[go: up one dir, main page]

CN1260916C - Method for realizing virtual specific network in ATM network - Google Patents

Method for realizing virtual specific network in ATM network Download PDF

Info

Publication number
CN1260916C
CN1260916C CN 02149112 CN02149112A CN1260916C CN 1260916 C CN1260916 C CN 1260916C CN 02149112 CN02149112 CN 02149112 CN 02149112 A CN02149112 A CN 02149112A CN 1260916 C CN1260916 C CN 1260916C
Authority
CN
China
Prior art keywords
message
atm
vlan
atm network
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN 02149112
Other languages
Chinese (zh)
Other versions
CN1503514A (en
Inventor
王松波
何军
梁晓明
王庆文
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN 02149112 priority Critical patent/CN1260916C/en
Publication of CN1503514A publication Critical patent/CN1503514A/en
Application granted granted Critical
Publication of CN1260916C publication Critical patent/CN1260916C/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本发明涉及在以太网三层交换机设备上,在ATM PVC(永久虚链路)上实现VPN的一种实现方法。一种在ATM网络上实现VPN的方法,其特征在于在传送的报文中加上一个标识报文所在VLAN的报文标识,在接收报文侧,通过该报文标识识别该报文所在VLAN,将报文还原,以使不同的VLAN可以共享同一个ATM的传输链路。本发明扩充了RFC1483在以太网中的应用,尤其对于目前三层交换机中广泛使用的VLAN的组网应用,带来了极大方便。

Figure 02149112

The invention relates to a method for realizing VPN on an ATM PVC (permanent virtual link) on an Ethernet three-layer switch device. A method for realizing VPN on an ATM network, characterized in that a message identifier for identifying the VLAN where the message is located is added to the transmitted message, and at the receiving message side, the VLAN where the message is identified is identified by the message identifier , to restore the message so that different VLANs can share the same ATM transmission link. The invention expands the application of RFC1483 in the Ethernet, especially for the networking application of the VLAN widely used in the current three-layer switch, and brings great convenience.

Figure 02149112

Description

一种在ATM网络上实现虚拟专用网的方法A Method of Realizing Virtual Private Network on ATM Network

技术领域technical field

本发明涉及网络设备协议实现领域,尤其涉及一种在ATM网络上,实现虚拟专用网(VPN)的方法。The invention relates to the field of network device protocol realization, in particular to a method for realizing a virtual private network (VPN) on an ATM network.

技术背景technical background

目前交换机、三层交换机、路由器等相关交换设备的接口卡上,大多集中提供以太网接口,如10M/100M的电口,千兆(GIGABIT)电口和光口,10GE光口等。随着三层交换机等在网络中的广泛应用,要求应用在汇聚层,骨干层的以太网交换机能够具有不同的接口类型,以适应目前网络环境中不同的接入设备的要求。目前在网络中运用比较多的设备有ATM交换机,所以在三层交换机、路由器等交换设备上提供ATM接口,能够运用ATM网络,实现与广域网的互连互通,是目前提高交换设备的竞争力,降低网络运营成本,拓展城域网的运营范围,具有非常大的意义。At present, on the interface cards of related switching equipment such as switches, three-layer switches, and routers, most of them provide Ethernet interfaces, such as 10M/100M electrical ports, Gigabit (GIGABIT) electrical ports and optical ports, and 10GE optical ports. With the wide application of three-layer switches in the network, it is required that the Ethernet switches used in the aggregation layer and the backbone layer can have different interface types to meet the requirements of different access devices in the current network environment. At present, ATM switches are widely used in the network. Therefore, providing ATM interfaces on switching devices such as layer 3 switches and routers can use ATM networks to realize interconnection with WANs. It is the current way to improve the competitiveness of switching devices. It is of great significance to reduce the network operation cost and expand the operation scope of the metropolitan area network.

如图1所示,是目前利用ATM实现VPN的连接示意图,主要是利用ATM永久虚电路(PVC)实现VPN,即在ATM网络中,根据VPN用户,创建一特定的PVC链接;利用ATM PVC承载特定的数据帧:在入口VPN边缘设备(ingress pe)侧,将用户用特定的PVC对应VPN用户的转发对等体(fec),然后将报文封装成ATM信元,转发到ATM网络中;在p设备中,只进行普通的ATM转发;到出口VPN边缘侧(egress pe)中,根据信元的PVC,将报文转化成特定的VPN用户报文,然后经过ce设备将报文转发到指定的用户。As shown in Figure 1, it is the connection schematic diagram that utilizes ATM to realize VPN at present, mainly utilizes ATM permanent virtual circuit (PVC) to realize VPN, promptly in ATM network, according to VPN user, creates a specific PVC connection; Utilizes ATM PVC to bear the weight of Specific data frame: on the ingress VPN edge device (ingress pe) side, the user uses a specific PVC to correspond to the forwarding peer (fec) of the VPN user, and then encapsulates the message into an ATM cell and forwards it to the ATM network; In the p device, only ordinary ATM forwarding is carried out; in the egress PE, according to the PVC of the cell, the message is converted into a specific VPN user message, and then the message is forwarded by the ce device to specified user.

这种方法特点是:一个VPN用户对应一条PVC链接,对用户的识别就是通过对PVC的识别来确定;由于每个用户在ATM网络中映射特定的PVC链,并且使用IP与PVC进行映射,不是很方便,对以太网不能进行透传,组装报文比较麻烦。The characteristics of this method are: a VPN user corresponds to a PVC link, and the identification of the user is determined by the identification of the PVC; since each user maps a specific PVC chain in the ATM network, and uses IP and PVC to map, it is not Very convenient, Ethernet cannot be transparently transmitted, and it is troublesome to assemble packets.

这样利用PVC链接保证特定的VPN用户数据帧不受网络的干扰,保护用户的数据信息;但浪费PVC资源;对用户的标识也不太好;而且对于以太网的支持也不够好,需要进行ATM PVC与VPN用户对等体(FEC)的重新映射。In this way, PVC links are used to ensure that specific VPN user data frames are not disturbed by the network, and user data information is protected; but PVC resources are wasted; user identification is not very good; and the support for Ethernet is not good enough, ATM needs to be implemented. Remapping of PVCs to VPN User Peers (FECs).

发明内容Contents of the invention

本发明的目的就是为了解决在目前在交换设备上,利用ATM接口实现VPN的一种方法。Purpose of the present invention is exactly in order to solve a kind of method that utilizes ATM interface to realize VPN on switching equipment at present.

本发明的方案如下:The scheme of the present invention is as follows:

一种在ATM网络上实现VPN的方法,其特征在于在传送的报文中加上一个标识报文所在VLAN的报文标识,在接收报文侧,通过该报文标识识别该报文所在VLAN,将报文还原,以使不同的VLAN可以共享同一个ATM的传输链路。A kind of method for realizing VPN on ATM network, it is characterized in that in the message that transmits, add the message identification of the place VLAN of a mark message, at the receiving message side, identify the VLAN where the message is by the message label , to restore the message so that different VLANs can share the same ATM transmission link.

所述的在ATM网络上实现VPN的方法,具体包括以下步骤:The described method for realizing VPN on the ATM network specifically comprises the following steps:

a、在数据报文中加上一个标识报文所在VLAN的报文标识,并将所述数据报文发送到ATM网络中;A, in the data message, add the message identification of the place VLAN of a mark message, and described data message is sent in the ATM network;

b、ATM网络根据所携带的报文标识,查找映射表,找到对应的PVC交叉联接;B, ATM network searches the mapping table according to the message identifier carried, and finds the corresponding PVC cross connection;

c、将报文转发到对应的VLAN;c. Forward the message to the corresponding VLAN;

d、找到映射表对应的标签操作,并进行操作,还原报文,从而实现不同的VLAN可以共享同一个ATM的传输链路。d. Find the label operation corresponding to the mapping table, and perform the operation to restore the message, so that different VLANs can share the same ATM transmission link.

所述的在ATM网络上实现VPN的方法,步骤b中,还包括一个添加二层或多层标签的步骤,所述的二层或多层标签用于进一步标识协议报文的VLAN,相对应在步骤d之前还包括一个处理所述二层或多层标签的步骤。The described method for realizing VPN on the ATM network, in the step b, also includes a step of adding a two-layer or multi-layer label, and the two-layer or multi-layer label is used to further identify the VLAN of the protocol message, corresponding A step of processing the two or more layers of labels is also included before step d.

所述的在ATM网络上实现VPN的方法,步骤d之前,对该二层标签的处理,是将该标签删除。In the method for realizing VPN on the ATM network, before step d, the processing of the layer-2 label is to delete the label.

所述的在ATM网络上实现VPN的方法,步骤d之前,对该二层标签的处理,是将该标签进行空操作。In the method for realizing VPN on the ATM network, before the step d, the processing of the layer-2 label is to perform a null operation on the label.

所述的在ATM网络上实现VPN的方法,将数据报文发送到ATM网络的步骤,是由三层交换机来完成的。In the method for realizing VPN on the ATM network, the step of sending the data message to the ATM network is completed by a three-layer switch.

所述的报文,为802.1q规定的格式。The message is in the format specified by 802.1q.

本发明能够充分利用ATM的PVC和以太网802.1Q数据帧VLAN TAG的映射,实现对VPN用户的识别,保证不同用户在少建PVC的基础上,实现数据的安全、透明传输。The present invention can make full use of the mapping between ATM PVC and Ethernet 802.1Q data frame VLAN TAG to realize the identification of VPN users and ensure that different users realize safe and transparent transmission of data on the basis of fewer PVCs.

附图说明Description of drawings

图1是现有技术中VPN的实现方式;Fig. 1 is the realization mode of VPN in the prior art;

图2是本发明的一个流程图;Fig. 2 is a flow chart of the present invention;

图3是本发明报文的转发示意图;Fig. 3 is the forwarding schematic diagram of message of the present invention;

图4是采用透传方式的转发示意图;FIG. 4 is a schematic diagram of forwarding in a transparent transmission mode;

图5是本发明实施例的一个报文转发示意图;FIG. 5 is a schematic diagram of message forwarding according to an embodiment of the present invention;

图6是本发明实施例的报文的发送流程图;FIG. 6 is a flow chart of sending messages according to an embodiment of the present invention;

图7是本发明实施例的报文的接收流程。Fig. 7 is a message receiving process of the embodiment of the present invention.

具体实施方式Detailed ways

下面结合说明书附图来说明本发明的具体实施方式。The specific implementation manners of the present invention will be described below in conjunction with the accompanying drawings.

本发明的目的就是为了解决在交换设备上,利用ATM接口实现VPN的一种方法。它能够充分利用ATM的PVC和以太网802.1Q数据帧VLAN TAG的映射,实现对VPN用户的识别,保证不同用户在少建PVC的基础上,实现数据的安全、透明传输。该映射主要是ATM的PVC(vpi/vci---vcc index)与802.1q的VLAN TAG之间的映射;这样就可以充分利用PVC为多个VLAN进行VPN的链接。The purpose of the present invention is exactly in order to solve a kind of method that utilizes ATM interface to realize VPN on switching equipment. It can make full use of the mapping between ATM PVC and Ethernet 802.1Q data frame VLAN TAG to realize the identification of VPN users and ensure the safe and transparent transmission of data for different users on the basis of fewer PVCs. This mapping is mainly the mapping between the PVC (vpi/vci --- vcc index) of ATM and the VLAN TAG of 802.1q; so just can make full use of PVC to carry out the link of VPN for multiple VLANs.

本发明在传送的报文中加上一个标识报文所在VLAN的报文标识,在接收报文侧,通过该报文标识识别该报文所在VLAN,将该报文还原,以使不同的VLAN可以共享同一个ATM的传输链路。In the present invention, a message identifier identifying the VLAN where the message is located is added to the transmitted message, and at the side of receiving the message, the VLAN where the message is located is identified by the message ID, and the message is restored so that different VLANs Can share the transmission link of the same ATM.

如表1所示,是本发明使用的一个报文,由该表中可见,本发明增加了一个标识TAG,根据rfc1483的建议,我们的发明对此进行了扩展,可以利用ATM透明传输带TAG的802.1q协议报文; 0xaa-aa-03 0x00-80-c2 0x00-01或0x00-02   DEST-MAC-ADDRESS SRC-MAC-ADDR VLAN-TAG1 VLAN-TAGn 以太网帧 LANFCS As shown in Table 1, it is a message used by the present invention. As can be seen from the table, the present invention has added an identification TAG. According to the proposal of rfc1483, our invention has expanded this, and can utilize the ATM transparent transmission band TAG 802.1q protocol packets; 0xaa-aa-03 0x00-80-c2 0x00-01 or 0x00-02 DEST-MAC-ADDRESS SRC-MAC-ADDR VLAN-TAG1 VLAN-TAGn ethernet frame LANFCS

                                                    表一 Table I

其中带有TAG部分表示是扩充的部分,这样做,就可以在ATM PVC中利用VLAN TAG区分不同VLAN,保证不同VLAN在同一的ATM传输链路中共享,实现了不同VLAN的数据透明传输。The part with TAG indicates that it is an expanded part. In this way, VLAN TAG can be used to distinguish different VLANs in the ATM PVC, ensuring that different VLANs are shared in the same ATM transmission link, and realizing transparent data transmission of different VLANs.

如图2所示,是本发明在ATM上实现虚拟专用网方法的流程图,图3是在ATM上实现虚拟专用网的一个网络示意图。As shown in Figure 2, it is the flow chart of the present invention to realize virtual private network method on ATM, and Fig. 3 is a network diagram that realizes virtual private network on ATM.

本发明的具体实施方式,可以包括以下步骤:The specific implementation manner of the present invention may comprise the following steps:

a、将数据报文发送到ATM网络中;a. Send the data message to the ATM network;

该步骤可以通过各种不同的网络交换设备来完成,比如可以是路由器,也可以是交换机,还可以是目前使用较为广泛的三层交换机,带有ATM接口,可以支持目前通用的VPN业务的设备都可以。This step can be completed through various network switching devices, such as a router, a switch, or a layer-3 switch that is currently widely used, with an ATM interface, and can support current general VPN services. It will be all right.

b、ATM网络根据所携带的报文标识,查找映射表,找到对应的PVC交叉联接;B, ATM network searches the mapping table according to the message identifier carried, and finds the corresponding PVC cross connection;

本步骤中,还可以包括一个添加二层或多层标签的步骤,该二层或多层标签用于进一步标识协议报文的VLAN,实际上就是在表中,对应的以太网数据帧中,再添加一或多层VLAN TAG;比如图3中的TAG7,之所以采用多重TAG,是为了可以实现双重/或多重TAG的携带,这样对于解决标签数目的空间限制有很重要的意义,因为802.1qTAG只有4k大小,通过携带多重TAG可以解决TAG空间的大小的问题。In this step, a step of adding a two-layer or multi-layer label can also be included, and the two-layer or multi-layer label is used to further identify the VLAN of the protocol message. In fact, in the table, in the corresponding Ethernet data frame, Add one or more layers of VLAN TAGs; for example, TAG7 in Figure 3, the reason why multiple TAGs are used is to enable dual/or multiple TAGs to be carried, which is very important for solving the space limitation of the number of tags, because 802.1 The qTAG is only 4k in size, and the problem of the size of the TAG space can be solved by carrying multiple TAGs.

c、将报文转发到对应的VLAN;c. Forward the message to the corresponding VLAN;

d、找到映射表对应的标签操作,并进行操作,还原报文。d. Find the label operation corresponding to the mapping table, and perform the operation to restore the message.

数据帧完成重组后,以VPI/VCI形成索引,获取VLAN TAG;然后获取对TAG的处理操作。After the data frame is reassembled, the VPI/VCI is used to form an index to obtain the VLAN TAG; and then obtain the processing operation on the TAG.

该步骤d中包括的处理二层或多层标签的步骤,是与步骤b中添加二层或多层标签相对应的一个操作。其中,包括上述的三种操作:添加TAG,删除TAG,空操作。添加操作是在数据中添加TAG标识;删除操作是为了数据的还原与重组,删除前面添加的标识;该空操作是对二层或多层标签不做任何处理,直接透传数据。The step of processing two or more layers of labels included in step d is an operation corresponding to adding two or more layers of labels in step b. Among them, the above three operations are included: adding TAG, deleting TAG, and empty operation. The add operation is to add a TAG identifier to the data; the delete operation is to delete the previously added identifier for data restoration and reorganization; the empty operation is to directly transparently transmit the data without any processing on the second-layer or multi-layer tags.

该透传的意义在于完全接收来自用户设备输入的VLAN tag,不进行任何改动,直接透传。这可以保护用户自己的私有配置。在实际使用中用户可以针对自己的业务经营特点,划分若干VLAN,然后可以利用该空操作进行透传到远端节点,这样保证了通讯的可靠性,减少了配置的复杂性,举例如下:The significance of this transparent transmission is to completely receive the VLAN tag input from the user equipment, without any modification, and directly transparently transmit it. This protects the user's own private configuration. In actual use, users can divide several VLANs according to their own business characteristics, and then use this empty operation to transparently transmit to remote nodes, which ensures the reliability of communication and reduces the complexity of configuration. Examples are as follows:

如图4所示,在用户侧的交换机上,只要配置相同的VLAN(比如财务部/生产部/总裁办各自有相同的VLAN),在用户两端配置(比如一家公司的两个机构,分布在北京,上海)就可以直接通讯。这样就符合vpn中用户自己定义自己的业务这个基本属性,利用公网(ATM网络)直接传输,到对端后由用户侧交换机(pe或ce)进行相应的转发。As shown in Figure 4, on the switch on the user side, as long as the same VLAN is configured (for example, the finance department/production department/president office each have the same VLAN), configure the In Beijing, Shanghai) you can communicate directly. This is in line with the basic attribute of users defining their own services in VPN, using the public network (ATM network) for direct transmission, and after reaching the peer end, the user-side switch (pe or ce) performs corresponding forwarding.

以上所述的数据报文,为802.1q规定的格式。The data packets mentioned above are in the format specified by 802.1q.

下面结合我们在三层交换机上的实现,对本发明做进一步的说明和分析。In the following, the present invention will be further described and analyzed in conjunction with our realization on the three-layer switch.

图5是本发明实施例的一个报文转发的处理功能模块示意图;主要有ATM的物理接口模块,ATM物理层处理模块(FRAMER模块),ATM重组分段和转发模块(ATM转发模块及SAR),转发芯片,本发明的主要处理都在ATM转发逻辑及SAR(Segment and Reassemble,分段和重组)部分实现。Fig. 5 is the processing functional module schematic diagram of a message forwarding of the embodiment of the present invention; Mainly contain the physical interface module of ATM, the ATM physical layer processing module (FRAMER module), ATM reorganizes segmentation and forwarding module (ATM forwarding module and SAR) , forwarding chip, main processing of the present invention all realizes in ATM forwarding logic and SAR (Segment and Reassemble, segmentation and reassembly).

由于当前的三层交换机转发芯片(ASIC)目前主要集中在以太网接口上,许多广域网接口不能提供。所以我们为了实现ATM接口,如图5所示,本实施例采用了如下的转发方式:Since the current three-layer switch forwarding chip (ASIC) is currently mainly concentrated on the Ethernet interface, many WAN interfaces cannot be provided. Therefore, in order to realize the ATM interface, as shown in Figure 5, this embodiment adopts the following forwarding method:

在设计中,为了实现在ATM的AAL5的LLC/SNAP帧中实现TAG的VLANTAG的添加/删除/空操作,我们在转发流程上做了如下工作,步骤如下:In the design, in order to realize the addition/deletion/null operation of the VLANTAG of the TAG in the LLC/SNAP frame of the AAL5 of ATM, we have done the following work on the forwarding process, the steps are as follows:

我们将报文从转发芯片发送到ATM物理接口的操作称为下行操作;将从ATM物理接口到转发芯片的操作称为上行操作,则该报文转发可以包括以下步骤:We call the operation that the message is sent from the forwarding chip to the ATM physical interface downlink operation; the operation from the ATM physical interface to the forwarding chip is called the uplink operation, then the message forwarding can include the following steps:

a、通过转发芯片将以太网数据报文转发到ATM转发逻辑中;a. The Ethernet data message is forwarded to the ATM forwarding logic through the forwarding chip;

在下行中,我们要求转发芯片能够将以太网数据帧,携带VLAN TAG经过GMII总线转发到ATM转发逻辑中。这种实现对大多数转发芯片来讲,比较容易办到,举例如下:In the downlink, we require the forwarding chip to be able to forward the Ethernet data frame carrying the VLAN TAG to the ATM forwarding logic through the GMII bus. This implementation is relatively easy for most forwarding chips, for example as follows:

将ATM端口单独作为一个VLAN 3,在华为QUIDWAY系列交换机中配置如下:Use the ATM port alone as a VLAN 3, and configure it in Huawei QUIDWAY series switches as follows:

<CONFIG>#>VLAN 3                 #(创建VLAN 3)<CONFIG>#>VLAN 3 #(Create VLAN 3)

<VLAN 3>#SWITCH PORT ATM3/0/1(该VLAN包含端口ATM 3/0/1)<VLAN 3>#SWITCH PORT ATM3/0/1 (this VLAN contains port ATM 3/0/1)

然后将ATM 3/0/1端口作为一个VLAN trunk端口。当设置别的VLAN的时候,需要使用ATM链路与远端的PVC进行通讯时,将ATM 3/0/1作为该VLAN的一个端口成员。示例如下:Then use the ATM 3/0/1 port as a VLAN trunk port. When setting up other VLANs, when it is necessary to use the ATM link to communicate with the remote PVC, use ATM 3/0/1 as a port member of the VLAN. Examples are as follows:

<CONFIG>#>VLAN 1000#<创建VLAN 1000><CONFIG>#>VLAN 1000#<create VLAN 1000>

<VLAN 1000>##>switch  port  gi2/0/1 gi2/0/3 ATM3/0/1   #<将gi2/0/1gi2/0/3,ATM 3/0/1作为VLAN 1000的端口成员>;<VLAN 1000>##>switch port gi2/0/1 gi2/0/3 ATM3/0/1 #<use gi2/0/1gi2/0/3, ATM 3/0/1 as port members of VLAN 1000> ;

设置完后,利用芯片的MAC地址学习,就可以将报文转发到ATM端口,进行转发。After setting, use the MAC address learning of the chip to forward the message to the ATM port for forwarding.

b、在ATM转发逻辑中,根据所携带的报文标识,查找映射表,找到对应的PVC交叉联接;B. In the ATM forwarding logic, according to the message identification carried, search the mapping table, and find the corresponding PVC cross connection;

在ATM转发逻辑中,我们需要根据所携带的VLAN-TAG,查表VLAN-TAG---PVC映射表,来找到对应的VCC(PVC交叉联接);同时根据该表找到对应的标签操作,也就是前面提到的添加/删除和空操作。其中:In the ATM forwarding logic, we need to look up the VLAN-TAG---PVC mapping table according to the carried VLAN-TAG to find the corresponding VCC (PVC cross-connect); It is the add/delete and null operations mentioned earlier. in:

添加TAG----就是在表中,对应的以太网数据帧中,再添加一或多层VLANTAG;这样就可以实现双重/或多重TAG的携带,这样对于解决标签数目的空间限制有很重要的意义,因为802.1qTAG只有4k大小,通过携带多重TAG可以解决TAG空间的大小的问题。组网应用如图2所示;Adding TAG----is to add one or more layers of VLANTAG to the corresponding Ethernet data frame in the table; in this way, double/or multiple TAG can be carried, which is very important for solving the space limitation of the number of tags Significance, because the 802.1qTAG is only 4k in size, and the problem of the size of the TAG space can be solved by carrying multiple TAGs. The networking application is shown in Figure 2;

删除TAG-----在此接口下,进行标签的删除,或在没有标签支持的网络,去除标签,对以太网数据帧进行透传。Delete TAG-----Under this interface, delete the label, or remove the label in the network without label support, and transparently transmit the Ethernet data frame.

空操作------在此接口下,进行标签的空操作,这样透传802.1Q数据帧。实现一个PVC可以对应多个VLAN。尤其对于企业网的应用,非常方便,灵活。Null operation ------Under this interface, carry out the null operation of the label, so that the 802.1Q data frame is transparently transmitted. Realize that one PVC can correspond to multiple VLANs. Especially for the application of enterprise network, it is very convenient and flexible.

c、通过ATM网络将报文转发到对应的VLAN;c. Forward the message to the corresponding VLAN through the ATM network;

d、找到映射表对应的标签操作,并进行操作,还原报文。d. Find the label operation corresponding to the mapping table, and perform the operation to restore the message.

图6和图7是本实施例的流程图,其中图6是图5中下行操作的详细说明,图7是图5中上行操作的详细说明。从流程图中可以看到,本实施例在上行中,数据帧在ATM SAR单元完成重组后,以VPI/VCI形成索引,获取VLAN TAG;然后获取对TAG的操作,包括上述的三种操作:添加TAG,删除TAG,空操作。FIG. 6 and FIG. 7 are flowcharts of this embodiment, wherein FIG. 6 is a detailed description of the downlink operation in FIG. 5 , and FIG. 7 is a detailed description of the uplink operation in FIG. 5 . As can be seen from the flow chart, in the uplink of this embodiment, after the ATM SAR unit completes the reorganization, the data frame forms an index with VPI/VCI to obtain the VLAN TAG; then obtain the operations on the TAG, including the above three operations: Add TAG, delete TAG, empty operation.

图6中的处理流程为:The processing flow in Figure 6 is:

a.下行方向转发芯片从FE/GE端口收到以太网报文;a. The forwarding chip in the downlink direction receives Ethernet packets from the FE/GE port;

b.转发芯片根据以太网报文的目的MAC进行查询,发现该报文应该转发到ATM端口,就将该报文转发到该端口;B. The forwarding chip inquires according to the destination MAC of the Ethernet message, and finds that the message should be forwarded to the ATM port, and then forwards the message to the port;

c.ATM转发模块收到该报文后,分析报文的VLAN,用该VLAN查表映射得到该VLAN对应的VPI/VCI;After receiving the message, the c.ATM forwarding module analyzes the VLAN of the message, and obtains the VPI/VCI corresponding to the VLAN with the VLAN look-up table mapping;

d.使用查找到的VPI/VCI检查该数据流的属性,得到该数据流在入口处需要进行添加VLAN TAG7的操作;d. Use the found VPI/VCI to check the attributes of the data flow, and obtain the operation of adding VLAN TAG7 at the ingress of the data flow;

e.ATM转发模块就根据d步骤获得的操作指示以及VLAN TAG7,将VLAN TAG7添加在原报文中;E.ATM forwarding module just adds VLAN TAG7 in the original message according to the operation indication and VLAN TAG7 that d step obtains;

f.ATM SAR模块将已经添加了VLAN TAG7后的报文进行分段操作;ATM转发模块将已经分片的ATM信元通过FRAMER转发到ATM接口模块,然后发送到ATM网络。f. The ATM SAR module will segment the message after the VLAN TAG7 has been added; the ATM forwarding module will forward the fragmented ATM cell to the ATM interface module through the FRAMER, and then send it to the ATM network.

图7中的处理流程为:The processing flow in Figure 7 is:

a.ATM接口模块接收到ATM信元,在ATM SAR部分进行ATM重组后获取其中的以太网报文;a. The ATM interface module receives the ATM cell, and obtains the Ethernet message in it after performing ATM reassembly in the ATM SAR part;

b.根据该报文所在的VPI/VCI查表,获得该数据流的属性是在出口处要将以太网报文中的VLAN TAG7删除;b. According to the VPI/VCI look-up table where the message is located, the attribute of obtaining the data flow is to delete the VLAN TAG7 in the Ethernet message at the exit;

c.根据操作指示将以太网报文中的VLAN TAG7删除;c. Delete the VLAN TAG7 in the Ethernet message according to the operation instructions;

d.将删除VLAN TAG7的以太网报文转发到转发芯片;d. forward the Ethernet message that deletes VLAN TAG7 to the forwarding chip;

e.转发芯片根据以太网报文的目的MAC进行转发处理,转发到相应的FE/GE端口。e. The forwarding chip performs forwarding processing according to the destination MAC of the Ethernet message, and forwards it to the corresponding FE/GE port.

在软件的实现上,我们进行了如下的设计:In terms of software implementation, we have carried out the following design:

1)我们将软件对于ATM的PVC和以太网的VLAN的配置,分成两个配置平面。ATM平面和以太网VLAN平面。1) We divide the software's configuration of ATM PVC and Ethernet VLAN into two configuration planes. ATM plane and Ethernet VLAN plane.

在ATM配置平面,我们将PVC单独进行配置;在VLAN配置平面,我们也单独配置VLAN,然后我们在将VLAN与PVC进行映射,将映射的结果配置到PVC-VLAN TAG表中。On the ATM configuration plane, we configure PVCs separately; on the VLAN configuration plane, we also configure VLANs separately, and then we map VLANs and PVCs, and configure the mapping results into the PVC-VLAN TAG table.

本发明的实现方法扩充了RFC1483在以太网中的应用,尤其对于目前三层交换机中广泛使用的VLAN的组网应用,带来了极大方便,它使得ATM接口不仅可以应用在路由器设备或ATM交换机设备上,而且还可以运用在三层交换机上,扩充了三层交换机的应用范围,对于将ATM接口作为WAN接口,实现企业VPN之间互连,具有很大的现实意义。The implementation method of the present invention expands the application of RFC1483 in Ethernet, especially for the networking application of VLAN widely used in the current three-layer switch, it brings great convenience, and it makes the ATM interface not only applicable to router equipment or ATM It can also be used on the switch equipment, and it can also be used on the three-layer switch, which expands the application range of the three-layer switch. It has great practical significance for using the ATM interface as the WAN interface to realize the interconnection between enterprise VPNs.

以上所述,仅为本发明较佳的具体实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的技术范围内,可轻易想到的变化或替换,都应涵盖在本发明的保护范围之内。因此,本发明的保护范围应该以权利要求书的保护范围为准。The above is only a preferred embodiment of the present invention, but the scope of protection of the present invention is not limited thereto. Any person skilled in the art within the technical scope disclosed in the present invention can easily think of changes or Replacement should be covered within the protection scope of the present invention. Therefore, the protection scope of the present invention should be determined by the protection scope of the claims.

Claims (6)

1. method that realizes VPN on atm network is characterized in that may further comprise the steps:
A, in data message, add the message identification of a sign message place VLAN, and described data message is sent in the atm network;
B, atm network are searched mapping table according to entrained message identification, find corresponding PVC cross-join;
C, receiving the message side, discern this message place VLAN by this message identification, message is forwarded to corresponding VLAN;
D, find the tag operational of mapping table correspondence, the line operate of going forward side by side, the reduction message, thus realize that different VLAN can share the transmission link of same ATM.
2. the method that on atm network, realizes VPN as claimed in claim 1, it is characterized in that among the described step b, also comprise a step of adding two layers or multilayer label, described two layers or multilayer label is used for the VLAN of further identity protocol message, the corresponding step that also comprised described two layers or multilayer label of processing before steps d.
3. the method that realizes VPN on atm network as claimed in claim 2 is characterized in that before the described steps d, to the processing of these two layers of labels, is with this label deletion.
4. the method that realizes VPN on atm network as claimed in claim 2 is characterized in that before the described steps d, to the processing of these two layers of labels, is that this label is carried out do-nothing operation.
5. as any described method that on atm network, realizes VPN of claim 1-4, it is characterized in that described data message being sent to the step of atm network, finish by three-tier switch.
6. as any described method that on atm network, realizes VPN of claim 1-4, it is characterized in that described message, be the form of 802.1q regulation.
CN 02149112 2002-11-21 2002-11-21 Method for realizing virtual specific network in ATM network Expired - Fee Related CN1260916C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 02149112 CN1260916C (en) 2002-11-21 2002-11-21 Method for realizing virtual specific network in ATM network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 02149112 CN1260916C (en) 2002-11-21 2002-11-21 Method for realizing virtual specific network in ATM network

Publications (2)

Publication Number Publication Date
CN1503514A CN1503514A (en) 2004-06-09
CN1260916C true CN1260916C (en) 2006-06-21

Family

ID=34233505

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 02149112 Expired - Fee Related CN1260916C (en) 2002-11-21 2002-11-21 Method for realizing virtual specific network in ATM network

Country Status (1)

Country Link
CN (1) CN1260916C (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100446503C (en) * 2005-03-22 2008-12-24 杭州华三通信技术有限公司 A method and device for enhancing VPN network optimization
CN101483641B (en) * 2005-11-09 2012-11-21 华为技术有限公司 Method for bearing multiple services on a permanent virtual connection
CN101102261A (en) 2006-07-03 2008-01-09 华为技术有限公司 Method and device for Ethernet carrying asynchronous transfer mode cells
CN101355514B (en) * 2008-09-03 2011-03-16 中兴通讯股份有限公司 Method for transmitting data packet with VLAN label in two-layer VPN
CN101800945A (en) * 2009-02-11 2010-08-11 阿尔卡特朗讯 Method and device for distinguishing user equipment sharing identical public user identifier
CN103634213B (en) * 2013-11-04 2017-04-19 天津汉柏信息技术有限公司 Message forwarding method
CN110535746B (en) * 2019-09-04 2021-10-22 达闼机器人有限公司 Method, device, electronic device and storage medium for virtual private network VPN sharing

Also Published As

Publication number Publication date
CN1503514A (en) 2004-06-09

Similar Documents

Publication Publication Date Title
CN100542122C (en) Multiplexing method and VLAN switching domain of a VLAN switching tunnel
CN1214583C (en) Three layer virtual private network and its construction method
CN1823505A (en) Arrangements for connection-oriented transport in a packet switched communications network
CN1708957A (en) Multi-layer virtual local area network (VLAN) domain mapping mechanism
EP1875686A2 (en) Metro ethernet network with scaled broadcast and service instance domains
CN100364289C (en) Method for Realizing Layer 2 Device Interconnection in Network Based on Resilient Packet Ring
CN1507230A (en) A Realization Method of Multi-protocol Label Switching Virtual Private Network
CN1722698A (en) Multi-protocol label switching virtual private network and its control and forwarding method
CN1472938A (en) Method and device for carrying out terminal to terminal connection between RPR net and MPLS net
CN1863133A (en) Method and apparatus for transmitting message
CN1677951A (en) Data exchange method based on virtual local area network
CN1838627A (en) A Method for Realizing QinQ Access
CN106330499A (en) Time division multiplexing data transmission method and device, as well as network-side edge devices
CN1260916C (en) Method for realizing virtual specific network in ATM network
CN1866910A (en) Data message transmission method and Ethernet bridge apparatus based on VLAN
CN1677950A (en) Data exchange method based on virtual local area network
CN1832443A (en) A Method to Simplify VPN Network Deployment
CN1306770C (en) A method for bearing IP message protocol on ATM network supported by broadband access equipment
CN1863127A (en) Method for core network access to multi-protocol sign exchange virtual special network
CN1671122A (en) Method for implementing message forwarding along RPR ring and RPR network
CN1725727A (en) Label switching path (LSP) aggregation method
CN1538682A (en) A Method of Establishing Virtual Circuit
CN103997460B (en) Method for terminating QinQ route, exchange chip and exchanger
EP2640016A1 (en) Tunnel multiplexing method for linear protection group and tail-node of tunnel
CN1630275A (en) A network element used to forward Ethernet packets

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20060621

Termination date: 20151121

CF01 Termination of patent right due to non-payment of annual fee