WO2008046359A1 - Procédé et appareil destinés à isoler les différents services d'un réseau local virtuel - Google Patents

Procédé et appareil destinés à isoler les différents services d'un réseau local virtuel Download PDF

Info

Publication number
WO2008046359A1
WO2008046359A1 PCT/CN2007/070930 CN2007070930W WO2008046359A1 WO 2008046359 A1 WO2008046359 A1 WO 2008046359A1 CN 2007070930 W CN2007070930 W CN 2007070930W WO 2008046359 A1 WO2008046359 A1 WO 2008046359A1
Authority
WO
WIPO (PCT)
Prior art keywords
vlan
network
bridge
shortest path
service instance
Prior art date
Application number
PCT/CN2007/070930
Other languages
English (en)
Chinese (zh)
Inventor
Faming Yang
Hongguang Guan
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Publication of WO2008046359A1 publication Critical patent/WO2008046359A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/12Shortest path evaluation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/48Routing tree calculation
    • H04L45/484Routing tree calculation using multiple routing trees

Definitions

  • the present invention relates to the field of network communications, and in particular, to a method and apparatus for isolating different virtual local area network services.
  • the shortest path bridging technique described in 802.1aq creates a spanning tree (called an ingress tree) with each ingress bridge as the root in the bridged network, when VLAN (virtual local area network) traffic packets from outside the bridging network arrive at the ingress network.
  • Bridge encapsulates the packet with a new external tag header that contains information that identifies the entry tree instance, and that is independent of the customer VLAN information.
  • the data packet encapsulating the external tag is forwarded by the shortest path along the entry tree identified by the Tag in the shortest path bridged network.
  • the shortest path bridge environment assigns a unique VID to each entry tree instance (Visual LAN) Identifier, virtual local area network identifier), this VID can be called SPVID (Shortest Path Visual LAN)
  • VLAN service data packet When a VLAN service data packet is externally connected to the shortest path bridge network, the VLAN service data packet is encapsulated with an external tag containing the SPVID.
  • the frame format of the encapsulated data packet is as follows:
  • a shortest path bridged network consists of bridge nodes A, B, C, and D, and four entry trees are generated, each represented by a different line segment.
  • An existing client accessing VLAN 1 accesses the shortest path bridged network from bridges A, B, and D.
  • an external tag containing the SPVID corresponding to the entry tree is encapsulated.
  • the external customer VLAN ID is transparent inside the bridged network, and thus, the access VLAN
  • I-SID Service instance
  • the data of the different service instances identified in the PBBN network will share a B-VLAN tunnel (that is, the spanning tree instance assigned to the B-VID).
  • a method for isolating different service instances in a B-VLAN tunnel in the prior art is: due to the PBBN network The network is transparently transmitted to external data. Therefore, the method assigns a multicast address to each service instance (that is, for each I-SID), and the multicast addresses corresponding to different I-SIDs can be different, and in PBBN.
  • a data forwarding table of the corresponding multicast address needs to be established in the network.
  • the destination address is the multicast address corresponding to the I-SID. Since different service instances may have different multicast addresses, the data packets encapsulating the corresponding multicast addresses are transmitted inside the PBBN network, and the data of different service instances can be isolated from each other.
  • a disadvantage of the above prior art method is that the method is only applicable to the PBBN network.
  • the service data forwarding is based on the SPVID tree, and the external VLAN service instance identifier cannot be seen.
  • This method does not provide a method for configuring the multicast address forwarding table for the shortest path bridging network environment. Therefore, this method is not applicable to the shortest path bridging network environment.
  • a method of isolating different virtual local area network services including:
  • the access bridge of the VLAN service instance transmits the identifier information of the VLAN service instance along a root port direction of different entry trees in the shortest path bridge network;
  • the access bridge in the shortest path bridging network identifies the accessed VLAN service instance according to the identification message received from the root port direction of the ingress tree.
  • An access bridge in a shortest path bridged network including:
  • an identifier information distribution module configured to allocate identification information to a VLAN service instance accessed in the shortest path bridge network
  • an identifier information transmission module configured to transmit identification information of a VLAN service instance allocated by the identifier information distribution module along a root port direction of different entry trees in the shortest path bridge network;
  • the VLAN service instance identification module is configured to identify the VLAN service instance accessed in the shortest path bridge network according to the identifier message received from the root port direction of the entry tree. [27] It can be seen from the technical solution provided by the present invention that the present invention assigns a multicast address to each VLAN service instance, and accesses the bridge in each VLAN service, and identifies the corresponding tree along different SPVIDs.
  • the root port direction initiates the registration of the VLAN access multicast address; or, assigns an SPVID group to each VLAN service instance, and forms a VLAN in each access bridge.
  • a translation table of the relationship between the ID and the SPVID, and the registration of the SPVID is initiated along the root port direction of the tree corresponding to the different SPVID identifiers. Therefore, two different VLAN service isolation methods in the shortest path bridged network can be provided for different application scenarios. It ensures the isolation of different VLAN services, ensures that VLAN service data packets are transmitted within the VLAN, and implements service VLANs.
  • the ID is transparently processed within the shortest path bridged network.
  • Figure 1 is a schematic structural diagram of a bridge network
  • FIG. 3 is a schematic structural diagram of a bridge network in Embodiment 1 of the present invention.
  • FIG. 5 is a schematic structural diagram of a bridge network according to Embodiment 2 of the present invention.
  • FIG. 6 is a schematic diagram of a registration process for VLAN 1 in the bridge network shown in FIG. 5.
  • the present invention provides a method and apparatus for isolating different virtual local area network services.
  • the present invention provides two embodiments of the method of the present invention for different application scenarios.
  • Embodiment 1 Configuring different VLAN service instances by using multicast addresses, and identifying corresponding spanning trees along different SPVIDs in the shortest path bridged network. Multicast address registration in the root port direction.
  • Embodiment 1 The specific processing flow of Embodiment 1 is as shown in FIG. 2, and includes the following steps:
  • Step 2-1 Assign a multicast address to each VLAN service instance.
  • Embodiment 1 utilizes and extends existing MMRP (Multiple Multicast Registration Protocol) technology.
  • MMRP Multiple Multicast Registration Protocol
  • a unique multicast address is assigned to each of the access client VLAN service instances in the shortest path bridging network as the identification information of the VLAN service instance.
  • the multicast address is a MAC address space belonging to the shortest path bridged network.
  • the multicast address can be assigned before the access tree of the access bridge is generated, or it can be entered.
  • the port tree is allocated after it is generated.
  • a shortest path bridged network consists of bridge nodes A, B, C, and D, and four entry trees are generated, each represented by a different line segment.
  • VLAN 1 service instance from bridges A, B, and D to the shortest path bridge network shown in Figure 3.
  • Step 2-2 Register the multicast address in the shortest path bridging network along the root port direction of the tree corresponding to the different SPVID identifiers.
  • VLAN service corresponds to an SPVID group
  • the V LAN service corresponds to a set of VLAN service access bridges
  • each VLAN service access bridge, for n - 1 other VLAN service access bridge is an entry tree determined by the root of the tree, and initiates a multicast address registration process, where each registration message propagates toward the root port of an entry tree.
  • This embodiment provides two registration schemes. The two registration schemes are described separately below.
  • Registration scheme 1 In the registration process of the multicast address, the access node of the VLAN service instance sends a registration message to the root port along the ingress tree with the S PVID identifier, where the registration message carries the corresponding VLAN service instance.
  • Multicast address and entry tree SPVID identification information In an actual application, the corresponding multicast address, the entry tree SPVID identification information may be encapsulated in a Tag header of the data packet of the registration message; or the corresponding group is set in the static load content of the data packet of the registration message. Broadcast address, entry tree SPVID identifier
  • the entry includes: receiving the port number and the SPVID identifier and the multicast address of the entry tree carried in the foregoing registration message, and then continuing to propagate the registration message to the root port.
  • VLAN 1 access node A and VLAN 1 access node D are respectively carried along the root port to VLAN 1 access node B (SPVID).
  • VLAN 1 access node B and VLAN 1 access node D respectively send along the root port to V LAN1 access node A carrying (SPVID 4, m) registration message; VLAN 1 access node A and VLAN 1 access node B respectively send a registration message carrying (SPVID2, m) to the V LAN1 access node D along the root port.
  • the access node C will also receive the registration message sent by the access node, the access node 8, and the access node D. Since the multicast address m is not registered on the access node C, the access node C may not process the received message. Registration message.
  • Registration scheme 2 Before the SPVID tree is generated, the management system assigns a corresponding multicast address to each access bridge to access the VLAN service instance. After each SPVID tree converges, the VLAN service instance is connected. The inbound bridge sends a registration message along the designated port direction of the SPVID tree, and the bridge that receives the registration message registers one of the above FDB entries on the receiving port.
  • VLAN 1 access node A is connected to VLAN 1 along node 1 and VLAN 1 is connected to node B to transmit (SPVID).
  • VLAN1 access node B sends a carry along the designated port to the VLAN1 access node 1), VL AN1 access node A (SPVID
  • VLAN 1 access node D along the designated port to the VLAN1 access node VIII, VL AN1 access node B send carry (SPVID
  • the access node C will also receive the registration message sent by the access node A, the access node 8, and the access node D. Since the multicast address m is not registered on the access node C, the access node C may not process the received message. Registration message.
  • the receiving bridge will discard the received packet containing the tag header. Therefore, in the above registration scheme 1, in order to ensure the smooth delivery of the registration packet including the tag header, the Disable Ingress Filter ingress is disabled on the receiving port of the bridge.
  • the registration package after registering in a multiple spanning tree environment, the registration package must carry a tag header.
  • the tag header contains a VLAN
  • the receiving bridge will discard the received registration packet containing the tag. Therefore, in the above registration scheme 2, in order to ensure the smooth delivery of the registration packet, the Disable Ingress Filter ingress is disabled on the receiving port of the bridge.
  • Step 2-3 the shortest path bridges the bridge in the network according to the registration of the FDB
  • the bridges in the shortest path bridged network can be based on various FDBs formed by registration.
  • the entry (including the SPVID ID, multicast address, and port number of the egress tree) is used to isolate different VLAN service instances and forward each packet between access bridges of the VLAN service instance to which it belongs.
  • the service data packet corresponding to the ID arrives at the bridge in the shortest path bridged network, and the receiving bridge encapsulates the data packet with an external header. If it is determined that the data packet is a unicast unknown packet, a multicast packet, or a broadcast packet, the destination address of the external header is a multicast address of the VLAN access group. In addition, the SPVID including the receiving bridge as a root is also encapsulated. The external tag header. The encapsulated packets are then forwarded along the entry tree within the VLAN within the shortest path bridged network.
  • the data packet is encapsulated with a MAC header (the multicast address m) and a SPVID containing the destination address.
  • the tag header of 3 and then forward the encapsulated packet according to the FDB entry containing the SPVID3 identifier, the multicast address m, and the port number. Since the bridge B is not formed on the bridge B, the SP is included.
  • the entry entry therefore, will propagate to the bridges A and D without leaking to bridge C. This ensures that packets are transmitted within the scope of VLAN 1.
  • the ID is transparently processed within the shortest path bridged network.
  • MACo is extending 802. lad, allowing MAC in 802. lad
  • the above embodiment 1 can be applied in an 802.1ad environment.
  • the core of the embodiment 2 is as follows: SP SPVID group is used to isolate different VLAN service instances, and SPVID group registration is performed in the shortest path bridge network along the root port direction of the corresponding spanning tree of different SPVID identifiers.
  • Embodiment 2 The specific processing flow of Embodiment 2 is as shown in FIG. 4, and includes the following steps:
  • Step 4-1 Assign an SPVID group to each VLAN service instance to form a VLAN.
  • each access bridge in the shortest path bridging network needs to allocate one SPVID for each accessed client VLAN service as the identification information of the VLAN service instance.
  • This SPVID is unique across the shortest path bridged network.
  • a set of SPs is assigned to a VLAN service instance.
  • VLAN service instances access a group of identical bridges, they can be assigned a set of identical or different SPVIDs. However, for the same VLAN service instance, the SPVID assigned to different access trees on different access bridges is different.
  • a group of SPVIDs assigned to different VLAN service instances can identify different entry trees and different VLAN service instances.
  • the message carries one or more mapping information: VLAN ID - SPVID, so that multiple SPVIDs are mapped to the same entry tree instance, and one SPVID can only be mapped to one ingress tree service instance (per The SPVIDs are unique within the shortest path bridged network described).
  • a translation table for the mapping between ID and SPVID groups According to the translation table, at any entry bridge, a VLAN ID can be mapped to a unique set of SPVIDs, and an SPVID group can be mapped to a unique VLAN ID.
  • VLAN As in the bridged network shown in Figure 5, VLAN
  • VLAN 1 service instance in the bridge eight, B, D access, give the VLAN 1 business instance is assigned a set of SPVIDs ⁇ l, 4, 2 ⁇ ;
  • the business instance is assigned a set of SPVIDs ⁇ 10, 11 , 12 ⁇ .
  • the corresponding SPVID can be encapsulated into a data packet by using the translation table formed above, and the SPVID can identify both the entry tree and the VLAN service.
  • the encapsulated data packet is then forwarded along the entry tree identified by the SPVID within the bridged network.
  • Step 4-2. Register a set of SPVIDs assigned to the VLAN service instance in the shortest path bridged network.
  • the SPVID mapping table is used to find the corresponding SPVIDs, but does not include the SPVID corresponding to the tree whose root is the entry bridge.
  • each bridge After receiving the registration message, each bridge saves the SPVID identifier and the receiving port information carried in the registration message. Find the corresponding spanning tree instance based on the S PVID and continue to send the port to the root port of the spanning tree.
  • the registration process in the above Embodiment 2 can be applied to an 802.1Q environment, and is not suitable for 802.1ah, 802.a. Used in the d environment, because 802.1ah, 802.ad is used in QinQ technology, which reflects the support for VLAN scalability.
  • the registration process of 1 is shown in Figure 6.
  • the specific registration process is as follows:
  • the access bridges VIII, B, and D query the above translation table, and obtain the VLANs on the access bridges 8, B, and D.
  • the corresponding SPVID assigned by the service instance, and the data packet is encapsulated with a tag header containing the corresponding SPVID. Then, according to the mapping relationship between the VLAN1 and SPVID groups stored in the translation table and the registered port information, the data packet is forwarded from the root port direction of the tree identified by the SPVID corresponding to VL AN1. Since the mapping between the VLAN1 and SPVID groups saved in the translation table does not include the access bridge C, it can ensure that the data packet will not leak to the VLAN.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Small-Scale Networks (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

L'invention concerne un procédé et un appareil destinés à isoler les différents services d'un réseau local virtuel. Le procédé consiste essentiellement à attribuer des informations d'identification aux instances de services VLAN (réseau local virtuel) ayant fait l'objet d'un accès pour le réseau en pont présentant le plus court chemin, à transférer les informations d'identification de l'instance de service VLAN dans le sens du port racine des différents arbres maximaux dans le réseau en pont présentant le plus court chemin, au moyen du pont de réseau d'accès de l'instance de service VLAN, et à identifier l'instance de service VLAN ayant fait l'objet d'un accès selon les informations d'identification reçues transmises dans le sens du port racine de l'arbre maximal au moyen du pont de réseau d'accès dans le réseau en pont présentant le plus court chemin. Ce procédé permet d'isoler les différents services VLAN dans le réseau en pont présentant le plus court chemin, d'où la possibilité de garantir la diffusion d'un paquet de données de services VLAN dans la zone de couverture du VLAN.
PCT/CN2007/070930 2006-10-20 2007-10-19 Procédé et appareil destinés à isoler les différents services d'un réseau local virtuel WO2008046359A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200610113920.X 2006-10-20
CN200610113920XA CN101166137B (zh) 2006-10-20 2006-10-20 对不同虚拟局域网业务进行隔离的方法

Publications (1)

Publication Number Publication Date
WO2008046359A1 true WO2008046359A1 (fr) 2008-04-24

Family

ID=39313628

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2007/070930 WO2008046359A1 (fr) 2006-10-20 2007-10-19 Procédé et appareil destinés à isoler les différents services d'un réseau local virtuel

Country Status (2)

Country Link
CN (1) CN101166137B (fr)
WO (1) WO2008046359A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104579980A (zh) * 2013-10-18 2015-04-29 杭州华三通信技术有限公司 一种组播数据报文转发方法及设备
CN112311737A (zh) * 2019-07-31 2021-02-02 中兴通讯股份有限公司 一种流量隔离方法、装置及设备、存储介质

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102316000A (zh) * 2011-09-29 2012-01-11 杭州华三通信技术有限公司 一种使能vlan声明方法及其设备
CN102387079B (zh) * 2011-10-19 2014-04-02 华为技术有限公司 一种优化802.1aq协议组播处理的方法和网络设备
CN102664790B (zh) * 2012-04-16 2015-03-11 福建星网锐捷网络有限公司 多播数据报文转发方法、系统及网桥设备
CN102780607B (zh) * 2012-04-19 2015-06-03 中兴通讯股份有限公司 动态配置以太网业务通道的方法及装置
US9137144B2 (en) * 2012-09-28 2015-09-15 Alcatel Lucent Method and apparatus for communication path selection
CN103780630B (zh) * 2014-02-18 2018-07-10 迈普通信技术股份有限公司 虚拟局域网端口隔离方法及系统
US9762403B2 (en) * 2014-11-21 2017-09-12 Avaya Inc. Shortest path bridging (SPB)—protocol-independent multicast (PIM) interactions on a backbone edge bridge (BEB) acting as a multicast boundary router interfacing with a PIM network
CN106533935B (zh) * 2015-09-14 2019-07-12 华为技术有限公司 一种在云计算系统中获取业务链信息的方法和装置
US9860160B2 (en) * 2015-12-30 2018-01-02 Stmicroelectronics, Inc. Multipath switching using per-hop virtual local area network classification
WO2017150621A1 (fr) * 2016-03-02 2017-09-08 日本電気株式会社 Système de réseau, terminal, procédé de collecte de données de capteur et programme

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6813250B1 (en) * 1997-12-23 2004-11-02 Cisco Technology, Inc. Shared spanning tree protocol
US20050259597A1 (en) * 2000-10-17 2005-11-24 Benedetto Marco D Multiple instance spanning tree protocol

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6813250B1 (en) * 1997-12-23 2004-11-02 Cisco Technology, Inc. Shared spanning tree protocol
US20050259597A1 (en) * 2000-10-17 2005-11-24 Benedetto Marco D Multiple instance spanning tree protocol

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104579980A (zh) * 2013-10-18 2015-04-29 杭州华三通信技术有限公司 一种组播数据报文转发方法及设备
CN112311737A (zh) * 2019-07-31 2021-02-02 中兴通讯股份有限公司 一种流量隔离方法、装置及设备、存储介质

Also Published As

Publication number Publication date
CN101166137B (zh) 2011-04-06
CN101166137A (zh) 2008-04-23

Similar Documents

Publication Publication Date Title
WO2008046359A1 (fr) Procédé et appareil destinés à isoler les différents services d'un réseau local virtuel
US8098656B2 (en) Method and apparatus for implementing L2 VPNs on an IP network
US9225640B2 (en) Intra-domain and inter-domain bridging over MPLS using MAC distribution via border gateway protocol
EP3211839B1 (fr) Acheminement split-horizon de paquets dans un réseau mh-pbb-evpn
US9001829B2 (en) Techniques for routing data between network areas
US8917731B2 (en) Multi-protocol support over Ethernet packet-switched networks
Andersson et al. Provider provisioned virtual private network (VPN) terminology
US9100351B2 (en) Method and system for forwarding data in layer-2 network
US9203644B2 (en) Enabling an Ethernet ring network to scalably support a hub-and-spoke connectivity model
US8027347B2 (en) Border gateway protocol extended community attribute for layer-2 and layer-3 virtual private networks using 802.1ah-based tunnels
US7929554B2 (en) Optimized forwarding for provider backbone bridges with both I and B components (IB-PBB)
US8085811B2 (en) Method and apparatus for transporting ethernet services
US7724745B1 (en) Method and device for efficient transmission of flood data frames in a backbone network
US20080159309A1 (en) System and method of mapping between local and global service instance identifiers in provider networks
US20050138149A1 (en) Method and system for increasing available user VLAN space
US20080080535A1 (en) Method and system for transmitting packet
CN103326918B (zh) 一种报文转发方法和设备
US7839800B2 (en) Multiple I-service registration protocol (MIRP)
WO2008019614A1 (fr) Procédé et système pour le transfert de données entre plusieurs réseaux ethernet de fournisseurs
Andersson et al. RFC 4026: Provider Provisioned Virtual Private Network (VPN) Terminology
Gashinsky TRILL working group L. Dunbar Internet Draft D. Eastlake Intended status: Standard Track Huawei Expires: Sept 2012 Radia Perlman Intel

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07817121

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07817121

Country of ref document: EP

Kind code of ref document: A1