[go: up one dir, main page]

CN101166138A - Device for Layer 2 Virtual Private Network Service Transmission - Google Patents

Device for Layer 2 Virtual Private Network Service Transmission Download PDF

Info

Publication number
CN101166138A
CN101166138A CNA2006101499597A CN200610149959A CN101166138A CN 101166138 A CN101166138 A CN 101166138A CN A2006101499597 A CNA2006101499597 A CN A2006101499597A CN 200610149959 A CN200610149959 A CN 200610149959A CN 101166138 A CN101166138 A CN 101166138A
Authority
CN
China
Prior art keywords
layer
protocol
packet
mtu
internet
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CNA2006101499597A
Other languages
Chinese (zh)
Inventor
孙鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CNA2006101499597A priority Critical patent/CN101166138A/en
Publication of CN101166138A publication Critical patent/CN101166138A/en
Withdrawn legal-status Critical Current

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本发明提供了一种用于二层虚拟专网业务传送的装置,其包括设置模块,用于在用户侧的二层接口电路上设置最大传输单元;检测模块,用于使二层接口电路对接收到的数据包进行检测;以及转发模块,用于当接收到的数据包小于最大传输单元时,使二层接口电路转发数据包,当接收到的数据包大于最大传输单元时,使二层接口电路转发为非网际协议包的数据包,以及不转发为网际协议包的数据包且发送网间控制报文协议包不可到达的标识。由此,本发明的装置可以尽量降低分片重组的数据包数量,对二层业务采用网关协议业务在传输中甚至不需要分片重组,从而提高二层虚拟个人网络性能。

The invention provides a device for two-layer virtual private network service transmission, which includes a setting module for setting the maximum transmission unit on the two-layer interface circuit on the user side; a detection module for making the two-layer interface circuit pair The received data packet is detected; and the forwarding module is used to make the layer 2 interface circuit forward the data packet when the received data packet is smaller than the maximum transmission unit, and make the layer 2 interface circuit forward the data packet when the received data packet is larger than the maximum transmission unit. The data packets forwarded by the interface circuit as non-Internet Protocol packets, and the data packets not forwarded as Internet Protocol packets and sending Internet Control Message Protocol packets are unreachable. Therefore, the device of the present invention can reduce the number of fragmented and reassembled data packets as much as possible, and even do not need fragmented reorganization in the transmission of the gateway protocol service for the second-layer business, thereby improving the performance of the second-layer virtual personal network.

Description

二层虚拟专网业务传送的装置 Device for Layer 2 Virtual Private Network Service Transmission

技术领域 technical field

本发明涉及一种网络业务传送的装置,更具体地,涉及一种二层虚拟专网业务传送的装置。The present invention relates to a device for network service transmission, more specifically, to a device for two-layer virtual private network service transmission.

背景技术 Background technique

随着网络,尤其是网络经济的发展,企业日益扩张,客户分布日益广泛,合作伙伴日益增多,这种情况促使了企业的效益日益增长,另一方面也越来越凸现传统企业网的功能缺陷:传统企业网基于固定物理地点的专线连接方式已难以适应现代企业的需求。于是企业对于自身的网络建设提出了更高的需求,主要表现在网络的灵活性、安全性、经济性、扩展性等方面。在这样的背景下,虚拟个人网络(VPN)以其独具特色的优势赢得了越来越多的企业的青睐,令企业可以较少地关注网络的运行与维护,而更多地致力于企业的商业目标的实现。企业应用较多的二层虚拟个人网络包括有二层隧道协议(L2TP)、虚拟专用局域网服务/虚拟专线服务(VPLS/VPWS)。With the development of the network, especially the network economy, the enterprises are expanding day by day, the distribution of customers is becoming wider and wider, and the number of partners is increasing day by day. This situation promotes the increasing benefits of enterprises, and on the other hand, the functional defects of traditional enterprise networks are becoming more and more prominent. : The leased line connection mode based on the fixed physical location of the traditional enterprise network has been difficult to meet the needs of modern enterprises. Therefore, enterprises put forward higher requirements for their own network construction, mainly in terms of network flexibility, security, economy, and scalability. In this context, the virtual personal network (VPN) has won the favor of more and more enterprises with its unique advantages, enabling enterprises to pay less attention to the operation and maintenance of the network and devote more attention to the enterprise realization of business goals. Layer 2 virtual personal networks that are widely used by enterprises include Layer 2 Tunneling Protocol (L2TP), Virtual Private LAN Service/Virtual Private Wire Service (VPLS/VPWS).

图1是示出二层隧道协议组网图的示意图。图2是示出网际协议安全(IPSec)隧道数据进行二层隧道协议封装之后产生的结构的结构图。图3是示出组网结构的框图。图4是示出运营商的骨干网络的视图。Fig. 1 is a schematic diagram showing a network diagram of a Layer 2 tunneling protocol. FIG. 2 is a structural diagram illustrating a structure generated after Internet Protocol Security (IPSec) tunnel data is encapsulated by a Layer 2 tunneling protocol. FIG. 3 is a block diagram showing a networking structure. FIG. 4 is a view showing a backbone network of an operator.

二层隧道协议是由PPP拨号链路和骨干网上的隧道构成的虚拟个人网络。用户采用拨号方式通过隧道接入企业网。二层隧道协议主要用于移动和个人用户访问公司内部网络,节省用户长途拨号服务的费用。二层隧道协议组网图如图1所示。The Layer 2 Tunneling Protocol is a virtual personal network composed of PPP dial-up links and tunnels on the backbone network. Users access the enterprise network through the tunnel through the dial-up mode. The Layer 2 Tunneling Protocol is mainly used for mobile and personal users to access the company's internal network, saving users the cost of long-distance dial-up services. Figure 1 shows the networking diagram of the Layer 2 tunneling protocol.

二层隧道协议数据的隧道传输是通过多级封装实现的。图2是网际协议安全隧道数据进行二层隧道协议封装之后产生的结构。其中网际协议安全封装为可选。The tunnel transmission of Layer 2 Tunneling Protocol data is realized through multi-level encapsulation. FIG. 2 is a structure generated after the IP security tunnel data is encapsulated by the layer-2 tunneling protocol. The IP security encapsulation is optional.

基于多协议标签技术网络的二层虚拟个人网络技术实现方案目前主要有两种,分别是Kompella等提出的二层虚拟个人网络(以下称Kompella二层虚拟个人网络)和Martini等提出的二层虚拟个人网络(以下称Martini二层虚拟个人网络)。这两种方案的数据平面基本相似,都可以支持多种数据链路层技术,如帧中继、ATMAAL5 CPCS模式、ATM透明信元模式、以太网、以太网VLAN、思科HDLC和PPP等,它们的主要差别在于控制平面协议的使用。组网示意图如图3所示。There are currently two main implementation schemes for Layer 2 virtual personal network technology based on multi-protocol label technology network, namely the Layer 2 Virtual Personal Network (hereinafter referred to as Kompella Layer 2 Virtual Personal Network) proposed by Kompella et al. Personal network (hereinafter referred to as Martini Layer 2 virtual personal network). The data planes of these two solutions are basically similar, and both can support a variety of data link layer technologies, such as frame relay, ATMAAL5 CPCS mode, ATM transparent cell mode, Ethernet, Ethernet VLAN, Cisco HDLC and PPP, etc. The main difference is the use of control plane protocols. The network diagram is shown in Figure 3.

如图4所示,以PE1为源端、PE2为目的端为例,当PE1发送一个二层PDU到PE2时,PE1首先为二层净荷添加一个VC标签,然后添加一个隧道标签。隧道标签用来确定多协议标签技术(MPLS)分组从PE1到PE2的通路;只有多协议标签技术分组到达PE2时,VC标签才可见,PE2对分组的处理取决于VC标签的内容。As shown in Figure 4, taking PE1 as the source and PE2 as the destination, when PE1 sends a Layer 2 PDU to PE2, PE1 first adds a VC label to the Layer 2 payload, and then adds a tunnel label. Tunnel labels are used to determine the path of multi-protocol label technology (MPLS) packets from PE1 to PE2; only when MPLS packets reach PE2, VC labels are visible, and PE2's processing of packets depends on the content of VC labels.

无论是虚拟专用局域网服务/虚拟专线服务业务,还是二层隧道协议业务,都属于二层虚拟个人网络范畴,即将二层数据包打入另一个IP包净荷中进行传送。如果,内层数据包比较大,再加上外面的IP包开销,最终组成的数据包,很可能超过以太网的传输最大传输单元(1518,包括以太网CRC校验位)。Whether it is a virtual private area network service/virtual private line service or a layer-2 tunneling protocol service, they all belong to the category of a layer-2 virtual personal network, that is, a layer-2 data packet is packed into another IP packet payload for transmission. If the inner layer data packet is relatively large, plus the external IP packet overhead, the final formed data packet is likely to exceed the transmission maximum transmission unit (1518, including the Ethernet CRC check digit) of the Ethernet.

目前针对以上出现的问题,有如下解决办法:At present, the following solutions are available for the above problems:

一种方法是由宽带接入服务器上行接口实现分片重组业务。按照传统的数据实现,在宽带接入服务器上行接口上,完成二层数据包打入新的三层数据包中以后,发现超过该接口上配置的最大传输单元(Maximum Transmit Unit,MTU)大小,按照IP层规范,实现分片功能。而在该接口上,收到下行的数据包,如果是经过分片的数据包,也要等收齐以后,实现重组功能,再剥离外层数据包,转发到用户侧去。One method is to realize fragmentation recombination service by the uplink interface of the broadband access server. According to the traditional data implementation, on the uplink interface of the broadband access server, after the layer-2 data packet is entered into the new layer-3 data packet, it is found that the maximum transmission unit (Maximum Transmit Unit, MTU) size configured on the interface is exceeded, According to the IP layer specification, the fragmentation function is realized. On this interface, if a downlink data packet is received, if it is a fragmented data packet, the reassembly function must be realized after the fragmented data packet is received, and then the outer layer data packet is stripped and forwarded to the user side.

另一种方法是由宽带接入服务器上行接口实现Jumbo Frame。我们还可以考虑将包的大小从1,500字节修改为9,000字节(称为巨帧)。在本地网络中可以通过设置最大传输单元来设置巨帧,这可以极大地提高性能。Another method is to realize Jumbo Frame by the uplink interface of the broadband access server. We can also consider modifying the packet size from 1,500 bytes to 9,000 bytes (called jumbo frames). Jumbo frames can be set in a local network by setting the maximum transmission unit, which can greatly improve performance.

采用以上两种办法,能够实现大包在网络上的传输。但采用方法1,宽带接入服务器(BRAS)必须实现对长包的分片重组功能,严重影响传送性能。而采用方法2,一方面巨帧不是每个厂家都支持的,使用比较局限,另一方面,巨帧只能解决宽带接入服务器和路由器之间的链路问题,在整个传送线路上,并不能保证不分片重组,同样有性能问题。Using the above two methods, the transmission of large packets on the network can be realized. However, in Method 1, the Broadband Access Server (BRAS) must realize the function of fragmentation and reassembly of long packets, which seriously affects the transmission performance. However, using method 2, on the one hand, jumbo frames are not supported by every manufacturer, and the use is relatively limited. On the other hand, jumbo frames can only solve the link problem between the broadband access server and the router. There is no guarantee that fragmentation will not be reorganized, and there are also performance problems.

发明内容 Contents of the invention

本发明的目的在于提供一种二层虚拟专网业务传送的装置,通过本发明可以尽量降低分片重组的数据包数量,对二层业务采用IP业务在传输中甚至不需要分片重组,从而提高二层虚拟个人网络性能。The purpose of the present invention is to provide a device for two-layer virtual private network service transmission, through the present invention can reduce the number of fragmented and reorganized data packets as much as possible, and even do not need fragmentation and reorganization in the transmission of IP services for two-layer services, so that Improve L2 VPN performance.

本发明提供了一种用于提高二层虚拟专网业务传送性能的装置,其包括:设置模块,用于在用户侧的二层接口电路上设置最大传输单元;检测模块,用于使二层接口电路对接收到的数据包进行检测;以及转发模块,用于当接收到的数据包小于最大传输单元时,使二层接口电路转发数据包,当接收到的数据包大于最大传输单元时,使二层接口电路转发为非网际协议包的数据包,以及不转发为网际协议包的数据包且发送网间控制报文协议(ICMP)包不可到达的标识。The present invention provides a device for improving the service transmission performance of a layer-2 virtual private network, which includes: a setting module for setting the maximum transmission unit on a layer-2 interface circuit on the user side; a detection module for making the layer-2 The interface circuit detects the received data packet; and the forwarding module is used to make the layer 2 interface circuit forward the data packet when the received data packet is smaller than the maximum transmission unit, and when the received data packet is larger than the maximum transmission unit, Make the Layer 2 interface circuit forward the data packets that are not Internet Protocol packets, and the data packets that are not forwarded as Internet Protocol packets and send an Internet Control Message Protocol (ICMP) packet unreachable identifier.

在上述的二层虚拟专网业务传送的装置中,设置装置包括:接收模块,用于使源主机接收由用户侧发出的网间控制报文协议差错报文;处理模块,用于将最大发送报文段大小变为发送网间控制报文协议差错报文的用户侧的最大传输单元与网际协议数据包头以及传输控制协议数据包头之间的差,并且尝试下一个最大传输单元;以及循环模块,用于以预定时间为周期,使用户侧检测最大传输单元是否为最大。In the above-mentioned device for two-layer virtual private network service transmission, the setting device includes: a receiving module, used to enable the source host to receive the ICP error message sent by the user side; a processing module, used to send the maximum The segment size becomes the difference between the maximum transmission unit of the user side sending the IPCP error message and the IP data packet header and the transmission control protocol data packet header, and the next maximum transmission unit is tried; and the loop module , which is used to enable the user side to detect whether the maximum transmission unit is the maximum at a predetermined time period.

在上述的二层虚拟专网业务传送的装置中,对于虚拟专用局域网服务/虚拟专线服务业务,在虚拟转发类(VFI)上设置最大传输单元。In the above-mentioned device for transmitting a Layer 2 VPN service, for the VPN service/Virtual private line service, the maximum transmission unit is set on the Virtual Forwarding Class (VFI).

在上述的二层虚拟专网业务传送的装置中,对于二层隧道协议业务,在二层隧道协议组中设置最大传输单元。In the above-mentioned device for transmitting Layer 2 virtual private network services, for Layer 2 tunneling protocol services, the maximum transmission unit is set in the Layer 2 tunneling protocol group.

在上述的二层虚拟专网业务传送的装置中,对于二层隧道协议业务,从用户侧的二层隧道协议报文中获取网间控制报文协议差错报文的信息。In the above-mentioned device for transmitting a Layer 2 virtual private network service, for the Layer 2 tunneling protocol service, the information of the ICP error message is obtained from the Layer 2 tunneling protocol message at the user side.

在上述的二层虚拟专网业务传送的装置中,对于虚拟专用局域网服务/虚拟专线服务业务,从用户侧的以太网报文获取网间控制报文协议差错报文的信息。In the above-mentioned device for transmitting Layer 2 virtual private network services, for virtual private area network service/virtual private line service, the information of the ICP error message is obtained from the Ethernet message on the user side.

在上述的二层虚拟专网业务传送的装置中,从数据包的源网际协议中获取网间控制报文协议的目的网际协议地址,以及从数据包的目的网际协议地址中获取网间控制报文协议的源网际协议地址。In the above-mentioned device for two-layer virtual private network service transmission, the destination IP address of the IPCP is obtained from the source IP address of the data packet, and the IP address of the IPCP is obtained from the destination IP address of the data packet. The source IP address of the text protocol.

在上述的二层虚拟专网业务传送的装置中,从用户侧的最大传输单元中获取网间控制报文协议的最大传输单元。In the above-mentioned device for transmitting a Layer 2 virtual private network service, the maximum transmission unit of the IPCP is obtained from the maximum transmission unit of the user side.

在上述的二层虚拟专网业务传送的装置中,网间控制报文协议差错的格式包括以下信息:类型、代码、检验和、下一站网络的最大传输单元、网际协议首部、以及原始网际协议数据包中的数据。In the above-mentioned device for transmitting Layer 2 virtual private network services, the format of the ICP error includes the following information: type, code, checksum, maximum transmission unit of the next-hop network, IP header, and original IP address. Data in protocol packets.

由此,本发明可以降低分片重组的数据包数量,对二层业务采用IP业务在传输中甚至不需要分片重组,从而提高二层虚拟个人网络性能。Therefore, the present invention can reduce the number of fragmented and reassembled data packets, and even do not need fragmentation and reorganization in the transmission of IP services for layer 2 services, thereby improving the performance of the layer 2 virtual personal network.

本发明的其它特征和优点将在随后的说明书中阐述,并且,部分地从说明书中变得显而易见,或者通过实施本发明而了解。本发明的目的和其他优点可通过在所写的说明书、权利要求书、以及附图中所特别指出的结构来实现和获得。Additional features and advantages of the invention will be set forth in the description which follows, and in part will be apparent from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention may be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.

附图说明 Description of drawings

附图用来提供对本发明的进一步理解,并且构成说明书的一部分,与本发明的实施例一起用于解释本发明,并不构成对本发明的限制。在附图中:The accompanying drawings are used to provide a further understanding of the present invention, and constitute a part of the description, and are used together with the embodiments of the present invention to explain the present invention, and do not constitute a limitation to the present invention. In the attached picture:

图1是示出二层隧道协议组网图的示意图;Fig. 1 is a schematic diagram showing a network diagram of a Layer 2 tunneling protocol;

图2是示出网际协议安全隧道数据进行二层隧道协议封装之后产生的结构的结构图;Fig. 2 is a structural diagram showing the structure generated after the Internet Protocol Security Tunnel data is encapsulated by the Layer 2 Tunneling Protocol;

图3是示出组网结构的框图;Fig. 3 is a block diagram showing a networking structure;

图4是示出运营商的骨干网络的视图;FIG. 4 is a view showing an operator's backbone network;

图5是根据本发明的二层虚拟专网业务传送的方法的流程图;Fig. 5 is the flow chart of the method for two-layer virtual private network service transmission according to the present invention;

图6是根据本发明的二层虚拟专网业务传送的装置的框图;以及Fig. 6 is a block diagram of a device for transmitting a Layer 2 virtual private network service according to the present invention; and

图7是示出网间控制报文协议不可达差错报文格式的示意图;Fig. 7 is a schematic diagram showing the format of an ICP unreachable error message;

具体实施方式 Detailed ways

以下结合附图对本发明的优选实施例进行说明,应当理解,此处所描述的优选实施例仅用于说明和解释本发明,并不用于限定本发明。The preferred embodiments of the present invention will be described below in conjunction with the accompanying drawings. It should be understood that the preferred embodiments described here are only used to illustrate and explain the present invention, and are not intended to limit the present invention.

图5是根据本发明的二层虚拟专网业务传送的方法的流程图。Fig. 5 is a flowchart of a method for transmitting a Layer 2 virtual private network service according to the present invention.

下面,将参照图5描述根据本发明的二层虚拟专网业务传送的方法。Next, with reference to FIG. 5 , a method for transmitting a Layer 2 virtual private network service according to the present invention will be described.

首先,一个二层虚拟专网业务传送的过程。First, a process of Layer 2 virtual private network service transmission.

在步骤502中,在用户侧的二层接口电路上设置最大传输单元。In step 502, the maximum transmission unit is set on the Layer 2 interface circuit on the user side.

在步骤504中,二层接口电路对接收到的数据包进行检测。In step 504, the Layer 2 interface circuit detects the received data packet.

在步骤506中,当接收到的数据包小于最大传输单元时,二层接口电路转发数据包,当接收到的数据包大于最大传输单元时,二层接口电路转发为非网际协议包的数据包,以及不转发为网际协议包的数据包且发送网间控制报文协议包不可到达的标识。In step 506, when the received data packet is smaller than the maximum transmission unit, the layer 2 interface circuit forwards the data packet, and when the received data packet is larger than the maximum transmission unit, the layer 2 interface circuit forwards the data packet as a non-Internet Protocol packet , and the unreachable identifier of the data packet that is not forwarded as an Internet Protocol packet and sends an Internet Control Message Protocol packet.

可选地,步骤502包括:源主机接收由用户侧发出的网间控制报文协议差错报文;将最大发送报文段大小变为发送网间控制报文协议差错报文的用户侧的最大传输单元与网际协议数据包头以及传输控制协议数据包头之间的差,并且尝试下一个最大传输单元;以及以预定时间为周期,用户侧检测最大传输单元是否为最大。Optionally, step 502 includes: the source host receives the ICP error message sent by the user side; and changes the maximum sending segment size to the maximum size of the user side sending the ICP error message. The difference between the transmission unit and the IP data packet header and the TCP data packet header, and try the next maximum transmission unit; and the user side detects whether the maximum transmission unit is the maximum at a predetermined time period.

可选地,对于虚拟专用局域网服务/虚拟专线服务业务,在虚拟转发类上设置最大传输单元。Optionally, for the virtual private area network service/virtual private line service, the maximum transmission unit is set on the virtual forwarding class.

可选地,对于二层隧道协议业务,在二层隧道协议组中设置最大传输单元。Optionally, for the Layer 2 tunneling protocol service, the maximum transmission unit is set in the Layer 2 tunneling protocol group.

可选地,对于二层隧道协议业务,从用户侧的二层隧道协议报文中获取网间控制报文协议差错报文的信息。Optionally, for the Layer 2 Tunneling Protocol service, the information of the ICP error message is obtained from the Layer 2 Tunneling Protocol message on the user side.

可选地,对于虚拟专用局域网服务/虚拟专线服务业务,从用户侧的以太网报文获取网间控制报文协议差错报文的信息。Optionally, for the virtual private area network service/virtual private line service, the information of the ICP error message is obtained from the Ethernet message on the user side.

可选地,对于虚拟专用局域网服务/虚拟专线服务业务,从用户侧的以太网报文获取网间控制报文协议差错报文的信息。Optionally, for the virtual private area network service/virtual private line service, the information of the ICP error message is obtained from the Ethernet message on the user side.

可选地,从数据包的源网际协议中获取网间控制报文协议的目的网际协议地址,以及从数据包的目的网际协议地址中获取网间控制报文协议的源网际协议地址。Optionally, the destination IP address of the IPCP is obtained from the source IP address of the data packet, and the source IP address of the IPCP is obtained from the destination IP address of the data packet.

可选地,从用户侧的最大传输单元中获取网间控制报文协议的最大传输单元。Optionally, the maximum transmission unit of the Internet control message protocol is obtained from the maximum transmission unit of the user side.

可选地,网间控制报文协议差错的格式包括以下信息:类型、代码、检验和、下一站网络的最大传输单元、网际协议首部、以及原始网际协议数据包中的数据。Optionally, the format of the IPCP error includes the following information: type, code, checksum, MTU of the next-hop network, IP header, and data in the original IP packet.

图6是根据本发明的二层虚拟专网业务传送的装置的框图。Fig. 6 is a block diagram of a device for transmitting a Layer 2 virtual private network service according to the present invention.

下面,将参照图6描述二层虚拟专网业务传送的装置。Next, an apparatus for transmitting a Layer 2 virtual private network service will be described with reference to FIG. 6 .

在该二层虚拟专网业务传送的装置中,包括:设置模块602,用于在用户侧的二层接口电路上设置最大传输单元;检测模块604,用于使二层接口电路对接收到的数据包进行检测;以及转发模块606,用于当接收到的数据包小于最大传输单元时,使二层接口电路转发数据包,当接收到的数据包大于最大传输单元时,使二层接口电路转发为非网际协议包的数据包,以及不转发为网际协议包的数据包且发送网间控制报文协议包不可到达的标识。In the device for the two-layer virtual private network service transmission, it includes: a setting module 602, which is used to set the maximum transmission unit on the two-layer interface circuit on the user side; a detection module 604, which is used to make the two-layer interface circuit receive the The data packet is detected; and the forwarding module 606 is used to make the layer 2 interface circuit forward the data packet when the received data packet is smaller than the maximum transmission unit, and make the layer 2 interface circuit forward the data packet when the received data packet is larger than the maximum transmission unit. A data packet that is forwarded as a non-Internet Protocol packet, and a data packet that is not forwarded as an Internet Protocol packet and sends an IPCP packet is unreachable.

该设置模块602包括:接收模块,用于使源主机接收由用户侧发出的网间控制报文协议差错报文;处理模块,用于将最大发送报文段大小变为发送网间控制报文协议差错报文的用户侧的最大传输单元与网际协议数据包头以及传输控制协议数据包头之间的差,并且尝试下一个最大传输单元;以及循环模块,用于以预定时间为周期,使用户侧检测最大传输单元是否为最大。The setting module 602 includes: a receiving module, which is used to make the source host receive the ICP error message sent by the user side; a processing module, which is used to change the maximum sending message segment size to sending the Internet control message The difference between the maximum transmission unit of the user side of the protocol error message and the Internet protocol data packet header and the transmission control protocol data packet header, and try the next maximum transmission unit; Checks if the maximum transmission unit is the maximum.

可选地,对于虚拟专用局域网服务/虚拟专线服务业务,在虚拟转发类上设置最大传输单元。Optionally, for the virtual private area network service/virtual private line service, the maximum transmission unit is set on the virtual forwarding class.

可选地,对于二层隧道协议业务,在二层隧道协议组中设置最大传输单元。Optionally, for the Layer 2 tunneling protocol service, the maximum transmission unit is set in the Layer 2 tunneling protocol group.

可选地,对于二层隧道协议业务,从用户侧的二层隧道协议报文中获取网间控制报文协议差错报文的信息。Optionally, for the Layer 2 Tunneling Protocol service, the information of the ICP error message is obtained from the Layer 2 Tunneling Protocol message on the user side.

可选地,对于虚拟专用局域网服务/虚拟专线服务业务,从用户侧的以太网报文获取网间控制报文协议差错报文的信息。Optionally, for the virtual private area network service/virtual private line service, the information of the ICP error message is obtained from the Ethernet message on the user side.

可选地,从数据包的源网际协议中获取网间控制报文协议的目的网际协议地址,以及从数据包的目的网际协议地址中获取网间控制报文协议的源网际协议地址。Optionally, the destination IP address of the IPCP is obtained from the source IP address of the data packet, and the source IP address of the IPCP is obtained from the destination IP address of the data packet.

可选地,从用户侧的最大传输单元中获取网间控制报文协议的最大传输单元。Optionally, the maximum transmission unit of the Internet control message protocol is obtained from the maximum transmission unit of the user side.

可选地,网间控制报文协议差错的格式包括以下信息:类型、代码、检验和、下一站网络的最大传输单元、网际协议首部、以及原始网际协议数据包中的数据。图7是示出根据第一实施例的网间控制报文协议不可达差错报文格式的示意图。Optionally, the format of the IPCP error includes the following information: type, code, checksum, MTU of the next-hop network, IP header, and data in the original IP packet. Fig. 7 is a schematic diagram showing the format of an ICP unreachable error message according to the first embodiment.

根据本发明提供的二层虚拟专网业务传送的方法实现一个VPLS业务例子如下Realize a VPLS service example as follows according to the method for two-layer virtual private network service transmission provided by the present invention

第一步骤,在PE的二层接口电路上配置最大传输单元,其中,对于虚拟专用局域网服务/虚拟专线服务业务,在虚拟转发类上配置最大传输单元(可配置为1400bytes),保证在最大传输单元的数值加上多协议标签技术、或者IP包头以后,仍然不需要分片;The first step is to configure the maximum transmission unit on the Layer 2 interface circuit of the PE. For the virtual private area network service/virtual private line service, configure the maximum transmission unit (can be configured to 1400bytes) on the virtual forwarding class to ensure the maximum transmission unit After adding multi-protocol label technology or IP header to the value of the unit, there is still no need for fragmentation;

第二步骤,PE设备在二层接口上正常转发小于最大传输单元(1400bytes)的数据包;In the second step, the PE device normally forwards data packets smaller than the maximum transmission unit (1400bytes) on the layer 2 interface;

第三步骤,PE设备在二层接口对长于最大传输单元的IP包不进行转发,并且回应网间控制报文协议不可达。In the third step, the PE device does not forward the IP packet longer than the maximum transmission unit on the layer 2 interface, and responds that the IP packet is unreachable.

第四步骤,用户计算机收到网间控制报文协议不可达报文,修改发送数据包大小,使PE设备能够转发。In the fourth step, the user computer receives the ICP unreachable message, and modifies the size of the sent data packet so that the PE device can forward it.

第五步骤,对于虚拟专用局域网服务/虚拟专线服务中非IP包进行正常转发,并在网络侧打包。The fifth step is to normally forward the non-IP packets in the virtual private area network service/virtual private line service and pack them on the network side.

在上述方法中,路径最大传输单元指的是源主机到目的主机之间的路径的可传送最大单元的大小。其原理同样是使用设置了不许分片的IP数据包,并等待网间控制报文协议错误,来估算最大传输单元的大小,具体流程包括以下步骤:In the above method, the path MTU refers to the size of the maximum transferable unit of the path between the source host and the destination host. The principle is also to use IP data packets that are not allowed to be fragmented, and wait for an error in the Internet control packet protocol to estimate the size of the maximum transmission unit. The specific process includes the following steps:

第一步骤,当源主机接收到较新的网间控制报文协议差错报文时,就直接将自己的最大发送报文段大小修改为发送网间控制报文协议差错报文的用户侧的最大传输单元与IP头和TCP头的差值;In the first step, when the source host receives a newer ICP error message, it directly modifies its maximum sending segment size to that of the user side sending the ICP error message. The difference between the maximum transmission unit and the IP header and TCP header;

第二步骤,当源主机接收到较新的网间控制报文协议差错报文时,必须尝试下一个最大传输单元(各种不同的网络设备都有一个最大传输单元,各个最大传输单元从大到小为″65535,17914,4464,4352,1500,1492,576,296″;以及In the second step, when the source host receives a newer ICP error message, it must try the next maximum transmission unit (various network devices have a maximum transmission unit, and each maximum transmission unit starts from the maximum transmission unit to small "65535, 17914, 4464, 4352, 1500, 1492, 576, 296"; and

第三步骤,因为路由可以动态变化,所以每隔10分钟,用户侧就可以用比较大的报文来侦测一下路径最大传输单元。In the third step, because the route can be changed dynamically, the user side can use relatively large packets to detect the maximum transmission unit of the path every 10 minutes.

其中,当路由器收到一份需要分片的数据包,而在IP首部又设置了不分片(DF)的标志比特时,如果某个程序需要判断到达目的端的路途中最小最大传输单元是多少,即路径最大传输单元发现机制,那么这个差错就可以被该程序使用。Among them, when the router receives a data packet that needs to be fragmented, and the flag bit of not fragmented (DF) is set in the IP header, if a program needs to determine the minimum and maximum transmission unit on the way to the destination , that is, the path maximum transmission unit discovery mechanism, then this error can be used by the program.

并且,这种情况下的网间控制报文协议不可达差错报文格式如图5所示。在图5中,在第2个32bit字中,16~31bit可以提供下一站的最大传输单元,而不再是0。Moreover, the format of the ICP unreachable error message in this case is shown in FIG. 5 . In Fig. 5, in the second 32bit word, 16-31bit can provide the maximum transmission unit of the next station instead of 0.

在本发明公开的实施例中,还需要基于以下原理进行考虑:In the embodiments disclosed in the present invention, it is also necessary to consider based on the following principles:

首先,对于二层虚拟个人网络而言,宽带接入服务器设备作为二层隧道的起点,从原理上来说,应该透传二层数据包,原封不动的打到隧道数据包中。First of all, for a Layer 2 virtual personal network, the broadband access server device is the starting point of a Layer 2 tunnel. In principle, Layer 2 data packets should be transparently transmitted and inserted into the tunnel data packets intact.

其次,而对于二层电路来说,如果数据包超过二层电路的最大传输单元,网络设备会自动丢弃这个数据包,不作任何动作。这是数据链路层的服务决定的。Secondly, for a layer-2 circuit, if the data packet exceeds the maximum transmission unit of the layer-2 circuit, the network device will automatically discard the data packet without taking any action. This is determined by the service of the data link layer.

但是,如果网络层是IP包,则有在技术原理中描述的IP最大传输单元路径发现的手段。通过降低端系统发出数据包的大小,避免在核心网进行分片重组工作,从而提高传送数据性能。However, if the network layer is an IP packet, there is a means of IP maximum transmission unit path discovery described in Technical Principles. By reducing the size of the data packet sent by the end system and avoiding fragmentation and reassembly work in the core network, the performance of transmitting data is improved.

并且,在本发明中,宽带接入服务器设备在用户侧的二层接口上,实行了一个三层服务,对于有可能超过网络侧链路最大传输单元的数据包,返回一个网间控制报文协议不可达。Moreover, in the present invention, the broadband access server device implements a layer-3 service on the layer-2 interface on the user side, and returns an inter-network control message for data packets that may exceed the maximum transmission unit of the link on the network side Agreement unreachable.

并且,根据本实施例,还提供了一种网间控制报文协议报文设计方法。Moreover, according to this embodiment, an ICP packet design method is also provided.

由于宽带接入服务器用户侧是二层设备,没有IP地址配置,因此当采用网间控制报文协议通知用户时,网间控制报文协议中的几个关键数据考虑按照如下方式填写:Since the user side of the broadband access server is a Layer 2 device and has no IP address configuration, when the Internet Control Packet Protocol is used to notify the user, several key data in the Internet Control Packet Protocol should be considered to be filled in as follows:

1.二层数据包信息。二层数据包信息跟用户的业务相关,对于采用二层隧道协议业务的用户,从用户的二层隧道协议报文中,获得二层信息;对于采用虚拟专用局域网服务/虚拟专线服务业务的用户,从用户的以太网报文获得信息。1. Layer 2 packet information. Layer 2 data packet information is related to the user's business. For users using the Layer 2 tunneling protocol service, obtain Layer 2 information from the user's Layer 2 tunneling protocol message; for users using the VPN service/virtual private line service , to obtain information from the user's Ethernet packets.

2.三层数据包信息。网间控制报文协议目的IP地址,即用户IP地址,从数据包中的源IP获得;网间控制报文协议源IP地址,即用户访问的IP地址,从数据包中的目的IP获得;网间控制报文协议中的最大传输单元,从宽带接入服务器上配置的用户侧最大传输单元获得。2. Layer 3 packet information. The destination IP address of the Internet control message protocol, that is, the user IP address, is obtained from the source IP in the data packet; the source IP address of the Internet control message protocol, that is, the IP address accessed by the user, is obtained from the destination IP in the data packet; The maximum transmission unit in the IPCP is obtained from the user-side maximum transmission unit configured on the broadband access server.

由此,本发明可以尽量降低分片重组的数据包数量,对二层业务采用IP业务在传输中甚至不需要分片重组,从而提高二层虚拟个人网络性能。Therefore, the present invention can reduce the number of fragmented and reassembled data packets as far as possible, and even do not need fragmentation and reorganization in the transmission of IP services for Layer 2 services, thereby improving the performance of the Layer 2 virtual personal network.

以上所述仅为本发明的优选实施例而已,并不用于限制本发明,对于本领域的技术人员来说,本发明可以有各种更改和变化。凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。The above descriptions are only preferred embodiments of the present invention, and are not intended to limit the present invention. For those skilled in the art, the present invention may have various modifications and changes. Any modifications, equivalent replacements, improvements, etc. made within the spirit and principles of the present invention shall be included within the protection scope of the present invention.

Claims (9)

1. a device that is used to improve the L 2 virtual private network service conveying function is characterized in that, described device comprises:
Module is set, is used on two layer interface circuit of user side, MTU being set;
Detection module is used to make described two layer interface circuit that the packet that receives is detected; And
Forwarding module, be used for when the described packet that receives during less than described MTU, make described two layer interface circuit transmit described packet, when the described packet that receives during greater than described MTU, described two layer interface circuit are transmitted be the described packet of non-Internet protocol bag, and do not transmit the sign that described packet and transmission Internet Control Message Protocol bag for the Internet protocol bag can not arrive.
2. device according to claim 1 is characterized in that, described setting device comprises:
Receiver module is used to make source host to receive the Internet Control Message Protocol error message that is sent by described user side;
Processing module, be used for that maximum is sent the message segment size and become poor between the described MTU of the described user side that sends described Internet Control Message Protocol error message and internet protocol datagram packet header and the transmission control protocol data packet header, and attempt next described MTU; And
The circulation module, being used for the scheduled time is the cycle, whether make described user side detect described MTU is maximum.
3. device according to claim 2 is characterized in that, for virtual special local area network service/VLL service business, on virtual forwarding class described MTU is set.
4. device according to claim 2 is characterized in that, for the Layer 2 Tunneling Protocol business, described MTU is set in the Layer 2 Tunneling Protocol group.
5. device according to claim 2 is characterized in that, for the Layer 2 Tunneling Protocol business, obtains the information of described Internet Control Message Protocol error message from the Layer 2 Tunneling Protocol message of described user side.
6. device according to claim 2 is characterized in that, for virtual special local area network service/VLL service business, obtains the information of described Internet Control Message Protocol error message from the Ethernet message of described user side.
7. device according to claim 2, it is characterized in that, from the source Internet protocol of described packet, obtain the purpose internet protocol address of described Internet Control Message Protocol, and the internet protocol address, source that from the described purpose internet protocol address of described packet, obtains described Internet Control Message Protocol.
8. device according to claim 2 is characterized in that, obtains the MTU of described Internet Control Message Protocol from the described MTU of described user side.
9. device according to claim 2, it is characterized in that the form of described Internet Control Message Protocol mistake comprises following information: type, code, check and, the data in MTU, Internet protocol stem and the original internet protocol datagram bag of next stop network.
CNA2006101499597A 2006-10-19 2006-10-19 Device for Layer 2 Virtual Private Network Service Transmission Withdrawn CN101166138A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNA2006101499597A CN101166138A (en) 2006-10-19 2006-10-19 Device for Layer 2 Virtual Private Network Service Transmission

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNA2006101499597A CN101166138A (en) 2006-10-19 2006-10-19 Device for Layer 2 Virtual Private Network Service Transmission

Publications (1)

Publication Number Publication Date
CN101166138A true CN101166138A (en) 2008-04-23

Family

ID=39334623

Family Applications (1)

Application Number Title Priority Date Filing Date
CNA2006101499597A Withdrawn CN101166138A (en) 2006-10-19 2006-10-19 Device for Layer 2 Virtual Private Network Service Transmission

Country Status (1)

Country Link
CN (1) CN101166138A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102014067A (en) * 2010-12-14 2011-04-13 北京星网锐捷网络技术有限公司 Message fragment sending method, device and network equipment
CN101674306B (en) * 2009-09-03 2013-01-16 中兴通讯股份有限公司 Address resolution protocol message processing method and switch
CN106411677A (en) * 2016-09-06 2017-02-15 杭州迪普科技有限公司 Method and device for determining optimal maximum transmission unit (MTU) of virtual private network (VPN) data channel
CN114205307A (en) * 2021-12-02 2022-03-18 中国联合网络通信集团有限公司 Data packet transmission method, RLC entity and storage medium

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101674306B (en) * 2009-09-03 2013-01-16 中兴通讯股份有限公司 Address resolution protocol message processing method and switch
CN102014067A (en) * 2010-12-14 2011-04-13 北京星网锐捷网络技术有限公司 Message fragment sending method, device and network equipment
CN102014067B (en) * 2010-12-14 2012-11-21 北京星网锐捷网络技术有限公司 Message fragment sending method, device and network equipment
CN106411677A (en) * 2016-09-06 2017-02-15 杭州迪普科技有限公司 Method and device for determining optimal maximum transmission unit (MTU) of virtual private network (VPN) data channel
CN114205307A (en) * 2021-12-02 2022-03-18 中国联合网络通信集团有限公司 Data packet transmission method, RLC entity and storage medium

Similar Documents

Publication Publication Date Title
Martini et al. Encapsulation methods for transport of Ethernet over MPLS networks
AU2011244044B2 (en) Efficient encapsulation of packets transmitted on a packet-pseudowire over a Packet Switched Network
CN100558072C (en) Method, system and device for forwarding message in three-layer virtual private network
US7782841B2 (en) Method and system for transporting data using pseudowire circuits over a bridged network
CN101193064B (en) System and method for computer networking
AU2011244044A1 (en) Efficient encapsulation of packets transmitted on a packet-pseudowire over a Packet Switched Network
CN101110745A (en) Method, device and system for connecting layer-2 network and layer-3 network
EP1875668B1 (en) Scalable system method for dsl subscriber traffic over an ethernet network
JP5242702B2 (en) Circuit emulation via IP interworking VLL
CN101132365B (en) Message transparent transmission method
WO2008040203A1 (en) Method, system, and router for calculating the maximum transmission unit of the router output interface
WO2008080315A1 (en) A method, equipment and system for transmitting data
CN101325598A (en) Data encapsulation method and synchronous digital system at receiving side and sending side of transmission equipment
CN115314467A (en) Data communication system and method based on distribution network differential protection
CN100466590C (en) A method for V_Switch to transparently transmit data to realize load sharing
EP2071808B1 (en) Methods and a system and devices for ipv6 datagram transmission in the ethernet
WO2008028383A1 (en) Method for identifying the layer 3 protocol in l2vpn heterogeneous medium interconnection and the apparatus and system thereof
CN100433714C (en) A kind of IP fragmentation message transmission processing method
CN101166138A (en) Device for Layer 2 Virtual Private Network Service Transmission
US7761508B2 (en) Access device-based fragmentation and interleaving support for tunneled communication sessions
CN101166148A (en) Method for Layer 2 Virtual Private Network Service Transmission
Martini et al. Encapsulation methods for transport of PPP/high-level data link control (HDLC) over MPLS networks
WO2022179454A1 (en) Data processing method, apparatus and chip
CN102868606B (en) Method, primary route device and the system that VRRP heartbeat message sends
CN101150510B (en) A method and device for realizing GRE protocol compatibility with IPinIP protocol

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C04 Withdrawal of patent application after publication (patent law 2001)
WW01 Invention patent application withdrawn after publication