WO2007112691A1 - Système, procédé et dispositif réseau permettant à un client de réseau privé virtuel (vpn) d'accéder à un réseau public - Google Patents

Système, procédé et dispositif réseau permettant à un client de réseau privé virtuel (vpn) d'accéder à un réseau public Download PDF

Info

Publication number
WO2007112691A1
WO2007112691A1 PCT/CN2007/001059 CN2007001059W WO2007112691A1 WO 2007112691 A1 WO2007112691 A1 WO 2007112691A1 CN 2007001059 W CN2007001059 W CN 2007001059W WO 2007112691 A1 WO2007112691 A1 WO 2007112691A1
Authority
WO
WIPO (PCT)
Prior art keywords
public network
ethernet packet
ethernet
address
interface
Prior art date
Application number
PCT/CN2007/001059
Other languages
English (en)
Chinese (zh)
Inventor
Jun Liu
Suning Ye
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Publication of WO2007112691A1 publication Critical patent/WO2007112691A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks

Definitions

  • the present invention relates to the field of network communication technologies, and in particular, to a system, method, and network device for a virtual private network user to access a public network. Background of the invention
  • VPLS Virtual Private LAN Service
  • VPN Virtual Private Network
  • Figure 1 a typical VPLS networking diagram is shown in Figure 1.
  • the networking topology of the VPLS is similar to that of the WRN (virtual routing network).
  • the PE devices are fully connected through the tunnel.
  • the edge nodes of the VPLS complete the Layer 2 bridging function, which enables address learning and broadcast functions.
  • VPLS virtualizes a LAN running Layer 2 protocol, which brings a great advantage - completely transparent to Layer 3 protocols, suitable for multi-protocol transport networks.
  • the backbone network of the VPLS service needs to complete the transparent transmission of the Ethernet frame.
  • the backbone network can be IP or MPLS (multi-protocol label switching).
  • An MPLS tunnel is used in the MPLS backbone network to carry Ethernet frames.
  • a GRE (Generic Routing Encapsulation) tunnel can be used to carry Ethernet frames.
  • the Internet is a network that connects many LANs, and the Internet can connect to different types of LANs.
  • IPV6 Network Address Translation
  • NAT technology is a technology that provides Internet access to private addresses.
  • the private address refers to the internal network, that is, the host address inside the LAN, and the public address is the external address of the LAN, which is the globally unique IP address on the Internet.
  • IANA Internet Address Assignment Organization
  • IANA Internet Address Assignment Organization
  • IANA specifies the IP addresses of the following three network segments to be reserved as private addresses, namely: 10.0.0.0 to 10.255.255.255, 172.16.0.0 to 172.31.255.255, 192.168.0.0 to 192.168.255.255.
  • the IP addresses of the above three network segments are not allocated on the Internet, but can be used in an intranet of the enterprise, that is, a local area network.
  • Each enterprise internal network needs to choose a suitable network address based on the number of hosts in the foreseeable future.
  • the IP addresses of different enterprise internal networks can be the same. If an internal corporate network If the IP address of another network segment other than the above three network segments is selected as the internal network address, the routing table may be confused.
  • the private address does not appear on the Internet, and the IP address visible on the Internet is a public address. Hosts that use private address translation do not have direct access to the Internet. Similarly, it is not possible to access a host using a private address on the Internet.
  • Embodiments of the present invention provide a system, method, and network device for a virtual private network user to access a public network
  • CE Customer Edge
  • PE Provide Edge router
  • the system for accessing the public network by the virtual private network user includes: the virtual private local area network service VPLS user centrally accesses the user edge device CE of the public network and the provider edge device PE;
  • the interface of the CE is configured with a public network IP address
  • the CE is connected to the PE through the interface
  • the interface of the PE is a CE public network gateway interface
  • the PE passes the CE public network gateway interface and the CE.
  • the CE and the PE perform Ethernet packet transmission between the VPLS user and the public network through the interface with the public network IP address and the CE public network gateway interface.
  • the embodiment of the present invention further provides a method for a virtual private network user to access the public network.
  • the interface of the CE is configured with a public network IP address, and the CE is connected to the PE through the interface, and the interface of the PE is a CE public network gateway interface.
  • the PE is connected to the CE through the CE public network gateway interface, and the method includes:
  • the CE and the PE exchange Ethernet packets between the VPLS user and the public network through the interface with the public network IP address and the CE public network gateway interface.
  • the embodiment of the present invention further provides a network device, which is a user edge device CE, and the interface of the CE is configured with a public network IP address, and the CE is connected to the CE public network gateway interface of the provider edge device PE through the interface; Receiving, by the CE, the Ethernet packet transmitted by the VPLS user to access the public network, and passing the packet through the setting
  • the interface with the public network IP address and the CE public network gateway interface are transmitted to the PE, so that the PE can transmit the Ethernet packet to the public network.
  • the CE receives an Ethernet packet transmitted by the public network through the PE through an interface having a public network IP address, and transmits the packet to the VPLS user.
  • the embodiment of the present invention further provides a network device, which is a provider edge device PE, where the PE is provided with a CE public network gateway interface;
  • the PE receives the Ethernet packet transmitted by the VPLS user and accesses the public network through the CE public network gateway interface, and transmits the packet to the public network.
  • the PE receives the Ethernet packet transmitted by the public network, and transmits the packet to the CE through the CE public network gateway interface, and the CE transmits the packet to the VPLS user.
  • the embodiment of the present invention enables the CE and the PE to transmit the Ethernet between the VPLS user and the public network by setting the interface with the public network IP address for the CE and the interface of the PE as the public network gateway of the CE.
  • a network packet enables VPLS users to access the public network.
  • FIG. 1 is a schematic diagram of a VPLS networking in the prior art
  • FIG. 2 is a schematic diagram of an application model of centralized NAT accessing the Internet based on VPLS according to an embodiment of the present invention. Mode for carrying out the invention
  • the embodiment of the present invention firstly needs to set a virtual private local area network service (VPLS) user to centrally access the user edge device CE and the provider edge device PE of the public network, and set a public network IP address on the interface where the CE and the PE are connected, on the PE.
  • the interface is a CE public network gateway.
  • the CE and the PE transmit Ethernet packets between the VPLS user and the public network through the CE public network interface and the CE public network gateway interface.
  • VPLS virtual private local area network service
  • An embodiment of the present invention is based on a VPLS centralized NAT access Internet application model diagram as shown in FIG.
  • the PEs can provide VPLS services to VPLS users on the private network through the MPLS network and VPLS.
  • a VPLS domain can contain one or more private network CEs.
  • the VPLS domain in Figure 2 includes CEa and CEb. All private network users in a VPLS domain are centrally accessed through a NAT-capable PE such as PEa.
  • the embodiment of the present invention needs to set a centralized access to the public network CE and a centralized access to the public network's NAT-enabled PE for all VPLS users, such as PEa and CEa in Figure 2, and set the public IP address on the interface connecting CEa in PEa.
  • the public network gateway of the VPLS the interface bound to the VPLS VSI (Virtual Switching Instance) in the PE is used as the CEa public network gateway.
  • the embodiment of the present invention can set two interfaces on the CEa, one for the public network interface and one for the private network interface, both of which are Connect with PEa. To save the number of interfaces, you can configure only one interface for the CEa to connect to the PEa. You can configure the public IP address and the private IP address on the same interface of the CEa by using the primary and secondary addresses.
  • the CEa is connected to the PEa and only one interface is configured.
  • the VPLS user accesses the public network by using the master and slave addresses.
  • the CEa is configured to connect the two interfaces to the PEa to implement VPLS user access.
  • the implementation principle of the network is basically the same as that of the interface, and will not be described in detail in this embodiment.
  • a default route is set up on the CEa of the public network.
  • the next hop of the default route is the IP address of the CE public network gateway interface on PEa.
  • the default route is stored in the route storage module 1 of the CEa.
  • the default route can be advertised to the peer CEb through the routing protocol running between CEa and CEb.
  • the next hop of the advertised default route is the private interface of the CEa interface.
  • Network IP address The peer CEb receives the default route and stores the default route in the route storage module 2 of the CEb.
  • the default route stored in the route storage module 2 of the CEb can also be implemented through static configuration.
  • the default route stored in the routing storage module 2 of the CEb is not generated on the PEb and is not advertised on the public network. This ensures that the default routes are isolated from each other between the private network and the public network.
  • the ARP Ethernet packets sent by the CEs in the VPLS need to be transmitted to the local PE connected to the local device for local processing.
  • the ARP Ethernet packets sent by the CEa need to be transmitted to the PEA for local processing.
  • the ARP Ethernet packets sent by the CEb are required. Transfer to PEb for local processing.
  • the ARP Ethernet packets sent by the CE must be transparently transmitted in the VPLS domain.
  • the ARP Ethernet packets sent by the CEa and CEb must be transparently transmitted in the VPLS domain.
  • An ARP Ethernet packet transmission module is configured in CEa and CEb to implement the function of sending ARP Ethernet packets.
  • the PEA responds to the ARP request of the public network gateway IP address of the CEa received from the interface of the CE public network gateway, and generates an ARP entry according to the ARP request. PEA only transparently transmits ARP requests to other IP addresses of CEa without any other processing.
  • the process of ARP learning by PEa is implemented by the ARP learning module set in PEa.
  • the process of the local CEa accessing the Internet that is, the process of transmitting the Ethernet packets of the local VPLS user connected to the CEa to the public network is simple.
  • CEa receives the Ethernet packets from the local VPLS user and performs route lookup, the public network route does not appear on CEa. Therefore, the route lookup will hit the default route stored in CEa and access the Internet.
  • CEa will be local.
  • the Ethernet packets of the VPLS user are sent to the PEa through an interface with a public IP address.
  • the process of transmitting the Ethernet packet of the local VPLS user to the PEa by CEa is implemented by
  • the process of transmitting the Ethernet packets of the VPLS user connected to the CEb to the public network is as follows: 1.
  • the CEb receives the Ethernet packets from the VPLS user and performs route lookup, The public network route does not appear on the CEb. Therefore, the default route of the Internet is stored in the CEb. The next hop of the default route is the private IP address of the public network interface on CEa. Therefore, CEb will The data Ethernet packets are forwarded to the CEa of the public network through the VPLS network of the PEb and PEa.
  • the process of transmitting the service flow of the CEb to the Internet to the PEb is implemented by the Ethernet packet transmission module 2 in the CEb. 2.
  • the CEa receives the Ethernet packet from the VPLS user connected to the CEb, which is transmitted by the CEa.
  • the CEa will hit the default route stored in the routing storage module 1 through the route lookup.
  • ⁇ CEb accesses the Internet service flow through the CE.
  • the interface of the network IP address is transmitted to the CE public network gateway interface of the PEa.
  • the CEa process of transmitting CEb access to the Internet to the PEa is implemented by the Ethernet packet transmission module 1 in CEa.
  • PEa Because the Ethernet packets received by CEa from CEa have Ethernet packets to be transmitted to the public network, and Ethernet packets that need to be transparently transmitted in the VPLS domain, PEa needs to receive Ethernet packets from CEa. The packet is judged. The specific judgment and packet transmission process is as follows: After CEa forwards the Ethernet packet to the PEa through the interface with the public IP address, PEa determines the Ethernet frame MAC address of the Ethernet packet sent by CEa. Whether it is the MAC address of the CE public network gateway interface of the PEa. If the MAC address of the Ethernet packet is equal to the MAC address of the CE public network gateway interface of the PEa, the packet needs to be locally terminated and transmitted to the public network.
  • the PEA can transmit the packet to the public network.
  • the NAT process is described in the following. Otherwise, the PEA transparently transmits the Layer 2 data Ethernet packet to the remote CE in the VPLS domain. .
  • the process of the above judgment is implemented by a decision module for packet shunting in the PEa, and the decision module for packet shunting transmits the public network transmission information or the transparent transmission information in the VPLS domain to the message transmission module 3 according to the judgment result;
  • the message transmission module 3 transmits the Ethernet message received by the PEa through the CE public network gateway interface to the public network, and the Ethernet message transmission module 3 receives the decision module.
  • the transmitted VPLS domain transparently transmits information
  • the Ethernet packets received by the PEa through the CE public network gateway interface are transparently transmitted in the VPLS domain.
  • the present invention can also use a preset ACL. (Access Control List) and other access control information to filter Ethernet packets, only access to the public network
  • the Ethernet packets sent by the VPLS user are transmitted to the public network.
  • the function of PEa to implement access control is implemented by the access permission control module.
  • the specific process of the access permission control module for controlling access rights is as follows: The access permission control module determines to send the Ethernet according to the preset access control authority and the information (such as MAC address, IP address, etc.) carried in the Ethernet packet received by the PEa. Whether the VPLS user of the packet has the right to access the public network. If the VPLS user who sends the Ethernet packet has the right to access the public network, the access control module allows the packet to enter the Ethernet packet transmission module 3, Ethernet. The packet transmission module 3 transmits the Ethernet packet received by the PEa to the public network. If the VPLS user who sends the Ethernet packet does not have the right to access the public network, the packet will be discarded.
  • the Ethernet packets of the local VPLS user of CEa are transmitted to the Internet through CEa and PEa, and the Ethernet packets of the VPLS user connected to the remote CEb are transmitted to the Internet through CEa and PEa.
  • the PEA receives the Ethernet packet from the VPLS user of the local CEa.
  • the Ethernet packet is sent by the VPLS user on the remote CE.
  • the PEA can use the same forwarding behavior for the Ethernet packets received from the interface of the CE public network gateway.
  • Ethernet packets in the public network can be sent back to the VPLS user
  • the Ethernet packets that access the Internet can be sent back to the CE in the VPLS domain.
  • a simple method is to set the PEs on the Internet.
  • the private network IP addresses in the private network routes of the Internet cannot overlap.
  • the embodiment of the present invention introduces a NAT method, that is, the PEa transmits the Ethernet packet to the public network after the VPLS user in the private network needs to transmit the NAT packet to the Internet.
  • a NAT flag can be configured on the interface of the CE public network gateway of the PEa, and the NAT function can be enabled on the interface.
  • PEA uses the NAT multi-instance method to perform NAT on the private network IP address. That is, the VSI ID (virtual exchange instance ID) is used to differentiate the private network. Both the NAT translation and the reverse NAT translation carry the VSI ID, so that the private network routing network segments of the Internet on each VPLS can overlap.
  • VSI ID virtual exchange instance ID
  • the process of NAT configuration on PEa is as follows: Configure the IP address of the NAT address pool as the IP address of the CEa public network interface. The address of the NAT address pool is advertised to the public network through the routing protocol. Therefore, the data Ethernet after NAT conversion is performed. The message can be returned to PEa. Set the IP address of the CEa public network interface to the NAT address pool address to avoid PEa. Learn the problem of VPLS private network routing.
  • the specific NAT processing procedure on the PEA is as follows:
  • the PEA performs NAT translation on the Ethernet packets that need to be transmitted to the public network to generate forward NAT entries and reverse NAT entries.
  • the forward NAT entries are mainly used to indicate subsequent Ethernet.
  • the message is sent to the Internet on the NAT.
  • the PEa needs to convert the private network source IP address of the Ethernet packets transmitted to the public network to the public network IP address of the CEa.
  • PEa also needs to set the private network source port number of the Ethernet packets. Convert to the public network source port number.
  • the reverse NAT entry is used to process the destination IP address and destination port number of the Ethernet packets coming back from the Internet, and restore the destination IP address and destination port number of the Ethernet packets returned from the Internet to the private network source IP address and Private network source port number.
  • the above NAT process is the same as the usual NAT process.
  • the VSI ID is added to the forward and reverse NAT entries (usually the TCP/IP quintuple) to distinguish the multiple VPLS instances.
  • the VSIID can be obtained from the incoming interface of the packet on the PEa.
  • the private network is effectively resolved through the VSIID.
  • the problem of overlapping IP addresses is used to process the destination IP address and destination port number of the Ethernet packets coming back from the Internet, and restore the destination IP address and destination port number of the Ethernet packets returned from the Internet to the private network source IP address and Private network source port number.
  • the above NAT process is the same as the usual NAT process.
  • the VSI ID is added to the forward and reverse NAT entries
  • the destination IP address of the Ethernet packet is changed to the original private IP address. Then, the destination IP address of the PEA is translated by reverse NAT. The address (the IP address of the CEa public network interface) is searched for the outbound interface and the Layer 2 encapsulation information. The packet is encapsulated into an Ethernet packet and sent back to CEa.
  • the CEa receives the Ethernet packet transmitted by the PEa, and uses the destination IP address of the Ethernet packet to check the routing table to forward the Ethernet packet. If the Ethernet packet is the Internet replies to the local VPLS user, CEa The Ethernet packet is transmitted to the local VPLS user according to the routing table. If the Ethernet packet is a packet that needs to be transmitted to the remote CEb, the CEa looks up the routing table to obtain the next hop of the packet as CEb and PEb. The private IP address of the connected interface is forwarded to the PEa. The PEa transparently transmits the packet to the CEb in the VPLS. Therefore, the Ethernet packets sent by the Internet can be forwarded to the correct destination. Ground.
  • the NAT processing process in the PEa is implemented by the address translation module set in the PEa.
  • the access permission control module in the PEa performs access control, and notifies the Ethernet packet transmission module 3 to transmit the Ethernet packet to the public network.
  • the module performs address translation on the Ethernet packet sent by the Ethernet packet transmission module 3 to the public network, generates a forward NAT entry and a reverse NAT entry containing the VSI ID information, and converts the converted Ethernet packet. Transfer to the public network.
  • the address translation module For the Ethernet packet that the Internet responds to, the address translation module performs address translation according to the reverse NAT entry, and transmits the converted Ethernet packet to the Ethernet packet transmission module 3, which is based on the Ethernet packet transmission module 3.
  • the destination IP address and the ARP table before the conversion send the converted Ethernet packets to CEa, as described in the above methods.
  • the PE in the embodiment of the present invention determines whether the Ethernet packet received from the CE is the packet uploaded to the public network or the VPLS according to whether the destination MAC address of the Ethernet packet is the MAC address of the CE public network gateway interface.
  • the packets transmitted from the VPLS user connected to the public network are forwarded to the public network.
  • the CE of the network IP address is forwarded to the PE through the CE with the public IP address, so that the packets transmitted by the PEX-CE are uniformly uploaded to the public network.
  • the address translation is performed, and the VSI identifier is applied in the address translation process to isolate the private network route and the public network route. This effectively solves the problem of overlapping IP addresses of the VPLS users.
  • the PE that serves as the CE public network gateway sends the CE through the learning CE.
  • the ARP packet containing the IP address of the public network of the CE enables the PE to perform reverse address translation based on the IP address information of the Ethernet packet and the ARP entry learned by the PE.
  • the CE with the public IP address can The destination IP address of the Ethernet packet received by the PE determines whether the packet needs to be transmitted to the local VPLS user or the packet that needs to be transmitted to the remote CE, so that the Ethernet packet returned by the public network can be forwarded to the destination.
  • VPLS user The technical solution provided by the invention enables the VPN user to access the Internet, which satisfies the requirement for the VPLS user to access the Internet.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)

Abstract

Système, procédé et dispositif réseau permettant à un client de réseau privé virtuel (VPN) d'accéder à un réseau public. Le client du VPLS (réseau LAN virtuel) accède au versant client (CE)et au versant fournisseur (CP) par les moyens centralisés. L'adresse IP du réseau public est définie dans l'interface de CE. Le coté CE est connecté au côté PE à l'interface. L'interface de PE est une interface CE de passerelle de réseau public. Le versant PE est connecté au côté versant CE par l'interface de passerelle de réseau public. CE et PE assurent la transmission de messages Éthernet entre le client VPLS et le réseau public l'adresse IP de l'interface de réseau public et l'interface CE de passerelle du réseau public. Cette solution offre aux clients VPLS la possibilité de se connecter à Internet en même temps qu'ils se connectent entre eux.
PCT/CN2007/001059 2006-04-05 2007-04-02 Système, procédé et dispositif réseau permettant à un client de réseau privé virtuel (vpn) d'accéder à un réseau public WO2007112691A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN2006100671995A CN101052022B (zh) 2006-04-05 2006-04-05 一种虚拟专用网用户访问公网的系统和方法
CN200610067199.5 2006-04-05

Publications (1)

Publication Number Publication Date
WO2007112691A1 true WO2007112691A1 (fr) 2007-10-11

Family

ID=38563113

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2007/001059 WO2007112691A1 (fr) 2006-04-05 2007-04-02 Système, procédé et dispositif réseau permettant à un client de réseau privé virtuel (vpn) d'accéder à un réseau public

Country Status (2)

Country Link
CN (1) CN101052022B (fr)
WO (1) WO2007112691A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101895480A (zh) * 2010-08-18 2010-11-24 杭州华三通信技术有限公司 一种报文的传输方法和设备
CN112769977A (zh) * 2021-01-27 2021-05-07 杭州迪普科技股份有限公司 一种nat公网地址发布的方法及装置

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101227409B (zh) * 2008-02-03 2014-05-07 华为技术有限公司 转发报文的方法、设备和系统
CN101247334B (zh) * 2008-03-06 2010-09-01 中兴通讯股份有限公司 虚拟专用局域网服务网络及实现方法和提供商边缘路由器
CN101562807B (zh) * 2009-05-27 2011-04-20 华为技术有限公司 移动虚拟专用网通信的方法、装置及系统
CN103581348A (zh) * 2012-07-24 2014-02-12 深圳市腾讯计算机系统有限公司 网络地址转换方法及转换系统
CN103152269B (zh) * 2013-02-26 2016-03-02 杭州华三通信技术有限公司 一种基于nat的报文转发方法和设备
CN106656718B (zh) * 2015-11-04 2020-01-24 中国电信股份有限公司 VxLAN网关以及基于VxLAN网关实现的主机接入互联网的方法
CN105553987B (zh) * 2015-12-21 2018-09-25 北京首信科技股份有限公司 无线vpdn网络用户访问特定公网站点的控制装置和方法
CN108696546B (zh) * 2017-02-15 2021-08-24 中兴通讯股份有限公司 一种企业移动专用网的用户终端访问公网的方法及装置
CN108011759B (zh) * 2017-12-05 2021-06-18 锐捷网络股份有限公司 一种vpn管理方法、装置及系统
CN114039814B (zh) * 2021-11-30 2024-02-23 锐捷网络股份有限公司 一种报文转发方法、装置、电子设备及存储介质

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1700683A (zh) * 2004-05-21 2005-11-23 华为技术有限公司 实现混合站点虚拟专用网的方法
US20060002409A1 (en) * 2004-07-02 2006-01-05 Sunil Menon Faults and status in virtual private networks
JP2006019775A (ja) * 2004-06-30 2006-01-19 Nec Corp 移動通信ネットワーク、エッジルータ装置及びそれらに用いる移動管理方法並びにそのプログラム

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101202706A (zh) * 2003-09-26 2008-06-18 华为技术有限公司 一种虚拟交换机系统

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1700683A (zh) * 2004-05-21 2005-11-23 华为技术有限公司 实现混合站点虚拟专用网的方法
JP2006019775A (ja) * 2004-06-30 2006-01-19 Nec Corp 移動通信ネットワーク、エッジルータ装置及びそれらに用いる移動管理方法並びにそのプログラム
US20060002409A1 (en) * 2004-07-02 2006-01-05 Sunil Menon Faults and status in virtual private networks

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101895480A (zh) * 2010-08-18 2010-11-24 杭州华三通信技术有限公司 一种报文的传输方法和设备
CN101895480B (zh) * 2010-08-18 2012-11-28 杭州华三通信技术有限公司 一种报文的传输方法和设备
CN112769977A (zh) * 2021-01-27 2021-05-07 杭州迪普科技股份有限公司 一种nat公网地址发布的方法及装置
CN112769977B (zh) * 2021-01-27 2022-07-29 杭州迪普科技股份有限公司 一种nat公网地址发布的方法及装置

Also Published As

Publication number Publication date
CN101052022B (zh) 2010-10-13
CN101052022A (zh) 2007-10-10

Similar Documents

Publication Publication Date Title
WO2007112691A1 (fr) Système, procédé et dispositif réseau permettant à un client de réseau privé virtuel (vpn) d'accéder à un réseau public
Del Piccolo et al. A survey of network isolation solutions for multi-tenant data centers
AU2011315150B2 (en) Multipath transmission control protocol proxy
Gleeson et al. A framework for IP based virtual private networks
Andersson et al. Provider provisioned virtual private network (VPN) terminology
JP5579853B2 (ja) バーチャル・プライベート・ネットワークの実現方法及びシステム
JP4692258B2 (ja) ルータ装置及び通信システム
WO2014194749A1 (fr) Procédé et appareil de traitement d'implémentation de vpn pour dispositif de bordure
WO2011032472A1 (fr) Procédé et système d'implémentation de réseau privé virtuel
WO2009033428A1 (fr) Procédé, système et dispositif pour retirer une adresse de commande d'accès au support
JP2014532368A (ja) トラフィックエンジニアリングトンネルに基づく仮想プライベートネットワーク実行方法及びシステム
WO2015074394A1 (fr) Procédé et dispositif de réacheminement de message
WO2009021458A1 (fr) Procédé, appareil et système de connexion d'un réseau de couche 2 à un réseau de couche 3
WO2007016839A1 (fr) Procédé et système de mise en œuvre de services de commutation privés virtuels hiérarchiques
WO2006002598A1 (fr) Systeme vpn de reseau federateur hybride a site hybride et son procede de mise en oeuvre
WO2008014723A1 (fr) Procédé et dispositif permettant la mise en oeuvre d'un réseau privé virtuel (vpn) fondé sur une structure d'adresse ipv6
WO2005112350A1 (fr) Procede de gestion de chemin dans un reseau prive virtuel utilisant le protocole ipv6
WO2007062592A1 (fr) Systeme, procede et routeur de l2vpn d'interconnexions point a multipoints, et multipoints a multipoints
WO2013139159A1 (fr) Procédé de transmission de paquet dans un réseau et dispositif côté fournisseur
WO2012155867A1 (fr) Procédé d'envoi de paquet et contrôleur d'accès
WO2008011818A1 (fr) Procédé de fourniture d'un service réseau local privé virtuel à hiérarchie et système réseau
WO2007124679A1 (fr) Procédé et système de communication en réseau
WO2014186978A1 (fr) Procédé et dispositif utilisés dans un réseau privé virtuel ethernet
WO2011054263A1 (fr) Procédé et système d'accès pour des réseaux privés virtuels (vpn) de niveau 3
WO2008037210A1 (fr) Procédé et dispositif servant à transférer un message dans un réseau local privé virtuel

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07720633

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07720633

Country of ref document: EP

Kind code of ref document: A1