.
  • the VLAN tag of each layer corresponding to the egress path needs to be obtained.
  • the inbound VLAN tag hit in step 103 is stripped off, and then, according to The obtained outbound VLAN tag encapsulates the data packet and encapsulates it before forwarding.
  • the Layer 2 switching is based on the MAC address of the network node to forward data.
  • an address forwarding table needs to be established.
  • the correspondence between the MAC address and the port is indicated in the address forwarding table.
  • the present invention also needs to establish a forwarding table to indicate the forwarding relationship of VLAN data packets, which port to switch to, and what kind of VLAN to exchange.
  • the forwarding table established by the present invention includes the following information: a switching domain ID, a MAC address, a VLAN tag, and a port number.
  • the table is built based on the source MAC address and the multi-layer VLAN tag in the input packet. Therefore, the required egress path information cannot be obtained when the table is accessed for the first time.
  • FIG. 5 shows the flow of querying and learning the egress path in the method of the present invention.
  • step 201 querying the forwarding table with the switching domain identifier and the destination MAC address;
  • step 202 determining whether the corresponding egress path is queried;
  • step 203 obtain the exit path and the corresponding VLAN tag
  • step 204 Obtain all the egress paths and corresponding VLAN tags except the ingress path corresponding to the switching domain identifier according to the VLAN switching path table.
  • Step 205 The source MAC address of the input data packet and the multi-layer VLAN tag are learned into the forwarding table. In this way, the returned data packet can directly find the egress port corresponding to the source MAC address from the forwarding table.
  • Table 12 the forwarding table obtained after learning is shown in Table 12 below: Table 12:
  • the input packet is forwarded as follows:
  • the input data packet is encapsulated according to the VLAN tag corresponding to the egress path, and if the egress corresponds to the multi-layer VLAN tag, multiple layers are sequentially added to the data packet;
  • the encapsulated input packet is sent out from the port of the egress path.
  • the input packet needs to be broadcasted to the possible egress path, that is, to be broadcast to the port corresponding to all paths within the range of VLAN switching.
  • the data broadcast to different ports must be encapsulated according to their corresponding VLAN tags before they can be forwarded.
  • the specific forwarding process is as follows:
  • the encapsulated input data packets are respectively forwarded through the corresponding exit path.
  • the above process of stripping the multi-layer VLAN tag of the input data packet may also be performed after the input data packet is acquired.
  • the terminal device determines whether the data packet is sent to the device according to the destination MAC address of the received data packet. If the destination MAC address is the same as the MAC address of the local device, it is processed according to the normal process. If it is not the same, the packet is discarded.
  • the multi-layer VLAN is further explained below with reference to the forwarding path in the forwarding table shown in Table 12. Exchange process.
  • FIG. 6 shows the networking of VLAN switching domain 2.
  • VLAN switching domain 2 consists of VLAN 7 under port 1, VLAN 100/VLAN 2 under port 2, and VLAN 10/VLAN 5 under port 3. These three independent networks form a large Layer 2 network through multi-layer VLAN switching. .
  • step 401 A layer of VLAN 7 (only one layer of VLAN tags) is obtained from the incoming packet.
  • Step 402 Query the VLAN switching path table by using VLAN 7 and port number 1, and obtain the switching domain ID 2. Description is the packet to be VLAN-switched, stripping the VLAN7 label in the packet.
  • Step 403 Query the forwarding table by using the exchange domain ID and the destination MAC address of the data packet.
  • Step 404 Determine whether the result is queried.
  • step 405 the corresponding VLAN tag in the query result is encapsulated and sent to the port corresponding to the query result.
  • step 406 Query the VLAN switching path table according to the switching domain ID to obtain the switching domain ID. All paths VLAN7/1, VLAN100/VLAN2/2, VLAN10 VLAN5/3 three paths, because VLAN7/1 is the input path of the packet, so only two copies of data need to be copied, ie step 407: Copy the packet by the number of paths.
  • step 405 encapsulating the corresponding VLAN tag in the query result and sending it to the port corresponding to the query result.
  • VLAN100/VLAN2/2, VLAN10/VLAN5/3 put one of the data on the two layers of VLAN tags 100 and 2, and then send it out from port 2; the other is labeled with two layers of VLAN tags 10 and 5. Then send it out from port 3.
  • both A2 and A3 devices can receive data, but only the MAC address of A2 matches the destination MAC address of the packet, A2 receives the data, and A3 discards the data.
  • step 408 learn the ingress VLAN 7 and the source MAC address into the forwarding table.
  • the exchanged packets can be forwarded directly to port 1 according to the forwarding table. This step can also be completed after step 401.
  • step 501 get two layers of VLAN tags from the packet.
  • Step 502 Query the VLAN switching path table by using VLAN 100/VLAN 2 and port number 2, and obtain the switching domain ID 2. Description is the packet to be VLAN-switched, and the VLAN100/VLAN2 label in the packet is stripped.
  • Step 503 Query the forwarding table by using the switching domain ID and the destination MAC address of the data packet. Since the address of A1 has been learned through step 408 in the process shown in FIG. 4, it can be queried that the egress path of the data packet is VLAN 7/1.
  • Step 504 Encapsulate the VLAN ID in the query result and send it to the port in the query result.
  • VLAN switching domain ID of the data packet, the incoming VLAN tag VLAN 100/VLAN 2 in port number 2, and the source MAC address are learned into the forwarding table, that is, step 505: learning the ingress VLAN 100/VLAN 2 and the source MAC address to the forwarding table. in.
  • This step can also be completed after step 501.
  • the path can be exchanged through the VLAN.
  • the table directly finds the egress path of the input packet and the corresponding VLAN tag. After receiving the data packet, the multi-layer VLAN tag corresponding to the configured switching path support layer is removed from the input data packet, and the configured switching path can support several layers of VLAN tags, and the maximum number of outer VLAN tags of the data packet is taken.
  • the VLAN switching path table is queried to obtain the corresponding switching domain identifier; according to the switching domain identifier, only two switching paths in the switching domain are obtained, and the multi-layer VLAN tag and the input port number are taken out from the input data packet. If the VLAN information in the VLAN switching path table is matched, the ingress path of the data packet is obtained, and the other path in the switching domain is the egress path of the data packet. It can be seen that the learning process of forwarding by destination MAC address and source MAC address is omitted in this way. It not only saves forwarding table resources, but also greatly improves the forwarding performance of VLAN switching devices.
  • VLAN switching path table can be organized in a variety of ways, and will not be enumerated here.
  • VLAN switching paths of the two switching domains with different switching paths are configured separately. For example, only the path information of the two switching path tables passes through a VLAN switching path relationship correspondence table. In the table, each ingress path uniquely corresponds to one. Exit path.
  • the above example describes the exchange process between the VLANs with the two VLAN tags. The process of the exchange between the two VLANs is similar to the above, and is not described here.
  • the operator can divide VLANs into different areas according to their own plans.
  • the bottom layer consists of access switching devices. After adding two VLAN tags, they can access VLAN switching devices, which can support 4094 X 4094 VLANs.
  • the company For the company, it has two branches. The first branch is located in the area A, the port of the VLAN switching device accessing the upper layer is P1, and the VLA assigned to the user by the access switching device is VLAN 5, and the second branch is located in the area B.
  • the port of the VLAN switching device connected to the upper layer is P2, and the VLAN assigned to the user by the access switching device is VLAN 10. If you need to configure the two branches of VLAN 5 of Region A and VLAN 10 of Region B to provide a VPN network to the enterprise, you only need to configure a switching domain on the VLAN switching device and join the switching paths VLAN1/VLAN5/P1 and VLAN2. /VLAN10/P2 can be.
  • Table 13 See, without changing the network configuration shown in Figure 9, and configuring according to Table 13, you can realize the interworking between the first branch and the second branch, which facilitates the configuration and maintenance of the VPN network and network.
  • the QinQ technology enables the private network VLAN to be transparently transmitted through the public network.
  • the private network of the same VLAN is connected to the access switch of the public network through the access switch of the user.
  • Have the same VLAN ID) can form a large VPN network, we call it VPNA
  • VLAN 2 users in different regions can also form another big one.
  • VPN network we call it VPN B.
  • the devices in VPN A can implement Layer 2 interworking.
  • the devices in VPN B can also implement Layer 2 interworking.
  • the devices of VPN A and VPN B cannot communicate with each other at the second layer.
  • the network with the same VLAN ID can communicate with each other at Layer 2. Therefore, VLAN planning is required for the entire VPLS when planning the network.
  • VLANs of the local areas need to be uniformly planned. If a VPN network is to be formed, the VLANs in different areas need to be configured with the same VLAN ID, which is limited when networking. For example, the marketing department of the same company located in A and B needs to be interconnected, but because the two networks are independent networking, the VLAN ID planning is also independent. We have a marketing department VLAN ID X, B. The VLAN ID of the marketing department. If you want to form a VPN for the marketing department of the two places, you must modify the VLAN ID of the A or B market. Such modifications not only require professionals to complete, but also affect the use of the network, affecting the development of the business, and new errors may be introduced due to configuration changes, which is difficult for users to receive.
  • the invention adopts a method for realizing virtual exchange with different VLAN IDs by using QinQ technology on the device, so that user networks with different VLAN ID identifiers can also form a VPN network.
  • the user can implement a VLAN with any VLAN ID to form a large VPN network without any modification to the network, and implement Layer 2 interworking between VLANs with different VLAN IDs.
  • the VLAN switch table consists of the public network VLAN ID, the egress port number, the private network VLAN ID, and the switched private VLAN ID.
  • the public network VLAN ID + egress port number + private network VLAN ID form the key of the table.
  • the QinQ packet arrives at the terminal port of QinQ, the outer VLAN tag of QinQ is stripped, and the original private network VLAN packet is obtained. At the same time, the VLAN ID of the private network is obtained. Network VLAN ID + outgoing port + private network The VLAN ID is used to query the QinQ VLAN exchange table to obtain a new private network VLAN ID.
  • VLAN 10 and VLAN 12 of Area A are interconnected with VLAN 5 and VLAN 6 of Area B through QinQ.
  • the user wants VLAN 10 of A to communicate with VLAN 5 of B at the link layer, and VLAN 12 of A and VLAN 6 of B communicate at the link layer.
  • A's network is connected to port 10 of public network switch and B is connected to port 1.
  • the specific implementation scheme of the VLAN 12 of the area A and the VLAN 6 of the area B constitutes a large VLAN is as follows:
  • the data is configured as shown in Table 15.
  • the packet of VLAN 6 is encapsulated in QinQ on port 1.
  • the outer VLAN ID is 8.
  • the corresponding packet format is shown in Table 16 (2).
  • the QinQ VLAN exchange table is searched according to the public network VLAN ID 8 + outgoing port number 10 + private network VLAN ID 6 to obtain the new private network VLAN ID number is VLAN 12, then VLAN 6 is based on QinQ VLAN.
  • the switch table is switched to VLAN 12.
  • the corresponding packet format is shown in Table 17 (2).
  • the new private network VLAN ID 12 packet is sent out of port 10, so that two private networks: VLAN 12 and B of A.
  • VLAN 6 implements Layer 2 mutual access and forms a large VLAN. Layer 2 mutual access between VLAN 10 and VLAN 5 can also be completed based on the same principle.
  • VLAN 12 packet strips the outer label VLAN 8 and exchanges the new VLAN ID 6.
  • VLAN 6 packet strips the outer label VLAN 8 and exchanges the new VLAN ID 12.
  • the above is only one embodiment of the fourth embodiment of the present invention.
  • the present invention can uniformly configure the QinQ VLAN switch table in the switching device, or split the table into a table for each port configuration, so that the QinQ VLAN is configured. There is no port number in the contents of the exchange table, and the implementation and technical effects are the same.
  • the keyword "public network VLAN ID" of the QinQ VLAN exchange table in the fourth embodiment of the present invention can be completely replaced by the "VPN identifier".
  • the new private network VLAN ID is defined by configuring the keyword "VPN ID + egress port number + private network VLAN ID”. The implementation scheme and technical effect are the same.
  • the port described in the fourth embodiment of the present invention refers to a logical port, which may be a physically existing port or a virtual port.
  • the above method for realizing virtual switching by using QinQ technology can be implemented by software or by hardware logic circuit.
  • the fourth embodiment of the present invention is applicable not only to the case of two layers of IEEE 802.1Q tags, but also to the case of encapsulating multiple layers of IEEE 802.1Q tags.
  • the outer public network VLANs described in the present invention are both Refers to the outermost public network VLAN.
  • the fourth embodiment of the present invention solves the problem that the network with different VLAN identifiers is difficult to implement interworking at the second layer. Compared with the prior art, the fourth embodiment of the present invention has the following advantages: 1. A VLAN network capable of implementing different identifications forms a large VPN network through QinQ technology, and the user does not need to make any changes to the network configuration;
  • Private networks in different regions can independently plan their own VLAN IDs, and plan the bills and network flexibility.
  • the method for virtual local area network switching of the present invention includes the steps of:
  • the exchange information includes the VPN ID, the VPN ID and the physical port, the public network VLAN information, the data frame identification information, the switching domain identifier, the switching domain identifier, and the destination MAC address, and the like according to actual conditions and requirements.
  • Another virtual local area network switching method applied to an edge device of an operator includes the following steps:
  • the data frame is received from the carrier network, and the current user VLAN included in the data frame is replaced with the VLAN of the user recorded on the device, and then forwarded to the user.
  • the user information is in an operator VLAN or an MPLS label.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

L’invention concerne un procédé d’échange de réseau local virtuel qui comprend les étapes suivantes: réception de la trame de données, obtention de l’information relative à l’échange conformément à la trame de données, recherche des relations correspondantes entre l’information relative à l’échange et l’information VLAN configurée dans le dispositif de réseau pour obtenir la nouvelle information VLAN, et mise à jour de la trame de données conformément à la nouvelle information VLAN ; transfert de la trame de données mise à jour. Dans cette invention, l’information relative à l’échange comprend un VPNID, un VPNID et des ports physiques de sortie, l’information VLAN de réseau public, l’information d’identification de la trame de données et l’identification du champ d’échange, l’identification du champ d’échange et l’adresse MAC de destination. L’invention concerne aussi les dispositifs de réseau correspondant.
PCT/CN2005/002067 2005-03-08 2005-12-01 Procede et dispositif d’echange de reseau local virtuel WO2006094440A1 (fr)

Applications Claiming Priority (8)

Application Number Priority Date Filing Date Title
CNB2005100513520A CN100428737C (zh) 2005-03-08 2005-03-08 一种简化vpn网络布署的方法
CN200510051352.0 2005-03-08
CNB2005100564166A CN100446503C (zh) 2005-03-22 2005-03-22 一种增强型vpn网络优化的方法及设备
CN200510056416.6 2005-03-22
CN200510056722.X 2005-03-24
CNB200510056722XA CN100413281C (zh) 2005-03-24 2005-03-24 一种利用QinQ技术实现虚拟交换的方法
CNB200510069487XA CN100358322C (zh) 2005-04-08 2005-04-30 多层虚拟局域网交换的方法
CN200510069487.X 2005-04-30

Publications (1)

Publication Number Publication Date
WO2006094440A1 true WO2006094440A1 (fr) 2006-09-14

Family

ID=36952940

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2005/002067 WO2006094440A1 (fr) 2005-03-08 2005-12-01 Procede et dispositif d’echange de reseau local virtuel

Country Status (1)

Country Link
WO (1) WO2006094440A1 (fr)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102647325A (zh) * 2012-03-23 2012-08-22 杭州华三通信技术有限公司 一种实现QinQ终结的方法和装置
CN105915518A (zh) * 2016-04-15 2016-08-31 中国航空工业集团公司洛阳电光设备研究所 一种以太网数据帧实时解析方法及装置
US10866089B2 (en) 2015-04-24 2020-12-15 Faro Technologies, Inc. Two-camera triangulation scanner with detachable coupling mechanism
CN114039811A (zh) * 2021-10-18 2022-02-11 南京邮电大学 局域网内快速通信方法

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1356806A (zh) * 2001-12-31 2002-07-03 刘军民 实现局域网虚通道传送的数据转发方法
US20020101870A1 (en) * 2001-01-30 2002-08-01 Chase Christopher J. Technique for ethernet access to packet-based services
WO2004023838A2 (fr) * 2002-09-09 2004-03-18 Nortel Networks Limited Reseaux prives virtuels svc-l2: reseaux prives virtuels flexibles de couche 2 a commutation mpls/ip sur demande pour svc ethernet, atm et relais de trame
CN1507230A (zh) * 2002-12-10 2004-06-23 ��Ϊ�������޹�˾ 一种多协议标签交换虚拟专用网的实现方法

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020101870A1 (en) * 2001-01-30 2002-08-01 Chase Christopher J. Technique for ethernet access to packet-based services
CN1356806A (zh) * 2001-12-31 2002-07-03 刘军民 实现局域网虚通道传送的数据转发方法
WO2004023838A2 (fr) * 2002-09-09 2004-03-18 Nortel Networks Limited Reseaux prives virtuels svc-l2: reseaux prives virtuels flexibles de couche 2 a commutation mpls/ip sur demande pour svc ethernet, atm et relais de trame
CN1507230A (zh) * 2002-12-10 2004-06-23 ��Ϊ�������޹�˾ 一种多协议标签交换虚拟专用网的实现方法

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102647325A (zh) * 2012-03-23 2012-08-22 杭州华三通信技术有限公司 一种实现QinQ终结的方法和装置
CN102647325B (zh) * 2012-03-23 2014-11-26 杭州华三通信技术有限公司 一种实现QinQ终结的方法和装置
US10866089B2 (en) 2015-04-24 2020-12-15 Faro Technologies, Inc. Two-camera triangulation scanner with detachable coupling mechanism
CN105915518A (zh) * 2016-04-15 2016-08-31 中国航空工业集团公司洛阳电光设备研究所 一种以太网数据帧实时解析方法及装置
CN105915518B (zh) * 2016-04-15 2019-03-29 中国航空工业集团公司洛阳电光设备研究所 一种以太网数据帧实时解析方法及装置
CN114039811A (zh) * 2021-10-18 2022-02-11 南京邮电大学 局域网内快速通信方法
CN114039811B (zh) * 2021-10-18 2023-07-25 南京邮电大学 局域网内快速通信方法

Similar Documents

Publication Publication Date Title
US8867555B2 (en) Method and system for transparent LAN services in a packet network
US8228928B2 (en) System and method for providing support for multipoint L2VPN services in devices without local bridging
US7881314B2 (en) Network device providing access to both layer 2 and layer 3 services on a single physical interface
US8194656B2 (en) Metro ethernet network with scaled broadcast and service instance domains
CN100442772C (zh) 一种桥接转发方法
US7339929B2 (en) Virtual private LAN service using a multicast protocol
US9806906B2 (en) Flooding packets on a per-virtual-network basis
US9166929B1 (en) Performing scalable L2 wholesale services in computer networks using customer VLAN-based forwarding and filtering
EP2541841B1 (fr) Procédé d'envoi de trames ethernet dans service d'arbre ethernet et dispositif côté fournisseur
WO2022100554A1 (fr) Procédé d'acheminement de message bier, dispositif et système
JP2005341583A (ja) 仮想プライベートネットワーク、マルチサービスプロビジョニングプラットフォーム及び方法
CN102413060B (zh) Vpls网络中用户专线通信方法及设备
JP2005341591A (ja) 仮想プライベートネットワーク、マルチサービスプロビジョニングプラットフォーム及び方法
US7924880B2 (en) Method and system for establishing hierarchical network with provider backbone bridges
WO2008019630A1 (fr) Procédé, réseau et dispositif nodal pour la retransmission de données dans un réseau à double couche
WO2008011818A1 (fr) Procédé de fourniture d'un service réseau local privé virtuel à hiérarchie et système réseau
CN100358322C (zh) 多层虚拟局域网交换的方法
WO2011054263A1 (fr) Procédé et système d'accès pour des réseaux privés virtuels (vpn) de niveau 3
WO2020098611A1 (fr) Procédé et appareil pour acquérir des informations de routage
US20140321472A1 (en) Method for implementing e-tree service and provider edge device
WO2005125103A1 (fr) Systeme de reseau prive virtuel d'un site hybride et reseau de base hybride et procede de mise en oeuvre associe
WO2006094440A1 (fr) Procede et dispositif d’echange de reseau local virtuel
WO2007104201A1 (fr) Procédé d'acheminement de messages dans un tunnel de services
Wu et al. Research on the application of cross-domain VPN technology based on MPLS BGP
EP3487130A1 (fr) Procédé, routeur et support d'enregistrement permettant d'éviter l'engorgement du trafic du à un apprentissage mac asymétrique et d'obtenir une convergence prévisible de redondance pbb-evpn active-active

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

NENP Non-entry into the national phase

Ref country code: RU

WWW Wipo information: withdrawn in national office

Country of ref document: RU

122 Ep: pct application non-entry in european phase

Ref document number: 05814003

Country of ref document: EP

Kind code of ref document: A1

WWW Wipo information: withdrawn in national office

Ref document number: 5814003

Country of ref document: EP