[go: up one dir, main page]

CN1254059C - Method of realizing special multiple-protocol label exchanging virtual network - Google Patents

Method of realizing special multiple-protocol label exchanging virtual network Download PDF

Info

Publication number
CN1254059C
CN1254059C CNB021552487A CN02155248A CN1254059C CN 1254059 C CN1254059 C CN 1254059C CN B021552487 A CNB021552487 A CN B021552487A CN 02155248 A CN02155248 A CN 02155248A CN 1254059 C CN1254059 C CN 1254059C
Authority
CN
China
Prior art keywords
vpn
mpls vpn
mpls
implementation method
private network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CNB021552487A
Other languages
Chinese (zh)
Other versions
CN1507230A (en
Inventor
曹学贵
马绍文
涂伯颜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CNB021552487A priority Critical patent/CN1254059C/en
Publication of CN1507230A publication Critical patent/CN1507230A/en
Application granted granted Critical
Publication of CN1254059C publication Critical patent/CN1254059C/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本发明涉及数据交换领域。一种MPLS VPN的实现方法,其特征在于包括以下步骤:a.将策略配置到设备;b.出口VPN边缘侧设备(Egress PE)将相关信息发送到入口VPN边缘侧设备(Ingress PE);c.Ingress PE对收到的路由,和策略进行匹配,若成功,进入步骤d,否则丢弃;d.建立策略路由表项并保存到策略路由中;e.根据策略查找外层隧道,并将报文转发到Exgress PE侧。本发明可以根据业务的特点来选择隧道,保证业务的服务质量能达到客户的要求,另外可以根据私网业务的需要,动态的建立MPLS TE的LSP,满足用户的需要。

Figure 02155248

The invention relates to the field of data exchange. A method for implementing an MPLS VPN, characterized in that it comprises the following steps: a. strategy is configured to equipment; b. the egress VPN edge side equipment (Egress PE) sends relevant information to the entrance VPN edge side equipment (Ingress PE); c .Ingress PE matches the received route with the policy. If successful, go to step d, otherwise discard; d. Create a policy routing table entry and save it in the policy route; e. Search for the outer layer tunnel according to the policy, and report The file is forwarded to the Exgress PE side. The present invention can select the tunnel according to the characteristics of the business to ensure that the service quality of the business can meet the customer's requirements, and can dynamically establish the MPLS TE LSP according to the needs of the private network business to meet the needs of the users.

Figure 02155248

Description

一种多协议标签交换虚拟专用网的实现方法A Realization Method of Multi-protocol Label Switching Virtual Private Network

技术领域technical field

本发明涉及数据交换领域,尤其涉及一种在多协议标签交换中,实现虚拟专用网的方法。The invention relates to the field of data exchange, in particular to a method for realizing a virtual private network in multi-protocol label switching.

技术背景technical background

MPLS的最早原型是90年代中期由Ipsilon公司率先推出的IPSwitching协议,其目的主要是解决ATM交换机如何更好地支持IP,该协议使ATM交换机成为一台路由器,因而具有ATM交换机的高性能,突破了传统路由器的性能限制。继之Cisco推出Tag Switching,IBM推出Aggregate Route-based IP Switch(ARIS)等。当时路由器厂家实现标记交换的目的是为了解决IP路由查找不能达到线速的问题(因为IP路由查找采用的是最长地址匹配的方式,在路由器端口速度达到155M或622M时软件查找会有困难)。这些早期不同厂家的标签交换的实现存在互通问题,所以在1997年IETF成立一个负责标记交换标准化的工作组---MPLS工作组。它独立于各个设备实现厂家。现有的MPLS相关协议和草案基本上来自于这个工作组和它后来派生出来的流量工程工作组和MPLS VPN工作组。The earliest prototype of MPLS is the IPSwitching protocol first launched by Ipsilon in the mid-1990s. Its purpose is mainly to solve how ATM switches can better support IP. It overcomes the performance limitations of traditional routers. Following Cisco launched Tag Switching, IBM launched Aggregate Route-based IP Switch (ARIS) and so on. At that time, the purpose of router manufacturers to implement label switching was to solve the problem that IP routing search could not reach the wire speed (because IP routing search used the longest address matching method, software search would be difficult when the router port speed reached 155M or 622M) . There are interoperability problems in the implementation of label switching of these early different manufacturers, so in 1997, IETF established a working group responsible for label switching standardization --- MPLS working group. It is independent of each device implementation vendor. The existing MPLS-related protocols and drafts basically come from this working group and its derived traffic engineering working group and MPLS VPN working group.

随着网络处理器技术的迅速发展,2.5G甚至10G的端口的路由线速查找都已经不成问题,MPLS应用也逐步转向MPLS流量工程和MPLS VPN等。在IP网中,MPLS流量工程技术成为一种主要的管理网络流量、减少拥塞、一定程度上保证IP网络QoS的重要工具。在解决企业互连,提供各种新业务方面,MPLS VPN也越来越被运营商看好,成为在IP网络运营商提供增值业务的重要手段!采用MPLS VPN技术可以把现有的IP网络分解成逻辑上隔离的网络,这种逻辑上隔离的网络的应用可以是千变万化的:可以是用在解决企业单独互连、政府相同/不同办事部门的单独互连、也可以用来提供新的业务---如为IP电话业务专门开辟一个VPN、以此解决IP网络地址不足、QoS保证、以及开展新业务等应用。With the rapid development of network processor technology, it is no longer a problem to search for routes at 2.5G or even 10G ports at line speed, and MPLS applications are gradually turning to MPLS traffic engineering and MPLS VPN. In an IP network, MPLS traffic engineering technology has become an important tool for managing network traffic, reducing congestion, and ensuring IP network QoS to a certain extent. In terms of solving enterprise interconnection and providing various new services, MPLS VPN is also more and more favored by operators, and has become an important means for IP network operators to provide value-added services! The use of MPLS VPN technology can decompose the existing IP network into logically isolated networks. The application of this logically isolated network can be varied: it can be used to solve the problem of separate interconnection of enterprises and the same/different government departments. Separate interconnection can also be used to provide new services—such as opening a VPN for IP telephone services, so as to solve the shortage of IP network addresses, QoS guarantee, and develop new services and other applications.

MPLS VPN最初的方案是采用LSP作为外层隧道承载VPN私网信息。由于MPLS大规模的推广还需要时间,现在一些MPLS最新的技术可以利用现在internet网上设备提供的GRE、IPSEC等隧道作为外层隧道。同时由于MPLS TE的技术成熟,在PE之间可以建立不同属性(主要指带宽)的LSP。这样在多种外层隧道(包括LSP、GRE等),和不同的LSP(TE可以在相同源和目的之间建立路径不同/带宽不同的LSP)。这样在这些外层隧道之间就存在一个如何选择的问题。The original solution of MPLS VPN is to use LSP as the outer layer tunnel to carry VPN private network information. Since the large-scale promotion of MPLS still needs time, some of the latest MPLS technologies can use the GRE, IPSEC and other tunnels provided by the devices on the Internet as the outer layer tunnels. At the same time, due to the mature technology of MPLS TE, LSPs with different attributes (mainly referring to bandwidth) can be established between PEs. In this way, various outer layer tunnels (including LSP, GRE, etc.) and different LSPs (TE can establish LSPs with different paths/bandwidths between the same source and destination). There is a problem of how to choose between these outer layer tunnels like this.

1.MPLS VPN包含两种:BGP/MPLS VPN和L2VPN:1. MPLS VPN includes two types: BGP/MPLS VPN and L2VPN:

BGP(Border Gateway Protocol,边界网关协议)/MPLS VPN是E.Rosen和Y.Rekhter在1999年提出的,形成RFC2547。它是一种运营商提供的VPN(Provider Provide VPN,简称PP VPN),VPN设备位于网络侧,由运营商为用户提供VPN服务,用户设备不需要感知VPN,只要连接到运营商提供的PE设备。BGP (Border Gateway Protocol, Border Gateway Protocol)/MPLS VPN was proposed by E. Rosen and Y. Rekhter in 1999, forming RFC2547. It is a VPN (Provider Provide VPN, PP VPN for short) provided by the operator. The VPN device is located on the network side, and the operator provides VPN services for the user. The user equipment does not need to be aware of the VPN, as long as it is connected to the PE device provided by the operator. .

如图1所示,BGP/MPLS VPN模型中,包括三个组成部份:CE,PE和P路由器。As shown in Figure 1, the BGP/MPLS VPN model includes three components: CE, PE and P router.

CE(Custom Edge)设备:是用户网络中的一个组成部分,有接口直接与服务提供商相连,一般是路由器。CE“感知”不到VPN的存在。CE (Custom Edge) equipment: It is an integral part of the user network, and has an interface directly connected to the service provider, usually a router. CE does not "perceive" the existence of VPN.

PE(Provider Edge)路由器:即运营商边缘路由器,是运营商网络的边缘设备,与用户的CE直接相连。MPLS网络中,对VPN的所有处理都发生在PE路由器上。PE (Provider Edge) router: the operator's edge router, which is the edge device of the operator's network and is directly connected to the user's CE. In an MPLS network, all VPN processing occurs on PE routers.

P(Provider)路由器:运营商网络中的骨干路由器,不和CE直接相连。P路由器需要具有MPLS基本转发能力。P (Provider) router: the backbone router in the carrier network, not directly connected to CE. The P router needs to have the basic MPLS forwarding capability.

CE和PE的划分主要是从运营商与用户的管理范围来划分的,CE和PE是两者管理范围的边界。The division of CE and PE is mainly based on the management scope of operators and users. CE and PE are the boundaries of the management scope of the two.

CE与PE之间使用E-BGP或是IGP路由协议交换路由信息,也可以使用静态路由。CE不必支持MPLS或对VPN有感知。CE and PE use E-BGP or IGP routing protocol to exchange routing information, and static routing can also be used. CE does not have to support MPLS or be aware of VPN.

1.通过BGP发布VPN路由信息1. Publish VPN routing information through BGP

PE通过获得CE的路由信息后,通过IBGP会话来交换路由。Ingress PE节点在收到egress PE发来的VPN路由信息(携带有私网的内层标签)后,查找是否有从ingress PE到egress PE的隧道存在,如果有,则这个私网路由的转发项就可以生成了PEs exchange routes through IBGP sessions after obtaining routing information from CEs. After the Ingress PE node receives the VPN routing information (carrying the inner layer label of the private network) sent by the egress PE, it checks whether there is a tunnel from the ingress PE to the egress PE. If so, the forwarding item of the private network route can be generated

2.VPN报文的转发2. Forwarding of VPN packets

VPN报文转发使用两层标签方式(这是以LSP为隧道的情况,已GRE等为外层隧道,则只需要内层标签)。第一层(外层)标签在骨干网内部进行交换,代表了从PE到对端PE的一条LSP,VPN报文利用这层标签,就可以沿着LSP到达对端PE。从对端PE到达CE时使用第二层(内层)标签,内层标签指示了报文到达哪个Site,或者更具体一些,到达哪一个CE。这样,根据内层标签,就可以找到转发报文的接口。VPN message forwarding uses two layers of labels (this is the case when LSP is used as the tunnel, and if GRE is used as the outer layer tunnel, only the inner layer label is required). The first layer (outer layer) label is exchanged inside the backbone network, which represents an LSP from the PE to the peer PE. VPN packets can reach the peer PE along the LSP by using this layer of labels. The second layer (inner layer) label is used when reaching the CE from the peer PE. The inner layer label indicates which Site the packet reaches, or more specifically, which CE it reaches. In this way, according to the inner label, the interface for forwarding the packet can be found.

1.L2VPN1. L2VPN

MPLS L2VPN有三种实现方法:CCC方式、Martini方式、Kompella方式,三种方式各有其特点。There are three implementation methods of MPLS L2VPN: CCC method, Martini method, and Kompella method, each of which has its own characteristics.

CCC模式:CCC mode:

CCC(Circuit Cross Connect)方式可以在两条PE-CE连接之间通过网管或命令行配置透明的连接。通过这种方式,源CE分组可以被发送到目的CE中去,最多只有二层地址被改变了,而不会有其它任何处理。这种方式报文在转发的时候,只有一层标签,不需要隧道。The CCC (Circuit Cross Connect) method can configure a transparent connection between two PE-CE connections through the network management or command line. In this way, the source CE group can be sent to the destination CE, and at most only the layer 2 address is changed without any other processing. When packets are forwarded in this way, there is only one layer of labels and no tunnel is required.

Kompella模式:Kompella mode:

这种方式的二层VPN和RFC2547定义的三层BGP/MPLS VPN很相似,所以对于习惯于RFC2547的人员来说,很容易理解这种方式的二层VPN。This type of Layer 2 VPN is very similar to the Layer 3 BGP/MPLS VPN defined by RFC2547, so it is easy for those who are accustomed to RFC2547 to understand this type of Layer 2 VPN.

象BGP/MPLS VPN一样,各个PE之间通过建立的IBGP会话,可自动发现二层VPN的各个站点。在初始时已经为各CE分配了标签块,通过特定算法可以自动计算出每条连接所需要的标签。二层VPN信息是通过对扩展的BGP在PE之间传播。据此,通过MPLS LSP实现转发Like BGP/MPLS VPN, each PE can automatically discover each site of Layer 2 VPN through the established IBGP session. Label blocks have been assigned to each CE at the beginning, and the labels required for each connection can be automatically calculated through a specific algorithm. Layer 2 VPN information is transmitted between PEs through extended BGP. Accordingly, forwarding is realized through MPLS LSP

Martini模式:Martini mode:

这种方式遵循草案draft-martini-12circuit-trans-mpls,使用LDP作为传递VC信息的信令。相对Kompella方式,它配置、实现相对简单,没有VPN的概念,只是提供二层链路的连接性,易于理解。This method follows the draft draft-martini-12circuit-trans-mpls, and uses LDP as the signaling for transmitting VC information. Compared with the Kompella method, its configuration and implementation are relatively simple. There is no concept of VPN, and it only provides the connectivity of Layer 2 links, which is easy to understand.

在Martini方式中,PE之间将建立LDP的remote session,PE为CE之间的每条连接分配一个VC标签。二层VPN信息将携带着VC标签,通过LDP建立的LSP转发到remote session的对端PE。这样实际上在普通的LSP上建立了一条VCLSP。In the Martini mode, LDP remote sessions will be established between PEs, and PEs will allocate a VC label for each connection between CEs. The Layer 2 VPN information will carry the VC label and be forwarded to the peer PE of the remote session through the LSP established by LDP. In this way, a VCLSP is actually established on a common LSP.

发明内容Contents of the invention

本专利的目的就是提供一种在MPLS中实现VPN的方法,可以灵活地处理和转发数据报文,并且有效利用系统已有的资源。The purpose of this patent is to provide a method for implementing VPN in MPLS, which can flexibly process and forward data packets, and effectively utilize the existing resources of the system.

一种MPLS VPN的实现方法,其特征在于包括以下步骤:A kind of realization method of MPLS VPN is characterized in that comprising the following steps:

a、将策略配置到设备;a. Configure the policy to the device;

b、出口VPN边缘侧设备(Egress PE)将相关信息发送到入口VPN边缘侧设备(Ingress PE);b. The egress VPN edge device (Egress PE) sends relevant information to the ingress VPN edge device (Ingress PE);

c、Ingress PE对收到的路由,和策略进行匹配,若成功,进入步骤d,否则丢弃;c. The Ingress PE matches the received route with the policy. If successful, enter step d, otherwise discard it;

d、建立策略路由表项并保存到策略路由中;d. Create policy routing table items and save them in policy routing;

e、根据策略查找外层隧道,并将报文转发到Exgress PE侧。e. Find the outer tunnel according to the policy, and forward the packet to the Exgress PE side.

所述的步骤e中,如果查找外层隧道失败,还包括根据需要驱动信令来建立外层隧道的步骤。In said step e, if the search for the outer tunnel fails, a step of driving signaling to establish the outer tunnel is also included as required.

所述的MPLS VPN是BGP/MPLS VPN,所述的步骤a中的策略,是指根据IP报文的5元组信息,IP报文的优先级,报文的入接口信息对数据报文进行分类并指定数据转发使用外层隧道的规则。Described MPLS VPN is BGP/MPLS VPN, and the policy in the described step a refers to according to the 5-tuple information of IP message, the priority of IP message, the incoming interface information of message is carried out to data message Classify and specify rules for data forwarding using the outer tunnel.

所述步骤d中的策略路由表项,是将分类规则中5元组信息的目的地址修改为路由的目的地址和分类规则中IP报文5元组信息中的目的地址的交集,修改后的分类规则和对应的外层隧道选择规则生成策略路由。The strategic routing entry in the step d is to modify the destination address of the 5-tuple information in the classification rule to the intersection of the destination address of the route and the destination address in the IP packet 5-tuple information in the classification rule, and the modified Classification rules and corresponding outer tunnel selection rules generate policy routing.

所述的步骤e中,使用LSP作为外层隧道。In the step e, the LSP is used as the outer layer tunnel.

所述转发处理使用两层标签方式,第一层标签在骨干网内部进行交换,第二层标签在对端PE到CE间进行交换。The forwarding process uses two layers of labels, the first layer of labels is exchanged inside the backbone network, and the second layer of labels is exchanged between the peer PE and CE.

所述的MPLS VPN是L2VPN,所述的步骤a中的策略,是指根据报文的入接口、链路层报报文头中的QOS字段等信息对数据报文进行分类并指定数据转发使用外层隧道的规则。Described MPLS VPN is L2VPN, and the strategy in the described step a refers to classifying data packets according to information such as the incoming interface of the message, the QOS field in the link layer message header and specifying data forwarding using Rules for the outer tunnel.

所述的步骤c中,匹配的内容是将分类规则中的入接口与L2VPN的配置VC进行匹配。In the step c, the matching content is to match the incoming interface in the classification rule with the configured VC of the L2VPN.

所述步骤d中策略路由表项,是以原策略中的规则生成的策略路由表项。The policy routing entry in step d is a policy routing entry generated from the rules in the original policy.

所述的步骤e中,使用GRE或IPSEC作为外层隧道。In the step e, use GRE or IPSEC as the outer layer tunnel.

所述的转发处理中,建立VPN报文转发使用一层标签方式。In the forwarding process described above, the establishment of VPN message forwarding uses a layer of labels.

采用了本发明的VPN实现方法,由于外层可以有很多条,本发明可以根据业务的特点来选择隧道,保证业务的服务质量能达到客户的要求,同时流量工作将不仅限于运营商的业务,同时可以支持客户的业务,另外可以根据私网业务的需要,动态的建立MPLS TE的LSP,满足用户的需要。Adopting the VPN implementation method of the present invention, since the outer layer can have many tunnels, the present invention can select tunnels according to the characteristics of the business, so as to ensure that the quality of service of the business can meet the requirements of customers, and the traffic work will not be limited to the business of the operator at the same time. At the same time, it can support the customer's business. In addition, according to the needs of the private network business, it can dynamically establish the LSP of MPLS TE to meet the needs of users.

附图说明Description of drawings

图1是现有技术中,BGP/MPLS模型;Fig. 1 is in prior art, BGP/MPLS model;

图2是本发明的一个流程图。Figure 2 is a flow chart of the present invention.

具体实施方式Detailed ways

下面结合说明书附图来说明本发明的具体实施方式。(请给出一个具体的路由策略内容,以及一个建立后的策略路由表,只给出几个象征性的表项即可。)The specific implementation manners of the present invention will be described below in conjunction with the accompanying drawings. (Please give a specific routing policy content, and an established policy routing table, just give a few symbolic entries.)

策略路由(PBR:Policy-Based Routing),是通过匹配报文的特征(如入接口,报文的源地址、目的地址等),来指定报文的出接口或下一跳。如果匹配成功,此时这个报文将按照策略路由指定的出接口或下一跳转发,不再查询普通的路由表。本发明利用策略路由的这个特性,来进行外层隧道的选择。如图2所示,是本发明的一个流程图,从图中可以看出,本发明包括以下步骤:Policy-Based Routing (PBR: Policy-Based Routing) is to specify the outgoing interface or next hop of the packet by matching the characteristics of the packet (such as the incoming interface, the source address of the packet, the destination address, etc.). If the match is successful, the packet will be forwarded according to the outbound interface or next hop specified by the policy routing, and the ordinary routing table will not be queried. The present invention utilizes this characteristic of policy routing to select the outer layer tunnel. As shown in Figure 2, it is a flowchart of the present invention, as can be seen from the figure, the present invention comprises the following steps:

a、通过命令行或网管等将策略配置到设备,该设备可以是通信设备中的路由器和LANSWITCH等设备。对BGP/MPLS VPN的策略是根据IP报文的5元组信息,IP报文的优先级,报文的入接口等信息对报文进行分类,对L2VPN(二层VPN)的策略是根据报文的入接口,链路层报文头中QoS字段(如Ethernet帧头的802.1p位),还可以包括VLAN ID,PVC等信息对报文进行分类,每类报文可以定义选择外层隧道的规则。a. Configure the policy to the device through the command line or the network management system. The device may be a router, LANSWITCH and other devices in the communication device. The strategy for BGP/MPLS VPN is to classify packets according to the 5-tuple information of IP packets, the priority of IP packets, and the incoming interface of packets. The strategy for L2VPN (Layer 2 VPN) is to classify packets according to The incoming interface of the file, the QoS field in the link layer header (such as the 802.1p bit of the Ethernet frame header), can also include VLAN ID, PVC and other information to classify the message, and each type of message can be defined to select the outer layer tunnel the rule of.

通过对不同转发要求的报文建立上述分类,可以针对不同的业务要求使用不同的业务,增加了系统处理报文的灵活性。By establishing the above classification for messages with different forwarding requirements, different services can be used according to different service requirements, which increases the flexibility of the system in processing messages.

比如一个策略路由表项可以包括下述内容:For example, a policy routing entry can include the following:

报文匹配条件:报文的源地址为10.1.1.2Packet matching condition: the source address of the packet is 10.1.1.2

转发规则:指定报文的出接口为tunnell(MPLS TE创建的隧道接口)等。Forwarding rules: Specify the outbound interface of the packet as tunnell (tunnel interface created by MPLS TE), etc.

b、Egress PE将私网VPN(BGP/MPLS VPN或L2VPN)的信息(对BGP/MPLSVPN是本地的VPN路由信息)通过BGP/LDP发送到ingress PE,以供数据报文转发时进行匹配。b. Egress PE sends private network VPN (BGP/MPLS VPN or L2VPN) information (local VPN routing information for BGP/MPLSVPN) to ingress PE through BGP/LDP for matching when data packets are forwarded.

c、ingress对收到的每条信息,和所有的策略进行一一匹配。对MPLSBGP/VPN主要比较收到路由的目的地址和策略的分类规则中IP报文5元组信息的目的地址是否有交集,对L2VPN,用分类规则中的VLAN ID/PVC或者入接口与L2VPN的配置VC匹配。c. The ingress matches each piece of information received with all policies one by one. For MPLSBGP/VPN, it mainly compares the destination address of the received route with the destination address of the 5-tuple information of the IP packet in the policy classification rule. For L2VPN, use the VLAN ID/PVC in the classification rule or the inbound interface and the L2VPN Configure VC matching.

d、在每个VPN的报文到达PE后,PE将报文和所有的策略路由进行一一匹配。如果匹配成功,则建立策略路由表项,并将该表项保存到策略路由中,对BGP/MPLS VPN,将分类规则中5元组信息的目的地址修改为路由的目的地址和分类规则中IP报文5元组信息中的目的地址的交集,将修改后的分类规则和对应的外层隧道选择规则生成一个个特殊的策略路由表项,保存在策略路由中。对L2VPN,则对策略中的规则不做任何修改的生成一个个特殊的策略路由表项,保存在策略路由中。d. After the packet of each VPN arrives at the PE, the PE matches the packet with all policy routes one by one. If the match is successful, create a policy routing entry and save the entry to the policy routing. For BGP/MPLS VPN, modify the destination address of the 5-tuple information in the classification rule to the destination address of the route and the IP in the classification rule. The intersection of the destination address in the message 5-tuple information generates special policy routing entries one by one from the modified classification rules and the corresponding outer tunnel selection rules, and stores them in the policy routing. For L2VPN, the rules in the policy are not modified in any way to generate special policy routing entries and save them in the policy routing.

e、根据策略查找外层隧道,并将报文转发到Exgress PE侧,e. Find the outer tunnel according to the policy, and forward the message to the Exgress PE side,

如果匹配成功,还根据分类结果对应的规则查找隧道是否存在。If the match is successful, it also checks whether the tunnel exists according to the rules corresponding to the classification results.

如果查找的结果是该外层隧道不存在,则可以根据需要,驱动信令来建立隧道。If the result of the search is that the outer tunnel does not exist, signaling may be driven to establish the tunnel as required.

该报文转发,对以LSP(包括普通的LSP和TE建立的LSP)为外层隧道的转发处理:建立VPN报文转发使用两层标签方式。第一层(外层)标签在骨干网内部进行交换,代表了从PE到对端PE的一条LSP,VPN报文利用这层标签,就可以沿着LSP到达对端PE。从对端PE到达CE时使用第二层(内层)标签,内层标签指示了报文到达哪个Site,或者更具体一些,到达哪一个CE。这样,根据内层标签,就可以找到转发报文的接口。For forwarding the message, the forwarding processing takes LSP (including common LSP and LSP established by TE) as the outer layer tunnel: the two-layer label mode is used for forwarding the established VPN message. The first layer (outer layer) label is exchanged inside the backbone network, which represents an LSP from the PE to the peer PE. VPN packets can reach the peer PE along the LSP by using this layer of labels. The second layer (inner layer) label is used when reaching the CE from the peer PE. The inner layer label indicates which Site the packet reaches, or more specifically, which CE it reaches. In this way, according to the inner label, the interface for forwarding the packet can be found.

对以GRE、IPSEC等(非LSP的隧道)为外层隧道的转发处理:建立VPN报文转发只使用一层标签方式。由于Ingress PE和egress PE之间已经有隧道存在,在ingress PE只需要将打上了内层标签的MPLS报文通过隧道接口发送即可达到egree PE。在egress PE的转发的处理不变。For the forwarding processing of GRE, IPSEC, etc. (non-LSP tunnels) as outer tunnels: only one layer of labels is used for forwarding VPN packets. Since there is already a tunnel between the Ingress PE and the egress PE, the ingress PE only needs to send the MPLS packets marked with the inner layer label through the tunnel interface to reach the egree PE. The processing of forwarding on the egress PE remains unchanged.

一个典型的应用是,由于语音业务(VOIP)对带宽和时延都有比较严格的要求,而现在的VPN将对语音和普通的数据报文不做区分的通过同一条隧道进行传送,这样将无法保证语音的服务要求。而采用本发明的VPN实现方法,对语音业务可以通过TE建立的有带宽和时延保证的LSP传送,而普通的数据报文可以通过GRE或普通LSP传送。语音业务的服务质量要求就可以得到保证。A typical application is that because the voice service (VOIP) has relatively strict requirements on bandwidth and delay, the current VPN will transmit the voice and ordinary data packets through the same tunnel without distinguishing them. Service requirements for voice cannot be guaranteed. With the VPN implementation method of the present invention, the voice service can be transmitted through the LSP established by TE with guaranteed bandwidth and time delay, and ordinary data messages can be transmitted through GRE or common LSP. The quality of service requirements of voice services can be guaranteed.

采用了本发明的VPN实现方法,由于外层可以有很多条,本发明可以根据业务的特点来选择隧道,保证业务的服务质量能达到客户的要求,同时流量工作将不仅限于运营商的业务,同时可以支持客户的业务,另外可以根据私网业务的需要,动态的建立MPLS TE的LSP,满足用户的需要。Adopting the VPN implementation method of the present invention, since the outer layer can have many tunnels, the present invention can select tunnels according to the characteristics of the business, so as to ensure that the quality of service of the business can meet the requirements of customers, and the traffic work will not be limited to the business of the operator at the same time. At the same time, it can support the customer's business. In addition, according to the needs of the private network business, it can dynamically establish the LSP of MPLS TE to meet the needs of users.

以上所述,仅为本发明较佳的具体实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的技术范围内,可轻易想到的变化或替换,都应涵盖在本发明的保护范围之内。因此,本发明的保护范围应该以权利要求书的保护范围为准。The above is only a preferred embodiment of the present invention, but the scope of protection of the present invention is not limited thereto. Any person skilled in the art within the technical scope disclosed in the present invention can easily think of changes or Replacement should be covered within the protection scope of the present invention. Therefore, the protection scope of the present invention should be determined by the protection scope of the claims.

Claims (10)

1, a kind of implementation method of MPLS VPN is characterized in that may further comprise the steps:
A, with policy configurations to inlet Virtual Private Network edge device VPN Ingress PE;
B, outlet Virtual Private Network edge side equipment VPN Egress PE send to inlet Virtual Private Network edge side equipment with local virtual private network information;
C, inlet Virtual Private Network edge side equipment mate route and the strategy of receiving, if success enters steps d, otherwise abandons;
D, set up tactful route table items and be saved in the tactful route;
E, search outer layer tunnel,,, then need to drive signaling and set up outer layer tunnel if do not find outer layer tunnel if success is forwarded to outlet Virtual Private Network edge side equipment side with message according to strategy.
2, the implementation method of a kind of MPLS VPN as claimed in claim 1, it is characterized in that described MPLS VPN is Border Gateway Protocol MPLS VPN BGP/MPLS VPN, strategy among the described step a, be meant 5 tuple information according to the IP message, IP priority of messages, the incoming interface information of message are classified to the data message and specific data is transmitted the rule of using outer layer tunnel.
3, the implementation method of a kind of MPLS VPN as claimed in claim 2, it is characterized in that the tactful route table items in the described steps d, be that destination address with 5 tuple information of IP message in the data message classifying rules is revised as in route destination address and the data message classifying rules common factor of destination address, amended data message classifying rules and corresponding outer layer tunnel selective rule generation strategy route in IP message 5 tuple information.
4, the implementation method of a kind of MPLS VPN as claimed in claim 3 is characterized in that among the described step e that usage flag switching path LSP is as outer layer tunnel.
5, the implementation method of a kind of MPLS VPN as claimed in claim 4, it is characterized in that the two-layer label mode of described forwarding processing use, the ground floor label exchanges in backbone network inside, and second layer label exchanges between user network edge router CE at opposite end backbone network edge router PE.
6, the implementation method of a kind of MPLS VPN as claimed in claim 1, it is characterized in that described MPLS VPN is Layer 2 virtual private network L2VPN, strategy among the described step a is meant that service quality QoS field information in incoming interface according to message, the link layer newspaper heading is classified to the data message and specific data is transmitted the rule of using outer layer tunnel.
7, the implementation method of a kind of MPLS VPN as claimed in claim 6 is characterized in that among the described step c, and the content of coupling is that the configuration virtual container VC with incoming interface in the classifying rules and Layer 2 virtual private network mates.
8, the implementation method of a kind of MPLS VPN as claimed in claim 7 is characterized in that tactful route table items in the described steps d, is the tactful route table items that generates with the rule in the step a strategy.
9, the implementation method of a kind of MPLS VPN as claimed in claim 8 is characterized in that among the described step e, uses generic route encapsulation GRE or IP Security Protocol IPSEC as outer layer tunnel.
10, the implementation method of a kind of MPLS VPN as claimed in claim 9 is characterized in that in the described forwarding processing, sets up the virtual private network packet and transmits one deck label mode of using.
CNB021552487A 2002-12-10 2002-12-10 Method of realizing special multiple-protocol label exchanging virtual network Expired - Fee Related CN1254059C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB021552487A CN1254059C (en) 2002-12-10 2002-12-10 Method of realizing special multiple-protocol label exchanging virtual network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB021552487A CN1254059C (en) 2002-12-10 2002-12-10 Method of realizing special multiple-protocol label exchanging virtual network

Publications (2)

Publication Number Publication Date
CN1507230A CN1507230A (en) 2004-06-23
CN1254059C true CN1254059C (en) 2006-04-26

Family

ID=34235819

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB021552487A Expired - Fee Related CN1254059C (en) 2002-12-10 2002-12-10 Method of realizing special multiple-protocol label exchanging virtual network

Country Status (1)

Country Link
CN (1) CN1254059C (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11497067B2 (en) * 2015-12-18 2022-11-08 Cisco Technology, Inc. Establishing a private network using multi-uplink capable network devices
US11496294B2 (en) 2013-01-30 2022-11-08 Cisco Technology, Inc. Method and system for key generation, distribution and management
USRE49485E1 (en) 2013-12-18 2023-04-04 Cisco Technology, Inc. Overlay management protocol for secure routing based on an overlay network
USRE50121E1 (en) 2013-09-16 2024-09-10 Cisco Technology, Inc. Service chaining based on labels in control and forwarding

Families Citing this family (40)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006094440A1 (en) * 2005-03-08 2006-09-14 Hangzhou H3C Technologies Co., Ltd. A method of virtual local area network exchange and the network device thereof
CN100428737C (en) * 2005-03-08 2008-10-22 杭州华三通信技术有限公司 A Method to Simplify VPN Network Deployment
CN100525227C (en) 2005-03-10 2009-08-05 华为技术有限公司 Method for realizing integrated service access by access network
US7447167B2 (en) * 2005-03-28 2008-11-04 Cisco Technology, Inc. Method and apparatus for the creation and maintenance of a self-adjusting repository of service level diagnostics test points for network based VPNs
CN100387019C (en) * 2005-04-04 2008-05-07 华为技术有限公司 Implementation method of multi-protocol label switching virtual private network across hybrid network
CN100393062C (en) * 2005-05-12 2008-06-04 中兴通讯股份有限公司 Method for connecting core network to multi-protocol label switching virtual private network
CN100409630C (en) * 2005-06-15 2008-08-06 杭州华三通信技术有限公司 Method and system for increasing safety of VPN user
CN100461755C (en) * 2005-08-12 2009-02-11 华为技术有限公司 Data message transmission method and node device based on MPLS TE tunnel
CN100450065C (en) * 2005-09-09 2009-01-07 华为技术有限公司 A method of providing communication between virtual private network sites
CN100571264C (en) * 2005-10-31 2009-12-16 中兴通讯股份有限公司 A multi-protocol label switching virtual private network cross-domain connection method
CN100450093C (en) * 2005-12-30 2009-01-07 华为技术有限公司 A Method of Providing QoS Service for Virtual Private Network Users
CN101043429B (en) 2006-06-05 2010-05-12 华为技术有限公司 A method and multicast data transmission system for establishing multicast LSP in MPLS domain
EP2672664A1 (en) * 2006-06-12 2013-12-11 Nortel Networks Limited Supporting multi-protocol label switching (MPLS) applications over ethernet switch paths
CN101471880B (en) * 2007-12-27 2011-02-09 华为技术有限公司 Method, system and routing device for processing data
CN101499951B (en) * 2008-02-01 2012-05-23 华为技术有限公司 Tunnel configuration method, virtual access node, virtual edge node and system
CN101340374B (en) * 2008-08-28 2011-01-19 杭州华三通信技术有限公司 Method, system, device and user network edge device for controlling transmission priority
CN101567854B (en) * 2009-05-26 2011-06-29 武汉烽火网络有限责任公司 Ethernet data frame VLAN double-layer label processing device and method based on flow classification
CN101667961B (en) * 2009-09-30 2011-08-24 西安电子科技大学 Policy-routing system based on grid service and dynamic policy-generating method
CN101729422B (en) * 2009-12-09 2012-09-26 杭州华三通信技术有限公司 Method and device for realizing QoS (Quality of Service) by utilizing BGP (Border Gateway Protocol)
CN102170386B (en) 2010-02-26 2016-02-10 中兴通讯股份有限公司 The implementation method that identify label is separated with position, system and data encapsulation method
CN102377630A (en) * 2011-10-13 2012-03-14 华为技术有限公司 Traffic engineering tunnel-based virtual private network implementation method and traffic engineering tunnel-based virtual private network implementation system
CN102387205B (en) * 2011-10-21 2013-12-25 杭州华三通信技术有限公司 Method and device for locating position of virtual machine
CN103067279B (en) * 2011-10-24 2017-10-10 中兴通讯股份有限公司 VPN interconnected methods and system
CN102904792B (en) * 2012-09-21 2015-03-25 北京华为数字技术有限公司 Service carrying method and router
CN102938734A (en) * 2012-11-26 2013-02-20 杭州华三通信技术有限公司 Tunnel selection method and PE (Provider Edge) in MPLS (Multiprotocol Label Switching) network
CN104301192B (en) * 2013-07-18 2019-06-11 新华三技术有限公司 A network device discovery method and device for VPN networking
CN103532857B (en) * 2013-10-28 2016-09-14 北京锐安科技有限公司 The method and device that a kind of data forward
CN104980362B (en) * 2014-04-04 2019-04-12 华为技术有限公司 A kind of service tunnel method for building up and equipment
CN105553810A (en) * 2015-12-14 2016-05-04 中国联合网络通信集团有限公司 Method and device for forwarding special line service packet
CN109167716B (en) * 2018-10-22 2021-02-23 智强通达科技(北京)有限公司 Two-layer virtual private network system based on BGP and use method
CN110035012B (en) * 2018-12-25 2021-09-14 中国银联股份有限公司 SDN-based VPN flow scheduling method and SDN-based VPN flow scheduling system
CN111385204B (en) * 2018-12-27 2022-03-29 中国移动通信集团贵州有限公司 Service transmission method, device, equipment and medium
CN110113243B (en) * 2019-04-29 2021-05-14 电子科技大学 A user-insensitive VPN access method based on container technology
CN111865805B (en) * 2020-06-29 2023-01-24 烽火通信科技股份有限公司 Multicast GRE message processing method and system
CN114513457B (en) * 2020-10-28 2025-09-12 北京华为数字技术有限公司 BGP flow rule routing publication method, network device and storage medium
CN114615108B (en) * 2020-11-23 2023-05-09 中国联合网络通信集团有限公司 Opening method, platform and equipment of virtual private network
CN112437009B (en) * 2020-11-27 2022-07-01 网络通信与安全紫金山实验室 SRv6 method, router, routing system and storage medium for end-to-end flow policy
CN112787940A (en) * 2021-01-27 2021-05-11 哈尔滨工业大学(威海) Multi-level VPN encryption transmission method, system, equipment and storage medium
CN113438164A (en) * 2021-06-07 2021-09-24 中宇联云计算服务(上海)有限公司 Dynamic multi-path optimization method, system and equipment based on cloud network fusion technology
CN113676391A (en) * 2021-08-16 2021-11-19 上海地面通信息网络股份有限公司 Data transmission method, device, communication node and storage medium

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11496294B2 (en) 2013-01-30 2022-11-08 Cisco Technology, Inc. Method and system for key generation, distribution and management
US11516004B2 (en) 2013-01-30 2022-11-29 Cisco Technology, Inc. Method and system for key generation, distribution and management
USRE50121E1 (en) 2013-09-16 2024-09-10 Cisco Technology, Inc. Service chaining based on labels in control and forwarding
USRE49485E1 (en) 2013-12-18 2023-04-04 Cisco Technology, Inc. Overlay management protocol for secure routing based on an overlay network
USRE50105E1 (en) 2013-12-18 2024-08-27 Cisco Technology, Inc. Overlay management protocol for secure routing based on an overlay network
USRE50148E1 (en) 2013-12-18 2024-09-24 Cisco Technology, Inc. Overlay management protocol for secure routing based on an overlay network
US11497067B2 (en) * 2015-12-18 2022-11-08 Cisco Technology, Inc. Establishing a private network using multi-uplink capable network devices
US11497068B2 (en) 2015-12-18 2022-11-08 Cisco Technology, Inc. Establishing a private network using multi-uplink capable network devices
US11792866B2 (en) 2015-12-18 2023-10-17 Cisco Technology, Inc. Establishing a private network using multi-uplink capable network devices

Also Published As

Publication number Publication date
CN1507230A (en) 2004-06-23

Similar Documents

Publication Publication Date Title
CN1254059C (en) Method of realizing special multiple-protocol label exchanging virtual network
CN100372336C (en) Multi-protocol label switching virtual private network and control and forwarding method thereof
CN111385206B (en) Message forwarding method, network system, related equipment and computer storage medium
CN115943615B (en) Extending layer 2 networks over layer 3 networks using layer 2 metadata
EP3780545B1 (en) Flow specification protocol-based communications method, and device
US7710970B2 (en) Source identifier for MAC address learning
CN100384172C (en) System and method for guaranteeing service quality in network-based virtual private network
US9929947B1 (en) Transmitting packet label contexts within computer networks
US7440438B2 (en) Refresh and filtering mechanisms for LDP based VPLS and L2VPN solutions
CN101645849B (en) QoS realization method in transitional environment and PE router
CN1812363A (en) Apparatus and method for providing multiprotocol label switching (MPLS) based virtual private network (VPN)
CN100512281C (en) Safeguard method and system for interconnection protocol network between networks
CN112671650B (en) End-to-end SR control method, system and readable storage medium under SD-WAN scene
CN101877677B (en) Tunnel switching method and system for multi-protocol label switching services
CN102137024A (en) Message processing method, exit routing device and border routing device
US20210083902A1 (en) Method for Managing Virtual Private Network, and Device
CN1913523A (en) Method for implementing layer level virtual private exchange service
CN101656663A (en) Method, device and system for forwarding MPLS multicast message
CN1852214A (en) Routing method of virtual special network
CN100393062C (en) Method for connecting core network to multi-protocol label switching virtual private network
CN100502343C (en) Method of intercommunication of multi-protocol label exchange virtual special network
KR20250050046A (en) Automated scaling of network topologies using unique identifiers
CN1725727A (en) Label switching path (LSP) aggregation method
CN101136832A (en) Multi-protocol label switching virtual private network and its control and forwarding method
CN1700671A (en) A method for establishing static label transmitting route

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20060426

Termination date: 20151210

EXPY Termination of patent right or utility model