WO2015184876A1 - Vpn route label allocation method, asbr, pe and allocation system - Google Patents

Vpn route label allocation method, asbr, pe and allocation system Download PDF

Info

Publication number
WO2015184876A1
WO2015184876A1 PCT/CN2015/073970 CN2015073970W WO2015184876A1 WO 2015184876 A1 WO2015184876 A1 WO 2015184876A1 CN 2015073970 W CN2015073970 W CN 2015073970W WO 2015184876 A1 WO2015184876 A1 WO 2015184876A1
Authority
WO
WIPO (PCT)
Prior art keywords
label
vpn
route
new
update message
Prior art date
Application number
PCT/CN2015/073970
Other languages
French (fr)
Chinese (zh)
Inventor
刘准
宋兵
付琰
韩杰
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2015184876A1 publication Critical patent/WO2015184876A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks

Definitions

  • the present invention relates to the field of network communications, and in particular, to a virtual private network VPN routing label allocation method, an ASBR, a PE, and a distribution system.
  • VPN virtual private network
  • Sites belonging to one VPN may be connected to different gateways to set up PEs.
  • PE Virtual Private Network
  • AS Application Server
  • ISPs Internet Service Providers
  • the cross-domain VPN needs to solve the problem that the LSP (Label Switched Path) cannot be cross-domain.
  • the key is the configuration of the Autonomous System Boundy Router (ASBR).
  • ASBR Autonomous System Boundy Router
  • MP-EBGP EBGP Redistribution of labeled VPN
  • the ASBRs of each pair are required to exchange the label VPNv4 routes that they receive from the PEs in the own domain through the MP-EBGP, and establish an internal relationship between the ASBR and the PE (Provider Edge, the public network edge device) in the same domain.
  • An external border gateway protocol EBGP neighbor is set up between the inter-AS and the ASBR.
  • the ASBR needs to use its own address as the next hop when advertised routes to the PEs in the same domain.
  • the ASBRs cannot enter the received VPNv4 routes. / Output destination Import/Export Targe filtering.
  • the ASBRs advertise the label VPNv4 routes to the other party in the MP-EBGP mode.
  • the labeled VPNv4 traffic is transmitted between the ASBRs.
  • the networking model, route label advertisement, and traffic forwarding process are shown in Figure 1.
  • the embodiment of the invention provides a VPN route label distribution method, an ASBR, a PE, and a distribution system, to solve the technical problem of how to reduce the VPN route label.
  • an embodiment of the present invention provides a virtual private network route label allocation method applied to an autonomous system border router ASBR, the method comprising: receiving a VPN route update message; determining whether it is new according to a VPN route update message.
  • the VPN route allocates a label; according to the judgment result, assigns a new label to the new VPN route, or determines a label of the new VPN route.
  • the step of determining, according to the VPN routing update message, whether to assign a label to the new VPN route includes: detecting whether the VPN routing update message carries the public network edge device PE identifier, and the public network edge device PE identifier is the source of the new VPN route. The identity of the PE of the network edge device; if the PE identifier of the public network edge device is not carried, the label is assigned to the new VPN route.
  • the method further includes: if the PE identifier of the public network edge device is carried, the PE identifier of the public network edge device and the route identifier RD of the new VPN route are extracted, and the presence of the PE identifier and the new VPN route of the public network edge device are detected.
  • the route identifier RD matches the label at the same time. If it does not exist, it assigns a label to the new VPN route. If it exists, the detected label is used as the label of the new VPN route.
  • the identity identifier includes a link establishment address of the source public network edge device PE.
  • the label is an ingress label of a new VPN route.
  • the embodiment of the present invention provides a method for allocating a virtual private network route label to a public network edge device PE.
  • the method includes: when detecting a new VPN route in the virtual private network VPN, Detects the label allocation configuration; generates and sends a VPN routing update message according to the label allocation configuration.
  • the label allocation configuration includes: configuring each label of each VPN routing forwarding table VRF; and the step of generating a VPN routing update message according to the label allocation configuration includes: The identity of the PE of the source public network edge device of the new VPN route is obtained, and is added to the VPN route update message as the public network edge device PE identifier.
  • the embodiment of the present invention provides a method for allocating a virtual private network route label, and the method includes: when the public network edge device PE detects that a new VPN route is added to the virtual private network VPN, detecting the label allocation configuration. According to the label allocation configuration, a VPN routing update message is generated and sent; the autonomous system border router ASBR receives and according to the VPN routing update message, determines whether to assign a label to the new VPN route, and if necessary, assigns a label to the new VPN route.
  • an embodiment of the present invention provides an autonomous system border router (ASBR), where the ASBR includes: a receiving module, configured to receive a VPN routing update message; and a determining module, configured to determine, according to the VPN routing update message, whether the new VPN is a new VPN a route distribution label; and an allocation module configured to allocate a label for the new VPN route when the judgment result of the determination module is required.
  • ASBR autonomous system border router
  • the embodiment of the present invention provides a public network edge device PE, where the PE includes: an inspection module, configured to detect a label allocation configuration when a new VPN route is detected in the virtual private network VPN;
  • the sending module is configured to generate and send a VPN routing update message according to the label allocation configuration.
  • an embodiment of the present invention provides a virtual private network VPN route label distribution system, which includes an ASBR and a PE provided by an embodiment of the present invention.
  • an embodiment of the present invention provides a computer storage medium, where the computer storage medium stores computer executable instructions, and the computer executable instructions are used to execute the foregoing method.
  • the solution provided by the embodiment of the present invention after receiving the VPN routing update message, first determines whether a label needs to be allocated for the new VPN route, and only allocates the label when needed, and the related technology is after receiving the VPN routing update message. Compared with the new VPN route distribution label, the number of labels of the VPN route can be reduced, and the pressure of the ASBR is alleviated.
  • FIG. 1 is a schematic diagram of a VPN network and a routing label in the related art
  • FIG. 2 is a flowchart of a method for allocating a VPN route label according to the first embodiment of the present invention
  • FIG. 3 is a flowchart of a method for allocating a VPN route label according to a second embodiment of the present invention.
  • FIG. 4 is a schematic diagram of a VPN network and a routing label in a second embodiment of the present invention.
  • FIG. 2 is a flowchart of a method for allocating a VPN route label according to the first embodiment of the present invention. As shown in FIG. 2, the embodiment of the method for allocating a VPN route label according to the embodiment of the present invention includes the following steps:
  • S202 Determine, according to the VPN routing update message, whether to allocate a label for the new VPN route.
  • the step S202 includes: detecting whether the VPN routing update message carries the public network edge device PE identifier, and the public network edge device PE identifier is the identity identifier of the source public network edge device PE of the new VPN route; if not, the new The VPN route is assigned a label. If it is carried, the PE identifier of the public network edge device and the route identifier RD of the new VPN route are extracted, and the label matching the PE identifier of the public network edge device and the route identifier RD of the new VPN route is detected. If it does not exist, it assigns a label to the new VPN route. If it exists, it will use the detected label as the label of the new VPN route.
  • the identity identifier in the foregoing embodiment includes a link establishment address of the source public network edge device PE; of course, it may also be a unique code of the source public network edge device PE (source PE), and the like may be determined.
  • step S202 includes: detecting whether the VPN routing update message carries a special flag (such as a field, etc.), or the content of the special flag, such as carrying a special field (or the content of the special flag is not required), indicating that the VPN routing update The VPN route corresponding to the message already has a label, and no longer assigns a label to it. If no special field is carried (or the content of the special flag is needed), the label is assigned to it;
  • a special flag such as a field, etc.
  • the content of the special flag such as carrying a special field (or the content of the special flag is not required
  • the label in the method shown in Figure 2 is an ingress label of the new VPN route.
  • the method shown in FIG. 2 is an embodiment of the VPN routing label allocation method provided by the embodiment of the present invention on the ASBR. Then, the embodiment of the VPN routing label allocation method provided by the embodiment of the present invention on the PE includes:
  • the label allocation configuration is detected
  • a VPN routing update message is generated and sent according to the label allocation configuration.
  • the label allocation configuration in the foregoing embodiment includes: configuring each label of each VPN routing forwarding table VRF; generating a VPN routing update when the label allocation is configured to configure each label of each VPN routing forwarding table VRF
  • the step of the message includes: obtaining the identity of the source public network edge device PE of the new VPN route, and adding it as the public network edge device PE identifier to the VPN route update message.
  • the method for allocating the virtual private network route label in the embodiment of the present invention includes: when the initiator detects that a new VPN route is added to the virtual private network VPN, the detection label allocation configuration is configured according to the label. Configure, generate and send a VPN routing update message; the processing end receives and according to the VPN routing update message, determines whether to assign a label to the new VPN route, and if necessary, assigns a label to the new VPN route.
  • the ASBR and the PE are improved in the embodiment of the present invention, and the improvement is as follows:
  • a receiving module configured to receive a VPN routing update message
  • the determining module is configured to determine, according to the VPN routing update message, whether to assign a label to the new VPN route;
  • the allocation module is configured to allocate a label for the new VPN route when the judgment result of the determining module is required.
  • the checking module is configured to detect a label allocation configuration when a new VPN route is added to the virtual private network VPN;
  • the sending module is configured to generate and send a VPN routing update message according to the label allocation configuration.
  • the virtual private network VPN route label distribution system provided by the embodiment of the present invention includes the ASBR and the PE provided by the embodiment of the present invention.
  • FIG. 3 is a flowchart of a method for allocating a VPN routing label according to a second embodiment of the present invention
  • FIG. 4 is a second embodiment of the present invention.
  • a schematic diagram of a VPN network and a routing label is used in the embodiment of the present invention.
  • the VPN routing label allocation system in the embodiment of the present invention mainly includes a PE and an ASBR. In this embodiment, a hypothesis is assumed.
  • the VPN2 network already includes the route A, and the ASBR1, the ASBR2, and the PE2 have respectively assigned the labels 300, 200, and 100 to the route A.
  • the VPN routing label allocation method provided by the second embodiment of the present invention includes the following steps:
  • a new VPN route is added to the VPN2 network connected to the PE2 in FIG. 4, and the address of the new VPN route B is 10.4.0.2; and the label distribution of the VPN2 network is configured to configure each VRF.
  • Label allocate an ingress label for each VPN routing forwarding table VRF
  • the PE2 generates and sends a VPN routing update message according to the label allocation configuration.
  • the PE needs to obtain the identity of the source public network edge device PE of the new VPN route (that is, the identity of the PE2, such as the establishment address of the PE2: 2.2.2.2 And add it as the public network edge device PE identifier to the VPN routing update message (this message also includes VPN2 RD: 2:1), and then sent to ASBR2;
  • the incoming label of the new VPN route B is also 100;
  • the ASBR2 receives the VPN routing update message, and determines, according to the VPN routing update message, whether to allocate a label for the new VPN route.
  • step S303 includes:
  • the ASBR2 detects whether the VPN routing update message carries the PE identifier of the public network edge device.
  • each label of each VRF is not configured, and each VPN route needs to be configured with a label, and the label is assigned to the new VPN route.
  • the VPN routing update message sent by the PE2 carries the link-building address (2.2.2.2) and the route identifier RD (2:1) of the PE2.
  • the ASBR2 After extracting the parameters, the ASBR2 searches for the parameter and determines whether it is already VPN2 assigns a label. Because ASBR2 has already assigned the ingress label 200 to VPN route A in VPN2, do not repeatedly assign labels to VPN route B, and use the ingress label 200 as the ingress label of the new VPN route B.
  • S304 ASBR2 allocates a new label to the new VPN route according to the judgment result, or determines a label of the new VPN route.
  • S305 ASBR2 sends a VPN routing update message to ASBR1, and ASBR1 processes a VPN routing update message.
  • This step is similar to steps S303 and S304, and will not be described again.
  • S306 ASBR1 sends a VPN routing update message to PE1, and PE1 processes the VPN routing update. Message
  • PE1 since PE1 does not need to advertise the routing information of VPN2, it is not necessary to assign a label to the newly added route.
  • the BGP_PEER table can be set in the ASBR and other transit devices to store the routing information of each VPN network for subsequent data transmission.
  • the optional BGP_PEER table includes: number n (corresponding to VPN network n) , RDn+ source PEn, inbound label n, next hop n, and outgoing label n, then step S303 may be to query whether there is a BGP_PEER table that matches RD (2:1) and source PE (2.2.2.2). If BGP_PEER table n exists, there is no need to assign a label to the new VPN route, and the ingress label n in table n is used as its ingress label. If there is no BGP_PEER table n, the label is assigned. And create a new BGP_PEER table.
  • the route forwarding information of VPN2 on ASBR1 and ASBR2 is the same. It is not necessary to assign different ingress labels to different routes of the VPN2 network. To avoid unnecessary waste.
  • the source PE address can indicate the PE to which the packet needs to be sent.
  • the RD can indicate the VPN on the PE. Therefore, the RD+ source PE can be used as the destination parameter for private network forwarding. According to this target parameter, it is uniformly forwarded to the destination VPN. Therefore, it is sufficient to assign an inbound label to this target parameter, thereby reducing the number of labels and speeding up the convergence.
  • the basic configuration in the second embodiment of the present invention is: PE1 and ASBR1 are located in AS1, PE2 and ASBR2 are located in AS2, and VPN1 needs to access VPN2 across domains.
  • the RD of VPN2 is 2:1, which has two addresses 10.2.0.1, and 10.4.0.2.
  • VPN2 is configured with a per-VPN per-port for the VPN2.
  • the PE2 uses the loopback address 2.2.2.2 to establish a BGP connection with the loopback address 2.1.1.1 of the ASBR2.
  • the ASBR1 is directly connected to the ASBR2 with the directly connected address 5.1.1.1.
  • BGP is established in the IP address of 5.1.1.2.
  • the ASBR1 establishes BGP with the loopack address 1.1.1.2 and the loopback address 1.1.1.1 of the PE1.
  • the LDP tunnel is established between PE1 and ASBR1 and between PE2 and ASBR2.
  • the new route advertisement process is: the label assigned to VPN2 on PE2 is 100, and PE2 advertises routes 2:1/10.2.0.1/32 and 2:1/10.4.0.2/32 to ASBR2. ;ASBR2 receives the routing update message and finds the active PE link establishment address 2.2.2.2, so 2:1+2.2.2.2 is established.
  • the BGP_PEER table is assigned to the label 200, and the two VPNv4 routes are advertised to the ASBR1 by the label 200 and the next hop.
  • the ASBR1 receives the VPNv4 route update message and discovers the active PE link establishment address 2.2.2.2, so 2:1 +2.2.2.2 Create a BGP_PEER table, assign it to the label 300, and advertise the two VPNv4 routes with the label 300 and the next hop to PE1. PE1 only needs to import the routing information into VPN1, and does not need to advertise it again. Need to be assigned a label;
  • the data forwarding process of the VPN1 to the VPN2 includes: VPN1 sends a data packet to the VPN2, and the PE1 receives the data packet to check the VPN1 private network route, and encapsulates the private network label 300.
  • the public network tunnel is found according to the next hop 1.1.1.2 of the public network.
  • the public network label is not required to be encapsulated and sent to the ASBR1.
  • the label packet received by the ASBR1 according to the label 300 (BGP_PEER) table is exchanged into the label 200.
  • the public network next hop 1.1.1.2 the direct route is found.
  • the public network label is not required to be encapsulated and sent to the ASBR2.
  • the ASBR2 receives the label packet and queries the label table according to the label 200. If you find the public network tunnel, you do not need to encapsulate the public network label and send it to PE2. PE2 receives the label packet and queries the label table. The packet is sent to VPN2. The private network routing table of VPN2 is queried according to the VPNID and IP header. Forward the packet to the destination.
  • the solution provided by the embodiment of the present invention after receiving the VPN routing update message, first determines whether a label needs to be allocated for the new VPN route, and only allocates the label when needed, and the related technology is after receiving the VPN routing update message. Compared with the new VPN route distribution label, the number of labels of the VPN route can be reduced, and the pressure of the ASBR is alleviated;
  • the RD and the source PE of the VPN network are used to determine whether the label is assigned to the route, that is, the ASBR allocates the same ingress label to the same route as the source PE, and the degree of label reduction can be enhanced.
  • the computer program can be implemented in a computer readable storage medium, the computer program being executed on a corresponding hardware platform (such as a system, device, device, device, etc.), when executed, including One or a combination of the steps of the method embodiments.
  • all or part of the steps of the above embodiments may also be implemented by using an integrated circuit. These steps may be separately fabricated into individual integrated circuit modules, or multiple modules or steps may be fabricated into a single integrated circuit module. achieve.
  • the devices/function modules/functional units in the above embodiments may be implemented by a general-purpose computing device, which may be centralized on a single computing device or distributed over a network of multiple computing devices.
  • each device/function module/functional unit in the above embodiment When each device/function module/functional unit in the above embodiment is implemented in the form of a software function module and sold or used as a stand-alone product, it can be stored in a computer readable storage medium.
  • the above mentioned computer readable storage medium may be a read only memory, a magnetic disk or an optical disk or the like.
  • the above technical solution can reduce the number of labels of VPN routes and alleviate ASBR pressure.

Abstract

A VPN router label allocation method, an ASBR, a PE and an allocation system. The method comprises: receiving a VPN route update message; judging whether to allocate a label to a new VPN router according to the VPN route update message; and if so, allocating a label to the new VPN router. In the technical solution, after a VPN route update message is received, whether a label needs to be allocated to a new VPN router first is judged at first, and the label is allocated merely when required. Compared with the related art where a label is allocated to a new VPN route immediately after a VPN route update message is received, the number of labels of a VPN router can be reduced, thereby relieving the pressure of an ASBR.

Description

VPN路由标签的分配方法、ASBR、PE及分配系统VPN routing label allocation method, ASBR, PE and distribution system 技术领域Technical field
本发明涉及网络通信领域,特别地涉及一种虚拟私有网VPN路由标签分配方法、ASBR、PE及分配系统。The present invention relates to the field of network communications, and in particular, to a virtual private network VPN routing label allocation method, an ASBR, a PE, and a distribution system.
背景技术Background technique
利用公网构建的私人专用网络称为虚拟私有网络(VPN,Virtual Private Network),属于一个VPN的站点site可能分别连接到不同的网关边缘设置PE上,为了保证VPN的连通性,我们必须在PE之间交换VPN路由信息。在组网应用中,用户VPN的多个Site可能会连接到多个ISP(Internet Service Provider,互联网服务提供商)的不同AS(Application Server,应用服务器)域,这种应用方式被称为跨域VPN。A private private network built using the public network is called a virtual private network (VPN). Sites belonging to one VPN may be connected to different gateways to set up PEs. To ensure VPN connectivity, we must be in PE. Exchange VPN routing information between. In a networking application, multiple sites of a user VPN may be connected to different AS (Application Server) domains of multiple ISPs (Internet Service Providers). This application mode is called cross-domain. VPN.
跨域VPN要解决LSP(Label Switched Path,标签交换路径)不能跨域的问题,关键在于ASBR(Autonomous System Boundy Router,自治系统边界路由器)的配置,在常用的MP-EBGP(EBGP Redistribution of labeled VPN-IPv4routes)组网方式中,要求每对直连的ASBR通过MP-EBGP交换它们从自己域内PE接收的标签VPNv4路由,在同域内ASBR与PE(Provider Edge,公网边缘设备)之间建立内部边界网关协议IBGP邻居,跨域ASBR之间建立外部边界网关协议EBGP邻居,ASBR在向同域内PE发布路由时需要将自身地址作为下一跳,ASBR之间也不能对接收到的VPNv4路由进行输入/输出目标Import/Export Targe过滤,ASBR之间是以MP-EBGP方式把标签VPNv4路由发布给对方的,在跨域VPN的流量中,ASBR之间传递的是带标签的VPNv4流量,可选的组网模型和路由标签通告、流量转发过程如图1所示。The cross-domain VPN needs to solve the problem that the LSP (Label Switched Path) cannot be cross-domain. The key is the configuration of the Autonomous System Boundy Router (ASBR). In the commonly used MP-EBGP (EBGP Redistribution of labeled VPN) In the networking mode of the IPv4 route, the ASBRs of each pair are required to exchange the label VPNv4 routes that they receive from the PEs in the own domain through the MP-EBGP, and establish an internal relationship between the ASBR and the PE (Provider Edge, the public network edge device) in the same domain. An external border gateway protocol EBGP neighbor is set up between the inter-AS and the ASBR. The ASBR needs to use its own address as the next hop when advertised routes to the PEs in the same domain. The ASBRs cannot enter the received VPNv4 routes. / Output destination Import/Export Targe filtering. The ASBRs advertise the label VPNv4 routes to the other party in the MP-EBGP mode. In the cross-domain VPN traffic, the labeled VPNv4 traffic is transmitted between the ASBRs. The networking model, route label advertisement, and traffic forwarding process are shown in Figure 1.
在MP-EBGP组网中,所有的本域和其他域的私网路由都要在ASBR上面维护,ASBR要为每一条VPNv4路由分配一个标签,ASBR压力较大,且随着VPN用户接入数量的增加,ASBR上面的标签数量也很容易超出规模,而且转发表项会占用大量内存,增加或者删除VPNv4路由需要广播至每个转发板,增加了ASBR系统负担。 On the MP-EBGP network, all the private network routes of the local and other domains must be maintained on the ASBR. The ASBR needs to assign a label to each VPNv4 route. The ASBR pressure is high, and the number of VPN users accesses. The number of labels on the ASBR is also easily exceeded. The forwarding entries consume a large amount of memory. Adding or deleting VPNv4 routes needs to be broadcast to each forwarding board, which increases the burden on the ASBR system.
因此,如何提供一种可减少VPN路由标签的方法,是本领域亟待解决的技术问题。Therefore, how to provide a method for reducing VPN routing labels is a technical problem to be solved in the field.
发明内容Summary of the invention
本发明实施例提供了一种VPN路由标签分配方法、ASBR、PE及分配系统,以解决如何减少VPN路由标签的技术问题。The embodiment of the invention provides a VPN route label distribution method, an ASBR, a PE, and a distribution system, to solve the technical problem of how to reduce the VPN route label.
为解决上述技术问题,本发明实施例提供了一种应用于自治系统边界路由器ASBR上的虚拟私有网路由标签分配方法,该方法包括:接收VPN路由更新消息;根据VPN路由更新消息判断是否为新VPN路由分配标签;根据判断结果,为新VPN路由分配新标签,或者确定新VPN路由的标签。To solve the above technical problem, an embodiment of the present invention provides a virtual private network route label allocation method applied to an autonomous system border router ASBR, the method comprising: receiving a VPN route update message; determining whether it is new according to a VPN route update message. The VPN route allocates a label; according to the judgment result, assigns a new label to the new VPN route, or determines a label of the new VPN route.
可选的,所述根据VPN路由更新消息判断是否为新VPN路由分配标签的步骤包括:检测VPN路由更新消息是否携带公网边缘设备PE标识,公网边缘设备PE标识为新VPN路由的源公网边缘设备PE的身份标识;若未携带公网边缘设备PE标识,则为新VPN路由分配标签。Optionally, the step of determining, according to the VPN routing update message, whether to assign a label to the new VPN route includes: detecting whether the VPN routing update message carries the public network edge device PE identifier, and the public network edge device PE identifier is the source of the new VPN route. The identity of the PE of the network edge device; if the PE identifier of the public network edge device is not carried, the label is assigned to the new VPN route.
可选的,上述方法还包括:若携带公网边缘设备PE标识,则提取公网边缘设备PE标识及新VPN路由的路由区分符RD,检测是否存在与公网边缘设备PE标识及新VPN路由的路由区分符RD同时匹配的标签,若不存在,则为新VPN路由分配标签,若存在,则将检测到的标签作为新VPN路由的标签。Optionally, the method further includes: if the PE identifier of the public network edge device is carried, the PE identifier of the public network edge device and the route identifier RD of the new VPN route are extracted, and the presence of the PE identifier and the new VPN route of the public network edge device are detected. The route identifier RD matches the label at the same time. If it does not exist, it assigns a label to the new VPN route. If it exists, the detected label is used as the label of the new VPN route.
可选的,所述身份标识包括源公网边缘设备PE的建链地址。Optionally, the identity identifier includes a link establishment address of the source public network edge device PE.
可选的,所述标签为新VPN路由的入标签。Optionally, the label is an ingress label of a new VPN route.
为解决上述技术问题,本发明实施例提供了一种应用于公网边缘设备PE上的虚拟私有网路由标签分配方法,该方法包括:当检测到虚拟私有网VPN内增加有新VPN路由时,检测标签分配配置;根据标签分配配置,生成并发送VPN路由更新消息。To solve the above technical problem, the embodiment of the present invention provides a method for allocating a virtual private network route label to a public network edge device PE. The method includes: when detecting a new VPN route in the virtual private network VPN, Detects the label allocation configuration; generates and sends a VPN routing update message according to the label allocation configuration.
可选的,所述标签分配配置包括是否配置每个VPN路由转发表VRF的每个标签;所述根据所述标签分配配置,生成VPN路由更新消息的步骤包括: 获取新VPN路由的源公网边缘设备PE的身份标识,并将其作为公网边缘设备PE标识增加到VPN路由更新消息中。Optionally, the label allocation configuration includes: configuring each label of each VPN routing forwarding table VRF; and the step of generating a VPN routing update message according to the label allocation configuration includes: The identity of the PE of the source public network edge device of the new VPN route is obtained, and is added to the VPN route update message as the public network edge device PE identifier.
为解决上述技术问题,本发明实施例提供了一种虚拟私有网路由标签分配方法,该方法包括:当公网边缘设备PE检测到虚拟私有网VPN内增加有新VPN路由时,检测标签分配配置,根据标签分配配置,生成并发送VPN路由更新消息;自治系统边界路由器ASBR接收并根据VPN路由更新消息,判断是否为新VPN路由分配标签,若需要,则为新VPN路由分配标签。To solve the above technical problem, the embodiment of the present invention provides a method for allocating a virtual private network route label, and the method includes: when the public network edge device PE detects that a new VPN route is added to the virtual private network VPN, detecting the label allocation configuration. According to the label allocation configuration, a VPN routing update message is generated and sent; the autonomous system border router ASBR receives and according to the VPN routing update message, determines whether to assign a label to the new VPN route, and if necessary, assigns a label to the new VPN route.
为解决上述技术问题,本发明实施例提供了一种自治系统边界路由器ASBR,该ASBR包括:接收模块,设置为接收VPN路由更新消息;判断模块,设置为根据VPN路由更新消息判断是否为新VPN路由分配标签;以及,分配模块,设置为当判断模块的判断结果为需要时,为新VPN路由分配标签。To solve the above technical problem, an embodiment of the present invention provides an autonomous system border router (ASBR), where the ASBR includes: a receiving module, configured to receive a VPN routing update message; and a determining module, configured to determine, according to the VPN routing update message, whether the new VPN is a new VPN a route distribution label; and an allocation module configured to allocate a label for the new VPN route when the judgment result of the determination module is required.
为解决上述技术问题,本发明实施例提供了一种公网边缘设备PE,该PE包括:检查模块,设置为当检测到虚拟私有网VPN内有新VPN路由增加时,检测标签分配配置;以及,发送模块,设置为根据标签分配配置,生成并发送VPN路由更新消息。To solve the above technical problem, the embodiment of the present invention provides a public network edge device PE, where the PE includes: an inspection module, configured to detect a label allocation configuration when a new VPN route is detected in the virtual private network VPN; The sending module is configured to generate and send a VPN routing update message according to the label allocation configuration.
为解决上述技术问题,本发明实施例提供了一种虚拟私有网VPN路由标签分配系统,其包括本发明实施例提供的ASBR及PE。To solve the above technical problem, an embodiment of the present invention provides a virtual private network VPN route label distribution system, which includes an ASBR and a PE provided by an embodiment of the present invention.
为解决上述技术问题,本发明实施例提供了一种计算机存储介质,所述计算机存储介质中存储有计算机可执行指令,所述计算机可执行指令用于执行上述方法。In order to solve the above technical problem, an embodiment of the present invention provides a computer storage medium, where the computer storage medium stores computer executable instructions, and the computer executable instructions are used to execute the foregoing method.
本发明实施例的有益效果: Advantageous effects of embodiments of the present invention:
本发明实施例提供的方案,在接收到VPN路由更新消息之后,先判断是否需要为新VPN路由分配标签,仅在需要时才分配标签,其与相关技术在接收到VPN路由更新消息之后即为新VPN路由分配标签相比,可以减少VPN路由的标签数量,缓解了ASBR的压力。The solution provided by the embodiment of the present invention, after receiving the VPN routing update message, first determines whether a label needs to be allocated for the new VPN route, and only allocates the label when needed, and the related technology is after receiving the VPN routing update message. Compared with the new VPN route distribution label, the number of labels of the VPN route can be reduced, and the pressure of the ASBR is alleviated.
附图概述BRIEF abstract
图1为相关技术中VPN网络、路由标签的示意图;1 is a schematic diagram of a VPN network and a routing label in the related art;
图2为本发明第一实施例提供的VPN路由标签分配方法的流程图;2 is a flowchart of a method for allocating a VPN route label according to the first embodiment of the present invention;
图3为本发明第二实施例提供的VPN路由标签分配方法的流程图;3 is a flowchart of a method for allocating a VPN route label according to a second embodiment of the present invention;
图4为本发明第二实施例中VPN网络、路由标签的示意图。4 is a schematic diagram of a VPN network and a routing label in a second embodiment of the present invention.
本发明的较佳实施方式Preferred embodiment of the invention
现结合附图对本发明实施例做出进一步的诠释说明。Further explanation of the embodiments of the present invention will be made in conjunction with the accompanying drawings.
第一实施例:First embodiment:
图2为本发明第一实施例提供的VPN路由标签分配方法的流程图,由图2可知,本发明实施例提供的VPN路由标签分配方法在ASBR上的体现包括以下步骤:FIG. 2 is a flowchart of a method for allocating a VPN route label according to the first embodiment of the present invention. As shown in FIG. 2, the embodiment of the method for allocating a VPN route label according to the embodiment of the present invention includes the following steps:
S201:接收VPN路由更新消息;S201: Receive a VPN route update message.
S202:根据VPN路由更新消息判断是否为新VPN路由分配标签;S202: Determine, according to the VPN routing update message, whether to allocate a label for the new VPN route.
可选的,步骤S202包括:检测VPN路由更新消息是否携带公网边缘设备PE标识,公网边缘设备PE标识为新VPN路由的源公网边缘设备PE的身份标识;若未携带,则为新VPN路由分配标签;若携带,则提取公网边缘设备PE标识及新VPN路由的路由区分符RD,检测是否存在与公网边缘设备PE标识及新VPN路由的路由区分符RD同时匹配的标签,若不存在,则为新VPN路由分配标签,若存在,则将检测到的标签作为新VPN路由的标签。Optionally, the step S202 includes: detecting whether the VPN routing update message carries the public network edge device PE identifier, and the public network edge device PE identifier is the identity identifier of the source public network edge device PE of the new VPN route; if not, the new The VPN route is assigned a label. If it is carried, the PE identifier of the public network edge device and the route identifier RD of the new VPN route are extracted, and the label matching the PE identifier of the public network edge device and the route identifier RD of the new VPN route is detected. If it does not exist, it assigns a label to the new VPN route. If it exists, it will use the detected label as the label of the new VPN route.
可选的,上述实施例中的身份标识包括源公网边缘设备PE的建链地址;当然,其也可以是源公网边缘设备PE(源PE)的唯一编码等其它可以确定 源PE的参数;Optionally, the identity identifier in the foregoing embodiment includes a link establishment address of the source public network edge device PE; of course, it may also be a unique code of the source public network edge device PE (source PE), and the like may be determined. Source PE parameters;
可替换的,步骤S202包括:检测VPN路由更新消息是否携带特殊标志(如字段等),或者特殊标志的内容,如携带特殊字段(或者特殊标志的内容为不需要)时,说明该VPN路由更新消息所对应的VPN路由已经有了标签,就不再为其分配标签,如没有携带特殊字段(或者特殊标志的内容为需要)时,就为其分配标签;Alternatively, step S202 includes: detecting whether the VPN routing update message carries a special flag (such as a field, etc.), or the content of the special flag, such as carrying a special field (or the content of the special flag is not required), indicating that the VPN routing update The VPN route corresponding to the message already has a label, and no longer assigns a label to it. If no special field is carried (or the content of the special flag is needed), the label is assigned to it;
S203:根据判断结果,为新VPN路由分配新标签,或者确定新VPN路由的标签。S203: According to the judgment result, assign a new label to the new VPN route, or determine a label of the new VPN route.
可选的,图2所示方法中的标签为新VPN路由的入标签。Optionally, the label in the method shown in Figure 2 is an ingress label of the new VPN route.
图2所示的方法是本发明实施例所提供的VPN路由标签分配方法在ASBR上的体现,那么,对应的,本发明实施例所提供的VPN路由标签分配方法在PE上的体现包括:The method shown in FIG. 2 is an embodiment of the VPN routing label allocation method provided by the embodiment of the present invention on the ASBR. Then, the embodiment of the VPN routing label allocation method provided by the embodiment of the present invention on the PE includes:
当检测到虚拟私有网VPN内增加有新VPN路由时,检测标签分配配置;When it is detected that a new VPN route is added to the virtual private network VPN, the label allocation configuration is detected;
根据标签分配配置,生成并发送VPN路由更新消息。A VPN routing update message is generated and sent according to the label allocation configuration.
可选的,上述实施例中的标签分配配置包括是否配置每个VPN路由转发表VRF的每个标签;当标签分配配置为配置每个VPN路由转发表VRF的每个标签时,生成VPN路由更新消息的步骤包括:获取新VPN路由的源公网边缘设备PE的身份标识,并将其作为公网边缘设备PE标识增加到VPN路由更新消息中。Optionally, the label allocation configuration in the foregoing embodiment includes: configuring each label of each VPN routing forwarding table VRF; generating a VPN routing update when the label allocation is configured to configure each label of each VPN routing forwarding table VRF The step of the message includes: obtaining the identity of the source public network edge device PE of the new VPN route, and adding it as the public network edge device PE identifier to the VPN route update message.
对应的,本发明实施例提供的虚拟私有网路由标签分配方法,在分配系统中的体现包括:发起端当检测到虚拟私有网VPN内增加有新VPN路由时,检测标签分配配置,根据标签分配配置,生成并发送VPN路由更新消息;处理端接收并根据VPN路由更新消息,判断是否为新VPN路由分配标签,若需要,则为新VPN路由分配标签。Correspondingly, the method for allocating the virtual private network route label in the embodiment of the present invention includes: when the initiator detects that a new VPN route is added to the virtual private network VPN, the detection label allocation configuration is configured according to the label. Configure, generate and send a VPN routing update message; the processing end receives and according to the VPN routing update message, determines whether to assign a label to the new VPN route, and if necessary, assigns a label to the new VPN route.
为了实现本发明实施例提供的虚拟私有网路由标签分配方法,本发明实施例对ASBR及PE均进行了改进,改进如下:In order to implement the virtual private network route label allocation method provided by the embodiment of the present invention, the ASBR and the PE are improved in the embodiment of the present invention, and the improvement is as follows:
本发明实施例提供的ASBR包括:The ASBR provided by the embodiment of the present invention includes:
接收模块,设置为接收VPN路由更新消息; a receiving module, configured to receive a VPN routing update message;
判断模块,设置为根据VPN路由更新消息判断是否为新VPN路由分配标签;The determining module is configured to determine, according to the VPN routing update message, whether to assign a label to the new VPN route;
分配模块,设置为当判断模块的判断结果为需要时,为新VPN路由分配标签。The allocation module is configured to allocate a label for the new VPN route when the judgment result of the determining module is required.
本发明实施例提供的PE包括:The PE provided by the embodiment of the present invention includes:
检查模块,设置为用于当检测到虚拟私有网VPN内增加有新VPN路由时,检测标签分配配置;The checking module is configured to detect a label allocation configuration when a new VPN route is added to the virtual private network VPN;
发送模块,设置为根据标签分配配置,生成并发送VPN路由更新消息。The sending module is configured to generate and send a VPN routing update message according to the label allocation configuration.
而本发明实施例提供的虚拟私有网VPN路由标签分配系统,则包括本发明实施例提供的ASBR及PE。The virtual private network VPN route label distribution system provided by the embodiment of the present invention includes the ASBR and the PE provided by the embodiment of the present invention.
第二实施例:Second embodiment:
现结合图3及图4通过应用实例对本发明实施例做进一步的诠释说明,图3为本发明第二实施例提供的VPN路由标签分配方法的流程图,图4为本发明第二实施例中VPN网络、路由标签的示意图,本实施例以MP-EBGP组网方式为例进行说明,那么,本发明实施例所涉及的VPN路由标签分配系统主要包括PE及ASBR,在本实施例中,假设VPN2网络已经包括路由A,其中ASBR1、ASBR2及PE2已经分别为路由A分配标签300、200、100。如图3所示,本发明第二实施例提供的VPN路由标签分配方法包括以下步骤:The embodiment of the present invention is further explained by using an application example in conjunction with FIG. 3 and FIG. 4. FIG. 3 is a flowchart of a method for allocating a VPN routing label according to a second embodiment of the present invention, and FIG. 4 is a second embodiment of the present invention. A schematic diagram of a VPN network and a routing label is used in the embodiment of the present invention. The VPN routing label allocation system in the embodiment of the present invention mainly includes a PE and an ASBR. In this embodiment, a hypothesis is assumed. The VPN2 network already includes the route A, and the ASBR1, the ASBR2, and the PE2 have respectively assigned the labels 300, 200, and 100 to the route A. As shown in FIG. 3, the VPN routing label allocation method provided by the second embodiment of the present invention includes the following steps:
S301:PE2检测到虚拟私有网VPN内增加有新VPN路由时,检测标签分配配置;S301: When detecting that a new VPN route is added to the virtual private network VPN, the PE2 detects the label allocation configuration.
本实施例以图4中与PE2连接的VPN2网络中新增加一个VPN路由为例,该新VPN路由B的地址为:10.4.0.2;且VPN2网络的标签分配配置为配置每个VRF的每个标签(为每个VPN路由转发表VRF分配一个入标签);In this embodiment, a new VPN route is added to the VPN2 network connected to the PE2 in FIG. 4, and the address of the new VPN route B is 10.4.0.2; and the label distribution of the VPN2 network is configured to configure each VRF. Label (allocate an ingress label for each VPN routing forwarding table VRF);
S302:PE2根据标签分配配置,生成并发送VPN路由更新消息;S302: The PE2 generates and sends a VPN routing update message according to the label allocation configuration.
因为标签分配配置为配置每个VRF的每个标签,那么,PE就需要获取新VPN路由的源公网边缘设备PE的身份标识(即PE2的身份标识,如PE2的建链地址:2.2.2.2),并将其作为公网边缘设备PE标识增加到VPN路由更新消息中(该消息中同时包括VPN2的RD:2:1),然后发送至ASBR2; Because the label allocation is configured to configure each label of each VRF, the PE needs to obtain the identity of the source public network edge device PE of the new VPN route (that is, the identity of the PE2, such as the establishment address of the PE2: 2.2.2.2 And add it as the public network edge device PE identifier to the VPN routing update message (this message also includes VPN2 RD: 2:1), and then sent to ASBR2;
同时,在PE2中,新VPN路由B的入标签也为100;At the same time, in PE2, the incoming label of the new VPN route B is also 100;
S303:ASBR2接收到VPN路由更新消息,根据VPN路由更新消息判断是否为新VPN路由分配标签;S303: The ASBR2 receives the VPN routing update message, and determines, according to the VPN routing update message, whether to allocate a label for the new VPN route.
因为ASBR2需要将VPN路由更新消息发送至ASBR1,就需要判断是否为新VPN路由分配入标签,可选的,步骤S303包括:Because the ASBR2 needs to send the VPN routing update message to the ASBR1, it is necessary to determine whether to assign a label to the new VPN route. Optionally, step S303 includes:
ASBR2检测VPN路由更新消息是否携带公网边缘设备PE标识;The ASBR2 detects whether the VPN routing update message carries the PE identifier of the public network edge device.
若未携带,则表示VPN网络的标签分配配置为没有配置每个VRF的每个标签,就需要为每个VPN路由分别配置标签,此时为新VPN路由分配标签;If it is not carried, it indicates that the label distribution of the VPN network is configured such that each label of each VRF is not configured, and each VPN route needs to be configured with a label, and the label is assigned to the new VPN route.
若携带,则表示VPN网络的标签分配配置为配置了每个VRF的每个标签,此时就需要进一步的判断ASBR是否已经为该VPN网络分配了标签,即执行下一步:If it is carried, it indicates that the label distribution of the VPN network is configured with each label of each VRF. In this case, it is necessary to further determine whether the ASBR has assigned a label to the VPN network, that is, perform the next step:
提取公网边缘设备PE标识及新VPN路由的路由区分符RD,检测是否存在与公网边缘设备PE标识及新VPN路由的路由区分符RD同时匹配的标签,若不存在,则说明ASBR没有为该VPN网络分配标签,此时就需要为新VPN路由分配标签,若存在,则说明ASBR已经为该VPN网络分配了标签,为了避免重复分别标签,将检测到的标签作为新VPN路由的标签;Extracting the PE identifier of the public network edge device and the route identifier RD of the new VPN route, and detecting whether there is a label that matches the PE identifier of the public network edge device and the route identifier RD of the new VPN route. If not, the ASBR is not The VPN network allocates a label. In this case, the label is assigned to the new VPN route. If it exists, the ASBR has already assigned a label to the VPN network. To avoid duplicate labels, the detected label is used as the label of the new VPN route.
在本实施例中,PE2发送的VPN路由更新消息中携带有PE2的建链地址(2.2.2.2)及路由区分符RD(2:1),ASBR2提取这些参数之后就进行查找,判断是否已经为VPN2分配了标签,因为ASBR2已经为VPN2中的VPN路由A分配了入标签200,就不要为VPN路由B重复分配标签,将入标签200作为新VPN路由B的入标签;In this embodiment, the VPN routing update message sent by the PE2 carries the link-building address (2.2.2.2) and the route identifier RD (2:1) of the PE2. After extracting the parameters, the ASBR2 searches for the parameter and determines whether it is already VPN2 assigns a label. Because ASBR2 has already assigned the ingress label 200 to VPN route A in VPN2, do not repeatedly assign labels to VPN route B, and use the ingress label 200 as the ingress label of the new VPN route B.
S304:ASBR2根据判断结果,为新VPN路由分配新标签,或者确定新VPN路由的标签;S304: ASBR2 allocates a new label to the new VPN route according to the judgment result, or determines a label of the new VPN route.
S305:ASBR2向ASBR1发送VPN路由更新消息,ASBR1处理VPN路由更新消息;S305: ASBR2 sends a VPN routing update message to ASBR1, and ASBR1 processes a VPN routing update message.
该步骤与步骤S303及S304类似,不再赘述;This step is similar to steps S303 and S304, and will not be described again.
S306:ASBR1向PE1发送VPN路由更新消息,PE1处理VPN路由更新 消息;S306: ASBR1 sends a VPN routing update message to PE1, and PE1 processes the VPN routing update. Message
在本实施例中,由于PE1不需要再把VPN2的路由信息通告出去,就不需要为新增路由分配入标签。In this embodiment, since PE1 does not need to advertise the routing information of VPN2, it is not necessary to assign a label to the newly added route.
在实际应用中,可以通过在ASBR及其他中转设备中设置BGP_PEER表来存储每个VPN网络的路由信息,供后续数据传输时使用;可选的BGP_PEER表包括:编号n(对应于VPN网络n)、RDn+源PEn、入标签n、下一跳n及出标签n等参数,那么,步骤S303就可以是查询是否存在与RD(2:1)及源PE(2.2.2.2)符合的BGP_PEER表,若存在BGP_PEER表n,则不需要为新VPN路由分配标签,将表n中的入标签n作为其入标签,若不存在BGP_PEER表n,则分配入标签。并新建BGP_PEER表。In practical applications, the BGP_PEER table can be set in the ASBR and other transit devices to store the routing information of each VPN network for subsequent data transmission. The optional BGP_PEER table includes: number n (corresponding to VPN network n) , RDn+ source PEn, inbound label n, next hop n, and outgoing label n, then step S303 may be to query whether there is a BGP_PEER table that matches RD (2:1) and source PE (2.2.2.2). If BGP_PEER table n exists, there is no need to assign a label to the new VPN route, and the ingress label n in table n is used as its ingress label. If there is no BGP_PEER table n, the label is assigned. And create a new BGP_PEER table.
现结合图1及图4对本发明实施例与相关技术的区别进行说明:The difference between the embodiment of the present invention and related technologies will be described with reference to FIG. 1 and FIG. 4:
如图1所示,当与PE2连接的VPN2网络采用每VPN每标签方式分配标签时,ASBR1、ASBR2上VPN2的路由转发信息是完全一样的,没必要为VPN2网络不同的路由分配不同的入标签,避免不必要的浪费。而在ASBR设备上,源PE建链地址可以指示出数据包需要发往的PE,RD可以指示出这个PE上面的VPN,因此,可以用RD+源PE建链地址作为私网转发的目标参数,根据这个目标参数统一转发至目的VPN,所以,为这个目标参数分配一个入标签就可以了,从而减少标签数量,加快收敛速度。As shown in Figure 1, when the VPN2 network connected to PE2 uses the label per VPN label, the route forwarding information of VPN2 on ASBR1 and ASBR2 is the same. It is not necessary to assign different ingress labels to different routes of the VPN2 network. To avoid unnecessary waste. On the ASBR, the source PE address can indicate the PE to which the packet needs to be sent. The RD can indicate the VPN on the PE. Therefore, the RD+ source PE can be used as the destination parameter for private network forwarding. According to this target parameter, it is uniformly forwarded to the destination VPN. Therefore, it is sufficient to assign an inbound label to this target parameter, thereby reducing the number of labels and speeding up the convergence.
如图4所示,本发明第二实施例中的基本配置为:PE1和ASBR1位于AS1中,PE2和ASBR2位于AS2中,VPN1需要跨域访问VPN2。VPN2的RD是2:1,里面有两个地址10.2.0.1,和10.4.0.2。采用MP-EBGP组网方式,PE2上VPN2配置每VPN每标签,PE2以loopback地址2.2.2.2与ASBR2的loopback地址2.1.1.1进行BGP建链,ASBR1以直连地址5.1.1.1与ASBR2的直连地址5.1.1.2进行BGP建链,ASBR1以loopack地址1.1.1.2与PE1的loopback地址1.1.1.1进行BGP建链,在PE1-ASBR1间、PE2-ASBR2间建立LDP隧道;As shown in FIG. 4, the basic configuration in the second embodiment of the present invention is: PE1 and ASBR1 are located in AS1, PE2 and ASBR2 are located in AS2, and VPN1 needs to access VPN2 across domains. The RD of VPN2 is 2:1, which has two addresses 10.2.0.1, and 10.4.0.2. In the MP-EBGP networking mode, VPN2 is configured with a per-VPN per-port for the VPN2. The PE2 uses the loopback address 2.2.2.2 to establish a BGP connection with the loopback address 2.1.1.1 of the ASBR2. The ASBR1 is directly connected to the ASBR2 with the directly connected address 5.1.1.1. BGP is established in the IP address of 5.1.1.2. The ASBR1 establishes BGP with the loopack address 1.1.1.2 and the loopback address 1.1.1.1 of the PE1. The LDP tunnel is established between PE1 and ASBR1 and between PE2 and ASBR2.
那么,在本实施例中,新增路由通告过程为:PE2上分配给VPN2的标签是100,PE2把路由2:1/10.2.0.1/32和2:1/10.4.0.2/32通告给ASBR2;ASBR2收到路由更新消息发现有源PE建链地址2.2.2.2,于是以2:1+2.2.2.2建立 BGP_PEER表,分配入标签200,并把这两条VPNv4路由用标签200、下一跳自己通告给ASBR1;ASBR1收到VPNv4路由更新消息发现有源PE建链地址2.2.2.2,于是以2:1+2.2.2.2建立BGP_PEER表,分配入标签300,并把这两条VPNv4路由用标签300、下一跳自己通告给PE1;PE1只需将路由信息导入VPN1,不需要再往外通告,也就不需要分配入标签;Then, in this embodiment, the new route advertisement process is: the label assigned to VPN2 on PE2 is 100, and PE2 advertises routes 2:1/10.2.0.1/32 and 2:1/10.4.0.2/32 to ASBR2. ;ASBR2 receives the routing update message and finds the active PE link establishment address 2.2.2.2, so 2:1+2.2.2.2 is established. The BGP_PEER table is assigned to the label 200, and the two VPNv4 routes are advertised to the ASBR1 by the label 200 and the next hop. The ASBR1 receives the VPNv4 route update message and discovers the active PE link establishment address 2.2.2.2, so 2:1 +2.2.2.2 Create a BGP_PEER table, assign it to the label 300, and advertise the two VPNv4 routes with the label 300 and the next hop to PE1. PE1 only needs to import the routing information into VPN1, and does not need to advertise it again. Need to be assigned a label;
在此基础上,采用本发明实施例所提供的标签分配方法后,VPN1到VPN2的数据转发过程包括:VPN1往VPN2发数据包,PE1接收到数据包查VPN1私网路由,封装私网标签300,并根据公网下一跳1.1.1.2找到公网隧道,不需要封装公网标签,发往ASBR1;ASBR1收到数据包的标签报文根据标签300查询标签(BGP_PEER)表,交换成标签200,根据公网下一跳1.1.1.2查找到直连路由,不需要封装公网标签,发往ASBR2;ASBR2收到标签报文根据标签200查询标签表,交换成标签100,根据公网下一跳2.2.2.2查找到公网隧道,不需要封装公网标签,发往PE2;PE2接收到标签报文,查询标签表,发现是发往VPN2,根据VPNID和IP头查询VPN2的私网路由表将数据包转发至目的地。On the basis of the label allocation method provided by the embodiment of the present invention, the data forwarding process of the VPN1 to the VPN2 includes: VPN1 sends a data packet to the VPN2, and the PE1 receives the data packet to check the VPN1 private network route, and encapsulates the private network label 300. And the public network tunnel is found according to the next hop 1.1.1.2 of the public network. The public network label is not required to be encapsulated and sent to the ASBR1. The label packet received by the ASBR1 according to the label 300 (BGP_PEER) table is exchanged into the label 200. According to the public network next hop 1.1.1.2, the direct route is found. The public network label is not required to be encapsulated and sent to the ASBR2. The ASBR2 receives the label packet and queries the label table according to the label 200. If you find the public network tunnel, you do not need to encapsulate the public network label and send it to PE2. PE2 receives the label packet and queries the label table. The packet is sent to VPN2. The private network routing table of VPN2 is queried according to the VPNID and IP header. Forward the packet to the destination.
综上可知,本发明实施例,至少存在以下有益效果:In summary, the embodiments of the present invention have at least the following beneficial effects:
本发明实施例提供的方案,在接收到VPN路由更新消息之后,先判断是否需要为新VPN路由分配标签,仅在需要时才分配标签,其与相关技术在接收到VPN路由更新消息之后即为新VPN路由分配标签相比,可以减少VPN路由的标签数量,缓解了ASBR的压力;The solution provided by the embodiment of the present invention, after receiving the VPN routing update message, first determines whether a label needs to be allocated for the new VPN route, and only allocates the label when needed, and the related technology is after receiving the VPN routing update message. Compared with the new VPN route distribution label, the number of labels of the VPN route can be reduced, and the pressure of the ASBR is alleviated;
另外,本发明实施例通过路由所属VPN网络的RD及源PE来判断是否为路由分配标签,也即实现了ASBR为RD和源PE相同的路由分配同一个入标签,可以增强标签的减少程度。In addition, in the embodiment of the present invention, the RD and the source PE of the VPN network are used to determine whether the label is assigned to the route, that is, the ASBR allocates the same ingress label to the same route as the source PE, and the degree of label reduction can be enhanced.
以上仅是本发明的具体实施方式而已,并非对本发明做任何形式上的限制。The above is only a specific embodiment of the present invention, and is not intended to limit the present invention in any way.
本领域普通技术人员可以理解上述实施例的全部或部分步骤可以使用计 算机程序流程来实现,所述计算机程序可以存储于一计算机可读存储介质中,所述计算机程序在相应的硬件平台上(如系统、设备、装置、器件等)执行,在执行时,包括方法实施例的步骤之一或其组合。One of ordinary skill in the art will appreciate that all or part of the steps of the above embodiments may be used. The computer program can be implemented in a computer readable storage medium, the computer program being executed on a corresponding hardware platform (such as a system, device, device, device, etc.), when executed, including One or a combination of the steps of the method embodiments.
可选地,上述实施例的全部或部分步骤也可以使用集成电路来实现,这些步骤可以被分别制作成一个个集成电路模块,或者将它们中的多个模块或步骤制作成单个集成电路模块来实现。Alternatively, all or part of the steps of the above embodiments may also be implemented by using an integrated circuit. These steps may be separately fabricated into individual integrated circuit modules, or multiple modules or steps may be fabricated into a single integrated circuit module. achieve.
上述实施例中的各装置/功能模块/功能单元可以采用通用的计算装置来实现,它们可以集中在单个的计算装置上,也可以分布在多个计算装置所组成的网络上。The devices/function modules/functional units in the above embodiments may be implemented by a general-purpose computing device, which may be centralized on a single computing device or distributed over a network of multiple computing devices.
上述实施例中的各装置/功能模块/功能单元以软件功能模块的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。上述提到的计算机可读取存储介质可以是只读存储器,磁盘或光盘等。When each device/function module/functional unit in the above embodiment is implemented in the form of a software function module and sold or used as a stand-alone product, it can be stored in a computer readable storage medium. The above mentioned computer readable storage medium may be a read only memory, a magnetic disk or an optical disk or the like.
工业实用性Industrial applicability
上述技术方案可以减少VPN路由的标签数量,缓解ASBR压力。 The above technical solution can reduce the number of labels of VPN routes and alleviate ASBR pressure.

Claims (14)

  1. 一种应用于自治系统边界路由器ASBR上的虚拟私有网VPN路由标签分配方法,包括:A virtual private network VPN routing label allocation method applied to an autonomous system border router ASBR includes:
    接收VPN路由更新消息;Receiving a VPN routing update message;
    根据所述VPN路由更新消息判断是否为新VPN路由分配标签;Determining whether to assign a label to the new VPN route according to the VPN routing update message;
    根据判断结果,为所述新VPN路由分配新标签,或者确定所述新VPN路由的标签。According to the judgment result, a new label is allocated for the new VPN route, or a label of the new VPN route is determined.
  2. 如权利要求1所述的方法,其中,所述根据所述VPN路由更新消息判断是否为新VPN路由分配标签包括:The method of claim 1, wherein the determining, according to the VPN routing update message, whether to assign a label to a new VPN route comprises:
    检测所述VPN路由更新消息是否携带公网边缘设备PE标识,所述公网边缘设备PE标识为新VPN路由的源公网边缘设备PE的身份标识;若未携带公网边缘设备PE标识,则为新VPN路由分配标签。Detecting whether the VPN routing update message carries the public network edge device PE identifier, and the public network edge device PE identifier is the identity of the source public network edge device PE of the new VPN route; if the public network edge device PE identifier is not carried, Assign labels to new VPN routes.
  3. 如权利要求2所述的方法,所述方法还包括:The method of claim 2, the method further comprising:
    若携带公网边缘设备PE标识,则提取所述公网边缘设备PE标识及所述新VPN路由的路由区分符RD,检测是否存在与所述公网边缘设备PE标识及新VPN路由的路由区分符RD同时匹配的标签,若不存在,则为新VPN路由分配标签,若存在,则将检测到的标签作为所述新VPN路由的标签。If the public network edge device PE identifier is carried, the public network edge device PE identifier and the new VPN route route identifier RD are extracted, and the route identifier of the public network edge device PE identifier and the new VPN route is detected. The label that matches RD at the same time, if not, assigns a label to the new VPN route. If it exists, the detected label is used as the label of the new VPN route.
  4. 如权利要求2所述的方法,其中,所述身份标识包括源公网边缘设备PE的建链地址。The method of claim 2, wherein the identity identifier comprises a chain-building address of the source public network edge device PE.
  5. 如权利要求1至4任一项所述的方法,其中,所述标签为所述新VPN路由的入标签。The method of any of claims 1 to 4, wherein the tag is an incoming tag of the new VPN route.
  6. 一种应用于公网边缘设备PE上的虚拟私有网VPN路由标签分配方法,包括:A virtual private network VPN routing label allocation method applied to a PE of a public network edge device includes:
    当检测到虚拟私有网VPN内增加有新VPN路由时,检测标签分配配置;When it is detected that a new VPN route is added to the virtual private network VPN, the label allocation configuration is detected;
    根据所述标签分配配置,生成并发送VPN路由更新消息。A VPN routing update message is generated and sent according to the label allocation configuration.
  7. 如权利要求6所述的方法,其中,The method of claim 6 wherein
    所述标签分配配置包括: The label distribution configuration includes:
    是否配置每个VPN路由转发表VRF的每个标签;Whether to configure each label of each VPN routing forwarding table VRF;
    所述根据所述标签分配配置,生成所述VPN路由更新消息包括:获取所述新VPN路由的源公网边缘设备PE的身份标识,并将其作为公网边缘设备PE标识增加到所述VPN路由更新消息中。The generating the VPN routing update message according to the label allocation configuration includes: acquiring an identity of the source public network edge device PE of the new VPN route, and adding the public network edge device PE identifier to the VPN In the routing update message.
  8. 一种虚拟私有网VPN路由标签分配方法,包括:A virtual private network VPN routing label allocation method includes:
    当公网边缘设备PE检测到虚拟私有网VPN内增加有新VPN路由时,检测标签分配配置,根据所述标签分配配置,生成并发送VPN路由更新消息;When the public network edge device PE detects that a new VPN route is added to the virtual private network VPN, detecting a label allocation configuration, and generating and sending a VPN routing update message according to the label allocation configuration;
    自治系统边界路由器ASBR接收并根据所述VPN路由更新消息,判断是否为所述新VPN路由分配标签,若需要,则为所述新VPN路由分配标签。The autonomous system border router ASBR receives and according to the VPN route update message, determines whether to assign a label to the new VPN route, and if necessary, assigns a label to the new VPN route.
  9. 一种自治系统边界路由器ASBR,包括:An autonomous system border router ASBR, including:
    接收模块,设置为接收虚拟私有网VPN路由更新消息;a receiving module, configured to receive a virtual private network VPN routing update message;
    判断模块,设置为根据所述VPN路由更新消息判断是否为新VPN路由分配标签;以及,a determining module, configured to determine, according to the VPN routing update message, whether to assign a label to a new VPN route; and,
    分配模块,设置为根据判断结果,为所述新VPN路由分配新标签,或者确定所述新VPN路由的标签。The allocating module is configured to allocate a new label for the new VPN route according to the judgment result, or determine a label of the new VPN route.
  10. 一种公网边缘设备PE,包括:A public network edge device PE includes:
    检查模块,设置为当检测到虚拟私有网VPN内增加有新VPN路由时,检测标签分配配置;以及,The checking module is configured to detect a label allocation configuration when a new VPN route is added to the virtual private network VPN; and
    发送模块,设置为根据所述标签分配配置,生成并发送VPN路由更新消息。The sending module is configured to generate and send a VPN routing update message according to the label allocation configuration.
  11. 一种虚拟私有网VPN路由标签分配系统,包括如权利要求9所述的自治系统边界路由器ASBR及如权利要求10所述的公网边缘设备PE。A virtual private network VPN routing label allocation system, comprising the autonomous system border router ASBR according to claim 9 and the public network edge device PE according to claim 10.
  12. 一种计算机存储介质,所述计算机存储介质中存储有计算机可执行指令,所述计算机可执行指令用于执行权利要求1~5中任一项所述的方法。A computer storage medium having stored therein computer executable instructions for performing the method of any one of claims 1 to 5.
  13. 一种计算机存储介质,所述计算机存储介质中存储有计算机可执行指令,所述计算机可执行指令用于执行权利要求6~7中任一项所述的方法。A computer storage medium having stored therein computer executable instructions for performing the method of any one of claims 6-7.
  14. 一种计算机存储介质,所述计算机存储介质中存储有计算机可执行指令,所述计算机可执行指令用于执行权利要求8所述的方法。 A computer storage medium having stored therein computer executable instructions for performing the method of claim 8.
PCT/CN2015/073970 2014-10-30 2015-03-11 Vpn route label allocation method, asbr, pe and allocation system WO2015184876A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410603701.4A CN105634950B (en) 2014-10-30 2014-10-30 Distribution method, ASBR, PE and distribution system
CN201410603701.4 2014-10-30

Publications (1)

Publication Number Publication Date
WO2015184876A1 true WO2015184876A1 (en) 2015-12-10

Family

ID=54766102

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/073970 WO2015184876A1 (en) 2014-10-30 2015-03-11 Vpn route label allocation method, asbr, pe and allocation system

Country Status (2)

Country Link
CN (1) CN105634950B (en)
WO (1) WO2015184876A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109889445B (en) * 2019-01-16 2021-06-29 烽火通信科技股份有限公司 BGP-LSP implementation system and method based on distributed platform

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060215578A1 (en) * 2005-03-25 2006-09-28 Lucent Technologies Inc. Method for optimal assignment of customer edge (CE) routers to virtual private network route forwarding (VRF) tables
CN101106519A (en) * 2006-07-12 2008-01-16 华为技术有限公司 Distribution method for boundary routers of autonomous system and boundary router
CN101237376A (en) * 2008-01-24 2008-08-06 华为技术有限公司 A label acquisition method of virtual private network and independent system boundary routing device
CN101616093A (en) * 2009-07-17 2009-12-30 福建星网锐捷网络有限公司 A kind of user access multi-homing network implementation approach, device and the network equipment
CN101692669A (en) * 2009-07-23 2010-04-07 中兴通讯股份有限公司 Method and device for virtual private network label distribution
CN102932231A (en) * 2012-11-28 2013-02-13 杭州华三通信技术有限公司 Method for reducing update messages and service provider network edge device

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102195871B (en) * 2011-01-07 2014-02-19 北京华为数字技术有限公司 Method for controlling service traffic forwarding path in multi-protocol label switch (MPLS) virtual private network (VPN)
CN102624623B (en) * 2012-03-13 2015-07-22 杭州华三通信技术有限公司 Virtual private network (VPN) routing information publication method and equipment
CN103095578B (en) * 2013-01-29 2015-09-30 杭州华三通信技术有限公司 Routing iinformation control method in MPLS L3VPN network and PE equipment

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060215578A1 (en) * 2005-03-25 2006-09-28 Lucent Technologies Inc. Method for optimal assignment of customer edge (CE) routers to virtual private network route forwarding (VRF) tables
CN101106519A (en) * 2006-07-12 2008-01-16 华为技术有限公司 Distribution method for boundary routers of autonomous system and boundary router
CN101237376A (en) * 2008-01-24 2008-08-06 华为技术有限公司 A label acquisition method of virtual private network and independent system boundary routing device
CN101616093A (en) * 2009-07-17 2009-12-30 福建星网锐捷网络有限公司 A kind of user access multi-homing network implementation approach, device and the network equipment
CN101692669A (en) * 2009-07-23 2010-04-07 中兴通讯股份有限公司 Method and device for virtual private network label distribution
CN102932231A (en) * 2012-11-28 2013-02-13 杭州华三通信技术有限公司 Method for reducing update messages and service provider network edge device

Also Published As

Publication number Publication date
CN105634950B (en) 2019-06-11
CN105634950A (en) 2016-06-01

Similar Documents

Publication Publication Date Title
US10091176B2 (en) Enhanced EVPN MAC route advertisement having MAC (L2) level authentication, security and policy control
US9762490B2 (en) Content filtering for information centric networks
US11032183B2 (en) Routing information validation in SDN environments
US9973469B2 (en) MAC (L2) level authentication, security and policy control
US10397066B2 (en) Content filtering for information centric networks
CN106453025B (en) Tunnel creation method and device
WO2021196717A1 (en) Multicast traffic transmission method and apparatus, communication node, and storage medium
US10103902B1 (en) Auto-discovery of replication node and remote VTEPs in VXLANs
US10454818B2 (en) CCN name chaining
US9860169B1 (en) Neighbor resolution for remote EVPN hosts in IPV6 EVPN environment
WO2016066072A1 (en) Method and device for realizing communication between nvo3 network and mpls network
WO2017128656A1 (en) Virtual private network (vpn) service optimization method and device
EP3188422B1 (en) Traffic black holing avoidance and fast convergence for active-active pbb-evpn redundancy
US20100027549A1 (en) Method and apparatus for providing virtual private network identifier
WO2015165311A1 (en) Method for transmitting data packet and provider edge device
WO2015192501A1 (en) Address information publishing method and apparatus
US20120144031A1 (en) System for network deployment and method for mapping and data forwarding thereof
CN104660508A (en) Message forwarding method and device
WO2017133647A1 (en) Packet processing method, traffic classifier, and service function instance
WO2011035703A1 (en) Method and device for accessing internet protocol (ip)/layer-3 virtual private network (l3vpn) by layer-2 virtual private network (l2vpn)
EP3151477B1 (en) Fast path content delivery over metro access networks
WO2013182061A1 (en) Network label distribution method, device and system
WO2017193733A1 (en) Route propagation method, and node
US9973578B2 (en) Real time caching efficient check in a content centric networking (CCN)
WO2013139270A1 (en) Method, device, and system for implementing layer3 virtual private network

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15802945

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15802945

Country of ref document: EP

Kind code of ref document: A1