WO2007019757A1 - A communication system and method based on forwarding and control element separation - Google Patents

A communication system and method based on forwarding and control element separation Download PDF

Info

Publication number
WO2007019757A1
WO2007019757A1 PCT/CN2006/001137 CN2006001137W WO2007019757A1 WO 2007019757 A1 WO2007019757 A1 WO 2007019757A1 CN 2006001137 W CN2006001137 W CN 2006001137W WO 2007019757 A1 WO2007019757 A1 WO 2007019757A1
Authority
WO
WIPO (PCT)
Prior art keywords
control unit
protocol
forwarding
forces
control
Prior art date
Application number
PCT/CN2006/001137
Other languages
French (fr)
Chinese (zh)
Inventor
Shaowei Liu
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Publication of WO2007019757A1 publication Critical patent/WO2007019757A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/54Store-and-forward switching systems 
    • H04L12/56Packet switching systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/08Protocols for interworking; Protocol conversion

Definitions

  • the present invention relates to the field of network communication technologies, and in particular, to a communication system and a communication method based on a forwarding control separation protocol.
  • an IP network element (NE: Network Element) is composed of a plurality of logically isolated entities that cooperate to provide a function (such as routing or IP switching) as a whole.
  • the network unit mainly includes two types: a control plane component and a forwarding plane component, and isolation between the control plane component and the forwarding plane component is required.
  • the ForCES Forward Control Separation protocol was introduced to standardize the exchange of information between the control and forwarding planes, that is, to standardize the exchange of information between the isolated control units and the forwarding units.
  • ForCES will enable the control and forwarding planes to quickly gain technological advancement while remaining interoperable. It also makes the scalability of the device very easy, and the forwarding and control capabilities can be flexibly added to an NE without the need for large-scale hardware software upgrades as they are now, resulting in business impact.
  • FIG. 1 shows the structure of a board-level physical isolation router.
  • the router has two control boards and multiple forwarding boards, all connected to the switching network backplane.
  • the control board is CE (control unit)
  • the router board is FE (forwarding unit)
  • the switching network backplane provides physical connection of all boards.
  • Control board A can be the primary CE
  • control board B is the backup CE to provide redundant backup capabilities.
  • the goal of the ForCES protocol is to exchange information between CEs and FEs using standard protocols.
  • the control board from the manufacturer X and the forwarding board from the manufacturer Y it is possible to seamlessly connect the two in one rack.
  • FIG. 3 is a schematic structural view of E.
  • main components of the NE frame include: CE, FE, and internal interconnection protocols.
  • the CE is responsible for operations such as signaling, protocol processing, and management protocol applications.
  • the control plane indicates the packet forwarding behavior of the forwarding plane based on the information generated by the processing. For example, the control plane can implement control of an FE by operating an operation forwarding table, port status, adding or removing a NAT (Network Address Translation) connection.
  • NAT Network Address Translation
  • FEs can be generic or private, such as NAT, firewall, encapsulation, etc.
  • an NE consists of a CE and two FEs. Two FEs and one CE require minimal configuration as a pre-configuration, which can be done separately by the FE manager and the CE manager.
  • the ForCES architecture defines the components of the ForCES NE, including several subsidiary components. These components can be connected through different topologies for flexible packet processing.
  • Figure 4 shows the structure of the ForCES frame. As shown in Figure 4, the figure includes:
  • Fc CE Manager and CE interface
  • Ff FE Manager and FE interface
  • Fi/f FE eve interface
  • Figure 4 includes two components: the control component CE and the forwarding component FE.
  • the ForCES framework allows the NE to contain multiple instances of CE and FE. Each FE contains one or more physical interfaces, and the physical interface is used to pack the hand outside of E. These FE interfaces are aggregated into an external interface. In addition to the external interface, there must be some kinds of interconnections within the NE, so that CE and FE can communicate with each other, and FE can forward packets to another FE. Also shown in Figure 4 are two entities outside of ForCES NE: CE Manager (CE Manager) and FE Manager (FE Manager). These two additional entities provide a configuration corresponding to CE or FE during the pre-combination phase.
  • CE Manager CE Manager
  • FE Manager FE Manager
  • FIG. 5 is a schematic diagram of a router structure in the existing ForCES framework. As shown in FIG. 5, n FEs are connected together through a switching network to form a data plane, and the control plane is composed of two chipsets of the control board. Cheng: One is the CPU for routing calculation and signaling, one is a dedicated ASIC chip for device management.
  • the device management is responsible for controlling the switching of the switching network and the control board (in the case of backup), and the environmental alarms of the device (such as excessive temperature, excessive humidity, abnormal voltage, stable voltage on the FE, etc.), restart of the board, and code issue.
  • Load instructions and other functions Since these functions are relatively fixed and simple, they are implemented in an ASIC.
  • CE may also be very simple. It is a dedicated ASIC chip. For such a chip, support a complex protocol such as ForCES. It is very difficult, therefore, how to adapt this special CE to the ForCES architecture is a problem that needs to be solved.
  • FIG. 6 shows the structure of the system including CE and FE in the ForCES architecture.
  • CE3 is a previously existing chassis that can perform certain CE functions, such as a specific protocol. In the newly formed NE node, the system integrator hopes to use it. The CE3 as a separate chassis cannot support the ForCES protocol. Even if CE3 can be modified, for some mature network operating systems, if the CE is modified to support the ForCES protocol, the amount of modification required is large, and the previous system has its own proprietary communication method, which is very mature. And stable, therefore, such modifications can pose significant risks.
  • the present invention provides a system and a communication method based on a forwarding control separation protocol, which solves the problem that the CE of the cartridge and the past CE cannot support the ForCES protocol, and provides a feasible technical solution for the transition of the network device to the ForCES.
  • the communication system based on the forwarding control separation protocol provided by the present invention comprises: a control unit (CE) and a forwarding unit (FE) based on the ForCES protocol;
  • the control unit proxy device is configured to perform protocol conversion processing on the message exchanged between the control unit based on the private protocol and the forwarding unit based on the forwarding control separation protocol.
  • the control unit based on the private protocol also communicates with the control unit based on the forwarding control separation protocol in the system by the control unit proxy device.
  • the mixture of the control unit proxy device and the physical control unit constitutes a logical control unit entity, and one control unit agent can proxy at least one physical CE.
  • the control unit proxy device is a CPU, a dedicated component supporting the ForCES protocol, or a general control unit supporting the ForCES protocol.
  • the communication method based on the forwarding control separation protocol includes: (1) the control unit proxy device receives the message sent by the control unit based on the private protocol, and converts the message into a message based on the ForCES protocol, and sends the message to the ForCES.
  • Protocol system
  • the control unit proxy device receives the message sent by the ForCES protocol system and converts the message into a proprietary protocol based message to the control unit based on the private protocol.
  • the method further includes: the control unit proxy device securely authenticates the private protocol based control unit to which it is connected, and only allows access by the authenticated private protocol based control unit.
  • the method further includes: the control unit proxy device simultaneously proxies a plurality of agents
  • the control unit proxy device determines, according to the received message from the forwarding control separation protocol system, the control unit that receives the message based on the private protocol, and sends the protocol-converted message to the corresponding private-based control unit.
  • the control unit of the protocol implements the correct splitting of the message.
  • the method further includes: performing, by the control unit proxy device, a configuration management of the private protocol-based control unit connected to the control unit proxy device by the control unit manager in the forwarding control separation protocol system.
  • the method further includes the control unit proxy device determining, by communication with the control unit manager in the forwarding control separation protocol system, the associated network element, and the forwarding unit in communication therewith, in the pre-combination phase.
  • a control unit proxy device provided by the present invention includes:
  • Forwarding control separation protocol module used for interaction with a forwarding unit based on a forwarding control separation protocol
  • Proxy control unit private protocol module for private use with the proxy control unit There is a protocol for message interaction;
  • the protocol conversion module is connected between the private control protocol module of the proxy control unit and the separation control protocol module, and is used for performing conversion processing between the private protocol and the forwarding control separation protocol, and implementing the private protocol module and forwarding by the proxy control unit. Controls message interaction between separate protocol modules.
  • the device further includes:
  • the function control module a destination control unit for identifying the received traffic flow based on the forwarding control separation protocol, and controlling to send the service flow to the corresponding controlled control unit.
  • the device further includes:
  • Communication module between control units for performing interaction with messages based on the forwarding control separation protocol with other control units based on the forwarding control separation protocol in the system;
  • Control unit manager communication module used to interact with the control unit manager in the system to implement configuration management operations on the agent's control unit;
  • Backup/load sharing module Used to cooperate with the backup and load sharing processing function entities in the forwarding control separation protocol system to implement corresponding backup and/or load sharing processing.
  • the device is built into the control unit based on the forwarding control separation protocol in the system or is independently installed in the system.
  • the device is disposed in a different chassis than the controlled control unit.
  • the apparatus also includes a security processing module for performing a validity check on the accessed proxy control unit and allowing only the proxyed control unit that passes the validity check to interact with the device.
  • the CE that does not support the ForCES protocol implements the ForCES protocol-based information exchange with the FE through the CE proxy supporting the Foi'CES protocol. Therefore, the implementation of the present invention is effective. Solved some simple CE can not support The problem of holding the ForCES protocol; at the same time, it also solves the problem that the past CE can not join the Foi'CES, providing a feasible technical solution for the transition of the device to ForCES.
  • Figure 1 is a schematic structural diagram of a board-level physical isolation router
  • Figure 2 is a schematic diagram of the CE and FE of the chassis-level physical isolation
  • Figure 3 is a schematic structural view of the NE
  • Figure 4 is a schematic diagram of the structure of the ForCES framework
  • FIG. 5 is a schematic structural diagram of a router in an existing ForCES framework
  • Figure 6 is a schematic diagram of the system structure of the ForCES architecture including CE and FE;
  • FIG. 7 is a schematic structural diagram of a first embodiment of a ForCES communication system according to the present invention.
  • FIG. 8 is a schematic structural diagram of a second embodiment of a ForCES communication system according to the present invention
  • FIG. 9 is a schematic structural diagram of a third embodiment of a ForCES communication system according to the present invention
  • FIG. 10 is a schematic structural diagram of a CE proxy device provided by the present invention.
  • the core of the present invention is to propose a CE Proxy.
  • CE agent is a useful complement to the ForCES framework. That is to say, the purpose of the present invention is to adopt a case where the physical CE cannot directly apply the ForCES protocol, for example, due to the lack of a general-purpose CPU, or the old CE is expected to be used as a CE in the new ForCES architecture.
  • a CE proxy is used to terminate the control point of the Fp (interface between the CE and the FE), so that the physical communication between the CE and the FE that cannot support the ForCES protocol is performed based on the ForCES protocol.
  • the FE can communicate with the physical CE (ie, the proxyed CE) through a CE agent based on the ForCES protocol, and the physical CE of the proxy still uses its own proprietary protocol (ie, private communication mode) to pass the CE proxy with the CE proxy.
  • the private communication method includes: non-ForCES protocol or DMA (direct memory access) communication mode, or other private methods existing by the original CE. That is, the application of the present invention does not require any modification to the original physical CE.
  • a mixture of a CE proxy and a physical CE constitutes a logical CE entity.
  • a CE proxy may also proxy multiple physical CEs at the same time.
  • the CE proxy may be a CPU and a support for the ForCES protocol.
  • a dedicated component or it can be a general CE that supports the ForCES protocol.
  • FIG. 7 is a schematic structural diagram of a first embodiment of a ForCES communication system according to the present invention
  • FIG. 8 is a schematic structural view of a second embodiment of a ForCES communication system according to the present invention
  • FIG. 9 is a schematic structural diagram of a third embodiment of a ForCES communication system according to the present invention.
  • the ForCES-based protocol system of the present invention includes: a control unit (CE) and a forwarding unit (FE) based on the Foi'CES protocol, and further includes a control unit proxy device (CE proxy) through which the control unit based on the private protocol proxy The device is in communication with the forwarding unit, and the control unit proxy device is configured to perform protocol conversion processing on a message exchanged between the control unit based on the private protocol and the forwarding unit based on the ForCES protocol; in addition, the control based on the ForCES protocol The unit also establishes communication with the control unit based on the ForCES protocol in the system through the control unit proxy device.
  • CE proxy control unit proxy device
  • the ForCES protocol can be translated into a private format that can be received by a CE that does not support the ForCES protocol.
  • the CE agent has the function of connecting to the CE Manager.
  • the CE Manager determines whether or not to join the NE.
  • the CE proxy and other CEs must have the communication functions specified by the ForCES architecture.
  • the specific communication protocol conforms to the future ForCES architecture. Currently, it can be an extension of many existing protocols, such as protocols established over TCP/IP.
  • the CE proxy must conform to the ForCES architecture and protocol requirements, be able to identify the FE model, and be able to obtain FE topology information through the FE manager, CE manager, or internal topology discovery.
  • the CE agent needs to know the function of the actual physical CE that it is acting on, and can start or not start the function of the CE agent according to the requirements of CE Manager.
  • the security mechanism can be all existing authentication and authorization protocol mechanisms, and needs to be determined according to the degree of CE support for the proxy. If the CE proxy itself has some CE functions, such as a CE that supports ForCES, as shown in Figure 9, the CE proxy can also be set in an existing common CE, such as CE2. At this time, CE2 It can be used as a proxy for CE3, CE4, and CE5. That is, CE3, CE4, and CE5 can communicate with each FE through a proprietary protocol through CE2. CE2 needs to be able to distinguish its own functions from the functions of the CEs it is acting on. It needs to pass the received packets and control messages to the subsequent CEs. It needs to be processed by itself and must be guaranteed. Processing proceeds in the correct order.
  • CE2 needs to be able to distinguish its own functions from the functions of the CEs it is acting on. It needs to pass the received packets and control messages to the subsequent CEs. It needs to be processed by itself and must be guaranteed. Processing proceeds in the correct order.
  • the invention also provides a communication method based on a forwarding control separation protocol.
  • the method can connect a control unit based on a private protocol to a communication system of the ForCES protocol, and the method includes:
  • the control unit CE proxy device receives the message sent by the control unit based on the private protocol, and converts it into a message based on the ForCES protocol, and sends the message to the ForCES protocol system;
  • Control unit receives the message sent by the ForCES protocol system and converts it to a private protocol based message to the control unit based on the private protocol.
  • the CE proxy device can convert the ForCES protocol message into a private format message that the CE based on the private protocol can receive and pass it to the ForCES protocol system, and vice versa.
  • control unit proxy In order to ensure the legitimacy of the proxyed CE of the access control unit proxy device, the control unit proxy also needs to perform secure authentication on the private protocol-based control unit (ie, the proxyed CE) connected thereto, and only allows the authentication to pass based on The control unit of the private protocol accesses the control unit proxy device.
  • the control unit proxy device For example, when the agent's CE and the agent are in two chassis or one network, the corresponding security mechanism must be specified to prevent spoofing and attack; the security mechanism can adopt all existing authentication and authorization protocol mechanisms. The specific needs are determined according to the degree of CE support for the agent.
  • the proxy CE when the control unit proxy device, that is, the proxy CE, simultaneously proxies a plurality of proxy CEs, the proxy CE further needs to determine to receive the message according to the received message sent by the ForCES protocol system.
  • the control unit based on the private protocol of the message, and sends the protocol-converted message to the corresponding control unit based on the private protocol, specifically: when the CE proxy itself has the function of the CE, for example, it is a support for ForCES of CE, at this time, it needs to be able to distinguish its own function from the function of the proxy CE, that is, to divide the received packet and control message, and pass the message that needs to be delivered to the proxy CE to the proxy.
  • CE will need to process the messages themselves to handle, and to ensure that the relevant processing in the correct order. That is, when a CE agent is acting on multiple CEs at the same time, it is required to provide the function of configuring the CE, or to automatically discover the CEs that are being proxied. Accurately distributed to the corresponding proxy CE.
  • control unit manager CE Manager in the ForCES protocol system can also configure and manage the control unit based on the private protocol connected to the control unit proxy device through the CE proxy device, thereby controlling the ForCES protocol system.
  • the unit manager can implement configuration management for a control unit based on a proprietary protocol.
  • the CE proxy device also determines the associated network element NE and the forwarding unit with which it communicates by communicating with the CE Manager in the ForCES protocol system in the pre-association phase to facilitate the corresponding forwarding.
  • the unit establishes communication.
  • the CE proxy may also have a communication function defined by the ForCES architecture with other CEs, and the specific communication protocol conforms to the provisions of the future ForCES architecture, and may be an extension of various existing protocols, such as establishing Protocol over TCP/IP.
  • FIG. 10 is a schematic structural diagram of the CE proxy device provided by the present invention.
  • the CE proxy device 10 of the present invention specifically includes the following functional modules: ForCES protocol module 100: used to communicate with the FE through the ForCES protocol, and supports the standard ForCES protocol, that is, based on the ForCES protocol and the FE. Performing the interaction of the message; function control module 110: When the CE proxy (CE Proxy) includes part of the CE function, the function control module needs to distribute the messages corresponding to different functions in the CE and the CE Proxy to avoid conflicts; If the proxy does not contain the CE function, it may proxy multiple CEs behind the CE Proxy.
  • OSPF Open shortest path first
  • CE Manager is used to initialize the CE 2006/001137
  • the communication module completes communication with the CE Manager, and transmits the information to the function control module, and is distributed by the function control module to the corresponding functional entity in the CE or CE Proxy, thereby implementing corresponding configuration management.
  • Communication module between CEs 130 There is also communication between CEs, so this module is required to support the corresponding communication in the ForCES framework;
  • the protocol conversion module 140 for the message and the message sent to the proxy CE, in this module, the ForCES message is converted to the non-Force standard CE that is being proxyed; at the same time, the proxy CE is also proxyed.
  • the private protocol-based message sent by the CE private protocol module is converted into a standard ForCES message and sent to the ForCES protocol module, so as to be sent to the corresponding FE;
  • the module that is proxyed by the CE private protocol module 150 communicates with the proxy CE, and emulates the CE Proxy into a peer of the proxy CE to implement communication.
  • the module further includes: a security processing module, configured to ensure that no attack is performed by using a security authentication mechanism when the proxyed CE and the CE Proxy are in the two chassis, and the security processing module may also be independent of The module is set, but the functions are the same; the prerequisite for implementing the secure authentication mechanism is that the CE being supported by the proxy supports these functions;
  • the device may also optionally include a CE module 160 supporting the ForCES protocol for implementing the functions of a common ForCES protocol-based CE, that is, the device according to the present invention may be configured with an existing CE-body. Of course, it can also be set independently.
  • the CE proxy conforms to the ForCES architecture and protocol, and can identify the FE model, and can obtain the FE topology information through the FE manager, the CE manager, or the internal topology discovery. Moreover, the CE agent knows the function of the actual physical CE that it is acting on, and can start or not activate the function of the CE agent according to the requirements of the CE Manager.
  • the CE proxy also includes a backup/load sharing module, which is used to implement the CE backup, distributed CE, and CE load sharing functions supported by the ForCES framework.
  • the implementation of the present invention solves the problem that the simple CE cannot support the ForCES protocol; at the same time, it also solves the problem that the old CE cannot join the ForCES in the past, and provides a feasible technology for the device to transition to the ForCES. Program.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Communication Control (AREA)

Abstract

A communication system and method based on Forwarding and Control Element Separation(ForCES). The core of the present invention includes: set the control element agent apparatus in the ForCES-based protocol system, receive the message sent from the private-based protocol control element using said control element agent apparatus, and convert it into the ForCES-based protocol message, send it to the ForCES protocol system; in the meantime, receive the message sent from ForCES protocol system using the control element agent apparatus, and convert it into the private-based protocol message and send it to the private-based protocol control element. Therefore, the invention solves effectively the problem that some simple CE and the old CE can not support the ForCES protocol, accordingly it provides a feasible technical proposal for the device transition to the ForCES.

Description

基于转发控制分离协议的通信系统及方法 技术领域 本发明涉及网络通信技术领域, 尤其涉及一种基于转发控制分离协 议的通信系统及通信方法。  TECHNICAL FIELD The present invention relates to the field of network communication technologies, and in particular, to a communication system and a communication method based on a forwarding control separation protocol.
背景技术 通常, 一个 IP网络单元(NE: Network Element ) 由多个逻辑上隔离 的实体组成, 这些逻辑实体共同协作作为一个整体提供一个功能(如路 由或者 IP交换)。 所述的网絡单元主要包括两种: 控制平面组件和转发平 面组件, 而且控制平面组件和转发平面组件之间需要隔离。 Background Art Generally, an IP network element (NE: Network Element) is composed of a plurality of logically isolated entities that cooperate to provide a function (such as routing or IP switching) as a whole. The network unit mainly includes two types: a control plane component and a forwarding plane component, and isolation between the control plane component and the forwarding plane component is required.
为标准化控制和转发平面的信息交换, 即标准化相互隔离的控制单 元和转发单元之间的信息交换, 推出了 ForCES (转发控制分离)协议。  The ForCES (Forward Control Separation) protocol was introduced to standardize the exchange of information between the control and forwarding planes, that is, to standardize the exchange of information between the isolated control units and the forwarding units.
ForCES将会使得控制和转发平面在保持可相互操作的前提下都快速 地得到技术进步。 还使得设备的可伸缩性非常容易得到, 转发和控制能 力可以被灵活的增加到一个 NE中 , 而不需要象现在一样进行大规模的硬 件软件升级, 导致业务受到影响。  ForCES will enable the control and forwarding planes to quickly gain technological advancement while remaining interoperable. It also makes the scalability of the device very easy, and the forwarding and control capabilities can be flexibly added to an NE without the need for large-scale hardware software upgrades as they are now, resulting in business impact.
图 1为板级物理隔离路由器的结构示意图。 如图 1所示, 图中给出了 一个板级物理隔离路由器的例子, 该路由器有两个控制板和多个转发板, 都连接在交换网背板上。 其中, 控制板是 CE (控制单元) , 路由器板是 FE (转发单元), 交换网背板提供了所有板的物理连接。 可以让控制板 A 是主的 CE, 控制板 B是备份 CE来提供冗余备份能力。 为得到高可靠性, 也可以有一个冗余的交换网板。 ForCES协议的目标就是用标准协议实现 各 CE和 FE之间的信息交换。 这样, 对于控制板来自厂商 X, 转发板来自 厂商 Y, 两者在一个机架上无缝对接工作便成为可能。  Figure 1 shows the structure of a board-level physical isolation router. As shown in Figure 1, an example of a board-level physical isolation router is shown. The router has two control boards and multiple forwarding boards, all connected to the switching network backplane. Among them, the control board is CE (control unit), the router board is FE (forwarding unit), and the switching network backplane provides physical connection of all boards. Control board A can be the primary CE, and control board B is the backup CE to provide redundant backup capabilities. For high reliability, there can also be a redundant switching network board. The goal of the ForCES protocol is to exchange information between CEs and FEs using standard protocols. Thus, for the control board from the manufacturer X and the forwarding board from the manufacturer Y, it is possible to seamlessly connect the two in one rack.
目前, 还存在另夕 1、一种 CE和 FE的物理分离, 即机箱级别的分离。 图 2为机箱級物理隔离的 CE和 FE的结构示意图。如图 2所示,所有的 CE和 FE 是物理上独立的机箱, 相互之间通过高速的局域网进行连接(如千兆以 太网)。 如果各 CE和 FE相互之间通过运行 ForCES来进行通信, 将同样会 产生针对图 2所描述的效果。 图 3为 E的结构示意图, 如图 3所示, NE框架的主要部件包括: CE、 FE和内部互连协议。 CE负责如信令、协议处理、 和管理协议应用等操作。 控制平面基于处理生成的信息, 来指示转发平面的包转发行为。 例如控 制平面可以通过操作操作转发表、端口状态、增加或者去除一个 NAT (网 络地址转换)连接来实现对一个 FE的控制。 At present, there is also a physical separation of CE and FE, that is, separation at the chassis level. Figure 2 shows the structure of the CE and FE physically isolated at the chassis level. As shown in Figure 2, all CEs and FEs are physically separate chassis that are connected to each other via a high-speed LAN (such as Gigabit Ethernet). If each CE and FE communicate with each other by running ForCES, the effect described with respect to Figure 2 will also occur. 3 is a schematic structural view of E. As shown in FIG. 3, main components of the NE frame include: CE, FE, and internal interconnection protocols. The CE is responsible for operations such as signaling, protocol processing, and management protocol applications. The control plane indicates the packet forwarding behavior of the forwarding plane based on the information generated by the processing. For example, the control plane can implement control of an FE by operating an operation forwarding table, port status, adding or removing a NAT (Network Address Translation) connection.
FE可以包括通用的, 也可以有专用的, 比如 NAT、 防火墙、 封装解 封装等。 在图 3中, 一个 NE包括一个 CE和两个 FE。 两个 FE和一个 CE需要 最小的配置作为预配置, 这个可以由 FE管理器和 CE管理器分别完成。  FEs can be generic or private, such as NAT, firewall, encapsulation, etc. In Figure 3, an NE consists of a CE and two FEs. Two FEs and one CE require minimal configuration as a pre-configuration, which can be done separately by the FE manager and the CE manager.
ForCES架构定义了 ForCES NE的部件, 包括几个附属的部件。 这些 部件为了灵活的包处理, 可以通过不同的拓朴进行连接。 图 4为 ForCES框 架结构示意图, 如图 4所示, 图中包括:  The ForCES architecture defines the components of the ForCES NE, including several subsidiary components. These components can be connected through different topologies for flexible packet processing. Figure 4 shows the structure of the ForCES frame. As shown in Figure 4, the figure includes:
Fp: CE-FE接口;  Fp: CE-FE interface;
Fi: FE-FE接口;  Fi: FE-FE interface;
Fr: CE-CE接口;  Fr: CE-CE interface;
Fc: CE Manager和 CE接口;  Fc: CE Manager and CE interface;
Ff: FE Manager和 FE接口;  Ff: FE Manager and FE interface;
Fl: CE Manager和 FE Manager接口;  Fl: CE Manager and FE Manager interface;
Fi/f: FE夕卜部接口。  Fi/f: FE eve interface.
图 4中包括两种部件: 控制部件 CE和转发部件 FE。 ForCES框架允许 NE包含多个 CE和 FE的实例。每一个 FE包含一个或者多个物理接口,物理 接口用于手打包到 E之外。 这些 FE接口聚合在一起变成了 的外部接 口。 除了外部接口之外, 在 NE内部, 必须存在一些种类的互联关系, 使 得 CE和 FE能相互通信、 FE能将包转发给另外的 FE。 图 4中还示出了 ForCES NE之外的两个实体: CE Manager ( CE管理器)和 FE Manager ( FE 管理器)。这两个附加的实体在预组合阶段,提供对应 CE或者 FE的配置。  Figure 4 includes two components: the control component CE and the forwarding component FE. The ForCES framework allows the NE to contain multiple instances of CE and FE. Each FE contains one or more physical interfaces, and the physical interface is used to pack the hand outside of E. These FE interfaces are aggregated into an external interface. In addition to the external interface, there must be some kinds of interconnections within the NE, so that CE and FE can communicate with each other, and FE can forward packets to another FE. Also shown in Figure 4 are two entities outside of ForCES NE: CE Manager (CE Manager) and FE Manager (FE Manager). These two additional entities provide a configuration corresponding to CE or FE during the pre-combination phase.
在实际的 ForCES的框架中, 对于控制平面的功能, 可能会使用功能 不同的 CE来完成, 其中有的 CE可能会非常简单。 仍然以路由器为例, 图 5为现有 ForCES框架中的一种路由器结构示意图。如图 5所示, n个 FE被通 过交换网连接在一起, 形成数据平面, 控制平面由控制板的两个芯片组 成:一个是用于路由计算和信令的 CPU,—个是用于设备管理的专用 ASIC 芯片。 设备管理负责控制交换网和控制板的倒换(备份情况下) 、 设备 环境告警(如温度过高、 湿度过高、 电压不正常、 FE上的稳定电压等)、 单板的重启、 发出代码的加载指令等功能。 由于这些功能相对固定和简 单, 所以用 ASIC实现。 In the actual ForCES framework, the functions of the control plane may be completed using CEs with different functions, and some of the CEs may be very simple. Still taking a router as an example, FIG. 5 is a schematic diagram of a router structure in the existing ForCES framework. As shown in FIG. 5, n FEs are connected together through a switching network to form a data plane, and the control plane is composed of two chipsets of the control board. Cheng: One is the CPU for routing calculation and signaling, one is a dedicated ASIC chip for device management. The device management is responsible for controlling the switching of the switching network and the control board (in the case of backup), and the environmental alarms of the device (such as excessive temperature, excessive humidity, abnormal voltage, stable voltage on the FE, etc.), restart of the board, and code issue. Load instructions and other functions. Since these functions are relatively fixed and simple, they are implemented in an ASIC.
在未来的 ForCES架构应用中, 也可能会出现类似于一种专门做设备 管理的 CE, 这类 CE也可能非常简单, 是一个专用的 ASIC芯片, 对于这种 芯片, 要支持 ForCES这样复杂的协议, 是非常困难的, 因此, 如何将这 种特殊的 CE兼容于 ForCES架构中, 是一个需要解决的问题。  In future ForCES architecture applications, there may also be a CE similar to a device management. Such a CE may also be very simple. It is a dedicated ASIC chip. For such a chip, support a complex protocol such as ForCES. It is very difficult, therefore, how to adapt this special CE to the ForCES architecture is a problem that needs to be solved.
另外, 在未来的 ForCES架构的设备中, 由于现在很多厂家已经有非 常成熟的 CE, 在以后的设备扩容和厂家集成中, 可能会出现一些 CE支持 ForCES协议, 另外一些已有的成熟的 CE无法支持 ForCEs协议的情况。 图 6为 ForCES架构的包含 CE和 FE的系统结构示意图, 如图 6所示, CE3是一 个以前已有的机箱, 能够完成一些特定的 CE功能, 例如某种特定协议。 在新组建的 NE节点中, 系统集成商希望能将其用进去, 单是 CE3作为一 个单独的机箱是无法支持 ForCES协议的。 即使 CE3能够修改, 但对于一 些成熟的网络操作系统, 若对 CE进行修改使其能够支持 ForCES协议, 则 需要进行的修改量较大, 而其以前的系统有自己私有的通信方式, 已经 非常成熟和稳定, 因此, 这种修改可能带来很大的风险。  In addition, in the future ForCES architecture equipment, since many manufacturers already have very mature CEs, in the future equipment expansion and vendor integration, some CEs may support the ForCES protocol, and some existing mature CEs cannot. Support for the ForCEs protocol. Figure 6 shows the structure of the system including CE and FE in the ForCES architecture. As shown in Figure 6, CE3 is a previously existing chassis that can perform certain CE functions, such as a specific protocol. In the newly formed NE node, the system integrator hopes to use it. The CE3 as a separate chassis cannot support the ForCES protocol. Even if CE3 can be modified, for some mature network operating systems, if the CE is modified to support the ForCES protocol, the amount of modification required is large, and the previous system has its own proprietary communication method, which is very mature. And stable, therefore, such modifications can pose significant risks.
综上所述, 针对上述两种需求, 目前还没有一种方法可以满足。 发明内容  In summary, there is currently no way to meet the above two requirements. Summary of the invention
本发明提供了一种基于转发控制分离协议的系统及通信方法, 以解 决筒单的 CE以及过去的 CE无法支持 ForCES协议的问题, 为网络设备向 ForCES过渡提供了一种可行的技术方案。  The present invention provides a system and a communication method based on a forwarding control separation protocol, which solves the problem that the CE of the cartridge and the past CE cannot support the ForCES protocol, and provides a feasible technical solution for the transition of the network device to the ForCES.
本发明通过以下技术方案实现:  The invention is achieved by the following technical solutions:
本发明提供的一种基于转发控制分离协议的通信系统包括; 基于 ForCES协议的控制单元(CE )和转发单元 (FE ) ;  The communication system based on the forwarding control separation protocol provided by the present invention comprises: a control unit (CE) and a forwarding unit (FE) based on the ForCES protocol;
控制单元代理装置, 用于对基于私有协议的控制单元与基于转发控 制分离协议的转发单元之间交互的消息进行协议转换处理。 所述基于私有协议的控制单元还通过控制单元代理装置与系统中的 基于转发控制分离协议的控制单元进行通信。 The control unit proxy device is configured to perform protocol conversion processing on the message exchanged between the control unit based on the private protocol and the forwarding unit based on the forwarding control separation protocol. The control unit based on the private protocol also communicates with the control unit based on the forwarding control separation protocol in the system by the control unit proxy device.
所述控制单元代理装置和物理的控制单元的混合体组成一个逻辑的 控制单元实体, 且一个控制单元代理可至少代理一个物理的 CE。  The mixture of the control unit proxy device and the physical control unit constitutes a logical control unit entity, and one control unit agent can proxy at least one physical CE.
所述控制单元代理装置为一个 CPU、 一个支持 ForCES协议的专用部 件或者是一个支持 ForCES协议的一般控制单元。  The control unit proxy device is a CPU, a dedicated component supporting the ForCES protocol, or a general control unit supporting the ForCES protocol.
相应地, 本发明提供的一种基于转发控制分离协议的通信方法包括: ( 1 )控制单元代理装置接收基于私有协议的控制单元发来的消息, 并转换为基于 ForCES协议的消息, 发送给 ForCES协议系统;  Correspondingly, the communication method based on the forwarding control separation protocol provided by the present invention includes: (1) the control unit proxy device receives the message sent by the control unit based on the private protocol, and converts the message into a message based on the ForCES protocol, and sends the message to the ForCES. Protocol system
( 2 )控制单元代理装置接收 ForCES协议系统发来的消息, 并转换为 基于私有协议的消息发送给基于私有协议的控制单元。  (2) The control unit proxy device receives the message sent by the ForCES protocol system and converts the message into a proprietary protocol based message to the control unit based on the private protocol.
所述方法还包括: 控制单元代理装置对与其连接的基于私有协议的 控制单元进行安全认证, 并仅允许通过认证的基于私有协议的控制单元 接入。  The method further includes: the control unit proxy device securely authenticates the private protocol based control unit to which it is connected, and only allows access by the authenticated private protocol based control unit.
所述方法还包括: 所述的控制单元代理装置同时代理多个被代理的 The method further includes: the control unit proxy device simultaneously proxies a plurality of agents
CE时, 所述控制单元代理装置根据接收到的转发控制分离协议系统发来 的消息, 确定接收该消息的基于私有协议的控制单元, 并将经协议转换 处理后的消息发送给相应的基于私有协议的控制单元, 实现报文的正确 分流。 At the time of the CE, the control unit proxy device determines, according to the received message from the forwarding control separation protocol system, the control unit that receives the message based on the private protocol, and sends the protocol-converted message to the corresponding private-based control unit. The control unit of the protocol implements the correct splitting of the message.
所述方法还包括: 转发控制分离协议系统中的控制单元管理器通过 控制单元代理装置对与控制单元代理装置连接的基于私有协议的控制单 元进行配置管理。  The method further includes: performing, by the control unit proxy device, a configuration management of the private protocol-based control unit connected to the control unit proxy device by the control unit manager in the forwarding control separation protocol system.
所述方法还包括: 控制单元代理装置在预组合阶段通过与转发控制 分离协议系统中的控制单元管理器进行通信确定所属的网络单元, 以及 与其通信的转发单元。  The method further includes the control unit proxy device determining, by communication with the control unit manager in the forwarding control separation protocol system, the associated network element, and the forwarding unit in communication therewith, in the pre-combination phase.
相应地, 本发明提供的一种控制单元代理装置包括:  Correspondingly, a control unit proxy device provided by the present invention includes:
转发控制分离协议模块: 用于与转发单元之间基于转发控制分离协 议进行消息的交互;  Forwarding control separation protocol module: used for interaction with a forwarding unit based on a forwarding control separation protocol;
被代理控制单元私有协议模块: 用于与被代理控制单元之间基于私 有协议进行消息的交互; Proxy control unit private protocol module: for private use with the proxy control unit There is a protocol for message interaction;
协议转换模块: 连接于被代理控制单元私有协议模块与转发控制分 离协议模块之间, 用于进行所述私有协议与转发控制分离协议之间的转 换处理, 实现被代理控制单元私有协议模块与转发控制分离协议模块间 的消息交互。  The protocol conversion module is connected between the private control protocol module of the proxy control unit and the separation control protocol module, and is used for performing conversion processing between the private protocol and the forwarding control separation protocol, and implementing the private protocol module and forwarding by the proxy control unit. Controls message interaction between separate protocol modules.
所述的装置还包括:  The device further includes:
功能控制模块: 用于识别接收到的基于转发控制分离协议的业务流 的目的控制单元, 并控制将业务流发送给相应的被代理的控制单元。  The function control module: a destination control unit for identifying the received traffic flow based on the forwarding control separation protocol, and controlling to send the service flow to the corresponding controlled control unit.
所述的装置还包括:  The device further includes:
控制单元之间通信模块: 用于与系统中的其他基于转发控制分离协 议的控制单元进行基于转发控制分离协议的消息的交互;  Communication module between control units: for performing interaction with messages based on the forwarding control separation protocol with other control units based on the forwarding control separation protocol in the system;
 with
控制单元管理器之间通信模块: 用于与系统中的控制单元管理器进 行信息交互, 实现对被代理的控制单元的配置管理操作;  Control unit manager communication module: used to interact with the control unit manager in the system to implement configuration management operations on the agent's control unit;
和 /或,  and / or,
支持 ForCES协议的控制单元模块, 用于实现普通的基于 ForCES协议 的控制单元的功能;  A control unit module supporting the ForCES protocol for implementing the functions of a common ForCES-based control unit;
 with
备份 /负载分担模块: 用于配合转发控制分离协议系统中的备份及负 载分担处理功能实体实现相应的备份和 /或负载分担处理。  Backup/load sharing module: Used to cooperate with the backup and load sharing processing function entities in the forwarding control separation protocol system to implement corresponding backup and/or load sharing processing.
所述装置内置于系统中的基于转发控制分离协议的控制单元中或者 独立设置于系统中。  The device is built into the control unit based on the forwarding control separation protocol in the system or is independently installed in the system.
所述装置与被代理的控制单元设置于不同的机框中。  The device is disposed in a different chassis than the controlled control unit.
所述装置还包括安全处理模块, 所述安全处理模块用于对接入的被 代理的控制单元进行合法性检查, 并仅允许通过合法性检查的被代理的 控制单元与所述装置交互消息。  The apparatus also includes a security processing module for performing a validity check on the accessed proxy control unit and allowing only the proxyed control unit that passes the validity check to interact with the device.
由上述本发明提供的技术方案可以看出,本发明将不支持 ForCES协 议的 CE通过支持 Foi'CES协议的 CE代理实现与 FE之间的基于 ForCES 协议的信息交互, 因此, 本发明的实现有效解决了一些简单的 CE无法支 持 ForCES协议的问题; 同时, 还解决了过去的 CE无法加入 Foi'CES的 问题, 为设备向 ForCES过渡提供了一种可行的技术方案。 It can be seen from the technical solution provided by the present invention that the CE that does not support the ForCES protocol implements the ForCES protocol-based information exchange with the FE through the CE proxy supporting the Foi'CES protocol. Therefore, the implementation of the present invention is effective. Solved some simple CE can not support The problem of holding the ForCES protocol; at the same time, it also solves the problem that the past CE can not join the Foi'CES, providing a feasible technical solution for the transition of the device to ForCES.
附图说明 DRAWINGS
图 1为板级物理隔离路由器的结构示意图;  Figure 1 is a schematic structural diagram of a board-level physical isolation router;
图 2为机箱级物理隔离的 CE和 FE的结枸示意图;  Figure 2 is a schematic diagram of the CE and FE of the chassis-level physical isolation;
图 3为 NE的结构示意图;  Figure 3 is a schematic structural view of the NE;
图 4为 ForCES框架结构示意图;  Figure 4 is a schematic diagram of the structure of the ForCES framework;
图 5为现有 ForCES框架中的一种路由器结构示意图;  FIG. 5 is a schematic structural diagram of a router in an existing ForCES framework;
图 6为 ForCES架构的包含 CE和 FE的系统结构示意图;  Figure 6 is a schematic diagram of the system structure of the ForCES architecture including CE and FE;
图 7为本发明的 ForCES通信系统第一实施方式结构示意图;  7 is a schematic structural diagram of a first embodiment of a ForCES communication system according to the present invention;
图 8为本发明的 ForCES通信系统第二实施方式结构示意图; 图 9为本发明的 ForCES通信系统第三实施方式结构示意图; 图 10为本发明提供的 CE代理装置的结构示意图。  8 is a schematic structural diagram of a second embodiment of a ForCES communication system according to the present invention; FIG. 9 is a schematic structural diagram of a third embodiment of a ForCES communication system according to the present invention; FIG. 10 is a schematic structural diagram of a CE proxy device provided by the present invention.
具体实施方式 detailed description
为了解决现有技术中存在的问题, 本发明的核心是提出了 CE Proxy In order to solve the problems existing in the prior art, the core of the present invention is to propose a CE Proxy.
( CE代理) 的概念和方法, 从而对 ForCES框架是一个有益补充。 也就是 说, 本发明的目的是在物理 CE不能直接应用 ForCES协议的情况下, 比如 由于缺少一个通用的 CPU, 或者老的 CE希望用于新的 ForCES架构中作为 一个 CE的情况下, 可以采用一个 CE代理用于终结 Fp ( CE和 FE之间的接 口)控制点, 从而代替无法支持 ForCES协议的物理的 CE与 FE之间进行基 于 ForCES协议的信息交互。 The concept and method of (CE agent) is a useful complement to the ForCES framework. That is to say, the purpose of the present invention is to adopt a case where the physical CE cannot directly apply the ForCES protocol, for example, due to the lack of a general-purpose CPU, or the old CE is expected to be used as a CE in the new ForCES architecture. A CE proxy is used to terminate the control point of the Fp (interface between the CE and the FE), so that the physical communication between the CE and the FE that cannot support the ForCES protocol is performed based on the ForCES protocol.
即 FE可以通过一个基于 ForCES协议的 CE代理与物理的 CE (即被代 理的 CE )进行通信, 而被代理的物理的 CE仍然使用自己的私有协议 (即 私有的通信方式)通过该 CE代理与 FE通信, 所述的私有通信方式包括: 非 ForCES协议或者 DMA (直接存储器存取)通信方式, 或者其它原来 CE 已有的私有方式。即应用本发明对于原来的物理的 CE无需进行任何修改。  That is, the FE can communicate with the physical CE (ie, the proxyed CE) through a CE agent based on the ForCES protocol, and the physical CE of the proxy still uses its own proprietary protocol (ie, private communication mode) to pass the CE proxy with the CE proxy. FE communication, the private communication method includes: non-ForCES protocol or DMA (direct memory access) communication mode, or other private methods existing by the original CE. That is, the application of the present invention does not require any modification to the original physical CE.
本发明提供的应用中, CE代理和物理的 CE的混合体组成了一个逻辑 的 CE实体。而且,本发明中,一个 CE代理也可能同时代理多个物理的 CE。  In the application provided by the present invention, a mixture of a CE proxy and a physical CE constitutes a logical CE entity. Moreover, in the present invention, a CE proxy may also proxy multiple physical CEs at the same time.
本发明中, 所述的 CE代理可以是一个 CPU、 一个支持 ForCES协议的 专用部件, 或者, 也可以是一个支持 ForCES协议的一般 CE。 为对本发明 有进一步的理解 , 下面将结合附图对本发明作进一步说明。 In the present invention, the CE proxy may be a CPU and a support for the ForCES protocol. A dedicated component, or it can be a general CE that supports the ForCES protocol. In order to further understand the present invention, the present invention will be further described with reference to the accompanying drawings.
本发明提供的基于 ForCES协议的通信系统分别如图 7、 图 8和图 9所 示。 图 7为本发明的 ForCES通信系统第一实施方式结构示意图; 图 8为本 发明的 ForCES通信系统第二实施方式结构示意图;图 9为本发明的 ForCES 通信系统第三实施方式结构示意图。本发明的基于 ForCES协议系统包括: 基于 Foi'CES协议的控制单元(CE )和转发单元(FE ) , 且还包括控制单 元代理装置(CE代理) , 基于私有协议的控制单元通过该控制单元代理 装置与所述转发单元通信, 所述控制单元代理装置用于将基于私有协议 的控制单元与基于 ForCES协议的转发单元之间交互的消息进行协议转换 处理; 另外, 所述的基于 ForCES协议的控制单元还通过控制单元代理装 置与系统中的基于 ForCES协议的控制单元建立通信。  The communication system based on the ForCES protocol provided by the present invention is shown in Fig. 7, Fig. 8, and Fig. 9, respectively. 7 is a schematic structural diagram of a first embodiment of a ForCES communication system according to the present invention; FIG. 8 is a schematic structural view of a second embodiment of a ForCES communication system according to the present invention; and FIG. 9 is a schematic structural diagram of a third embodiment of a ForCES communication system according to the present invention. The ForCES-based protocol system of the present invention includes: a control unit (CE) and a forwarding unit (FE) based on the Foi'CES protocol, and further includes a control unit proxy device (CE proxy) through which the control unit based on the private protocol proxy The device is in communication with the forwarding unit, and the control unit proxy device is configured to perform protocol conversion processing on a message exchanged between the control unit based on the private protocol and the forwarding unit based on the ForCES protocol; in addition, the control based on the ForCES protocol The unit also establishes communication with the control unit based on the ForCES protocol in the system through the control unit proxy device.
对于图 7、 图 8和图 9中所示的 CE代理, 需求其支持 ForCES协议; 能够将 ForCES协议翻译成后面不支持 ForCES协议的 CE可以接收的私有 格式进行传递。 CE代理要具有连接 CE管理器(CE Manager )的功能, 在 ForCES的预組合阶段 ( Pre-association Phase )通过 CE Manager来决定自 己是否加入该 NE。 CE代理和其它 CE之间要有 ForCES架构规定的通信功 能, 具体通信的协议符合以后 ForCES架构的规定, 目前可以是多种现有 的协议的扩充, 比如建立在 TCP/IP之上的协议。 CE代理要符合 ForCES架 构和协议的规定, 能够识别 FE模型, 能够通过 FE管理器、 CE管理器、 或 者内部拓朴发现获得 FE拓朴信息。 CE代理要知道自己所代理的实际物理 CE的功能, 并可以根据 CE Manager的要求, 对所 CE代理的功能进行启动 或者不启动的操作。  For the CE proxy shown in Figure 7, Figure 8, and Figure 9, it is required to support the ForCES protocol; the ForCES protocol can be translated into a private format that can be received by a CE that does not support the ForCES protocol. The CE agent has the function of connecting to the CE Manager. In the Pre-association Phase of ForCES, the CE Manager determines whether or not to join the NE. The CE proxy and other CEs must have the communication functions specified by the ForCES architecture. The specific communication protocol conforms to the future ForCES architecture. Currently, it can be an extension of many existing protocols, such as protocols established over TCP/IP. The CE proxy must conform to the ForCES architecture and protocol requirements, be able to identify the FE model, and be able to obtain FE topology information through the FE manager, CE manager, or internal topology discovery. The CE agent needs to know the function of the actual physical CE that it is acting on, and can start or not start the function of the CE agent according to the requirements of CE Manager.
在一个 CE代理代理多个实际 CE时,如图 8所示, 需要能够提供通过配 置或者自动发现所代理的 CE的功能, 约定区分不同 CE的方式, 实现报文 的正确分流。  When a CE agent is acting on multiple real CEs, as shown in Figure 8, it is necessary to provide the function of configuring the CE to be authenticated or automatically discovering different CEs to implement correct traffic distribution.
当被代理的 CE和代理处于两个机框、 或者一个网络中时, 必须要规 定一些安全机制, 来防止欺骗和攻击。 安全机制可以是现有所有的认证 和授权协议机制, 需要根据被代理的 CE对认证的支持程度来决定。 CE代理如果本身具有一些 CE的功能, 比如本身就是一个支持 ForCES 的 CE,如图 9所示, 所述的 CE代理还可以设置于现有的普通 CE中,如 CE2 中, 此时, CE2便可以作为 CE3、 CE4、 CE5的代理, 即 CE3、 CE4、 CE5 通过 CE2便可以采用私有的协议与各个 FE通信。 CE2需要能够将自身的功 能同所代理的 CE的功能区分开来, 对收到的包和控制消息进行划分, 需 要传递给后面 CE的传递过去, 需要自己处理的自己处理, 并且要能保证 相关处理按照正确的顺序进行。 When the agent's CE and agent are in two chassis or a network, some security mechanisms must be specified to prevent spoofing and attacks. The security mechanism can be all existing authentication and authorization protocol mechanisms, and needs to be determined according to the degree of CE support for the proxy. If the CE proxy itself has some CE functions, such as a CE that supports ForCES, as shown in Figure 9, the CE proxy can also be set in an existing common CE, such as CE2. At this time, CE2 It can be used as a proxy for CE3, CE4, and CE5. That is, CE3, CE4, and CE5 can communicate with each FE through a proprietary protocol through CE2. CE2 needs to be able to distinguish its own functions from the functions of the CEs it is acting on. It needs to pass the received packets and control messages to the subsequent CEs. It needs to be processed by itself and must be guaranteed. Processing proceeds in the correct order.
本发明还提供了一种基于转发控制分离协议的通信方法。 所述方法 能够将基于私有协议的控制单元接入 ForCES协议的通信系统 , 所述方法 包括:  The invention also provides a communication method based on a forwarding control separation protocol. The method can connect a control unit based on a private protocol to a communication system of the ForCES protocol, and the method includes:
( 1 )控制单元 CE代理装置接收基于私有协议的控制单元发来的消 息, 并转换为基于 ForCES协议的消息, 发送给 ForCES协议系统;  (1) The control unit CE proxy device receives the message sent by the control unit based on the private protocol, and converts it into a message based on the ForCES protocol, and sends the message to the ForCES protocol system;
( 2 )控制单元 CE代理装置接收 ForCES协议系统发来的消息, 并转 换为基于私有协议的消息发送给基于私有协议的控制单元。  (2) Control unit The CE proxy device receives the message sent by the ForCES protocol system and converts it to a private protocol based message to the control unit based on the private protocol.
也就是说, CE代理装置能够将 ForCES协议的消息转换成基于私有协 议的 CE能够接收的私有格式的消息并传递给 ForCES协议系统, 反之亦 然。  That is, the CE proxy device can convert the ForCES protocol message into a private format message that the CE based on the private protocol can receive and pass it to the ForCES protocol system, and vice versa.
为保证接入控制单元代理装置的被代理的 CE的合法性, 控制单元代 理还需要对与其连接的基于私有协议的控制单元(即被代理的 CE )进行 安全认证, 并仅允许认证通过的基于私有协议的控制单元接入控制单元 代理装置。 例如, 当被代理的 CE和代理处于两个机框、 或者一个网络中 时, 必须规定相应的安全机制, 以防止欺骗和攻击; 所述安全机制可以 采用现有所有的认证和授权协议机制, 具体需要根据被代理的 CE对认证 的支持程度来决定。  In order to ensure the legitimacy of the proxyed CE of the access control unit proxy device, the control unit proxy also needs to perform secure authentication on the private protocol-based control unit (ie, the proxyed CE) connected thereto, and only allows the authentication to pass based on The control unit of the private protocol accesses the control unit proxy device. For example, when the agent's CE and the agent are in two chassis or one network, the corresponding security mechanism must be specified to prevent spoofing and attack; the security mechanism can adopt all existing authentication and authorization protocol mechanisms. The specific needs are determined according to the degree of CE support for the agent.
另外, 当本发明的方法中, 所述的控制单元代理装置, 即代理 CE同 时代理多个被代理的 CE时,则代理 CE还需要根据接收到的 ForCES协议系 统发来的消息, 确定接收该消息的基于私有协议的控制单元, 并将经协 议转换处理后的消息发送给相应的基于私有协议的控制单元, 具体包括: 当 CE代理本身具有 CE的功能时, 例如, 其本身就是一个支持 ForCES的 CE, 此时, 则需要能够将自身的功能与所代理的 CE的功能区分开来, 即 对收到的包和控制消息进行划分, 将需要传递给所代理的 CE的消息传递 给被代理的 CE, 将需要由自己处理的消息自己进行处理, 并且要能保证 相关处理按照正确的顺序进行。 即当一个 CE代理同时代理了多个实际的 CE时, 需要能够提供通过配置、 或者自动发现所代理 CE的功能, 约定区 分不同的被代理的 CE的方式, 实现报文的正确分流, 即将消息准确地分 发给相应的被代理的 CE。 In addition, in the method of the present invention, when the control unit proxy device, that is, the proxy CE, simultaneously proxies a plurality of proxy CEs, the proxy CE further needs to determine to receive the message according to the received message sent by the ForCES protocol system. The control unit based on the private protocol of the message, and sends the protocol-converted message to the corresponding control unit based on the private protocol, specifically: when the CE proxy itself has the function of the CE, for example, it is a support for ForCES of CE, at this time, it needs to be able to distinguish its own function from the function of the proxy CE, that is, to divide the received packet and control message, and pass the message that needs to be delivered to the proxy CE to the proxy. CE, will need to process the messages themselves to handle, and to ensure that the relevant processing in the correct order. That is, when a CE agent is acting on multiple CEs at the same time, it is required to provide the function of configuring the CE, or to automatically discover the CEs that are being proxied. Accurately distributed to the corresponding proxy CE.
本发明所述的方法中, ForCES协议系统中的控制单元管理器 CE Manager还可以通过 CE代理装置对与控制单元代理装置连接的基于私有 协议的控制单元进行配置管理, 从而使得 ForCES协议系统的控制单元管 理器可以对基于私有协议的控制单元实现配置管理。 同时, 所述的 CE代 理装置还在预组合阶段 ( Pre-association Phase )通过与 ForCES协议系统中 的 CE Manager进行通信确定所属的网络单元 NE , 以及与其通信的转发单 元, 以便于与相应的转发单元建立通信。  In the method of the present invention, the control unit manager CE Manager in the ForCES protocol system can also configure and manage the control unit based on the private protocol connected to the control unit proxy device through the CE proxy device, thereby controlling the ForCES protocol system. The unit manager can implement configuration management for a control unit based on a proprietary protocol. At the same time, the CE proxy device also determines the associated network element NE and the forwarding unit with which it communicates by communicating with the CE Manager in the ForCES protocol system in the pre-association phase to facilitate the corresponding forwarding. The unit establishes communication.
本发明所述方法中,所述 CE代理还可以与其他 CE之间有 ForCES架构 规定的通信功能, 具体通信的协议符合以后 ForCES架构的规定, 可以是 多种现有的协议的扩充, 比如建立在 TCP/IP之上的协议。  In the method of the present invention, the CE proxy may also have a communication function defined by the ForCES architecture with other CEs, and the specific communication protocol conforms to the provisions of the future ForCES architecture, and may be an extension of various existing protocols, such as establishing Protocol over TCP/IP.
最后, 再对本发明提供的 CE代理装置的结构进行说明, 图 10为本发 明提供的 CE代理装置的结构示意图。 如图 10所示, 本发明的 CE代理装置 10具体包括以下功能模块: ForCES协议模块 100: 用于和 FE之间通过 ForCES协议进行通信, 支持标准的 ForCES协议, 即基于 ForCES协议与 FE 之间进行消息的交互; 功能控制模块 110: 在 CE代理(CE Proxy ) 包含部 分 CE功能时, 功能控制模块需要将 CE和 CE Proxy中不同的功能对应的消 息进行分发, 以免出现冲突; 另外, 对于 CE Proxy不包含 CE功能的情况, 在 CE Proxy后面可能代理多个被代理的 CE, 此时需要考虑通过功能控制 模块, 将功能对应消息分发到正确的被代理的 CE, 比如, 来自 FE的 OSPF (开放最短路径优先)的消息, 如果 OSPF协议在其中一个 CE上, 就需要 将这类消息进行识别分发给对应 CE;  Finally, the structure of the CE proxy device provided by the present invention will be described. FIG. 10 is a schematic structural diagram of the CE proxy device provided by the present invention. As shown in FIG. 10, the CE proxy device 10 of the present invention specifically includes the following functional modules: ForCES protocol module 100: used to communicate with the FE through the ForCES protocol, and supports the standard ForCES protocol, that is, based on the ForCES protocol and the FE. Performing the interaction of the message; function control module 110: When the CE proxy (CE Proxy) includes part of the CE function, the function control module needs to distribute the messages corresponding to different functions in the CE and the CE Proxy to avoid conflicts; If the proxy does not contain the CE function, it may proxy multiple CEs behind the CE Proxy. In this case, you need to consider distributing the function corresponding message to the correct proxy CE through the function control module. For example, OSPF from the FE ( Open shortest path first) message, if the OSPF protocol is on one of the CEs, it needs to identify and distribute such messages to the corresponding CE;
CE Manager之间的通信模块 120: CE Manager用于对 CE进行初始的 2006/001137 Communication module 120 between CE Manager: CE Manager is used to initialize the CE 2006/001137
—10— —10—
配置, 该通信模块完成和 CE Manager之间的通信, 将信息传递给功能控 制模块, 并由功能控制模块分发给对应的被代理的 CE或者 CE Proxy中对 应的功能实体, 从而实现相应的配置管理操作; Configuration, the communication module completes communication with the CE Manager, and transmits the information to the function control module, and is distributed by the function control module to the corresponding functional entity in the CE or CE Proxy, thereby implementing corresponding configuration management. Operation
CE之间通信模块 130: CE之间也会有通信, 所以需要这个模块对 ForCES框架中对应的通信进行支持;  Communication module between CEs 130: There is also communication between CEs, so this module is required to support the corresponding communication in the ForCES framework;
协议转换模块 140: 对于送给被代理 CE的消息和报文等,在这个模块 中完成 ForCES消息到被代理的非 ForCES标准 CE之间的相互转换; 同时, 还将被代理的 CE通过被代理 CE私有协议模块发来的基于私有协议的消 息转换为标准的 ForCES消息发送给 ForCES协议模块, 以便于发送给相应 的 FE;  The protocol conversion module 140: for the message and the message sent to the proxy CE, in this module, the ForCES message is converted to the non-Force standard CE that is being proxyed; at the same time, the proxy CE is also proxyed. The private protocol-based message sent by the CE private protocol module is converted into a standard ForCES message and sent to the ForCES protocol module, so as to be sent to the corresponding FE;
被代理 CE私有协议模块 150: 和被代理 CE之间通信的模块, 将 CE Proxy模拟成一个被代理 CE的对等体, 实现通信。 该模块中还包括: 安全 处理模块, 用于当被代理的 CE和 CE Proxy在两个机框中时, 需要通过一 些安全认证机制来保证不被攻击, 所述的安全处理模块也可以独立于该 模块设置, 但功能相同; 实现安全认证机制的前提是被代理的 CE支持这 些功能;  The module that is proxyed by the CE private protocol module 150: communicates with the proxy CE, and emulates the CE Proxy into a peer of the proxy CE to implement communication. The module further includes: a security processing module, configured to ensure that no attack is performed by using a security authentication mechanism when the proxyed CE and the CE Proxy are in the two chassis, and the security processing module may also be independent of The module is set, but the functions are the same; the prerequisite for implementing the secure authentication mechanism is that the CE being supported by the proxy supports these functions;
所述的装置还可选地包括支持 ForCES协议的 CE模块 160, 用于实现 普通的基于 ForCES协议的 CE的功能, 也就是说, 本发明所述的装置可以 与现有的 CE—体设置, 当然, 也可以独立设置。  The device may also optionally include a CE module 160 supporting the ForCES protocol for implementing the functions of a common ForCES protocol-based CE, that is, the device according to the present invention may be configured with an existing CE-body. Of course, it can also be set independently.
本发明中, CE代理符合 ForCES架构和协议的规定,能够识别 FE模型, 能够通过 FE管理器、 CE管理器、 或者内部拓朴发现获得 FE拓朴信息。 而 且, CE代理知道自己所代理的实际物理 CE的功能, 并可以根据 CE Manager的要求, 对所 CE代理的功能进行启动或者不启动的操作。 另夕卜, CE代理还包括备份 /负载分担模块, 用于实现 ForCES框架所支持的 CE备 份、 分布式 CE、 CE负载分担功能。  In the present invention, the CE proxy conforms to the ForCES architecture and protocol, and can identify the FE model, and can obtain the FE topology information through the FE manager, the CE manager, or the internal topology discovery. Moreover, the CE agent knows the function of the actual physical CE that it is acting on, and can start or not activate the function of the CE agent according to the requirements of the CE Manager. In addition, the CE proxy also includes a backup/load sharing module, which is used to implement the CE backup, distributed CE, and CE load sharing functions supported by the ForCES framework.
综上所述, 本发明的实现解决了一些由于简单的 CE无法支持 ForCES 协议的问题; 同时, 还解决了过去老的 CE无法加入 ForCES的问题, 为设 备向 ForCES过渡提供了一种可行的技术方案。  In summary, the implementation of the present invention solves the problem that the simple CE cannot support the ForCES protocol; at the same time, it also solves the problem that the old CE cannot join the ForCES in the past, and provides a feasible technology for the device to transition to the ForCES. Program.
以上所述, 仅为本发明较佳的具体实施方式, 但本发明的保护范围 并不局限于此, 任何熟悉本技术领域的扶术人员在本发明揭露的技术范 围内, 可轻易想到的变化或替换, 都应涵盖在本发明的保护范围之内。 因此, 本发明的保护范围应该以权利要求的保护范围为准。 The above description is only a preferred embodiment of the present invention, but the scope of protection of the present invention It is not limited thereto, and any modifications or substitutions that can be easily conceived within the scope of the present invention are intended to be included within the scope of the present invention. Therefore, the scope of protection of the present invention should be determined by the scope of the claims.

Claims

权 利 要 求 Rights request
1、 一种基于转发控制分离协议的通信系统 , 包括;  1. A communication system based on a forwarding control separation protocol, comprising:
基于 ForCES协议的控制单元(CE )和转发单元 (FE ) ;  Control unit (CE) and forwarding unit (FE) based on ForCES protocol;
控制单元代理装置, 用于对基于私有协议的控制单元与基于转发控 制分离协议的转发单元之间交互的消息进行协议转换处理。  And a control unit proxying device, configured to perform protocol conversion processing on a message exchanged between the control unit based on the private protocol and the forwarding unit based on the forwarding control separation protocol.
2、 根据权利要求 1所述的系统, 其特征在于: 所述基于私有协议的 控制单元还通过控制单元代理装置与系统中的基于转发控制分离协议的 控制单元进行通信。  2. The system according to claim 1, wherein: the control unit based on the private protocol further communicates with the control unit based on the forwarding control separation protocol in the system by the control unit proxy device.
3、 根据权利要求 2所述的系统, 其特征在于: 所述控制单元代理装 置和物理的控制单元的混合体组成一个逻辑的控制单元实体, 且一个控 制单元代理可至少代理一个物理的 CE。  3. A system according to claim 2, characterized in that the mixture of the control unit proxy device and the physical control unit constitutes a logical control unit entity, and a control unit agent can proxy at least one physical CE.
4、 根据权利要求 3所述的系统, 其特征在于: 所述控制单元代理装 置为一个 CPU、 一个支持 ForCES协议的专用部件或者是一个支持 ForCES 协议的一般控制单元。  4. The system according to claim 3, wherein: the control unit proxy device is a CPU, a dedicated component supporting the ForCES protocol, or a general control unit supporting the ForCES protocol.
5、 一种基于转发控制分离协议的通信方法, 包括:  5. A communication method based on a forwarding control separation protocol, comprising:
( 1 )控制单元代理装置接收基于私有协议的控制单元发来的消息, 并转换为基于 ForCES协议的消息, 发送给 ForCES协议系统;  (1) The control unit proxy device receives the message sent by the control unit based on the private protocol, and converts it into a message based on the ForCES protocol, and sends the message to the ForCES protocol system;
( 2 )控制单元代理装置接收 ForCES协议系统发来的消息, 并转换为 基于私有协议的消息发送给基于私有协议的控制单元。  (2) The control unit proxy device receives the message sent by the ForCES protocol system and converts the message into a proprietary protocol based message to the control unit based on the private protocol.
6、 根据权利要求 5所述的方法, 其特征在于, 所述方法还包括: 控 制单元代理装置对与其连接的基于私有协议的控制单元进行安全认证, 并仅允许通过认证的基于私有协议的控制单元接入。  6. The method according to claim 5, wherein the method further comprises: the control unit proxy device performs security authentication on the control unit based on the private protocol connected thereto, and only allows authentication based on proprietary protocol. Unit access.
7、 根据权利要求 5所述的方法, 其特征在于, 所述方法还包括: 所 述的控制单元代理装置同时代理多个被代理的 CE时, 所述控制单元代理 装置根据接收到的转发控制分离协议系统发来的消息, 确定接收该消息 的基于私有协议的控制单元, 并将经协议转换处理后的消息发送给相应 的基于私有协议的控制单元, 实现报文的正确分流。  The method according to claim 5, wherein the method further comprises: when the control unit proxy device simultaneously proxies a plurality of proxy CEs, the control unit proxy device controls according to the received forwarding Separating the message sent by the protocol system, determining the control unit based on the private protocol that receives the message, and sending the message converted by the protocol to the corresponding control unit based on the private protocol to implement correct packet splitting.
8、 根据权利要求 5所述的方法, 其特征在于, 所述方法还包括: 转 发控制分离协议系统中的控制单元管理器通过控制单元代理装置对与控 制单元代理装置连接的基于私有协议的控制单元进行配置管理。 The method according to claim 5, wherein the method further comprises: controlling, by the control unit, the control unit manager in the forwarding control separation protocol system The private unit-based control unit connected to the unit proxy device performs configuration management.
9、 根据权利要求 5所述的方法, 其特征在于, 所述方法还包括: 控 制单元代理装置在预组合阶段通过与转发控制分离协议系统中的控制单 元管理器进行通信确定所属的网络单元, 以及与其通信的转发单元。  The method according to claim 5, wherein the method further comprises: the control unit proxy device determining, by the control unit manager in the forwarding control separation protocol system, the network element to be associated in the pre-combination phase, And the forwarding unit with which to communicate.
10、 一种控制单元代理装置, 其特征在于, 包括:  10. A control unit proxy device, comprising:
转发控制分离协议模块: 用于与转发单元之间基于转发控制分离协 议进行消息的交互;  Forwarding control separation protocol module: used for interaction with a forwarding unit based on a forwarding control separation protocol;
被代理控制单元私有协议模块: 用于与被代理控制单元之间基于私 有协议进行消息的交互;  Proxy control unit private protocol module: for interacting with the proxy control unit based on a private protocol;
协议转换模块: 连接于被代理控制单元私有协议模块与转发控制分 离协议模块之间 , 用于进行所述私有协议与转发控制分离协议之间的转 换处理, 实现被代理控制单元私有协议模块与转发控制分离协议模块间 的消息交互。  The protocol conversion module is connected between the private control protocol module of the proxy control unit and the separation control protocol module, and is used for performing conversion processing between the private protocol and the forwarding control separation protocol, and implementing the private protocol module and forwarding by the proxy control unit. Controls message interaction between separate protocol modules.
11、 根据权利要求 10所述的控制单元代理装置, 其特征在于, 所述 的装置还包括:  The control unit proxy device according to claim 10, wherein the device further comprises:
功能控制模块: 用于识别接收到的基于转发控制分离协议的业务流 的目的控制单元, 并控制将业务流发送给相应的被代理的控制单元。  The function control module: a destination control unit for identifying the received traffic flow based on the forwarding control separation protocol, and controlling to send the service flow to the corresponding controlled control unit.
12、 根据权利要求 10或 11所述的控制单元代理装置, 其特征在于, 所述的装置还包括:  The control unit proxy device according to claim 10 or 11, wherein the device further comprises:
控制单元之间通信模块: 用于与系统中的其他基于转发控制分离协 议的控制单元进行基于转发控制分离协议的消息的交互;  Communication module between control units: for performing interaction with messages based on the forwarding control separation protocol with other control units based on the forwarding control separation protocol in the system;
 with
控制单元管理器之间通信模块: 用于与系统中的控制单元管理器进 行信息交互, 实现对被代理的控制单元的配置管理操作;  Control unit manager communication module: used to interact with the control unit manager in the system to implement configuration management operations on the agent's control unit;
和 /或,  and / or,
支持 ForCES协议的控制单元模块, 用于实现普通的基于 ForCES协议 的控制单元的功能;  A control unit module supporting the ForCES protocol for implementing the functions of a common ForCES-based control unit;
 with
备份 /负载分担模块: 用于配合转发控制分离协议系统中的备份及负 载分担处理功能实体实现相应的备份和 /或负载分担处理。 Backup/load sharing module: used to cooperate with the forwarding control to separate backup and negative in the protocol system The load sharing processing function entity implements corresponding backup and/or load sharing processing.
13、 根据权利要求 12所述的控制单元代理装置, 其特征在于: 所述 装置内置于系统中的基于转发控制分离协议的控制单元中或者独立设置 于系统中。  13. The control unit proxy device according to claim 12, wherein: the device is built in a control unit based on a forwarding control separation protocol in the system or is independently disposed in the system.
14、 根据权利要求 10或 11所述的控制单元代理装置, 其特征在于: 所述装置与被代理的控制单元设置于不同的机框中。  14. The control unit proxy device according to claim 10 or 11, wherein: the device and the controlled control unit are disposed in different chassis.
15、 根据权利要求 14所述的控制单元代理装置, 其特征在于: 所述 装置还包括安全处理模块, 所述安全处理模块用于对接入的被代理的控 制单元进行合法性检查, 并仅允许通过合法性检查的被代理的控制单元 与所述装置交互消息。  The control unit proxy device according to claim 14, wherein: the device further comprises a security processing module, wherein the security processing module is configured to perform a legality check on the accessed proxy control unit, and only The proxyed control unit that allows for legality checks interacts with the device with the message.
PCT/CN2006/001137 2005-08-12 2006-05-29 A communication system and method based on forwarding and control element separation WO2007019757A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CNB2005100903131A CN100459594C (en) 2005-08-12 2005-08-12 System and access method based on conversion control separated protocol
CN200510090313.1 2005-08-12

Publications (1)

Publication Number Publication Date
WO2007019757A1 true WO2007019757A1 (en) 2007-02-22

Family

ID=37722273

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2006/001137 WO2007019757A1 (en) 2005-08-12 2006-05-29 A communication system and method based on forwarding and control element separation

Country Status (2)

Country Link
CN (1) CN100459594C (en)
WO (1) WO2007019757A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110351320A (en) * 2018-04-08 2019-10-18 蓝盾信息安全技术有限公司 The management of gateway proxy module and data forwarding technology

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101409723B (en) * 2008-11-27 2011-11-09 浙江工商大学 Method for designing synthesis network management system based on ForCES protocol
CN102904813B (en) * 2012-11-05 2016-03-02 华为技术有限公司 A kind of method of message repeating and relevant device
CN103095701B (en) * 2013-01-11 2016-04-13 中兴通讯股份有限公司 Open flows table security enhancement method and device
CN105516116B (en) * 2015-12-02 2018-12-25 浙江工商大学 A kind of system and method for converting protocol based on ForCES control piece control OpenFlow interchanger
CN109257444B (en) * 2018-11-12 2021-07-23 迈普通信技术股份有限公司 Load sharing method, device and system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1487700A (en) * 2001-03-10 2004-04-07 华为技术有限公司 Intercommunication deputizing device and system and method for intercommunicating networks of different protocol
CN1494022A (en) * 2002-10-30 2004-05-05 华为技术有限公司 Method accessing data bank through protocol agency mode
US20050169276A1 (en) * 2004-02-02 2005-08-04 Sylvain Monette Adaptive router architecture enabling efficient internal communication

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1487700A (en) * 2001-03-10 2004-04-07 华为技术有限公司 Intercommunication deputizing device and system and method for intercommunicating networks of different protocol
CN1494022A (en) * 2002-10-30 2004-05-05 华为技术有限公司 Method accessing data bank through protocol agency mode
US20050169276A1 (en) * 2004-02-02 2005-08-04 Sylvain Monette Adaptive router architecture enabling efficient internal communication

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
GAO MING AND WANG WEIMING: "Technology Research and Implementing for IP router supporting ForCES", COMPUTER APPLICATION, vol. 25, no. 4, April 2004 (2004-04-01), pages 897 - 899 *
YANG L. ET AL.: "Forwarding and Control Element Separation (ForCES) Framework", RFC3746, April 2004 (2004-04-01), XP002323740 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110351320A (en) * 2018-04-08 2019-10-18 蓝盾信息安全技术有限公司 The management of gateway proxy module and data forwarding technology

Also Published As

Publication number Publication date
CN1913500A (en) 2007-02-14
CN100459594C (en) 2009-02-04

Similar Documents

Publication Publication Date Title
US10630660B1 (en) Methods and apparatus for dynamic automated configuration within a control plane of a switch fabric
US10063544B2 (en) System and method for supporting consistent handling of internal ID spaces for different partitions in an infiniband (IB) network
Yang et al. Forwarding and control element separation (ForCES) framework
CA2810660C (en) Computer system and communication method in computer system
US8219713B2 (en) Method and system for a network controller based pass-through communication mechanism between local host and management controller
JP4515441B2 (en) Single logical network interface for improved load balancing and failover capabilities
WO2013150925A1 (en) Network system, controller, and packet authentication method
US20100165876A1 (en) Methods and apparatus for distributed dynamic network provisioning
US20120311682A1 (en) System and method for providing restrictions on the location of peer subnet manager (sm) instances in an infiniband (ib) network
WO2012152178A1 (en) Method, system and controlling bridge for obtaining port extension topology information
WO2012174980A1 (en) Virtual router system and virtual router implementation method
WO2012106892A1 (en) Method, apparatus and system for processing service flow
WO2012122911A1 (en) Multicast data forwarding method and device supporting virtual terminal
WO2007019757A1 (en) A communication system and method based on forwarding and control element separation
WO2010073996A1 (en) Communication system and communication controller
WO2014075216A1 (en) Method and network device for establishing virtual cluster
US9485241B2 (en) Secure communication paths in data networks with tethered devices
WO2012162953A1 (en) Router cluster inter-board communication method, router, and router cluster
WO2012171427A1 (en) Processing method and centralized processing system for client/server application
Yang et al. rfc3746: Forwarding and control element separation (forces) framework
JP4011528B2 (en) Network virtualization system
WO2012159339A1 (en) Interface register method and device for network device to join cluster system
JP2021524709A (en) Packet transmission methods, devices and devices, and storage media
Cisco Index
WO2011124183A2 (en) Router and obtainment method for forwarding information base of router cluster

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06742025

Country of ref document: EP

Kind code of ref document: A1