WO2013053122A1 - Method and device for preventing loop in virtual private network - Google Patents

Method and device for preventing loop in virtual private network Download PDF

Info

Publication number
WO2013053122A1
WO2013053122A1 PCT/CN2011/080745 CN2011080745W WO2013053122A1 WO 2013053122 A1 WO2013053122 A1 WO 2013053122A1 CN 2011080745 W CN2011080745 W CN 2011080745W WO 2013053122 A1 WO2013053122 A1 WO 2013053122A1
Authority
WO
WIPO (PCT)
Prior art keywords
mac
protection policy
drift frequency
blocked
module
Prior art date
Application number
PCT/CN2011/080745
Other languages
French (fr)
Chinese (zh)
Inventor
王鸾
吴学智
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Priority to PCT/CN2011/080745 priority Critical patent/WO2013053122A1/en
Publication of WO2013053122A1 publication Critical patent/WO2013053122A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4604LAN interconnection over a backbone network, e.g. Internet, Frame Relay
    • H04L12/462LAN interconnection over a bridge based backbone
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/18Loop-free operations

Definitions

  • the present invention relates to the field of network communications, and more particularly to a method and apparatus for preventing loops in a virtual private network. Background technique
  • Virtual Private LAN Service is an implementation of Multi-Protocol Label Switching Layer 2 Virtual Private Network (MPLS L2VPN).
  • MPLS Multi-Protocol Label Switching
  • MPLS Multi- Protocol Label Switching
  • VPN Layer 2 Virtual Private Network
  • PW virtual links
  • MAC Media Forward Control
  • VFI Virtual Forwarding Instance
  • FIG. 1 shows the structure of a typical VPLS network. Interfaces added to the VPLS support broadcast, forward, and filter Ethernet frames.
  • the Provider Edge PE
  • the PW is a two-way virtual connection. It consists of a pair of unidirectional MPLS virtual circuits (VCs), and the client device (
  • the customer edge (CE) is connected to the PE through an access circuit (AC) to form a local area network (LAN).
  • Each PE not only learns the MAC address of the Ethernet packet from the PW, but also learns the MAC address of the Ethernet packet from the connected CE.
  • the main object of the present invention is to provide a method and apparatus for preventing loops in a virtual private network, and to achieve the purpose of releasing a loop according to user requirements.
  • a method for preventing a loop in a virtual private network comprising the steps of: performing statistics on MAC drift according to a MAC entry reported by a subsystem of a service provider device PE, and obtaining a MAC drift frequency;
  • the statistics of the MAC drift are obtained, and the MAC drift frequency is obtained by: obtaining interface information in the reported MAC entry, and obtaining the source AC or PW of the MAC according to the interface information, and The count value of the MAC of the AC or PW is incremented by one; when the preset timer expires, the count value of the MAC is divided by the timer duration of the timer to obtain the MAC drift frequency.
  • the blocking of the AC or the PW that transmits the MAC to the PE is: when the source of the MAC is AC, and the pre-configured protection policy is an AC-side protection policy, the AC that applies the protection policy The flag of the blocked traffic is marked, and an update message is sent, and the status of the AC is updated.
  • the source of the MAC is a PW
  • the pre-configured protection policy is a PW side tag
  • an update message is sent
  • the VC corresponding to the PW is updated. The status of the entry.
  • the blocking of the access circuit AC or the virtual link PW that transmits the MAC to the PE further includes: deleting a count of the MAC originating from the AC or deleting a source originating from the PW The count of the MAC.
  • the protection policy is deleted when the deletion protection policy information input by the user is received. If the protection policy is not blocked by the AC or the PW, the protection policy is deleted; or when the AC or PW of the protection policy is blocked, the protection policy is deleted, and the AC or the PW is corresponding.
  • the flag of the blocked traffic of the VC entry is cleared, and an update message is sent, and the state of the AC or the state of the VC entry corresponding to the PW is updated.
  • An apparatus for preventing a loop in a virtual private network where the apparatus includes a statistic module, a comparison module, and an execution module.
  • the statistic module is configured to perform statistics on MAC drift according to a MAC entry reported by a subsystem of the PE, to obtain a MAC.
  • a comparison module configured to compare the MAC drift frequency with a preset maximum MAC drift frequency, where the MAC drift frequency is greater than or equal to the maximum MAC drift frequency, send trigger information to the execution module; And, when receiving the trigger information sent by the comparison module, blocking the AC or PW that transmits the MAC to the PE.
  • the statistic module is specifically configured to obtain interface information in the reported MAC entry, and obtain a source AC or PW of the MAC according to the interface information, and obtain the MAC originating from the AC or PW.
  • the count value is incremented by one; when the preset timer expires, the count value of the MAC is divided by the timer duration of the timer to obtain the MAC drift frequency.
  • the execution module is specifically configured to: when the source of the MAC is an AC, and the pre-configured protection policy is an AC-side protection policy, the AC functioning as the protection policy is marked with the blocked traffic, and the update message is sent, and the update is performed.
  • the state of the AC when the source of the MAC is the PW, and the pre-configured protection policy is the PW-side protection policy, the VC entry corresponding to the PW that acts as the protection policy is marked with the blocking traffic, and an update message is sent. Update the status of the VC entry corresponding to the PW.
  • the execution module is further configured to delete a count of the MAC originating from the AC, and delete a count of the MAC originating from the PW.
  • the device further includes a deletion module, configured to receive deletion protection policy information input by the user And deleting the protection policy according to the execution result of the execution module; the deleting is omitted; when the AC or PW functioning by the protection policy is blocked, deleting the protection policy, the AC or the The flag of the blocked traffic of the VC entry corresponding to the PW is cleared, and an update message is sent, and the state of the AC or the state of the VC entry corresponding to the PW is updated.
  • a deletion module configured to receive deletion protection policy information input by the user And deleting the protection policy according to the execution result of the execution module; the deleting is omitted; when the AC or PW functioning by the protection policy is blocked, deleting the protection policy, the AC or the The flag of the blocked traffic of the VC entry corresponding to the PW is cleared, and an update message is sent, and the state of the AC or the state of the VC entry corresponding to the PW is updated.
  • the present invention provides a method and a device for preventing a loop in a virtual private network.
  • the MAC address drift phenomenon must exist according to the formation of the loop.
  • the protection policy can be configured according to user requirements and networking requirements. When the MAC drift frequency is greater than or equal to the pre-detection When the maximum MAC address is set, the AC or PW that acts on the protection policy is blocked to achieve the purpose of loop cancellation. This ensures network stability and service requirements, and is more flexible and simple to implement.
  • Figure 1 is a schematic structural diagram of a typical VPLS networking
  • FIG. 2 is a schematic flow chart of a method for preventing a loop in a virtual private network according to the present invention
  • FIG. 5 is a schematic structural diagram of an apparatus for preventing a loop in a virtual private network according to the present invention. detailed description
  • the basic idea of the present invention is: according to the MAC entry reported by the subsystem of the PE, statistics of the MAC drift, to obtain the MAC drift frequency; comparing the MAC drift frequency with a preset maximum MAC drift frequency; When the drift frequency is greater than or equal to the maximum MAC drift frequency, the AC or PW that transmits the MAC to the PE is blocked.
  • FIG. 2 shows a flow of a method for preventing a loop in a virtual private network according to the present invention. As shown in FIG. 2, the method includes the following steps:
  • the subsystem of the PE learns the MAC address of the Ethernet packet received from the PW, and the MAC address of the Ethernet packet received from the CE connected thereto, and reports the learned MAC entry;
  • the PE subsystem when the PE subsystem receives a new Ethernet packet, it learns the MAC and reports it.
  • the process is the same as the existing one, and is not described here.
  • the subsystem of the PE may be direct hardware accessed by a user such as a line card, and the main system of the PE is a main control board.
  • the primary system of the PE performs statistics on the MAC drift according to the MAC entry of the PE subsystem, and obtains the MAC drift frequency.
  • the MAC entry reported by the subsystem of the PE is obtained, where the MAC entry includes information such as the MAC and the interface information, where the interface information refers to the interface information corresponding to the AC or PW of the MAC, that is, according to the interface information.
  • the interface information may be used to learn which AC or PW the MAC flows into the PE, that is, the source AC or PW of the MAC.
  • the interface information corresponding to the AC or PW of the learned MAC address may be obtained, and the MAC address of the MAC entry acquired by the primary system of the PE already exists in the primary system, but exists in the primary
  • the AC or PW corresponding to the interface information in the acquired MAC entry is used.
  • the count value of the MAC is increased by 1; when the MAC address of the MAC entry acquired by the primary system of the PE first appears in the primary system, the AC or PW corresponding to the interface information in the obtained MAC entry is started. The MAC counts.
  • the interface information in the MAC entry is corresponding to the The count value of the MAC of the AC or the PW is divided by the time duration of the timer, and the number of times of the MAC drift in the unit time is obtained as the MAC drift frequency, wherein the preset timer can start according to the trigger information input by the user. Timing.
  • the timer duration can be set according to the user's needs and network performance.
  • the main system of the PE determines whether the MAC drift frequency is less than a preset maximum MAC drift frequency, and if so, executes S204, otherwise, executes S205;
  • the maximum MAC drift frequency can be set according to user requirements and network performance, and a maximum MAC drift frequency can be set for AC and PW.
  • the MAC drift frequency is less than the maximum MAC drift frequency, the MAC is indicated by the MAC.
  • the drift frequency is drifting in the VPLS, the network can also meet the user's needs.
  • the MAC drift frequency is greater than or equal to the maximum MAC drift frequency, it indicates that the network cannot meet the user's needs at this time, and the loop needs to be broken.
  • the PE continues to forward traffic through the AC or PW, and continues to execute S201;
  • the primary system of the PE obtains a pre-configured protection policy.
  • the content of the pre-configured protection policy is blocked.
  • the pre-configured AC side protection policy is obtained, and then S206 is performed; If the source of the MAC address whose MAC address is greater than or equal to the maximum MAC address is PW, and the PW side protection policy is pre-configured, the pre-configured PW side protection policy is obtained, and then S208 is performed.
  • the AC-side protection policy is configured to pre-configure the protection policy on the AC according to the needs of the user or the network, that is, when the VPLS with the AC-side protection policy is looped, the configuration will be configured.
  • the AC with the protection policy is blocked to break the loop.
  • the PW protection policy is configured on the PW according to the requirements of the user or the network, that is, when the PW protection policy is configured. When a loop occurs in VPLS, a protection policy is configured. The PW is blocked to break the loop.
  • the protection policy when the protection policy is an AC-side protection policy, the primary system of the PE is marked with a blocking traffic for the AC configured with the protection policy. When the user is deleted and the protection policy is re-configured, the protection policy is effectively operated. .
  • the primary system of the PE sends an update message to the subsystem of the PE, and the subsystem updates the state of the AC to a blocked state, and then executes S210;
  • the primary system of the PE adds a blocking traffic flag to the VC entry corresponding to the PW configured with the protection policy.
  • the PW is composed of a pair of unidirectional VCs, wherein the flow of the pair of unidirectional VCs is reversed, and the flow of the PWs is obtained according to the VC entries corresponding to the PWs. Therefore, the PW flows that need to be blocked are generated. If the corresponding VC entry is marked with the blocking traffic, the purpose of blocking the flow of the PW can be implemented. When the user deletes the protection policy and reconfigures the protection policy, the protection policy is effectively operated.
  • the primary system of the PE sends an update message to the subsystem of the PE, and the subsystem updates the state of the VC entry corresponding to the PW to a blocked state;
  • the primary system of the PE deletes the protection policy and performs traffic recovery processing.
  • the VC that points from PE1 to PE2 in the PW between PE1 and PE2 is marked as PW12.
  • the VC marked by PE2 to PE1 is labeled as PW21, and so on.
  • the six PWs are: PW12, PW21, PW23, PW32, PW13, and PW31.
  • Each PE has a CE connected to VPN1 through the AC.
  • the unknown MAC address is the source MAC address and is marked as SMAC.
  • the subsystem of PE1 performs SMAC learning and reports the MAC entry to the primary system.
  • the MAC entry includes SMAC and Interface information, etc., where the interface information refers to the AC that learns the SMAC, that is, the SMAC flows into the PE through the AC, that is, the source AC of the SMAC, and then the PE broadcasts the Ethernet packet in the VPLS VPN1 through the PW12 and the PW13.
  • the Ethernet packets that go out of the PW12 will be looped along the path PE1—PE2—PE3—PE1, and then enter the PE1 from the PW31.
  • the PE1 broadcasts through the AC and PW12.
  • the Ethernet packets sent out from the PW13 are similar, along the path PE1.
  • PE3—PE2—PE1 then enters PE1 from PW21, and PE1 broadcasts through AC and PW13.
  • a similar situation occurs on PE2 and PE3, so that SMAC frequently drifts on AC, PW12, PW13, PW21, PW23, PW31, and PW32 of PE1, PE2, and PE3.
  • Ethernet packets are transparently transmitted in VPLS, they cannot be blocked to the CE side port and can protect PW12, PW21, PW23, and PW32.
  • the PW side protection policy applied to the PW31 can be configured on the PE1.
  • the following attributes are added: When the PE1 learns that the MAC drift frequency from the PW31 is greater than or When the preset maximum MAC address is equal to the frequency, the PW31 is blocked.
  • the PW side protection policy applied to the PW13 is configured on the PE3.
  • the PW side protection policy applied to the PW31 is configured on the PE1
  • the CE1 sends an Ethernet packet with an unknown MAC address
  • the subsystem of the PE1 learns the SMAC.
  • the MAC address reported by the PE1 includes the SMAC and the interface information.
  • the AC corresponding to the interface information is the AC between CE1 and PE1.
  • the subsystem of the PE1 continuously reports the SMAC entries learned from the PW31, and the sub-PE1 is reported.
  • the primary system of the PE1 increases the count value of the SMAC from the PW31 by one.
  • the timer expires, the count value is divided by the timer.
  • the SMAC drift frequency is obtained.
  • the SMAC drift frequency is greater than the preset maximum MAC drift frequency, the VC entry corresponding to the PW31 is marked with blocking traffic, and the SMAC count from the PW31 is deleted.
  • the subsystem of the PE1 After the update message is sent to the subsystem of the PE1, the subsystem of the PE1 receives the update message, blocks the PW31, and updates the state of the PW31 to the blocked state.
  • the PW side protection policy applied to the PW13 is configured on the PE3.
  • the protection policies configured on PE1 and PE3 are deleted and updated.
  • PW13 and PW31 are blocked, they are not only required.
  • the protection policy is configured to be deleted on the PE1 and the PE3, and the flag of the blocked traffic of the VC entry is cleared, and an update message is sent to update the state of the VC entry corresponding to the PW.
  • the A, B, and C devices have loops, and B and C belong to the VPN1 of a VPLS.
  • the PW is the PWbc and the A is the CE.
  • the two ports of the A are connected to the B and C through the ACab and the ACac.
  • the three ports of the A belong to the same virtual LAN to broadcast Ethernet packets to the AC.
  • the AC user is blocked on the ACac.
  • the AC side protection policy applied to the ACac can be configured on C. The following attributes are added: When C learns that the MAC drift frequency from ACac is greater than or equal to When the preset maximum MAC drift frequency is used, ACac is blocked. Specifically, when A sends an Ethernet message of unknown MAC address, it broadcasts and forwards in VPLS VPN1, and the subsystem of C reports the situation of learning SMAC. When SMAC is drifting between B and C, the child of C The system continuously reports the MAC entries learned from the ACac. The subsystem of the C receives the SMAC once and receives the report from the ACac, and the primary system of C increases the count value of the SMAC from the ACac by one.
  • the count value is divided by the duration of the timer to obtain the SMAC drift frequency.
  • the SMAC drift frequency is greater than the preset maximum MAC drift frequency, the ACac is marked with blocking traffic, and Deleting the count of the SMACs from the ACac, and sending an update message to the subsystem of C.
  • the subsystem of C blocks the ACac, and updates the state of the ACac to a blocked state to meet user requirements protection.
  • the ACab and PWbc that are expected to be protected, while releasing the loop, maintain the stability of the network.
  • the protection policy configured on C is deleted and updated; when the ACac is blocked, not only is the configuration The protection policy on C is deleted, and the flag of the blocked traffic of the ACac is also cleared, and an update message is sent to update the state of the ACac.
  • FIG. 5 is a diagram showing the structure of an apparatus for preventing a loop in a virtual private network according to the present invention, as shown in FIG.
  • the device includes a statistic module 11, a comparison module 12, and an execution module 13, wherein the statistic module 11 is configured to perform statistics on MAC drift according to MAC entries reported by the subsystem of the PE, and obtain a MAC drift frequency; the comparison module 12 is configured to compare Transmitting the trigger information to the execution module 13 when the MAC drift frequency is greater than or equal to the maximum MAC drift frequency, and the executing module 13 is configured to receive the When the trigger information sent by the module 12 is compared, the AC or PW that transmits the MAC to the PE is blocked.
  • the statistic module 11 is specifically configured to obtain the source AC or PW of the MAC in the reported MAC entry, and add the count value of the MAC originating from the AC or PW to 1; when the preset timer expires, The MAC value is obtained by dividing the count value of the MAC by the timer duration of the timer.
  • the execution module 13 is specifically configured to: when the source of the MAC is AC, and the pre-configured protection policy is an AC-side protection policy, the AC functioning as the protection policy is marked with a blocked traffic, and the update message is sent, and the update is performed.
  • the source of the MAC is the PW
  • the pre-configured protection policy is the PW-side protection policy
  • the VC entry corresponding to the PW that acts as the protection policy is marked with the blocked traffic, and the update message is sent and updated. Status of the VC entry corresponding to the PW.
  • the execution module 13 is further configured to delete the MAC originating from the AC.
  • the apparatus further includes a deleting module 14 configured to receive the deletion protection policy information input by the user according to the execution module 13 As a result of the execution, the protection policy is deleted.
  • the deletion module 14 deletes the protection policy; when the AC or PW functioning by the protection policy is blocked, the module is deleted. 14 deleting the protection policy, the AC or The flag of the blocked traffic of the vc entry corresponding to the PW is cleared, and an update message is sent, and the state of the AC or the state of the VC entry corresponding to the PW is updated.
  • the present invention provides a method and a device for preventing a loop in a virtual private network.
  • the MAC address drift phenomenon must exist in the loop formation.
  • the protection policy can be configured according to user requirements and networking requirements. When the MAC drift frequency is greater than or equal to the pre-detection When the maximum MAC address is set, the AC or PW that applies the protection policy is blocked to achieve the purpose of loop cancellation. This ensures network stability and service requirements, and is more flexible and simple to implement.

Abstract

The present invention provides a method and a device for preventing a loop in a virtual private network. The method comprises the following steps: gathering a statistic of MAC drift according to a MAC item reported by a subsystem of a PE, and obtaining a MAC drift frequency; comparing the MAC drift frequency and a preset maximum MAC drift frequency; if the MAC drift frequency is greater than or equal to the preset maximum MAC drift frequency, blocking an AC or a PW that transmits MACs to the PE. In the method and device for preventing a loop in a virtual private network provided by the present invention, MAC drift occur when a loop is formed, so a protection policy can be configured according to the user requirement and networking demand. When it is detected that the MAC drift frequency is greater than the preset maximum MAC drift frequency, the AC or PW configured with the protection policy is blocked, so as to release the loop. The present invention not only ensures the network stability and service requirement, but also provides a more flexible and more convenient implementation manner.

Description

一种防止虚拟专用网中环路的方法及装置 技术领域  Method and device for preventing loop in virtual private network
本发明涉及网络通信领域, 尤其涉及一种防止虚拟专用网中环路的方 法及装置。 背景技术  The present invention relates to the field of network communications, and more particularly to a method and apparatus for preventing loops in a virtual private network. Background technique
虚拟专用局域网业务( Virtual Private LAN Service, VPLS )是多协议标 签交换二层虚拟专用网 (Multi-Protocol Label Switching Layer2 Virtual Private Network, MPLS L2VPN )一种实现方式, VPLS基于多协议标签交 换( Multi-Protocol Label Switching , MPLS )和以太网技术的二层虚拟专用 网 ( Virtual Private Network, VPN )技术, 在现有的广域网上提供虚拟以太 网月良务, 通过成员关系发现、 虚链路(Pseudo Wire, PW )建立与维护、 虚 拟转发实例( Virtual Forwarding Instance, VFI )内基于媒体接入控制( Media Access Control, MAC ) 的转发实现跨广域网的局域网站点的互连, 从而通 过因特网把地理上分散的局域网互连起来。  Virtual Private LAN Service (VPLS) is an implementation of Multi-Protocol Label Switching Layer 2 Virtual Private Network (MPLS L2VPN). VPLS is based on multi-protocol label switching (Multi- Protocol Label Switching (MPLS) and Ethernet technology's Layer 2 Virtual Private Network (VPN) technology, providing virtual Ethernet monthly services on existing WANs, through membership discovery, virtual links (Pseudo Wire , PW) Establish and maintain, Media Forward Control (MAC)-based forwarding in the Virtual Forwarding Instance (VFI) to enable interconnection of LAN sites across the WAN, thereby geographically dispersed across the Internet. The LANs are interconnected.
图 1示出了一个 VPLS的典型组网的结构示意,加入到 VPLS的接口支 持广播、转发和过滤以太网帧。如图 1所示,服务提供商设备(Provider Edge, PE )之间通过 PW互相连接, PW为双向虚拟连接, 由一对单向的 MPLS 虚电路( Virtual Circuit, VC )构成, 客户端设备 ( Customer Edge, CE )与 PE之间通过接入电路(Attachment Circuit, AC )连接, 形成一个仿真局域 网 ( Local Area Network, LAN )。 每个 PE不但要学习从 PW来的以太网报 文的 MAC地址, 也要学习所连接 CE来的以太网 ^艮文的 MAC地址。  Figure 1 shows the structure of a typical VPLS network. Interfaces added to the VPLS support broadcast, forward, and filter Ethernet frames. As shown in Figure 1, the Provider Edge (PE) is connected to each other through the PW. The PW is a two-way virtual connection. It consists of a pair of unidirectional MPLS virtual circuits (VCs), and the client device ( The customer edge (CE) is connected to the PE through an access circuit (AC) to form a local area network (LAN). Each PE not only learns the MAC address of the Ethernet packet from the PW, but also learns the MAC address of the Ethernet packet from the connected CE.
VPLS中, 是通过 MAC的转发实现跨广域网的局域网站点的互联, 因 此 VPLS—旦出现环路, 则一定存在 MAC的漂移现象, 而环路的形成会导 致广播风暴、 多帧拷贝等问题, 因此需要提供一种方法来防止环路的形成。 发明内容 In VPLS, MAC address forwarding is implemented across the LAN sites of the WAN. Therefore, if there is a loop in VPLS, there must be MAC drift, and the formation of the loop will lead. Broadcasting, multi-frame copying, etc., so there is a need to provide a way to prevent loop formation. Summary of the invention
有鉴于此, 本发明的主要目的在于提供一种防止虚拟专用网中环路的 方法及装置, 实现了根据用户需求解除环路的目的。  In view of this, the main object of the present invention is to provide a method and apparatus for preventing loops in a virtual private network, and to achieve the purpose of releasing a loop according to user requirements.
为达到上述目的, 本发明的技术方案是这样实现的:  In order to achieve the above object, the technical solution of the present invention is achieved as follows:
一种防止虚拟专用网中环路的方法, 所述方法包括下述步驟: 根据服务提供商设备 PE的子系统上报的 MAC条目, 对 MAC的漂移 进行统计, 得到 MAC漂移频率;  A method for preventing a loop in a virtual private network, the method comprising the steps of: performing statistics on MAC drift according to a MAC entry reported by a subsystem of a service provider device PE, and obtaining a MAC drift frequency;
比较所述 MAC漂移频率与预先设置的最大 MAC漂移频率的大小; 所述 MAC漂移频率大于或等于所述最大 MAC漂移频率时, 对传输所 述 MAC至所述 PE的接入电路 AC或虚链路 PW进行阻塞。  Comparing the MAC drift frequency with a preset maximum MAC drift frequency; when the MAC drift frequency is greater than or equal to the maximum MAC drift frequency, accessing the MAC to the PE access circuit AC or virtual chain The road PW is blocked.
具体地, 所述对 MAC的漂移进行统计, 得到 MAC漂移频率为: 获取 上报的 MAC条目中的接口信息, 并根据所述接口信息得到所述 MAC的来 源 AC或 PW, 并将来源于所述 AC或 PW的所述 MAC的计数值加 1; 预 先设置的定时器到时,将所述 MAC的计数值除以定时器的定时时长,得到 所述 MAC漂移频率。  Specifically, the statistics of the MAC drift are obtained, and the MAC drift frequency is obtained by: obtaining interface information in the reported MAC entry, and obtaining the source AC or PW of the MAC according to the interface information, and The count value of the MAC of the AC or PW is incremented by one; when the preset timer expires, the count value of the MAC is divided by the timer duration of the timer to obtain the MAC drift frequency.
具体地, 所述对传输所述 MAC至所述 PE的 AC或 PW进行阻塞为: 当所述 MAC的来源为 AC, 且预先配置的保护策略为 AC侧保护策略时, 将应用保护策略的 AC打上阻塞流量的标记, 并发送更新消息, 更新所述 AC的状态; 当所述 MAC的来源为 PW, 且预先配置的保护策略为 PW侧 标记, 并发送更新消息, 更新所述 PW对应的 VC表项的状态。  Specifically, the blocking of the AC or the PW that transmits the MAC to the PE is: when the source of the MAC is AC, and the pre-configured protection policy is an AC-side protection policy, the AC that applies the protection policy The flag of the blocked traffic is marked, and an update message is sent, and the status of the AC is updated. When the source of the MAC is a PW, and the pre-configured protection policy is a PW side tag, and an update message is sent, the VC corresponding to the PW is updated. The status of the entry.
进一步地, 所述对传输所述 MAC至所述 PE的接入电路 AC或虚链路 PW进行阻塞还包括: 删除来源于所述 AC的所述 MAC的计数或删除来源 于所述 PW的所述 MAC的计数。 其中, 当接收到用户输入的删除保护策略信息,对所述保护策略进行删 除。 当保护策略作用的 AC或 PW并未阻塞时, 则删除所述保护策略; 或者 当保护策略作用的 AC或 PW已经阻塞时, 则删除所述保护策略, 将所述 AC或所述 PW对应的 VC表项的阻塞流量的标记清除, 并发送更新消息, 更新所述 AC的状态或所述 PW对应的 VC表项的状态。 Further, the blocking of the access circuit AC or the virtual link PW that transmits the MAC to the PE further includes: deleting a count of the MAC originating from the AC or deleting a source originating from the PW The count of the MAC. The protection policy is deleted when the deletion protection policy information input by the user is received. If the protection policy is not blocked by the AC or the PW, the protection policy is deleted; or when the AC or PW of the protection policy is blocked, the protection policy is deleted, and the AC or the PW is corresponding. The flag of the blocked traffic of the VC entry is cleared, and an update message is sent, and the state of the AC or the state of the VC entry corresponding to the PW is updated.
一种防止虚拟专用网中环路的装置,所述装置包括统计模块、比较模块 以及执行模块; 其中, 统计模块, 用于根据 PE的子系统上报的 MAC条目, 对 MAC的漂移进行统计, 得到 MAC漂移频率; 比较模块, 用于比较所述 MAC漂移频率与预先设置的最大 MAC漂移频率的大小, 所述 MAC漂移 频率大于或等于所述最大 MAC漂移频率时,发送触发信息给执行模块; 执 行模块, 用于接收到所述比较模块发送的触发信息时,对传输所述 MAC至 所述 PE的 AC或 PW进行阻塞。  An apparatus for preventing a loop in a virtual private network, where the apparatus includes a statistic module, a comparison module, and an execution module. The statistic module is configured to perform statistics on MAC drift according to a MAC entry reported by a subsystem of the PE, to obtain a MAC. a comparison module, configured to compare the MAC drift frequency with a preset maximum MAC drift frequency, where the MAC drift frequency is greater than or equal to the maximum MAC drift frequency, send trigger information to the execution module; And, when receiving the trigger information sent by the comparison module, blocking the AC or PW that transmits the MAC to the PE.
进一步地, 所述统计模块具体用于获取上报的 MAC条目中的接口信 息, 并根据所述接口信息得到所述 MAC的来源 AC或 PW, 并将来源于所 述 AC或 PW的所述 MAC的计数值加 1; 预先设置的定时器到时, 将所述 MAC的计数值除以定时器的定时时长, 得到所述 MAC漂移频率。  Further, the statistic module is specifically configured to obtain interface information in the reported MAC entry, and obtain a source AC or PW of the MAC according to the interface information, and obtain the MAC originating from the AC or PW. The count value is incremented by one; when the preset timer expires, the count value of the MAC is divided by the timer duration of the timer to obtain the MAC drift frequency.
进一步地, 所述执行模块具体用于当所述 MAC的来源为 AC, 且预先 配置的保护策略为 AC侧保护策略时,将保护策略作用的 AC打上阻塞流量 的标记, 并发送更新消息, 更新所述 AC的状态; 当所述 MAC的来源为 PW, 且预先配置的保护策略为 PW侧保护策略时, 将保护策略作用的 PW 对应的 VC表项打上阻塞流量的标记,并发送更新消息,更新所述 PW对应 的 VC表项的状态。  Further, the execution module is specifically configured to: when the source of the MAC is an AC, and the pre-configured protection policy is an AC-side protection policy, the AC functioning as the protection policy is marked with the blocked traffic, and the update message is sent, and the update is performed. The state of the AC; when the source of the MAC is the PW, and the pre-configured protection policy is the PW-side protection policy, the VC entry corresponding to the PW that acts as the protection policy is marked with the blocking traffic, and an update message is sent. Update the status of the VC entry corresponding to the PW.
具体地, 所述执行模块进一步用于删除来源于所述 AC的所述 MAC的 计数, 以及删除来源于所述 PW的所述 MAC的计数。  Specifically, the execution module is further configured to delete a count of the MAC originating from the AC, and delete a count of the MAC originating from the PW.
所述装置还包括删除模块, 用于接收到用户输入的删除保护策略信息 时, 根据所述执行模块的执行结果, 对所述保护策略进行删除; 所述删除 略; 当保护策略作用的 AC或 PW已经阻塞时, 则删除所述保护策略, 将所 述 AC或所述 PW对应的 VC表项的阻塞流量的标记清除,并发送更新消息, 更新所述 AC的状态或所述 PW对应的 VC表项的状态。 The device further includes a deletion module, configured to receive deletion protection policy information input by the user And deleting the protection policy according to the execution result of the execution module; the deleting is omitted; when the AC or PW functioning by the protection policy is blocked, deleting the protection policy, the AC or the The flag of the blocked traffic of the VC entry corresponding to the PW is cleared, and an update message is sent, and the state of the AC or the state of the VC entry corresponding to the PW is updated.
本发明提供了一种防止虚拟专用网中环路的方法及装置, 根据环路的 形成一定存在 MAC 漂移现象, 可以根据用户需求和组网需要配置保护策 略, 当检测到 MAC漂移频率大于或等于预设的最大 MAC漂移频率时, 对 作用了保护策略的 AC或 PW进行阻塞,达到环路解除的目的,既保证了网 络稳定和业务需求, 实现方式上也更为灵活简便。 附图说明  The present invention provides a method and a device for preventing a loop in a virtual private network. The MAC address drift phenomenon must exist according to the formation of the loop. The protection policy can be configured according to user requirements and networking requirements. When the MAC drift frequency is greater than or equal to the pre-detection When the maximum MAC address is set, the AC or PW that acts on the protection policy is blocked to achieve the purpose of loop cancellation. This ensures network stability and service requirements, and is more flexible and simple to implement. DRAWINGS
图 1为 VPLS典型组网的结构示意图;  Figure 1 is a schematic structural diagram of a typical VPLS networking;
图 2为本发明的防止虚拟专用网中环路的方法的流程示意图; 示意图; 示意图;  2 is a schematic flow chart of a method for preventing a loop in a virtual private network according to the present invention; schematic diagram; schematic diagram;
图 5为本发明的防止虚拟专用网中环路的装置的结构示意图。 具体实施方式  FIG. 5 is a schematic structural diagram of an apparatus for preventing a loop in a virtual private network according to the present invention. detailed description
本发明的基本思想为: 根据 PE的子系统上报的 MAC条目, 对 MAC 的漂移进行统计, 得到 MAC漂移频率; 比较所述 MAC漂移频率与预先设 置的最大 MAC漂移频率的大小; 当所述 MAC漂移频率大于或等于所述最 大 MAC漂移频率时,对传输所述 MAC至所述 PE的 AC或 PW进行阻塞。  The basic idea of the present invention is: according to the MAC entry reported by the subsystem of the PE, statistics of the MAC drift, to obtain the MAC drift frequency; comparing the MAC drift frequency with a preset maximum MAC drift frequency; When the drift frequency is greater than or equal to the maximum MAC drift frequency, the AC or PW that transmits the MAC to the PE is blocked.
为使本发明的目的、 技术方案和优点更加清楚明白, 以下举实施例并 参照附图, 对本发明进一步详细说明。 In order to make the objects, technical solutions and advantages of the present invention more clear, the following embodiments are The invention will be described in further detail with reference to the accompanying drawings.
图 2示出了本发明防止虚拟专用网中环路的方法的流程, 如图 2所示, 所述方法包括下述步驟:  2 shows a flow of a method for preventing a loop in a virtual private network according to the present invention. As shown in FIG. 2, the method includes the following steps:
5201 , PE的子系统学习从 PW接收到的以太网报文的 MAC , 以及从 和其连接的 CE接收到的以太网报文的 MAC, 并将学习到的 MAC条目进 行上报;  5201, the subsystem of the PE learns the MAC address of the Ethernet packet received from the PW, and the MAC address of the Ethernet packet received from the CE connected thereto, and reports the learned MAC entry;
本步驟中, 当 PE的子系统接收到新的以太网报文时, 会进行 MAC的 学习并进行上报, 该过程与现有相同, 此处不再赘述。  In this step, when the PE subsystem receives a new Ethernet packet, it learns the MAC and reports it. The process is the same as the existing one, and is not described here.
应当理解, 所述 PE 的子系统可以为线卡等用户接入的直接硬件, PE 的主系统为主控板。  It should be understood that the subsystem of the PE may be direct hardware accessed by a user such as a line card, and the main system of the PE is a main control board.
5202, PE的主系统根据 PE的子系统上 ^艮的 MAC条目, 对 MAC的漂 移进行统计, 得到 MAC漂移频率;  5202, the primary system of the PE performs statistics on the MAC drift according to the MAC entry of the PE subsystem, and obtains the MAC drift frequency.
本步驟中, 获取 PE的子系统上报的 MAC条目, 其中, 所述 MAC条 目中包含有 MAC以及接口信息等信息, 所述接口信息指学习所述 MAC的 AC或 PW对应的接口信息, 即根据所述接口信息可以得知所述 MAC通过 哪个 AC或 PW流入到所述 PE, 即 MAC的来源 AC或 PW。  In this step, the MAC entry reported by the subsystem of the PE is obtained, where the MAC entry includes information such as the MAC and the interface information, where the interface information refers to the interface information corresponding to the AC or PW of the MAC, that is, according to the interface information. The interface information may be used to learn which AC or PW the MAC flows into the PE, that is, the source AC or PW of the MAC.
具体地, 当获取到一条 MAC条目时, 可以得到学习的所述 MAC 的 AC或 PW对应的接口信息,当 PE的主系统获取的 MAC条目的 MAC地址 在主系统已存在, 但已存在于主系统中、 包含所述 MAC的 MAC条目内的 接口信息与所述获取的 MAC条目内的接口信息不一致时,则将来源于所述 获取的 MAC条目内的接口信息对应的 AC或 PW的所述 MAC的计数值增 加 1; 当 PE的主系统获取的 MAC条目的 MAC地址在主系统中第一次出 现时, 则开始对来源于所述获取的 MAC条目内的接口信息对应的 AC或 PW的 MAC进行计数。  Specifically, when a MAC entry is obtained, the interface information corresponding to the AC or PW of the learned MAC address may be obtained, and the MAC address of the MAC entry acquired by the primary system of the PE already exists in the primary system, but exists in the primary In the system, when the interface information in the MAC entry that includes the MAC is inconsistent with the interface information in the obtained MAC entry, the AC or PW corresponding to the interface information in the acquired MAC entry is used. The count value of the MAC is increased by 1; when the MAC address of the MAC entry acquired by the primary system of the PE first appears in the primary system, the AC or PW corresponding to the interface information in the obtained MAC entry is started. The MAC counts.
当预先设置的定时器到时时, 将 MAC条目内的接口信息对应的所述 AC或 PW的 MAC的计数值除以所述定时器的定时时长, 得到单位时间内 MAC的漂移次数, 作为所述 MAC漂移频率, 其中, 预先设置的定时器可 以根据用户输入的触发信息, 开始计时。 定时器的定时时长可以根据用户 的需求、 网络的性能进行设置。 When the preset timer expires, the interface information in the MAC entry is corresponding to the The count value of the MAC of the AC or the PW is divided by the time duration of the timer, and the number of times of the MAC drift in the unit time is obtained as the MAC drift frequency, wherein the preset timer can start according to the trigger information input by the user. Timing. The timer duration can be set according to the user's needs and network performance.
5203 , PE的主系统判断 MAC漂移频率是否小于预先设置的最大 MAC 漂移频率, 若是, 则执行 S204, 否则, 执行 S205;  5203, the main system of the PE determines whether the MAC drift frequency is less than a preset maximum MAC drift frequency, and if so, executes S204, otherwise, executes S205;
本步驟中, 最大 MAC漂移频率可以根据用户的需求、 网络的性能进行 设置, 并且可以针对 AC和 PW设置一个最大 MAC漂移频率, 当 MAC漂 移频率小于最大 MAC漂移频率时, 表明 MAC以所述 MAC漂移频率在 VPLS中进行漂移时, 网络还能够满足用户需求; 当 MAC漂移频率大于或 等于最大 MAC漂移频率时,表明此时网络已不能够满足用户需求, 需要进 行环路的破除。  In this step, the maximum MAC drift frequency can be set according to user requirements and network performance, and a maximum MAC drift frequency can be set for AC and PW. When the MAC drift frequency is less than the maximum MAC drift frequency, the MAC is indicated by the MAC. When the drift frequency is drifting in the VPLS, the network can also meet the user's needs. When the MAC drift frequency is greater than or equal to the maximum MAC drift frequency, it indicates that the network cannot meet the user's needs at this time, and the loop needs to be broken.
5204, PE继续通过所述 AC或 PW进行流量的转发, 继续执行 S201; 5204, the PE continues to forward traffic through the AC or PW, and continues to execute S201;
5205 , PE的主系统获取预先配置的保护策略; 5205. The primary system of the PE obtains a pre-configured protection policy.
本步驟中, 预先配置的保护策略的内容为阻塞。 本步驟中, 当 S203中 MAC漂移频率大于或者等于最大 MAC漂移频率的 MAC的来源为 AC,且 预先配置有 AC侧保护策略时, 则获取预先配置的 AC侧保护策略, 然后执 行 S206; 当 S203 中 MAC漂移频率大于或者等于最大 MAC漂移频率的 MAC的来源为 PW, 且预先配置有 PW侧保护策略时, 则获取预先配置的 PW侧保护策略, 然后执行 S208。  In this step, the content of the pre-configured protection policy is blocked. In this step, when the source of the MAC address whose MAC address is greater than or equal to the maximum MAC drift frequency is AC, and the AC side protection policy is configured in advance, the pre-configured AC side protection policy is obtained, and then S206 is performed; If the source of the MAC address whose MAC address is greater than or equal to the maximum MAC address is PW, and the PW side protection policy is pre-configured, the pre-configured PW side protection policy is obtained, and then S208 is performed.
本步驟中,所述 AC侧保护策略,是指根据用户的需求或者组网的需要, 将保护策略预先配置在 AC上,即当配置有 AC侧保护策略的 VPLS出现环 路时, 则将配置有保护策略的 AC进行阻塞, 以破除环路; 所述 PW侧保护 策略, 是指根据用户的需求或者组网的需要, 将保护策略预先配置在 PW 上, 即当配置有 PW侧保护策略的 VPLS 出现环路时, 将配置有保护策略 的 PW进行阻塞, 以破除环路。 In this step, the AC-side protection policy is configured to pre-configure the protection policy on the AC according to the needs of the user or the network, that is, when the VPLS with the AC-side protection policy is looped, the configuration will be configured. The AC with the protection policy is blocked to break the loop. The PW protection policy is configured on the PW according to the requirements of the user or the network, that is, when the PW protection policy is configured. When a loop occurs in VPLS, a protection policy is configured. The PW is blocked to break the loop.
5206, 当所述保护策略为 AC侧保护策略时, PE的主系统对配置有保 护策略的 AC打上阻塞流量的标记; 以使用户删除保护策略后重新配置保护策略时, 保证保护策略的有效运行。  5206, when the protection policy is an AC-side protection policy, the primary system of the PE is marked with a blocking traffic for the AC configured with the protection policy. When the user is deleted and the protection policy is re-configured, the protection policy is effectively operated. .
5207 , PE的主系统发送更新消息给 PE的子系统, 子系统更新所述 AC 的状态为阻塞状态, 然后执行 S210;  5207, the primary system of the PE sends an update message to the subsystem of the PE, and the subsystem updates the state of the AC to a blocked state, and then executes S210;
5208, 当所述保护策略为 PW侧保护策略时, PE的主系统对配置有保 护策略的 PW所对应的 VC表项打上阻塞流量的标记;  5208. When the protection policy is a PW-side protection policy, the primary system of the PE adds a blocking traffic flag to the VC entry corresponding to the PW configured with the protection policy.
本步驟中, PW由一对单向的 VC构成, 其中所述一对单向的 VC的流 向相反, 而 PW流向, 可以根据 PW所对应的 VC表项得到, 因此, 将需要 阻塞的 PW流向对应的 VC表项打上阻塞流量的标记,就可以实现阻塞 PW 某一流向的目的; 以使用户删除保护策略后重新配置保护策略时, 保证保护策略的有效运行。  In this step, the PW is composed of a pair of unidirectional VCs, wherein the flow of the pair of unidirectional VCs is reversed, and the flow of the PWs is obtained according to the VC entries corresponding to the PWs. Therefore, the PW flows that need to be blocked are generated. If the corresponding VC entry is marked with the blocking traffic, the purpose of blocking the flow of the PW can be implemented. When the user deletes the protection policy and reconfigures the protection policy, the protection policy is effectively operated.
5209, PE的主系统发送更新消息给 PE的子系统,子系统更新所述 PW 对应的 VC表项的状态为阻塞状态;  5209, the primary system of the PE sends an update message to the subsystem of the PE, and the subsystem updates the state of the VC entry corresponding to the PW to a blocked state;
5210, 当接收到用户输入的删除保护策略信息时, PE的主系统对所述 保护策略进行删除, 进行流量恢复的处理。  5210: When receiving the deletion protection policy information input by the user, the primary system of the PE deletes the protection policy and performs traffic recovery processing.
具体地, 当保护策略作用的 AC或 PW并未阻塞时, 则删除所述保护策 略, 并进行更新; 当保护策略作用的 AC或 PW已经阻塞时, 则删除所述保 护策略,将所述 AC或所述 PW对应的 VC表项的阻塞流量的标记清除, 并 发送更新消息, 更新所述 AC的状态或所述 PW对应的 VC表项的状态。 构, VPLS中 PE1、 PE2、 PE3如图 3所示, 在 PE1上创建一个 VPLS实例 VPN1 , 当由于组网不当或者存在网络攻击等情况时, PE1、 PE2和 PE3出 现了环路的情况, 其中为表述方便, 将 PE1与 PE2之间的 PW中由 PE1指 向 PE2的 VC标记为 PW12, 由 PE2指向 PE1的 VC标记为 PW21 , 以此类 推, 得到 6个 PW分别为: PW12、 PW21、 PW23、 PW32、 PW13、 PW31 , 每个 PE通过 AC连接有一个 CE接入 VPN1。 Specifically, when the AC or PW functioning by the protection policy is not blocked, the protection policy is deleted and updated; when the AC or PW functioning by the protection policy is blocked, the protection policy is deleted, and the AC is removed. Or the flag of the blocked traffic of the VC entry corresponding to the PW is cleared, and an update message is sent, and the state of the AC or the state of the VC entry corresponding to the PW is updated. As shown in Figure 3, PE1, PE2, and PE3 in VPLS create a VPLS instance on PE1. In the VPN1, when the network is faulty or the network is attacked, the PE1, PE2, and PE3 are in the loop state. For the convenience of the description, the VC that points from PE1 to PE2 in the PW between PE1 and PE2 is marked as PW12. The VC marked by PE2 to PE1 is labeled as PW21, and so on. The six PWs are: PW12, PW21, PW23, PW32, PW13, and PW31. Each PE has a CE connected to VPN1 through the AC.
对 PE1来说, 当 CE1发出未知 MAC的以太网报文, 此处的未知 MAC 为源 MAC, 标记为 SMAC, PE1的子系统进行 SMAC学习, 上报 MAC条 目给主系统, 其中 MAC条目包括 SMAC及接口信息等, 其中接口信息指 学习所述 SMAC的 AC, 即 SMAC通过所述 AC流入所述 PE, 即 SMAC 的来源 AC, 然后 PE将以太网报文在 VPLS VPN1 内通过 PW12和 PW13 广播, 从 PW12出去的以太网报文, 会绕环一圈沿路径 PE1— PE2— PE3— PE1 , 从 PW31再进入 PE1 , PE1再通过 AC、 PW12广播; 从 PW13出去的 以太网报文类似,沿路径 PE1— PE3— PE2— PE1 ,从 PW21再进入 PE1 , PE1 再通过 AC、PW13广播。在 PE2、PE3上也会有类似的情况发生,这样 SMAC 就在设备 PE1、 PE2和 PE3的 AC、 PW12、 PW13、 PW21、 PW23、 PW31、 PW32上频繁地漂移。  For PE1, when CE1 sends an Ethernet packet with an unknown MAC address, the unknown MAC address is the source MAC address and is marked as SMAC. The subsystem of PE1 performs SMAC learning and reports the MAC entry to the primary system. The MAC entry includes SMAC and Interface information, etc., where the interface information refers to the AC that learns the SMAC, that is, the SMAC flows into the PE through the AC, that is, the source AC of the SMAC, and then the PE broadcasts the Ethernet packet in the VPLS VPN1 through the PW12 and the PW13. The Ethernet packets that go out of the PW12 will be looped along the path PE1—PE2—PE3—PE1, and then enter the PE1 from the PW31. The PE1 broadcasts through the AC and PW12. The Ethernet packets sent out from the PW13 are similar, along the path PE1. — PE3—PE2—PE1, then enters PE1 from PW21, and PE1 broadcasts through AC and PW13. A similar situation occurs on PE2 and PE3, so that SMAC frequently drifts on AC, PW12, PW13, PW21, PW23, PW31, and PW32 of PE1, PE2, and PE3.
假设针对上述环路, 用户提出了这样的需求: 为确保以太网报文在 VPLS中正常透传,不能阻塞到 CE侧端口,且能够保护 PW12、 PW21、 PW23 以及 PW32。  Assume that the user has made such a requirement for the above-mentioned loops: To ensure that Ethernet packets are transparently transmitted in VPLS, they cannot be blocked to the CE side port and can protect PW12, PW21, PW23, and PW32.
分析上述用户需求, 出现环路时需要将 PW13和 PW31 阻塞掉, 因此 可以在 PE1上配置应用于 PW31的 PW侧保护策略, 即添加以下属性: 当 PE1学习到来源于 PW31的 MAC漂移频率大于或等于预设的最大 MAC漂 移频率时, 则将 PW31进行阻塞; 相应地, 在 PE3上配置应用于 PW13的 PW侧保护策略。 具体地, 当在 PE1上配置应用于 PW31的 PW侧保护策 略时, 当 CE1发送未知 MAC的以太网报文时, PE1的子系统学习 SMAC 并进行上报, 此时, PE1上报的 MAC条目包含有 SMAC以及接口信息等, 其中所述接口信息对应的 AC为 CE1与 PE1之间的 AC。 当 SMAC在设备 PE1、 PE2和 PE3的 AC、 PW12、 PW13、 PW21、 PW23、 PW31、 PW32上 频繁地漂移时, PE1的子系统将从 PW31学习来的 SMAC条目不断进行上 报,所述 PE1的子系统每从 PW31接收到一次所述 SMAC并进行上报, PE1 的主系统就将来源于 PW31的 SMAC的计数值增加 1 , 当在定时器的定时 到时后,将所述计数值除以定时器的时长,得到 SMAC漂移频率,当 SMAC 漂移频率大于预先设置的最大 MAC漂移频率时, 对所述 PW31对应的 VC 表项打上阻塞流量的标记, 并删除来源于 PW31的所述 SMAC的计数, 同 时发送更新消息给 PE1的子系统, PE1的子系统收到更新消息后, 阻塞所 述 PW31 , 更新所述 PW31的状态为阻塞状态; 同理, 当在 PE3上配置应 用于 PW13的 PW侧保护策略时, 执行过程与上述类似, 对 PW13进行阻 塞, 满足用户需求保护了期望保护的 PW和 CE, 同时解除了环路, 保持了 网络的稳定。 If the PW13 and PW31 are configured to be blocked, the PW side protection policy applied to the PW31 can be configured on the PE1. The following attributes are added: When the PE1 learns that the MAC drift frequency from the PW31 is greater than or When the preset maximum MAC address is equal to the frequency, the PW31 is blocked. Correspondingly, the PW side protection policy applied to the PW13 is configured on the PE3. Specifically, when the PW side protection policy applied to the PW31 is configured on the PE1, when the CE1 sends an Ethernet packet with an unknown MAC address, the subsystem of the PE1 learns the SMAC. The MAC address reported by the PE1 includes the SMAC and the interface information. The AC corresponding to the interface information is the AC between CE1 and PE1. When the SMAC frequently fluctuates on the AC, PW12, PW13, PW21, PW23, PW31, and PW32 of the devices PE1, PE2, and PE3, the subsystem of the PE1 continuously reports the SMAC entries learned from the PW31, and the sub-PE1 is reported. Each time the system receives the SMAC from the PW31 and reports it, the primary system of the PE1 increases the count value of the SMAC from the PW31 by one. When the timer expires, the count value is divided by the timer. The SMAC drift frequency is obtained. When the SMAC drift frequency is greater than the preset maximum MAC drift frequency, the VC entry corresponding to the PW31 is marked with blocking traffic, and the SMAC count from the PW31 is deleted. After the update message is sent to the subsystem of the PE1, the subsystem of the PE1 receives the update message, blocks the PW31, and updates the state of the PW31 to the blocked state. Similarly, the PW side protection policy applied to the PW13 is configured on the PE3. When the execution process is similar to the above, the PW13 is blocked to meet the user's needs to protect the PW and CE that are expected to be protected, and the loop is released, and the stability of the network is maintained.
当接收到用户输入的删除保护策略信息时, 当 PW13和 PW31并未阻 塞时, 则删除配置在 PE1和 PE3上的保护策略并进行更新即可; 当 PW13 和 PW31已经阻塞时, 则不仅要对配置在 PE1和 PE3上的保护策略进行删 除,还要将所述 PW对应的 VC表项的阻塞流量的标记进行清除,并发送更 新消息, 更新所述 PW对应的 VC表项的状态。 构示意, 如图 4所示, 当由于组网不当或者存在网络攻击等情况时, A、 B、 C三台设备出现了环路的情况, 其中 B、 C同属于一个 VPLS的 VPN1内, 标记 PW为 PWbc, A为 CE侧, 通过 ACab、 ACac分别接入到 B、 C上, 且 A的三个端口属于同一个虚拟局域网, 以将以太网报文广播到 AC上。  When the PW13 and PW31 are not blocked, the protection policies configured on PE1 and PE3 are deleted and updated. When PW13 and PW31 are blocked, they are not only required. The protection policy is configured to be deleted on the PE1 and the PE3, and the flag of the blocked traffic of the VC entry is cleared, and an update message is sent to update the state of the VC entry corresponding to the PW. As shown in Figure 4, when there are cases such as improper networking or network attacks, the A, B, and C devices have loops, and B and C belong to the VPN1 of a VPLS. The PW is the PWbc and the A is the CE. The two ports of the A are connected to the B and C through the ACab and the ACac. The three ports of the A belong to the same virtual LAN to broadcast Ethernet packets to the AC.
当 B接收到从 ACab传输来的以太网报文, 先进行 SMAC的学习, 然 后将以太网报文在 VPLS VPN1内通过 PWbc广播, 从 PWbc出去的以太网 报文会绕环一圈, 沿路径 A-B-C-A通过 ACac再进入到 A; 同理, C也会 接收到从 ACac传输来的以太网报文,沿路径 A-C-B-A通过 ACab再进入 A, 这样 SMAC会在设备八、 B、 C上频繁漂移。 When B receives the Ethernet packet transmitted from the ACab, it first learns the SMAC, but After the Ethernet packet is broadcasted through the PWbc in the VPLS VPN1, the Ethernet packet sent out from the PWbc will be looped around the loop, and the ACCA will enter the A through the ACAC. Similarly, C will also receive the transmission from the ACac. Ethernet packets, along the path ACBA through ACab and then enter A, so that SMAC will frequently drift on devices 8, B, C.
假设针对上述环路, 用户提出了这样的需求: 为确保数据流在 VPLS 中正常透传, 一旦形成环路则保护 ACab和 PWbc。  Suppose that for the above loop, the user has put forward such a requirement: To ensure that the data stream is normally transparently transmitted in the VPLS, the ACab and the PWbc are protected once the loop is formed.
分析上述用户需求, 出现环路时需要将 ACac 阻塞掉, 因此可以在 C 上配置应用于 ACac上的 AC侧保护策略, 即添加以下属性: 当 C学习到来 源于 ACac的 MAC漂移频率大于或等于预设的最大 MAC漂移频率时, 则 将 ACac进行阻塞。具体地,当 A发送未知 MAC的以太网 4艮文时,在 VPLS VPN1 中广播转发, C的子系统将学习 SMAC的情况进行上报, 当 SMAC 在 、 B、 C之间漂移时, C的子系统将从 ACac上学习来的 MAC条目不 断进行上报, 所述 C的子系统每从 ACac接收到一次所述 SMAC并进行上 报, C的主系统就将来源于 ACac的 SMAC的计数值增加 1 , 当在定时器的 定时到时后, 将所述计数值除以定时器的时长, 得到 SMAC漂移频率, 当 SMAC漂移频率大于预先设置的最大 MAC漂移频率时,对 ACac打上阻塞 流量的标记, 并删除来源于 ACac的所述 SMAC的计数, 同时发送更新消 息给 C的子系统, C的子系统收到更新消息后, 阻塞所述 ACac, 更新所述 ACac的状态为阻塞状态, 满足用户需求保护了期望保护的 ACab和 PWbc, 同时解除了环路, 保持了网络的稳定。  The AC user is blocked on the ACac. The AC side protection policy applied to the ACac can be configured on C. The following attributes are added: When C learns that the MAC drift frequency from ACac is greater than or equal to When the preset maximum MAC drift frequency is used, ACac is blocked. Specifically, when A sends an Ethernet message of unknown MAC address, it broadcasts and forwards in VPLS VPN1, and the subsystem of C reports the situation of learning SMAC. When SMAC is drifting between B and C, the child of C The system continuously reports the MAC entries learned from the ACac. The subsystem of the C receives the SMAC once and receives the report from the ACac, and the primary system of C increases the count value of the SMAC from the ACac by one. When the timing of the timer expires, the count value is divided by the duration of the timer to obtain the SMAC drift frequency. When the SMAC drift frequency is greater than the preset maximum MAC drift frequency, the ACac is marked with blocking traffic, and Deleting the count of the SMACs from the ACac, and sending an update message to the subsystem of C. After receiving the update message, the subsystem of C blocks the ACac, and updates the state of the ACac to a blocked state to meet user requirements protection. The ACab and PWbc that are expected to be protected, while releasing the loop, maintain the stability of the network.
当接收到用户输入的删除保护策略信息时, 当所述 ACac并未阻塞时, 则删除配置在 C上的保护策略并进行更新即可; 当所述 ACac已经阻塞时, 则不仅要对配置在 C上的保护策略进行删除, 还要将所述 ACac的阻塞流 量的标记进行清除, 并发送更新消息, 更新所述 ACac的状态。  When receiving the deletion protection policy information input by the user, when the ACac is not blocked, the protection policy configured on C is deleted and updated; when the ACac is blocked, not only is the configuration The protection policy on C is deleted, and the flag of the blocked traffic of the ACac is also cleared, and an update message is sent to update the state of the ACac.
图 5示出了本发明防止虚拟专用网中环路的装置的结构, 如图 5所示, 所述装置包括统计模块 11、 比较模块 12以及执行模块 13, 其中统计模块 11用于根据 PE的子系统上报的 MAC条目, 对 MAC的漂移进行统计, 得 到 MAC漂移频率; 比较模块 12用于比较所述 MAC漂移频率与预先设置 的最大 MAC漂移频率的大小, 当所述 MAC漂移频率大于或等于所述最大 MAC漂移频率时, 发送触发信息给执行模块 13; 执行模块 13用于接收到 所述比较模块 12发送的触发信息时,对传输所述 MAC至所述 PE的 AC或 PW进行阻塞。 FIG. 5 is a diagram showing the structure of an apparatus for preventing a loop in a virtual private network according to the present invention, as shown in FIG. The device includes a statistic module 11, a comparison module 12, and an execution module 13, wherein the statistic module 11 is configured to perform statistics on MAC drift according to MAC entries reported by the subsystem of the PE, and obtain a MAC drift frequency; the comparison module 12 is configured to compare Transmitting the trigger information to the execution module 13 when the MAC drift frequency is greater than or equal to the maximum MAC drift frequency, and the executing module 13 is configured to receive the When the trigger information sent by the module 12 is compared, the AC or PW that transmits the MAC to the PE is blocked.
进一步地, 统计模块 11具体用于获取上报的 MAC条目中 MAC的来 源 AC或 PW, 并将来源于所述 AC或 PW的所述 MAC的计数值加 1; 预 先设置的定时器到时,将所述 MAC的计数值除以定时器的定时时长,得到 所述 MAC漂移频率。  Further, the statistic module 11 is specifically configured to obtain the source AC or PW of the MAC in the reported MAC entry, and add the count value of the MAC originating from the AC or PW to 1; when the preset timer expires, The MAC value is obtained by dividing the count value of the MAC by the timer duration of the timer.
进一步地, 执行模块 13具体用于当所述 MAC的来源为 AC, 且预先 配置的保护策略为 AC侧保护策略时,将保护策略作用的 AC打上阻塞流量 的标记, 并发送更新消息, 更新所述 AC的状态; 当所述 MAC的来源为 PW, 且预先配置的保护策略为 PW侧保护策略时, 将保护策略作用的 PW 对应的 VC表项打上阻塞流量的标记,并发送更新消息,更新所述 PW对应 的 VC表项的状态。  Further, the execution module 13 is specifically configured to: when the source of the MAC is AC, and the pre-configured protection policy is an AC-side protection policy, the AC functioning as the protection policy is marked with a blocked traffic, and the update message is sent, and the update is performed. When the source of the MAC is the PW, and the pre-configured protection policy is the PW-side protection policy, the VC entry corresponding to the PW that acts as the protection policy is marked with the blocked traffic, and the update message is sent and updated. Status of the VC entry corresponding to the PW.
进一步地, 执行模块 13进一步用于删除来源于所述 AC的所述 MAC 进一步地, 所述装置还包括删除模块 14, 用于接收到用户输入的删除 保护策略信息时, 根据所述执行模块 13的执行结果, 对所述保护策略进行 删除。  Further, the execution module 13 is further configured to delete the MAC originating from the AC. Further, the apparatus further includes a deleting module 14 configured to receive the deletion protection policy information input by the user according to the execution module 13 As a result of the execution, the protection policy is deleted.
具体地, 接收到用户输入的删除保护策略信息时, 当保护策略作用的 AC或 PW并未阻塞时, 删除模块 14删除所述保护策略; 当保护策略作用 的 AC或 PW已经阻塞时, 删除模块 14删除所述保护策略, 将所述 AC或 所述 PW对应的 vc表项的阻塞流量的标记清除,并发送更新消息,更新所 述 AC的状态或所述 PW对应的 VC表项的状态。 Specifically, when the deletion protection policy information input by the user is received, when the AC or PW functioning by the protection policy is not blocked, the deletion module 14 deletes the protection policy; when the AC or PW functioning by the protection policy is blocked, the module is deleted. 14 deleting the protection policy, the AC or The flag of the blocked traffic of the vc entry corresponding to the PW is cleared, and an update message is sent, and the state of the AC or the state of the VC entry corresponding to the PW is updated.
本发明提供了一种防止虚拟专用网中环路的方法及装置, 由于环路的 形成一定存在 MAC 漂移现象, 可以根据用户需求和组网需要配置保护策 略, 当检测到 MAC漂移频率大于或等于预设的最大 MAC漂移频率时, 对 应用了保护策略的 AC或 PW进行阻塞,达到环路解除的目的,既保证了网 络稳定和业务需求, 实现方式上也更为灵活简便。  The present invention provides a method and a device for preventing a loop in a virtual private network. The MAC address drift phenomenon must exist in the loop formation. The protection policy can be configured according to user requirements and networking requirements. When the MAC drift frequency is greater than or equal to the pre-detection When the maximum MAC address is set, the AC or PW that applies the protection policy is blocked to achieve the purpose of loop cancellation. This ensures network stability and service requirements, and is more flexible and simple to implement.
以上所述, 仅为本发明的较佳实施例而已, 并非用于限定本发明的保 护范围。  The above is only the preferred embodiment of the present invention and is not intended to limit the scope of the present invention.

Claims

权利要求书 Claim
1、 一种防止虚拟专用网中环路的方法, 其特征在于, 所述方法包括: 根据服务提供商设备 PE的子系统上报的 MAC条目, 对 MAC的漂移 进行统计, 得到 MAC漂移频率;  A method for preventing a loop in a virtual private network, the method comprising: performing statistics on MAC drift according to a MAC entry reported by a subsystem of a service provider device PE, and obtaining a MAC drift frequency;
比较所述 MAC漂移频率与预先设置的最大 MAC漂移频率的大小; 所述 MAC漂移频率大于或等于所述最大 MAC漂移频率时, 对传输所 述 MAC至所述 PE的接入电路 AC或虚链路 PW进行阻塞。  Comparing the MAC drift frequency with a preset maximum MAC drift frequency; when the MAC drift frequency is greater than or equal to the maximum MAC drift frequency, accessing the MAC to the PE access circuit AC or virtual chain The road PW is blocked.
2、 根据权利要求 1所述的方法, 其特征在于, 所述对 MAC的漂移进 行统计, 得到 MAC漂移频率为:  2. The method according to claim 1, wherein the counting of the MAC drift is performed, and the MAC drift frequency is:
获取上报的 MAC条目中的接口信息, 并根据所述接口信息得到所述 MAC的来源 AC或 PW,并将来源于所述 AC或 PW的所述 MAC的计数值 加 1;  Obtaining the interface information in the reported MAC entry, and obtaining the source AC or PW of the MAC according to the interface information, and adding the count value of the MAC originating from the AC or PW to 1;
预先设置的定时器到时, 将所述 MAC 的计数值除以定时器的定时时 长, 得到所述 MAC漂移频率。  When the preset timer expires, the count value of the MAC is divided by the timer duration of the timer to obtain the MAC drift frequency.
3、 根据权利要求 1 所述的方法, 其特征在于, 所述对传输所述 MAC 至所述 PE的 AC或 PW进行阻塞为:  The method according to claim 1, wherein the blocking of the AC or PW transmitting the MAC to the PE is:
当所述 MAC的来源为 AC, 且预先配置的保护策略为 AC侧保护策略 时, 将应用保护策略的 AC打上阻塞流量的标记, 并发送更新消息, 更新所 述 AC的状态;  When the source of the MAC is AC, and the pre-configured protection policy is an AC-side protection policy, the AC applying the protection policy is marked with a blocked traffic, and an update message is sent to update the state of the AC.
当所述 MAC的来源为 PW, 且预先配置的保护策略为 PW侧保护策略 发送更新消息, 更新所述 PW对应的 VC表项的状态。  When the source of the PW is a PW, and the pre-configured protection policy sends an update message to the PW side protection policy, the status of the VC entry corresponding to the PW is updated.
4、 根据权利要求 3所述的方法, 其特征在于, 所述对传输所述 MAC 至所述 PE的接入电路 AC或虚链路 PW进行阻塞还包括: 删除来源于所述 AC的所述 MAC的计数或删除来源于所述 PW的所述 MAC的计数。 The method of claim 3, wherein the blocking the access circuit AC or the virtual link PW that transmits the MAC to the PE further comprises: deleting the originating from the AC The counting or deletion of the MAC is derived from the count of the MAC of the PW.
5、 根据权利要求 1至 4任一项所述的方法, 其特征在于, 所述方法还 包括: The method according to any one of claims 1 to 4, wherein the method further comprises:
接收到用户输入的删除保护策略信息, 对所述保护策略进行删除。 The deletion protection policy information input by the user is received, and the protection policy is deleted.
6、 根据权利要求 5所述的方法, 其特征在于, 所述对所述保护策略进 行删除为: 6. The method according to claim 5, wherein the deleting the protection policy is:
当保护策略作用的 AC或 PW并未阻塞时,则删除所述保护策略;或者, 当保护策略作用的 AC或 PW已经阻塞时, 则删除所述保护策略,将所 述 AC或所述 PW对应的 VC表项的阻塞流量的标记清除,并发送更新消息, 更新所述 AC的状态或所述 PW对应的 VC表项的状态。  If the protection policy is not blocked by the AC or the PW, the protection policy is deleted; or when the AC or PW of the protection policy is blocked, the protection policy is deleted, and the AC or the PW is corresponding. The flag of the blocked traffic of the VC entry is cleared, and an update message is sent, and the state of the AC or the state of the VC entry corresponding to the PW is updated.
7、 一种防止虚拟专用网中环路的装置, 其特征在于, 所述装置包括统 计模块、 比较模块以及执行模块; 其中,  A device for preventing a loop in a virtual private network, wherein the device includes a statistical module, a comparison module, and an execution module;
统计模块, 用于根据 PE的子系统上报的 MAC条目, 对 MAC的漂移 进行统计, 得到 MAC漂移频率;  The statistics module is configured to perform statistics on MAC drift according to the MAC entries reported by the subsystem of the PE, and obtain a MAC drift frequency;
比较模块, 用于比较所述 MAC漂移频率与预先设置的最大 MAC漂移 频率的大小, 所述 MAC漂移频率大于或等于所述最大 MAC漂移频率时, 发送触发信息给执行模块;  a comparison module, configured to compare the MAC drift frequency with a preset maximum MAC drift frequency, where the MAC drift frequency is greater than or equal to the maximum MAC drift frequency, send trigger information to the execution module;
执行模块, 用于接收到所述比较模块发送的触发信息时, 对传输所述 MAC至所述 PE的 AC或 PW进行阻塞。  The execution module is configured to block the AC or PW that transmits the MAC to the PE when receiving the trigger information sent by the comparison module.
8、 根据权利要求 7所述的装置, 其特征在于, 所述统计模块, 具体用 于获取上报的 MAC 条目中的接口信息, 并根据所述接口信息得到所述 MAC的来源 AC或 PW,并将来源于所述 AC或 PW的所述 MAC的计数值 加 1; 预先设置的定时器到时, 将所述 MAC的计数值除以定时器的定时时 长, 得到所述 MAC漂移频率。  The device according to claim 7, wherein the statistic module is configured to obtain interface information in the reported MAC entry, and obtain the source AC or PW of the MAC according to the interface information, and The count value of the MAC originating from the AC or PW is incremented by one; when the preset timer expires, the count value of the MAC is divided by the timer duration of the timer to obtain the MAC drift frequency.
9、 根据权利要求 7所述的装置, 其特征在于, 所述执行模块, 具体用 于当所述 MAC的来源为 AC,且预先配置的保护策略为 AC侧保护策略时, 将保护策略作用的 AC打上阻塞流量的标记, 并发送更新消息, 更新所述 AC的状态; 当所述 MAC的来源为 PW, 且预先配置的保护策略为 PW侧 保护策略时, 将保护策略作用的 PW对应的 VC表项打上阻塞流量的标记, 并发送更新消息, 更新所述 PW对应的 VC表项的状态。 The device according to claim 7, wherein the execution module is specifically configured to: when the source of the MAC is AC, and the pre-configured protection policy is an AC side protection policy, The AC functioning as the protection policy is marked with the blocking traffic, and an update message is sent to update the state of the AC. When the source of the MAC is a PW and the pre-configured protection policy is a PW-side protection policy, the protection policy functions. The VC entry corresponding to the PW is marked with the blocking traffic, and sends an update message to update the state of the VC entry corresponding to the PW.
10、 根据权利要求 9所述的装置, 其特征在于, 所述执行模块, 进一步 用于删除来源于所述 AC的所述 MAC的计数,以及删除来源于所述 PW的 所述 MAC的计数。  The apparatus according to claim 9, wherein the executing module is further configured to delete a count of the MAC originating from the AC, and delete a count of the MAC originating from the PW.
11、 根据权利要求 7至 10任一项所述的装置, 其特征在于, 所述装置 还包括删除模块, 用于接收到用户输入的删除保护策略信息时, 根据所述 执行模块的执行结果, 对所述保护策略进行删除。  The device according to any one of claims 7 to 10, further comprising a deletion module, configured to receive, according to an execution result of the execution module, a deletion protection policy information input by a user, The protection policy is deleted.
12、 根据权利要求 11所述的装置, 其特征在于, 所述删除模块, 具体 用于当保护策略作用的 AC或 PW并未阻塞时,则删除所述保护策略; 当保 护策略作用的 AC或 PW已经阻塞时, 则删除所述保护策略,将所述 AC或 所述 PW对应的 VC表项的阻塞流量的标记清除,并发送更新消息,更新所 述 AC的状态或所述 PW对应的 VC表项的状态。  The device according to claim 11, wherein the deleting module is specifically configured to: when the AC or PW functioning as the protection policy is not blocked, deleting the protection policy; When the PW is blocked, the protection policy is deleted, the label of the blocked traffic of the AC or the VC entry corresponding to the PW is cleared, and an update message is sent, and the status of the AC or the VC corresponding to the PW is updated. The status of the entry.
PCT/CN2011/080745 2011-10-13 2011-10-13 Method and device for preventing loop in virtual private network WO2013053122A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2011/080745 WO2013053122A1 (en) 2011-10-13 2011-10-13 Method and device for preventing loop in virtual private network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2011/080745 WO2013053122A1 (en) 2011-10-13 2011-10-13 Method and device for preventing loop in virtual private network

Publications (1)

Publication Number Publication Date
WO2013053122A1 true WO2013053122A1 (en) 2013-04-18

Family

ID=48081364

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2011/080745 WO2013053122A1 (en) 2011-10-13 2011-10-13 Method and device for preventing loop in virtual private network

Country Status (1)

Country Link
WO (1) WO2013053122A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108429687A (en) * 2018-05-31 2018-08-21 新华三技术有限公司 Message forwarding method and device
CN111901234A (en) * 2020-08-12 2020-11-06 深圳市信锐网科技术有限公司 Network loop processing method, system and related equipment

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101227400A (en) * 2008-02-01 2008-07-23 中兴通讯股份有限公司 Apparatus and method for processing Ethernet data package
CN101909016A (en) * 2010-08-25 2010-12-08 中兴通讯股份有限公司 Method and device for preventing loop in virtual private network
CN102014062A (en) * 2010-12-01 2011-04-13 中兴通讯股份有限公司 Method and device for controlling drift of MAC (media access control) addresses

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101227400A (en) * 2008-02-01 2008-07-23 中兴通讯股份有限公司 Apparatus and method for processing Ethernet data package
CN101909016A (en) * 2010-08-25 2010-12-08 中兴通讯股份有限公司 Method and device for preventing loop in virtual private network
CN102014062A (en) * 2010-12-01 2011-04-13 中兴通讯股份有限公司 Method and device for controlling drift of MAC (media access control) addresses

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108429687A (en) * 2018-05-31 2018-08-21 新华三技术有限公司 Message forwarding method and device
CN108429687B (en) * 2018-05-31 2021-04-27 新华三技术有限公司 Message forwarding method and device
CN111901234A (en) * 2020-08-12 2020-11-06 深圳市信锐网科技术有限公司 Network loop processing method, system and related equipment
CN111901234B (en) * 2020-08-12 2023-03-14 深圳市信锐网科技术有限公司 Network loop processing method, system and related equipment

Similar Documents

Publication Publication Date Title
US11057243B2 (en) Aliasing behavior for traffic to multihomed sites in ethernet virtual private network (EVPN) networks
US10616091B2 (en) Exploratory linktrace operations in a computer network
EP3367619B1 (en) Synchronizing multicast state between multi-homed routers in an ethernet virtual private network
EP3066784B1 (en) Supporting operator commands in link aggregation group
WO2015000375A1 (en) Packet forwarding method, apparatus, and system
US20140219135A1 (en) Virtual Private Network Implementation Method and System Based on Traffic Engineering Tunnel
US8811168B2 (en) Transient loop prevention in a hybrid layer-2 network
US20030110288A1 (en) Protecting networks from access link flooding attacks
WO2012075831A1 (en) Method and system for multicast protection
Augustyn et al. Service requirements for layer 2 provider-provisioned virtual private networks
WO2007028293A1 (en) A method for forwarding a multicasting package in vpls
EP2256995A2 (en) Loop detection method, system, and device in virtual private local area network
EP2661847A1 (en) Pseudo wire switching method and device
KR20110093990A (en) Reducing cc message transmission in a provider network
WO2013139159A1 (en) Method for forwarding packet in network and provider edge device
WO2009121253A1 (en) Network configuring method for preventing attack, method and device for preventing attack
Bocci et al. An Architecture for Multi-Segment Pseudowire Emulation Edge-to-Edge
US9838337B1 (en) Automatic virtual local area network (VLAN) provisioning in data center switches
CN103795630A (en) Message transmitting method and device of label switching network
Sajassi et al. Requirements for ethernet vpn (evpn)
CN101909016A (en) Method and device for preventing loop in virtual private network
WO2014169856A1 (en) Multicast communication method and aggregation switch
WO2013053122A1 (en) Method and device for preventing loop in virtual private network
US20110222541A1 (en) Network System, Edge Node, and Relay Node
CN102006229A (en) Processing method, device and system of link state

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11874107

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11874107

Country of ref document: EP

Kind code of ref document: A1