[go: up one dir, main page]

CN100364292C - Virtual Private Network System and Implementation Method of Hybrid Backbone Network with Hybrid Sites - Google Patents

Virtual Private Network System and Implementation Method of Hybrid Backbone Network with Hybrid Sites Download PDF

Info

Publication number
CN100364292C
CN100364292C CNB2004100695350A CN200410069535A CN100364292C CN 100364292 C CN100364292 C CN 100364292C CN B2004100695350 A CNB2004100695350 A CN B2004100695350A CN 200410069535 A CN200410069535 A CN 200410069535A CN 100364292 C CN100364292 C CN 100364292C
Authority
CN
China
Prior art keywords
route
ipv6
ipv4
edge router
backbone network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CNB2004100695350A
Other languages
Chinese (zh)
Other versions
CN1716901A (en
Inventor
李德丰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CNB2004100695350A priority Critical patent/CN100364292C/en
Priority to PCT/CN2005/000959 priority patent/WO2006002598A1/en
Publication of CN1716901A publication Critical patent/CN1716901A/en
Application granted granted Critical
Publication of CN100364292C publication Critical patent/CN100364292C/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4604LAN interconnection over a backbone network, e.g. Internet, Frame Relay
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/02Topology update or discovery
    • H04L45/04Interdomain routing, e.g. hierarchical routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/167Adaptation for transition between two IP versions, e.g. between IPv4 and IPv6

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本发明涉及虚拟专用网技术,公开了一种混合站点混合骨干网的虚拟专用网系统及其实现方法,使得基于不同IP版本的站点可以通过基于不同IP版本的骨干网络进行相互访问并开展VPN业务,解决在过渡期间混合网络VPN业务的开展问题。这种混合站点混合骨干网的虚拟专用网系统及其实现方法对多域骨干网络的自治域划分主从,在自治域内根据本自治域的IP版本采用相应的MP-IBGP发布路由,在相邻自治域间采用Multi-hop MP-EBGP发布路由,同时在CE和PE上运行IPv4/IPv6双路由表,在自治域内依据其IP版本分配标签进行VPN数据的隧道转发,从而实现混合站点多域骨干网络的VPN。

Figure 200410069535

The present invention relates to a virtual private network technology, and discloses a virtual private network system of a mixed site mixed backbone network and its implementation method, so that sites based on different IP versions can visit each other and develop VPN services through the backbone network based on different IP versions , to solve the problem of developing mixed network VPN services during the transition period. The virtual private network system and its implementation method of this mixed-site hybrid backbone network divide the autonomous domains of the multi-domain backbone network into masters and slaves. In the autonomous domain, the corresponding MP-IBGP is used to publish the route according to the IP version of the autonomous domain. Multi-hop MP-EBGP is used to publish routes between autonomous domains, and IPv4/IPv6 dual routing tables are run on CE and PE at the same time, and labels are assigned according to their IP versions in the autonomous domain for tunnel forwarding of VPN data, so as to realize the hybrid site multi-domain backbone Network VPN.

Figure 200410069535

Description

The virtual private network system of mixed station mixed skeleton network and its implementation
Technical field
The present invention relates to virtual private network technology, be particularly related to user site and backbone network by the 4th edition (Internet Protocol version 4 of internetworking agreement, abbreviation " IPv4 ") virtual private network technology when internetworking agreement the 6th edition (Internet Protocol version 6 is called for short " IPv6 ") evolution.
Background technology
The virtual dedicated network that VPN is on public network to be set up, it has and dedicated network same remarkable fail safe, reliability and ease of manageability.VPN has substituted traditional dialing access, utilize the continuity of internet (Internet) public network or carrier network resource as enterprise private, saving expensive special line rent uses, the fail safe that while VPN can use technique guarantee such as tunnel protocol, authentication and data encryption to communicate by letter is subjected to enterprise customer's welcome.
Enterprise can bring a lot of benefits by the construction of VPN, and for example, by using VPN, enterprise can save the expense of the daily communication of a large amount of enterprises; It is unified to reach business administration to carry out remote teaching and remote monitoring; Can also improve the fail safe of enterprises business information circulation.Can predict, VPN is the Intranet design, the inexorable trend of information management, circulation.
Existing VPN is based on the IPv4 network, and backbone network and the website of promptly forming VPN all are in the IPv4 network.As typical case's representative wherein, how the VPN implementation of Request for Comments (Request for Comments is called for short " RFC ") standard 2547bis definition is to realizing that VPN has made specific descriptions, and detailed description can be with reference to RFC 2547bis.Below the basic principle that realizes this scheme is briefly introduced.
Multi protocol label that RFC2547bis defines exchange (Multi-Protocol Label Switching, be called for short " MPLS ") three layers (Layer 3, abbreviation " L3 ") schematic diagram of the model of VPN as shown in Figure 1, this model comprises three component parts: user network edge (Custom Edge Router, abbreviation " CE ") router, backbone network edge (Provider Edge Router, be called for short " PE ") router and backbone network (Provider Router is called for short " P ") router.Wherein, ce router is a part of user resident network, has interface directly to link to each other with the network of operator, and the ce router perception does not need to safeguard the whole routing iinformation of VPN less than the existence of VPN yet; Pe router is the edge device of carrier network, directly links to each other with user's ce router, in the MPLS network, all processing of VPN is all finished on pe router; The P router is in the carrier network, and the discord ce router directly links to each other, and the P router needs basic signalling capability of MPLS and transfer capability.Those of ordinary skill in the art are appreciated that the division of CE and PE mainly is to divide from operator and user's range of management, and CE and PE are the borders of both range of managements.
Can use External BGP (External BGP between CE and the PE, be called for short " EBGP ") or Interior Gateway Protocol (Interior Gateway Protocol, be called for short " IGP ") etc. the Routing Protocol exchanging routing information, also can use static routing.CE needn't support MPLS, the whole networking that does not need perception VPN by, the whole networking of VPN is contracted out to operator and finishes.The whole networking of passing through MP-BGP (Multi-Protocol Border Gateway Protocol is called for short " MP-BGP ") switched vpc N between the PE is by information.
As shown in Figure 1, VPN is made up of a plurality of user site (Site), on PE, corresponding VPN route/forwarding instance (the VPN Routing/Forwarding instance of each website, be called for short " VRF "), it mainly comprises: a series of interfaces and the management information of internetworking agreement (Internet Protocol is called for short " IP ") routing table, Label Forwarding Information Base, use Label Forwarding Information Base.Wherein, interface and management information comprise route-distinguisher (Route Distinguisher is called for short " RD "), route filtering strategy, member interface tabulation etc.Need to prove that there are not man-to-man relation in user site and VPN, a website can belong to a plurality of VPN simultaneously.When specific implementation, the related independent VRF of each website.In fact the VRF of Site combines the VPN member relation and the routing rule of this website among the VPN.The message forwarding information is stored in the IP route table and Label Forwarding Information Base of each VRF.System safeguards that for each VRF one overlaps independently routing table and Label Forwarding Information Base, thereby has prevented that data leak from going out outside the VPN, has prevented that simultaneously the data outside the VPN from entering.
Use Border Gateway Protocol (Border Gateway Protocol between the router, abbreviation " BGP ") issues the VPN route, BGP communication is carried out on two levels, autonomous system (AutonomousSystem, be called for short " AS ") be inside employing Internal BGP (the Internal BGP in autonomous territory, be called for short " IBGP "), adopt EBGP between the AS.For example, the PE-PE session is the IBGP session, and the PE-CE session is the EBGP session.The VPN of BGP between pe router forms information and route propagation, realizes by Multi-protocol Extensions for Border Gateway Protocol (Multi-protocol extensions BGP is called for short " MBGP ").MBGP is backward compatible, both can support traditional IPv4 address family, can support other address family again, for example VPN-IPv4 address family.The route target (RouteTarget) that carries by MBGP has guaranteed that the route of specific VPN can only be known by other member of this VPN, makes the communication between BGP/MPLS VPN member become possibility.Wherein, the detailed description about MBGP sees also RFC2283.
In the RFC2547bis standard, propagate routing iinformation by Interior Gateway Protocol (InteriorGateway Protocol is called for short " IGP ") or EBGP between CE and the PE, PE obtains the routing table of this VPN, is stored among the independent VRF.Guarantee the connectedness of common IP between the PE by IGP, propagate VPN by IBGP and form information and route, and finish the renewal of VRF separately.PE by upgrading the routing table of CE with the route switching between the CE of directly linking to each other, finishes the route switching between each CE more thus.
Wherein, when using BGP to issue the VPN route, used new address family-VPN-IPv4 address.There are 12 bytes a VPN-IPv4 address, and beginning is the RD of 8 bytes, and the back is the IPv4 address of 4 bytes.PE uses RD that the routing iinformation from different VPN is identified.Operator can distribute RD independently, but need guarantee the AS number part as RD of their special use the overall uniqueness of each RD.RD is that zero VPN-IPv4 address is a synonym with the unique IPv4 address of the overall situation.After handling like this, even the 4 byte IPv4 address overlaps that comprise in the VPN-IPv4 address, the VPN-IPv4 address still can keep the overall situation unique.Wherein, PE is the IPv4 route from the route that CE receives, and needs to introduce in the VRF routing table, needs additional RD this moment.In common realization, for all routes that come from same user site are provided with identical RD.
In the RFC2547bis standard, adopt Route Target attribute-bit and can use the set of the website of certain route, promptly which website is this route can be received by, and pe router can receive the route which website sends.The pe router that links to each other with the website that indicates among the Route Target all can receive the route with this attribute.After pe router receives the route that comprises this attribute, it is joined in the corresponding routing table.There is the set of two Route Target attributes in pe router: a set is used to append to the route that receives from certain website, is called Export Route Targets; Which route another set is used for determining to introduce the routing table of this Site, is called Import RouteTargets.By the entrained Route Target attribute of coupling route, can obtain the member relation of VPN.Coupling Route Target attribute can be used for filtering the routing iinformation that pe router receives.When the MPLSVPN routing iinformation entered pe router, if there is identical entry in Export Route Targets set with ImportRoute Targets set, then this route was received; If Export Route Targets set does not have identical entry with Import Route Targets set, then this route is rejected.
In the RFC2547bis standard, the VPN message is transmitted the two-layer label mode of using.Ground floor, be that outer layer label exchanges in backbone network inside, represented the strip label switching path of (PEER) PE from PE to the opposite end (Label Switched Path is called for short " LSP "), the VPN message utilizes this layer label, just can arrive opposite end PE along LSP.When arriving CE, uses opposite end PE the second layer, i.e. vpn label, and vpn label has indicated message to arrive which website, perhaps more more specifically, arrives which CE.Like this, according to vpn label, just can find the interface that E-Packets.In particular cases, two websites that belong to same VPN are connected to same PE, and the problem that then how to arrive the other side PE does not exist, and only need to solve how to arrive opposite end CE.
And along with the development of communication network technology, traditional IPv4 network has exposed a series of shortcomings, be embodied in aspects such as address space deficiency, poor mobility, poor stability and configuration complexity, therefore the Internet engineering duty group (Internet Engineer Task Force is called for short " IETF ") has proposed IPv6 to address these problems.Through development in a few years, the IPv6 technology is day by day ripe, comparatively successful solution the existing problem of IPv4, become the standard of Next Generation Internet.At present, the popularization of IPv6 enters substantial phase, and many research institutions and company are carrying out the research work of IPv6 networking products.
For at the miscellaneous service that to the process of IPv6 evolution, continues to provide from Ipv4 under the IPv4 environment, must study the vpn solution on the IPv6 network synchronously.Because IPv6 itself is yet under test, also informal extensive commercial, more do not exist the formal vpn service under the IPv6 network to use.Be scarcely out of swaddling-clothes for the research of vpn service under the IPv6 in the world now, IPv6 VPN also will adapt to the new features of IPv6, fail safe, service quality (Qualityof Service as vpn service under the IPv6, be called for short " QoS "), mobility and manageability etc., have a lot of research work to carry out.
Is the IPv4 network for how at backbone network, and the VPN website all is to realize VPN under the situation of IPv6 network, the 6PE technical scheme that can adopt company of Cisco (CISCO) to propose, and the network of this technical scheme is formed schematic diagram as shown in Figure 2.The basic thought that the 6PE scheme realizes is: each IPv6 website is connected at least one two stack of IPv4 backbone network and supports the pe router of MP-BGP, 6PE router promptly shown in Figure 3.Wherein, the 6PE router is called two stack BGP (Double StackBGP is called for short " DS-BGP ") router, i.e. DS-BGP router.The DS-BGP router has an IPv4 address at least in the IPv4 side, has an IPv6 address at least in the IPv6 side, but and this IPv4 address must be in the IPv4 network route.Route in the IPv6 website is followed the IPv6 Routing Protocol of standard, the 3rd edition (Open Shortest Path First Version3 of OSPF for example, be called for short " OSPFv3 "), the 6th edition (Information Society Initiativesin Standardization version 6 of informatics meeting initiated in standardization, be called for short " ISISv6 ") or routing information protocol of future generation (Routing Information Protocol next generation, be called for short " RIPng "), need not issue to the IPv4 backbone network, only need terminate by BGP4+ at the DS-BGP router, but need between the DS-BGP router, exchange Network Layer Reachable Information (the Network LayerReachability Information of IPv6 by MP-BGP4, be called for short " NLRI "), outlet DS-BGP router to inlet DS-BGP router advertisement route the time with oneself address as next jumpings of these routes; When packet is transmitted, from inlet DS-BGP router the IPv6 packet is passed through the MPLS tunnel, promptly LSP is transparent to outlet DS-BGP router.And the IPv4 address can be used during as the BGP route next jump in the address of DS-BGP router advertisement oneself, and use MPLS tunnel or other tunnel based on the IPv4 address, as generic route encapsulation (Generic Route Encapsulation, be called for short " GRE ") protocol tunnel, IP security protocol (IP Security Protocol, be called for short " IPsec) tunnel; Also can use the IPv6 address, and the use corresponding tunnel, as the 6to4 tunnel, intra site automatic tunnel access protocol (Intra-Site Automatic Tunnel Access Protocol, be called for short " ISATAP ") tunnel, and use the address format of these tunnel requirements.
But IPv4 is a progressive process to the IPv6 transition, and will exist IPv4 network and IPv6 network transition period simultaneously, and user network and backbone network all both may be IPv4 network or IPv6 network, may be again the IPv4/IPv6 hybrid network.Vpn service under this generation network of will looking for novelty can adapt to complicated network environment, can normal use in IPv4 network, IPv6 network or IPv4/IPv6 hybrid network.
In actual applications, there is following problem in such scheme: existing technical scheme can't comprise IPv4 website and IPv6 website simultaneously in user site, and backbone network provides the vpn service solution when comprising IPv4 territory and IPv6 territory simultaneously.
Cause the main cause of this situation to be, existing technical scheme is to be the IPv4 network at backbone network, all the VPN website is the situation of IPv6 website, the DS-BGP that uses in this scheme can't support the website of IPv4, if use common bgp router simply instead then can't realize the functions such as exchange of NLRI, and the route learning of VPN and issue are to carry out in the IPv4 network in the existing technical scheme, router study and issue in the backbone network be can't support to mix, route learning issue and data forwarding therefore do not supported based on the VPN that mixes backbone network.
Summary of the invention
In view of this, main purpose of the present invention is to provide virtual private network system and its implementation of a kind of mixed station mixed skeleton network, making can be by visiting based on the backbone network of different IP version and carrying out vpn service mutually based on the website of different IP version, solves the problem of carrying out of mixed network VPN business during transition.
For achieving the above object, the invention provides a kind of virtual private network system of mixed station mixed skeleton network, comprise VPN user website based on the 4th edition IPv4 of internetworking agreement or the 6th edition IPv6, the user network edge router, backbone network edge router and backbone network, described user site inserts described backbone network by described user network edge router and described backbone network edge router, described backbone network comprises at least two autonomous territories that IP version is different, connects by autonomous territory edge router between the different autonomous territory of described at least two IP versions;
Wherein, the different autonomous territory of described at least two IP versions is divided into an autonomous territory of master and at least one from autonomous territory, issues route by multi-hop multi-protocols External BGP between described autonomous territory; Described backbone network edge router is two stacks and the backbone network edge router of supporting multi-protocols expansion External BGP MP-EBGP.
Wherein, described from autonomous territory formation base hybrid network adjacent of autonomous territory of described master and one with the autonomous territory of described master, the described autonomous territory edge router in the autonomous territory of described master of described basic hybrid network and be connected with this autonomy territory edge router described from operation multi-hop multi-protocols External BGP between the described backbone network edge router in autonomous territory; Other is described successively to superpose from autonomous territory, and every layer of new stack described from autonomous territory described backbone network edge router and the described autonomous territory edge router of existing hybrid network between operation multi-hop MP-BGP.
The internetworking protocol version in the described autonomous territory of internal condition, described autonomous territory moves corresponding multi-protocols Internal BGP and issue route in described autonomous territory.
Set up the data forwarding that cross-domain tunnel carries out described Virtual Private Network between the described autonomous territory, carry out the data forwarding of described Virtual Private Network in the described autonomous territory by the territory inner tunnel.
Described user network edge router and described backbone network edge router are stored different internetworking protocol versions respectively in two routing tables route.
When described backbone network edge router sends route to described user network edge router, operation is based on the Routing Protocol of IPv6, send after the IPv4 route of a.b.c.d/n form being converted to the pseudo-IPv6 route of 0::a.b.c.d/ (96+n) form, the IPv6 route is directly sent.
After the described user site reception route of IPv4 the route contravariant of 0::a.b.c.d/ (96+n) form is changed to the route of a.b.c.d/n form.
The present invention also provides a kind of method that realizes Virtual Private Network, and described Virtual Private Network comprises backbone network, and described backbone network comprises autonomous territory of IPv4 and the autonomous territory of IPv6, comprises following steps:
A addresses the user site based on IPv4 or IPv6 in described Virtual Private Network;
The described user site of B and carry out the study and the issue of route based on operation internetworking agreement and multi-protocols External BGP between the backbone network of IPv4 or IPv6, operation multi-protocols Internal BGP and multi-hop multi-protocols External BGP carry out the study and the issue of route in the described backbone network;
Backbone network edge router in the described backbone network of C carries out the distribution of vpn label; Utilize the multi-protocols External BGP to carry out between the autonomous territory in the described backbone network, autonomous territory inner utilization label distribution protocol carries out the distribution of the distribution outer layer label of outer layer label;
The D backbone network is described vpn label of packet encapsulation and the outer layer label that user site sends, and according to the described packet of the routing forwarding of setting up among the step B.
Wherein, in the described steps A, forming the Address-Family Identifier symbol based on the form that adopts " route-distinguisher+IPv4 address " between the described user site of IPv4 is Virtual Private Network-IPv4 address of 1; Between the described user site and the described user site based on IPv6 based on IPv4, forming the Address-Family Identifier symbol based on the form that adopts " route-distinguisher+IPv6 address " between the described user site of IPv6 is Virtual Private Network-IPv6 address of 2.
After the described user site based on IPv4 of communicating by letter based on the described user site of IPv6 is mapped to the IPv6 address of 0::A:B:C:D form with IPv4 address A.B.C.D, make up composition Virtual Private Network-IPv6 address with route-distinguisher.
Described step B also comprises following substep:
B1 carries out polymerization to the address of described user site, forms corresponding route entry;
The user network edge router of the described user site of B2 moves corresponding Routing Protocol to the backbone network edge router issue route that is attached thereto according to the internetworking protocol version of described user site;
B3 operation multi-protocols Internal BGP is issued route in the autonomous territory of described backbone network, operation multi-hop multi-protocols External BGP is issued route between the adjacent autonomous territory in backbone network;
The described backbone network edge router of B4 is to described user network edge router issue route.
Among the described step B3, described autonomous territory be divided into an autonomous territory of master and at least one deck can successively add up from autonomous territory, operation multi-hop multi-protocols External BGP between the autonomous territory edge router in the described autonomous territory of outer field described autonomous territory and the internal layer that is attached thereto.
The described autonomous territory edge router in the autonomous territory of described master and described from operation multi-hop multi-protocols External BGP between the described backbone network edge router in autonomous territory.
Among the described step B4, operation is based on the Routing Protocol issue route of IPv4 between IPv4 user site and the backbone network edge router that is attached thereto; Operation is based on the Routing Protocol issue route of IPv6 between IPv6 user site and the backbone network edge router that is attached thereto.
IPv4 user site for needs visit IPv6 user site, IPv4 route a.b.c.d/n in the routing transmitting example of described backbone network edge router is converted to the IPv6 route of 0::a:b:c:d/ (96+n), be distributed to the described user network edge router of described IPv4 user site by the IPv6 Routing Protocol, in described user network edge router, it be reduced into the IPv4 route of a.b.c.d/n; With the IPv6 route of IPv6 user site, still in the user network edge router of IPv6 user site, save as the IPv6 route; When the user site of this IPv6 user site visit IPv4, carry out the coupling of IPv4 route; During visit IPv6 user site, carry out the coupling of IPv6 route.
For the IPv6 user site that needs the IPv4 user site,, directly be stored as the IPv6 route of 0::a:b:c:d/ (96+n) form with the route of IPv4 user site; With the route of other IPv6 user site, save as original form.
Described backbone network edge router is after receiving the route of described Virtual Private Network, and whether decision carries out route learning and to user site issue that it connected according to the route target extended community attribute of MP-BGP.
Among the described step C, described vpn label is used to distinguish the different described user site that same inlet backbone network edge router connects, distribute by described inlet backbone network edge router, when the issue route, be distributed to corresponding backbone network edge router with route; Described outer layer label is used for transmitting packet at described backbone network, inner label distribution protocol by operation label distribution protocol, RSVP-traffic engineering or constraint route distributes outer layer label in autonomous territory, is that the two-way connection of described autonomous domain border router distributes outer layer label by the multi-protocols External BGP between the autonomous domain border router in the autonomous territory of difference.
Described step D also comprises following substep:
D1 follows common internetworking agreement repeating process and carries out the source user website to the internetworking protocol data forwarding between the inlet backbone network edge router;
D2 carries out described inlet backbone network edge router and transmits to the label data between the outlet backbone network edge router;
The described outlet backbone network of D3 edge router carries out described outlet backbone network according to the routing table of described vpn label and its storage and transmits to the internetworking protocol data between the purpose user site.
Described step D2 also comprises following steps:
D21 after being the vpn label of the described purpose website of packet encapsulation on the described inlet backbone network edge router, the outer layer label that distributes in the autonomous territory for this inlet backbone network edge router place of this packet encapsulation again;
D22 is forwarded to described packet the autonomous territory edge router in the autonomous territory adjacent with described autonomous territory according to outer layer label;
D23 is forwarded to next adjacent autonomous territory according to the outer layer label that distributes between the edge router of described autonomous territory with described packet;
D24 is forwarded to outlet backbone network edge router with described packet.
Topological relation between the described user site is realized by the coupling route target.
By relatively finding, technical scheme difference with the prior art of the present invention is, the present invention program divides the principal and subordinate to the autonomous territory of multiple domain backbone network, IP version according to this autonomous territory in autonomous territory adopts corresponding M P-IBGP issue route, between adjacent autonomous territory, adopt Multi-hop MP-EBGP issue route, on CE and PE, move IPv4/IPv6 double route table simultaneously, in autonomous territory, carry out the tunnel forwarding of VPN data, thereby realize the VPN of mixture station multiple domain backbone network according to its IP version distributing labels.
Difference on this technical scheme, brought comparatively significantly beneficial effect, promptly by adopting the present invention to realize the scheme of the VPN of mixed station mixed skeleton network, can under the situation of IPv6 transition, form VPN from IPv4 at user network and backbone network, make the solution of the VPN in network transition period have bigger flexibility, reduce the complexity of upgrading network equipment, make IPv4 more level and smooth, improved the economy and the feasibility of network upgrade greatly to the transition upgrading of IPv6.
Description of drawings
Fig. 1 forms schematic diagram for the system that RFC2547bis defines MPLS L3 VPN;
Fig. 2 is for filtering the schematic diagram that receives route by coupling Route Target attribute;
Fig. 3 is the system's composition schematic diagram according to the two territory mixing backbone network VPN of mixture station IPv4/IPv6 of a preferred embodiment of the present invention;
Fig. 4 be according to a preferred embodiment of the present invention with from autonomous territory (Dependent AS, be called for short " DAS ")-system of the network VPN of the mixed station mixed skeleton network that the autonomous territory of DAS-master (Primary AS is called for short " PAS ") form connects forms schematic diagram;
Fig. 5 is that the system according to the network VPN of the mixed station mixed skeleton network that connects with the DAS-PAS-DAS form of a preferred embodiment of the present invention forms schematic diagram.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, the present invention is described in further detail below in conjunction with accompanying drawing.
Basic principle of the present invention once at first is described.The present invention program carries out the division of master slave relation for the different autonomous territory in the backbone network, and there is hierarchical relational in different autonomous territories.In the present invention, with one of them the autonomous territory in the multiple domain as PAS, other autonomous territory is as DAS, Autonomous System Boundary Router, AS Boundary Router in PAS (Autonomous System Border Router, abbreviation " ASBR ") and between the PE among the DAS set up multi-hop (Multi-hop) multi-protocols External BGP (Multi-ProtocolExternal BGP, be called for short " MP-EBGP ") and the cross-domain tunnel route of carrying out cross-domain VPN respectively issue and the VPN data forwarding, multi-protocols Internal BGP (Multi-Protocol Internal BGP is called for short " MP-IBGP ") and territory inner tunnel that VPN route issue between the PE of each inside, autonomous territory and data forwarding are then passed through based on the IP protocol version (IPv4 or IPv6) in this autonomous territory in this inside, autonomous territory are respectively finished.In addition, in order to realize the intercommunication of different editions address, also need to carry out certain address and route conversion process.
Below in conjunction with a specific embodiment of the present invention the present invention program is described.
System according to the VPN of the mixed station mixed skeleton network of a preferred embodiment of the present invention forms schematic diagram as shown in Figure 3.
Easy for what illustrate, the backbone network that this preferred embodiment is formed for two autonomous territories provides the situation of vpn service for mixture station, one of them autonomous territory is the IPv4 territory, another autonomous territory is the IPv6 territory, and the technical scheme under the situation of the IPv4 website that belongs to same VPN and IPv6 website is all inserted in IPv4 territory and IPv6 territory.Need to prove, when having only two autonomous territories (IPv4/IPv6) to form backbone network, this network is called basic hybrid network (Basic Hybrid Network, be called for short " BHN "), the situation that backbone network is formed in other how autonomous territory can be regarded as successively increases new autonomous territory formation on BHN.
Need to prove that VPN A and VPN B only are used to represent that a same pe router can insert a plurality of VPN simultaneously.
The system of the VPN of mixed station mixed skeleton network is made up of following components: backbone network is in the pe router and the user site that is connected with pe router by ce router at backbone network edge.
Wherein, backbone network also comprises a BHN who is made of a PAS and DAS and several do not belong to the DAS of BHN.Connect by the ASBR that is in the autonomous system edge between the autonomous system.As shown in Figure 3, in a preferred embodiment of the present invention, backbone network only comprises an IPv6 territory and the IPv4 territory as DAS as PAS, connects by ASBR between them, and this backbone network also is a BHN simultaneously.
Backbone network is used for moving the route issue that Multi-hop MP-EBGP carries out cross-domain VPN between the autonomous territory of difference, sets up cross-domain tunnel and carries out cross-domain VPN data forwarding; Carry out the issue of VPN route in inside, autonomous territory by MP-IBGP, finish the VPN data forwarding between the PE of inside, autonomous territory by the territory inner tunnel based on the IP protocol version in this autonomous territory.Need to prove, move between Multi-hopMP-EBGP ASBR in can the PAS territory in BHN and that DAS connects and the PE in the DAS territory, also can the PE in the DAS that does not belong to BHN and with BHN that this DAS is connected in ASBR between move.
The existing IPv4 website of user site also has the IPv6 website, preserves the route of other user site from the VPN that pe router is learnt in ce router, carries out the coupling of route when other website of visit.Wherein, need the IPv4 website of visit IPv6 website also to need to support the IPv4/IPv6 dual stack, carry out the conversion of IPv6 route and address to IPv4 route and address.In a preferred embodiment of the present invention, IPv4 website for needs visit IPv6 website, by learning IPv6 route and IPv4 route simultaneously based on the Routing Protocol of IPv6 with the pe router operation, promptly be distributed to ce router by the IPv6 Routing Protocol by the IPv6 route that the IPv4 route a.b.c.d/n among the VRF of PE is converted to 0::a:b:c:d/ (96+n), in ce router, it is reduced into the IPv4 route of a.b.c.d/n, and for the IPv6 route of other IPv6 websites, then in CE, still save as the IPv6 route, when this site access IPv4 website, carry out the coupling of IPv4 route, during visit IPv6 website, carry out the coupling of IPv6 route; IPv6 website for needs visit IPv4 website, also move Routing Protocol between its ce router and the pe router based on IPv6, learn the route of other websites, route for other IPv4 websites, directly be stored as the IPv6 route of 0::a:d:c:d/ (96+n) form, for the route of other IPv6 websites, then save as original form.Wherein, a.b.c.d is a network segment address, and n is a mask.Need to prove, if in the topological relation that some IPv4 website is determined according to Route Target attribute not needs visit other Ipv6 websites, then only need the Routing Protocol of operation between its ce router and the pe router based on IPv4, and the IPv4 route of only learning and preserving other IPv4 websites, then abandon for the IPv6 route.
Need to prove,, therefore require CE and PE to support IPv4/IPv6 double route table, promptly can in two routing tables, distinguish storing IP v4 route and IPv6 route because the existing IPv4 route of issuing in network of route also has the IPv6 route.
In order to realize the present invention program, need comprise the processing of the user site addressing of the processing of the following aspects: VPN; The route learning of VPN website and the processing of issue; The processing of label distribution; The processing of VPN data forwarding.Hereinafter will elaborate to these processing.
At first illustrate below in a preferred embodiment of the present invention how to finish the processing of user site addressing.Need to prove, in the present invention, only consider that VPN user carries out the situation of unicast communication, require the main frame in each website of VPN to use unicast address, promptly only adopt an IPv4 address or an IPv6 address.
Owing in VPN, still there is the IPv4 website, consider the in short supply of publicly-owned IPv4 address, in a preferred embodiment of the present invention, allow the IPv4 website among the VPN to continue to use private ip v4 address, and allow the website of different VPN to use identical private ip v4 address.
In VPN, the IPv4 address is still adopted in the communication between IPv4 website and the IPv4 website, the value 1 that the Address-Family Identifier symbol in MP-BGP (Address Family Identification is called for short " AFI ") territory uses RFC 1700 to distribute as IPv4 address family; The IPv6 address is all adopted in intercommunication mutually between intercommunication mutually between IPv4 website and the IPv6 website and two the IPv6 websites, and the value 2 of RFC 1700 for the distribution of IPv6 address family can be used in the AFI territory in MP-BGP.Need to prove that when the IPv4 website intercomed mutually with the IPv6 website, the IPv4 address A.B.C.D in the IPv4 website was mapped to the IPv6 address of corresponding 0::A:B:C:D form.In MP-BGP route issuing process, follow-up Address-Family Identifier symbol (Subsequence Address Family Identifier is called for short " SAFI ") territory uses 128, expression VPN-IPv4/IPv6 address.
In a preferred embodiment of the present invention, owing to used private ip v4 address, in order to guarantee the uniqueness of VPN route and address in backbone network, continue to use the notion of the RD among the RFC 2547bis, promptly forming AFI by the form that adopts RD+ (IPv4 address) between IPv4 website and IPv4 website is 1 VPN-IPV4 address, is 2 VPN-IPv6 address at the form composition AFI by employing RD+ (IPv6 address) between IPv4 website and the IPv6 website or between two IPv6 websites.Need to prove, and the IPv4 address A.B.C.D in the IPv4 website of communicating by letter between the IPv6 website need make up with RD and form the VPN-IPv6 address after be mapped to the IPv6 address of 0::A:B:C:D form again.
In a preferred embodiment of the present invention, the processing of route issue and study can be carried out according to method hereinafter described.
At first, after each user site to VPN addresses, polymerization is carried out in the address of each user site form corresponding route entry.Those of ordinary skill in the art are appreciated that in order to realize the relation of the visit between each user site among the VPN, then these route entries need be distributed to all websites among the VPN.
Then, user site corresponding Routing Protocol of operation between ce router and the pe router that is attached thereto is distributed to pe router with route.Need to prove that the version of the Routing Protocol of operation is by the decision of the IP version of user site, promptly when user site is the IPv4 website, and move Routing Protocol between the ce router that connects of this user site and the pe router based on IPv4; When user site is the IPv6 website, and between the ce router that connects of this user site and the pe router operation based on the Routing Protocol of IPv6.
Then, outlet (Egress) pe router is that route is added corresponding inner layer mark.Wherein vpn label is that connected user site is distributed by the Egress pe router, in order to distinguish different user site.
Then, in autonomous territory, issue route, between autonomous territory, issue route by Multi-hop MP-EBGP by MP-IBGP.Only form in the preferred embodiment of backbone network at one of the present invention by a BHN, situation by Multi-hop MP-EBGP issue route has two kinds, when current autonomous territory was DAS, the pe router in the DAS was issued route by Multi-hop MP-EBGP to the ASBR in the high-rise autonomous territory that is connected with DAS; When current autonomous territory was PAS, the ASBR that is connected with DAS in the PAS was by the pe router issue route of Multi-hop MP-EBGP in DAS.Those of ordinary skill in the art are appreciated that according to the rule of this step and carry out route issue and diffusion that finally all inlets (Ingress) pe router can both receive the route of all user site that belong to VPN.
Issue and study for further detailed explanation route, illustrate respectively below of the present invention and form in the preferred embodiment of backbone network, issue of the route of the pe router of DAS and the issue of PAS route by an IPv6 territory and an IPv4 territory as DAS as PAS.When the pe router in DAS territory is issued route to the pe router in PAS territory, the pe router that needs DAS by and the ASBR in PAS territory between set up Multi-hop MP-EBGP the VPN route be distributed to ASBR, by the MP-IBGP between the pe router among this ASBR and the PAS VPN route is distributed to pe router among the PAS then; When the pe router in PAS territory is issued route to the pe router in DAS territory, earlier the VPN route is distributed to ASBR, by the Multi-hopMP-EBGP in this ASBR and the DAS territory these VPN routes is distributed to pe router in the DAS territory then by the MP-IBGP that sets up between the ASBR in pe router in the PAS territory and the PAS territory.Those of ordinary skill in the art are appreciated that, in the ASBR in the PAS territory of this preferred embodiment, need reservation and its to set up the cross-domain route of the VPN under the pe router among the DAS of MP-EBGP PEER, because the pe router in the autonomous territory of ASBR between IPv4 territory and the IPv6 territory and IPv4 is all supported IPv4, so set up Multi-hopMP-EBGP among the PAS between the pe router among ASBR and the DAS based on IPv4.In addition, those of ordinary skill in the art it is also understood that, for the situation that has a plurality of autonomous territories, for newly-increased DAS (hereinafter being called " DAS-NEW "), inserting existing network can realize learning to stride the VPN route in autonomous territory among the DAS-NEW in the pe router and existing network between the pe router mutually by setting up Multi-hop MP-EBGP based on the protocol version under the DAS-NEW (IPv4 or IPv6) between PE in DAS-NEW and the ASBR in the existing network, can't influence essence of the present invention like this.
At last, the route that will learn of pe router is distributed to the ce router of the user site that is attached thereto.Need to prove, IPv4 website for needs visit IPv6 VPN user site, by learning IPv6 route and IPv4 route simultaneously based on the Routing Protocol of IPv6 with the pe router operation that is attached thereto, promptly by the IPv4 route a.b.c.d/n among the VRF of pe router being converted to the IPv6 route of 0::a:b:c:d/ (96+n), be distributed to ce router by the IPv6 Routing Protocol, in ce router, it is reduced into the IPv4 route of a.b.c.d/n, and for the IPv6 route of other IPv6 websites, then in CE, still save as the IPv6 route, when this user site visit IPv4 user site, carry out the coupling of IPv4 route, during visit IPv6 user site, carry out the coupling of IPv6 route; And for the IPv6 user site of needs visits IPv4 user site, also move Routing Protocol between its ce router and the pe router based on IPv6, learn the route of other websites, route for other IPv4 user site, directly be stored as the IPv6 route of 0::a:b:c:d/ (96+n) form, for the route of other IPv6 user site, then save as original form.Those of ordinary skill in the art are appreciated that, if in the topological relation that some IPv4 user site is determined according to Route Target attribute not needs visit other IPv6 user site, then can only move Routing Protocol between its ce router and the pe router based on IPv4, and only learn and preserve the IPv4 route of other IPv4 user site, then abandon for the IPv6 route
Need to prove, because the route of different IP version user site issue different IP version, therefore in network, need to issue simultaneously the VPN-IPv6 route that the VPN-IPv4 route be made up of the RD+IPv4 route and RD+IPv6 form, the VPN route of different editions is distinguished by AFI, therefore needing each MP-BGP Speaker is that CE and PE can remove to resolve corresponding IPv4/IPv6 route entry according to AFI, and support while storing IP v4/IPv6 routing table, the route of storing IP v4 and IPv6 in different routing tables respectively.
Those of ordinary skill in the art are appreciated that, in the existing technology, whether pe router determines to learn after receiving the VPN route and issue to corresponding website is to decide by the RouteTarget extended community attribute of using MP-BGP, Egress PE carries corresponding Export Route Target to its BGP PEER issue VPN route the time and Egress PE is the vpn label that this VPN website distributes, its BGP PEER is receiving corresponding route, mating with the ImportRoute Target that on this BGP PEER, disposes, if can the match is successful, then receive this route and to the issue of the website of corresponding VRF correspondence, if BGP PEER is two ASBR between the autonomous territory, also need this route is distributed to Multi-hop MP-EBGP PEER in the DAS territory, and the MP-IBGP PEER in the PAS territory, carry out the coupling of Route Target by these PEER, accept and issue these cross-domain VPN routes determining whether to the website that connects.In the present invention, router is still continued to use above-mentioned rule match route, and whether decision is learnt and issued to respective site.
In a preferred embodiment of the present invention, still use VRF to preserve the route of different VPN.Different AFI at each VPN in VRF preserves IPv4 route and IPv6 route respectively, also preserves corresponding IPv4 route and IPv6 route in the ce router in the IPv4 of VPN user site simultaneously.And the agency (Proxy) when ce router visited other user site as this VPN user site, when carrying out matched routings, purpose website according to visit is IPv4 user site or IPv6 user site difference Match IP v4 route or IPv6 route, but the IPv6 user site among the VPN only need be preserved the IPv6 route, the pe router that inserts this IPv6 user site converted IPv4 route a.b.c.d/n to the IPv6 route of 0::a:b:c:d/ (96+n) earlier before the route with other IPv4 user site is distributed to this website.
In a preferred embodiment of the present invention, the processing of label distribution can be carried out according to rule hereinafter described.
The different VPN website that same Egress PE connects distributes different vpn labels to distinguish by Egress PE, this vpn label is distributed to corresponding PE with route by MP-BGP issue route the time, this vpn label is immovable when transmitting in the backbone network of being made up of PAS and DAS.Those of ordinary skill in the art understand, and in RFC 2547, carry out according to outer layer label when packet is transmitted in backbone network.In a preferred embodiment of the present invention, the distribution of two ASBR outer layer labels between the adjacent autonomous territory distributes by the bgp protocol between the autonomous territory; In the PAS territory and the DAS territory in outer layer label then can continue to use label distribution protocol (Label DistributionProtocol, be called for short " LDP ") or RSVP (Reservation Protocol, be called for short " RSVP ")-traffic engineering (Traffic Engineering, be called for short " TE ")/the label distribution protocol label distribution protocols such as (Constraint-Routing Label Distribution Protocol are called for short " CR-LDP ") of constraint route distributes.
The present invention adopts label forwarding, therefore by having determined a tunnel between the pe router of commutative relation in each territory of outer layer label or between pe router and the ASBR and between the ASBR between the adjacent domains respectively.Wherein, data forwarding between the VPN website that pe router connects in the territory is finished by the territory inner tunnel, the data forwarding between the VPN website that the pe router in different autonomous territories connects then between the territory determined by the MP-BGP distributed labels of the territory inner tunnel in the autonomous territory by Ingress PE and Egress PE place and the ASBR between two autonomous territories the tunnel finish.
In a preferred embodiment of the present invention, concrete data forwarding is handled and comprised following several forwarding: the source user website is to the IP data forwarding between inlet (Ingress) pe router; The Ingress pe router is transmitted to the label data between the Egress pe router; Egress PE is to the IP data forwarding between the purpose user site.Narration respectively below.
The source user website is transmitted to the IP packet between inlet (Ingress) pe router and is followed common IP repeating process.As indicated above, preserved the routing table of IPv4/IPv6 two types in the user site, visit the source user website of IPv4/IPv6 purpose user site when carrying out the IP data forwarding for needs, can be that IPv4 website or IPv6 website are inquired about corresponding routing table according to the purpose user site, follow corresponding routing table packet is forwarded to Ingress PE.
The Ingress pe router is transmitted to the label data between the Egress pe router two kinds of situations: the visit between the VPN website in the single autonomous territory, can continue to use in the territory of the prior art the data forwarding mode transmits, after increasing Egress PE for packet on the Ingress PE and being the vpn label of place, destination website, increase the outer layer label that the label distribution protocol (LDP/RSVP-TE/CR-LDP) in the autonomous territory at this Ingress PE place distributes again, packet is forwarded to Egress PE along the LSR of LSP according to outer layer label; Visit between the VPN website in the different autonomous territories, need be after increasing Egress PE for packet on the Ingress PE and being the vpn label of place, destination website, increase the outer layer label that the label distribution protocol (LDP/RSVP-TE/CR-LDP) in the autonomous territory at this Ingress PE place distributes again, packet is forwarded to the ASBR in this next adjacent autonomous territory of arrival, autonomous territory according to outer layer label along the LSR of LSP, the outer layer label that distributes according to the ASBR in the adjacent autonomous territory of the next one and the MP-EBGP between this ASBR is forwarded to the ASBR in next adjacent autonomous territory then, continues then that LSP is forwarded to Egress PE with packet in the adjacent autonomous territory of the next one.
Egress PE needs Egress PE after receiving the packet that comprises vpn label to the IP data forwarding between the purpose user site, determine the purpose user site by distinguishing vpn label, and follow corresponding routing table according to source user website and purpose user site type and be forwarded to destination host.Wherein, in this step, only just inquire about the IPv4 routing table when source user website and purpose user site are the IPv4 website, other situations are all inquired about the IPv6 routing table.
In addition, need to prove, if for the topological relation between each website of realizing VPN, control as topology such as full mesh networking, partial mesh, still can continue to use the method among the RFC 2547bis, promptly realize by Route Target, route issue and learning mechanism are identical between this and the PE mentioned above, promptly the topological relation according to VPN determines whether to learn routing table, realizes the topological relation of VPN according to routing table.
In other preferred embodiment of the present invention, the VPN backbone network comprises the autonomous territory of a plurality of IPv4/IPv6, and the distribution of address and the distribution of label are still carried out according to method mentioned above.Those of ordinary skill in the art are appreciated that when backbone network comprises a plurality of IPv4/IPv6 autonomies territory, can think newly-increased DAS on the basis of being made of backbone network two autonomous territories.
The system of the network VPN of the mixed station mixed skeleton network that connects according to the DAS-DAS-PAS form of a preferred embodiment of the present invention forms schematic diagram as shown in Figure 4; System according to the network VPN of the mixed station mixed skeleton network that connects with the DAS-PAS-DAS form of a preferred embodiment of the present invention forms schematic diagram as shown in Figure 5.
In pe router and the adjacent autonomous territory (PAS or DAS) and set up Multi-hop MP-EBGP between the newly-increased DAS and learn cross-domain VPN route, and set up corresponding tunnel piecemeal and carry out cross-domain forwarding, thereby realize cross-domain VPN network, and still can carry out route learning between the VPN website for the inner pe router connection of newly-increased DAS by the MP-IBGP between the PE.Topological relation between this VPN website of striding a plurality of territories is still continued to use method mentioned above, promptly the VPN route is issued between the PE that crosses over the autonomous territory of a plurality of IPv4/IPv6, thereby realized that the VPN between these websites concerns by the network configuration of composition layer-stepping between these DAS and the PAS and the Multi-hopMP-EBGP relation of layer-stepping.Mix the situation in autonomous territory for more a plurality of IPv4/IPv6, can the rest may be inferred, realize the VPN of these cross-domain multiple domains by increasing this hierarchical relational.
Though by reference some preferred embodiment of the present invention, the present invention is illustrated and describes, but those of ordinary skill in the art should be understood that, can do various changes to it in the form and details, and the spirit and scope of the present invention that do not depart from appended claims and limited.

Claims (21)

1. the virtual private network system of a mixed station mixed skeleton network, comprise VPN user website, user network edge router, backbone network edge router and backbone network based on the 4th edition IPv4 of internetworking agreement or the 6th edition IPv6, described user site inserts described backbone network by described user network edge router and described backbone network edge router, it is characterized in that, described backbone network comprises at least two autonomous territories that IP version is different, connects by autonomous territory edge router between the different autonomous territory of described at least two IP versions;
Wherein, the different autonomous territory of described at least two IP versions is divided into an autonomous territory of master and at least one from autonomous territory, issues route by multi-hop multi-protocols External BGP between described autonomous territory;
Described backbone network edge router is two stacks and the backbone network edge router of supporting multi-protocols expansion External BGP MP-EBGP.
2. the virtual private network system of mixed station mixed skeleton network according to claim 1, it is characterized in that, described from autonomous territory formation base hybrid network adjacent of autonomous territory of described master and one with the autonomous territory of described master, the described autonomous territory edge router in the autonomous territory of described master of described basic hybrid network and be connected with this autonomy territory edge router described from operation multi-hop multi-protocols External BGP between the described backbone network edge router in autonomous territory; Other is described successively to superpose from autonomous territory, and every layer of new stack described from autonomous territory described backbone network edge router and the described autonomous territory edge router of existing hybrid network between operation multi-hop MP-BGP.
3. the virtual private network system of mixed station mixed skeleton network according to claim 1, it is characterized in that the internetworking protocol version in the described autonomous territory of internal condition, described autonomous territory moves corresponding multi-protocols Internal BGP and issue route in described autonomous territory.
4. the virtual private network system of mixed station mixed skeleton network according to claim 1, it is characterized in that, set up the data forwarding that cross-domain tunnel carries out described Virtual Private Network between the described autonomous territory, carry out the data forwarding of described Virtual Private Network in the described autonomous territory by the territory inner tunnel.
5. the virtual private network system of mixed station mixed skeleton network according to claim 1 is characterized in that, described user network edge router and described backbone network edge router are stored different internetworking protocol versions respectively in two routing tables route.
6. the virtual private network system of mixed station mixed skeleton network according to claim 1, it is characterized in that, when described backbone network edge router sends route to described user network edge router, operation is based on the Routing Protocol of IPv6, send after the IPv4 route of a.b.c.d/n form being converted to the pseudo-IPv6 route of 0::a.b.c.d/ (96+n) form, the IPv6 route is directly sent.
7. the virtual private network system of mixed station mixed skeleton network according to claim 6 is characterized in that, after the described user site reception route of IPv4 the route contravariant of 0::a.b.c.d/ (96+n) form is changed to the route of a.b.c.d/n form.
8. a method that realizes Virtual Private Network is characterized in that, described Virtual Private Network comprises backbone network, and described backbone network comprises autonomous territory of IPv4 and the autonomous territory of IPv6, and described method comprises following steps:
A addresses the user site based on IPv4 or IPv6 in described Virtual Private Network;
The described user site of B and carry out the study and the issue of route based on operation internetworking agreement and multi-protocols External BGP between the backbone network of IPv4 or IPv6, operation multi-protocols Internal BGP and multi-hop multi-protocols External BGP carry out the study and the issue of route in the described backbone network;
Backbone network edge router in the described backbone network of C carries out the distribution of vpn label; Utilize the multi-protocols External BGP to carry out the distribution of outer layer label between the autonomous territory in the described backbone network, autonomous territory inner utilization label distribution protocol carries out the distribution of outer layer label;
The D backbone network is described vpn label of packet encapsulation and the outer layer label that user site sends, and according to the described packet of the routing forwarding of setting up among the step B.
9. the method for realization Virtual Private Network according to claim 8, it is characterized in that, in the described steps A, forming the Address-Family Identifier symbol based on the form that adopts " route-distinguisher+IPv4 address " between the described user site of IPv4 is Virtual Private Network-IPv4 address of 1; Between the described user site and the described user site based on IPv6 based on IPv4, forming the Address-Family Identifier symbol based on the form that adopts " route-distinguisher+IPv6 address " between the described user site of IPv6 is Virtual Private Network-IPv6 address of 2.
10. the method for realization Virtual Private Network according to claim 8, it is characterized in that, after the described user site based on IPv4 of communicating by letter based on the described user site of IPv6 is mapped to the IPv6 address of 0::A:B:C:D form with IPv4 address A.B.C.D, make up composition Virtual Private Network-IPv6 address with route-distinguisher.
11. the method for realization Virtual Private Network according to claim 8 is characterized in that, described step B also comprises following substep:
B1 carries out polymerization to the address of described user site, forms corresponding route entry;
The user network edge router of the described user site of B2 moves corresponding Routing Protocol to the backbone network edge router issue route that is attached thereto according to the internetworking protocol version of described user site;
B3 operation multi-protocols Internal BGP is issued route in the autonomous territory of described backbone network, operation multi-hop multi-protocols External BGP is issued route between the adjacent autonomous territory in backbone network;
The described backbone network edge router of B4 is to described user network edge router issue route.
12. the method for realization Virtual Private Network according to claim 11, it is characterized in that, among the described step B3, described autonomous territory be divided into an autonomous territory of master and at least one deck can successively add up from autonomous territory, operation multi-hop multi-protocols External BGP between the autonomous territory edge router in the described autonomous territory of outer field described autonomous territory and the internal layer that is attached thereto.
13. the method for realization Virtual Private Network according to claim 12, it is characterized in that the described autonomous territory edge router in the autonomous territory of described master and described from operation multi-hop multi-protocols External BGP between the described backbone network edge router in autonomous territory.
14. the method for realization Virtual Private Network according to claim 11 is characterized in that, among the described step B4, operation is based on the Routing Protocol issue route of IPv4 between IPv4 user site and the backbone network edge router that is attached thereto; Operation is based on the Routing Protocol issue route of IPv6 between IPv6 user site and the backbone network edge router that is attached thereto.
15. the method for realization Virtual Private Network according to claim 14, it is characterized in that, IPv4 user site for needs visit IPv6 user site, IPv4 route a.b.c.d/n in the routing transmitting example of described backbone network edge router is converted to the IPv6 route of 0::a:b:c:d/ (96+n), be distributed to the user network edge router of described IPv4 user site by the IPv6 Routing Protocol, in the user network edge router of described IPv4 user site, it be reduced into the IPv4 route of a.b.c.d/n;
With the IPv6 route of IPv6 user site, still in the user network edge router of IPv6 user site, save as the IPv6 route; When the user site of this IPv6 user site visit IPv4, carry out the coupling of IPv4 route; When this IPv6 user site is visited the user site of other IPv6, carry out the coupling of IPv6 route.
16. the method for realization Virtual Private Network according to claim 14, it is characterized in that, for the IPv6 user site of needs visits IPv4 user site,, directly be stored as the IPv6 route of 0::a:b:c:d/ (96+n) form with the route of the user site of IPv4; With the route of other IPv6 user site, save as original form.
17. the method for realization Virtual Private Network according to claim 11, it is characterized in that, described backbone network edge router is after receiving the route of described Virtual Private Network, and whether decision carries out route learning and to user site issue that it connected according to the route target extended community attribute of MP-BGP.
18. the method for realization Virtual Private Network according to claim 8, it is characterized in that, among the described step C, described vpn label is used to distinguish the different described user site that same inlet backbone network edge router connects, distribute by described inlet backbone network edge router, when the issue route, be distributed to corresponding backbone network edge router with route; Described outer layer label is used for transmitting packet at described backbone network, inner label distribution protocol by operation label distribution protocol, RSVP-traffic engineering or constraint route distributes outer layer label in autonomous territory, is that the two-way connection of described autonomous domain border router distributes outer layer label by the multi-protocols External BGP between the autonomous domain border router in the autonomous territory of difference.
19. the method for realization Virtual Private Network according to claim 8 is characterized in that, described step D also comprises following substep:
D1 follows common internetworking agreement repeating process and carries out the source user website to the internetworking protocol data forwarding between the inlet backbone network edge router;
D2 carries out described inlet backbone network edge router and transmits to the label data between the outlet backbone network edge router;
The described outlet backbone network of D3 edge router carries out described outlet backbone network according to the routing table of described vpn label and its storage and transmits to the internetworking protocol data between the purpose user site.
20. the method for realization Virtual Private Network according to claim 19 is characterized in that, described step D2 also comprises following steps:
D21 after being the vpn label of the described purpose website of packet encapsulation on the described inlet backbone network edge router, the outer layer label that distributes in the autonomous territory for this inlet backbone network edge router place of this packet encapsulation again;
D22 is forwarded to described packet the autonomous territory edge router in the autonomous territory adjacent with described autonomous territory according to outer layer label;
D23 is forwarded to next adjacent autonomous territory according to the outer layer label that distributes between the edge router of described autonomous territory with described packet;
D24 is forwarded to outlet backbone network edge router with described packet.
21. the method for realization Virtual Private Network according to claim 8 is characterized in that, the topological relation between the described user site is realized by the coupling route target.
CNB2004100695350A 2004-06-30 2004-06-30 Virtual Private Network System and Implementation Method of Hybrid Backbone Network with Hybrid Sites Expired - Fee Related CN100364292C (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CNB2004100695350A CN100364292C (en) 2004-06-30 2004-06-30 Virtual Private Network System and Implementation Method of Hybrid Backbone Network with Hybrid Sites
PCT/CN2005/000959 WO2006002598A1 (en) 2004-06-30 2005-06-30 A vpn system of a hybrid-site hybrid backbone network and an implementing method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB2004100695350A CN100364292C (en) 2004-06-30 2004-06-30 Virtual Private Network System and Implementation Method of Hybrid Backbone Network with Hybrid Sites

Publications (2)

Publication Number Publication Date
CN1716901A CN1716901A (en) 2006-01-04
CN100364292C true CN100364292C (en) 2008-01-23

Family

ID=35782472

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB2004100695350A Expired - Fee Related CN100364292C (en) 2004-06-30 2004-06-30 Virtual Private Network System and Implementation Method of Hybrid Backbone Network with Hybrid Sites

Country Status (2)

Country Link
CN (1) CN100364292C (en)
WO (1) WO2006002598A1 (en)

Families Citing this family (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100596107C (en) * 2007-02-09 2010-03-24 华为技术有限公司 Message forwarding method and autonomous system border router
CN101360037B (en) * 2007-08-03 2010-12-08 中国移动通信集团公司 Data service network system and data service access method
CN101159741B (en) * 2007-11-05 2012-07-04 中兴通讯股份有限公司 PE device and access method for VRRP device to access into VPN
CN101442468B (en) * 2007-11-20 2011-06-01 华为技术有限公司 Method and device for virtual private network routing local cross processing
CN101499951B (en) * 2008-02-01 2012-05-23 华为技术有限公司 Tunnel configuration method, virtual access node, virtual edge node and system
EP2494747B1 (en) * 2009-10-30 2023-08-16 Transpacific IP Group Limited METHODS AND DEVICES FOR ROUTING DATA PACKETS BETWEEN IPv4 AND IPv6 NETWORKS
CN102457425A (en) * 2010-10-25 2012-05-16 北京系统工程研究所 Large-scale virtual network topology generation method
CN108111417B (en) * 2013-08-15 2022-12-27 华为技术有限公司 Method and device for forwarding MPLS data packet
CN106713130B (en) * 2015-11-13 2019-11-22 华为技术有限公司 A routing table update method, EVPN control device and EVPN system
CN106209559B (en) * 2016-07-12 2019-05-07 华为技术有限公司 A method and apparatus for establishing a multicast tunnel
CN111865786B (en) * 2020-06-30 2022-07-12 北京华三通信技术有限公司 Method and apparatus for propagating link markers
CN111865698B (en) * 2020-07-30 2023-10-17 中国电子信息产业集团有限公司第六研究所 An autonomous domain-level Internet topology visualization method based on geographical information
CN113098750A (en) * 2021-03-11 2021-07-09 网宿科技股份有限公司 Site interconnection method, system and transfer equipment
CN114285778B (en) * 2021-11-23 2024-07-16 南瑞集团有限公司 Power dispatching data network networking safety test method
CN115941383B (en) * 2022-11-28 2023-12-22 北京神经元网络技术有限公司 Network domain distribution method, device and equipment for broadband field bus multi-domain switching system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020181464A1 (en) * 2000-07-21 2002-12-05 Hitachi, Ltd. Multicast routing method and apparatus for routing multicast packet
JP2003198639A (en) * 2001-12-27 2003-07-11 Kddi Corp Proxy name server, protocol converter and interface device
CN1476206A (en) * 2003-07-14 2004-02-18 中国科学院计算技术研究所 A Method of Penetrating NAT Using Double Tunnel Mechanism

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020181464A1 (en) * 2000-07-21 2002-12-05 Hitachi, Ltd. Multicast routing method and apparatus for routing multicast packet
JP2003198639A (en) * 2001-12-27 2003-07-11 Kddi Corp Proxy name server, protocol converter and interface device
CN1476206A (en) * 2003-07-14 2004-02-18 中国科学院计算技术研究所 A Method of Penetrating NAT Using Double Tunnel Mechanism

Also Published As

Publication number Publication date
CN1716901A (en) 2006-01-04
WO2006002598A1 (en) 2006-01-12

Similar Documents

Publication Publication Date Title
CN100372340C (en) Realization Method of Virtual Private Network
CN101960785B (en) Implementation of VPN on Link State Protocol Controlled Ethernet Network
CN111385207B (en) Service data forwarding method, network device and network system
EP1768335B1 (en) A virtual private network and the method for the control and transmit of the route
CN101888334B (en) Scalable routing policy construction using dynamic redefinition of routing preference value
US9225640B2 (en) Intra-domain and inter-domain bridging over MPLS using MAC distribution via border gateway protocol
CN100364292C (en) Virtual Private Network System and Implementation Method of Hybrid Backbone Network with Hybrid Sites
CN104429027B (en) Method and relevant device for setting up link-diversity service path in communication network
US20140301244A1 (en) Method and Apparatus for Exchanging Routing Information and the Establishment of Connectivity Across Multiple Network Areas
CN101047636B (en) Method and system for end-to-end pseudo-line simulation virtual leased line access virtual special network
US7856509B1 (en) Transparently providing layer two (L2) services across intermediate computer networks
CN104471899A (en) 802.1AQ support via IETF EVPN
WO2013139270A1 (en) Method, device, and system for implementing layer3 virtual private network
US20150237171A1 (en) Extensible Messaging and Presence Protocol (XMPP) Based Software-Service-Defined-Network (SSDN)
CN100502343C (en) Method for mutual communication between multi-protocol label switching virtual private networks
Semeria et al. Rfc 2547bis: bgp/mpls vpn fundamentals
CN100440844C (en) System and method for implementing hybrid site hybrid backbone network virtual private network
Wu et al. Research on the application of cross-domain VPN technology based on MPLS BGP
CN101136832A (en) Multi-protocol label switching virtual private network and its control and forwarding method
WO2021103744A1 (en) Heterogeneous network communication method and system, and controller
CN100426804C (en) Method for implementing mixed website VPN
Dotaro et al. Multi-region networks: generalized multi-protocol label switching (GMPLS) as enabler for vertical integration
CN101087240B (en) Route selection method and device in minimum path priority protocol
Joseph et al. Network convergence: Ethernet applications and next generation packet transport architectures
Cisco Spanning Multiple Autonomous Systems

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20080123

Termination date: 20160630