WO2018040614A1 - 建立虚拟专用网标签交换路径方法、相关设备和系统 - Google Patents
建立虚拟专用网标签交换路径方法、相关设备和系统 Download PDFInfo
- Publication number
- WO2018040614A1 WO2018040614A1 PCT/CN2017/084374 CN2017084374W WO2018040614A1 WO 2018040614 A1 WO2018040614 A1 WO 2018040614A1 CN 2017084374 W CN2017084374 W CN 2017084374W WO 2018040614 A1 WO2018040614 A1 WO 2018040614A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- vpn
- address
- egress
- primary
- standby
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/50—Routing or path finding of packets in data switching networks using label swapping, e.g. multi-protocol label switch [MPLS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/28—Routing or path finding of packets in data switching networks using route fault recovery
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/25—Routing or path finding in a switch fabric
- H04L49/253—Routing or path finding in a switch fabric using establishment or release of connections between ports
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/30—Peripheral units, e.g. input or output ports
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/35—Switches specially adapted for specific applications
- H04L49/354—Switches specially adapted for specific applications for supporting virtual local area networks [VLAN]
Definitions
- Embodiments of the present invention relate to the field of information technology, and, more particularly, to a method, a related device, and a system for establishing a virtual private network label switching path.
- a virtual private network (English: Virtual Private Network, VPN for short) is a private network established on a public network.
- VPN has the advantages of good privacy, high flexibility, and strong scalability. As a result, more and more businesses are building their own VPNs on public networks.
- Multi-Protocol Label Switching (English: Multiplex-Protocol Label Switching, MPLS) VPN is a VPN technology based on MPLS technology.
- MPLS Multiplex-Protocol Label Switching
- the MPLS VPN model usually includes the following three types of devices: the carrier edge (English: Provider Edge, PE for short), the carrier (English: Provider, P: abbreviation: P) device, and the user edge (English: Customer Edge) device.
- a PE device and a P device are devices in a carrier network that provides VPN services.
- the CE device is a device in the customer network to which the VPN service is applied.
- the customer network may also include other devices, such as terminal devices.
- a PE device that passes data when it enters the VPN can be called an ingress PE device.
- the PE device that passes the data when it leaves the VPN can be called an egress PE device. It can be understood that the ingress PE device and the egress PE device are related to the transmission direction of the data. If the data is transmitted in the opposite direction, the ingress PE device and the egress PE device are also reversed.
- the primary egress PE device can work normally, the data entering the VPN from the ingress PE device can leave the VPN from the primary egress PE device.
- the primary egress PE device fails to forward data, the data from the ingress PE device entering the VPN can be switched to the standby egress PE device leaving the VPN.
- each egress PE device After the configuration is complete, each egress PE device will issue its own VPN route.
- the ingress PE device can form a VPN route protection group by exporting VPN routes advertised by the PE device.
- the P device can send data between the P device and the ingress PE device to the standby PE after the primary device is faulty.
- the ingress PE device After the ingress PE device detects that the primary egress PE device is faulty, the ingress PE device also switches the sent data to the standby egress PE.
- the identity of the egress PE device is configured on the egress PE device when the egress PE device is configured (that is, whether the PE device is the primary egress PE device or the standby egress PE device).
- the ingress PE also configures the identity of the egress PE device.
- the identity of the egress PE device configured by the ingress PE device may be different from the identity of the egress PE device configured on the egress PE device, which may result in failure to form a VPN route protection group.
- the embodiments of the present invention provide a method for establishing a virtual private network label switching path, a related device, and a system, which can avoid a large number of configurations on the egress PE to establish a VPN LSP.
- the embodiment of the present invention provides a method for establishing a VPN LSP, where the method includes: the first PE device receives the protection information sent by the second PE device, where the protection information includes a virtual next hop vNH; The PE device issues a VPN LSP setup message to the second PE device, where the VPN LSP setup message is used to indicate that the VPN LSP is established with the vNH as the tail endpoint.
- the first PE device is an egress PE device of the VPN LSP.
- the second PE device is an ingress PE device of the VPN LSP.
- the egress PE device can establish the VPN LSP according to the vNH sent by the ingress PE device. This avoids a large number of configurations on the egress PE to establish a VPN LSP.
- the protection information further includes an identity indication information and a primary VPN label, where the identity indication information is used to indicate that the identity of the first PE device is a primary egress PE
- the device or the standby PE device the primary VPN label is a VPN label allocated by the primary egress PE device to the route of the destination user edge CE device;
- the method further includes: determining, by the first PE device, the first indication according to the identity indication information
- the identity of a PE device is the backup PE device; the first PE device establishes an association relationship between the standby VPN label and the primary VPN label, where the standby VPN label is the first PE device that is allocated to the route of the destination CE. VPN label.
- the first PE device may determine that the identity of the first PE device is a standby PE device. In this way, in the case that the primary PE device is faulty, the traffic can be switched to the first PE device, and the first PE device can send the received packet to the destination CE device of the packet.
- the primary egress PE device and the egress egress PE device are specified by the ingress PE device, which can avoid the primary egress PE device and the egress egress PE device determined by the ingress PE device and the primary egress PE device configured on the egress PE device. Different conditions occur in the standby PE equipment.
- the first PE device establishes an association relationship between the standby VPN label and the primary VPN label, including: the first The PE device generates a VPN label switching table, where the VPN label switching table corresponds to the vNH, and the inbound label of the VPN label switching table is the primary VPN label, and the outgoing label of the VPN label switching table is the standby VPN label. In this way, the first PE device can directly determine the standby VPN label associated with the primary VPN label by directly looking up the table.
- the identity indication information includes the standby PE device The Internet Protocol IP address
- the first PE device determines, according to the identity indication information, that the first PE device is the standby PE device, and the first PE device determines the IP address of the standby PE device and the first If the IP addresses of the PEs are the same, the first PE device is determined to be the standby PE device. In this way, the first PE device can directly determine whether the first PE device is the standby PE device by using the IP address of the first PE device, and no need to allocate another identifier to the first PE device.
- the method further includes: the first PE device determining the first metric value, where the first metric value is greater than the second metric value, the second The metric is determined by the primary egress PE device; the first PE device issues the first metric to the second PE device.
- the primary egress PE device is not faulty, the device in the carrier network where the first PE device is located may determine the next hop PE device according to the metric value when determining the next hop PE device of the received packet.
- the received message is sent to the primary egress PE device.
- the method before the first PE device receives the protection information sent by the second PE device, the method further includes: the first PE device sending the at least one IP address to the second PE device, where the vNH is the at least one IP An IP address in the address.
- the vNH is an IP address preset in the first PE device. At the same time, it is not necessary to set an IP address that may be a vNH in the second PE device. In this way, the settings in the second PE device can be simplified.
- the protection information may further include the identity indication information, where the identity indication information is used to indicate that the identity of the first PE device is a primary egress PE device, where The method may further include: determining, by the first PE device, that the first PE device is a primary egress PE device according to the identity indication information. In this way, the first PE device can serve as the primary egress PE device of the VPN LSP, and forward the received packet to the destination CE device of the packet.
- the identity indication information may include an IP address of the primary egress PE device, where the first PE device may determine If the IP address of the first PE device is the same as the IP address of the primary egress PE device, the identity of the first PE device is determined to be the primary egress PE device, and the PE device is not required to be assigned other identifiers.
- the identity indication information may include a first identifier, where the first identifier is used to indicate that the identity indication information is received
- the PE device is the standby PE device.
- the length of the field carrying the first identifier in the foregoing technical solution may be shorter than the length of the field used to carry the IP address. In this way, the length of the field of the identity indication information can be shortened.
- the identity indication information may include a second identifier, where the second identifier is used to indicate that the identity indication information is received
- the PE device is the primary egress PE device.
- the length of the field carrying the second identifier in the foregoing technical solution may be shorter than the length of the field used to carry the IP address. In this way, the length of the field of the identity indication information can be shortened.
- the protection information is carried by the first marginal gateway protocol BGP message.
- the at least one IP address is carried by the second BGP message.
- the embodiment of the present invention provides a method for establishing a VPN LSP, where the method includes: a second carrier edge PE device determines a virtual next hop vNH; and the second PE device sends protection information to the first PE device, where The protection information includes the vNH, the first PE device is a primary egress PE device or a backup egress PE device, and the second PE device receives a VPN LSP establishment message advertised by the first PE device, where the VPN LSP establishment message is used to indicate that vNH establishes a VPN LSP for the tail endpoint.
- the second PE device is an ingress PE device of the VPN LSP.
- the second PE device may designate a vNH as the tail end point of the established VPN LSP and send it to the primary egress PE device and the standby egress PE device of the VPN LSP to be established.
- a large number of configurations on the primary egress PE device and the egress egress PE device can be avoided to ensure that the vNH used by the two PE devices is consistent.
- the protection information further includes the identity indication information, where the identity indication information is used to indicate that the identity of the first PE device is the primary egress PE device or the Prepare for export of PE equipment.
- the primary egress PE device and the egress egress PE device of the VPN LSP can be directly specified by the first PE device, which can prevent the primary egress PE device and the standby egress PE device determined by the ingress PE device from being on the egress PE device.
- the configuration occurs when the primary egress PE device is different from the standby egress PE device.
- the protection information further includes a primary VPN label, where the primary VPN label is the primary egress PE device The VPN label assigned by the edge CE route.
- the backup PE device can generate an association relationship between the primary VPN label and the standby VPN label according to the primary VPN label, so that the VPN LSP protection path can be formed.
- the identity indication information includes an IP address of the standby PE device.
- the second PE device can directly indicate whether the first PE device is the standby PE device by using the IP address of the first PE device, and no need to allocate another identifier to the first PE device.
- the method further includes: the second The PE device receives the first IP address set sent by the primary egress PE device, the first IP address set includes at least one IP address, and the second PE device receives the second IP address set sent by the standby egress PE device, where the second The IP address set includes at least one IP address; the second PE device determines an address pool, where the address pool is an intersection of the first IP address set and the second IP address set; and the second PE device determines vNH, including: the The second PE device determines an IP address from the address pool as the vNH.
- the vNH is an IP address preset in the first PE device. At the same time, it is not necessary to set an IP address that may be a vNH in the second PE device. In this way, the settings in the second PE device can be simplified.
- the identity indication information includes an IP address of the primary egress PE device.
- the second PE device can directly indicate whether the first PE device is the primary egress PE device by using the IP address of the first PE device, and no need to allocate another identifier to the first PE device.
- the identity indication information is used to indicate that the identity indication information is received.
- the PE device is the first identifier of the standby PE device.
- the length of the field carrying the first identifier in the foregoing technical solution may be shorter than the length of the field used to carry the IP address. In this way, the length of the field of the identity indication information can be shortened.
- the identity indication information is used to indicate that the identity indication information is received.
- the PE device is the second identifier of the primary egress PE device.
- the length of the field carrying the first identifier in the foregoing technical solution may be shorter than the length of the field used to carry the IP address. In this way, the length of the field of the identity indication information can be shortened.
- the protection information is carried by the first marginal gateway protocol BGP message.
- the at least one IP address is carried by the second BGP message.
- an embodiment of the present invention further provides a PE device, where the PE device includes a unit that performs each step of the method shown in the first aspect.
- an embodiment of the present invention further provides a PE device, where the PE device includes a unit that performs each step of the method shown in the second aspect.
- the embodiment of the present invention further provides a system for establishing a VPN LSP, where the system includes the PE device of the third aspect and the PE device of the fourth aspect.
- Figure 1 is a schematic diagram of a network model.
- FIG. 2 is a schematic flowchart of a method for establishing a VPN LSP according to the present invention.
- Figure 3 is a schematic diagram of the NLRI field.
- FIG. 4 is a structural block diagram of a PE device according to an embodiment of the present invention.
- FIG. 5 is a structural block diagram of a PE device according to an embodiment of the present invention.
- FIG. 6 is a structural block diagram of a PE device according to an embodiment of the present invention.
- FIG. 7 is a schematic diagram of a system for establishing a VPN LSP according to an embodiment of the present invention.
- the MPLS VPN uses the label (English: Label) for forwarding.
- Tags can be divided into inner tags (also known as bottom tags or private tags) and outer tags (also known as top tags or public tags).
- the outer label is used to form a tunnel for data transmission between the PE devices, and the inner label is used for the PE device to distinguish different VPN user data.
- a label switching path (English: Label Switched Path, LSP, or tunnel) is formed between the ingress PE device and the egress PE device.
- the MPLS VPN can support different protocols, such as the Border Gateway Protocol (BGP) and the Label Distribution Protocol (LDP). Therefore, LSPs can also be called BGP LSPs, LDP LSPs, etc., depending on the supported protocols.
- BGP Border Gateway Protocol
- LDP Label Distribution Protocol
- the VPN LSP referred to in the embodiment of the present invention is a general term for the foregoing LSP. That is, the VPN LSP can be any one of a BGP LSP, an LDP LSP, and the like.
- the VPN LSP corresponds to the outer label.
- the ingress PE device allocates the corresponding outer label and inner label for the data, and sends the data to the egress PE device by using the VPN LSP corresponding to the outer label.
- the P device along the VPN LSP only processes the outer label, and the P device ignores the inner label.
- the inner label is only processed by the PE device.
- the PE device further processes the data according to the inner label. Specifically, after receiving the data packet through the VPN LSP, the egress PE device may determine whether the inner label in the data packet is an inner label allocated to the egress PE device. If yes, the packet is forwarded to the corresponding CE device.
- a label or VPN label referred to in the present invention refers to an inner label.
- FIG. 1 is a schematic diagram of a network.
- the network 100 shown in FIG. 1 includes a CE 101, a CE 102, a PE 110, a PE 111, a PE 120, and a P 130. It can be understood that the network 100 can be part of an operator network, which can also include other P devices and PE devices.
- FIG. 2 is a schematic flowchart of a method for establishing a VPN LSP according to the present invention.
- the PE 120 determines a virtual next hop (English: virtual Next Hoop, abbreviated as: vNH).
- the PE 120 may receive an Internet Protocol (IP) address of the PE 110 sent by the PE 110, and a first IP address set, where the first IP address set includes at least An IP address.
- IP Internet Protocol
- the PE 120 can also receive the IP address and the second IP address set of the PE 111 sent by the PE 111, where the second IP address set includes at least one IP address.
- the first IP address set and the IP address included in the second IP address set do not belong to an IP address of any network device in the carrier network.
- the first set of IP addresses is pre-configured on the PE 110.
- the second set of IP addresses is pre-configured on the PE 111.
- the PE 120 may determine an address pool, which is an intersection of the first IP address set and the second IP address set, the address pool including at least one IP address.
- the PE 120 can determine an IP address from the address pool as the vNH.
- the vNH is an IP address or IP address prefix used to establish a VPN LSP.
- an address pool may be directly configured on the PE 120, where the address pool includes at least one IP address.
- the intersection of the IP address set consisting of the IP addresses of all network devices in the carrier network and the address pool is an empty set.
- PE 110 may send the IP address of PE 110 to PE 120, which may send the IP address of PE 111 to PE 120.
- the PE 120 can determine an IP address from the address pool as the vNH.
- the IP addresses of the PE 110 and the PE 111 and the address pool may be directly configured in the PE 120.
- the PE 120 can directly obtain the IP of the pre-configured PE 110 and the PE 111 and the address pool.
- the PE 120 can determine the primary egress PE device and the standby egress PE device from the PE 110 and the PE 111.
- the PE 120 determines that the PE 110 is the primary egress PE device, and determines that the PE 111 is the standby egress PE device.
- the PE 120 can determine that the PE 110 is the primary egress PE device according to the pre-determination, and determine that the PE 111 is the standby egress PE device.
- the PE 120 may determine the primary egress PE device and the standby egress PE device by enabling VPN Fast Reroute (FRR).
- the VPN FRR can select the primary egress PE device and the standby egress PE device through the matching policy.
- the VPN FRR can also fill in the routing information of the primary egress PE device and the routing information of the standby egress PE device in the forwarding entry.
- the routing information of the primary egress PE device includes information such as an IP address of the primary egress PE device and a VPN label (hereinafter referred to as a primary VPN label) allocated by the primary egress PE device to the destination CE.
- the routing information of the standby PE device includes the IP address of the standby PE device and the VPN label assigned to the destination CE by the standby PE device (hereinafter referred to as the standby VPN label).
- the forwarding entry may also include information such as a VPN prefix, a destination IP address, and a protocol type. It can be understood that the routing information of the primary egress PE device may be determined by the primary egress PE device when the VPN device joins the VPN, and the routing information of the standby egress PE device may be at the standby egress. When the PE device joins the VPN, it is determined and issued by the standby PE device. In addition, when the primary egress PE device and the standby egress PE device issue their own routing information, the VPN prefix can also be advertised at the same time.
- the PE 120 may directly determine the primary egress PE device and the standby egress PE device.
- the primary egress PE device and the standby egress PE device IP address and/or VPN tag can be configured directly in the PE 120. If the PE 120 obtains the IP address or the primary VPN label of the primary egress PE device, it determines that the PE device that sends the IP address or the VPN label is the primary egress PE device. If the PE 120 obtains the IP address or the standby VPN label of the standby PE device, the PE device that sends the IP address or the VPN label is the standby PE device. Similarly, the primary egress PE device and the standby egress PE device may each be in the form of issuing routing information.
- the IP address and VPN label are sent to the PE 120.
- the VPN prefix can also be advertised at the same time. After obtaining the routing information and the VPN prefix of the primary egress PE device and the standby egress PE device, the PE 120 may fill in the corresponding content in the forwarding item.
- the PE 120 sends protection information to the target PE device, where the protection information may include vNH.
- the target PE device may be the primary egress PE device and/or the standby egress PE device.
- the PE 120 may send the protection information to the PE 110.
- the PE 110 may advertise a VPN LSP establishment message to the PE 120, where the VPN LSP establishment message is used to indicate that the VPN LSP is established with the vNH as the tail end.
- the PE 120 may send the protection information to the PE 111, and after receiving the protection information, the PE 111 may advertise a VPN LSP establishment message to the PE 120, where the VPN LSP establishment message is used to indicate The vNH establishes a VPN LSP for the tail endpoint.
- the protection information may further protect the identity indication information, where the identity indication information is used to indicate that the identity of the target PE device is a primary egress PE device or a backup egress PE device.
- the identity indication information may include an IP address of the primary egress PE device and an IP address of the standby egress PE device.
- the IP address of the primary egress PE device and the IP address of the standby egress PE device are respectively located in different fields of the identity indication information.
- the PE 110 may determine that the identity of the PE 110 is the primary egress PE if it is determined that the IP address in the field indicating that the primary egress PE device is in the identity indication information is the IP address of the PE 110. device.
- the PE 111 may determine that the identity of the PE 111 is the standby PE device.
- PE 120 can send different identity indication information to PE 110 and PE 111, respectively. Specifically, in the case that the PE 120 determines that the PE 110 is the primary egress PE device, the PE 120 sends the identity indication information to the PE 110 to indicate that the PE 110 is the primary egress PE device. In the case that the PE 120 determines that the PE 111 is the standby PE device, the PE 120 sends the identity indication information to the PE 111 to indicate that the PE 111 is the standby PE device.
- the identity indication information may be an IP address of the egress PE device.
- the identity indication information sent to the primary egress PE device may be the IP address of the primary egress PE device
- the identity indication information sent to the standby egress PE device may be the IP address of the standby egress PE device.
- the identity indication information can also be a simple value.
- the value of the identity indication information sent to the primary egress PE device may be 1, and the value of the identity indication information sent to the standby egress PE device may be 0.
- the identity indication information may be other information that can be used to distinguish the identity of the primary egress PE device and the standby egress PE device, other than the IP address or the simple value, and is not listed here.
- the protection information may further include a primary VPN label.
- the PE 111 can establish an association relationship between the primary VPN label and the standby VPN label.
- the PE 111 may generate a VPN label switching table, where the VPN label switching table corresponds to the vNH, and the inbound label of the VPN label switching table is the primary VPN label, and the outgoing label of the VPN label switching table is the Prepare a VPN label.
- the PE 110 and/or the PE 111 may issue a VPN LSP setup message to the PE 120, where the VPN LSP setup message is used to indicate that the VPN LSP is established with the vNH as the tail endpoint.
- the ingress PE device of the VPN LSP is the PE 120, and the primary egress PE device of the VPN LSP is the PE 110, and the standby egress PE device of the VPN LSP is the VPN 111.
- the VPN LSP refers to a VPN LSP from an egress PE device to an ingress PE device.
- the VPN LSP between other nodes in the VPN LSP may be referred to as a sub-VPN LSP.
- a sub-VPN LSP, PE 111 and P 130 is established between PE 110 and P 130 in the network shown in FIG.
- a sub-VPN LSP is established between them, and a sub-VPN LSP is established between P 130 and PE 120.
- the PE 111 is used as an example.
- the PE is used by the PE 111 to be introduced into the internal gateway protocol (IGP) to spread to the carrier network where the PE 111 is located. All PE devices and P devices.
- PE 111 may first send the vNH to P 130.
- a sub-VPN LSP is established between P 130 and PE 111.
- P 130 can send the vNH to PE 120.
- a sub-VPN LSP is established between PE 120 and P 130. In this way, a VPN LSP from PE 111 to PE 120 can be formed.
- the PE 111 may send update routing information to all PE devices and P devices in the carrier network where the PE 111 is located, and the trailing endpoint used to establish the VPN LSP in the update routing information is the vNH.
- PE 111 may first send the vNH to P 130.
- a sub-VPN LSP is established between P 130 and PE 111.
- P 130 can send the vNH to PE 120.
- a sub-VPN LSP is established between PE 120 and P 130. In this way, a VPN LSP from PE 111 to PE 120 can be formed.
- the PE 110 ie, the primary egress PE device
- the PE 111 ie, the egress PE device
- the metric can be carried by the VPN LSP setup message.
- the first metric value set by the PE 111 is greater than the second metric value set by the PE 110. In this way, when both the primary egress PE device and the standby egress PE device can work normally, the data in the VPN LSP flows preferentially to the primary egress PE device.
- the ingress PE device may also determine identity information of the primary egress PE device and the egress egress PE device of the at least two PE devices, and the ingress PE device may also be the primary egress PE device and the standby egress PE device respectively. Set the corresponding metric.
- the PE 120 establishes a VPN LSP according to the received VPN LSP setup message.
- the ingress PE device of the VPN LSP is the PE 120
- the primary egress PE device of the VPN LSP is the PE 110
- the standby egress PE device of the VPN LSP is the PE 111.
- the PE 120 can send the IP packet sent by the CE 102 to the CE 101 to the CE 101 through the VPN LSP.
- the IP packet is encapsulated with a tunnel label corresponding to the vNH, and the inner label is the primary VPN label.
- the P 130 may determine that the PE 110 is the primary egress PE device according to the metric values of the PE 110 and the PE 111. P 130 sends the IP message to PE 110.
- the PE 110 may determine the outgoing to the CE 101 according to the inner label, and then send the IP packet to the CE 101.
- P 130 may first sense that PE 110 has failed. In this case, P 130 may send an IP message received from PE 120 to PE 111.
- the outer layer of the IP packet encapsulates the tunnel label corresponding to the vNH, and the inner label is the primary VPN label.
- the PE 111 can determine the vNH corresponding to the tunnel label.
- the PE 111 can determine a VPN label exchange table corresponding to the vNH.
- the PE 111 determines the standby VPN label associated with the primary VPN label according to the VPN label switching table.
- the PE 111 can determine the exit to the CE 101 according to the standby VPN label, and then send the IP packet to the CE 101.
- the PE 120 determines that the IP packet sent to the CE 101 encapsulates the tunnel label corresponding to the vNH, and the inner label is changed to the standby VPN label. After receiving the encapsulated IP packet, the P 130 may send the IP packet to the PE 111. The PE 111 can determine an exit to the CE 101 according to the standby VPN label, and then send the IP packet to the CE 101.
- the P device in the case that the primary egress PE device fails, can directly send the packet between the P device and the ingress PE device to the standby egress PE device, and the standby egress PE The device can forward the packet to the destination CE device. In this way, the packets between the P device and the ingress PE device will not be discarded.
- the time the main outlet PE device fails to T 1 P device sensing the time the main outlet PE device fails to T 2
- the ingress PE device sensing the time the main outlet PE device fails to T 3. It can be understood that the P device first senses that the primary egress PE device is faulty, and then the ingress PE device can detect that the primary egress PE device is faulty.
- T 3 is greater than T 2
- T 2 is greater than T 1 . Therefore, the VPN LSP established according to the above technical solution can change the path convergence time from T 3 -T 1 to T 2 -T 1 . In this way, the convergence speed of the path when the primary egress PE device fails can be accelerated.
- the P device and the ingress PE device can detect that the primary egress PE device is faulty.
- the specific manner is the same as that in the prior art.
- the bidirectional forwarding detection (BFD) is used.
- the MPLS operation management and maintenance (English: Operation Administration and Maintenance, OAM) technology is not available to the VPN LSP between the ingress PE device and the primary egress PE device.
- OAM Operation Administration and Maintenance
- the information between the ingress PE device and the egress PE device may use messages of various protocols, for example, a Border Gateway Protocol (BGP) message may be used, and the intermediate system is Intermediate System (Intermediate System to Intermediate System, ISIS) message.
- Border Gateway Protocol BGP
- ISIS Intermediate System to Intermediate System
- At least one IP address and protection information may be carried by extending the MP_REACH_NLRI attribute and the MP_UNREACH_NLRI attribute of BGP.
- the MP_REACH_NLRI attribute is used as an example to extend the value of the Subsequent Address Family Identifier (SAFI) in the MP_REACH_NLRI attribute, and a new one is used to indicate the BGP protection (English: BGP Protection) address.
- SAFI Subsequent Address Family Identifier
- the value of SAFI used to indicate the BGP protection address family can be assigned by The Internet Engineering Task Force (IETF).
- the network layer reachability information (English: Network Layer Reachability Information, NLRI) field in the MP_REACH_NLRI attribute can be further extended.
- Figure 3 is a schematic diagram of the NLRI field.
- the NLRI field shown in FIG. 3 includes an NLRI type (English: NLRI Type) field, a length (English: Length) field, and an NLRI Type specific (English: NLRI Type specific) field.
- the length of the NLRI type field is 2 bytes.
- the NLRI Type field is used to indicate the type of network layer reachability information.
- the NLRI type field may include type 1 and type 2.
- the length field is 2 bytes in length.
- the NLRI type specific field length is variable and is used to carry specific content. Specifically, in the case that the NLRI type field takes a value of 1, the NLRI type specific field may carry at least one IP address.
- the primary egress PE device and the standby egress PE device can send at least one IP address to the ingress PE device via an NLRI field of type 1.
- the NLRI type field has a value of 2
- the NLRI type specific field may carry protection information.
- the ingress PE device can send the protection information to the primary egress PE device and the standby egress PE device through an NLRI field of type 2.
- the MP_UNREACH_NLRI attribute may also be extended to carry the at least one IP address and the protection information. The specific extension is the same as the extended MP_REACH_NLRI attribute, and will not be described here.
- the at least one IP address and the protection information may be carried by adding a BGP attribute.
- FIG. 4 is a structural block diagram of a PE device according to an embodiment of the present invention. As shown in FIG. 4, the PE device 400 includes a receiving unit 401 and a transmitting unit 402.
- the receiving unit 401 is configured to receive protection information sent by the second PE device, where the protection information includes a virtual Next hop vNH.
- the sending unit 402 is configured to issue a virtual private network VPN label switching path LSP establishment message to the second PE device, where the VPN LSP establishment message is used to indicate that the VPN LSP is established by using the vNH as a tail end.
- the protection information further includes identity indication information and a primary VPN label, where the identity indication information is used to indicate that the identity of the PE device is a primary egress PE device or a standby egress PE device, and the primary VPN label The VPN label assigned to the primary egress PE device as a route to the destination user edge CE device.
- the PE device further includes: a processing unit 403, configured to determine, according to the identity indication information, the identity of the PE device as the standby PE device.
- the processing unit 403 is further configured to establish an association relationship between the standby VPN label and the primary VPN label, where the standby VPN label is a VPN label allocated by the PE device to a route directed to the destination CE.
- the processing unit 403 is specifically configured to generate a VPN label switching table, where the VPN label switching table corresponds to the vNH, and the ingress label of the VPN label switching table is the primary VPN label, the VPN label The outgoing label of the exchange table is the standby VPN label.
- the identity indication information includes an internet protocol IP address of the standby PE device.
- the processing unit 403 is configured to determine that the PE device is the standby PE device, if the IP address of the standby PE device is the same as the IP address of the PE device.
- the processing unit 403 is further configured to determine a first metric value, where the first metric value is greater than the second metric value, where the second metric value is determined by the primary egress PE device
- the sending unit 402 is further configured to issue the first metric value to the second PE device.
- the sending unit 402 is further configured to send, to the second PE device, at least one IP address, where the vNH is one of the at least one IP address.
- each unit of the PE device 400 For the operation and function of each unit of the PE device 400, reference may be made to the descriptions of the PE 110 and the PE 111 in the method shown in FIG. 2, and in order to avoid redundancy, details are not described herein again.
- the processing unit in the PE device 400 shown in FIG. 4 can be implemented by a processor, and the transmitting unit and the receiving unit can be implemented by a transceiver.
- FIG. 5 is a structural block diagram of another PE device according to an embodiment of the present invention.
- the PE device 500 includes a processing unit 501, a transmitting unit 502, and a receiving unit 503.
- the processing unit 501 is configured to determine a virtual next hop vNH.
- the sending unit 502 is configured to send the protection information to the first PE device, where the protection information includes the vNH, and the first PE device is a primary egress PE device or a backup egress PE device.
- the receiving unit 503 is configured to receive a virtual private network VPN label switching path LSP establishment message issued by the first PE device, where the VPN LSP establishment message is used to indicate that the VPN LSP is established by using the vNH as a tail end.
- the protection information further includes identity indication information, where the identity indication information is used to indicate that the identity of the first PE device is the primary egress PE device or the standby egress PE device.
- the protection information further includes a primary VPN label, where the primary VPN label is a VPN label allocated by the primary egress PE device to a route of the destination user edge CE device.
- the identity indication information includes an IP address of the standby PE device.
- the receiving unit 503 is further configured to receive a first IP address set sent by the primary egress PE device, where the first IP address set includes at least one IP address.
- the receiving unit 503 is further configured to receive a second IP address set sent by the standby egress PE device, where the second IP address set includes at least one IP address.
- the processing unit 501 is further configured to determine an address pool, where the address pool is an intersection of the first IP address set and the second IP address set.
- the processing unit 501 is specifically configured to determine, from the address pool, an IP address as the vNH.
- each unit of the PE device 500 For the operation and function of each unit of the PE device 500, reference may be made to the PE 120 in the method of FIG. 2 above. To avoid repetition, details are not described herein again.
- the processing unit in the PE device 500 shown in FIG. 5 can be implemented by a processor, and the transmitting unit and the receiving unit can be implemented by a transceiver.
- the embodiment of the present invention further provides a system for establishing a VPN LSP, and the system may include a PE device as shown in FIG. 4 and a PE device as shown in FIG. 5.
- FIG. 6 is a structural block diagram of a PE device according to an embodiment of the present invention.
- the PE device 600 shown in FIG. 6 includes a processor 601, a memory 602, and a transceiver 603.
- Processor 601 may be an integrated circuit chip with signal processing capabilities. In the implementation process, each step of the foregoing method may be completed by an integrated logic circuit of hardware in the processor 601 or an instruction in a form of software.
- the processor 601 may be a general-purpose processor, a digital signal processor (DSP), an application specific integrated circuit (ASIC), a Field Programmable Gate Array (FPGA), or the like. Programmable logic devices, discrete gates or transistor logic devices, discrete hardware components.
- DSP digital signal processor
- ASIC application specific integrated circuit
- FPGA Field Programmable Gate Array
- the general purpose processor may be a microprocessor or the processor or any conventional processor or the like.
- the steps of the method disclosed in the embodiments of the present invention may be directly implemented by the hardware decoding processor, or may be performed by a combination of hardware and software modules in the decoding processor.
- the software module can be located in a random access memory (RAM), a flash memory, a read-only memory (ROM), a programmable read only memory or an electrically erasable programmable memory, a register, etc.
- RAM random access memory
- ROM read-only memory
- programmable read only memory or an electrically erasable programmable memory
- register etc.
- the storage medium is located in the memory 602, and the processor 601 reads the instructions in the memory 602 and completes the steps of the above method in combination with its hardware.
- memory 602 can store instructions for performing the method performed by PE 110 in the method of FIG. 2.
- the processor 601 can execute the instructions stored in the memory 602 to complete the steps performed by the PE 110 in the method shown in FIG. 2 in combination with other hardware (for example, the transceiver 603).
- other hardware for example, the transceiver 603
- the memory 602 can store instructions for performing the method performed by the PE 111 in the method of FIG. 2.
- the processor 601 can execute the instructions stored in the memory 602 to complete the steps performed by the PE 110 in the method shown in FIG. 2 in combination with other hardware (for example, the transceiver 603).
- other hardware for example, the transceiver 603
- the memory 602 can store instructions for performing the method performed by the PE 120 in the method of FIG. 2.
- the processor 601 can execute the instructions stored in the memory 602 to complete the steps performed by the PE 120 in the method shown in FIG. 2 in combination with other hardware (for example, the transceiver 603).
- other hardware for example, the transceiver 603
- FIG. 7 is a schematic diagram of a system for establishing a VPN LSP according to an embodiment of the present invention. As shown in FIG. 7, system 700 includes PE 710 and PE 720.
- the PE 710 in the system 700 may be an ingress PE device in the VPN LSP, and the PE 720 may be a primary egress PE device in the VPN LSP. Further, system 700 can also include a backup ES PE device. System 700 can also include at least one P device.
- the PE 710 in the system 700 may be an ingress PE device in the VPN LSP, and the PE 720 may be a standby egress PE device in the VPN LSP. Further, system 700 can also include a primary egress PE device. System 700 can also include at least one P device.
- the disclosed systems, devices, and methods may be implemented in other manners.
- the device embodiments described above are merely illustrative.
- the division of the unit is only a logical function division.
- there may be another division manner for example, multiple units or components may be combined or Can be integrated into another system, or some features can be ignored or not executed.
- the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, and may be in an electrical, mechanical or other form.
- the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.
- each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.
- the functions may be stored in a computer readable storage medium if implemented in the form of a software functional unit and sold or used as a standalone product.
- the technical solution of the present invention which is essential or contributes to the prior art, or a part of the technical solution, may be embodied in the form of a software product, which is stored in a storage medium, including
- the instructions are used to cause a computer device (which may be a personal computer, server, or network device, etc.) or a processor to perform all or part of the steps of the methods described in various embodiments of the present invention.
- the foregoing storage medium includes: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk, and the like. .
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
本发明实施例提供一种建立VPN LSP的方法、相关设备和系统。该方法包括:第一PE设备接收第二PE设备发送的保护信息,其中,该保护信息包括虚拟下一跳vNH;该第一PE设备向该第二PE设备发布VPN LSP建立消息,该VPN LSP建立消息用于指示以该vNH为尾端点建立VPN LSP。上述技术方案中,该第一PE设备为该VPN LSP的出口PE设备。该第二PE设备为该VPN LSP的入口PE设备。根据上述技术方案,该出口PE设备可以根据入口PE设备发送的vNH建立该VPN LSP。这样可以避免在出口PE上进行大量的配置来建立VPN LSP。
Description
本申请要求于2016年8月31日提交中国专利局、申请号为CN 201610797343.4、发明名称为“建立虚拟专用网标签交换路径方法、相关设备和系统”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。
本发明实施例涉及信息技术领域,并且更具体地,涉及建立虚拟专用网标签交换路径方法、相关设备和系统。
虚拟专用网络(英文:Virtual Private Network,简称:VPN)是在公用网络上建立的专用网络。VPN具有私密性好、灵活性高、可扩展性强等优点。因此,越来越多的企业在公用网络上建立自己的VPN。
多协议标记交换(英文:Multiple-Protocol Label Switching,简称:MPLS)VPN是一种基于MPLS技术的VPN技术。为方便描述,以下所称的VPN均为基于MPLS技术的VPN。
MPLS VPN模型中通常包括以下三类设备:运营商边缘(英文:Provider Edge,简称:PE)设备、运营商(英文:Provider,简称:P)设备和用户边缘(英文:Customer Edge)设备。PE设备和P设备为提供VPN服务的运营商网络中的设备。CE设备为应用该VPN服务的客户网络中的设备。该客户网络中还可以包括其他设备,例如终端设备等。
数据进入VPN时通过的PE设备可以称为入口PE设备。该数据离开VPN时通过的PE设备可以称为出口PE设备。可以理解的是,入口PE设备和出口PE设备与数据的传输方向相关。若数据的传输方向相反,则入口PE设备和出口PE设备也相反。
为了避免由于出口PE设备发生故障造成数据无法发送至目的设备的情况发生,可以设置两个出口PE设备,这两个出口PE设备可以分别称为主出口PE设备和备出口PE设备。当这两个出口PE设备均可以正常工作时,从入口PE设备进入VPN的数据可以从主出口PE设备离开VPN。当主出口PE设备故障无法进行数据转发时,从入口PE设备进入VPN的数据可以切换到备出口PE设备离开VPN。
目前采用的方案是对每个出口PE设备均进行大量的人工配置。完成配置后,每个出口PE设备会发布各自的VPN路由。入口PE设备可以出口PE设备发布的VPN路由形成VPN路由保护组。在形成了VPN路由保护组后,P设备在感知到主出口PE设备发生故障后,可以将P设备与入口PE设备之间的数据发送至备出口PE上。入口PE设备在感知到主出口PE设备发生故障后,也会将发送的数据切换到备出口PE。在目前采用的技术方案中,在配置出口PE设备时就会在出口PE设备上配置出口PE设备的身份(即该PE设备是主出口PE设备还是备出口PE设备)。同时,入口PE也会配置出口PE设备的身份。但是入口PE设备配置的出口PE设备的身份可能与在出口PE设备上配置的出口PE设备的身份可能是不同的,这就导致无法形成VPN路由保护组。
发明内容
本发明实施例提供建立虚拟专用网标签交换路径方法、相关设备和系统,能够避免在出口PE上进行大量的配置来建立VPN LSP。
第一方面,本发明实施例提供一种建立VPN LSP的方法,该方法包括:第一PE设备接收第二PE设备发送的保护信息,其中,该保护信息包括虚拟下一跳vNH;该第一PE设备向该第二PE设备发布VPN LSP建立消息,该VPN LSP建立消息用于指示以该vNH为尾端点建立VPN LSP。上述技术方案中,该第一PE设备为该VPN LSP的出口PE设备。该第二PE设备为该VPN LSP的入口PE设备。根据上述技术方案,该出口PE设备可以根据入口PE设备发送的vNH建立该VPN LSP。这样可以避免在出口PE上进行大量的配置来建立VPN LSP。
结合第一方面,在第一方面的第一种可能的实现方式中,该保护信息还包括身份指示信息和主VPN标签,该身份指示信息用于指示该第一PE设备的身份为主出口PE设备或备出口PE设备,该主VPN标签为该主出口PE设备为指向目的用户边缘CE设备的路由分配的VPN标签;该方法还包括:该第一PE设备根据该身份指示信息,确定该第一PE设备的身份为该备出口PE设备;该第一PE设备建立备VPN标签与该主VPN标签的关联关系,其中该备VPN标签为该第一PE设备为指向该目的CE的路由分配的VPN标签。根据上述技术方案,该第一PE设备可以确定该第一PE设备的身份为备出口PE设备。这样,在主PE设备发生故障的情况下,可以将流量切换到该第一PE设备上,该第一PE设备可以将接收到的报文发送至该报文的目的CE设备。同时,主出口PE设备和备出口PE设备是由入口PE设备指定的,这就可以避免入口PE设备确定的主出口PE设备和备出口PE设备与在出口PE设备上配置的主出口PE设备与备出口PE设备不同的情况发生。
结合第一方面的第一种可能的实现方式,在第一方面的第二种可能的实现方式中,该第一PE设备建立备VPN标签与该主VPN标签的关联关系,包括:该第一PE设备生成VPN标签交换表,该VPN标签交换表对应于该vNH,该VPN标签交换表的入标签为该主VPN标签,该VPN标签交换表的出标签为该备VPN标签。这样,该第一PE设备可以直接通过查表的方式直接确定出与该主VPN标签关联的备VPN标签。
结合第一方面的第一种可能的实现方式或第一方面的第二种可能的实现方式,在第一方面的第三种可能的实现方式中,该身份指示信息包括该备出口PE设备的互联网协议IP地址;该第一PE设备根据该身份指示信息,确定该第一PE设备为该备出口PE设备,包括:该第一PE设备在确定该备出口PE设备的IP地址与该第一PE设备的IP地址相同的情况下,确定该第一PE设备为该备出口PE设备。这样,该第一PE设备可以直接通过该第一PE设备的IP地址确定该第一PE设备是否为该备出口PE设备,无需再为该第一PE设备分配其他的标识。
结合第一方面的第一种可能的实现方式至第一方面的第三种可能的实现方式中的任一种可能的实现方式,在第一方面的第四种可能的实现方式中,在该第一PE设备向该第二PE设备发送VPN LSP建立消息之前,该方法还包括:该第一PE设备确定第一度量值,其中该第一度量值大于第二度量值,该第二度量值为该主出口PE设备确定的;该第一PE设备向该第二PE设备发布该第一度量值。这样,在该主出口PE设备未发生故障的情况下,该第一PE设备所在的运营商网络中的设备在确定接收到的报文的下一跳PE设备时,可以直接根据度量值确定将接收到的报文发送至该主出口PE设备。
结合第一方面或第一方面的上述任一种可能的实现方式中,在第一方面的第五种可能
的实现方式中,在第一PE设备接收第二PE设备发送的保护信息之前,该方法还包括:该第一PE设备向该第二PE设备发送至少一个IP地址,该vNH为该至少一个IP地址中的一个IP地址。上述技术方案中,该vNH是预设在该第一PE设备中的一个IP地址。同时无需在该第二PE设备中设置可能作为vNH的IP地址。这样,可以简化该第二PE设备中的设置。
结合第一方面,在第一方面的第六种可能的实现方式中,该保护信息还可以包括身份指示信息,该身份指示信息用于指示该第一PE设备的身份为主出口PE设备,该方法还可以包括:该第一PE设备可以根据该身份指示信息确定该第一PE设备为主出口PE设备。这样,该第一PE设备可以作为该VPN LSP的主出口PE设备,将接收到的报文转发至该报文的目的CE设备。
结合第一方面的第六种可能的实现方式,在第一方面的第七种可能的实现方式中,该身份指示信息可以包括该主出口PE设备的IP地址,该第一PE设备可以在确定该第一PE设备的IP地址与该主出口PE设备的IP地址相同的情况下,确定该第一PE设备的身份为该主出口PE设备,无需再为该PE设备分配其他的标识。
结合第一方面的第一种可能的实现方式,在第一方面的第八种可能的实现方式中,该身份指示信息可以包括第一标识,该第一标识用于指示接收到该身份指示信息的PE设备为该备出口PE设备。上述技术方案中的携带该第一标识的字段长度可以短于用于携带IP地址的字段长度。这样,可以缩短该身份指示信息的字段的长度。
结合第一方面的第六种可能的实现方式,在第一方面的第九种可能的实现方式中,该身份指示信息可以包括第二标识,该第二标识用于指示接收到该身份指示信息的PE设备为该主出口PE设备。上述技术方案中的携带该第二标识的字段长度可以短于用于携带IP地址的字段长度。这样,可以缩短该身份指示信息的字段的长度。
结合第一方面或第一方面的上述任一种可能的实现方式,在第一方面的第十种可能的实现方式中,该保护信息由第一边际网关协议BGP消息携带。
结合第一方面的第五种可能的实现方式,在第一方面的第十一种可能的实现方式中,该至少一个IP地址由第二BGP消息携带。
第二方面,本发明实施例提供一种建立VPN LSP的方法,该方法包括:第二运营商边缘PE设备确定虚拟下一跳vNH;该第二PE设备向第一PE设备发送保护信息,该保护信息包括该vNH,该第一PE设备为主出口PE设备或备出口PE设备;该第二PE设备接收该第一PE设备发布的VPN LSP建立消息,该VPN LSP建立消息用于指示以该vNH为尾端点建立VPN LSP。上述技术方案中,该第二PE设备为该VPN LSP的入口PE设备。根据上述技术方案,该第二PE设备可以指定一个vNH作为建立的VPN LSP的尾端点并发送给待建立的VPN LSP的主出口PE设备和备出口PE设备。这样,可以避免在主出口PE设备和备出口PE设备上进行大量配置才能保证两个PE设备建立的VPN LSP时使用的vNH是一致的。
结合第二方面,在第二方面的第一种可能的实现方式中,该保护信息还包括身份指示信息,该身份指示信息用于指示该第一PE设备的身份为该主出口PE设备或该备出口PE设备。这样,可以直接由该第一PE设备指定出该VPN LSP的主出口PE设备和备出口PE设备,这就可以避免入口PE设备确定的主出口PE设备和备出口PE设备与在出口PE设备上配置的主出口PE设备与备出口PE设备不同的情况发生。
结合第二方面的第一种可能的实现方式,在第二方面的第二种可能的实现方式中,该保护信息还包括主VPN标签,该主VPN标签为该主出口PE设备为指向目的用户边缘CE的路由分配的VPN标签。这样,该备出口PE设备可以根据该主VPN标签生成主VPN标签与备VPN标签的关联关系,从而可以形成VPN LSP保护路径。
结合第二方面的第一种可能的实现方式或第二种可能的实现方式,在第二方面的第三种可能的实现方式中,该身份指示信息包括该备出口PE设备的IP地址。这样,该第二PE设备可以直接通过该第一PE设备的IP地址指示该第一PE设备是否为该备出口PE设备,无需再为该第一PE设备分配其他的标识。
结合第二方面或第二方面的上述任一种可能的实现方式,在第二方面的第四种可能的实现方式中,在该第二PE设备确定vNH之前,该方法还包括:该第二PE设备接收该主出口PE设备发送的第一IP地址集合,该第一IP地址集合包括至少一个IP地址;该第二PE设备接收该备出口PE设备发送的第二IP地址集合,该第二IP地址集合包括至少一个IP地址;该第二PE设备确定地址池,该地址池为该第一IP地址集合与该第二IP地址集合的交集;该第二PE设备确定vNH,包括:该第二PE设备从该地址池中确定一个IP地址为该vNH。上述技术方案中,该vNH是预设在该第一PE设备中的一个IP地址。同时无需在该第二PE设备中设置可能作为vNH的IP地址。这样,可以简化该第二PE设备中的设置。
结合第二方面的第一种可能的实现方式或第二种可能的实现方式,在第二方面的第五种可能的实现方式中,该身份指示信息包括该主出口PE设备的IP地址。这样,该第二PE设备可以直接通过该第一PE设备的IP地址指示该第一PE设备是否为该主出口PE设备,无需再为该第一PE设备分配其他的标识。
结合第二方面的第一种可能的实现方式或第二种可能的实现方式,在第二方面的第六种可能的实现方式中,该身份指示信息包括用于指示接收到该身份指示信息的PE设备为该备出口PE设备的第一标识。上述技术方案中的携带该第一标识的字段长度可以短于用于携带IP地址的字段长度。这样,可以缩短该身份指示信息的字段的长度。
结合第二方面的第一种可能的实现方式或第二种可能的实现方式,在第二方面的第七种可能的实现方式中,该身份指示信息包括用于指示接收到该身份指示信息的PE设备为该主出口PE设备的第二标识。上述技术方案中的携带该第一标识的字段长度可以短于用于携带IP地址的字段长度。这样,可以缩短该身份指示信息的字段的长度。
结合第二方面或第二方面的上述任一种可能的实现方式,在第一方面的第八种可能的实现方式中,该保护信息由第一边际网关协议BGP消息携带。
结合第二方面的第四种可能的实现方式,在第一方面的第九种可能的实现方式中,该至少一个IP地址由第二BGP消息携带。
第三方面,本发明实施例还提供一种PE设备,该PE设备包括执行第一方面所示方法的各个步骤的单元。
第四方面,本发明实施例还提供一种PE设备,该PE设备包括执行第二方面所示方法的各个步骤的单元。
第五方面,本发明实施例还提供一种建立VPN LSP的系统,该系统包括第三方面的PE设备和第四方面的PE设备。
为了更清楚地说明本发明实施例的技术方案,下面将对本发明实施例中所需要使用的附图作简单地介绍,显而易见地,下面所描述的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。
图1是一个网络模型的示意图。
图2是根据本发明提供的建立VPN LSP的方法的示意性流程图。
图3是NLRI字段的示意图。
图4是根据本发明实施例提供的PE设备的结构框图。
图5是根据本发明实施例提供的PE设备的结构框图。
图6是根据本发明实施例提供的PE设备的结构框图。
图7是根据本发明实施例提供的建立VPN LSP的系统的示意图。
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所述的实施例是本发明的一部分实施例,而不是全部实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动的前提下所获得的所有其他实施例,都应属于本发明保护的范围。
为了便于更好地理解本发明技术方案,下面将对本发明技术方案涉及相关技术进行介绍。
MPLS VPN使用标签(英文:Label)进行转发。标签可以分为内层标签(也可以称为底部标签或私网标签)和外层标签(也可以称为顶部标签或公网标签)。外层标签用于在PE设备之间形成数据传输的隧道,内层标签用于PE设备对不同VPN用户数据的区分。
入口PE设备和出口PE设备之间会形成标签交换路径(英文:Label Switched Path,简称:LSP,也可以称为:隧道)。MPLS VPN可以支持不同的协议,例如,边界网关协议(英文:Border Gateway Protocol,简称:BGP),标签分发协议(英文:Label Distribution Protocol,简称:LDP)等。因此,根据支持的协议的不同,LSP也可以称为BGP LSP,LDP LSP等。本发明实施例中所称的VPN LSP是上述LSP的统称。也就是说,VPN LSP可以是BGP LSP,LDP LSP等中的任一种LSP。
VPN LSP是与外层标签对应的。当数据通过入口PE设备进入VPN后,入口PE设备会为该数据分配对应的外层标签和内层标签,并使用与该外层标签对应的VPN LSP将该数据发送至出口PE设备。该VPN LSP沿途上的P设备只对外层标签进行处理,P设备并不理会内层标签。内层标签只由PE设备进行处理。PE设备根据内层标签对数据进行进一步处理。具体地,出口PE设备在通过VPN LSP接收到数据包后,可以确定该数据包中的内层标签是否是为该出口PE设备分配的内层标签。若是,则将该报文转发至相应的CE设备。除非特殊说明,本发明中所称的标签或VPN标签均是指内层标签。
图1是一个网络示意图。如图1所示的网络100中包括CE 101、CE 102、PE 110、PE111、PE 120和P 130。可以理解的是,网络100可以是运营商网络中的一部分,该运营商网络还可以包括其他的P设备和PE设备。
下面将结合图1所示的网络100对本发明进行详细描述。
图2是根据本发明提供的建立VPN LSP的方法的示意性流程图。
201,PE 120确定虚拟下一跳(英文:virtual Next Hoop,简称:vNH)。
可选的,在一些实例中,PE 120可以接收该PE 110发送的PE 110的互联网协议(英文:Internet Protocol,简称:IP)地址以及第一IP地址集合,其中该第一IP地址集合包括至少一个IP地址。PE 120还可以接收PE 111发送的PE 111的IP地址和第二IP地址集合,其中该第二IP地址集合包括至少一个IP地址。该第一IP地址集合和该第二IP地址集合中包括的IP地址不属于运营商网络中任一个网络设备的IP地址。该第一IP地址集合是预先配置在PE 110上的。该第二IP地址集合是预先配置在PE 111上的。PE 120可以确定地址池,该地址池为该第一IP地址集合和该第二IP地址集合的交集,该地址池包括至少一个IP地址。也就是说,该运营商网络中所有网络设备的IP地址组成的IP地址集合与该地址池的交集为空集。PE 120可以从该地址池中确定一个IP地址作为该vNH。该vNH是用于建立VPN LSP的IP地址或IP地址前缀。
可选的,在一些实施例中,可以直接在PE 120上配置一个地址池,该地址池包括至少一个IP地址。该运营商网络中所有网络设备的IP地址组成的IP地址集合与该地址池的交集为空集。在此情况下,PE 110可以将PE 110的IP地址发送至PE 120,PE 111可以将PE111的IP地址发送至PE 120。PE 120可以从该地址池中确定一个IP地址作为该vNH。
可选的,在一些实施例中,PE 110和PE 111的IP地址以及该地址池均可以直接配置在PE 120中。这样,PE 120可以直接获取预先配置的PE 110和PE 111的IP及该地址池。
202,PE 120可以从PE 110和PE 111中确定主出口PE设备和备出口PE设备。
假设PE 120确定PE 110为主出口PE设备,确定PE 111为备出口PE设备。
该PE 120可以根据预先规则确定PE 110为主出口PE设备,确定PE 111为备出口PE设备。
可选的,在一些实施例中,PE 120可以通过使能VPN快速重路由(英文:Fast ReRoute,简称:FRR)来确定该主出口PE设备和该备出口PE设备。VPN FRR可以通过匹配策略选择出主出口PE设备和备出口PE设备。此外,VPN FRR还可以将主出口PE设备的路由信息和备出口PE设备的路由信息填写在转发项中。具体地,该主出口PE设备的路由信息包括主出口PE设备的IP地址、主出口PE设备为指向目的CE的路由分配的VPN标签(以下简称:主VPN标签)等信息。该备出口PE设备的路由信息包括备出口PE设备的IP地址、备出口PE设备设备为指向目的CE的路由分配的VPN标签(以下简称:备VPN标签)等。此外,该转发项中还可以包括VPN前缀、目的IP地址、协议类型等信息。可以理解的是,该主出口PE设备的路由信息可以是在该主出口PE设备加入该VPN时确定并由该主出口PE设备发布的,该备出口PE设备的路由信息可以是在该备出口PE设备加入该VPN时确定并由该备出口PE设备发布的。此外,该主出口PE设备和该备出口PE设备在发布各自的路由信息时,还可以同时发布该VPN前缀。
可选的,在一些实施例中,PE 120可以直接确定该主出口PE设备和该备出口PE设备。例如,可以直接在PE 120中配置该主出口PE设备和该备出口PE设备IP地址和/或VPN标签。如果PE 120获取到该主出口PE设备的IP地址或主VPN标签,则确定发送该IP地址或VPN标签的PE设备为该主出口PE设备。如果PE 120获取到该备出口PE设备的IP地址或备VPN标签,则确定发送该IP地址或VPN标签的PE设备为该备出口PE设备。类似的,该主出口PE设备和该备出口PE设备可以通过发布路由信息的形式将各自的
IP地址和VPN标签发送至PE 120。此外,该主出口PE设备和该备出口PE设备在发布各自的路由信息时,还可以同时发布该VPN前缀。PE 120在获取到该主出口PE设备和该备出口PE设备的路由信息以及VPN前缀后,可以将相应的内容填写在转发项中。
203,PE 120向目标PE设备发送保护信息,该保护信息可以包括vNH。该目标PE设备可以是该主出口PE设备和/或该备出口PE设备。
可选的,在一些实施例中,PE 120可以向PE 110发送该保护信息。PE 110在接收到该保护信息后,可以向PE 120发布VPN LSP建立消息,该VPN LSP建立消息用于指示以该vNH为尾端点建立VPN LSP。
可选的,在一些实施例中,PE 120可以向PE 111发送该保护信息,PE 111在接收到该保护信息后,可以向PE 120发布VPN LSP建立消息,该VPN LSP建立消息用于指示以该vNH为尾端点建立VPN LSP。
可选的,在一些实施例中,该保护信息还可以保护身份指示信息,该身份指示信息用于指示该目标PE设备的身份为主出口PE设备或备出口PE设备
可选的,在一些实施例中,该身份指示信息可以包括该主出口PE设备的IP地址和该备出口PE设备的IP地址。该主出口PE设备的IP地址和备出口PE设备的IP地址分别位于该身份指示信息的不同字段。在此情况下,PE 110在确定到指示该身份指示信息中用于指示主出口PE设备的字段中的IP地址为PE 110的IP地址的情况下,可以确定PE 110的身份为该主出口PE设备。PE 111在确定该身份指示信息中用于指示该备出口PE设备的字段中的IP地址为PE 111的IP地址的情况下,可以确定PE 111的身份为该备出口PE设备。
在一些实施例中,PE 120可以分别向PE 110和PE 111发送不同的身份指示信息。具体地,在PE 120确定PE 110为该主出口PE设备的情况下,PE 120向PE 110发送身份指示信息可以用于指示PE 110为该主出口PE设备。在PE 120确定PE 111为该备出口PE设备的情况下,PE 120向PE 111发送身份指示信息可以用于指示PE 111为该备出口PE设备。该身份指示信息可以是出口PE设备的IP地址。例如,向主出口PE设备发送的身份指示信息可以为该主出口PE设备的IP地址,向备出口PE设备发送的身份指示信息可以为该备出口PE设备的IP地址。该身份指示信息也可以是一个简单的数值。例如,向主出口PE设备发送的身份指示信息的值可以是1,向备出口PE设备发送的身份指示信息的值可以为0。当然,该身份指示信息除了IP地址或简单的数值外,可以是其他的可以用于分辨主出口PE设备和备出口PE设备身份的信息,在此就不列举。
可选的,在一些实施例中,该保护信息中还可以包括主VPN标签。PE 111在接收到该保护信息后,可以建立主VPN标签和备VPN标签的关联(英文:correlation)关系。在一些实施例中,该PE 111可以生成VPN标签交换表,该VPN标签交换表对应于该vNH,该VPN标签交换表的入标签为该主VPN标签,该VPN标签交换表的出标签为该备VPN标签。
204,PE 110和/或PE 111可以向PE 120发布VPN LSP建立消息,该VPN LSP建立消息用于指示以该vNH为尾端点建立VPN LSP。
该VPN LSP的入口PE设备为PE 120,该VPN LSP的主出口PE设备为PE 110,该VPN LSP的备出口PE设备为VPN 111。可以理解的是,该VPN LSP是指从出口PE设备到入口PE设备的VPN LSP。在该VPN LSP中的其他节点之间的VPN LSP可以称为子VPN LSP。例如,在图1所示的网络中PE 110和P 130之间建立子VPN LSP,PE 111和P 130
之间建立子VPN LSP,P 130和PE 120之间建立子VPN LSP。
以PE 111为例,可选的,在一些实施例中,以PE 111可以将该vNH引入内部网关协议(英文:Internal Gateway Protocol,简称:IGP),以扩散至PE 111所在运营商网络中的所有PE设备和P设备。以网络100为例,PE 111可以先将该vNH发送至P 130。P 130和PE 111之间建立子VPN LSP。P 130可以将该vNH发送至PE 120。PE 120和P 130之间建立子VPN LSP。这样,就可以形成从PE 111到PE 120的VPN LSP。
可选的,在一些实施例中,PE 111可以向PE 111所在运营商网络中的所有PE设备和P设备发送更新路由信息,该更新路由信息中用于建立VPN LSP的尾端点为该vNH。以网络100为例,PE 111可以先将该vNH发送至P 130。P 130和PE 111之间建立子VPN LSP。P 130可以将该vNH发送至PE 120。PE 120和P 130之间建立子VPN LSP。这样,就可以形成从PE 111到PE 120的VPN LSP。
可选的,在一些实施例中,PE 110(即主出口PE设备)和PE 111(即备出口PE设备)还可以分别确定度量值(英文:metric)并向PE 120发布确定的度量值。该度量值可以由该VPN LSP建立消息携带。PE 111设置的第一度量值大于PE 110设置的第二度量值。这样,当该主出口PE设备和该备出口PE设备均可以正常工作的情况下,该VPN LSP中的数据会优先流向该主出口PE设备。当然,由于该入口PE设备也确定该至少两个PE设备中的主出口PE设备和备出口PE设备的身份信息,因此该入口PE设备也可以分别为该主出口PE设备和该备出口PE设备设置对应的度量值。
205,PE 120根据接收到的VPN LSP建立消息建立VPN LSP。该VPN LSP的入口PE设备为PE 120,该VPN LSP的主出口PE设备为PE 110,该VPN LSP的备出口PE设备为PE 111。
在完成VPN LSP建立后,PE 120可以将CE 102向CE 101发送的IP报文通过该VPN LSP发送至CE 101。
具体地,在PE 101正常工作的情况下,该IP报文外层封装着该vNH对应的隧道标签,内层标签是该主VPN标签。P 130在接收到该IP报文后,可以根据PE 110和PE 111的度量值,确定PE 110为主出口PE设备。P 130将该IP报文发送至PE 110。PE 110在接收到该IP保温后,可以根据内层标签确定出去往CE 101的出口,然后可以将该IP报文发送至CE 101。在PE 110发生故障后,P 130可以首先感知到PE 110发生故障。在此情况下,P 130可以将从PE 120接收到的IP报文发送至PE 111。此时,该IP报文外层封装着vNH对应的隧道标签,内层标签是主VPN标签。PE 111在接收到该IP报文后,可以确定出与该隧道标签对应的vNH。在确定出vNH后,PE 111可以确定出与该vNH对应的VPN标签交换表。PE 111根据该VPN标签交换表确定出与该主VPN标签关联的备VPN标签。在确定了该备VPN标签后,PE 111可以根据该备VPN标签确定去往CE 101的出口,然后可以将该IP报文发送至CE 101。在PE 120感知到PE 110发生故障的情况下,PE 120确定发往CE 101的IP报文外层封装该vNH对应的隧道标签,内层标签更改为该备VPN标签。P 130在接收到封装好的IP报文后,可以将该IP报文发送至PE 111。PE 111可以根据该备VPN标签确定去往CE 101的出口,然后将该IP报文发送至CE 101。
综上所述,根据本发明技术方案,在主出口PE设备发生故障的情况下,P设备可以将该P设备与入口PE设备之间的报文直接发送至备出口PE设备,该备出口PE设备可以将该报文转发至目的CE设备。这样,P设备与入口PE设备之间的报文将不会被丢弃。此外,
假设主出口PE设备发生故障的时刻为T1,P设备感知到该主出口PE设备发生故障的时刻为T2,入口PE设备感知到该主出口PE设备发生故障的时刻为T3。可以理解的是,P设备会首先感知到主出口PE设备发生故障,然后入口PE设备才可以感知到主出口PE设备发生故障。因此,T3大于T2,,T2大于T1。因此,根据上述技术方案建立的VPN LSP可以将路径收敛的时间从T3-T1变为T2-T1。这样,可以加快在主出口PE设备发生故障时路径的收敛速度。
本领域技术人员可以理解,该P设备、该入口PE设备可以感知到该主出口PE设备发生故障的具体方式与现有技术相同,例如可以通过双向转发检测(英文:Bidirectional Forwarding Detection,简称:BFD)、MPLS操作管理维护(英文:Operation Administration and Maintenance,简称:OAM)等技术感知入口PE设备与主出口PE设备之间的VPN LSP不可用。此外,可以理解的是,本发明中所称的主出口PE设备发生故障,是指入口PE设备与主出口PE设备之间的VPN LSP不可用。
图2所示的方法中,入口PE设备与出口PE设备之间的信息可以使用各种协议的消息,例如,可以使用边界网关协议(英文:Border Gateway Protocol,简称:BGP)消息,中间系统到中间系统(英文:Intermediate System to Intermediate System,简称:ISIS)消息等。下面以BGP消息为例进行描述。
例如,在一些实施例中,可以通过扩展BGP的MP_REACH_NLRI属性和MP_UNREACH_NLRI属性来携带至少一个IP地址和保护信息。具体地,以MP_REACH_NLRI属性为例,可以扩展MP_REACH_NLRI属性中的子地址族标识(英文:Subsequent Address Family Identifier,简称:SAFI)的取值,新增一个用于表示BGP保护(英文:BGP Protection)地址族的标识。用于表示BGP保护地址族的SAFI的取值可以由国际互联网工程任务组(The Internet Engineering Task Force,简称:IETF)分配。进一步,还可以继续扩展MP_REACH_NLRI属性中的网络层可达信息(英文:Network Layer Reachability Information,简称:NLRI)字段。图3是NLRI字段的示意图。如图3所示的NLRI字段包括NLRI类型(英文:NLRI Type)字段,长度(英文:Length)字段和NLRI类型特定(英文:NLRI Type specific)字段。NLRI类型字段的长度为2字节。NLRI类型字段用于指示该网络层可达信息的类型。NLRI类型字段可以包括类型1和类型2。长度字段的长度为2字节。NLRI类型特定字段长度是可变的,用于携带特定的内容。具体地,在NLRI类型字段取值为1的情况下,NLRI类型特定字段可以携带至少一个IP地址。换句话说,该主出口PE设备和该备出口PE设备可以通过类型为1的NLRI字段将至少一个IP地址发送至该入口PE设备。在NLRI类型字段取值为2的情况下,NLRI类型特定字段可以携带保护信息。换句话说,该入口PE设备可以通过类型为2的NLRI字段将该保护信息发送至该主出口PE设备和该备出口PE设备。类似的,也可以扩展MP_UNREACH_NLRI属性来携带该至少一个IP地址和该保护信息。具体扩展方式与扩展MP_REACH_NLRI属性相同,在此就不再赘述。
此外,除了通过扩展MP_REACH_NLRI属性和MP_UNREACH_NLRI属性外,还可以通过新增BGP属性来携带该至少一个IP地址和该保护信息。
图4是根据本发明实施例提供的一种PE设备的结构框图。如图4所示,PE设备400包括接收单元401和发送单元402。
接收单元401,用于接收第二PE设备发送的保护信息,其中,该保护信息包括虚拟
下一跳vNH。
发送单元402,用于向该第二PE设备发布虚拟专用网VPN标签交换路径LSP建立消息,该VPN LSP建立消息用于指示以该vNH为尾端点建立VPN LSP。
可选的,在一些实施例中,该保护信息还包括身份指示信息和主VPN标签,该身份指示信息用于指示该PE设备的身份为主出口PE设备或备出口PE设备,该主VPN标签为该主出口PE设备为指向目的用户边缘CE设备的路由分配的VPN标签。该PE设备,还包括:处理单元403,用于根据该身份指示信息,确定该PE设备的身份为该备出口PE设备。处理单元403,还用于建立备VPN标签与该主VPN标签的关联关系,其中该备VPN标签为该PE设备为指向该目的CE的路由分配的VPN标签。
可选的,在一些实施例中,处理单元403,具体用于生成VPN标签交换表,该VPN标签交换表对应于该vNH,该VPN标签交换表的入标签为该主VPN标签,该VPN标签交换表的出标签为该备VPN标签。
可选的,在一些实施例中,该身份指示信息包括该备出口PE设备的互联网协议IP地址。处理单元403,具体用于在确定该备出口PE设备的IP地址与该PE设备的IP地址相同的情况下,确定该PE设备为该备出口PE设备。
可选的,在一些实施例中,处理单元403,还用于确定第一度量值,其中该第一度量值大于第二度量值,该第二度量值为该主出口PE设备确定的;发送单元402,还用于向该第二PE设备发布该第一度量值。
可选的,在一些实施例中,发送单元402,还用于向该第二PE设备发送至少一个IP地址,该vNH为该至少一个IP地址中的一个IP地址。
PE设备400的各个单元的操作和功能可以参考图2所示方法中PE 110和PE 111的描述,为了避免重复,在此就不再赘述。图4所示的PE设备400中的处理单元可以由处理器实现,发送单元和接收单元可以由收发器实现。
图5是根据本发明实施例提供的另一PE设备的结构框图。如图5所示,PE设备500包括处理单元501、发送单元502和接收单元503。
处理单元501,用于确定虚拟下一跳vNH。
发送单元502,用于向第一PE设备发送保护信息,该保护信息包括该vNH,该第一PE设备为主出口PE设备或备出口PE设备。
接收单元503,用于接收该第一PE设备发布的虚拟专用网VPN标签交换路径LSP建立消息,该VPN LSP建立消息用于指示以该vNH为尾端点建立VPN LSP。
可选的,在一些实施例中,该保护信息还包括身份指示信息,该身份指示信息用于指示该第一PE设备的身份为该主出口PE设备或该备出口PE设备。
可选的,在一些实施例中,该保护信息还包括主VPN标签,该主VPN标签为该主出口PE设备为指向目的用户边缘CE设备的路由分配的VPN标签。
可选的,在一些实施例中,该身份指示信息包括该备出口PE设备的IP地址。
可选的,在一些实施例中,接收单元503,还用于接收该主出口PE设备发送的第一IP地址集合,该第一IP地址集合包括至少一个IP地址。接收单元503,还用于接收该备出口PE设备发送的第二IP地址集合,该第二IP地址集合包括至少一个IP地址。处理单元501,还用于确定地址池,该地址池为该第一IP地址集合与该第二IP地址集合的交集。处理单元501,具体用于从该地址池中确定一个IP地址为该vNH。
PE设备500的各个单元的操作和功能可以参考上述图2的方法中的PE 120,为了避免重复,在此不再赘述。图5所示的PE设备500中的处理单元可以由处理器实现,发送单元和接收单元可以由收发器实现。
本发明实施例还提供一种建立VPN LSP的系统,该系统可以包括如图4所示的PE设备和如图5所示的PE设备。
图6是根据本发明实施例提供的PE设备的结构框图。如图6所示的PE设备600包括处理器601、存储器602和收发器603。
上述本发明实施例揭示的方法可以应用于处理器601中,或者由处理器601实现。处理器601可能是一种集成电路芯片,具有信号的处理能力。在实现过程中,上述方法的各步骤可以通过处理器601中的硬件的集成逻辑电路或者软件形式的指令完成。上述的处理器601可以是通用处理器、数字信号处理器(Digital Signal Processor,DSP)、专用集成电路(Application Specific Integrated Circuit,ASIC)、现成可编程门阵列(Field Programmable Gate Array,FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件。可以实现或者执行本发明实施例中的公开的各方法、步骤及逻辑框图。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。结合本发明实施例所公开的方法的步骤可以直接体现为硬件译码处理器执行完成,或者用译码处理器中的硬件及软件模块组合执行完成。软件模块可以位于随机存取存储器(Random Access Memory,RAM)、闪存、只读存储器(Read-Only Memory,ROM)、可编程只读存储器或者电可擦写可编程存储器、寄存器等本领域成熟的存储介质中。该存储介质位于存储器602,处理器601读取存储器602中的指令,结合其硬件完成上述方法的步骤。
可选的,在一些实施例中,存储器602可以存储用于执行如图2所示方法中PE 110执行的方法的指令。处理器601可以执行存储器602中存储的指令结合其他硬件(例如收发器603)完成如图2所示方法中PE 110执行的步骤,具体工作过程和有益效果可以参见图2所示实施例中PE 110的描述。
可选的,在另一些实施例中,存储器602可以存储用于执行如图2所示方法中PE 111执行的方法的指令。处理器601可以执行存储器602中存储的指令结合其他硬件(例如收发器603)完成如图2所示方法中PE 110执行的步骤,具体工作过程和有益效果可以参见图2所示实施例中PE 110的描述。
可选的,在另一些实施例中,存储器602可以存储用于执行如图2所示方法中PE 120执行的方法的指令。处理器601可以执行存储器602中存储的指令结合其他硬件(例如收发器603)完成如图2所示方法中PE 120执行的步骤,具体工作过程和有益效果可以参见图2所示实施例中PE 120的描述。
图7是根据本发明实施例提供的建立VPN LSP的系统的示意图。如图7所示,系统700中包括PE 710和PE 720。
可选的,在一些实施例中,系统700中的PE 710可以是VPN LSP中的入口PE设备,PE 720可以是该VPN LSP中的主出口PE设备。进一步,系统700还可以包括备出口PE设备。系统700还可以包括至少一个P设备。
可选的,在一些实施例中,系统700中的PE 710可以是VPN LSP中的入口PE设备,PE 720可以是该VPN LSP中的备出口PE设备。进一步,系统700还可以包括主出口PE设备。系统700还可以包括至少一个P设备。
系统700中各个设备的具体工作过程和结构可以参见图2、图4、图5和图6所示实施例中相应设备的描述,在此就不必赘述。
本领域普通技术人员可以意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,能够以电子硬件、或者计算机软件和电子硬件的结合来实现。这些功能究竟以硬件还是软件方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本发明的范围。
所属领域的技术人员可以清楚地了解到,为描述的方便和简洁,上述描述的系统、装置和单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。
在本申请所提供的几个实施例中,应该理解到,所揭露的系统、装置和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。
所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。
另外,在本发明各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。
所述功能如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)或处理器(processor)执行本发明各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质。
以上所述,仅为本发明的具体实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的技术范围内,可轻易想到的变化或替换,都应涵盖在本发明的保护范围之内,因此本发明的保护范围应以权利要求的保护范围为准。
Claims (23)
- 一种建立虚拟专用网VPN标签交换路径LSP的方法,其特征在于,所述方法包括:第一运营商边缘PE设备接收第二PE设备发送的保护信息,其中,所述保护信息包括虚拟下一跳vNH;所述第一PE设备向所述第二PE设备发布VPN LSP建立消息,所述VPN LSP建立消息用于指示以所述vNH为尾端点建立VPN LSP。
- 如权利要求1所述的方法,其特征在于,所述保护信息还包括身份指示信息和主VPN标签,所述身份指示信息用于指示所述第一PE设备的身份为主出口PE设备或备出口PE设备,所述主VPN标签为所述主出口PE设备为指向目的用户边缘CE设备的路由分配的VPN标签;所述方法还包括:所述第一PE设备根据所述身份指示信息,确定所述第一PE设备的身份为所述备出口PE设备;所述第一PE设备建立备VPN标签与所述主VPN标签的关联关系,其中所述备VPN标签为所述第一PE设备为指向所述目的CE的路由分配的VPN标签。
- 如权利要求2所述的方法,其特征在于,所述第一PE设备建立备VPN标签与所述主VPN标签的关联关系,包括:所述第一PE设备生成VPN标签交换表,所述VPN标签交换表对应于所述vNH,所述VPN标签交换表的入标签为所述主VPN标签,所述VPN标签交换表的出标签为所述备VPN标签。
- 如权利要求2或3所述的方法,其特征在于,所述身份指示信息包括所述备出口PE设备的互联网协议IP地址;所述第一PE设备根据所述身份指示信息,确定所述第一PE设备为所述备出口PE设备,包括:所述第一PE设备在确定所述备出口PE设备的IP地址与所述第一PE设备的IP地址相同的情况下,确定所述第一PE设备为所述备出口PE设备。
- 如权利要求2至4中任一项所述的方法,其特征在于,在所述第一PE设备向所述第二PE设备发送VPN LSP建立消息之前,所述方法还包括:所述第一PE设备确定第一度量值,其中所述第一度量值大于第二度量值,所述第二度量值为所述主出口PE设备确定的;所述第一PE设备向所述第二PE设备发布所述第一度量值。
- 如权利要求1至5中任一项所述的方法,其特征在于,在第一PE设备接收第二PE设备发送的保护信息之前,所述方法还包括:所述第一PE设备向所述第二PE设备发送至少一个IP地址,所述vNH为所述至少一个IP地址中的一个IP地址。
- 一种建立虚拟专用网VPN标签交换路径LSP的方法,其特征在于,所述方法包括:第二运营商边缘PE设备确定虚拟下一跳vNH;所述第二PE设备向第一PE设备发送保护信息,所述保护信息包括所述vNH,所述第一PE设备为主出口PE设备或备出口PE设备;所述第二PE设备接收所述第一PE设备发布的VPN LSP建立消息,所述VPN LSP建立消息用于指示以所述vNH为尾端点建立VPN LSP。
- 如权利要求7所述的方法,其特征在于,所述保护信息还包括身份指示信息,所述身份指示信息用于指示所述第一PE设备的身份为所述主出口PE设备或所述备出口PE设备。
- 如权利要求8所述的方法,其特征在于,所述保护信息还包括主VPN标签,所述主VPN标签为所述主出口PE设备为指向目的用户边缘CE设备的路由分配的VPN标签。
- 如权利要求8或9所述的方法,其特征在于,所述身份指示信息包括所述备出口PE设备的IP地址。
- 如权利要求7至10中任一项所述的方法,其特征在于,在所述第二PE设备确定vNH之前,所述方法还包括:所述第二PE设备接收所述主出口PE设备发送的第一IP地址集合,所述第一IP地址集合包括至少一个IP地址;所述第二PE设备接收所述备出口PE设备发送的第二IP地址集合,所述第二IP地址集合包括至少一个IP地址;所述第二PE设备确定地址池,所述地址池为所述第一IP地址集合与所述第二IP地址集合的交集;所述第二PE设备确定vNH,包括:所述第二PE设备从所述地址池中确定一个IP地址为所述vNH。
- 一种运营商边缘PE设备,其特征在于,所述PE设备包括:接收单元,用于接收第二PE设备发送的保护信息,其中,所述保护信息包括虚拟下一跳vNH;发送单元,用于向所述第二PE设备发布虚拟专用网VPN标签交换路径LSP建立消息,所述VPN LSP建立消息用于指示以所述vNH为尾端点建立VPN LSP。
- 如权利要求12所述的PE设备,其特征在于,所述保护信息还包括身份指示信息和主VPN标签,所述身份指示信息用于指示所述PE设备的身份为主出口PE设备或备出口PE设备,所述主VPN标签为所述主出口PE设备为指向目的用户边缘CE设备的路由分配的VPN标签;所述PE设备,还包括:处理单元,用于根据所述身份指示信息,确定所述PE设备的身份为所述备出口PE设备;所述处理单元,还用于建立备VPN标签与所述主VPN标签的关联关系,其中所述备VPN标签为所述PE设备为指向所述目的CE的路由分配的VPN标签。
- 如权利要求13所述的PE设备,其特征在于,所述处理单元,具体用于生成VPN标签交换表,所述VPN标签交换表对应于所述vNH,所述VPN标签交换表的入标签为所述主VPN标签,所述VPN标签交换表的出标签为所述备VPN标签。
- 如权利要求13或14所述的PE设备,其特征在于,所述身份指示信息包括所述备出口PE设备的互联网协议IP地址;所述处理单元,具体用于在确定所述备出口PE设备的IP地址与所述PE设备的IP地址相同的情况下,确定所述PE设备为所述备出口PE设备。
- 如权利要求13至15任一项所述的PE设备,其特征在于,所述处理单元,还用于确定第一度量值,其中所述第一度量值大于第二度量值,所述第二度量值为所述主出口PE设备确定的;所述发送单元,还用于向所述第二PE设备发布所述第一度量值。
- 如权利要求12至16任一项所述的PE设备,其特征在于,所述发送单元,还用于向所述第二PE设备发送至少一个IP地址,所述vNH为所述至少一个IP地址中的一个IP地址。
- 一种运营商边缘PE设备,其特征在于,所述PE设备包括:处理单元,用于确定虚拟下一跳vNH;发送单元,用于向第一PE设备发送保护信息,所述保护信息包括所述vNH,所述第一PE设备为主出口PE设备或备出口PE设备;接收单元,用于接收所述第一PE设备发布的虚拟专用网VPN标签交换路径LSP建立消息,所述VPN LSP建立消息用于指示以所述vNH为尾端点建立VPN LSP。
- 如权利要求18所述的PE设备,其特征在于,所述保护信息还包括身份指示信息,所述身份指示信息用于指示所述第一PE设备的身份为所述主出口PE设备或所述备出口PE设备。
- 如权利要求19所述的PE设备,其特征在于,所述保护信息还包括主VPN标签,所述主VPN标签为所述主出口PE设备为指向目的用户边缘CE设备的路由分配的VPN标签。
- 如权利要求19或20所述的PE设备,其特征在于,所述身份指示信息包括所述备出口PE设备的IP地址。
- 如权利要求18至21任一项所述的PE设备,其特征在于,所述接收单元,还用于接收所述主出口PE设备发送的第一IP地址集合,所述第一IP地址集合包括至少一个IP地址;所述接收单元,还用于接收所述备出口PE设备发送的第二IP地址集合,所述第二IP地址集合包括至少一个IP地址;所述处理单元,还用于确定地址池,所述地址池为所述第一IP地址集合与所述第二IP地址集合的交集;所述处理单元,具体用于从所述地址池中确定一个IP地址为所述vNH。
- 一种建立虚拟专用网VPN标签交换路径LSP的系统,其特征在于,所述系统包括如权利要求12至17任一项所述的PE设备和如权利要求18至22任一项所述的PE设备。
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP17844921.1A EP3481010B1 (en) | 2016-08-31 | 2017-05-15 | Method, related device, and system for establishing label-switched path for virtual private network |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610797343.4 | 2016-08-31 | ||
CN201610797343.4A CN106169969B (zh) | 2016-08-31 | 2016-08-31 | 建立虚拟专用网标签交换路径方法、相关设备和系统 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2018040614A1 true WO2018040614A1 (zh) | 2018-03-08 |
Family
ID=57376367
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2017/084374 WO2018040614A1 (zh) | 2016-08-31 | 2017-05-15 | 建立虚拟专用网标签交换路径方法、相关设备和系统 |
Country Status (3)
Country | Link |
---|---|
EP (1) | EP3481010B1 (zh) |
CN (1) | CN106169969B (zh) |
WO (1) | WO2018040614A1 (zh) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106169969B (zh) * | 2016-08-31 | 2020-01-10 | 华为技术有限公司 | 建立虚拟专用网标签交换路径方法、相关设备和系统 |
WO2019061520A1 (zh) * | 2017-09-30 | 2019-04-04 | 华为技术有限公司 | 切换路径的方法及装置 |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102546433A (zh) * | 2012-02-10 | 2012-07-04 | 中兴通讯股份有限公司 | 基于mpls vpn的数据转发方法和边缘设备 |
CN102664788A (zh) * | 2012-04-05 | 2012-09-12 | 中兴通讯股份有限公司 | Mpls l3vpn中ce双归链路保护的方法及系统 |
CN103326915A (zh) * | 2012-03-23 | 2013-09-25 | 华为技术有限公司 | 实现三层虚拟专用网络的方法、设备及系统 |
WO2015000173A1 (zh) * | 2013-07-05 | 2015-01-08 | 华为技术有限公司 | 建立隧道的方法、分配标签的方法、设备及网络系统 |
CN106169969A (zh) * | 2016-08-31 | 2016-11-30 | 华为技术有限公司 | 建立虚拟专用网标签交换路径方法、相关设备和系统 |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1328543B1 (en) * | 2000-10-27 | 2009-08-12 | Novartis Vaccines and Diagnostics S.r.l. | Nucleic acids and proteins from streptococcus groups a & b |
US8259564B1 (en) * | 2008-12-12 | 2012-09-04 | Juniper Networks, Inc. | Egress protection for label switched paths |
CN102045239B (zh) * | 2009-10-13 | 2012-12-19 | 中兴通讯股份有限公司 | 点到多点伪线保护网络的实现方法及装置 |
CN103634210B (zh) * | 2012-08-28 | 2016-10-19 | 杭州华三通信技术有限公司 | 发现vpls实例的对端pe设备的方法及设备 |
US9036463B2 (en) * | 2013-07-05 | 2015-05-19 | Cisco Technology, Inc. | Scalable BGP protection from edge node failure using dynamically assigned labels in data packets |
US9143395B2 (en) * | 2013-07-05 | 2015-09-22 | Cisco Technology, Inc. | Scalable BGP protection from edge node failure using context labels in data packets identifying backup router mirror table |
US9444677B2 (en) * | 2013-10-18 | 2016-09-13 | Cisco Technology, Inc. | Scalable edge node protection using IPv6 segment routing extension header |
CN104954255B (zh) * | 2014-03-24 | 2019-12-24 | 中兴通讯股份有限公司 | 一种vpn报文处理方法及装置 |
-
2016
- 2016-08-31 CN CN201610797343.4A patent/CN106169969B/zh active Active
-
2017
- 2017-05-15 WO PCT/CN2017/084374 patent/WO2018040614A1/zh unknown
- 2017-05-15 EP EP17844921.1A patent/EP3481010B1/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102546433A (zh) * | 2012-02-10 | 2012-07-04 | 中兴通讯股份有限公司 | 基于mpls vpn的数据转发方法和边缘设备 |
CN103326915A (zh) * | 2012-03-23 | 2013-09-25 | 华为技术有限公司 | 实现三层虚拟专用网络的方法、设备及系统 |
CN102664788A (zh) * | 2012-04-05 | 2012-09-12 | 中兴通讯股份有限公司 | Mpls l3vpn中ce双归链路保护的方法及系统 |
WO2015000173A1 (zh) * | 2013-07-05 | 2015-01-08 | 华为技术有限公司 | 建立隧道的方法、分配标签的方法、设备及网络系统 |
CN106169969A (zh) * | 2016-08-31 | 2016-11-30 | 华为技术有限公司 | 建立虚拟专用网标签交换路径方法、相关设备和系统 |
Also Published As
Publication number | Publication date |
---|---|
EP3481010B1 (en) | 2020-09-09 |
EP3481010A4 (en) | 2019-07-17 |
CN106169969B (zh) | 2020-01-10 |
EP3481010A1 (en) | 2019-05-08 |
CN106169969A (zh) | 2016-11-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11533249B2 (en) | Route processing method and apparatus, and data transmission method and apparatus | |
US11811595B2 (en) | Signaling IP path tunnels for traffic engineering | |
CN111385206B (zh) | 报文转发的方法、网络系统、相关设备及计算机存储介质 | |
US10003531B2 (en) | Method for establishing tunnel, method for allocating label, device and network system | |
US9860150B2 (en) | Fast convergence of EVPN networks for multi homing topologies | |
US20170093611A1 (en) | Egress node protection in evpn all-active topology | |
US9246838B1 (en) | Label switched path setup using fast reroute bypass tunnel | |
CN111064596B (zh) | 对于用于多宿主节点故障的bum流量的节点保护 | |
US11888722B2 (en) | Route advertisement method, device, and system | |
US20230126279A1 (en) | Fast reroute for bum traffic in ethernet virtual private networks | |
US9781030B1 (en) | Fast re-route protection using GRE over MPLS | |
WO2018040614A1 (zh) | 建立虚拟专用网标签交换路径方法、相关设备和系统 | |
EP2832055B1 (en) | Pseudowire groups in a packet switched network | |
US8817648B2 (en) | Pseudowire extended group messaging in a packet switched network | |
WO2016119461A1 (zh) | 一种建立bgp lsp隧道的方法及网络设备 | |
CN115460107A (zh) | 路由检测方法、设备、系统及存储介质 | |
WO2022246693A1 (en) | Method and apparatus for path switchover management | |
EP2832056B1 (en) | Pseudowire extended group actions in a packet switched network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 17844921 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2017844921 Country of ref document: EP Effective date: 20190129 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |