[go: up one dir, main page]

CN101883040B - Network protection method and network protection architecture - Google Patents

Network protection method and network protection architecture Download PDF

Info

Publication number
CN101883040B
CN101883040B CN200910083191.1A CN200910083191A CN101883040B CN 101883040 B CN101883040 B CN 101883040B CN 200910083191 A CN200910083191 A CN 200910083191A CN 101883040 B CN101883040 B CN 101883040B
Authority
CN
China
Prior art keywords
protection
segment
working
data frame
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN200910083191.1A
Other languages
Chinese (zh)
Other versions
CN101883040A (en
Inventor
吴少勇
魏月华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Suzhou Weiyuanshi Information Technology Co ltd
Suzhou Xineng Environmental Protection Technology Co ltd
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN200910083191.1A priority Critical patent/CN101883040B/en
Priority to PCT/CN2009/074592 priority patent/WO2010127533A1/en
Publication of CN101883040A publication Critical patent/CN101883040A/en
Application granted granted Critical
Publication of CN101883040B publication Critical patent/CN101883040B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4604LAN interconnection over a backbone network, e.g. Internet, Frame Relay
    • H04L12/462LAN interconnection over a bridge based backbone
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/22Alternate routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/28Routing or path finding of packets in data switching networks using route fault recovery
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/66Layer 2 routing, e.g. in Ethernet based MAN's

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本发明提供了一种网络保护方法及网络保护系统,在基于PBB-TE的网络中,确定出局部网络,并在确定出的局部网络中设置工作段和保护段。当该工作段路径发生故障时,只是将该工作段路径的流量切换到其保护段路径上,而不是进行全路径的切换,这样提高了故障恢复的速度,并减少了保护倒换涉及的节点。

The invention provides a network protection method and a network protection system. In a network based on PBB-TE, a partial network is determined, and a working section and a protection section are set in the determined partial network. When the path of the working section fails, only the traffic of the path of the working section is switched to the path of the protection section instead of switching over the whole path, which improves the speed of fault recovery and reduces the number of nodes involved in protection switching.

Description

一种网络保护方法及网络保护系统A network protection method and network protection system

技术领域technical field

本发明涉及网络保护技术,尤指一种基于电信级以太网技术即支持流量工程的运营商骨干桥接技术(PBB-TE,Provider Backbone Bridge TrafficEngineering)的网络保护方法及网络保护系统。The present invention relates to network protection technology, in particular to a network protection method and network protection system based on carrier-grade Ethernet technology, that is, a provider backbone bridging technology (PBB-TE, Provider Backbone Bridge Traffic Engineering) that supports traffic engineering.

背景技术Background technique

以太网技术由于其自身具有的简单、高效和低成本等特点,在局域网中得到了广泛的应用,并正迅速从局域网为主的组网技术向企业网、城域电信网和广域电信网等大范围的组网技术发展,因此,电信级的以太网技术应运而生。Due to its simplicity, high efficiency and low cost, Ethernet technology has been widely used in local area networks, and is rapidly shifting from a LAN-based networking technology to an enterprise network, a metropolitan area telecommunication network and a wide area telecommunication network. Such as the development of large-scale networking technology, therefore, the carrier-class Ethernet technology came into being.

美国电气和电子工程师协会(IEEE,Institute of Electrical and ElectronicsEngineers)提出了电信级以太网技术即PBB-TE,对应的标准为IEEE802.1Qay。PBB-TE也称为运营商骨干传送(PBT,Provider Backbone Transport)技术,是一种面向连接的以太网技术,所有流量根据地址表转发。PBB-TE技术以运营商骨干桥接(PBB,Provider Backbone Bridge,对应的标准为IEEE802.1ah)技术为基础,其核心是对PBB技术的改进,通过网络管理和控制,使以太网中的业务事实上具有连接性,以便实现保护倒换、运行、管理和维护(OAM,Operation,Administrationand Management)、服务质量(QoS,Quality of Service)、流量工程等电信网络的功能。PBB-TE技术采用外层MAC加上外层虚拟局域网(VLAN,Virtual Local Area Network)即骨干网目的MAC地址(B-DA)和骨干网VLAN ID(B-VID)进行业务转发,其转发路径是预先配置的。PBB-TE技术兼容传统以太网桥的架构,不需要对网络中间节点进行更新即可基于B-DA和B-VID对数据帧进行转发,数据帧也不需要修改,转发效率高。The Institute of Electrical and Electronics Engineers (IEEE, Institute of Electrical and Electronics Engineers) proposed a carrier-grade Ethernet technology called PBB-TE, and the corresponding standard is IEEE802.1Qay. PBB-TE, also known as Provider Backbone Transport (PBT, Provider Backbone Transport) technology, is a connection-oriented Ethernet technology, and all traffic is forwarded according to the address table. PBB-TE technology is based on Provider Backbone Bridge (PBB, Provider Backbone Bridge, the corresponding standard is IEEE802.1ah) technology. Its core is the improvement of PBB technology. Through network management and control, the business in Ethernet In order to realize the functions of protection switching, operation, administration and maintenance (OAM, Operation, Administration and Management), service quality (QoS, Quality of Service), traffic engineering and other functions of the telecommunications network. PBB-TE technology uses the outer MAC plus the outer virtual local area network (VLAN, Virtual Local Area Network), that is, the destination MAC address (B-DA) of the backbone network and the VLAN ID (B-VID) of the backbone network for service forwarding. The forwarding path is pre-configured. PBB-TE technology is compatible with the architecture of traditional Ethernet bridges. It can forward data frames based on B-DA and B-VID without updating the intermediate nodes of the network. The data frames do not need to be modified, and the forwarding efficiency is high.

为了提高网络的可靠性,基于PBB-TE的网络中采用端到端的保护机制,即端到端之间有两条隧道实体,分别为工作实体和保护实体,并采用IEEE802.1ag中的连接性故障管理(CFM,Connectivity Fault Management)机制持续地对工作实体和保护实体分别进行状态检测。当工作实体失效时,将业务自动转移到预先建立的保护实体上,这种端到端的保护机制对PBB-TE网络增加了必要的弹性。图1为现有技术基于PBB-TE的网络中端到端保护机制的结构示意图,如图1所示,在一个PBB-TE网络中,PE1和PE2为工作实体和保护实体的两端节点,工作实体的路径为PE1-P1-P2-P3-PE2,保护实体的路径为PE1-P4-P5-PE2。工作实体和保护实体预先设置有各自的VLAN。In order to improve the reliability of the network, an end-to-end protection mechanism is adopted in the PBB-TE-based network, that is, there are two tunnel entities between the end-to-end, namely the working entity and the protection entity, and the connectivity in IEEE802.1ag is adopted The fault management (CFM, Connectivity Fault Management) mechanism continuously checks the status of the working entity and the protection entity respectively. When the working entity fails, the service is automatically transferred to the pre-established protection entity. This end-to-end protection mechanism adds necessary flexibility to the PBB-TE network. FIG. 1 is a schematic structural diagram of an end-to-end protection mechanism in a PBB-TE-based network in the prior art. As shown in FIG. 1, in a PBB-TE network, PE1 and PE2 are nodes at both ends of a working entity and a protection entity. The path of the working entity is PE1-P1-P2-P3-PE2, and the path of the protection entity is PE1-P4-P5-PE2. The working entity and the protection entity are preset with respective VLANs.

当流量进入PBB-TE网络时,端节点(如图1中的节点PE1,也称为边缘节点)根据该流量中帧的入端口和VLAN等信息,将该帧封装为PBB-TE网络中的帧格式,即在原始数据帧头上再封装一层帧头。新封装的帧头中,骨干MAC地址(B-MAC)中的源MAC地址为入端节点即PE1的MAC地址,目的MAC地址为出端节点即PE2的MAC地址。此外,新的帧头中还封装了业务VLAN的标签(I-tag)和B-VID等信息,其中B-VID为选择传输的工作实体或者保护实体预先设置的VLAN。When the traffic enters the PBB-TE network, the end node (such as the node PE1 in Figure 1, also known as the edge node) encapsulates the frame as Frame format, that is, to encapsulate a layer of frame header on the original data frame header. In the newly encapsulated frame header, the source MAC address in the backbone MAC address (B-MAC) is the MAC address of the ingress node PE1, and the destination MAC address is the MAC address of the egress node PE2. In addition, information such as the tag (I-tag) and B-VID of the service VLAN is also encapsulated in the new frame header, where the B-VID is the VLAN preset by the working entity or protection entity selected for transmission.

当工作实体和保护实体都为正常状态时,PE1将流量中帧的B-VID封装为工作实体的VLAN,流量从工作实体上传输,其传输路径为PE1-P1-P2-P3-PE2,如图1所示。当工作实体发生故障时,PE1将流量中帧的B-VID封装为保护实体的VLAN,流量切换到保护实体上传输,其传输路径为PE1-P4-P5-PE2,如图2所示,图2为现有技术基于PBB-TE的网络发生保护切换后的流量示意图。When both the working entity and the protection entity are in the normal state, PE1 encapsulates the B-VID of the frame in the traffic into the VLAN of the working entity, and the traffic is transmitted from the working entity, and its transmission path is PE1-P1-P2-P3-PE2, for example Figure 1 shows. When the working entity fails, PE1 encapsulates the B-VID of the frame in the traffic into the VLAN of the protection entity, and the traffic is switched to the protection entity for transmission. The transmission path is PE1-P4-P5-PE2, as shown in Figure 2. 2 is a schematic diagram of traffic after protection switching occurs in a PBB-TE-based network in the prior art.

当流量传输到PBB-TE网络的另外一个端节点(如图1中节点PE2,也称为边缘节点)时,该出端节点将PBB-TE网络中的帧还原为普通数据帧格式后输出。When traffic is transmitted to another end node of the PBB-TE network (eg node PE2 in Figure 1, also known as an edge node), the egress node restores the frame in the PBB-TE network to a common data frame format and then outputs it.

从目前的端到端保护机制的结构来看,端到端的保护只能进行全路径保护,这样,对于工作实体和保护实体的路径都很长的情况,工作实体和保护实体同时发生故障的概率就较大,如果工作实体和保护实体同时发生故障,则端到端的流量就会丢失。对于工作实体或者保护实体的路径中某一段特别脆弱或者某一段特别重要的情况,该段的故障会导致全路径进行切换,不利于网络的优化。现有基于PBB-TE的网络中端到端保护机制架构,由于只能进行全路径保护,减缓了故障恢复的速度,而且保护倒换牵涉全路径中的所有节点,不利于网络的优化,而且降低了端到端流量的可靠性。Judging from the structure of the current end-to-end protection mechanism, end-to-end protection can only perform full-path protection. In this way, when the paths of the working entity and the protection entity are both long, the probability that the working entity and the protection entity fail at the same time If the working entity and the protection entity fail at the same time, the end-to-end traffic will be lost. For the case that a section of the path of the working entity or the protection entity is particularly vulnerable or a section is particularly important, the failure of this section will cause the entire path to be switched, which is not conducive to network optimization. The existing PBB-TE-based end-to-end protection mechanism architecture in the network can only perform full-path protection, which slows down the speed of fault recovery, and protection switching involves all nodes in the full path, which is not conducive to network optimization and reduces This ensures the reliability of end-to-end traffic.

发明内容Contents of the invention

有鉴于此,本发明的主要目的在于提供一种网络保护方法,能够提高故障恢复的速度,减少保护倒换的节点,有利于网络的优化,并且保证端到端流量的可靠性。In view of this, the main purpose of the present invention is to provide a network protection method, which can improve the speed of fault recovery, reduce the number of protection switching nodes, facilitate network optimization, and ensure the reliability of end-to-end traffic.

本发明的另一目的在于提供一种网络保护系统,能够提高故障恢复的速度,减少保护倒换的节点,有利于网络的优化,并且保证端到端流量的可靠性。Another object of the present invention is to provide a network protection system, which can improve the speed of fault recovery, reduce the number of nodes for protection switching, facilitate network optimization, and ensure the reliability of end-to-end traffic.

为达到上述目的,本发明的技术方案是这样实现的:In order to achieve the above object, technical solution of the present invention is achieved in that way:

一种网络保护方法,在基于支持流量工程的运营商骨干桥接技术PBB-TE的网络中,该方法包括以下步骤:A network protection method, in a network based on the operator's backbone bridging technology PBB-TE supporting traffic engineering, the method comprises the following steps:

在确定出的局部网络中设置工作段和保护段;Set the working segment and the protection segment in the determined local network;

判断是否通过工作段传输流量,如果是,工作段的入端节点将接收到的数据帧封装成工作段的传输格式,并通过工作段端口传输封装后的数据帧;工作段的出端节点将数据帧还原为进入工作段入端节点之前的帧信息并转发;结束本流程;Determine whether to transmit traffic through the working segment, if yes, the ingress node of the working segment encapsulates the received data frame into the transmission format of the working segment, and transmits the encapsulated data frame through the port of the working segment; the output node of the working segment will The data frame is restored to the frame information before entering the entry node of the working segment and forwarded; end this process;

如果不是,保护段的入端节点将接收到的数据帧封装成保护段的传输格式,并通过保护段端口传输封装后的数据帧;保护段的出端节点将数据帧还原为进入保护段入端节点之前的帧信息并转发。If not, the ingress node of the protection segment encapsulates the received data frame into the transmission format of the protection segment, and transmits the encapsulated data frame through the port of the protection segment; the output node of the protection segment restores the data frame to the ingress The frame information before the end node is forwarded.

根据网络的实际情况确定出所述局部网络。The partial network is determined according to the actual situation of the network.

所述工作段和保护段的端节点中,至少存在一个端节点为同一个端节点。Among the end nodes of the working segment and the protection segment, at least one of the end nodes is the same end node.

所述工作段转发流量的虚拟局域网VLAN与保护段转发流量的VLAN不同。The virtual local area network VLAN for forwarding traffic in the working segment is different from the VLAN for forwarding traffic in the protection segment.

所述判断是否通过工作段传输流量的方法包括:对工作段和保护段进行状态检测,当检测结果显示工作段和保护段均为正常,且无保护倒换请求时,被保护的流量通过工作段传输;当检测结果显示工作段发生故障,或者有其他保护倒换请求时,被保护流量通过保护段传输。The method for judging whether to transmit traffic through the working section includes: performing state detection on the working section and the protection section, and when the detection result shows that both the working section and the protection section are normal and there is no protection switching request, the protected traffic passes through the working section Transmission: When the detection result shows that the working segment fails, or there are other protection switching requests, the protected traffic is transmitted through the protection segment.

所述状态检测方法为连接性故障管理CFM机制。The state detection method is a connectivity fault management (CFM) mechanism.

所述工作段的入端节点将接收到的数据帧封装成工作段的传输格式具体包括:The inbound node of the working segment encapsulates the received data frame into the transmission format of the working segment specifically including:

将从局部网络外部收到的被保护的数据帧的骨干网VLAN ID B-VID替换为工作段的VLAN,将数据帧骨干MAC地址B-MAC中的源地址替换为工作段的入端节点的节点MAC地址,目的地址替换为工作段的出端节点的节点MAC地址。Replace the backbone network VLAN ID B-VID of the protected data frame received from outside the local network with the VLAN of the working segment, and replace the source address in the backbone MAC address B-MAC of the data frame with the entry node of the working segment Node MAC address, and the destination address is replaced with the node MAC address of the outgoing node of the working segment.

所述保护段的入端节点将接收到的数据帧封装成保护段的传输格式具体包括:The ingress node of the protection segment encapsulates the received data frame into a transmission format of the protection segment specifically including:

将从局部网络外部收到的被保护的数据帧的B-VID替换为工作段的VLAN,将数据帧B-MAC中的源地址替换为保护段的入端节点的节点MAC地址,目的地址替换为保护段的出端节点的节点MAC地址。Replace the B-VID of the protected data frame received from outside the local network with the VLAN of the working segment, replace the source address in the B-MAC of the data frame with the node MAC address of the entry node of the protection segment, and replace the destination address with Indicates the node MAC address of the outbound node of the protection segment.

一种网络保护系统,在基于支持流量工程的运营商骨干桥接技术PBB-TE的网络中,包括确定出的局部网络,并且,在确定出的局部网络中设置有工作段和保护段;A network protection system, including a determined partial network in a network based on the carrier backbone bridging technology PBB-TE supporting traffic engineering, and a working segment and a protection segment are set in the determined partial network;

当通过工作段传输流量时,工作段的入端节点将接收到的数据帧封装成工作段的传输格式,并通过工作段端口传输封装后的数据帧;工作段的出端节点将数据帧还原为进入工作段入端节点之前的帧信息并转发;When traffic is transmitted through the working segment, the ingress node of the working segment encapsulates the received data frame into the transmission format of the working segment, and transmits the encapsulated data frame through the port of the working segment; the output node of the working segment restores the data frame For the frame information before entering the entry node of the working segment and forwarding;

当通过保护段传输流量时,保护段的入端节点将接收到的数据帧封装成保护段的传输格式,并通过保护段端口传输封装后的数据帧;保护段的出端节点将数据帧还原为进入保护段入端节点之前的帧信息并转发。When transmitting traffic through the protection segment, the ingress node of the protection segment encapsulates the received data frame into the transmission format of the protection segment, and transmits the encapsulated data frame through the port of the protection segment; the output node of the protection segment restores the data frame For the frame information before entering the ingress node of the protection segment and forwarding.

所述工作段和保护段的端节点中,至少存在一个端节点为同一个端节点。Among the end nodes of the working segment and the protection segment, at least one of the end nodes is the same end node.

所述工作段转发流量的VLAN与保护段转发流量的VLAN不同。The VLAN for forwarding traffic in the working segment is different from the VLAN for forwarding traffic in the protection segment.

从本发明提供的技术方案可以看出,在基于PBB-TE的网络中,确定出局部网络,并在确定出的局部网络中设置工作段和保护段。当该工作段路径发生故障时,只是将该工作段路径的流量切换到其保护段路径上,而不是进行全路径的切换,这样提高了故障恢复的速度,并减少了保护倒换涉及的节点。本发明方案有利于网络的优化,并且保证了端到端流量的可靠性。其中,局部网络是指受保护网络中的一部分网络,可以称为局部区域,也可以称为段或者分段网络,是预先根据网络的实际情况确定出来的,比如特别脆弱或者特别重要的某些段可以设置为局部区域。本文中局部网络的保护也可以称为局部区域保护或者区域保护,也可以称为段保护或者分段保护,还可以有其他类似的名称。It can be seen from the technical solution provided by the present invention that in the PBB-TE-based network, a partial network is determined, and a working section and a protection section are set in the determined partial network. When the path of the working section fails, only the traffic of the path of the working section is switched to the path of the protection section instead of switching over the whole path, which improves the speed of fault recovery and reduces the number of nodes involved in protection switching. The solution of the invention is beneficial to the optimization of the network, and ensures the reliability of the end-to-end flow. Among them, the local network refers to a part of the network in the protected network, which can be called a local area, or a segment or a segmented network. It is determined in advance according to the actual situation of the network, such as some particularly vulnerable or important Segments can be set as local regions. In this paper, the protection of a local network may also be called local area protection or area protection, segment protection or segment protection, or other similar names.

附图说明Description of drawings

图1为现有技术基于PBB-TE的网络中端到端保护机制的结构示意图;FIG. 1 is a schematic structural diagram of an end-to-end protection mechanism in a PBB-TE-based network in the prior art;

图2为现有技术基于PBB-TE的网络发生保护切换后的流量示意图;FIG. 2 is a schematic diagram of traffic after protection switching occurs in a PBB-TE-based network in the prior art;

图3为本发明实现网络保护的方法的流程图;Fig. 3 is the flowchart of the method for realizing network protection of the present invention;

图4为本发明基于PBB-TE的网络中局部网络保护机制的结构示意图;4 is a schematic structural diagram of a local network protection mechanism in a PBB-TE-based network according to the present invention;

图5为本发明基于PBB-TE的网络发生保护切换后的流量示意图。FIG. 5 is a schematic diagram of traffic after protection switching occurs in a PBB-TE-based network according to the present invention.

具体实施方式Detailed ways

图3为本发明实现网络保护的方法的流程图,如图3所示,在基于PBB-TE的网络中,包括以下步骤:Fig. 3 is the flow chart of the method for realizing network protection of the present invention, as shown in Fig. 3, in the network based on PBB-TE, comprise the following steps:

步骤300:在确定出的局部网络中设置工作段和保护段。Step 300: Set a working segment and a protection segment in the determined partial network.

局部网络是指受保护网络中的一部分网络,可以称为局部区域,也可以称为段或者分段网络,是预先根据网络的实际情况确定出来的,比如特别脆弱或者特别重要的某些段可以设置为局部区域。本文中局部网络的保护也可以称为局部区域保护或者区域保护,也可以称为段保护或者分段保护,还可以有其他类似的名称。A partial network refers to a part of the protected network, which can be called a partial area, or a segment or a segmented network. It is determined in advance according to the actual situation of the network. For example, some segments that are particularly vulnerable or important can Set to local area. In this paper, the protection of a local network may also be called local area protection or area protection, segment protection or segment protection, or other similar names.

工作段和保护段的末端分别有两个端节点,工作段和保护段的端节点至少有一个重合即为同一个端节点。在入端节点上设置有工作段端口和保护段端口,在出端节点上设置有工作段端口和保护段端口。There are two end nodes at the ends of the working segment and the protection segment respectively, and at least one of the end nodes of the working segment and the protection segment overlaps to be the same end node. A working segment port and a protection segment port are set on the ingress node, and a working segment port and a protection segment port are set on the egress node.

工作段和保护段上的节点中预先设置流量转发的地址表,其中,为工作段转发流量的VLAN与保护段转发流量的VLAN是不同的。具体的设置方法属于本领域技术人员管用技术手段,这里不再赘述。Address tables for traffic forwarding are preset in the nodes on the working segment and the protection segment, wherein the VLAN for forwarding traffic for the working segment is different from the VLAN for forwarding traffic for the protection segment. The specific setting method belongs to technical means available to those skilled in the art, and will not be repeated here.

本步骤强调的是在基于PBB-TE的网络中,确定出需要进行保护的局部网络,并在确定出的局部网络中设置工作段和保护段。其中局部网络可以是一个或一个以上,具体数量与实际需要进行保护的情况有关。This step emphasizes that in the PBB-TE-based network, the partial network that needs to be protected is determined, and the working segment and the protection segment are set in the determined partial network. Among them, there may be one or more than one partial network, and the specific number is related to the actual situation that needs to be protected.

步骤301:判断是否通过工作段传输流量,如果是,进入步骤302,否则进入步骤304。Step 301: Determine whether traffic is transmitted through the working segment, if yes, go to step 302, otherwise go to step 304.

对工作段和保护段进行状态检测,可以采用IEEE802.1ag中的连接性故障管理(CFM,Connectivity Fault Management)机制持续地对工作段和保护段分别进行状态检测,得到工作段和保护段的检测结果。To detect the status of the working segment and the protection segment, the connectivity fault management (CFM, Connectivity Fault Management) mechanism in IEEE802. result.

根据检测结果,确定在工作段或者保护段上传输被保护的流量。当检测结果显示工作段和保护段均为正常,且无保护倒换请求时,被保护的流量在工作段上传输;当检测结果显示工作段发生故障,或者有其他保护倒换请求时,被保护流量在保护段上传输。According to the detection result, it is determined to transmit the protected traffic on the working segment or the protection segment. When the detection result shows that both the working segment and the protection segment are normal and there is no protection switching request, the protected traffic is transmitted on the working segment; when the detection result shows that the working segment is faulty or there are other protection switching requests, the protected traffic Transmit on the protection segment.

需要说明的是,本步骤中对于工作段和保护段的状态检测属于现有技术,可以采用除CFM机制以外的现有方法,并不限制本发明的保护范围。It should be noted that the status detection of the working segment and the protection segment in this step belongs to the prior art, and existing methods other than the CFM mechanism can be used, which do not limit the protection scope of the present invention.

步骤302:工作段的入端节点将接收到的数据帧封装成工作段的传输格式,并通过工作段端口传输封装后的数据帧。Step 302: The ingress node of the working segment encapsulates the received data frame into the transmission format of the working segment, and transmits the encapsulated data frame through the port of the working segment.

当数据帧进入工作段的入端节点时,将从局部网络外部收到的被保护的数据帧的B-VID替换为工作段的VLAN,将数据帧B-MAC中的源地址替换为工作段的入端节点的节点MAC地址,目的地址替换为工作段的出端节点的节点MAC地址后,通过工作段端口将数据帧发送给工作段的出端节点。When the data frame enters the ingress node of the working segment, replace the B-VID of the protected data frame received from outside the local network with the VLAN of the working segment, and replace the source address in the B-MAC of the data frame with the working segment After the node MAC address of the ingress node, the destination address is replaced with the node MAC address of the egress node of the working segment, the data frame is sent to the egress node of the working segment through the port of the working segment.

步骤303:工作段的出端节点将数据帧还原为进入工作段入端节点之前的帧信息并转发。结束本流程。Step 303: The output node of the working segment restores the data frame to the frame information before entering the in-end node of the working segment and forwards it. End this process.

当工作段的出端节点收到工作段上的数据帧时,将数据帧的B-MAC和B-VID还原为进入工作段之前的值后转发。When the output node of the working segment receives the data frame on the working segment, it restores the B-MAC and B-VID of the data frame to the values before entering the working segment and then forwards it.

步骤304:保护段的入端节点将接收到的数据帧封装成保护段的传输格式,并通过保护段端口传输封装后的数据帧。Step 304: The ingress node of the protection segment encapsulates the received data frame into the transmission format of the protection segment, and transmits the encapsulated data frame through the port of the protection segment.

当数据帧进入保护段的入端节点时,将从局部网络外部收到的被保护的数据帧的B-VID替换为工作段的VLAN,将数据帧B-MAC中的源地址替换为保护段的入端节点的节点MAC地址,目的地址替换为保护段的出端节点的节点MAC地址后,通过保护段端口将数据帧发送给保护段的出端节点。When the data frame enters the ingress node of the protection segment, replace the B-VID of the protected data frame received from outside the local network with the VLAN of the working segment, and replace the source address in the B-MAC of the data frame with the protection segment After the node MAC address of the ingress node, the destination address is replaced by the node MAC address of the egress node of the protection segment, the data frame is sent to the egress node of the protection segment through the port of the protection segment.

步骤305:保护段的出端节点将数据帧还原为进入保护段入端节点之前的帧信息并转发。Step 305: The output node of the protection segment restores the data frame to the frame information before entering the input node of the protection segment and forwards it.

当工作段的出端节点收到工作段上的数据帧时,将数据帧的B-MAC和B-VID还原为进入工作段之前的值后转发。When the output node of the working segment receives the data frame on the working segment, it restores the B-MAC and B-VID of the data frame to the values before entering the working segment and then forwards it.

对应图3所示的方法,本发明还提供一种网络保护系统,在在基于支持流量工程的运营商骨干桥接技术PBB-TE的网络中,包括确定出的局部网络,并且,在确定出的局部网络中设置有工作段和保护段;Corresponding to the method shown in FIG. 3 , the present invention also provides a network protection system, which includes the determined local network in the network based on the carrier backbone bridging technology PBB-TE supporting traffic engineering, and, in the determined A working segment and a protection segment are set in the local network;

当通过工作段传输流量时,工作段的入端节点将接收到的数据帧封装成工作段的传输格式,并通过工作段端口传输封装后的数据帧;工作段的出端节点将数据帧还原为进入工作段入端节点之前的帧信息并转发;When traffic is transmitted through the working segment, the ingress node of the working segment encapsulates the received data frame into the transmission format of the working segment, and transmits the encapsulated data frame through the port of the working segment; the output node of the working segment restores the data frame For the frame information before entering the entry node of the working segment and forwarding;

当通过保护段传输流量时,保护段的入端节点将接收到的数据帧封装成保护段的传输格式,并通过保护段端口传输封装后的数据帧;保护段的出端节点将数据帧还原为进入保护段入端节点之前的帧信息并转发。When transmitting traffic through the protection segment, the ingress node of the protection segment encapsulates the received data frame into the transmission format of the protection segment, and transmits the encapsulated data frame through the port of the protection segment; the output node of the protection segment restores the data frame For the frame information before entering the ingress node of the protection segment and forwarding.

其中,在工作段和保护段的端节点中,至少存在一个端节点为同一个端节点。而且,所述工作段转发流量的VLAN与保护段转发流量的VLAN不同。Among the end nodes of the working segment and the protection segment, at least one of the end nodes is the same end node. Moreover, the VLAN for forwarding traffic in the working segment is different from the VLAN for forwarding traffic in the protection segment.

下面结合一实施例,对本发明方法进行具体描述。The method of the present invention will be specifically described below in conjunction with an embodiment.

图4为本发明基于PBB-TE的网络中局部网络保护机制的结构示意图,如图4所示,PE1-P1-P2-P3-PE2为某基于PBB-TE技术的网络的流量传输实体,PE1和PE2为端节点。假设,P1-P2-P3为本实施例中局部网络保护的工作段,P1-P4-P3为本实施例中局部网络保护的保护段,工作段和保护段有相同的端节点P1和P3。数据帧从PE1节点向基于PBB-TE技术的网络中传输时,数据帧的B-MAC中的源地址为PE1的节点MAC地址,目的地址为PE2的节点MAC地址,B-VID为该流量传输实体上预先配置的VLAN(这里假设为VID1)。Figure 4 is a schematic structural diagram of the local network protection mechanism in the PBB-TE-based network of the present invention. As shown in Figure 4, PE1-P1-P2-P3-PE2 is a traffic transmission entity of a network based on PBB-TE technology, PE1 and PE2 as end nodes. Assume that P1-P2-P3 is the working segment of the local network protection in this embodiment, and P1-P4-P3 is the protection segment of the local network protection in this embodiment, and the working segment and the protection segment have the same end nodes P1 and P3. When the data frame is transmitted from the PE1 node to the network based on PBB-TE technology, the source address in the B-MAC of the data frame is the node MAC address of PE1, the destination address is the node MAC address of PE2, and the B-VID is the traffic transmission The pre-configured VLAN on the entity (assumed to be VID1 here).

当检测结果显示工作段上的路径为正常时,数据帧在工作段的入端节点P1被重新封装,帧的B-MAC中的源地址被替换为P1的节点MAC地址,目的地址被替换成P3的节点MAC地址,B-VID被替换为该工作段上配置的VLAN(假设为VID2),其中VID1和VID2可以相同也可以不相同。之后,将封装得到的流量向工作段的出端节点发送。当数据帧传输到工作段的出端节点P3后,数据帧还原为进入局部网络之前的帧信息,即数据帧的B-MAC中的源地址还原为PE1的节点MAC地址,目的地址还原为PE2的节点MAC地址,B-VID还原为流量传输实体上配置的VID1。When the detection result shows that the path on the working segment is normal, the data frame is re-encapsulated at the ingress node P1 of the working segment, the source address in the B-MAC of the frame is replaced with the node MAC address of P1, and the destination address is replaced with The node MAC address and B-VID of P3 are replaced by the VLAN (assumed to be VID2) configured on the working segment, wherein VID1 and VID2 may or may not be the same. Afterwards, the encapsulated traffic is sent to the egress node of the working segment. After the data frame is transmitted to the output node P3 of the working segment, the data frame is restored to the frame information before entering the local network, that is, the source address in the B-MAC of the data frame is restored to the node MAC address of PE1, and the destination address is restored to PE2 The MAC address of the node, and the B-VID is restored to the VID1 configured on the traffic transmission entity.

当检测结果显示工作段发生故障,或者存在其他保护倒换请求时,将被保护的流量切换到保护段上进行传输。如图5所示,图5为本发明基于PBB-TE的网络发生保护切换后的流量示意图。数据帧在保护段的入端节点P1被重新封装,数据帧的B-MAC中的源地址被替换为P1的节点MAC地址,目的地址被替换为保护段的出端节点P3的节点MAC地址,B-VID则被替换为保护段上预先配置的VLAN(假设为VID3),之后,将封装得到的流量向保护段的出端节点发送。当数据帧传输到保护段的出端节点后,数据帧被还原为进入局部网络之前的帧信息,即数据帧的B-MAC中的源地址还原为PE1的节点MAC地址,目的地址还原为PE2的节点MAC地址,B-VID还原为该传输实体上配置的VID1。When the detection result shows that the working segment fails, or there are other protection switching requests, the protected traffic is switched to the protection segment for transmission. As shown in FIG. 5 , FIG. 5 is a schematic diagram of traffic after protection switching occurs in the PBB-TE-based network of the present invention. The data frame is re-encapsulated at the ingress node P1 of the protection segment, the source address in the B-MAC of the data frame is replaced with the node MAC address of P1, and the destination address is replaced with the node MAC address of the egress node P3 of the protection segment, The B-VID is replaced with the pre-configured VLAN on the protection segment (assumed to be VID3), and then the encapsulated traffic is sent to the egress node of the protection segment. After the data frame is transmitted to the output node of the protection segment, the data frame is restored to the frame information before entering the local network, that is, the source address in the B-MAC of the data frame is restored to the node MAC address of PE1, and the destination address is restored to PE2 The MAC address of the node, the B-VID is restored to the VID1 configured on the transport entity.

以上所述,仅为本发明的较佳实施例而已,并非用于限定本发明的保护范围。The above descriptions are only preferred embodiments of the present invention, and are not intended to limit the protection scope of the present invention.

Claims (9)

1. A network protection method, in a network based on a provider backbone bridging technology PBB-TE supporting traffic engineering, the method comprising the steps of:
setting a working section and a protection section in the determined local network; the local network is a part of a protected network;
judging whether the flow is transmitted through the working section, if so, encapsulating the received data frame into a transmission format of the working section by an input end node of the working section, and transmitting the encapsulated data frame through a port of the working section; the data frame is restored to the frame information before entering the working section input end node by the output end node of the working section and is forwarded; ending the flow;
if not, the ingress node of the protection segment encapsulates the received data frame into a transmission format of the protection segment, and transmits the encapsulated data frame through the protection segment port; the data frame is restored to the frame information before entering the protection section input end node by the output end node of the protection section and is forwarded; wherein,
the encapsulating, by the ingress node of the working segment, the received data frame into the transmission format of the working segment specifically includes: replacing a backbone network VLAN ID B-VID of a protected data frame received from the outside of a local network with a VLAN of a working section, replacing a source address in a backbone MAC address B-MAC of the data frame with a node MAC address of an input end node of the working section, and replacing a destination address with a node MAC address of an output end node of the working section;
the encapsulating, by the ingress node of the protection segment, the received data frame into the transmission format of the protection segment specifically includes: the method comprises the steps of replacing the B-VID of a protected data frame received from the outside of a local network with the VLAN of a working section, replacing the source address in the B-MAC of the data frame with the node MAC address of an input end node of the protection section, and replacing the destination address with the node MAC address of an output end node of the protection section.
2. The network protection method according to claim 1, wherein the local network is determined according to an actual condition of the network.
3. The network protection method of claim 1, wherein at least one of the end nodes of the working segment and the protection segment is the same end node.
4. The method of claim 1, wherein the VLAN of the working segment forwarding traffic is different from the VLAN of the protection segment forwarding traffic.
5. The network protection method according to claim 1, wherein the method for determining whether to transmit traffic through the working segment comprises: detecting the states of the working section and the protection section, and transmitting the protected flow through the working section when the detection result shows that the working section and the protection section are normal and no protection switching request exists; when the detection result shows that the working section has a fault or other protection switching requests exist, the protected traffic is transmitted through the protection section.
6. The network protection method according to claim 1, wherein the status detection method is a Connectivity Fault Management (CFM) mechanism.
7. A network protection system is characterized in that a network based on an operator backbone bridging technology PBB-TE supporting traffic engineering comprises a determined local network, and a working section and a protection section are arranged in the determined local network; the local network is a part of a protected network;
when the flow is transmitted through the working section, the input end node of the working section encapsulates the received data frame into a transmission format of the working section, and transmits the encapsulated data frame through the port of the working section; the data frame is restored to the frame information before entering the working section input end node by the output end node of the working section and is forwarded;
when the flow is transmitted through the protection section, the input end node of the protection section encapsulates the received data frame into a transmission format of the protection section, and transmits the encapsulated data frame through the port of the protection section; the data frame is restored to the frame information before entering the protection section input end node by the output end node of the protection section and is forwarded; wherein,
the encapsulating, by the ingress node of the working segment, the received data frame into the transmission format of the working segment specifically includes: replacing a backbone network VLAN ID B-VID of a protected data frame received from the outside of a local network with a VLAN of a working section, replacing a source address in a backbone MAC address B-MAC of the data frame with a node MAC address of an input end node of the working section, and replacing a destination address with a node MAC address of an output end node of the working section;
the encapsulating, by the ingress node of the protection segment, the received data frame into the transmission format of the protection segment specifically includes: the method comprises the steps of replacing the B-VID of a protected data frame received from the outside of a local network with the VLAN of a working section, replacing the source address in the B-MAC of the data frame with the node MAC address of an input end node of the protection section, and replacing the destination address with the node MAC address of an output end node of the protection section.
8. The network protection system of claim 7, wherein at least one of the end nodes of the working segment and the protection segment is the same end node.
9. The network protection system of claim 7, wherein the VLAN for which the working segment forwards traffic is different from the VLAN for which the protection segment forwards traffic.
CN200910083191.1A 2009-05-05 2009-05-05 Network protection method and network protection architecture Expired - Fee Related CN101883040B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN200910083191.1A CN101883040B (en) 2009-05-05 2009-05-05 Network protection method and network protection architecture
PCT/CN2009/074592 WO2010127533A1 (en) 2009-05-05 2009-10-23 Network protection method and network protection framework

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN200910083191.1A CN101883040B (en) 2009-05-05 2009-05-05 Network protection method and network protection architecture

Publications (2)

Publication Number Publication Date
CN101883040A CN101883040A (en) 2010-11-10
CN101883040B true CN101883040B (en) 2014-12-31

Family

ID=43049939

Family Applications (1)

Application Number Title Priority Date Filing Date
CN200910083191.1A Expired - Fee Related CN101883040B (en) 2009-05-05 2009-05-05 Network protection method and network protection architecture

Country Status (2)

Country Link
CN (1) CN101883040B (en)
WO (1) WO2010127533A1 (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101123570A (en) * 2006-08-09 2008-02-13 华为技术有限公司 Data forwarding method and system between multiple carrier Ethernets

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7986640B2 (en) * 2006-07-05 2011-07-26 Cisco Technology, Inc. Technique for efficiently determining acceptable link-based loop free alternates in a computer network
US7920466B2 (en) * 2007-01-11 2011-04-05 Cisco Technology, Inc. Protection of hierarchical tunnel head-end nodes
CN101227399B (en) * 2008-01-31 2012-11-07 华为技术有限公司 Message transmission method, system and forwarding node

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101123570A (en) * 2006-08-09 2008-02-13 华为技术有限公司 Data forwarding method and system between multiple carrier Ethernets

Also Published As

Publication number Publication date
WO2010127533A1 (en) 2010-11-11
CN101883040A (en) 2010-11-10

Similar Documents

Publication Publication Date Title
US8018841B2 (en) Interworking an ethernet ring network and an ethernet network with traffic engineered trunks
US8305938B2 (en) Interworking an ethernet ring network with a spanning tree controlled ethernet network
US9106573B2 (en) In-band signaling for point-multipoint packet protection switching
US9338052B2 (en) Method and apparatus for managing the interconnection between network domains
US7782763B2 (en) Failure protection in a provider backbone bridge network using forced MAC flushing
US20120106321A1 (en) Method and device for conveying traffic in a network
US9019973B1 (en) Static MAC address propagation in multipoint network services
CN101953120A (en) Management of topology changes in Layer 2 networks
CN101997713A (en) Method for realizing Ethernet path protection switching
US7646732B2 (en) Full mesh status monitor
JP5521035B2 (en) Method and system for joint detection of partial Ethernet segment protection
US8738960B2 (en) Local protection method of ethernet tunnel and sharing node of work sections of protection domain
CN101888323B (en) Ethernet ring network-based PBB-TE protection method
WO2011011934A1 (en) Method and apparatus for ethernet tunnel segmentation protection
CN101997754A (en) Switching method and system in section protection
CN101883040B (en) Network protection method and network protection architecture
CN102064998B (en) Ethernet path protection switching method and system
CN102195794A (en) Quick switching method and device for path protection of Ethernet
WO2010111957A1 (en) Method and system for realizing test based on media access control address and terminating conditions
US20140112204A1 (en) Method and system for support of spanning tree peering and tunneling in a flood domain

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20201202

Address after: 215400, No. 33, No. 305, lotus garden, floating town, Suzhou City, Jiangsu, Taicang

Patentee after: SUZHOU KUNYANG MACHINERY TECHNOLOGY Co.,Ltd.

Address before: 518000 Baoan District Xin'an street, Shenzhen, Guangdong, No. 625, No. 625, Nuo platinum Plaza,

Patentee before: SHENZHEN SHANGGE INTELLECTUAL PROPERTY SERVICE Co.,Ltd.

Effective date of registration: 20201202

Address after: 518000 Baoan District Xin'an street, Shenzhen, Guangdong, No. 625, No. 625, Nuo platinum Plaza,

Patentee after: SHENZHEN SHANGGE INTELLECTUAL PROPERTY SERVICE Co.,Ltd.

Address before: 518057 Nanshan District Guangdong high tech Industrial Park, South Road, science and technology, ZTE building, Ministry of Justice

Patentee before: ZTE Corp.

CP01 Change in the name or title of a patent holder

Address after: No.305, building 33, Hechi garden, Fuqiao Town, Taicang City, Jiangsu Province

Patentee after: Suzhou Kunyang Environmental Protection Technology Co.,Ltd.

Address before: No.305, building 33, Hechi garden, Fuqiao Town, Taicang City, Jiangsu Province

Patentee before: SUZHOU KUNYANG MACHINERY TECHNOLOGY Co.,Ltd.

CP01 Change in the name or title of a patent holder
CP02 Change in the address of a patent holder
CP02 Change in the address of a patent holder

Address after: 215400 No.6 Binhai Road, petrochemical District, taicanggang Port Development Zone, Suzhou City, Jiangsu Province

Patentee after: Suzhou Kunyang Environmental Protection Technology Co.,Ltd.

Address before: No.305, building 33, Hechi garden, Fuqiao Town, Taicang City, Jiangsu Province

Patentee before: Suzhou Kunyang Environmental Protection Technology Co.,Ltd.

TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20211215

Address after: Room 01, building 13, No.1, Zhaoyan Road, Shaxi Town, Taicang City, Jiangsu Province

Patentee after: Suzhou Xineng Environmental Protection Technology Co.,Ltd.

Patentee after: Suzhou suiliang Information Technology Co.,Ltd.

Address before: 215400 No.6 Binhai Road, petrochemical District, taicanggang Port Development Zone, Suzhou City, Jiangsu Province

Patentee before: Suzhou Kunyang Environmental Protection Technology Co.,Ltd.

TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20230607

Address after: Room 01, building 13, No.1, Zhaoyan Road, Shaxi Town, Taicang City, Jiangsu Province

Patentee after: Suzhou Xineng Environmental Protection Technology Co.,Ltd.

Patentee after: Suzhou Weiyuanshi Information Technology Co.,Ltd.

Address before: Room 01, building 13, No.1, Zhaoyan Road, Shaxi Town, Taicang City, Jiangsu Province

Patentee before: Suzhou Xineng Environmental Protection Technology Co.,Ltd.

Patentee before: Suzhou suiliang Information Technology Co.,Ltd.

CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20141231