WO2010127533A1 - Network protection method and network protection framework - Google Patents

Network protection method and network protection framework Download PDF

Info

Publication number
WO2010127533A1
WO2010127533A1 PCT/CN2009/074592 CN2009074592W WO2010127533A1 WO 2010127533 A1 WO2010127533 A1 WO 2010127533A1 CN 2009074592 W CN2009074592 W CN 2009074592W WO 2010127533 A1 WO2010127533 A1 WO 2010127533A1
Authority
WO
WIPO (PCT)
Prior art keywords
segment
protection
node
network
working
Prior art date
Application number
PCT/CN2009/074592
Other languages
French (fr)
Chinese (zh)
Inventor
吴少勇
魏月华
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2010127533A1 publication Critical patent/WO2010127533A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4604LAN interconnection over a backbone network, e.g. Internet, Frame Relay
    • H04L12/462LAN interconnection over a bridge based backbone
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/22Alternate routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/28Routing or path finding of packets in data switching networks using route fault recovery
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/66Layer 2 routing, e.g. in Ethernet based MAN's

Definitions

  • the present invention relates to the field of network protection, and more particularly to a network based on carrier-grade Ethernet technology, that is, a provider of traffic engineering, PBB-TE (Provider Backbone Bridge Traffic Engineering) Protection methods and network protection architecture.
  • PBB-TE Provide Backbone Bridge Traffic Engineering
  • BACKGROUND OF THE INVENTION Ethernet technology has been widely used in local area networks due to its simplicity, high efficiency, and low cost, and is rapidly moving from LAN-based networking technologies to enterprise networks, metropolitan area telecommunications networks, and wide areas. Telecom network and other large-scale networking technologies have developed. Therefore, carrier-class Ethernet technology has emerged.
  • the Institute of Electrical and Electronics Engineers (IEEE) proposed the carrier-grade Ethernet technology, PBB-TE, and the corresponding standard is IEEE 802.1Qay.
  • PBB-TE also known as Provider Backbone Transport (abbreviated as ⁇ ) technology
  • Provider Backbone Transport
  • PBB-TE technology is based on the technology of PBB (Provider Backbone Bridge, corresponding to IEEE 802. lah) technology. Its core is the improvement of PBB technology. Through network management and control, Ethernet is enabled.
  • the service is connected to implement the functions of the telecommunication network such as the protection, operation, administration, and management (OAM), the quality of service (QoS), and the traffic engineering.
  • the PBB-TE technology uses the outer media access control (MAC) and the virtual local area network (VLAN), which is the MAC address (B-DA) of the bone network.
  • MAC outer media access control
  • VLAN virtual local area network
  • B-VID is used for service forwarding, and its forwarding path is pre-configured.
  • PBB-TE technology is compatible with the traditional Ethernet bridge architecture. It can forward data frames based on BD A and B-VID without updating the network intermediate nodes. The data frames do not need to be modified, and the forwarding efficiency is high.
  • an end-to-end protection mechanism is adopted in the PBB-TE-based network, that is, there are two tunnel entities between the end-to-end, which are working entities and protection entities, and adopt IEEE 802. lag
  • the Connectivity Fault Management (CFM) mechanism continuously performs state detection on the working entity and the protection entity respectively.
  • CFM Connectivity Fault Management
  • FIG. 1 is a schematic structural diagram of an end-to-end protection mechanism in a PBB-TE based network according to the prior art.
  • PE1 and PE2 are both ends of a working entity and a protection entity.
  • the path of the working entity is PE1-P1-P2-P3-PE2, and the path of the protection entity is PE1-P4-P5-PE2.
  • the working entity and the protection entity are pre-configured with their own VLANs.
  • the end node When traffic enters the PBB-TE network, the end node (such as node PE1 in Fig. 1, also called edge node) encapsulates the frame into a PBB-TE network based on information such as the ingress port and VLAN of the frame in the traffic.
  • Frame format that is, encapsulating a layer header on the original data frame header.
  • the source MAC address in the B-MAC is the MAC address of the ingress node, that is, the MAC address of the PE1
  • the destination MAC address is the MAC address of the egress node, that is, the PE2.
  • the new frame header also encapsulates information such as a service VLAN tag (I-tag) and a B-VID, where the B-VID is a pre-set VLAN of the working entity or protection entity that selects the transmission.
  • I-tag service VLAN tag
  • B-VID is a pre-set VLAN of the working entity or protection entity that selects the transmission.
  • PE1 encapsulates the B-VID of the frame in the traffic as the VLAN of the working entity, and the traffic is transmitted from the working entity.
  • the transmission path is PE1-P1-P2-P3-PE2, such as Figure 1 shows.
  • PE1 encapsulates the B-VID of the frame in the traffic as the VLAN of the protection entity, and the traffic is switched to the protection entity.
  • the transmission path is PE1-P4-P5-PE2, as shown in Figure 2.
  • 2 is a schematic diagram of traffic flow after the protection switching of the PBB-TE based network in the prior art.
  • the egress node restores the frame in the PBB-TE network to the normal data frame format and outputs it.
  • end-to-end protection can only perform full path protection, so the path to the working entity and the protection entity is long, and the probability of simultaneous failure of the working entity and the protection entity is greater. If the working entity and the protection entity fail at the same time, the end-to-end traffic will be lost.
  • the main object of the present invention is to provide a network protection method, which can improve the speed of fault recovery, reduce the nodes for protection switching, facilitate network optimization, and ensure end-to-end traffic reliability.
  • Another object of the present invention is to provide a network protection architecture that can improve the speed of fault recovery, reduce the nodes that protect switching, facilitate network optimization, and ensure end-to-end traffic reliability.
  • the technical solution of the present invention is achieved as follows: According to an aspect of the present invention, a network protection method is first provided.
  • the method may specifically include the following steps: setting a working segment and a protection segment in the determined local network; Whether to transmit traffic through the working segment, if yes, the ingress node of the working segment encapsulates the received data frame into a transport format of the working segment, and transmits the encapsulated data frame through the working segment port; the outgoing node of the working segment will data The frame is restored to the frame information before entering the working node's ingress node and forwarded; the process ends; if not, the ingress node of the protection segment encapsulates the received data frame into a transport format of the protection segment, and transmits the packet through the protection segment port.
  • the following data frame; the outbound node of the protection segment restores the data frame to the frame information before entering the ingress node of the protection segment and forwards it.
  • the local network is determined according to the actual situation of the network. Specifically, at least one end node of the working segment and the protection segment is the same end node. Specifically, the virtual local area network VLAN of the working segment forwarding traffic is different from the VLAN for the protection segment forwarding traffic.
  • the method for determining whether to transmit traffic through the working segment includes: performing state detection on the working segment and the protection segment, and when the detection result indicates that the working segment and the protection segment are both normal and there is no protection switching request, the protected traffic passes the work.
  • the state detection method is a connectivity fault management CFM mechanism.
  • the inbound node of the working segment encapsulates the received data frame into a working segment, and the transmission format specifically includes: replacing the bone network VLAN ID B-VID of the protected data frame received from the local network to work
  • the VLAN of the segment replaces the source address in the data frame B-MAC address B-MAC with the node MAC address of the ingress node of the working segment, and the destination address is replaced with the node MAC address of the egress node of the working segment.
  • the transmission format of the protection node that encapsulates the received data frame into the protection segment may include: replacing the B-VID of the protected data frame received from outside the local network with the VLAN of the working segment, The source address in the data frame B-MAC is replaced with the node MAC address of the ingress node of the protection segment, and the destination address is replaced with the node MAC address of the outbound node of the protection segment.
  • a network protection architecture is provided. According to the network protection architecture of the present invention, in the network based on the carrier bone bridge technology PBB-TE supporting traffic engineering, the determined local network is included, and the working segment and the protection segment are set in the determined local network.
  • the ingress node of the working segment When the traffic is transmitted through the working segment, the ingress node of the working segment encapsulates the received data frame into a transport format of the working segment, and transmits the encapsulated data frame through the working segment port; the outgoing node of the working segment will receive the data frame Restore to the frame information before entering the working node's ingress node and forward it; when transmitting traffic through the protection segment, the ingress node of the protection segment encapsulates the received data frame into the transmission format of the protection segment, and transmits the package through the protection segment port.
  • the following data frame; the outbound node of the protection segment restores the data frame to the frame information before entering the ingress node of the protection segment and forwards it.
  • At least one end node of the working segment and the protection segment is the same end node.
  • the VLAN in which the working segment forwards traffic is different from the VLAN in which the protection segment forwards traffic.
  • the local network is determined, and the working segment and the protection segment are set in the determined local network.
  • the working segment path fails, only the traffic of the working segment path is switched to its protected segment path instead of The switch of the full path improves the speed of fault recovery and reduces the number of nodes involved in protection switching.
  • the solution of the invention is beneficial to the optimization of the network and ensures the reliability of the end-to-end traffic.
  • the local network refers to a part of the network in the protected network, which may be called a local area, and may also be referred to as a segment or a segment network, which is determined in advance according to the actual situation of the network, such as some particularly vulnerable or particularly important.
  • the segment can be set to a local area.
  • the protection of the local network in this paper may also be referred to as local area protection or area protection, and may also be referred to as segment protection or segmentation protection, and may have other similar names.
  • FIG. 1 is a schematic structural diagram of an end-to-end protection mechanism in a PBB-TE based network according to the prior art
  • FIG. 2 is a schematic diagram of traffic flow after a PBB-TE based network protection switching is performed in the prior art
  • FIG. 4 is a schematic structural diagram of a local network protection mechanism in a PBB-TE based network according to the present invention
  • FIG. 5 is a schematic diagram of traffic flow after a PBB-TE based network protection switch is performed according to the present invention.
  • a local network is determined in a PBB-TE based network, and a working segment and a protection segment are set in the determined local network.
  • the working segment path fails, only the traffic of the working segment path is switched to its protected segment path, which improves the speed of fault recovery and reduces the nodes involved in the protection switching. Thereby, the speed of failure recovery is increased, and the nodes involved in protection switching are reduced.
  • the network protection method and network protection architecture of the present invention will be described in detail below with reference to the accompanying drawings and specific embodiments. The preferred embodiments described herein are for illustrative purposes only and are not intended to limit the invention.
  • FIG. 3 is a flowchart of a method for implementing network protection according to an embodiment of the present invention.
  • Step 300 Step 300: Set a working segment and a protection segment in the determined local network.
  • a local network refers to a part of a network in a protected network. It can be called a local area. It can also be called a segment or a segment network. It is determined in advance according to the actual situation of the network.
  • some segments that are particularly vulnerable or particularly important can be Set to local area.
  • the protection of the local network in this paper may also be referred to as local area protection or area protection, and may also be referred to as segment protection or segmentation protection, and may have other similar names.
  • a working segment port and a protection segment port are set on the ingress node, and a working segment port and a protection segment port are set on the outbound node.
  • the address table of the traffic forwarding is preset in the node on the working segment and the protection segment.
  • the VLAN for forwarding traffic for the working segment is different from the VLAN for forwarding the traffic for the protection segment.
  • the specific setting method belongs to the technical means used by those skilled in the art, and details are not described herein again.
  • This step emphasizes that in the PBB-TE-based network, the local network that needs to be protected is determined, and the working segment and the protection segment are set in the determined local network.
  • the local network may be one or more, and the specific number is related to the situation in which protection is actually needed.
  • Step 301 Determine whether the traffic is transmitted through the working segment. If yes, go to step 302, otherwise go to step 304. For the status detection of the working segment and the protection segment, the connection fault management mechanism in IEEE 802.
  • the lag can be used to continuously detect the status of the working segment and the protection segment separately, and obtain the detection results of the working segment and the protection segment. According to the detection result, it is determined that the protected traffic is transmitted on the working segment or the protection segment. When the detection result shows that the working segment and the protection segment are normal, and there is no protection switching request, the protected traffic is transmitted on the working segment; when the detection result indicates that the working segment has failed, or there are other protection switching requests, the protected traffic Transfer on the protection segment. It should be noted that the state detection for the working segment and the protection segment in this step belongs to the prior art, and existing methods other than the CFM mechanism may be used, and the scope of protection of the present invention is not limited.
  • Step 302 The ingress node of the working segment encapsulates the received data frame into a transmission format of the working segment, and transmits the encapsulated data frame through the working segment port.
  • the B-VID of the protected data frame received from outside the local network is replaced with the VLAN of the working segment, and the source address in the data frame B-MAC is replaced with the working segment.
  • the data frame is sent to the egress node of the working segment through the working segment port.
  • Step 303 The egress node of the working segment restores the data frame to the frame information before entering the working node ingress node and forwards the frame information. End this process.
  • the outbound node of the working segment receives the data frame on the working segment, the B-MAC of the data frame is
  • Step 304 The ingress node of the protection segment encapsulates the received data frame into a transmission format of the protection segment, and transmits the encapsulated data frame through the protection segment port.
  • the B-VID of the protected data frame received from outside the local network is replaced with the VLAN of the working segment, and the source address in the data frame B-MAC is replaced with the protection segment.
  • the node MAC address of the ingress node is replaced with the node MAC address of the egress node of the protection segment
  • the data frame is sent to the egress node of the protection segment through the protection segment port.
  • Step 305 The outbound node of the protection segment restores the data frame to the frame information before entering the ingress node of the protection segment and forwards the frame information.
  • the outbound node of the working segment receives the data frame on the working segment, the B-MAC of the data frame is
  • the embodiment of the present invention further provides a network protection architecture, where the network includes a determined office in a network based on the carrier BQ-TE supporting the traffic engineering.
  • a network and a working segment and a protection segment are set in the determined local network; when the traffic is transmitted through the working segment, the ingress node of the working segment encapsulates the received data frame into a transmission format of the working segment, and passes The working segment port transmits the encapsulated data frame; the outbound node of the working segment restores the data frame to the frame information before entering the working segment ingress node and forwards the packet; when the traffic is transmitted through the protection segment, the ingress node of the protection segment receives The received data frame is encapsulated into a transport format of the protection segment, and the encapsulated data frame is transmitted through the protection segment port; the outbound node of the protection segment restores the data frame to the frame information before entering the entry node of the protection segment and forwards the frame information.
  • At least one end node is the same end node in the end node of the working segment and the protection segment. Moreover, the VLAN in which the working segment forwards traffic is different from the VLAN in which the protection segment forwards traffic.
  • the network protection method in the embodiment of the present invention is specifically described below in conjunction with an embodiment.
  • 4 is a schematic structural diagram of a local network protection mechanism in a PBB-TE based network according to an embodiment of the present invention.
  • PE1-P1-P2-P3-PE2 is a traffic transmission entity of a PBB-TE based network.
  • PE 1 and PE 2 are end nodes.
  • P 1 -P2-P3 is the working segment of the local network protection in this embodiment
  • P1-P4-P3 is the protection segment of the local network protection in the embodiment
  • the working segment and the protection segment have the same end node P 1 and P3.
  • the source address in the B-MAC of the data frame is the node MAC address of the PE 1
  • the destination address is the node MAC address of the PE2
  • the B-VID is the Pre-configured VLAN on the traffic transport entity (where ⁇ _ is set to VID1).
  • ⁇ _ is set to VID1
  • the source address in the B-MAC of the frame is replaced with the node MAC address of P1
  • the destination address is replaced with the node MAC address of P3
  • the B-VID is replaced with the VLAN configured on the working segment.
  • VID2 may be the same or different.
  • the encapsulated traffic is sent to the egress node of the working segment.
  • the data frame is transmitted to the egress node P3 of the working segment, the data frame is restored to the frame information before entering the local network, that is, the source address in the B-MAC of the data frame is restored to the MAC address of the node of the PE1, and the destination address is restored to the PE2.
  • FIG. 5 is a schematic diagram of traffic flow after network protection protection switching based on PBB-TE according to an embodiment of the present invention.
  • the data frame is at the beginning of the protection segment
  • the point PI is re-encapsulated, the source address in the B-MAC of the data frame is replaced with the node MAC address of P1, the destination address is replaced with the node MAC address of the outgoing node P3 of the protection segment, and the B-VID is replaced with protection.
  • the pre-configured VLAN on the segment (assumed to be VID3). After that, the encapsulated traffic is sent to the egress node of the protection segment. After the data frame is transmitted to the egress node of the protection segment, the data frame is restored to the frame information before entering the local network, that is, the source address in the B-MAC of the data frame is restored to the MAC address of the node of the PE1, and the destination address is restored to the PE2. The node MAC address, B-VID is restored to the VID1 configured on the transport entity.
  • the embodiment of the present invention determines a local network in a PBB-TE-based network, and sets a working segment and a protection segment in the determined local network.

Abstract

A network protection method and a network protection framework are provided by this invention. In the network based on the Provider Backbone Bridge Traffic Engineering (PBB-TE), a local network is determined, and a work segment and a protect segment are set in the determined local network. When the work segment path fails, the traffic on this work segment path is switched to its protect segment path, rather than the switching of the whole path. Therefore, the speed of the failure recovery is improved, and the nodes concerned with the protection switching are reduced.

Description

网络保护方法及网络保护架构 技术领域 本发明涉及网络保护领域,尤指一种基于电信级以太网技术即支持流量 工程的运营商骨千桥接技术 (PBB-TE , Provider Backbone Bridge Traffic Engineering ) 的网络保护方法及网络保护架构。 背景技术 以太网技术由于其自身具有的简单、 高效和低成本等特点, 在局域网中 得到了广泛的应用, 并正迅速从局域网为主的组网技术向企业网、 城域电信 网和广域电信网等大范围的组网技术发展, 因此, 电信级的以太网技术应运 而生。 美国电气和电子工程师十办会 ( Institute of Electrical and Electronics Engineers, 简称为 IEEE )提出了电信级以太网技术, 即 PBB-TE, 对应的标 准为 IEEE 802.1Qay。 PBB-TE 也称为运营商骨千传输 ( Provider Backbone Transport , 简称为 ΡΒΤ )技术, 是一种面向连接的以太网技术, 所有流量才艮 据地址表转发。 PBB-TE 技术以运营商骨千桥接 (PBB , Provider Backbone Bridge, 对应的标准为 IEEE 802. lah ) 技术为基础, 其核心是对 PBB技术的 改进, 通过网络管理和控制, 使以太网中的业务具有连接性, 以便实现保护 倒换、 运行、 管理和维护 ( Operation, Administration and Management, 简称 为 OAM )、 服务质量 (Quality of Service, 简称为 QoS )、 流量工程等电信网 络的功能。 PBB-TE技术釆用外层媒体接入控制 (Media Access Control, 简 称为 MAC )加上外层虚拟局域网( Virtual Local Area Network,简称为 VLAN ) 即骨千网目的 MAC地址 (B-DA)和骨千网 VLAN ID(B-VID)进行业务转发, 其转发路径是预先配置的。 PBB-TE 技术兼容传统以太网桥的架构, 不需要 对网络中间节点进行更新即可基于 B-D A和 B-VID对数据帧进行转发,数据 帧也不需要修改, 转发效率高。 为了提高网络的可靠性,在基于 PBB-TE的网络中釆用端到端的保护机 制,即端到端之间有两条隧道实体,分别为工作实体和保护实体,并釆用 IEEE 802. lag中的连接性故障管理( Connectivity Fault Management, 简称为 CFM ) 机制持续地对工作实体和保护实体分别进行状态检测。 当工作实体失效时, 将业务自动转移到预先建立的保护实体上, 这种端到端的保护机制对 PBB-TE网络增加了必要的弹性。 图 1为现有技术基于 PBB-TE的网络中端 到端保护机制的结构示意图, 如图 1所示, 在一个 PBB-TE网络中, PE1和 PE2 为工作实体和保护 实体的 两端节点 , 工作 实体的路径为 PE1-P1-P2-P3-PE2, 保护实体的路径为 PE1-P4-P5-PE2。 工作实体和保护实 体预先设置有各自的 VLAN。 当流量进入 PBB-TE网络时, 端节点(如图 1中的节点 PE1 , 也称为边 缘节点)根据该流量中帧的入端口和 VLAN等信息, 将该帧封装为 PBB-TE 网络中的帧格式, 即在原始数据帧头上再封装一层帧头。 新封装的帧头中, 骨千 MAC地址 ( B-MAC ) 中的源 MAC地址为入端节点即 PE1的 MAC地 址, 目的 MAC地址为出端节点即 PE2的 MAC地址。 此夕卜, 新的帧头中还 封装了业务 VLAN的标签 ( I-tag ) 和 B-VID等信息, 其中 B-VID为选择传 输的工作实体或者保护实体预先设置的 VLAN。 当工作实体和保护实体都为正常状态时, PE1将流量中帧的 B-VID封 装为工作实体的 VLAN , 流量从工作实体上传输, 其传输路径为 PE1-P1-P2-P3-PE2, 如图 1所示。 当工作实体发生故障时, PE1将流量中帧 的 B-VID封装为保护实体的 VLAN, 流量切换到保护实体上传输, 其传输路 径为 PE1-P4-P5-PE2, 如图 2所示, 图 2为现有技术基于 PBB-TE的网络发 生保护切换后的流量示意图。 当流量传输到 PBB-TE网络的另外一个端节点(如图 1中节点 PE2 , 也 称为边缘节点) 时, 该出端节点将 PBB-TE网络中的帧还原为普通数据帧格 式后输出。 由于在目前的端到端保护机制的结构中,端到端的保护只能进行全路径 保护, 从而对于工作实体和保护实体的路径都很长, 工作实体和保护实体同 时发生故障的概率就较大, 如果工作实体和保护实体同时发生故障, 则端到 端的流量就会丢失。 如果在工作实体或者保护实体的路径中某一段特别脆弱 或者某一段特别重要, 那么该段的故障会导致全路径进行切换, 不利于网络 的优化。 而现有基于 PBB-TE的网络中端到端保护机制架构, 由于只能进行 全路径保护, 减緩了故障恢复的速度, 而且保护倒换牵涉全路径中的所有节 点, 不利于网络的优化, 而且降低了端到端流量的可靠性。 发明内容 有鉴于此, 本发明的主要目的在于提供一种网络保护方法, 该方法能够 提高故障恢复的速度, 减少保护倒换的节点, 有利于网络的优化, 并且保证 端到端流量的可靠性。 本发明的另一目的在于提供一种网络保护架构,该架构能够提高故障恢 复的速度, 减少保护倒换的节点, 有利于网络的优化, 并且保证端到端流量 的可靠性。 为达到上述目的, 本发明的技术方案是这样实现的: 才艮据本发明的一个方面, 首先提供了一种网络保护方法。 根据本发明的网络保护方法,在基于支持流量工程的运营商骨千桥接技 术 PBB-TE的网络中, 该方法具体可以包括以下步骤: 在确定出的局部网络中设置工作段和保护段; 判断是否通过工作段传输流量, 如果是, 工作段的入端节点将接收到的 数据帧封装成工作段的传输格式, 并通过工作段端口传输封装后的数据帧; 工作段的出端节点将数据帧还原为进入工作段入端节点之前的帧信息并转 发; 结束本流程; 如果不是,保护段的入端节点将接收到的数据帧封装成保护段的传输格 式, 并通过保护段端口传输封装后的数据帧; 保护段的出端节点将数据帧还 原为进入保护段入端节点之前的帧信息并转发。 具体地, 才艮据网络的实际情况确定出所述局部网络。 具体地, 工作段和保护段的端节点中, 至少存在一个端节点为同一个端 节点。 具体地, 工作段转发流量的虚拟局域网 VLAN 与保护段转发流量的 VLAN不同。 进一步地, 判断是否通过工作段传输流量的方法包括: 对工作段和保护 段进行状态检测, 当检测结果显示工作段和保护段均为正常, 且无保护倒换 请求时, 被保护的流量通过工作段传输; 当检测结果显示工作段发生故障, 或者有其他保护倒换请求时, 被保护流量通过保护段传输。 具体地, 状态检测方法为连接性故障管理 CFM机制。 具体地,工作段的入端节点将接收到的数据帧封装成工作段的传输格式 具体包括: 将从局部网络外部收到的被保护的数据帧的骨千网 VLAN ID B-VID替 换为工作段的 VLAN, 将数据帧骨千 MAC地址 B-MAC中的源地址替换为 工作段的入端节点的节点 MAC地址, 目的地址替换为工作段的出端节点的 节点 MAC地址。 具体地,保护段的入端节点将接收到的数据帧封装成保护段的传输格式 具体可以包括: 将从局部网络外部收到的被保护的数据帧的 B-VID 替换为工作段的 VLAN, 将数据帧 B-MAC中的源地址替换为保护段的入端节点的节点 MAC 地址, 目的地址替换为保护段的出端节点的节点 MAC地址。 根据本发明的另一个方面, 提供了一种网络保护架构。 根据本发明的网络保护架构,在基于支持流量工程的运营商骨千桥接技 术 PBB-TE的网络中, 包括确定出的局部网络, 并且, 在确定出的局部网络 中设置有工作段和保护段; 当通过工作段传输流量时, 工作段的入端节点将 接收到的数据帧封装成工作段的传输格式, 并通过工作段端口传输封装后的 数据帧; 工作段的出端节点将数据帧还原为进入工作段入端节点之前的帧信 息并转发; 当通过保护段传输流量时, 保护段的入端节点将接收到的数据帧 封装成保护段的传输格式, 并通过保护段端口传输封装后的数据帧; 保护段 的出端节点将数据帧还原为进入保护段入端节点之前的帧信息并转发。 具体地, 工作段和保护段的端节点中, 至少存在一个端节点为同一个端 节点。 具体地, 工作段转发流量的 VLAN与保护段转发流量的 VLAN不同。 从本发明提供的技术方案可以看出, 在基于 PBB-TE的网络中, 确定出 局部网络, 并在确定出的局部网络中设置工作段和保护段。 当该工作段路径 发生故障时, 只是将该工作段路径的流量切换到其保护段路径上, 而不是进 行全路径的切换, 这样提高了故障恢复的速度, 并减少了保护倒换涉及的节 点。 本发明方案有利于网络的优化, 并且保证了端到端流量的可靠性。 其中, 局部网络是指受保护网络中的一部分网络, 可以称为局部区域, 也可以称为 段或者分段网络, 是预先根据网络的实际情况确定出来的, 比如特别脆弱或 者特别重要的某些段可以设置为局部区域。 本文中局部网络的保护也可以称 为局部区域保护或者区域保护, 也可以称为段保护或者分段保护, 还可以有 其他类似的名称。 本发明的其它特征和优点将在随后的说明书中阐述, 并且, 部分地从说 明书中变得显而易见, 或者通过实施本发明而了解。 本发明的目的和其他优 点可通过在所写的说明书、 权利要求书、 以及附图中所特别指出的结构来实 现和获得。 附图说明 附图用来提供对本发明的进一步理解, 并且构成说明书的一部分, 与本 发明的实施例一起用于解释本发明, 并不构成对本发明的限制。 在附图中: 图 1为现有技术基于 PBB-TE的网络中端到端保护机制的结构示意图; 图 2为现有技术基于 PBB-TE的网络发生保护切换后的流量示意图; 图 3为本发明实现网络保护的方法的流程图; 图 4为本发明基于 PBB-TE的网络中局部网络保护机制的结构示意图; 图 5为本发明基于 PBB-TE的网络发生保护切换后的流量示意图。 具体实施方式 功能相克述 在本发明实施例中, 通过在基于 PBB-TE的网络中, 确定出局部网络, 并在确定出的局部网络中设置工作段和保护段。当该工作段路径发生故障时, 只是将该工作段路径的流量切换到其保护段路径上, 这样提高了故障恢复的 速度, 并减少了保护倒换涉及的节点。 从而, 提高了故障恢复的速度, 并减 少了保护倒换涉及的节点。 为了更好地理解本发明,下面结合附图和具体实施例对本发明的网络保 护方法和网络保护架构加以详细说明。 应当理解, 此处所描述的优选实施例 仅用于说明和解释本发明, 并不用于限定本发明。 在不冲突的情况下, 本申请中的实施例及实施例中的特征可以相互组 合。 根据本发明实施例, 首先提供了一种网络保护方法, 图 3为本发明实施 例实现网络保护的方法的流程图, 如图 3所示, 在基于 PBB-TE的网络中, 具体可以包括以下步骤 (步骤 300 -步骤 305 ): 步骤 300: 在确定出的局部网络中设置工作段和保护段。 局部网络是指受保护网络中的一部分网络, 可以称为局部区域, 也可以 称为段或者分段网络, 是预先根据网络的实际情况确定出来的, 比如特别脆 弱或者特别重要的某些段可以设置为局部区域。 本文中局部网络的保护也可 以称为局部区域保护或者区域保护, 也可以称为段保护或者分段保护, 还可 以有其他类似的名称。 工作段和保护段的末端分别有两个端节点,工作段和保护段的端节点至 少有一个重合即为同一个端节点。 在入端节点上设置有工作段端口和保护段 端口, 在出端节点上设置有工作段端口和保护段端口。 工作段和保护段上的节点中预先设置流量转发的地址表, 其中, 为工作 段转发流量的 VLAN与保护段转发流量的 VLAN是不同的。 具体的设置方 法属于本领域技术人员管用技术手段, 这里不再赘述。 本步骤强调的是在基于 PBB-TE的网络中,确定出需要进行保护的局部 网络, 并在确定出的局部网络中设置工作段和保护段。 其中局部网络可以是 一个或一个以上, 具体数量与实际需要进行保护的情况有关。 步骤 301 : 判断是否通过工作段传输流量, 如果是, 进入步骤 302, 否 则进入步骤 304。 对工作段和保护段进行状态检测, 可以釆用 IEEE 802. lag 中的连接性 故障管理机制持续地对工作段和保护段分别进行状态检测, 得到工作段和保 护段的检测结果。 才艮据检测结果, 确定在工作段或者保护段上传输被保护的流量。 当检测 结果显示工作段和保护段均为正常, 且无保护倒换请求时, 被保护的流量在 工作段上传输; 当检测结果显示工作段发生故障, 或者有其他保护倒换请求 时, 被保护流量在保护段上传输。 需要说明的是, 本步骤中对于工作段和保护段的状态检测属于现有技 术, 可以釆用除 CFM机制以外的现有方法, 并不限制本发明的保护范围。 步骤 302: 工作段的入端节点将接收到的数据帧封装成工作段的传输格 式, 并通过工作段端口传输封装后的数据帧。 当数据帧进入工作段的入端节点时,将从局部网络外部收到的被保护的 数据帧的 B-VID替换为工作段的 VLAN, 将数据帧 B-MAC中的源地址替换 为工作段的入端节点的节点 MAC地址, 目的地址替换为工作段的出端节点 的节点 MAC地址后, 通过工作段端口将数据帧发送给工作段的出端节点。 步骤 303: 工作段的出端节点将数据帧还原为进入工作段入端节点之前 的帧信息并转发。 结束本流程。 当工作段的出端节点收到工作段上的数据帧时, 将数据帧的 B-MAC和TECHNICAL FIELD The present invention relates to the field of network protection, and more particularly to a network based on carrier-grade Ethernet technology, that is, a provider of traffic engineering, PBB-TE (Provider Backbone Bridge Traffic Engineering) Protection methods and network protection architecture. BACKGROUND OF THE INVENTION Ethernet technology has been widely used in local area networks due to its simplicity, high efficiency, and low cost, and is rapidly moving from LAN-based networking technologies to enterprise networks, metropolitan area telecommunications networks, and wide areas. Telecom network and other large-scale networking technologies have developed. Therefore, carrier-class Ethernet technology has emerged. The Institute of Electrical and Electronics Engineers (IEEE) proposed the carrier-grade Ethernet technology, PBB-TE, and the corresponding standard is IEEE 802.1Qay. PBB-TE, also known as Provider Backbone Transport (abbreviated as ΡΒΤ) technology, is a connection-oriented Ethernet technology in which all traffic is forwarded according to the address table. PBB-TE technology is based on the technology of PBB (Provider Backbone Bridge, corresponding to IEEE 802. lah) technology. Its core is the improvement of PBB technology. Through network management and control, Ethernet is enabled. The service is connected to implement the functions of the telecommunication network such as the protection, operation, administration, and management (OAM), the quality of service (QoS), and the traffic engineering. The PBB-TE technology uses the outer media access control (MAC) and the virtual local area network (VLAN), which is the MAC address (B-DA) of the bone network. B-VID is used for service forwarding, and its forwarding path is pre-configured. PBB-TE technology is compatible with the traditional Ethernet bridge architecture. It can forward data frames based on BD A and B-VID without updating the network intermediate nodes. The data frames do not need to be modified, and the forwarding efficiency is high. In order to improve the reliability of the network, an end-to-end protection mechanism is adopted in the PBB-TE-based network, that is, there are two tunnel entities between the end-to-end, which are working entities and protection entities, and adopt IEEE 802. lag The Connectivity Fault Management (CFM) mechanism continuously performs state detection on the working entity and the protection entity respectively. When the working entity fails, Automatically transferring services to pre-established protection entities, this end-to-end protection mechanism adds the necessary resiliency to the PBB-TE network. FIG. 1 is a schematic structural diagram of an end-to-end protection mechanism in a PBB-TE based network according to the prior art. As shown in FIG. 1 , in a PBB-TE network, PE1 and PE2 are both ends of a working entity and a protection entity. The path of the working entity is PE1-P1-P2-P3-PE2, and the path of the protection entity is PE1-P4-P5-PE2. The working entity and the protection entity are pre-configured with their own VLANs. When traffic enters the PBB-TE network, the end node (such as node PE1 in Fig. 1, also called edge node) encapsulates the frame into a PBB-TE network based on information such as the ingress port and VLAN of the frame in the traffic. Frame format, that is, encapsulating a layer header on the original data frame header. In the newly encapsulated frame header, the source MAC address in the B-MAC is the MAC address of the ingress node, that is, the MAC address of the PE1, and the destination MAC address is the MAC address of the egress node, that is, the PE2. In addition, the new frame header also encapsulates information such as a service VLAN tag (I-tag) and a B-VID, where the B-VID is a pre-set VLAN of the working entity or protection entity that selects the transmission. When both the working entity and the protection entity are in a normal state, PE1 encapsulates the B-VID of the frame in the traffic as the VLAN of the working entity, and the traffic is transmitted from the working entity. The transmission path is PE1-P1-P2-P3-PE2, such as Figure 1 shows. When the working entity fails, PE1 encapsulates the B-VID of the frame in the traffic as the VLAN of the protection entity, and the traffic is switched to the protection entity. The transmission path is PE1-P4-P5-PE2, as shown in Figure 2. 2 is a schematic diagram of traffic flow after the protection switching of the PBB-TE based network in the prior art. When the traffic is transmitted to another end node of the PBB-TE network (such as node PE2 in Fig. 1, also called edge node), the egress node restores the frame in the PBB-TE network to the normal data frame format and outputs it. In the current end-to-end protection mechanism structure, end-to-end protection can only perform full path protection, so the path to the working entity and the protection entity is long, and the probability of simultaneous failure of the working entity and the protection entity is greater. If the working entity and the protection entity fail at the same time, the end-to-end traffic will be lost. If a segment of the working entity or the protected entity is particularly vulnerable or a certain segment is particularly important, the failure of the segment will cause the full path to be switched, which is not conducive to network optimization. However, the end-to-end protection mechanism architecture of the existing PBB-TE based network can only reduce the speed of fault recovery because the full path protection can be performed, and the protection switching involves all nodes in the full path, which is not conducive to network optimization. It also reduces the reliability of end-to-end traffic. SUMMARY OF THE INVENTION In view of this, the main object of the present invention is to provide a network protection method, which can improve the speed of fault recovery, reduce the nodes for protection switching, facilitate network optimization, and ensure end-to-end traffic reliability. Another object of the present invention is to provide a network protection architecture that can improve the speed of fault recovery, reduce the nodes that protect switching, facilitate network optimization, and ensure end-to-end traffic reliability. In order to achieve the above object, the technical solution of the present invention is achieved as follows: According to an aspect of the present invention, a network protection method is first provided. According to the network protection method of the present invention, in the network based on the operator BQ-TE technology supporting traffic engineering, the method may specifically include the following steps: setting a working segment and a protection segment in the determined local network; Whether to transmit traffic through the working segment, if yes, the ingress node of the working segment encapsulates the received data frame into a transport format of the working segment, and transmits the encapsulated data frame through the working segment port; the outgoing node of the working segment will data The frame is restored to the frame information before entering the working node's ingress node and forwarded; the process ends; if not, the ingress node of the protection segment encapsulates the received data frame into a transport format of the protection segment, and transmits the packet through the protection segment port. The following data frame; the outbound node of the protection segment restores the data frame to the frame information before entering the ingress node of the protection segment and forwards it. Specifically, the local network is determined according to the actual situation of the network. Specifically, at least one end node of the working segment and the protection segment is the same end node. Specifically, the virtual local area network VLAN of the working segment forwarding traffic is different from the VLAN for the protection segment forwarding traffic. Further, the method for determining whether to transmit traffic through the working segment includes: performing state detection on the working segment and the protection segment, and when the detection result indicates that the working segment and the protection segment are both normal and there is no protection switching request, the protected traffic passes the work. Segment transmission; when the detection result shows that the working segment has failed, Or when there are other protection switching requests, the protected traffic is transmitted through the protection segment. Specifically, the state detection method is a connectivity fault management CFM mechanism. Specifically, the inbound node of the working segment encapsulates the received data frame into a working segment, and the transmission format specifically includes: replacing the bone network VLAN ID B-VID of the protected data frame received from the local network to work The VLAN of the segment replaces the source address in the data frame B-MAC address B-MAC with the node MAC address of the ingress node of the working segment, and the destination address is replaced with the node MAC address of the egress node of the working segment. Specifically, the transmission format of the protection node that encapsulates the received data frame into the protection segment may include: replacing the B-VID of the protected data frame received from outside the local network with the VLAN of the working segment, The source address in the data frame B-MAC is replaced with the node MAC address of the ingress node of the protection segment, and the destination address is replaced with the node MAC address of the outbound node of the protection segment. According to another aspect of the present invention, a network protection architecture is provided. According to the network protection architecture of the present invention, in the network based on the carrier bone bridge technology PBB-TE supporting traffic engineering, the determined local network is included, and the working segment and the protection segment are set in the determined local network. When the traffic is transmitted through the working segment, the ingress node of the working segment encapsulates the received data frame into a transport format of the working segment, and transmits the encapsulated data frame through the working segment port; the outgoing node of the working segment will receive the data frame Restore to the frame information before entering the working node's ingress node and forward it; when transmitting traffic through the protection segment, the ingress node of the protection segment encapsulates the received data frame into the transmission format of the protection segment, and transmits the package through the protection segment port. The following data frame; the outbound node of the protection segment restores the data frame to the frame information before entering the ingress node of the protection segment and forwards it. Specifically, at least one end node of the working segment and the protection segment is the same end node. Specifically, the VLAN in which the working segment forwards traffic is different from the VLAN in which the protection segment forwards traffic. It can be seen from the technical solution provided by the present invention that in the PBB-TE based network, the local network is determined, and the working segment and the protection segment are set in the determined local network. When the working segment path fails, only the traffic of the working segment path is switched to its protected segment path instead of The switch of the full path improves the speed of fault recovery and reduces the number of nodes involved in protection switching. The solution of the invention is beneficial to the optimization of the network and ensures the reliability of the end-to-end traffic. The local network refers to a part of the network in the protected network, which may be called a local area, and may also be referred to as a segment or a segment network, which is determined in advance according to the actual situation of the network, such as some particularly vulnerable or particularly important. The segment can be set to a local area. The protection of the local network in this paper may also be referred to as local area protection or area protection, and may also be referred to as segment protection or segmentation protection, and may have other similar names. Other features and advantages of the invention will be set forth in the description which follows, and The objectives and other advantages of the invention will be realized and attained by the <RTI The drawings are intended to provide a further understanding of the invention, and are intended to be a part of the description of the invention. In the drawings: FIG. 1 is a schematic structural diagram of an end-to-end protection mechanism in a PBB-TE based network according to the prior art; FIG. 2 is a schematic diagram of traffic flow after a PBB-TE based network protection switching is performed in the prior art; A flowchart of a method for implementing network protection according to the present invention; FIG. 4 is a schematic structural diagram of a local network protection mechanism in a PBB-TE based network according to the present invention; FIG. 5 is a schematic diagram of traffic flow after a PBB-TE based network protection switch is performed according to the present invention. DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS In the embodiment of the present invention, a local network is determined in a PBB-TE based network, and a working segment and a protection segment are set in the determined local network. When the working segment path fails, only the traffic of the working segment path is switched to its protected segment path, which improves the speed of fault recovery and reduces the nodes involved in the protection switching. Thereby, the speed of failure recovery is increased, and the nodes involved in protection switching are reduced. In order to better understand the present invention, the network protection method and network protection architecture of the present invention will be described in detail below with reference to the accompanying drawings and specific embodiments. The preferred embodiments described herein are for illustrative purposes only and are not intended to limit the invention. The embodiments in the present application and the features in the embodiments may be combined with each other without conflict. According to an embodiment of the present invention, a network protection method is first provided. FIG. 3 is a flowchart of a method for implementing network protection according to an embodiment of the present invention. As shown in FIG. 3, in a PBB-TE-based network, the following may specifically include the following: Step (Step 300 - Step 305): Step 300: Set a working segment and a protection segment in the determined local network. A local network refers to a part of a network in a protected network. It can be called a local area. It can also be called a segment or a segment network. It is determined in advance according to the actual situation of the network. For example, some segments that are particularly vulnerable or particularly important can be Set to local area. The protection of the local network in this paper may also be referred to as local area protection or area protection, and may also be referred to as segment protection or segmentation protection, and may have other similar names. There are two end nodes at the end of the working segment and the protection segment respectively, and at least one coincidence of the working node and the end node of the protection segment is the same end node. A working segment port and a protection segment port are set on the ingress node, and a working segment port and a protection segment port are set on the outbound node. The address table of the traffic forwarding is preset in the node on the working segment and the protection segment. The VLAN for forwarding traffic for the working segment is different from the VLAN for forwarding the traffic for the protection segment. The specific setting method belongs to the technical means used by those skilled in the art, and details are not described herein again. This step emphasizes that in the PBB-TE-based network, the local network that needs to be protected is determined, and the working segment and the protection segment are set in the determined local network. The local network may be one or more, and the specific number is related to the situation in which protection is actually needed. Step 301: Determine whether the traffic is transmitted through the working segment. If yes, go to step 302, otherwise go to step 304. For the status detection of the working segment and the protection segment, the connection fault management mechanism in IEEE 802. lag can be used to continuously detect the status of the working segment and the protection segment separately, and obtain the detection results of the working segment and the protection segment. According to the detection result, it is determined that the protected traffic is transmitted on the working segment or the protection segment. When the detection result shows that the working segment and the protection segment are normal, and there is no protection switching request, the protected traffic is transmitted on the working segment; when the detection result indicates that the working segment has failed, or there are other protection switching requests, the protected traffic Transfer on the protection segment. It should be noted that the state detection for the working segment and the protection segment in this step belongs to the prior art, and existing methods other than the CFM mechanism may be used, and the scope of protection of the present invention is not limited. Step 302: The ingress node of the working segment encapsulates the received data frame into a transmission format of the working segment, and transmits the encapsulated data frame through the working segment port. When the data frame enters the ingress node of the working segment, the B-VID of the protected data frame received from outside the local network is replaced with the VLAN of the working segment, and the source address in the data frame B-MAC is replaced with the working segment. After the node MAC address of the ingress node is replaced with the node MAC address of the egress node of the working segment, the data frame is sent to the egress node of the working segment through the working segment port. Step 303: The egress node of the working segment restores the data frame to the frame information before entering the working node ingress node and forwards the frame information. End this process. When the outbound node of the working segment receives the data frame on the working segment, the B-MAC of the data frame is
B-VID还原为进入工作段之前的值后转发。 步骤 304: 保护段的入端节点将接收到的数据帧封装成保护段的传输格 式, 并通过保护段端口传输封装后的数据帧。 当数据帧进入保护段的入端节点时,将从局部网络外部收到的被保护的 数据帧的 B-VID替换为工作段的 VLAN, 将数据帧 B-MAC中的源地址替换 为保护段的入端节点的节点 MAC地址, 目的地址替换为保护段的出端节点 的节点 MAC地址后, 通过保护段端口将数据帧发送给保护段的出端节点。 步骤 305: 保护段的出端节点将数据帧还原为进入保护段入端节点之前 的帧信息并转发。 当工作段的出端节点收到工作段上的数据帧时, 将数据帧的 B-MAC和The B-VID is reverted to the value before entering the working segment and then forwarded. Step 304: The ingress node of the protection segment encapsulates the received data frame into a transmission format of the protection segment, and transmits the encapsulated data frame through the protection segment port. When the data frame enters the ingress node of the protection segment, the B-VID of the protected data frame received from outside the local network is replaced with the VLAN of the working segment, and the source address in the data frame B-MAC is replaced with the protection segment. After the node MAC address of the ingress node is replaced with the node MAC address of the egress node of the protection segment, the data frame is sent to the egress node of the protection segment through the protection segment port. Step 305: The outbound node of the protection segment restores the data frame to the frame information before entering the ingress node of the protection segment and forwards the frame information. When the outbound node of the working segment receives the data frame on the working segment, the B-MAC of the data frame is
B-VID还原为进入工作段之前的值后转发。 对应图 3所示的方法, 本发明实施例还提供一种网络保护架构, 在在基 于支持流量工程的运营商骨千桥接技术 PBB-TE的网络中, 包括确定出的局 部网络, 并且, 在确定出的局部网络中设置有工作段和保护段; 当通过工作段传输流量时,工作段的入端节点将接收到的数据帧封装成 工作段的传输格式, 并通过工作段端口传输封装后的数据帧; 工作段的出端 节点将数据帧还原为进入工作段入端节点之前的帧信息并转发; 当通过保护段传输流量时 ,保护段的入端节点将接收到的数据帧封装成 保护段的传输格式, 并通过保护段端口传输封装后的数据帧; 保护段的出端 节点将数据帧还原为进入保护段入端节点之前的帧信息并转发。 其中, 在工作段和保护段的端节点中, 至少存在一个端节点为同一个端 节点。 而且, 所述工作段转发流量的 VLAN与保护段转发流量的 VLAN不 同。 下面结合一实施例, 对本发明实施例的网络保护方法进行具体描述。 图 4为本发明实施例基于 PBB-TE的网络中局部网络保护机制的结构示 意图, 如图 4所示, PE1-P1-P2-P3-PE2为某基于 PBB-TE技术的网络的流量 传输实体, PE 1和 PE2为端节点。 假设, P 1 -P2-P3为本实施例中局部网络保 护的工作段, P1-P4-P3为本实施例中局部网络保护的保护段, 工作段和保护 段有相同的端节点 P 1和 P3。 数据帧从 PE 1节点向基于 PBB-TE技术的网络 中传输时, 数据帧的 B-MAC中的源地址为 PE 1的节点 MAC地址, 目的地 址为 PE2的节点 MAC地址, B-VID为该流量传输实体上预先配置的 VLAN (这里^ _设为 VID1 )。 当检测结果显示工作段上的路径为正常时,数据帧在工作段的入端节点The B-VID is reverted to the value before entering the working segment and then forwarded. Corresponding to the method shown in FIG. 3, the embodiment of the present invention further provides a network protection architecture, where the network includes a determined office in a network based on the carrier BQ-TE supporting the traffic engineering. a network, and a working segment and a protection segment are set in the determined local network; when the traffic is transmitted through the working segment, the ingress node of the working segment encapsulates the received data frame into a transmission format of the working segment, and passes The working segment port transmits the encapsulated data frame; the outbound node of the working segment restores the data frame to the frame information before entering the working segment ingress node and forwards the packet; when the traffic is transmitted through the protection segment, the ingress node of the protection segment receives The received data frame is encapsulated into a transport format of the protection segment, and the encapsulated data frame is transmitted through the protection segment port; the outbound node of the protection segment restores the data frame to the frame information before entering the entry node of the protection segment and forwards the frame information. Wherein, at least one end node is the same end node in the end node of the working segment and the protection segment. Moreover, the VLAN in which the working segment forwards traffic is different from the VLAN in which the protection segment forwards traffic. The network protection method in the embodiment of the present invention is specifically described below in conjunction with an embodiment. 4 is a schematic structural diagram of a local network protection mechanism in a PBB-TE based network according to an embodiment of the present invention. As shown in FIG. 4, PE1-P1-P2-P3-PE2 is a traffic transmission entity of a PBB-TE based network. PE 1 and PE 2 are end nodes. It is assumed that P 1 -P2-P3 is the working segment of the local network protection in this embodiment, and P1-P4-P3 is the protection segment of the local network protection in the embodiment, and the working segment and the protection segment have the same end node P 1 and P3. When the data frame is transmitted from the PE 1 node to the PBB-TE technology-based network, the source address in the B-MAC of the data frame is the node MAC address of the PE 1, the destination address is the node MAC address of the PE2, and the B-VID is the Pre-configured VLAN on the traffic transport entity (where ^_ is set to VID1). When the detection result shows that the path on the working segment is normal, the data frame is at the ingress node of the working segment.
P1被重新封装, 帧的 B-MAC中的源地址被替换为 P1的节点 MAC地址, 目 的地址被替换成 P3 的节点 MAC地址, B-VID被替换为该工作段上配置的 VLAN (個_设为 VID2 ), 其中 VID 1和 VID2可以相同也可以不相同。 之后, 将封装得到的流量向工作段的出端节点发送。 当数据帧传输到工作段的出端 节点 P3后, 数据帧还原为进入局部网络之前的帧信息, 即数据帧的 B-MAC 中的源地址还原为 PE1的节点 MAC地址,目的地址还原为 PE2的节点 MAC 地址, B-VID还原为流量传输实体上配置的 VID 1。 当检测结果显示工作段发生故障, 或者存在其他保护倒换请求时, 将被 保护的流量切换到保护段上进行传输。 如图 5所示, 图 5为本发明实施例基 于 PBB-TE的网络发生保护切换后的流量示意图。 数据帧在保护段的入端节 点 PI被重新封装, 数据帧的 B-MAC中的源地址被替换为 P1的节点 MAC 地址, 目的地址被替换为保护段的出端节点 P3的节点 MAC地址, B-VID则 被替换为保护段上预先配置的 VLAN (假设为 VID3 ), 之后, 将封装得到的 流量向保护段的出端节点发送。 当数据帧传输到保护段的出端节点后, 数据 帧被还原为进入局部网络之前的帧信息, 即数据帧的 B-MAC 中的源地址还 原为 PE1的节点 MAC地址, 目的地址还原为 PE2的节点 MAC地址, B-VID 还原为该传输实体上配置的 VID1。 综上所述, 本发明实施例通过在基于 PBB-TE的网络中, 确定出局部网 络, 并在确定出的局部网络中设置工作段和保护段。 当该工作段路径发生故 障时, 只是将该工作段路径的流量切换到其保护段路径上, 而不是进行全路 径的切换, 这样提高了故障恢复的速度, 并减少了保护倒换涉及的节点。 应当理解的是, 对本领域普通技术人员来说, 可以根据上述方案的说明 加以改进或变换, 例如利用其他的用户属性进行的分众细化方法, 而所有这 些改进和变换都本应属于本发明所附权利要求的保护范围。 以上所述, 仅为本发明的较佳实施例而已, 并非用于限定本发明的保护 范围。 P1 is re-encapsulated, the source address in the B-MAC of the frame is replaced with the node MAC address of P1, the destination address is replaced with the node MAC address of P3, and the B-VID is replaced with the VLAN configured on the working segment. Set to VID2), where VID 1 and VID2 may be the same or different. After that, the encapsulated traffic is sent to the egress node of the working segment. After the data frame is transmitted to the egress node P3 of the working segment, the data frame is restored to the frame information before entering the local network, that is, the source address in the B-MAC of the data frame is restored to the MAC address of the node of the PE1, and the destination address is restored to the PE2. The node MAC address, B-VID is restored to VID 1 configured on the traffic transport entity. When the detection result indicates that the working segment has failed, or there are other protection switching requests, the protected traffic is switched to the protection segment for transmission. As shown in FIG. 5, FIG. 5 is a schematic diagram of traffic flow after network protection protection switching based on PBB-TE according to an embodiment of the present invention. The data frame is at the beginning of the protection segment The point PI is re-encapsulated, the source address in the B-MAC of the data frame is replaced with the node MAC address of P1, the destination address is replaced with the node MAC address of the outgoing node P3 of the protection segment, and the B-VID is replaced with protection. The pre-configured VLAN on the segment (assumed to be VID3). After that, the encapsulated traffic is sent to the egress node of the protection segment. After the data frame is transmitted to the egress node of the protection segment, the data frame is restored to the frame information before entering the local network, that is, the source address in the B-MAC of the data frame is restored to the MAC address of the node of the PE1, and the destination address is restored to the PE2. The node MAC address, B-VID is restored to the VID1 configured on the transport entity. In summary, the embodiment of the present invention determines a local network in a PBB-TE-based network, and sets a working segment and a protection segment in the determined local network. When the working segment path fails, only the traffic of the working segment path is switched to its protected segment path instead of the full path switching, which improves the speed of fault recovery and reduces the nodes involved in the protection switching. It should be understood that those skilled in the art can modify or change according to the description of the above scheme, for example, the method of demarcation using other user attributes, and all of these improvements and transformations belong to the present invention. The scope of protection of the claims. The above is only the preferred embodiment of the present invention and is not intended to limit the scope of the present invention.

Claims

权 利 要 求 书 Claim
1. 一种网络保护方法, 其特征在于, 在基于支持流量工程的运营商骨千 桥接技术 PBB-TE的网络中, 该方法包括以下步骤: A network protection method, characterized in that, in a network based on a carrier bone bridge technology PBB-TE supporting traffic engineering, the method comprises the following steps:
在确定出的局部网络中设置工作段和保护段;  Setting a working segment and a protection segment in the determined local network;
判断是否通过工作段传输流量, 如果是, 工作段的入端节点将接 收到的数据帧封装成工作段的传输格式, 并通过工作段端口传输封装 后的数据帧; 工作段的出端节点将数据帧还原为进入工作段入端节点 之前的帧信息并转发; 结束本流程;  Determine whether the traffic is transmitted through the working segment. If yes, the ingress node of the working segment encapsulates the received data frame into a transport format of the working segment, and transmits the encapsulated data frame through the working segment port; the outgoing node of the working segment will The data frame is restored to the frame information before entering the working node ingress node and forwarded; the process ends;
如果不是, 保护段的入端节点将接收到的数据帧封装成保护段的 传输格式, 并通过保护段端口传输封装后的数据帧; 保护段的出端节 点将数据帧还原为进入保护段入端节点之前的帧信息并转发。  If not, the ingress node of the protection segment encapsulates the received data frame into a transmission format of the protection segment, and transmits the encapsulated data frame through the protection segment port; the outbound node of the protection segment restores the data frame to enter the protection segment. Frame information before the end node and forwarded.
2. 根据权利要求 1所述的网络保护方法, 其特征在于, 根据网络的实际 情况确定出所述局部网络。 2. The network protection method according to claim 1, wherein the local network is determined according to actual conditions of the network.
3. 根据权利要求 1所述的网络保护方法, 其特征在于, 所述工作段和保 护段的端节点中, 至少存在一个端节点为同一个端节点。 The network protection method according to claim 1, wherein at least one end node of the working segment and the protection segment is the same end node.
4. 根据权利要求 1所述的网络保护方法, 其特征在于, 所述工作段转发 流量的虚拟局域网 VLAN与保护段转发流量的 VLAN不同。 The network protection method according to claim 1, wherein the virtual local area network VLAN in which the working segment forwards traffic is different from the VLAN in which the protection segment forwards traffic.
5. 根据权利要求 1所述的网络保护方法, 其特征在于, 所述判断是否通 过工作段传输流量的方法包括: 对工作段和保护段进行状态检测, 当 检测结果显示工作段和保护段均为正常, 且无保护倒换请求时, 被保 护的流量通过工作段传输; 当检测结果显示工作段发生故障, 或者有 其他保护倒换请求时, 被保护流量通过保护段传输。 The network protection method according to claim 1, wherein the method for determining whether to transmit traffic through the working segment comprises: performing state detection on the working segment and the protection segment, and displaying the working segment and the protection segment when the detection result is displayed When it is normal and there is no protection switching request, the protected traffic is transmitted through the working segment. When the detection result indicates that the working segment has failed, or there are other protection switching requests, the protected traffic is transmitted through the protection segment.
6. 根据权利要求 1所述的网络保护方法, 其特征在于, 所述状态检测方 法为连接性故障管理 CFM机制。 The network protection method according to claim 1, wherein the state detection method is a connectivity fault management CFM mechanism.
7. 根据权利要求 4所述的网络保护方法, 其特征在于, 所述工作段的入 端节点将接收到的数据帧封装成工作段的传输格式具体包括: The network protection method according to claim 4, wherein the transmitting node of the working segment encapsulates the received data frame into a working segment specifically includes:
将从局部网络外部收到的被保护的数据帧的骨千网 VLAN ID B-VID替换为工作段的 VLAN,将数据帧骨千 MAC地址 B-MAC中的 源地址替换为工作段的入端节点的节点 MAC 地址, 目的地址替换为 工作段的出端节点的节点 MAC地址。  Replace the bone network VLAN ID B-VID of the protected data frame received from the local network with the VLAN of the working segment, and replace the source address of the data frame bone kilo MAC address B-MAC with the input end of the working segment. The node's MAC address, the destination address is replaced with the node's MAC address of the egress node of the working segment.
8. 根据权利要求 4所述的网络保护方法, 其特征在于, 所述保护段的入 端节点将接收到的数据帧封装成保护段的传输格式具体包括: The network protection method according to claim 4, wherein the transmission format of the ingress node of the protection segment to encapsulate the received data frame into the protection segment comprises:
将从局部网络外部收到的被保护的数据帧的 B-VID 替换为工作 段的 VLAN, 将数据帧 B-MAC 中的源地址替换为保护段的入端节点 的节点 MAC地址, 目的地址替换为保护段的出端节点的节点 MAC地 址。  Replace the B-VID of the protected data frame received from the outside of the local network with the VLAN of the working segment, replace the source address in the data frame B-MAC with the node MAC address of the ingress node of the protection segment, and replace the destination address. The node MAC address of the egress node that protects the segment.
9. 一种网络保护架构, 其特征在于, 在基于支持流量工程的运营商骨千 桥接技术 PBB-TE的网络中, 包括确定出的局部网络, 并且, 在确定 出的局部网络中设置有工作段和保护段; A network protection architecture, characterized in that, in a network based on a carrier bone bridge technology PBB-TE supporting traffic engineering, a determined local network is included, and a work is set in the determined local network. Segment and protection segment;
当通过工作段传输流量时, 工作段的入端节点将接收到的数据帧 封装成工作段的传输格式, 并通过工作段端口传输封装后的数据帧; 工作段的出端节点将数据帧还原为进入工作段入端节点之前的帧信息 并转发;  When the traffic is transmitted through the working segment, the ingress node of the working segment encapsulates the received data frame into a transport format of the working segment, and transmits the encapsulated data frame through the working segment port; the outgoing node of the working segment restores the data frame In order to enter the frame information before the entry node of the working segment and forward it;
当通过保护段传输流量时, 保护段的入端节点将接收到的数据帧 封装成保护段的传输格式, 并通过保护段端口传输封装后的数据帧; 保护段的出端节点将数据帧还原为进入保护段入端节点之前的帧信息 并转发。  When the traffic is transmitted through the protection segment, the ingress node of the protection segment encapsulates the received data frame into a transmission format of the protection segment, and transmits the encapsulated data frame through the protection segment port; the outbound node of the protection segment restores the data frame In order to enter the frame information before the protection segment entry node and forward it.
10. 根据权利要求 9所述的网络保护架构, 其特征在于, 所述工作段和保 护段的端节点中, 至少存在一个端节点为同一个端节点。 The network protection architecture according to claim 9, wherein at least one end node of the working segment and the protection segment is the same end node.
11. 根据权利要求 9所述的网络保护架构, 其特征在于, 所述工作段转发 流量的 VLAN与保护段转发流量的 VLAN不同。 The network protection architecture according to claim 9, wherein the VLAN in which the working segment forwards traffic is different from the VLAN in which the protection segment forwards traffic.
PCT/CN2009/074592 2009-05-05 2009-10-23 Network protection method and network protection framework WO2010127533A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200910083191.1 2009-05-05
CN200910083191.1A CN101883040B (en) 2009-05-05 2009-05-05 Network protection method and network protection architecture

Publications (1)

Publication Number Publication Date
WO2010127533A1 true WO2010127533A1 (en) 2010-11-11

Family

ID=43049939

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2009/074592 WO2010127533A1 (en) 2009-05-05 2009-10-23 Network protection method and network protection framework

Country Status (2)

Country Link
CN (1) CN101883040B (en)
WO (1) WO2010127533A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080008104A1 (en) * 2006-07-05 2008-01-10 Previdi Stefano B Technique for efficiently determining acceptable link-based loop free alternates in a computer network
US20080170493A1 (en) * 2007-01-11 2008-07-17 Jean-Philippe Vasseur Protection of hierarchical tunnel head-end nodes
CN101227399A (en) * 2008-01-31 2008-07-23 华为技术有限公司 Message transmission method, system and forwarding node

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101123570B (en) * 2006-08-09 2011-05-18 华为技术有限公司 Data forward method and system between multiple operator Ethernet

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080008104A1 (en) * 2006-07-05 2008-01-10 Previdi Stefano B Technique for efficiently determining acceptable link-based loop free alternates in a computer network
US20080170493A1 (en) * 2007-01-11 2008-07-17 Jean-Philippe Vasseur Protection of hierarchical tunnel head-end nodes
CN101227399A (en) * 2008-01-31 2008-07-23 华为技术有限公司 Message transmission method, system and forwarding node

Also Published As

Publication number Publication date
CN101883040B (en) 2014-12-31
CN101883040A (en) 2010-11-10

Similar Documents

Publication Publication Date Title
US8018841B2 (en) Interworking an ethernet ring network and an ethernet network with traffic engineered trunks
JP5385154B2 (en) Method and apparatus for interconnecting Ethernet and MPLS networks
US9172630B2 (en) Method for client data transmission through a packet switched provider network
US9338052B2 (en) Method and apparatus for managing the interconnection between network domains
US8059549B2 (en) Method and apparatus for supporting network communications using point-to-point and point-to-multipoint protocols
US7782763B2 (en) Failure protection in a provider backbone bridge network using forced MAC flushing
JP5485821B2 (en) Communication frame relay apparatus and relay method
US20100220739A1 (en) Carrier Network Connection Device And Carrier Network
US20090141729A1 (en) Multiplex method of vlan switching tunnel and vlan switching system
EP2498454A1 (en) Method, device and system for processing service traffic based on pseudo wires
US20100260197A1 (en) In-band signaling for point-multipoint packet protection switching
CN101286922B (en) Signalling control method, system and apparatus
US20120106321A1 (en) Method and device for conveying traffic in a network
WO2012023538A1 (en) Communication device, communication system, communication method, and recording medium
WO2008119300A1 (en) A protecting method and device for ethernet tree service
US7646732B2 (en) Full mesh status monitor
US20170331720A1 (en) Individual Virtual Private Local Area Network Service Conversion to a Different Virtual Private Network Service
JP5521035B2 (en) Method and system for joint detection of partial Ethernet segment protection
US8738960B2 (en) Local protection method of ethernet tunnel and sharing node of work sections of protection domain
WO2007104201A1 (en) A method for forwarding message in the service tunnel of the ethernet application and a system thereof
WO2011011934A1 (en) Method and apparatus for ethernet tunnel segmentation protection
WO2011020339A1 (en) Method and system for switching in segment protection
WO2011029249A1 (en) Protection method and device for an ethernet tunnel
WO2010127533A1 (en) Network protection method and network protection framework
WO2013157256A1 (en) Interworking device, method, and non-transitory computer-readable medium storing a program

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09844285

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09844285

Country of ref document: EP

Kind code of ref document: A1