CN101707545B - Method and system for realizing private virtual local area network - Google Patents
Method and system for realizing private virtual local area network Download PDFInfo
- Publication number
- CN101707545B CN101707545B CN2009102374573A CN200910237457A CN101707545B CN 101707545 B CN101707545 B CN 101707545B CN 2009102374573 A CN2009102374573 A CN 2009102374573A CN 200910237457 A CN200910237457 A CN 200910237457A CN 101707545 B CN101707545 B CN 101707545B
- Authority
- CN
- China
- Prior art keywords
- port
- pvlan
- instance
- forwarding
- vlan
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000000034 method Methods 0.000 title claims abstract description 24
- 238000002955 isolation Methods 0.000 claims abstract description 64
- 230000002776 aggregation Effects 0.000 claims description 8
- 238000004220 aggregation Methods 0.000 claims description 8
- 230000008676 import Effects 0.000 abstract 1
- 238000004891 communication Methods 0.000 description 4
- 230000008569 process Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method for realizing a private virtual local area network, which comprises the following steps: in network equipment, binding each VLAN to a PVLAN example by adding a private virtual local area network (PVLAN) example index table entry to a virtual local area network (VLAN) table; obtaining a port set by searching a table after one port of the network equipment receives a data frame; obtaining a PVLAN example number through the PVLAN example index table entry; obtaining a port set which is allowed to be forwarded by a corresponding port in a port isolation attribute table of the PVLAN example corresponding to the PVLAN example number according to the port number of an import port of the data frame; performing an intersection operation on the port set which is allowed to be forwarded and an output port set; and forwarding according to a port number corresponding to the obtained intersection set. The invention also discloses a device for realizing the private virtual local area network, so the complexity of the PVLAN forwarding processing is reduced, and simultaneously the flexibility of PVLAN application is improved.
Description
Technical Field
The present invention relates to ethernet network communication security technologies, and in particular, to a method and system for implementing a private virtual local area network.
Background
In order to improve the security of ethernet network communication, messages between users are isolated, and Private Virtual Local Area Network (PVLAN) technology is proposed to solve this problem. In the PVLAN concept, there are three different types of security levels for switch ports: isolated port (Isolated port), Community port (Community port), hybrid port (Promisouus port).
The isolation port can only communicate with the hybrid port, and cannot exchange with the community port or other isolation ports; the community port can communicate not only with the hybrid port but also with the community port, but cannot exchange with the isolated port; data received by a hybrid port may be destined for any port within a Virtual Local Area Network (VLAN), i.e., a hybrid port, an isolated port, or a corporate port.
PVLAN is a layer 2 security mechanism, which is very effective for ensuring the security of data communication accessing the network, and users under the isolated port can only connect with their default gateway without any interaction with other gateways within the PVLAN. Since conventional layer 2 security isolation requires the assignment of a VLAN and Internet Protocol (IP) subnet for each user, PVLAN achieves the goal of saving VLAN and IP subnets while providing connectivity with layer 2 data communication security. In addition, the PVLAN function can ensure that isolated ports in the same VLAN can not communicate with each other, subdivide the broadcast domain, and effectively inhibit the mutual influence of the broadcast in the VLAN on users.
With the introduction of the concept of PVLAN, member ports in VLAN all have PVLAN attributes, and default to hybrid ports. When all member ports of a VLAN are hybrid ports, any port can communicate with each other, and the PVLAN becomes a normal VLAN. PVLAN is an extension to VLAN, which can be seen as a special case of PVLAN when all member ports are hybrid ports.
The PVLAN increases the processing complexity of the network device in layer 2 forwarding, and in order to implement the PVLAN, the network device needs to add an isolation attribute table of a port in the forwarding process. The port isolation attribute table records the forwarding relation among all member ports of the VLAN, and the specific implementation method is as follows: each member port in each VLAN holds a set of ports that are isolated from the port and/or not isolated from the port. After receiving the data frame from the VLAN member port, performing table lookup, namely: performing table look-up based on a Media Access Control (MAC) table, a multicast forwarding table and a VLAN table to obtain an output port set, and performing isolation processing according to an isolation attribute table of an input port of the data frame, namely: and removing the port isolated from the input port of the data frame from the output port set obtained by table lookup.
However, since one port of a network device may belong to a plurality of VLANs, the number of entries of the port isolation attribute table is very surprising, and it is difficult to fully implement a PVLAN based on VLANs. Currently, most network devices select a simplified PVLAN implementation, and the method is as follows: the setting of the PVLAN port isolation attribute is performed based on the port only. This implements a PVLAN that is associated only with data frame ingress and egress ports, with a greatly reduced number of entries in the port isolation attribute table, and with a more efficient forwarding process. However, there is a problem that if the port attribute is set as an isolated port, data frames of all VLANs of the port are isolated, and accurate isolation of the port from the VLAN cannot be achieved.
Disclosure of Invention
In view of this, the main object of the present invention is to provide a method and a system for implementing a private virtual local area network, which reduce the complexity of the PVLAN forwarding process and improve the flexibility of the PVLAN application.
In order to achieve the purpose, the technical scheme of the invention is realized as follows:
in a network device, a PVLAN instance index table entry is added to a VLAN table to bind each VLAN to a PVLAN instance, where the PVLAN instance is created by a user in advance according to a port isolation attribute of each VLAN, and specifically: creating a PVLAN instance for the VLANs with the same port isolation attribute, wherein each PVLAN instance has a group of port isolation attribute tables, the tables are indexed by port numbers, and the content of each table entry is the set of allowed forwarding ports of the port, and the method further comprises the following steps:
after a port of the network equipment receives the data frame, table lookup based on an MAC table, a multicast forwarding table and a VLAN table is carried out to obtain an output port set;
obtaining PVLAN instance number bound by VLAN to which the data frame belongs through the PVLAN instance index table entry, obtaining a forwarding-allowed port set of a corresponding port in a port isolation attribute table of the PVLAN instance corresponding to the PVLAN instance number according to the port number of an input port of the data frame, carrying out intersection operation with the output port set, and forwarding the data frame according to the port number corresponding to the obtained intersection.
In the above scheme, the egress port set is represented by an egress port bitmap, which specifically includes: and constructing a bitmap according to the forwarded port number of the output port, and setting the position corresponding to the port number as 1.
In the above scheme, the set of ports allowed to be forwarded is represented by a port isolation bitmap, which specifically includes: the position corresponding to the port number of the port which is allowed to be forwarded is 1, and the position corresponding to the port number of the port which is not allowed to be forwarded is 0.
In the foregoing solution, the intersection operation performed with the exit port set specifically includes: and performing logical AND operation on the obtained port isolation bitmap and the output port bitmap according to the port numbers, wherein the corresponding bit is 0 only after the port numbers in the port isolation bitmap or the output port bitmap are operated.
In the foregoing solution, when the intersection is not obtained after performing intersection operation with the exit port set, the method further includes: the network device discards the data frame.
The invention realizes a device for realizing PVLAN, which comprises:
a binding module, configured to add a PVLAN instance index entry in a VLAN table, and bind each VLAN to a PVLAN instance, where the PVLAN instance is created by a user in advance according to a port isolation attribute of each VLAN, and specifically: creating a PVLAN instance for the VLANs with the same port isolation attribute, wherein each PVLAN instance has a group of port isolation attribute tables, the tables take port numbers as indexes, and the content of each table entry is the allowed forwarding port set of the port;
an egress port aggregation module, configured to perform table lookup based on an MAC table, a multicast forwarding table, and a VLAN table after a port of the network device receives the data frame, to obtain an egress port aggregation;
the port set allowing module is used for obtaining a PVLAN instance number bound by the VLAN to which the data frame belongs according to the binding relation of the binding module after the data frame is received by one port of the network equipment, and obtaining a port set allowing the forwarding of the corresponding port in a port isolation attribute table of the corresponding PVLAN instance according to the port number of an input port of the data frame;
the operation module is used for carrying out intersection operation on the port set allowed to be forwarded and the output port set and transmitting an operation result to the forwarding module;
and the forwarding module is used for forwarding the data frame according to the port number corresponding to the intersection of the forwarding port set and the output port set in the operation result.
In the above solution, the apparatus further includes: and the discarding module is used for discarding the data frame.
In the foregoing solution, the forwarding module is further configured to notify the discarding module when the forwarding port set and the egress port set are allowed to have no intersection in the discovery operation result.
The invention provides a method and a system for realizing a private virtual local area network.A PVLAN instance index table entry is added in a VLAN table in network equipment, and each VLAN is bound to a PVLAN instance; after a port of the network equipment receives the data frame, table lookup is carried out to obtain an output port set; acquiring a PVLAN instance number through a PVLAN instance index table entry, acquiring a forwarding-allowed port set of a corresponding port in a port isolation attribute table of a PVLAN instance corresponding to the PVLAN instance number according to a port number of an input port of a data frame, performing intersection operation with an output port set, and forwarding the data frame according to the port number corresponding to the intersection; therefore, the port isolation attribute table of the existing PVLAN based on the VLAN is reduced to the port isolation attribute table based on a few PVLAN instances, and the complexity of port isolation processing is reduced; meanwhile, compared with the existing port-based PVLAN, the method has the advantages that the setting of the port isolation attribute is more flexible, different VLANs can have different settings of the port isolation attribute, and the safety of layer 2 switching is improved.
Drawings
FIG. 1 is a flow chart illustrating a method for implementing a private VLAN according to the present invention;
FIG. 2 is a diagram of an example of binding each VLAN to a PVLAN in the present invention;
fig. 3 is a schematic structural diagram of an apparatus for implementing a private vlan according to the present invention.
Detailed Description
The basic idea of the invention is: in the network equipment, each VLAN is bound to a PVLAN instance by adding a PVLAN instance index table entry in a VLAN table; after a port of the network equipment receives the data frame, table lookup based on an MAC table, a multicast forwarding table and a VLAN table is carried out to obtain an output port set; and obtaining a PVLAN instance number bound by the VLAN to which the data frame belongs through the PVLAN instance index table entry, obtaining a forwarding-allowed port set of a corresponding port in a port isolation attribute table of the PVLAN instance corresponding to the PVLAN instance number according to the port number of an input port of the data frame, performing intersection operation with the output port set, and forwarding the data frame according to the port number corresponding to the obtained intersection.
The PVLAN instance uses the VLANs with the same port isolation attribute as a set and shares a port isolation attribute table; each PVLAN instance has a set of port isolation attribute tables, and the port number of the network device is used as an index of the port isolation attribute table, and the contents of the port isolation attribute table are a port set which is allowed to be forwarded after each port receives a data frame, and the port set is called a forwarding-allowed port set.
The invention is further described in detail below with reference to the drawings and the specific embodiments.
The method for implementing the private virtual local area network of the present invention, as shown in fig. 1, includes the following steps:
step 101: in the network equipment, a plurality of PVLAN instances are created, and each VLAN is bound to one PVLAN instance by adding a PVLAN instance index table entry in a VLAN table;
specifically, as shown in fig. 2, in the network device, a user creates a plurality of PVLAN instances in advance according to the port isolation attribute of each VLAN, that is: creating a PVLAN instance aiming at the VLANs with the same port isolation attribute, creating independent PVLAN instances for other VLANs, wherein each PVLAN instance has a group of port isolation attribute tables, the tables take port numbers as indexes, and the content of each table entry is the allowed forwarding port set of the port; and adding a PVLAN instance index table entry in the VLAN table, wherein the PVLAN instance number in the PVLAN instance index table entry corresponds to the created PVLAN instance, so that each VLAN is bound to one PVLAN instance.
Step 102: after a port of the network equipment receives the data frame, table lookup based on an MAC table, a multicast forwarding table and a VLAN table is carried out to obtain an output port set;
specifically, for the ethernet switching device, the data frame may perform unicast, multicast and broadcast processing according to the switching rule, and after receiving the data frame at one port of the network device, the table lookup is performed according to the prior art, that is: performing table lookup based on the MAC table, the multicast forwarding table and the VLAN table; obtaining output ports for forwarding the data frame according to the table lookup result, wherein the output ports for forwarding the data frame may be 0, 1 or more, and the output ports for forwarding are represented as an output port set;
in this embodiment, for convenience of logical operation, the egress port set is represented by a bitmap data structure; generally, a bitmap is constructed according to the forwarded port number of the output port, the position corresponding to the port number is set to be 1, and the obtained bitmap is used as the output port bitmap;
herein, the port receiving the data frame is also referred to as an ingress port of the data frame.
Step 103: acquiring PVLAN instance numbers bound to the VLANs to which the data frames belong through the PVLAN instance index table entries, and acquiring allowed forwarding port sets of corresponding ports in a port isolation attribute table of the corresponding PVLAN instance according to port numbers of input ports of the data frames;
specifically, according to the VLAN number of the VLAN to which the data frame belongs, a PVLAN instance number bound to the VLAN to which the data frame belongs is obtained through a PVLAN instance index table entry in the VLAN table, and according to a port number of an ingress port of the data frame, a forwarding-allowed port set of a corresponding port is obtained in a port isolation attribute table of a PVLAN instance corresponding to the PVLAN instance number;
in this embodiment, for convenience of logical operation, the set of ports allowed to be forwarded is represented by a port isolation bitmap, which indicates a port isolation relationship that has been set according to PVLAN attributes of the ports; generally, in a port isolation bitmap, 0 indicates isolation, 1 indicates non-isolation, and a position corresponding to a port number of a port which is allowed to be forwarded is set to 1, and a position corresponding to a port number of a port which is not allowed to be forwarded is set to 0; such as: the PVLAN attribute of a certain port in the PVLAN instance is an isolation port, the corresponding bits of the port numbers of all the mixed ports in the port isolation bitmap are 1, and the corresponding bits of the port numbers of all the isolation ports and the community ports are 0; similarly, if a PVLAN attribute of a port in a PVLAN instance is a hybrid port, it corresponds to a port isolation bitmap that is all 1, i.e., all not isolated.
Step 104: performing intersection operation on the allowed forwarding port set and the output port set, and forwarding the data frame according to the port number corresponding to the obtained intersection;
specifically, in this embodiment, the obtained port isolation bitmap and the output port bitmap are subjected to logical and operation according to the port numbers, where only the port number in the port isolation bitmap or the output port bitmap is operated, and the corresponding bit is 0; after the operation, obtaining a new bitmap, and forwarding the data frame according to the intersection of the port isolation bitmap and the output port bitmap in the new bitmap, namely the port number corresponding to the bit 1;
further, in this step, when no intersection is obtained after the operation, that is, in this embodiment, when all bits corresponding to the port number in the new bitmap are 0, it indicates that no port can send the data frame, and the network device discards the data frame.
Based on the above method, the present invention further provides a system for implementing a private virtual local area network, as shown in fig. 3, the system includes: a binding module 31, an egress port aggregation module 32, an allowed forwarding port aggregation module 33, an operation module 34, and a forwarding module 35; wherein,
a binding module 31, configured to add a PVLAN instance index entry in the VLAN table, where a PVLAN instance number in the PVLAN instance index entry corresponds to a PVLAN instance, and bind each VLAN to one PVLAN instance;
an egress port aggregation module 32, configured to perform table lookup based on an MAC table, a multicast forwarding table, and a VLAN table after a port of the network device receives the data frame, so as to obtain an egress port aggregation;
the port set allowing module 33 is configured to, after a port of the network device receives a data frame, obtain, according to a binding relationship of the binding module, that is, through the PVLAN instance index table entry, a PVLAN instance number to which the data frame belongs, and obtain, according to a port number of an ingress port of the data frame, a port set allowing forwarding of a corresponding port in the port isolation attribute table of the corresponding PVLAN instance;
an operation module 34, configured to perform intersection operation on the allowed forwarding port set and the output port set, and transmit an operation result to the forwarding module 35;
a forwarding module 35, configured to forward the data frame according to a port number corresponding to an intersection of the forwarding port set and the egress port set in the operation result;
further, the apparatus further includes a discarding module 36 for discarding the data frame;
further, the forwarding module 35 is further configured to notify the discarding module 36 when the forwarding port set and the egress port set are allowed to have no intersection in the result of the discovery operation.
The above description is only exemplary of the present invention and should not be taken as limiting the scope of the present invention, and any modifications, equivalents, improvements, etc. that are within the spirit and principle of the present invention should be included in the present invention.
Claims (8)
1. A method for realizing private virtual local area network PVLAN is characterized in that in a network device, each VLAN is bound to a PVLAN instance by adding a PVLAN instance index table entry in a virtual local area network VLAN table, and the PVLAN instance is pre-created by a user according to a port isolation attribute of each VLAN, specifically: creating a PVLAN instance for the VLANs with the same port isolation attribute, wherein each PVLAN instance has a group of port isolation attribute tables, the tables are indexed by port numbers, and the content of each table entry is the set of allowed forwarding ports of the port, and the method further comprises the following steps:
after a port of the network equipment receives the data frame, table look-up based on a Media Access Control (MAC) table, a multicast forwarding table and a Virtual Local Area Network (VLAN) table is carried out to obtain a port set;
obtaining PVLAN instance number bound by VLAN to which the data frame belongs through the PVLAN instance index table entry, obtaining a forwarding-allowed port set of a corresponding port in a port isolation attribute table of the PVLAN instance corresponding to the PVLAN instance number according to the port number of an input port of the data frame, carrying out intersection operation with the output port set, and forwarding the data frame according to the port number corresponding to the obtained intersection.
2. The method according to claim 1, wherein the egress port set is represented by an egress port bitmap, specifically: and constructing a bitmap according to the forwarded port number of the output port, and setting the position corresponding to the port number as 1.
3. The method according to claim 2, wherein the set of allowed forwarding ports is represented by a port isolation bitmap, specifically: the position corresponding to the port number of the port which is allowed to be forwarded is 1, and the position corresponding to the port number of the port which is not allowed to be forwarded is 0.
4. The method of claim 3, wherein the intersection operation with the set of egress ports is specifically: and performing logical AND operation on the obtained port isolation bitmap and the output port bitmap according to the port numbers, wherein the corresponding bit is 0 only after the port numbers in the port isolation bitmap or the output port bitmap are operated.
5. The method of claim 1, wherein when no intersection is found after said intersection operation with the set of exit ports, the method further comprises: the network device discards the data frame.
6. An apparatus for implementing a PVLAN, the apparatus comprising:
a binding module, configured to add a PVLAN instance index entry in a VLAN table, and bind each VLAN to a PVLAN instance, where the PVLAN instance is created by a user in advance according to a port isolation attribute of each VLAN, and specifically: creating a PVLAN instance for the VLANs with the same port isolation attribute, wherein each PVLAN instance has a group of port isolation attribute tables, the tables take port numbers as indexes, and the content of each table entry is the allowed forwarding port set of the port;
an egress port aggregation module, configured to perform table lookup based on an MAC table, a multicast forwarding table, and a VLAN table after a port of the network device receives the data frame, to obtain an egress port aggregation;
the port set allowing module is used for obtaining a PVLAN instance number bound by the VLAN to which the data frame belongs according to the binding relation of the binding module after the data frame is received by one port of the network equipment, and obtaining a port set allowing the forwarding of the corresponding port in a port isolation attribute table of the corresponding PVLAN instance according to the port number of an input port of the data frame;
the operation module is used for carrying out intersection operation on the port set allowed to be forwarded and the output port set and transmitting an operation result to the forwarding module;
and the forwarding module is used for forwarding the data frame according to the port number corresponding to the intersection of the forwarding port set and the output port set in the operation result.
7. The apparatus of claim 6, further comprising:
and the discarding module is used for discarding the data frame.
8. The apparatus of claim 7, wherein the forwarding module is further configured to notify a discarding module when no intersection is allowed between the forwarding port set and the egress port set in the result of the discovery operation.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009102374573A CN101707545B (en) | 2009-11-06 | 2009-11-06 | Method and system for realizing private virtual local area network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009102374573A CN101707545B (en) | 2009-11-06 | 2009-11-06 | Method and system for realizing private virtual local area network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101707545A CN101707545A (en) | 2010-05-12 |
| CN101707545B true CN101707545B (en) | 2012-02-29 |
Family
ID=42377740
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009102374573A Expired - Fee Related CN101707545B (en) | 2009-11-06 | 2009-11-06 | Method and system for realizing private virtual local area network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101707545B (en) |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101924700B (en) * | 2010-08-09 | 2012-11-21 | 福建星网锐捷网络有限公司 | Method, device and network equipment for processing messages |
| CN102523152A (en) * | 2011-12-05 | 2012-06-27 | 北京星网锐捷网络技术有限公司 | Method and device for realizing outlet control |
| US9331872B2 (en) * | 2012-05-22 | 2016-05-03 | Cisco Technology, Inc. | Implementing PVLANs in a large-scale distributed virtual switch |
| CN102890714B (en) * | 2012-09-24 | 2015-04-15 | 华为技术有限公司 | Method and device for indexing data |
| CN105939309B (en) * | 2015-07-28 | 2019-08-06 | 杭州迪普科技股份有限公司 | A kind of virtual machine partition method and device |
| CN110708305B (en) * | 2019-09-27 | 2022-04-15 | 国家计算机网络与信息安全管理中心 | Network isolation equipment and method |
| CN110933106B (en) * | 2019-12-13 | 2022-03-22 | 迈普通信技术股份有限公司 | PVLAN isolation method and device, electronic equipment and storage medium |
| CN111181866B (en) * | 2019-12-21 | 2023-06-30 | 武汉迈威通信股份有限公司 | Port aggregation method and system based on port isolation |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1777150A (en) * | 2005-12-05 | 2006-05-24 | 杭州华为三康技术有限公司 | Method for realizing user-isolated virtual LAN and its network device |
| US7237017B1 (en) * | 2001-03-13 | 2007-06-26 | Panamsat Corporation | Micronode in a satellite based content delivery system |
| CN101119276A (en) * | 2007-08-22 | 2008-02-06 | 杭州华三通信技术有限公司 | A method and device for realizing downlink user isolation in a VLAN |
| CN101572655A (en) * | 2008-04-29 | 2009-11-04 | 华为技术有限公司 | Method and equipment for port isolation |
-
2009
- 2009-11-06 CN CN2009102374573A patent/CN101707545B/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7237017B1 (en) * | 2001-03-13 | 2007-06-26 | Panamsat Corporation | Micronode in a satellite based content delivery system |
| CN1777150A (en) * | 2005-12-05 | 2006-05-24 | 杭州华为三康技术有限公司 | Method for realizing user-isolated virtual LAN and its network device |
| CN101119276A (en) * | 2007-08-22 | 2008-02-06 | 杭州华三通信技术有限公司 | A method and device for realizing downlink user isolation in a VLAN |
| CN101572655A (en) * | 2008-04-29 | 2009-11-04 | 华为技术有限公司 | Method and equipment for port isolation |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101707545A (en) | 2010-05-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101707545B (en) | Method and system for realizing private virtual local area network | |
| KR100694296B1 (en) | System for providing 2 layer multicast switching and 3 layer multicast routing simultaneously based on virtual interface | |
| EP1924030B1 (en) | A multicast supported virtual local area network switching system and a method thereof | |
| US6167052A (en) | Establishing connectivity in networks | |
| EP2378720B1 (en) | Extranet networking method, system and device for multicast virtual private network | |
| EP1942617B1 (en) | Method, device and system for Ethernet-supported Source Specific Multicast forwarding | |
| CN106936777A (en) | Cloud computing distributed network implementation method based on OpenFlow, system | |
| CN101729355B (en) | Method for realizing particular virtual local area network and device | |
| AL-Khaffaf | Improving LAN performance based on IEEE802. 1Q VLAN switching techniques | |
| CN102045250B (en) | Forwarding method of multicast message in VPLS and service provider edge equipment | |
| CN102857429B (en) | The method and apparatus of route is carried in TRILL network | |
| CN101202706A (en) | A virtual switch system | |
| CN102710510B (en) | Information processing method, apparatus and system | |
| Komilov et al. | Improving the use of virtual lan (vlan) technology | |
| CN100479371C (en) | Method of broadcast transmitting message and an exchange equipment | |
| US20110222541A1 (en) | Network System, Edge Node, and Relay Node | |
| CN100563205C (en) | Realization method of isolating user virtual local area network and network equipment applied thereto | |
| JP2007534191A5 (en) | ||
| KR20160036182A (en) | Hybrid OpenFlow switch, system, and method for combining legacy switch protocol function and SDN function | |
| Cisco | Configuring Transparent Bridging | |
| Cisco | Configuring Transparent Bridging | |
| Cisco | Configuring Transparent Bridging | |
| Cisco | Configuring Transparent Bridging | |
| Cisco | Configuring Transparent Bridging | |
| Cisco | Configuring Transparent Bridging |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120229 Termination date: 20171106 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |